diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 489bac1..54c35a1 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -231,6 +231,10 @@ static char *cerate_device_id(const char *profile, const char *section, void *lo } device_id = tfe_strdup(item->valuestring); + if(tsg_sn_file) + { + FREE(&tsg_sn_file); + } cJSON_Delete(json); TFE_LOG_INFO(logger, "tfe device id : %s", device_id); @@ -238,7 +242,13 @@ static char *cerate_device_id(const char *profile, const char *section, void *lo finish: TFE_LOG_INFO(logger, "tfe use default device id : %s", device_def_id); if (json) - cJSON_Delete(json); + { + cJSON_Delete(json); + } + if(tsg_sn_file) + { + FREE(&tsg_sn_file); + } return (char *)device_def_id; } diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index d7e89b0..ac5b601 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -107,7 +107,6 @@ struct doh_action_param char *message; char *position; float enforcement_ratio; - int vsys_id; int profile_id; int status_code; size_t n_rule; @@ -486,6 +485,12 @@ static void doh_ctx_free(struct doh_ctx *ctx) ctx->opts = NULL; } + if(ctx->scan_mid) + { + maat_state_free(ctx->scan_mid); + ctx->scan_mid = NULL; + } + if (ctx->http_req_body) { evbuffer_free(ctx->http_req_body); @@ -515,7 +520,6 @@ static void doh_ctx_free(struct doh_ctx *ctx) free(ctx->location_server); ctx->location_server = NULL; } - FREE(&ctx); } diff --git a/plugin/business/doh/src/pub.h b/plugin/business/doh/src/pub.h index 406b0f9..6606312 100644 --- a/plugin/business/doh/src/pub.h +++ b/plugin/business/doh/src/pub.h @@ -82,6 +82,7 @@ struct doh_maat_rule_t unsigned char do_blacklist; unsigned char action; char *srv_def_large; + int vsys_id; }; struct doh_ctx diff --git a/plugin/business/tsg-http/include/tsg_proxy_logger.h b/plugin/business/tsg-http/include/tsg_proxy_logger.h index 1e60702..223ee8d 100644 --- a/plugin/business/tsg-http/include/tsg_proxy_logger.h +++ b/plugin/business/tsg-http/include/tsg_proxy_logger.h @@ -11,6 +11,7 @@ struct log_rule_t unsigned char do_blacklist; unsigned char action; char *srv_def_large; + int vsys_id; }; struct proxy_log @@ -26,7 +27,6 @@ struct proxy_log char *asn_server; char *location_client; char *location_server; - int vsys_id; }; struct proxy_logger; struct proxy_logger* proxy_log_handle_create(const char* profile, const char* section, void* local_logger); diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 6f8947d..af64d20 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -128,6 +128,7 @@ struct maat_rule_t unsigned char do_blacklist; unsigned char action; char *srv_def_large; + int vsys_id; }; struct policy_action_param @@ -137,7 +138,6 @@ struct policy_action_param char *message; char *position; float enforcement_ratio; - int vsys_id; int profile_id; int status_code; @@ -390,13 +390,14 @@ void octal_utf8_escapes(char *input) void policy_action_param_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int ret=0; - int config_id=0, service_id=0, action=0; + long long config_id=0; + int service_id=0, action=0; int do_log=0,do_blacklist=0,is_valid=0; char effective_range[1024]={0}; char srv_def_large[8192]={0}; struct policy_action_param* param=NULL; - ret=sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%s\t%s\t%d", &config_id, &service_id, &action, &do_blacklist, &do_log,effective_range, srv_def_large, &is_valid); + ret=sscanf(table_line, "%lld\t%d\t%d\t%d\t%d\t%s\t%s\t%d", &config_id, &service_id, &action, &do_blacklist, &do_log,effective_range, srv_def_large, &is_valid); if(ret!=8) { TFE_LOG_ERROR(g_proxy_rt->local_logger, "ctrl policy table parse failed, ret:%d, %s", ret, table_line); @@ -415,14 +416,14 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k json=cJSON_Parse(srv_def_large); if(json==NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "invalid policy parameter: id = %d", config_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "invalid policy parameter: id = %lld", config_id); return; } item=cJSON_GetObjectItem(json, "protocol"); if(unlikely(!item || !cJSON_IsString(item))) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid policy parameter: %d invalid protocol format", config_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid policy parameter: %lld invalid protocol format", config_id); goto error_out; } @@ -454,14 +455,14 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } break; case MA_ACTION_REDIRECT: item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } item=cJSON_GetObjectItem(json,"code"); if(item && item->type==cJSON_Number) @@ -487,7 +488,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } item=cJSON_GetObjectItem(json,"code"); if(item && item->type==cJSON_Number) @@ -509,7 +510,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } item=cJSON_GetObjectItem(json,"enforcement_ratio"); if(item && item->type==cJSON_Number) @@ -549,7 +550,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } item=cJSON_GetObjectItem(json,"hijack_profile"); if(item && item->type==cJSON_Number){ @@ -569,7 +570,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } item=cJSON_GetObjectItem(json,"insert_profile"); if(item && item->type==cJSON_Number){ @@ -593,7 +594,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } rules = cJSON_GetObjectItem(json, "rules"); if(rules == NULL) @@ -636,7 +637,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k item=cJSON_GetObjectItem(json,"vsys_id"); if(item && item->type==cJSON_Number) { - param->vsys_id= item->valueint; + param->hit_rule.vsys_id=item->valueint; } item=cJSON_GetObjectItem(json,"run_script_profile"); if(item && item->type==cJSON_Number){ @@ -656,7 +657,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k break; } *ad=param; - TFE_LOG_INFO(g_proxy_rt->local_logger, "Add ctrl policy: %d", config_id); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Add ctrl policy: %lld", config_id); error_out: cJSON_Delete(json); return; @@ -1560,6 +1561,10 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, { *param=(struct policy_action_param*)ex_data; } + if(hit_rules) + { + FREE(&hit_rules); + } return prior_action; } @@ -3249,12 +3254,6 @@ void proxy_on_http_end(const struct tfe_stream * stream, .req_body=ctx->log_req_body, .resp_body=ctx->log_resp_body, .action=0, .inject_sz=ctx->inject_sz, .asn_client=ctx->ip_ctx.asn_client, .asn_server=ctx->ip_ctx.asn_server, .location_client=ctx->ip_ctx.location_client, .location_server=ctx->ip_ctx.location_server}; - - if(ctx != NULL && ctx->param != NULL) - { - log_msg.vsys_id = ctx->param->vsys_id; - } - if(ctx->action == PX_ACTION_MANIPULATE) { log_msg.action = ctx->param->action; diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index d9fb2fe..e15ed4c 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -225,7 +225,6 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) cJSON_AddNumberToObject(common_obj, "common_stream_dir", 3); //1:c2s, 2:s2c, 3:double cJSON_AddStringToObject(common_obj, "common_sled_ip", handle->kafka_logger->local_ip_str); cJSON_AddNumberToObject(common_obj, "common_t_vsys_id", handle->kafka_logger->t_vsys_id); - cJSON_AddNumberToObject(common_obj, "common_vsys_id", log_msg->vsys_id); cJSON_AddNumberToObject(common_obj, "common_entrance_id", handle->entry_id); cJSON_AddStringToObject(common_obj, "common_device_id", handle->device_id); cJSON_AddNumberToObject(common_obj, "common_c2s_byte_num", c2s_byte_num); @@ -361,6 +360,7 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) per_hit_obj=cJSON_Duplicate(common_obj, 1); cJSON_AddNumberToObject(per_hit_obj, "common_policy_id", log_msg->result[i].config_id); cJSON_AddNumberToObject(per_hit_obj, "common_service", log_msg->result[i].service_id); + cJSON_AddNumberToObject(per_hit_obj, "common_vsys_id", log_msg->result[i].vsys_id); cJSON_AddNumberToObject(per_hit_obj, "common_action", LG_ACTION_MANIPULATE); if(log_msg->result[i].action == LG_ACTION_MANIPULATE) { diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 73a5e77..8719fcf 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -1,6 +1,6 @@ { "compile_table": "PXY_CTRL_COMPILE", - "group2compile_table": "GROUP_COMPILE_RELATION", + "group2compile_table": "GROUP_PXY_CTRL_COMPILE_RELATION", "group2group_table": "GROUP_GROUP_RELATION", "rules": [ {