Feature copy allow deny result to project
This commit is contained in:
刘学利
@@ -48,7 +48,8 @@ struct compile_user_region
|
|||||||
typedef enum _PULL_RESULT_TYPE
|
typedef enum _PULL_RESULT_TYPE
|
||||||
{
|
{
|
||||||
PULL_KNI_RESULT,
|
PULL_KNI_RESULT,
|
||||||
PULL_FW_RESULT
|
PULL_FW_RESULT,
|
||||||
|
PULL_ALL_RESULT
|
||||||
}PULL_RESULT_TYPE;
|
}PULL_RESULT_TYPE;
|
||||||
|
|
||||||
struct app_id_dict_table
|
struct app_id_dict_table
|
||||||
|
|||||||
@@ -466,7 +466,7 @@ static void copy_monitor_result(const struct streaminfo *a_stream, struct master
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void copy_intercept_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, int thread_seq)
|
static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq)
|
||||||
{
|
{
|
||||||
int ret=0;
|
int ret=0;
|
||||||
policy_priority_label_t *priority_label=NULL;
|
policy_priority_label_t *priority_label=NULL;
|
||||||
@@ -499,7 +499,7 @@ static void copy_intercept_result(const struct streaminfo *a_stream, struct mast
|
|||||||
}
|
}
|
||||||
|
|
||||||
priority_label->result_num=1;
|
priority_label->result_num=1;
|
||||||
priority_label->result_type=PULL_KNI_RESULT;
|
priority_label->result_type=result_type;
|
||||||
memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
|
memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
|
||||||
|
|
||||||
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
|
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
|
||||||
@@ -530,34 +530,6 @@ static void copy_intercept_result(const struct streaminfo *a_stream, struct mast
|
|||||||
return ;
|
return ;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void copy_deny_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq)
|
|
||||||
{
|
|
||||||
if(context->result==NULL)
|
|
||||||
{
|
|
||||||
context->hit_cnt=1;
|
|
||||||
context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t));
|
|
||||||
|
|
||||||
memcpy(context->result, p_result, sizeof(struct Maat_rule_t));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
context->hit_cnt=1;
|
|
||||||
memcpy(context->result, p_result, sizeof(struct Maat_rule_t));
|
|
||||||
}
|
|
||||||
|
|
||||||
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
||||||
RLOG_LV_DEBUG,
|
|
||||||
"DENY",
|
|
||||||
"Hit deny policy, policy_id: %d service: %d action: %d addr: %s",
|
|
||||||
p_result[0].config_id,
|
|
||||||
p_result[0].service_id,
|
|
||||||
(unsigned char)p_result[0].action,
|
|
||||||
PRINTADDR(a_stream, g_tsg_para.level)
|
|
||||||
);
|
|
||||||
|
|
||||||
return ;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq)
|
static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq)
|
||||||
{
|
{
|
||||||
if(context->result==NULL)
|
if(context->result==NULL)
|
||||||
@@ -1268,6 +1240,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
|
|||||||
{
|
{
|
||||||
context->hit_cnt=0;
|
context->hit_cnt=0;
|
||||||
master_send_log(a_stream, p_result, 1, context->domain, context->proto, a_stream->threadnum);
|
master_send_log(a_stream, p_result, 1, context->domain, context->proto, a_stream->threadnum);
|
||||||
|
copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum);
|
||||||
MESA_handle_runtime_log(g_tsg_para.logger,
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
||||||
RLOG_LV_DEBUG,
|
RLOG_LV_DEBUG,
|
||||||
"DENY",
|
"DENY",
|
||||||
@@ -1288,6 +1261,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
|
|||||||
break;
|
break;
|
||||||
case TSG_ACTION_BYPASS:
|
case TSG_ACTION_BYPASS:
|
||||||
copy_bypass_result(a_stream, context, p_result, a_stream->threadnum);
|
copy_bypass_result(a_stream, context, p_result, a_stream->threadnum);
|
||||||
|
copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum);
|
||||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
|
||||||
state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
|
state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
|
||||||
break;
|
break;
|
||||||
@@ -1298,7 +1272,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
copy_intercept_result(a_stream, context, p_result, context->domain, context->proto, a_stream->threadnum);
|
copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_KNI_RESULT, a_stream->threadnum);
|
||||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
|
||||||
state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
|
state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -1027,7 +1027,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
|
|||||||
label=(policy_priority_label_t *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
|
label=(policy_priority_label_t *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
|
||||||
if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL)
|
if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL)
|
||||||
{
|
{
|
||||||
if(label->result_type==pull_result_type)
|
if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT))
|
||||||
{
|
{
|
||||||
num=MIN(label->result_num, result_num);
|
num=MIN(label->result_num, result_num);
|
||||||
memcpy(result, label->result, num*sizeof(Maat_rule_t));
|
memcpy(result, label->result, num*sizeof(Maat_rule_t));
|
||||||
@@ -1042,19 +1042,6 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
|
|||||||
|
|
||||||
return num;
|
return num;
|
||||||
}
|
}
|
||||||
|
|
||||||
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
||||||
RLOG_LV_DEBUG,
|
|
||||||
"PULL_RESULT",
|
|
||||||
"pull policy failed, hit: %s %s: %s policy_id: %d service: %d action: %d addr: %s",
|
|
||||||
(label->result_type==PULL_KNI_RESULT) ? "KNI" : "FW",
|
|
||||||
label->proto==PROTO_HTTP ? "host" : "sni",
|
|
||||||
label->domain,
|
|
||||||
label->result->config_id,
|
|
||||||
label->result->service_id,
|
|
||||||
label->result->action,
|
|
||||||
PRINTADDR(a_stream, g_tsg_para.level)
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -1297,13 +1297,14 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
|
|||||||
rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", _instance->refresh_interval_ms, kafka_errstr, sizeof(kafka_errstr));
|
rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", _instance->refresh_interval_ms, kafka_errstr, sizeof(kafka_errstr));
|
||||||
rd_kafka_conf_set(rdkafka_conf, "request.required.acks", _instance->require_ack, kafka_errstr, sizeof(kafka_errstr));
|
rd_kafka_conf_set(rdkafka_conf, "request.required.acks", _instance->require_ack, kafka_errstr, sizeof(kafka_errstr));
|
||||||
rd_kafka_conf_set(rdkafka_conf, "socket.keepalive.enable", "true", kafka_errstr, sizeof(kafka_errstr));
|
rd_kafka_conf_set(rdkafka_conf, "socket.keepalive.enable", "true", kafka_errstr, sizeof(kafka_errstr));
|
||||||
|
rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", _instance->broker_list, kafka_errstr, sizeof(kafka_errstr));
|
||||||
|
|
||||||
if(!(kafka_handle=rd_kafka_new(RD_KAFKA_PRODUCER, rdkafka_conf, kafka_errstr, sizeof(kafka_errstr))))
|
if(!(kafka_handle=rd_kafka_new(RD_KAFKA_PRODUCER, rdkafka_conf, kafka_errstr, sizeof(kafka_errstr))))
|
||||||
{
|
{
|
||||||
MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "rd_kafka_new is error");
|
MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "rd_kafka_new is error");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
#if 0
|
||||||
if(rd_kafka_brokers_add(kafka_handle, _instance->broker_list) == 0)
|
if(rd_kafka_brokers_add(kafka_handle, _instance->broker_list) == 0)
|
||||||
{
|
{
|
||||||
MESA_handle_runtime_log(_instance->logger,
|
MESA_handle_runtime_log(_instance->logger,
|
||||||
@@ -1314,7 +1315,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
|
|||||||
);
|
);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
load_log_common_field(_instance->common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
|
load_log_common_field(_instance->common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
|
||||||
|
|
||||||
if(_instance->service2topic!=NULL)
|
if(_instance->service2topic!=NULL)
|
||||||
|
|||||||
Reference in New Issue
Block a user