From 4fb3ad044788a5d0a14d033aa8a514820068daba Mon Sep 17 00:00:00 2001 From: "Kadiyala, Jayasri" Date: Mon, 11 May 2026 19:59:57 -0700 Subject: [PATCH] feat: add FlushConntrackTable TR-181 parameter Add new TR-181 boolean parameter FlushConntrackTable under X_RDKCENTRAL-COM_DeviceFingerPrint to flush the connection tracking table on demand. - Add parameter definition to TR181-AdvSecurity.xml - Add Get handler (trigger parameter, always returns FALSE) - Add Set handler (flushes conntrack table when set to TRUE) - Add CosaAdvSecFlushConntrackTable() using v_secure_system - Add unit tests for Get, Set(TRUE), and Set(FALSE) cases Resolves #75 --- config/TR181-AdvSecurity.xml | 6 ++ source/AdvSecurityDml/cosa_adv_security_dml.c | 25 ++++++ .../cosa_adv_security_internal.c | 17 ++++ .../cosa_adv_security_internal.h | 6 ++ .../CcspAdvSecurityDmlTest.cpp | 81 +++++++++++++++++++ 5 files changed, 135 insertions(+) diff --git a/config/TR181-AdvSecurity.xml b/config/TR181-AdvSecurity.xml index e705ee4..e8d3f41 100644 --- a/config/TR181-AdvSecurity.xml +++ b/config/TR181-AdvSecurity.xml @@ -66,6 +66,12 @@ uint32 true + + FlushConntrackTable + boolean + bool + true + diff --git a/source/AdvSecurityDml/cosa_adv_security_dml.c b/source/AdvSecurityDml/cosa_adv_security_dml.c index 36da4b6..0c63fe7 100644 --- a/source/AdvSecurityDml/cosa_adv_security_dml.c +++ b/source/AdvSecurityDml/cosa_adv_security_dml.c @@ -141,6 +141,15 @@ DeviceFingerPrint_GetParamBoolValue return TRUE; } + rc = strcmp_s("FlushConntrackTable", strlen("FlushConntrackTable"), ParamName, &ind); + ERR_CHK(rc); + if((rc == EOK) && (!ind)) + { + /* FlushConntrackTable is a trigger parameter, always returns FALSE */ + *pBool = FALSE; + return TRUE; + } + CcspTraceWarning(("%s: Unsupported parameter '%s'\n", __FUNCTION__, ParamName)); return FALSE; } @@ -213,6 +222,22 @@ DeviceFingerPrint_SetParamBoolValue return TRUE; } + rc = strcmp_s("FlushConntrackTable", strlen("FlushConntrackTable"), ParamName, &ind); + ERR_CHK(rc); + if((rc == EOK) && (!ind)) + { + if( bValue ) + { + returnStatus = CosaAdvSecFlushConntrackTable(); + if ( returnStatus != ANSC_STATUS_SUCCESS ) + { + CcspTraceError(("%s: FlushConntrackTable failed\n", __FUNCTION__)); + return FALSE; + } + } + return TRUE; + } + CcspTraceWarning(("%s: Unsupported parameter '%s'\n", __FUNCTION__, ParamName)); return FALSE; } diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index e10ddc1..77f11d4 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -3521,3 +3521,20 @@ ANSC_STATUS CosaAdvSecAgentRaptrDeInit(ANSC_HANDLE hThisObject) CcspTraceWarning (("AdvSecAgentRaptr_RFCEnable:FALSE\n")); return returnStatus; } + +ANSC_STATUS CosaAdvSecFlushConntrackTable(VOID) +{ + ANSC_STATUS returnStatus = ANSC_STATUS_SUCCESS; + int rc = -1; + + CcspTraceInfo(("%s: Flushing connection tracking table\n", __FUNCTION__)); + + rc = v_secure_system("conntrack -F"); + if (!WIFEXITED(rc) || WEXITSTATUS(rc) != 0) + { + CcspTraceError(("%s: conntrack flush failed rc = %d\n", __FUNCTION__, WEXITSTATUS(rc))); + returnStatus = ANSC_STATUS_FAILURE; + } + + return returnStatus; +} diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.h b/source/AdvSecurityDml/cosa_adv_security_internal.h index 9fcce96..50ff491 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.h +++ b/source/AdvSecurityDml/cosa_adv_security_internal.h @@ -564,4 +564,10 @@ CosaAdvSecFetchSbConfig ULONG* pUlSize, ULONG* puLong ); + +ANSC_STATUS +CosaAdvSecFlushConntrackTable + ( + VOID + ); #endif diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityDmlTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityDmlTest.cpp index ab195a1..93c7549 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityDmlTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityDmlTest.cpp @@ -133,6 +133,10 @@ TEST_F(CcspAdvSecurityDmlTestFixture, CheckDeviceFingerPrint_GetParamBoolValue_U .Times(1) .WillOnce(DoAll(SetArgPointee<3>(comparisonResult), Return(EOK))); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("FlushConntrackTable"), strlen("FlushConntrackTable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResult), Return(EOK))); + BOOL result = DeviceFingerPrint_GetParamBoolValue(NULL, (char*)ParamName, &resultBool); EXPECT_FALSE(result); @@ -2911,3 +2915,80 @@ TEST_F(CcspAdvSecurityDmlTestFixture, AdvanceSecurityCujoTelemetry_RFC_SetParamB free(g_pAdvSecAgent->pAdvSecCujoTelemetry_RFC); free(g_pAdvSecAgent); } + +TEST_F(CcspAdvSecurityDmlTestFixture, CheckDeviceFingerPrint_GetParamBoolValue_FlushConntrackTable) { + BOOL resultBool; + PCOSA_DATAMODEL_AGENT pMyObject = new COSA_DATAMODEL_AGENT; + g_pAdvSecAgent = pMyObject; + + const char* ParamName = "FlushConntrackTable"; + int comparisonResult = 1; + int comparisonResultMatch = 0; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("Enable"), strlen("Enable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResult), Return(EOK))); + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("FlushConntrackTable"), strlen("FlushConntrackTable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResultMatch), Return(EOK))); + + BOOL result = DeviceFingerPrint_GetParamBoolValue(NULL, (char*)ParamName, &resultBool); + + EXPECT_TRUE(result); + EXPECT_FALSE(resultBool); + + delete pMyObject; +} + +TEST_F(CcspAdvSecurityDmlTestFixture, CheckDeviceFingerPrint_SetParamBoolValue_FlushConntrackTable_True) { + PCOSA_DATAMODEL_AGENT pMyObject = new COSA_DATAMODEL_AGENT; + g_pAdvSecAgent = pMyObject; + + const char* ParamName = "FlushConntrackTable"; + BOOL bValue = TRUE; + int comparisonResult = 1; + int comparisonResultMatch = 0; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("Enable"), strlen("Enable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResult), Return(EOK))); + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("FlushConntrackTable"), strlen("FlushConntrackTable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResultMatch), Return(EOK))); + + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("conntrack -F"), _)) + .Times(1) + .WillOnce(Return(0)); + + BOOL result = DeviceFingerPrint_SetParamBoolValue(NULL, (char*)ParamName, bValue); + + EXPECT_TRUE(result); + + delete pMyObject; +} + +TEST_F(CcspAdvSecurityDmlTestFixture, CheckDeviceFingerPrint_SetParamBoolValue_FlushConntrackTable_False) { + PCOSA_DATAMODEL_AGENT pMyObject = new COSA_DATAMODEL_AGENT; + g_pAdvSecAgent = pMyObject; + + const char* ParamName = "FlushConntrackTable"; + BOOL bValue = FALSE; + int comparisonResult = 1; + int comparisonResultMatch = 0; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("Enable"), strlen("Enable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResult), Return(EOK))); + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("FlushConntrackTable"), strlen("FlushConntrackTable"), StrEq(ParamName), _, _, _)) + .Times(1) + .WillOnce(DoAll(SetArgPointee<3>(comparisonResultMatch), Return(EOK))); + + BOOL result = DeviceFingerPrint_SetParamBoolValue(NULL, (char*)ParamName, bValue); + + EXPECT_TRUE(result); + + delete pMyObject; +}