TFE根据拦截策略编译表的do_log字段判断是否发送log_update的控制报文

2023-12-20 18:52:01 +08:00
parent 8a4f672ab9
commit 4f9372d966
3 changed files with 15 additions and 0 deletions
--- a/common/include/tfe_cmsg.h
+++ b/common/include/tfe_cmsg.h
@@ -101,6 +101,7 @@ enum tfe_cmsg_tlv_type
    TFE_CMSG_COMMON_DIRECTION, // unsigned int
    TFE_CMSG_SSL_PASSTHROUGH_REASON, // string max size 32
    TFE_CMSG_POLICY_VSYS_ID, // unsigned int
+    TFE_CMSG_POLICY_DO_LOG, // unsigned int
    /* Add new cmsg here */
    /* Add new cmsg here */
    /* Add new cmsg here */
--- a/common/src/intercept_policy.cpp
+++ b/common/src/intercept_policy.cpp
@@ -8,6 +8,7 @@ struct intercept_param
 {
    int vsys_id;
    uint64_t rule_id;
+    int do_log;
    int ref_cnt;
    int action;
    int keyring_for_trusted;
@@ -29,6 +30,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
    int vsys_id = 0;
    size_t len = 0;
    size_t offset = 0;
+    size_t do_log = 0;
    char buffer[8] = {0};
    char *json_str = NULL;
    cJSON *json = NULL;
@@ -50,6 +52,12 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
        goto error_out;
    }
    
+    if (maat_helper_read_column(table_line, 5, &do_log, &len) < 0)
+    {
+        TFE_LOG_ERROR(enforcer->logger, "Invalid do log: %s", table_line);
+        goto error_out;
+    }
+
    if (maat_helper_read_column(table_line, 7, &offset, &len) < 0)
    {
        TFE_LOG_ERROR(enforcer->logger, "Invalid intercept user region: %s", table_line);
@@ -76,6 +84,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
    param = ALLOC(struct intercept_param, 1);
    param->vsys_id = vsys_id;
    param->rule_id = atoll(key);
+    param->do_log = (do_log == 0 ? 0 : 1);
    param->ref_cnt = 1;
    param->action = action;
    param->keyring_for_trusted = 1;
@@ -343,6 +352,7 @@ int intercept_policy_enforce(struct intercept_policy_enforcer *enforcer, struct
        tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&reason_hit_no_intercept, strlen(reason_hit_no_intercept));
    }

+    tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_DO_LOG, (const unsigned char *)&param->do_log, sizeof(param->do_log));
    tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_VSYS_ID, (const unsigned char *)&param->vsys_id, sizeof(param->vsys_id));
    tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char *)&tcp_passthrough, sizeof(tcp_passthrough));
    tfe_cmsg_set(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (const unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept));
--- a/common/src/tfe_packet_io.cpp
+++ b/common/src/tfe_packet_io.cpp
@@ -760,6 +760,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
    void * logger = thread->logger;
    
    int ret = 0;
+    int do_log = 0;
    uint8_t hit_no_intercept = 0;
    uint64_t rule_id = 0;
    uint16_t length = 0;
@@ -781,6 +782,9 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
    size_t size;
    mpack_writer_t writer;

+    ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (unsigned char *)&do_log, sizeof(do_log), &length);
+    if (ret < 0 || do_log == 0)
+        return;
    ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &length);
    if (ret < 0)
        return;