From 4f9372d9667f21b346da2389987fc938591f3888 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Wed, 20 Dec 2023 18:52:01 +0800 Subject: [PATCH] =?UTF-8?q?TFE=E6=A0=B9=E6=8D=AE=E6=8B=A6=E6=88=AA?= =?UTF-8?q?=E7=AD=96=E7=95=A5=E7=BC=96=E8=AF=91=E8=A1=A8=E7=9A=84do=5Flog?= =?UTF-8?q?=E5=AD=97=E6=AE=B5=E5=88=A4=E6=96=AD=E6=98=AF=E5=90=A6=E5=8F=91?= =?UTF-8?q?=E9=80=81log=5Fupdate=E7=9A=84=E6=8E=A7=E5=88=B6=E6=8A=A5?= =?UTF-8?q?=E6=96=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/include/tfe_cmsg.h | 1 + common/src/intercept_policy.cpp | 10 ++++++++++ common/src/tfe_packet_io.cpp | 4 ++++ 3 files changed, 15 insertions(+) diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h index 85f2a22..a46e36a 100644 --- a/common/include/tfe_cmsg.h +++ b/common/include/tfe_cmsg.h @@ -101,6 +101,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_COMMON_DIRECTION, // unsigned int TFE_CMSG_SSL_PASSTHROUGH_REASON, // string max size 32 TFE_CMSG_POLICY_VSYS_ID, // unsigned int + TFE_CMSG_POLICY_DO_LOG, // unsigned int /* Add new cmsg here */ /* Add new cmsg here */ /* Add new cmsg here */ diff --git a/common/src/intercept_policy.cpp b/common/src/intercept_policy.cpp index 68888e5..4a7c38c 100644 --- a/common/src/intercept_policy.cpp +++ b/common/src/intercept_policy.cpp @@ -8,6 +8,7 @@ struct intercept_param { int vsys_id; uint64_t rule_id; + int do_log; int ref_cnt; int action; int keyring_for_trusted; @@ -29,6 +30,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c int vsys_id = 0; size_t len = 0; size_t offset = 0; + size_t do_log = 0; char buffer[8] = {0}; char *json_str = NULL; cJSON *json = NULL; @@ -49,6 +51,12 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c TFE_LOG_ERROR(enforcer->logger, "Invalid intercept action: %s", table_line); goto error_out; } + + if (maat_helper_read_column(table_line, 5, &do_log, &len) < 0) + { + TFE_LOG_ERROR(enforcer->logger, "Invalid do log: %s", table_line); + goto error_out; + } if (maat_helper_read_column(table_line, 7, &offset, &len) < 0) { @@ -76,6 +84,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c param = ALLOC(struct intercept_param, 1); param->vsys_id = vsys_id; param->rule_id = atoll(key); + param->do_log = (do_log == 0 ? 0 : 1); param->ref_cnt = 1; param->action = action; param->keyring_for_trusted = 1; @@ -343,6 +352,7 @@ int intercept_policy_enforce(struct intercept_policy_enforcer *enforcer, struct tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&reason_hit_no_intercept, strlen(reason_hit_no_intercept)); } + tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_DO_LOG, (const unsigned char *)¶m->do_log, sizeof(param->do_log)); tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_VSYS_ID, (const unsigned char *)¶m->vsys_id, sizeof(param->vsys_id)); tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char *)&tcp_passthrough, sizeof(tcp_passthrough)); tfe_cmsg_set(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (const unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept)); diff --git a/common/src/tfe_packet_io.cpp b/common/src/tfe_packet_io.cpp index 1ff0e44..7c34912 100644 --- a/common/src/tfe_packet_io.cpp +++ b/common/src/tfe_packet_io.cpp @@ -760,6 +760,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx) void * logger = thread->logger; int ret = 0; + int do_log = 0; uint8_t hit_no_intercept = 0; uint64_t rule_id = 0; uint16_t length = 0; @@ -781,6 +782,9 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx) size_t size; mpack_writer_t writer; + ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (unsigned char *)&do_log, sizeof(do_log), &length); + if (ret < 0 || do_log == 0) + return; ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &length); if (ret < 0) return;