From 1e6393b6d19b00566e678511d6dfde22fa656bc9 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Tue, 18 Apr 2023 16:28:56 +0800 Subject: [PATCH] =?UTF-8?q?TFE=E5=A4=84=E7=90=86decrypted=20traffic=20stee?= =?UTF-8?q?ring(service=20chaining=20rule)=E6=97=B6=E6=94=AF=E6=8C=81?= =?UTF-8?q?=E5=A4=9A=E5=91=BD=E4=B8=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 若命中intercept rule的流同时命中了多条service chaining rule 只要有一条service chaining rule开启了decrypted traffic steering TFE就要执行decrypted traffic steering --- plugin/business/chaining-policy/src/chaining_policy.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/plugin/business/chaining-policy/src/chaining_policy.cpp b/plugin/business/chaining-policy/src/chaining_policy.cpp index 8405d99..1c73e1c 100644 --- a/plugin/business/chaining-policy/src/chaining_policy.cpp +++ b/plugin/business/chaining-policy/src/chaining_policy.cpp @@ -182,15 +182,21 @@ void chaining_policy_enforcer_destory(struct chaining_policy_enforcer *enforcer) void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id) { + uint16_t size = 0; char rule_id_str[16] = {0}; uint8_t enalbe_decrypted_traffic_steering = 0; + tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size); + if (enalbe_decrypted_traffic_steering == 1) + { + return; + } + snprintf(rule_id_str, sizeof(rule_id_str), "%lu", rule_id); struct chaining_param *param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_id, rule_id_str); if (param == NULL) { TFE_LOG_INFO(enforcer->logger, "Failed to get chaining parameter of policy %lu.", rule_id); - tfe_cmsg_set(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering)); return; }