From 5bc9831e03fcc566737b9a6a97459458bc5dddcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E5=AD=A6=E5=88=A9?= Date: Fri, 28 Apr 2023 06:03:16 +0000 Subject: [PATCH] =?UTF-8?q?TSG-14911:=20=E6=94=AF=E6=8C=81=E4=BB=8E?= =?UTF-8?q?=E7=AD=96=E7=95=A5=E7=94=A8=E6=88=B7=E8=87=AA=E5=AE=9A=E4=B9=89?= =?UTF-8?q?=E4=B8=AD=E8=A7=A3=E6=9E=90vsys=20id,=20Secutiry=20Rule=20Hits?= =?UTF-8?q?=20metrics=E4=B8=AD=E5=A1=AB=E5=86=99=E7=AD=96=E7=95=A5?= =?UTF-8?q?=E6=8C=87=E5=AE=9A=E7=9A=84vsys=20id?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inc/tsg_rule.h | 3 ++- src/tsg_rule.cpp | 6 ++++++ src/tsg_send_log.cpp | 19 ++++--------------- src/tsg_statistic.cpp | 4 +++- src/version.map | 1 + 5 files changed, 16 insertions(+), 17 deletions(-) diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 75a5bb8..a708790 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -58,7 +58,8 @@ struct maat_rule unsigned char action; unsigned char service_id; unsigned char do_log; - unsigned char padding[5]; + unsigned char padding; + int vsys_id; }; struct matched_policy_rules diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 98511f5..30dd917 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -1234,6 +1234,12 @@ void ex_data_security_compile_new(const char *table_name, int table_id, const ch break; } + cJSON *item=cJSON_GetObjectItem(user_region_object, "vsys_id"); + if(item!=NULL) + { + compile->rule.vsys_id=item->valueint; + } + cJSON_Delete(user_region_object); user_region_object=NULL; } diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 5d9632c..89a649c 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -1517,7 +1517,6 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo cJSON *object=NULL; TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name); - TLD_delete(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name); if(p_result->action!=TSG_ACTION_NONE) @@ -1536,11 +1535,10 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo } if(object==NULL) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)(_instance->vsystem_id), TLD_TYPE_LONG); + { return 0; } - + if(p_result->action==TSG_ACTION_DENY) { item=cJSON_GetObjectItem(object, "method"); @@ -1550,16 +1548,6 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo } } - item=cJSON_GetObjectItem(object, "vsys_id"); - if(item!=NULL) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)item->valueint, TLD_TYPE_LONG); - } - else - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); - } - cJSON_Delete(object); object=NULL; @@ -2124,6 +2112,7 @@ int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_han TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(rules[i].rule_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(rules[i].service_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)rules[i].action), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)rules[i].vsys_id, TLD_TYPE_LONG); set_policy_action_para_exec_result(_instance, _handle, a_stream, &(rules[i])); @@ -2135,6 +2124,7 @@ int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_han TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name); + TLD_delete(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name); } return 0; @@ -2173,7 +2163,6 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)tsg_data_center_get(), TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)tsg_device_tag_get(), TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); set_application_behavior(_instance, _handle, a_stream); diff --git a/src/tsg_statistic.cpp b/src/tsg_statistic.cpp index 2d68fb5..2840408 100644 --- a/src/tsg_statistic.cpp +++ b/src/tsg_statistic.cpp @@ -28,18 +28,20 @@ enum metric_tags_index { TAG_RULE_ID = 0, TAG_ACTION, + TAG_VSYS_ID, TAG_MAX }; enum field_type metric_column_type[COLUMN_MAX] = {FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER}; const char *metric_column_field[COLUMN_MAX] = {"hit_count", "in_bytes", "out_bytes", "in_pkts", "out_pkts"}; unsigned int metric_column_array[COLUMN_MAX] = {0}; -struct fieldstat_tag g_metric_tags[TAG_MAX] = {{"rule_id", 0, -1}, {"action", 0, -1}}; +struct fieldstat_tag g_metric_tags[TAG_MAX] = {{"rule_id", 0, -1}, {"action", 0, -1}, {"vsys_id", 0, -1}}; struct fieldstat_tag *tsg_set_metric_tags(struct maat_rule *p_result, int thread_seq) { g_tsg_statis_para.metric_tags[thread_seq][TAG_RULE_ID].value_int = p_result->rule_id; g_tsg_statis_para.metric_tags[thread_seq][TAG_ACTION].value_int = p_result->action; + g_tsg_statis_para.metric_tags[thread_seq][TAG_VSYS_ID].value_int = p_result->vsys_id; return g_tsg_statis_para.metric_tags[thread_seq]; } diff --git a/src/version.map b/src/version.map index f695908..03fb92e 100644 --- a/src/version.map +++ b/src/version.map @@ -15,6 +15,7 @@ global: *srt_process_context_*; *session_matched_rules_notify*; *session_matched_rules_copy*; + *session_packet_capture_by_rules_notify*; *GIT*; }; local: *;