TFE适配MAAT4，编译表只注册一次

platform/src/acceptor_kni_v3.cpp

@@ -15,10 +15,11 @@
 #include <watchdog_3rd_device.h>
 #include <raw_socket.h>
 #include <packet_construct.h>
+#include <intercept_policy.h>
 
 #define TCP_RESTORE_TCPOPT_KIND 88
 
-extern void tcp_policy_enforce(struct tcp_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id);
+extern int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg *cmsg);
 extern void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id);
 
 struct acceptor_kni_v3
@@ -604,7 +605,6 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 	uint8_t stream_protocol_in_char = 0;
 	uint8_t enalbe_decrypted_traffic_steering = 0;
 	uint16_t size = 0;
-	uint64_t rule_id = 0;
 	uint64_t chaining_rule_id = 0; // only use for acceptv4
 	struct acceptor_kni_v3 *__ctx = (struct acceptor_kni_v3 *)data;
 	clock_gettime(CLOCK_MONOTONIC, &(__ctx->start));
@@ -716,14 +716,9 @@ static int payload_handler_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, s
 		goto end;
 	}
 
-	ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &size);
-	if (ret < 0)
-	{
-		TFE_LOG_ERROR(g_default_logger, "failed at fetch rule_id from cmsg: %s", strerror(-ret));
-		goto end;
-	}
-	tcp_policy_enforce(__ctx->proxy->tcp_ply_enforcer, cmsg, rule_id);
-	chaining_policy_enforce(__ctx->proxy->chain_ply_enforcer, cmsg,  chaining_rule_id);
+	intercept_policy_enforce(__ctx->proxy->int_ply_enforcer, cmsg);
+	tcp_policy_enforce(__ctx->proxy->tcp_ply_enforcer, cmsg);
+	chaining_policy_enforce(__ctx->proxy->chain_ply_enforcer, cmsg, chaining_rule_id);
 
 	if (overwrite_tcp_mss(cmsg, &restore_info))
 	{

platform/src/proxy.cpp

@@ -698,6 +698,9 @@ int main(int argc, char * argv[])
 		TFE_LOG_INFO(g_default_logger, "Plugin %s initialized. ", plugin_iter->symbol);
 	}
 
+	g_default_proxy->int_ply_enforcer = intercept_policy_enforcer_create(g_default_logger);
+	CHECK_OR_EXIT(g_default_proxy->int_ply_enforcer != NULL, "Failed at creating intercept policy enforcer. Exit.");
+
 	g_default_proxy->tcp_ply_enforcer = tcp_policy_enforcer_create(g_default_logger);
 	CHECK_OR_EXIT(g_default_proxy->tcp_ply_enforcer != NULL, "Failed at creating tcp policy enforcer. Exit.");
 

platform/src/ssl_stream.cpp

@@ -2219,6 +2219,39 @@ uint64_t ssl_stream_get_policy_id(struct ssl_stream *upstream)
 	return policy_id;
 }
 
+int ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream)
+{
+	uint16_t out_size;
+	int profile_id = 0;
+	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)profile_id, sizeof(profile_id), &out_size);
+	assert(ret == 0);
+
+	return profile_id;
+}
+
+int ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream)
+{
+	uint16_t out_size;
+	int keyring_id = 0;
+	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
+	assert(ret == 0);
+
+	return keyring_id;
+}
+
+int ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream)
+{
+	uint16_t out_size;
+	int keyring_id = 0;
+	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
+	assert(ret == 0);
+
+	return keyring_id;
+}
+
 int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz)
 {
 	const char* sni=upstream->up_parts.client_hello->sni?upstream->up_parts.client_hello->sni:"null";