TSG-18071 选择Internal作为Condition时,无法命中策略
This commit is contained in:
fengweihao
@@ -341,80 +341,6 @@ int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt,
|
||||
return hit_app_id;
|
||||
}
|
||||
|
||||
int tfe_scan_ipv4_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
{
|
||||
int table_id=0;
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t n_hit_result = 0;
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
|
||||
return hit_cnt_ip;
|
||||
}
|
||||
|
||||
int tfe_scan_ipv6_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
{
|
||||
int table_id=0;
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t n_hit_result = 0;
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
return hit_cnt_ip;
|
||||
}
|
||||
|
||||
static int get_route_dir(const struct tfe_stream * stream)
|
||||
{
|
||||
uint16_t out_size;
|
||||
@@ -429,21 +355,54 @@ static int get_route_dir(const struct tfe_stream * stream)
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return (route_dir==69) ? 0 : 1;
|
||||
return (route_dir==69) ? 1 : 0;
|
||||
}
|
||||
|
||||
int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s)
|
||||
{
|
||||
int scan_ret = 0;
|
||||
int table_id=0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t array_size=256;
|
||||
size_t n_hit_result = 0;
|
||||
long long group_id_array[256]={0};
|
||||
|
||||
int dir_is_e2i = get_route_dir(stream);
|
||||
int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR");
|
||||
int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR");
|
||||
|
||||
if(c2s == 1) table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
|
||||
if(c2s == 0) table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
|
||||
|
||||
size_t n_last_hit_group = maat_state_get_last_hit_group_id_cnt(scan_mid);
|
||||
if(n_last_hit_group > 0)
|
||||
{
|
||||
maat_state_get_last_hit_group_ids(scan_mid, group_id_array, array_size);
|
||||
scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, group_id_array, array_size, result+hit_cnt+hit_cnt_ip,
|
||||
MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
}
|
||||
|
||||
return hit_cnt_ip;
|
||||
}
|
||||
|
||||
int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
{
|
||||
int table_id=0;
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t n_hit_result = 0;
|
||||
|
||||
int dir_is_e2i = get_route_dir(stream);
|
||||
int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR");
|
||||
int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR");
|
||||
|
||||
table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -456,8 +415,13 @@ int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *resu
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
hit_cnt_ip += scan_ret;
|
||||
}
|
||||
|
||||
table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -470,22 +434,23 @@ int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *resu
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
hit_cnt_ip += scan_ret;
|
||||
}
|
||||
|
||||
return hit_cnt_ip;
|
||||
}
|
||||
|
||||
int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
{
|
||||
int table_id=0;
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t n_hit_result = 0;
|
||||
|
||||
int dir_is_e2i = get_route_dir(stream);
|
||||
int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR");
|
||||
int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR");
|
||||
|
||||
table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -498,7 +463,13 @@ int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *resu
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
|
||||
scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
hit_cnt_ip += scan_ret;
|
||||
}
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -511,5 +482,11 @@ int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *resu
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
hit_cnt_ip += scan_ret;
|
||||
}
|
||||
|
||||
return hit_cnt_ip;
|
||||
}
|
||||
Reference in New Issue
Block a user