diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h index 85f2a22..a46e36a 100644 --- a/common/include/tfe_cmsg.h +++ b/common/include/tfe_cmsg.h @@ -101,6 +101,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_COMMON_DIRECTION, // unsigned int TFE_CMSG_SSL_PASSTHROUGH_REASON, // string max size 32 TFE_CMSG_POLICY_VSYS_ID, // unsigned int + TFE_CMSG_POLICY_DO_LOG, // unsigned int /* Add new cmsg here */ /* Add new cmsg here */ /* Add new cmsg here */ diff --git a/common/src/intercept_policy.cpp b/common/src/intercept_policy.cpp index 68888e5..4a7c38c 100644 --- a/common/src/intercept_policy.cpp +++ b/common/src/intercept_policy.cpp @@ -8,6 +8,7 @@ struct intercept_param { int vsys_id; uint64_t rule_id; + int do_log; int ref_cnt; int action; int keyring_for_trusted; @@ -29,6 +30,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c int vsys_id = 0; size_t len = 0; size_t offset = 0; + size_t do_log = 0; char buffer[8] = {0}; char *json_str = NULL; cJSON *json = NULL; @@ -49,6 +51,12 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c TFE_LOG_ERROR(enforcer->logger, "Invalid intercept action: %s", table_line); goto error_out; } + + if (maat_helper_read_column(table_line, 5, &do_log, &len) < 0) + { + TFE_LOG_ERROR(enforcer->logger, "Invalid do log: %s", table_line); + goto error_out; + } if (maat_helper_read_column(table_line, 7, &offset, &len) < 0) { @@ -76,6 +84,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c param = ALLOC(struct intercept_param, 1); param->vsys_id = vsys_id; param->rule_id = atoll(key); + param->do_log = (do_log == 0 ? 0 : 1); param->ref_cnt = 1; param->action = action; param->keyring_for_trusted = 1; @@ -343,6 +352,7 @@ int intercept_policy_enforce(struct intercept_policy_enforcer *enforcer, struct tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&reason_hit_no_intercept, strlen(reason_hit_no_intercept)); } + tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_DO_LOG, (const unsigned char *)¶m->do_log, sizeof(param->do_log)); tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_VSYS_ID, (const unsigned char *)¶m->vsys_id, sizeof(param->vsys_id)); tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char *)&tcp_passthrough, sizeof(tcp_passthrough)); tfe_cmsg_set(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (const unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept)); diff --git a/common/src/tfe_packet_io.cpp b/common/src/tfe_packet_io.cpp index 1ff0e44..7c34912 100644 --- a/common/src/tfe_packet_io.cpp +++ b/common/src/tfe_packet_io.cpp @@ -760,6 +760,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx) void * logger = thread->logger; int ret = 0; + int do_log = 0; uint8_t hit_no_intercept = 0; uint64_t rule_id = 0; uint16_t length = 0; @@ -781,6 +782,9 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx) size_t size; mpack_writer_t writer; + ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (unsigned char *)&do_log, sizeof(do_log), &length); + if (ret < 0 || do_log == 0) + return; ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &length); if (ret < 0) return;