gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix compile errors for adapting maat

Browse Source
This commit is contained in:
luwenpeng
2024-09-26 14:39:21 +08:00
parent ad96bf00c1
commit 5d3ee62d23
23 changed files with 263 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
plugin/business/chaining-policy/src/chaining_policy.cpp
View File

@@ -31,23 +31,21 @@ struct chaining_policy_enforcer
static void chaining_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
cJSON * json_root = NULL;
cJSON * json_subroot = NULL;
cJSON * item = NULL;
size_t user_region_offset = 0;
size_t user_region_len = 0;
cJSON *json_root = NULL;
cJSON *json_subroot = NULL;
cJSON *item = NULL;
struct chaining_param *param = NULL;
struct chaining_policy_enforcer *enforcer = (struct chaining_policy_enforcer *)argp;
json_root = cJSON_Parse(table_line);
char *json_str = strdup(table_line);
json_root = cJSON_Parse(json_str);
if (unlikely(!json_root))
{
TFE_LOG_ERROR(enforcer->logger, "Invalid chaining profile: %s", table_line);
goto error_out;
}
json_subroot = cJSON_GetObjectItem(json_root, "action_parameter");
if (unlikely(!json_subroot))
if (unlikely(!json_subroot || !cJSON_IsObject(json_subroot)))
{
TFE_LOG_ERROR(enforcer->logger, "Invalid chaining rule: %s (invalid action_parameter format) %s.", key, table_line);
goto error_out;
@@ -80,6 +78,7 @@ static void chaining_param_new_cb(const char *table_name, const char *key, const
*ad = param;
TFE_LOG_INFO(enforcer->logger, "Add chaining rule: %s", key);
cJSON_Delete(json_root);
free(json_str);
return;
error_out:
@@ -88,6 +87,11 @@ error_out:
cJSON_Delete(json_root);
json_root = NULL;
}
if (json_str)
{
free(json_str);
json_str = NULL;
}
if (param)
{
free(param);
@@ -97,7 +101,7 @@ error_out:
static void chaining_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
{
char str_rule_id[UUID_STR_LEN] = {0};
char str_rule_id[UUID_STRING_SIZE] = {0};
struct chaining_policy_enforcer *enforcer = (struct chaining_policy_enforcer *)argp;
struct chaining_param *param = (struct chaining_param *)*ad;
if (param == NULL)
@@ -116,7 +120,7 @@ static void chaining_param_free_cb(const char *table_name, void **ad, long argl,
static void chaining_param_free(struct chaining_param *param)
{
chaining_param_free_cb(0, (void **)&param, 0, NULL);
chaining_param_free_cb(NULL, (void **)&param, 0, NULL);
}
static void chaining_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp)
@@ -167,10 +171,10 @@ void chaining_policy_enforcer_destory(struct chaining_policy_enforcer *enforcer)
}
}
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t rule_id)
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t *rule_id)
{
uint16_t size = 0;
char str_rule_id[UUID_STR_LEN] = {0};
char str_rule_id[UUID_STRING_SIZE] = {0};
uint8_t enalbe_decrypted_traffic_steering = 0;
tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size);
@@ -179,8 +183,8 @@ void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct t
return;
}
uuid_unparse(rule_id, str_rule_id);
struct chaining_param *param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_name, str_rule_id, UUID_STR_LEN-1);
uuid_unparse(*rule_id, str_rule_id);
struct chaining_param *param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_name, (const char *)rule_id, sizeof(uuid_t));
if (param == NULL)
{
TFE_LOG_INFO(enforcer->logger, "Failed to get chaining parameter of policy %s.", str_rule_id);

2
plugin/business/chaining-policy/src/chaining_policy.h
View File

@@ -5,4 +5,4 @@
struct chaining_policy_enforcer;
struct chaining_policy_enforcer *chaining_policy_enforcer_create(void *logger);
void chaining_policy_enforcer_destory(struct chaining_policy_enforcer *enforcer);
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t rule_id);
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t *rule_id);

1
plugin/business/ssl-policy/src/ssl_policy.cpp
View File

@@ -74,7 +74,6 @@ static void profile_param_free(struct decryption_param *param)
static void profile_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
int ret = 0;
cJSON *json = NULL;
cJSON *object = NULL;
cJSON *exclusions = NULL;

58
plugin/business/tcp-policy/src/tcp_policy.cpp
View File

@@ -37,7 +37,7 @@ struct tcp_profile_param
struct side_conn_param server_side;
};
static int parser_side_conn_param(cJSON * json, struct side_conn_param *out_val, void *logger)
static int parser_side_conn_param(cJSON *json, struct side_conn_param *out_val, void *logger)
{
cJSON *object = NULL;
cJSON *item = NULL;
@@ -113,21 +113,21 @@ static int parser_side_conn_param(cJSON * json, struct side_conn_param *out_val,
out_val->user_timeout = 0;
}
}
cJSON_Delete(json);
return 0;
}
static void profile_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
cJSON * json_root = NULL;
cJSON * json_subroot = NULL;
cJSON * item = NULL;
cJSON *json_root = NULL;
cJSON *json_subroot = NULL;
cJSON *item = NULL;
struct tcp_profile_param *param = NULL;
struct tcp_policy_enforcer *enforcer = (struct tcp_policy_enforcer *)argp;
json_root = cJSON_Parse(table_line);
if (unlikely(!json_root))
char *json_str = strdup(table_line);
json_root = cJSON_Parse(json_str);
if (json_root == NULL)
{
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option profile: %s", table_line);
goto error_out;
@@ -139,7 +139,7 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
item = cJSON_GetObjectItem(json_root, "tcp_passthrough");
if (unlikely(!item || !cJSON_IsNumber(item)))
{
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid tcp_passthrough format.", key);
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid tcp_passthrough format) %s", table_line);
goto error_out;
}
param->tcp_passthrough = item->valueint;
@@ -147,15 +147,15 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
item = cJSON_GetObjectItem(json_root, "bypass_duplicated_packet");
if (unlikely(!item || !cJSON_IsNumber(item)))
{
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid bypass_duplicated_packet format.", key);
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid bypass_duplicated_packet format) %s", table_line);
goto error_out;
}
param->bypass_duplicated_packet = item->valueint;
json_subroot = cJSON_GetObjectItem(json_root, "client_side_conn_param");
if (unlikely(!json_subroot))
if (unlikely(!json_subroot || !cJSON_IsObject(json_subroot)))
{
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid client_side_conn_param format.", key);
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid client_side_conn_param format) %s", table_line);
goto error_out;
}
if (parser_side_conn_param(json_subroot, &param->client_side, enforcer->logger) == -1)
@@ -164,9 +164,9 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
}
json_subroot = cJSON_GetObjectItem(json_root, "server_side_conn_param");
if (unlikely(!json_subroot))
if (unlikely(!json_subroot || !cJSON_IsObject(json_subroot)))
{
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid server_side_conn_param format.", key);
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid server_side_conn_param format) %s", table_line);
goto error_out;
}
if (parser_side_conn_param(json_subroot, &param->server_side, enforcer->logger) == -1)
@@ -176,18 +176,24 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
*ad = param;
TFE_LOG_INFO(enforcer->logger, "Add tcp option profile: %s", key);
cJSON_Delete(json_root);
free(json_str);
return;
error_out:
if (param)
{
free(param);
}
if (json_root)
{
cJSON_Delete(json_root);
}
if (json_str)
{
free(json_str);
}
if (param)
{
free(param);
}
}
static void profile_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
@@ -221,7 +227,7 @@ static void profile_param_dup_cb(const char *table_name, void **to, void **from,
static void profile_param_free(struct tcp_profile_param *param)
{
profile_param_free_cb(0, (void **)&param, 0, NULL);
profile_param_free_cb(NULL, (void **)&param, 0, NULL);
}
struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger)
@@ -263,22 +269,22 @@ void tcp_policy_enforcer_destory(struct tcp_policy_enforcer *enforcer)
int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg *cmsg)
{
int ret = 0;
int profile_id = 0;
uuid_t profile_uuid;
uint16_t size = 0;
char buffer[16] = {0};
char profile_uuid_str[UUID_STRING_SIZE] = {0};
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_OPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &size);
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_OPTION_PROFILE_ID, (unsigned char *)&profile_uuid, sizeof(uuid_t), &size);
if (ret < 0)
{
TFE_LOG_ERROR(g_default_logger, "Failed at fetch tcp_option_profile from cmsg: %s", strerror(-ret));
return -1;
}
snprintf(buffer, sizeof(buffer), "%d", profile_id);
struct tcp_profile_param *param = (struct tcp_profile_param *)maat_plugin_table_get_ex_data(tcp_enforcer->maat, tcp_enforcer->table_name, buffer, strlen(buffer));
uuid_unparse(profile_uuid, profile_uuid_str);
struct tcp_profile_param *param = (struct tcp_profile_param *)maat_plugin_table_get_ex_data(tcp_enforcer->maat, tcp_enforcer->table_name, (const char *)&profile_uuid, sizeof(uuid_t));
if (param == NULL)
{
TFE_LOG_INFO(tcp_enforcer->logger, "Failed to get tcp option parameter of profile %d.", profile_id);
TFE_LOG_INFO(tcp_enforcer->logger, "Failed to get tcp option parameter of profile %s.", profile_uuid_str);
return -1;
}
@@ -311,10 +317,10 @@ int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg
tfe_cmsg_set(cmsg, TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (unsigned char *)&server_side->keepintvl, sizeof(server_side->keepintvl));
tfe_cmsg_set(cmsg, TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (unsigned char *)&server_side->user_timeout, sizeof(server_side->user_timeout));
TFE_LOG_INFO(tcp_enforcer->logger, "hit tcp_option_profile %d tcp_passthrough %d "
TFE_LOG_INFO(tcp_enforcer->logger, "hit tcp_option_profile %s tcp_passthrough %d "
"client_side={maxseg_enable:%d, maxseg_vaule:%d, nodelay:%d, ttl:%d, keepalive:%d, keepcnt:%d, keepidle:%d, keepintvl:%d, user_timeout:%d} "
"server_side={maxseg_enable:%d, maxseg_vaule:%d, nodelay:%d, ttl:%d, keepalive:%d, keepcnt:%d, keepidle:%d, keepintvl:%d, user_timeout:%d} ",
profile_id, param->tcp_passthrough,
profile_uuid_str, param->tcp_passthrough,
client_side->maxseg_enable, client_side->maxseg_vaule, client_side->nodelay, client_side->ttl, client_side->keepalive, client_side->keepcnt, client_side->keepidle, client_side->keepintvl, client_side->user_timeout,
server_side->maxseg_enable, server_side->maxseg_vaule, server_side->nodelay, server_side->ttl, server_side->keepalive, server_side->keepcnt, server_side->keepidle, server_side->keepintvl, server_side->user_timeout);
profile_param_free(param);

30
plugin/business/traffic-mirror/src/entry.cpp
View File

@@ -106,7 +106,7 @@ void policy_table_ex_data_new_cb(const char *table_name, const char *key, const
char *str_json = NULL;
cJSON *json = NULL;
cJSON *object = NULL;
cjson *subobj = NULL;
cJSON *subobj = NULL;
cJSON *item = NULL;
struct policy_table_ex_data *ex_data = NULL;
@@ -132,7 +132,7 @@ void policy_table_ex_data_new_cb(const char *table_name, const char *key, const
}
subobj = cJSON_GetObjectItem(object, "traffic_mirror");
if (unlikely(!json_subroot))
if (unlikely(!subobj))
{
TFE_LOG_ERROR(instance->logger, "invalid format, traffic_mirror is not defined, %s", table_line);
goto error_out;
@@ -142,7 +142,7 @@ void policy_table_ex_data_new_cb(const char *table_name, const char *key, const
ex_data->atomic_refcnt = 1;
ex_data->enable = 0;
ex_data->is_profile_set = 0;
uuid_parse(key, ex_data->rule_id);
uuid_parse(key, ex_data->rule_uuid);
item = cJSON_GetObjectItem(subobj, "enable");
if (unlikely(!item || !cJSON_IsNumber(item)))
@@ -306,24 +306,22 @@ void profile_table_ex_data_new_cb(const char *table_name, const char *key, const
TFE_LOG_DEBUG(instance->logger, "Add traffic mirror profile: %s", key);
cJSON_Delete(json_root);
cJSON_Delete(json);
free(str_json);
return;
error_out:
if (ex_data)
if (json)
{
profile_table_ex_data_free(ex_data);
cJSON_Delete(json);
}
if (str_json)
{
free(str_json);
}
if (json_root)
if (ex_data)
{
cJSON_Delete(json_root);
profile_table_ex_data_free(ex_data);
}
}
@@ -513,13 +511,13 @@ int traffic_mirror_init(struct tfe_proxy * proxy)
goto errout;
}
result = maat_plugin_table_ex_schema_register(instance->maat_feather, "PXY_INTERCEPT_COMPILE",
result = maat_plugin_table_ex_schema_register(instance->maat_feather, "PXY_INTERCEPT_RULE",
policy_table_ex_data_new_cb, policy_table_ex_data_free_cb, policy_table_ex_data_dup_cb,
0, instance);
if(result < 0)
{
TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(PXY_INTERCEPT_COMPILE)");
TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(PXY_INTERCEPT_RULE)");
goto errout;
}
@@ -585,7 +583,7 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
}
uuid_unparse(rule_uuid, rule_uuid_str);
policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, PXY_INTERCEPT_COMPILE, rule_uuid, sizeof(uuid_t));
policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, "PXY_INTERCEPT_RULE", (const char *)&rule_uuid, sizeof(uuid_t));
if (!policy_ex_data || !policy_ex_data->enable)
{
goto detach;
@@ -612,7 +610,7 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
if (policy_ex_data->is_profile_set)
{
uuid_unparse(policy_ex_data->profile_uuid, profile_uuid_str);
profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, TSG_PROFILE_TRAFFIC_MIRROR, policy_ex_data->profile_uuid, sizeof(uuid_t));
profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR", (const char *)&policy_ex_data->profile_uuid, sizeof(uuid_t));
if (!profile_ex_data)
{
TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's profile, profile id = %s, "
@@ -647,8 +645,8 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
rebuild_target = NULL;
traffic_mirror_rebuild_handshake(me->rebuild_ctx, thread_id);
TFE_LOG_DEBUG(instance->logger, "hit traffic mirror policy %s, profile %s, vlan %d",
rule_uuid_str, profile_uuid_str, me->rebuild_ctx->target.vlan_tci);
TFE_LOG_DEBUG(instance->logger, "hit traffic mirror policy %s, profile %s",
rule_uuid_str, profile_uuid_str);
return ACTION_FORWARD_DATA;
detach: