TSG-8709: 支持执行Default Security Policy(Deny/Allow)
This commit is contained in:
liuxueli
@@ -28,6 +28,7 @@ enum TSG_METHOD_TYPE
|
|||||||
TSG_METHOD_TYPE_RATE_LIMIT,
|
TSG_METHOD_TYPE_RATE_LIMIT,
|
||||||
TSG_METHOD_TYPE_MIRRORED,
|
TSG_METHOD_TYPE_MIRRORED,
|
||||||
TSG_METHOD_TYPE_TAMPER,
|
TSG_METHOD_TYPE_TAMPER,
|
||||||
|
TSG_METHOD_TYPE_DEFAULT,
|
||||||
TSG_METHOD_TYPE_MAX
|
TSG_METHOD_TYPE_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -573,6 +573,85 @@ static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule
|
|||||||
return STATE_DROPME|STATE_DROPPKT;
|
return STATE_DROPME|STATE_DROPPKT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
|
||||||
|
{
|
||||||
|
if(user_region==NULL)
|
||||||
|
{
|
||||||
|
return do_action_drop(a_stream, p_result, user_region, protocol, user_data);
|
||||||
|
}
|
||||||
|
|
||||||
|
struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
|
||||||
|
if(_context==NULL)
|
||||||
|
{
|
||||||
|
_context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
|
||||||
|
memset(_context, 0, sizeof(struct tcpall_context));
|
||||||
|
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
|
||||||
|
_context->method_type=TSG_METHOD_TYPE_TAMPER;
|
||||||
|
_context->tamper_count = 1;
|
||||||
|
}else{
|
||||||
|
if(_context->method_type != TSG_METHOD_TYPE_TAMPER)
|
||||||
|
{
|
||||||
|
_context->method_type=TSG_METHOD_TYPE_TAMPER;
|
||||||
|
_context->tamper_count = 1;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
//to do error log
|
||||||
|
//_context->method_type
|
||||||
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
||||||
|
RLOG_LV_DEBUG,
|
||||||
|
__FUNCTION__,
|
||||||
|
"_context->method_type : %d",
|
||||||
|
_context->method_type);
|
||||||
|
|
||||||
|
return STATE_GIVEME;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(0 == send_tamper_xxx(a_stream, &_context->tamper_count, user_data)){
|
||||||
|
return STATE_DROPPKT;
|
||||||
|
}
|
||||||
|
return STATE_GIVEME;
|
||||||
|
}
|
||||||
|
|
||||||
|
static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
|
||||||
|
{
|
||||||
|
struct deny_user_region *deny_region=NULL;
|
||||||
|
|
||||||
|
switch(a_stream->type)
|
||||||
|
{
|
||||||
|
case STREAM_TYPE_TCP:
|
||||||
|
deny_region=&(user_region->session_para->tcp);
|
||||||
|
break;
|
||||||
|
case STREAM_TYPE_UDP:
|
||||||
|
deny_region=&(user_region->session_para->udp);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return STATE_DROPME|STATE_DROPPKT;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(deny_region->type)
|
||||||
|
{
|
||||||
|
case TSG_DENY_TYPE_DEFAULT_RST:
|
||||||
|
do_action_reset(a_stream, p_result, protocol);
|
||||||
|
break;
|
||||||
|
case TSG_DENY_TYPE_SEND_ICMP:
|
||||||
|
case TSG_DENY_TYPE_DEFAULT_DROP:
|
||||||
|
struct compile_user_region tmp_user_region;
|
||||||
|
tmp_user_region.deny=deny_region;
|
||||||
|
tmp_user_region.capture.enabled=0;
|
||||||
|
tmp_user_region.capture.depth=0;
|
||||||
|
tmp_user_region.method_type=TSG_METHOD_TYPE_DROP;
|
||||||
|
do_action_drop(a_stream, p_result, &tmp_user_region, protocol, user_data);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return STATE_DROPME|STATE_DROPPKT;
|
||||||
|
}
|
||||||
|
|
||||||
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type)
|
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type)
|
||||||
{
|
{
|
||||||
struct tcpall_context *context=NULL;
|
struct tcpall_context *context=NULL;
|
||||||
@@ -725,42 +804,6 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M
|
|||||||
return STATE_DROPME|STATE_DROPPKT;
|
return STATE_DROPME|STATE_DROPPKT;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
|
|
||||||
{
|
|
||||||
if(user_region==NULL){
|
|
||||||
return do_action_drop(a_stream, p_result, user_region, protocol, user_data);
|
|
||||||
}
|
|
||||||
|
|
||||||
struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
|
|
||||||
if(_context==NULL){
|
|
||||||
_context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
|
|
||||||
memset(_context, 0, sizeof(struct tcpall_context));
|
|
||||||
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
|
|
||||||
_context->method_type=TSG_METHOD_TYPE_TAMPER;
|
|
||||||
_context->tamper_count = -1;
|
|
||||||
}else{
|
|
||||||
if(_context->method_type == TSG_METHOD_TYPE_UNKNOWN){
|
|
||||||
_context->method_type=TSG_METHOD_TYPE_TAMPER;
|
|
||||||
_context->tamper_count = -1;
|
|
||||||
}else if (_context->method_type == TSG_METHOD_TYPE_TAMPER){
|
|
||||||
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
||||||
RLOG_LV_DEBUG,
|
|
||||||
__FUNCTION__,
|
|
||||||
"Tamper is been processed, _context->method_type : %d",
|
|
||||||
_context->method_type);
|
|
||||||
return STATE_GIVEME;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(a_stream->type != STREAM_TYPE_TCP){
|
|
||||||
if(0 == send_tamper_xxx(a_stream, &_context->tamper_count, user_data)){
|
|
||||||
return STATE_DROPPKT;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return STATE_GIVEME;
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
|
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
|
||||||
{
|
{
|
||||||
unsigned char local_state=STATE_GIVEME;
|
unsigned char local_state=STATE_GIVEME;
|
||||||
@@ -805,10 +848,20 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
|
|||||||
case TSG_METHOD_TYPE_TAMPER:
|
case TSG_METHOD_TYPE_TAMPER:
|
||||||
local_state=do_action_tamper(a_stream, p_result, user_region, protocol, user_data);
|
local_state=do_action_tamper(a_stream, p_result, user_region, protocol, user_data);
|
||||||
break;
|
break;
|
||||||
|
case TSG_METHOD_TYPE_DEFAULT:
|
||||||
|
local_state=do_action_default_xxx(a_stream, p_result, user_region, protocol, user_data);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if(method_type!=TSG_METHOD_TYPE_DEFAULT)
|
||||||
|
{
|
||||||
|
struct tcpall_context *context=NULL;
|
||||||
|
tsg_set_method_to_tcpall(a_stream, &context, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum);
|
||||||
|
}
|
||||||
|
|
||||||
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
|
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
|
||||||
|
|
||||||
state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME);
|
state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME);
|
||||||
|
|||||||
4297
src/tsg_entry.cpp
4297
src/tsg_entry.cpp
File diff suppressed because it is too large
Load Diff
@@ -207,12 +207,12 @@ struct master_context
|
|||||||
struct tcpall_context
|
struct tcpall_context
|
||||||
{
|
{
|
||||||
int set_latency_flag;
|
int set_latency_flag;
|
||||||
int vlan_num;
|
|
||||||
enum TSG_METHOD_TYPE method_type;
|
enum TSG_METHOD_TYPE method_type;
|
||||||
union
|
union
|
||||||
{
|
{
|
||||||
struct leaky_bucket *bucket;
|
struct leaky_bucket *bucket;
|
||||||
long tamper_count;
|
long tamper_count;
|
||||||
|
int after_n_packets;
|
||||||
void *para;
|
void *para;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -242,7 +242,6 @@ typedef struct tsg_para
|
|||||||
enum DEPLOY_MODE deploy_mode;
|
enum DEPLOY_MODE deploy_mode;
|
||||||
int scan_time_interval;
|
int scan_time_interval;
|
||||||
int hit_path_switch;
|
int hit_path_switch;
|
||||||
int default_compile_switch;
|
|
||||||
int default_compile_id;
|
int default_compile_id;
|
||||||
int table_id[TABLE_MAX];
|
int table_id[TABLE_MAX];
|
||||||
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
|
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
|
||||||
@@ -376,7 +375,7 @@ void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* ar
|
|||||||
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
|
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
|
||||||
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
||||||
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
|
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
|
||||||
|
int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq);
|
||||||
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
|
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
|
||||||
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
|
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,8 @@ enum TSG_DENY_TYPE
|
|||||||
TSG_DENY_TYPE_REDIRECT_URL,
|
TSG_DENY_TYPE_REDIRECT_URL,
|
||||||
TSG_DENY_TYPE_REDIRECT_RECORD,
|
TSG_DENY_TYPE_REDIRECT_RECORD,
|
||||||
TSG_DENY_TYPE_SEND_ICMP,
|
TSG_DENY_TYPE_SEND_ICMP,
|
||||||
|
TSG_DENY_TYPE_DEFAULT_RST,
|
||||||
|
TSG_DENY_TYPE_DEFAULT_DROP,
|
||||||
TSG_DENY_TYPE_MAX
|
TSG_DENY_TYPE_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -52,7 +54,6 @@ struct dns_answer_records
|
|||||||
struct dns_record_val record_val;
|
struct dns_record_val record_val;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
struct dns_profile_records
|
struct dns_profile_records
|
||||||
{
|
{
|
||||||
int ref_cnt;
|
int ref_cnt;
|
||||||
@@ -83,6 +84,7 @@ struct deny_user_region
|
|||||||
{
|
{
|
||||||
int code;
|
int code;
|
||||||
int records_num;
|
int records_num;
|
||||||
|
int after_n_packets;
|
||||||
};
|
};
|
||||||
union
|
union
|
||||||
{
|
{
|
||||||
@@ -91,7 +93,7 @@ struct deny_user_region
|
|||||||
struct dns_user_region *records;
|
struct dns_user_region *records;
|
||||||
int profile_id;
|
int profile_id;
|
||||||
int bps;
|
int bps;
|
||||||
int send_icmp_unreachable_enable;
|
int send_icmp_enable;
|
||||||
void *para;
|
void *para;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -109,6 +111,13 @@ struct monitor_user_region
|
|||||||
int profile_id;
|
int profile_id;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct default_session_para
|
||||||
|
{
|
||||||
|
struct Maat_rule_t result; //XJ default policy
|
||||||
|
struct deny_user_region tcp;
|
||||||
|
struct deny_user_region udp;
|
||||||
|
};
|
||||||
|
|
||||||
struct compile_user_region
|
struct compile_user_region
|
||||||
{
|
{
|
||||||
int ref_cnt;
|
int ref_cnt;
|
||||||
@@ -117,8 +126,8 @@ struct compile_user_region
|
|||||||
{
|
{
|
||||||
struct deny_user_region *deny;
|
struct deny_user_region *deny;
|
||||||
struct monitor_user_region *mirror;
|
struct monitor_user_region *mirror;
|
||||||
struct Maat_rule_t *result; //XJ default policy
|
struct default_session_para *session_para;
|
||||||
void *user_region_para;
|
void *user_region_para;
|
||||||
};
|
};
|
||||||
struct packet_capture capture;
|
struct packet_capture capture;
|
||||||
};
|
};
|
||||||
|
|||||||
119
src/tsg_rule.cpp
119
src/tsg_rule.cpp
@@ -42,7 +42,8 @@ const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNK
|
|||||||
{TSG_METHOD_TYPE_ALERT, 5, (char *)"alert"},
|
{TSG_METHOD_TYPE_ALERT, 5, (char *)"alert"},
|
||||||
{TSG_METHOD_TYPE_RATE_LIMIT, 10, (char *)"rate_limit"},
|
{TSG_METHOD_TYPE_RATE_LIMIT, 10, (char *)"rate_limit"},
|
||||||
{TSG_METHOD_TYPE_MIRRORED, 8, (char *)"mirrored"},
|
{TSG_METHOD_TYPE_MIRRORED, 8, (char *)"mirrored"},
|
||||||
{TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"}
|
{TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"},
|
||||||
|
{TSG_METHOD_TYPE_DEFAULT, 7, (char *)"default"}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -860,6 +861,67 @@ static struct dns_user_region *parse_dns_user_region(cJSON *resolution_array, in
|
|||||||
return records;
|
return records;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int parse_default_para(cJSON *deny_user_region_object, struct compile_user_region *user_region)
|
||||||
|
{
|
||||||
|
cJSON *method_item=NULL;
|
||||||
|
cJSON *tcp_session_item=cJSON_GetObjectItem(deny_user_region_object, "tcp_session");
|
||||||
|
cJSON *udp_session_item=cJSON_GetObjectItem(deny_user_region_object, "udp_session");
|
||||||
|
if(tcp_session_item==NULL || udp_session_item==NULL)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
user_region->method_type=TSG_METHOD_TYPE_DEFAULT;
|
||||||
|
user_region->session_para=(struct default_session_para *)calloc(1, sizeof(struct default_session_para));
|
||||||
|
|
||||||
|
method_item=cJSON_GetObjectItem(tcp_session_item, "method");
|
||||||
|
if(method_item!=NULL)
|
||||||
|
{
|
||||||
|
int method_type=tsg_get_method_id(method_item->valuestring);
|
||||||
|
switch(method_type)
|
||||||
|
{
|
||||||
|
case TSG_METHOD_TYPE_RST:
|
||||||
|
case TSG_METHOD_TYPE_RESET:
|
||||||
|
user_region->session_para->tcp.type=TSG_DENY_TYPE_DEFAULT_RST;
|
||||||
|
get_integer_from_json(tcp_session_item, "after_n_packets", &(user_region->session_para->tcp.after_n_packets));
|
||||||
|
break;
|
||||||
|
case TSG_METHOD_TYPE_DROP:
|
||||||
|
get_integer_from_json(tcp_session_item, "after_n_packets", &(user_region->session_para->tcp.after_n_packets));
|
||||||
|
get_integer_from_json(tcp_session_item, "send_icmp_unreachable", &(user_region->session_para->tcp.send_icmp_enable));
|
||||||
|
if(user_region->session_para->tcp.send_icmp_enable==1)
|
||||||
|
{
|
||||||
|
user_region->session_para->tcp.type=TSG_DENY_TYPE_SEND_ICMP;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
user_region->session_para->tcp.type=TSG_DENY_TYPE_DEFAULT_DROP;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
method_item=cJSON_GetObjectItem(udp_session_item, "method");
|
||||||
|
if(method_item!=NULL)
|
||||||
|
{
|
||||||
|
user_region->session_para->udp.type=TSG_DENY_TYPE_DEFAULT_DROP;
|
||||||
|
get_integer_from_json(udp_session_item, "after_n_packets", &(user_region->session_para->udp.after_n_packets));
|
||||||
|
get_integer_from_json(udp_session_item, "send_icmp_unreachable", &(user_region->session_para->udp.send_icmp_enable));
|
||||||
|
if(user_region->session_para->udp.send_icmp_enable==1)
|
||||||
|
{
|
||||||
|
user_region->session_para->udp.type=TSG_DENY_TYPE_SEND_ICMP;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
user_region->session_para->udp.type=TSG_DENY_TYPE_DEFAULT_DROP;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region)
|
static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region)
|
||||||
{
|
{
|
||||||
if(packet_capture_object==NULL || user_region==NULL)
|
if(packet_capture_object==NULL || user_region==NULL)
|
||||||
@@ -957,7 +1019,7 @@ static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_regio
|
|||||||
break;
|
break;
|
||||||
case TSG_METHOD_TYPE_DROP:
|
case TSG_METHOD_TYPE_DROP:
|
||||||
user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region));
|
user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region));
|
||||||
ret=get_integer_from_json(deny_user_region_object, "send_icmp_unreachable", &(user_region->deny->send_icmp_unreachable_enable));
|
ret=get_integer_from_json(deny_user_region_object, "send_icmp_unreachable", &(user_region->deny->send_icmp_enable));
|
||||||
if(ret==1)
|
if(ret==1)
|
||||||
{
|
{
|
||||||
user_region->deny->type=TSG_DENY_TYPE_SEND_ICMP;
|
user_region->deny->type=TSG_DENY_TYPE_SEND_ICMP;
|
||||||
@@ -969,7 +1031,8 @@ static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_regio
|
|||||||
break;
|
break;
|
||||||
case TSG_METHOD_TYPE_TAMPER:
|
case TSG_METHOD_TYPE_TAMPER:
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
parse_default_para(deny_user_region_object, user_region);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1015,16 +1078,12 @@ void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* s
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(g_tsg_para.default_compile_switch==1 && g_tsg_para.default_compile_id==rule->config_id)
|
if(g_tsg_para.default_compile_id==rule->config_id && user_region!=NULL)
|
||||||
{
|
{
|
||||||
if(user_region==NULL)
|
if(user_region->method_type==TSG_METHOD_TYPE_DEFAULT && user_region->session_para!=NULL)
|
||||||
{
|
{
|
||||||
user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region));
|
memcpy(&(user_region->session_para->result), rule, sizeof(struct Maat_rule_t));
|
||||||
atomic_inc(&user_region->ref_cnt);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
user_region->result=(struct Maat_rule_t *)calloc(1, sizeof(struct Maat_rule_t));
|
|
||||||
memcpy(user_region->result, rule, sizeof(struct Maat_rule_t));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
*ad=(MAAT_RULE_EX_DATA)user_region;
|
*ad=(MAAT_RULE_EX_DATA)user_region;
|
||||||
@@ -2697,6 +2756,29 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq)
|
||||||
|
{
|
||||||
|
struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
|
||||||
|
if(_context==NULL)
|
||||||
|
{
|
||||||
|
_context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
|
||||||
|
memset(_context, 0, sizeof(struct tcpall_context));
|
||||||
|
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(_context->method_type)
|
||||||
|
{
|
||||||
|
case TSG_METHOD_TYPE_DEFAULT:
|
||||||
|
case TSG_METHOD_TYPE_MIRRORED:
|
||||||
|
_context->method_type=method_type;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq)
|
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq)
|
||||||
{
|
{
|
||||||
struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
|
struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
|
||||||
@@ -2706,18 +2788,19 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co
|
|||||||
memset(_context, 0, sizeof(struct tcpall_context));
|
memset(_context, 0, sizeof(struct tcpall_context));
|
||||||
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
|
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
|
||||||
}
|
}
|
||||||
else
|
|
||||||
|
switch(_context->method_type)
|
||||||
{
|
{
|
||||||
if(_context->method_type==TSG_METHOD_TYPE_RATE_LIMIT)
|
case TSG_METHOD_TYPE_RATE_LIMIT:
|
||||||
{
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
break;
|
||||||
else
|
case TSG_METHOD_TYPE_DEFAULT:
|
||||||
{
|
break;
|
||||||
|
default:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
_context->method_type=TSG_METHOD_TYPE_RATE_LIMIT;
|
_context->method_type=TSG_METHOD_TYPE_RATE_LIMIT;
|
||||||
_context->bucket=bucket;
|
_context->bucket=bucket;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user