TSG-22699 适配控制报文修改
This commit is contained in:
wangmenglan
@@ -17,7 +17,7 @@ enum traffic_type
|
||||
|
||||
struct chaining_param
|
||||
{
|
||||
uint64_t rule_id;
|
||||
uuid_t rule_id;
|
||||
int ref_cnt;
|
||||
enum traffic_type type;
|
||||
};
|
||||
@@ -25,42 +25,42 @@ struct chaining_param
|
||||
struct chaining_policy_enforcer
|
||||
{
|
||||
struct maat *maat;
|
||||
int table_id;
|
||||
char table_name[32];
|
||||
void *logger;
|
||||
};
|
||||
|
||||
static void chaining_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
static void chaining_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
{
|
||||
cJSON *json = NULL;
|
||||
cJSON *item = NULL;
|
||||
cJSON * json_root = NULL;
|
||||
cJSON * json_subroot = NULL;
|
||||
cJSON * item = NULL;
|
||||
size_t user_region_offset = 0;
|
||||
size_t user_region_len = 0;
|
||||
struct chaining_param *param = NULL;
|
||||
struct chaining_policy_enforcer *enforcer = (struct chaining_policy_enforcer *)argp;
|
||||
|
||||
if (maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
|
||||
json_root = cJSON_Parse(table_line);
|
||||
if (unlikely(!json_root))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "unexpected chaining rule: (invalid user region) %s", table_line);
|
||||
return;
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid chaining profile: %s", table_line);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
char *json_str = (char *)calloc(user_region_len + 1, sizeof(char));
|
||||
memcpy(json_str, table_line + user_region_offset, user_region_len);
|
||||
json = cJSON_Parse(json_str);
|
||||
if (json == NULL)
|
||||
json_subroot = cJSON_GetObjectItem(json_root, "USER_REGION");
|
||||
if (unlikely(!json_subroot))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "unexpected chaining rule: (invalid json format) %s", table_line);
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid chaining rule: %s (invalid USER_REGION format) %s.", key, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
param = (struct chaining_param *)calloc(1, sizeof(struct chaining_param));
|
||||
param->rule_id = atoll(key);
|
||||
param->ref_cnt = 1;
|
||||
uuid_parse(key, param->rule_id);
|
||||
|
||||
item = cJSON_GetObjectItem(json, "targeted_traffic");
|
||||
item = cJSON_GetObjectItem(json_subroot, "targeted_traffic");
|
||||
if (!item || !cJSON_IsString(item))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "unexpected chaining rule: (invalid targeted_traffic param) %s", table_line);
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid chaining rule: %s (invalid targeted_traffic format) %s.", key, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
if (strcasecmp(item->valuestring, "raw") == 0)
|
||||
@@ -73,30 +73,21 @@ static void chaining_param_new_cb(const char *table_name, int table_id, const ch
|
||||
}
|
||||
else
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "unexpected chaining rule: (invalid targeted_traffic param) %s", table_line);
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid chaining rule: %s (invalid targeted_traffic format) %s", key, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
*ad = param;
|
||||
TFE_LOG_INFO(enforcer->logger, "Add chaining rule: %lu", param->rule_id);
|
||||
|
||||
cJSON_Delete(json);
|
||||
free(json_str);
|
||||
TFE_LOG_INFO(enforcer->logger, "Add chaining rule: %s", key);
|
||||
cJSON_Delete(json_root);
|
||||
return;
|
||||
|
||||
error_out:
|
||||
if (json)
|
||||
if (json_root)
|
||||
{
|
||||
cJSON_Delete(json);
|
||||
json = NULL;
|
||||
cJSON_Delete(json_root);
|
||||
json_root = NULL;
|
||||
}
|
||||
|
||||
if (json_str)
|
||||
{
|
||||
free(json_str);
|
||||
json_str = NULL;
|
||||
}
|
||||
|
||||
if (param)
|
||||
{
|
||||
free(param);
|
||||
@@ -104,8 +95,9 @@ error_out:
|
||||
}
|
||||
}
|
||||
|
||||
static void chaining_param_free_cb(int table_id, void **ad, long argl, void *argp)
|
||||
static void chaining_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
|
||||
{
|
||||
char str_rule_id[UUID_STR_LEN] = {0};
|
||||
struct chaining_policy_enforcer *enforcer = (struct chaining_policy_enforcer *)argp;
|
||||
struct chaining_param *param = (struct chaining_param *)*ad;
|
||||
if (param == NULL)
|
||||
@@ -115,7 +107,8 @@ static void chaining_param_free_cb(int table_id, void **ad, long argl, void *arg
|
||||
|
||||
if ((__sync_sub_and_fetch(¶m->ref_cnt, 1) == 0))
|
||||
{
|
||||
TFE_LOG_INFO(enforcer->logger, "Del chaining policy %lu", param->rule_id);
|
||||
uuid_unparse(param->rule_id, str_rule_id);
|
||||
TFE_LOG_INFO(enforcer->logger, "Del chaining policy %s", str_rule_id);
|
||||
free(param);
|
||||
*ad = NULL;
|
||||
}
|
||||
@@ -126,7 +119,7 @@ static void chaining_param_free(struct chaining_param *param)
|
||||
chaining_param_free_cb(0, (void **)¶m, 0, NULL);
|
||||
}
|
||||
|
||||
static void chaining_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
|
||||
static void chaining_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp)
|
||||
{
|
||||
struct chaining_param *param = (struct chaining_param *)*from;
|
||||
if (param)
|
||||
@@ -146,14 +139,9 @@ struct chaining_policy_enforcer *chaining_policy_enforcer_create(void *logger)
|
||||
struct chaining_policy_enforcer *enforcer = ALLOC(struct chaining_policy_enforcer, 1);
|
||||
enforcer->maat = tfe_get_maat_handle();
|
||||
enforcer->logger = logger;
|
||||
enforcer->table_id = maat_get_table_id(enforcer->maat, "SERVICE_CHAINING_COMPILE");
|
||||
if (enforcer->table_id < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "failed at register table of SERVICE_CHAINING_COMPILE, ret = %d", enforcer->table_id);
|
||||
goto error_out;
|
||||
}
|
||||
snprintf(enforcer->table_name, sizeof(enforcer->table_name), "SERVICE_CHAINING_COMPILE");
|
||||
|
||||
ret = maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_CHAINING_COMPILE",
|
||||
ret = maat_plugin_table_ex_schema_register(enforcer->maat, enforcer->table_name,
|
||||
chaining_param_new_cb,
|
||||
chaining_param_free_cb,
|
||||
chaining_param_dup_cb,
|
||||
@@ -179,10 +167,10 @@ void chaining_policy_enforcer_destory(struct chaining_policy_enforcer *enforcer)
|
||||
}
|
||||
}
|
||||
|
||||
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id)
|
||||
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t rule_id)
|
||||
{
|
||||
uint16_t size = 0;
|
||||
char rule_id_str[16] = {0};
|
||||
char str_rule_id[UUID_STR_LEN] = {0};
|
||||
uint8_t enalbe_decrypted_traffic_steering = 0;
|
||||
|
||||
tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size);
|
||||
@@ -191,11 +179,11 @@ void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct t
|
||||
return;
|
||||
}
|
||||
|
||||
snprintf(rule_id_str, sizeof(rule_id_str), "%lu", rule_id);
|
||||
struct chaining_param *param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_id, rule_id_str, strlen(rule_id_str));
|
||||
uuid_unparse(rule_id, str_rule_id);
|
||||
struct chaining_param *param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_name, str_rule_id, UUID_STR_LEN-1);
|
||||
if (param == NULL)
|
||||
{
|
||||
TFE_LOG_INFO(enforcer->logger, "Failed to get chaining parameter of policy %lu.", rule_id);
|
||||
TFE_LOG_INFO(enforcer->logger, "Failed to get chaining parameter of policy %s.", str_rule_id);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,4 +5,4 @@
|
||||
struct chaining_policy_enforcer;
|
||||
struct chaining_policy_enforcer *chaining_policy_enforcer_create(void *logger);
|
||||
void chaining_policy_enforcer_destory(struct chaining_policy_enforcer *enforcer);
|
||||
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id);
|
||||
void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t rule_id);
|
||||
@@ -386,9 +386,9 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c
|
||||
doh_get_integer_by_cmsg(common_obj, cmsg, TFE_CMSG_COMMON_DIRECTION, "direction");
|
||||
}
|
||||
|
||||
tfe_get_library_tags(stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_STR, "client_ip_tags");
|
||||
tfe_get_library_tags(stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_STR, "server_ip_tags");
|
||||
tfe_get_library_tags(stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_STR, "server_fqdn_tags");
|
||||
tfe_get_library_tags(stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_ARR, "client_ip_tags");
|
||||
tfe_get_library_tags(stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_ARR, "server_ip_tags");
|
||||
tfe_get_library_tags(stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_ARR, "server_fqdn_tags");
|
||||
|
||||
if (http->req)
|
||||
{
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
struct tcp_policy_enforcer
|
||||
{
|
||||
struct maat *maat;
|
||||
int table_id;
|
||||
char table_name[32];
|
||||
void *logger;
|
||||
};
|
||||
|
||||
@@ -37,19 +37,11 @@ struct tcp_profile_param
|
||||
struct side_conn_param server_side;
|
||||
};
|
||||
|
||||
static int parser_side_conn_param(const char *json_str, struct side_conn_param *out_val, void *logger)
|
||||
static int parser_side_conn_param(cJSON * json, struct side_conn_param *out_val, void *logger)
|
||||
{
|
||||
cJSON *json = NULL;
|
||||
cJSON *object = NULL;
|
||||
cJSON *item = NULL;
|
||||
|
||||
json = cJSON_Parse(json_str);
|
||||
if (json == NULL)
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "Invalid tcp option param %s", json_str);
|
||||
return -1;
|
||||
}
|
||||
|
||||
object = cJSON_GetObjectItem(json, "tcp_maxseg");
|
||||
if (object)
|
||||
{
|
||||
@@ -126,20 +118,16 @@ static int parser_side_conn_param(const char *json_str, struct side_conn_param *
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void profile_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
static void profile_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
|
||||
{
|
||||
int ret = 0;
|
||||
int profile_id = 0;
|
||||
int tcp_passthrough = 0;
|
||||
int bypass_duplicated_packet = 0;
|
||||
char client_side_conn_param[512] = {0};
|
||||
char server_side_conn_param[512] = {0};
|
||||
int is_valid = 0;
|
||||
cJSON * json_root = NULL;
|
||||
cJSON * json_subroot = NULL;
|
||||
cJSON * item = NULL;
|
||||
struct tcp_profile_param *param = NULL;
|
||||
struct tcp_policy_enforcer *enforcer = (struct tcp_policy_enforcer *)argp;
|
||||
|
||||
ret = sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%d", &profile_id, &tcp_passthrough, &bypass_duplicated_packet, client_side_conn_param, server_side_conn_param, &is_valid);
|
||||
if (ret != 6)
|
||||
json_root = cJSON_Parse(table_line);
|
||||
if (unlikely(!json_root))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option profile: %s", table_line);
|
||||
goto error_out;
|
||||
@@ -147,21 +135,48 @@ static void profile_param_new_cb(const char *table_name, int table_id, const cha
|
||||
|
||||
param = ALLOC(struct tcp_profile_param, 1);
|
||||
param->ref_cnt = 1;
|
||||
param->tcp_passthrough = tcp_passthrough;
|
||||
param->bypass_duplicated_packet = bypass_duplicated_packet;
|
||||
|
||||
if (parser_side_conn_param(client_side_conn_param, ¶m->client_side, enforcer->logger) == -1)
|
||||
item = cJSON_GetObjectItem(json_root, "tcp_passthrough");
|
||||
if (unlikely(!item || !cJSON_IsNumber(item)))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid tcp_passthrough format.", key);
|
||||
goto error_out;
|
||||
}
|
||||
param->tcp_passthrough = item->valueint;
|
||||
|
||||
item = cJSON_GetObjectItem(json_root, "bypass_duplicated_packet");
|
||||
if (unlikely(!item || !cJSON_IsNumber(item)))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid bypass_duplicated_packet format.", key);
|
||||
goto error_out;
|
||||
}
|
||||
param->bypass_duplicated_packet = item->valueint;
|
||||
|
||||
json_subroot = cJSON_GetObjectItem(json_root, "client_side_conn_param");
|
||||
if (unlikely(!json_subroot))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid client_side_conn_param format.", key);
|
||||
goto error_out;
|
||||
}
|
||||
if (parser_side_conn_param(json_subroot, ¶m->client_side, enforcer->logger) == -1)
|
||||
{
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
if (parser_side_conn_param(server_side_conn_param, ¶m->server_side, enforcer->logger) == -1)
|
||||
json_subroot = cJSON_GetObjectItem(json_root, "server_side_conn_param");
|
||||
if (unlikely(!json_subroot))
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid server_side_conn_param format.", key);
|
||||
goto error_out;
|
||||
}
|
||||
if (parser_side_conn_param(json_subroot, ¶m->server_side, enforcer->logger) == -1)
|
||||
{
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
*ad = param;
|
||||
TFE_LOG_INFO(enforcer->logger, "Add tcp option profile: %s", key);
|
||||
cJSON_Delete(json_root);
|
||||
return;
|
||||
|
||||
error_out:
|
||||
@@ -169,9 +184,13 @@ error_out:
|
||||
{
|
||||
free(param);
|
||||
}
|
||||
if (json_root)
|
||||
{
|
||||
cJSON_Delete(json_root);
|
||||
}
|
||||
}
|
||||
|
||||
static void profile_param_free_cb(int table_id, void **ad, long argl, void *argp)
|
||||
static void profile_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
|
||||
{
|
||||
struct tcp_profile_param *param = (struct tcp_profile_param *)*ad;
|
||||
if (param == NULL)
|
||||
@@ -186,7 +205,7 @@ static void profile_param_free_cb(int table_id, void **ad, long argl, void *argp
|
||||
}
|
||||
}
|
||||
|
||||
static void profile_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
|
||||
static void profile_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp)
|
||||
{
|
||||
struct tcp_profile_param *param = (struct tcp_profile_param *)*from;
|
||||
if (param)
|
||||
@@ -211,14 +230,9 @@ struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger)
|
||||
struct tcp_policy_enforcer *enforcer = ALLOC(struct tcp_policy_enforcer, 1);
|
||||
enforcer->maat = tfe_get_maat_handle();
|
||||
enforcer->logger = logger;
|
||||
enforcer->table_id = maat_get_table_id(enforcer->maat, "PXY_PROFILE_TCP_OPTION");
|
||||
if (enforcer->table_id < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "failed at register table of PXY_PROFILE_TCP_OPTION, ret = %d", enforcer->table_id);
|
||||
goto error_out;
|
||||
}
|
||||
snprintf(enforcer->table_name, sizeof(enforcer->table_name), "PXY_PROFILE_TCP_OPTION");
|
||||
|
||||
ret = maat_plugin_table_ex_schema_register(enforcer->maat, "PXY_PROFILE_TCP_OPTION",
|
||||
ret = maat_plugin_table_ex_schema_register(enforcer->maat, enforcer->table_name,
|
||||
profile_param_new_cb,
|
||||
profile_param_free_cb,
|
||||
profile_param_dup_cb,
|
||||
@@ -261,7 +275,7 @@ int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg
|
||||
}
|
||||
|
||||
snprintf(buffer, sizeof(buffer), "%d", profile_id);
|
||||
struct tcp_profile_param *param = (struct tcp_profile_param *)maat_plugin_table_get_ex_data(tcp_enforcer->maat, tcp_enforcer->table_id, buffer, strlen(buffer));
|
||||
struct tcp_profile_param *param = (struct tcp_profile_param *)maat_plugin_table_get_ex_data(tcp_enforcer->maat, tcp_enforcer->table_name, buffer, strlen(buffer));
|
||||
if (param == NULL)
|
||||
{
|
||||
TFE_LOG_INFO(tcp_enforcer->logger, "Failed to get tcp option parameter of profile %d.", profile_id);
|
||||
|
||||
@@ -257,9 +257,9 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
|
||||
tfe_get_integer_by_cmsg(common_obj, cmsg, TFE_CMSG_COMMON_DIRECTION, "direction");
|
||||
}
|
||||
|
||||
tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_STR, "client_ip_tags");
|
||||
tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_STR, "server_ip_tags");
|
||||
tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_STR, "server_fqdn_tags");
|
||||
tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_ARR, "client_ip_tags");
|
||||
tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_ARR, "server_ip_tags");
|
||||
tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_ARR, "server_fqdn_tags");
|
||||
|
||||
if (http->req)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user