gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix: TSG-14162 使用strlen(meta->route_ctx)判断route_ctx是否为空时,遗漏route_ctx首字节为0的情况

Browse Source
This commit is contained in:
luwenpeng
2023-03-13 19:39:57 +08:00
parent 20510bd2d5
commit 8d820e3213
4 changed files with 55 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
platform/src/packet_io.cpp
View File

@@ -96,7 +96,7 @@ struct metadata
int traffic_is_decrypted; // only raw packet set traffic_is_decrypted
struct sids sids;
char route_ctx[64];
struct route_ctx route_ctx;
};
/******************************************************************************
@@ -544,7 +544,8 @@ static int packet_io_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
#endif
}
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_ROUTE_CTX, meta->route_ctx, sizeof(meta->route_ctx)) <= 0)
meta->route_ctx.len = marsio_buff_get_metadata(rx_buff, MR_BUFF_ROUTE_CTX, meta->route_ctx.data, sizeof(meta->route_ctx.data));
if (meta->route_ctx.len <= 0)
{
LOG_ERROR("%s: unable to get route_ctx from metadata", LOG_TAG_PKTIO);
return -1;
@@ -604,9 +605,9 @@ static int packet_io_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta)
#endif
}
if (strlen(meta->route_ctx))
if (meta->route_ctx.len > 0)
{
if (marsio_buff_set_metadata(tx_buff, MR_BUFF_ROUTE_CTX, meta->route_ctx, sizeof(meta->route_ctx)) != 0)
if (marsio_buff_set_metadata(tx_buff, MR_BUFF_ROUTE_CTX, meta->route_ctx.data, meta->route_ctx.len) != 0)
{
LOG_ERROR("%s: unable to set route_ctx for metadata", LOG_TAG_PKTIO);
return -1;
@@ -752,17 +753,17 @@ static enum raw_pkt_action handle_raw_packet(struct packet_io *handle, marsio_bu
if (meta.dir_is_e2i)
{
sids_write_once(&(s_ctx->raw_pkt_e2i_sids), &(meta.sids));
if (!strlen(s_ctx->raw_pkt_e2i_route_ctx))
if (route_ctx_is_empty(&s_ctx->raw_pkt_e2i_route_ctx))
{
memcpy(s_ctx->raw_pkt_e2i_route_ctx, meta.route_ctx, sizeof(s_ctx->raw_pkt_e2i_route_ctx));
route_ctx_copy(&s_ctx->raw_pkt_e2i_route_ctx, &meta.route_ctx);
}
}
else
{
sids_write_once(&(s_ctx->raw_pkt_i2e_sids), &(meta.sids));
if (!strlen(s_ctx->raw_pkt_i2e_route_ctx))
if (route_ctx_is_empty(&s_ctx->raw_pkt_i2e_route_ctx))
{
memcpy(s_ctx->raw_pkt_i2e_route_ctx, meta.route_ctx, sizeof(s_ctx->raw_pkt_i2e_route_ctx));
route_ctx_copy(&s_ctx->raw_pkt_i2e_route_ctx, &meta.route_ctx);
}
}
@@ -932,12 +933,12 @@ static enum inject_pkt_action handle_inject_packet(struct packet_io *handle, mar
if (meta.dir_is_e2i)
{
sids_copy(&meta.sids, &s_ctx->raw_pkt_e2i_sids);
memcpy(meta.route_ctx, s_ctx->raw_pkt_e2i_route_ctx, sizeof(s_ctx->raw_pkt_e2i_route_ctx));
route_ctx_copy(&meta.route_ctx, &s_ctx->raw_pkt_e2i_route_ctx);
}
else
{
sids_copy(&meta.sids, &s_ctx->raw_pkt_i2e_sids);
memcpy(meta.route_ctx, s_ctx->raw_pkt_i2e_route_ctx, sizeof(s_ctx->raw_pkt_i2e_route_ctx));
route_ctx_copy(&meta.route_ctx, &s_ctx->raw_pkt_i2e_route_ctx);
}
LOG_DEBUG("%s: session %lu get metadata from inject packet, META={raw_len: %d, dir_is_e2i: %d, traffic_is_decrypted: %d, sf_index: %d}", LOG_TAG_PKTIO, meta.session_id, meta.raw_len, meta.dir_is_e2i, meta.traffic_is_decrypted, sf_index);
@@ -1188,6 +1189,9 @@ static int handle_session_opening(struct metadata *meta, struct ctrl_pkt_parser
s_ctx->first_ctrl_pkt.addr_string = addr_tuple4_to_str(&(s_ctx->first_ctrl_pkt.tuple4));
s_ctx->first_ctrl_pkt.header_data = strndup(meta->raw_data, meta->l7_offset);
s_ctx->first_ctrl_pkt.header_len = meta->l7_offset;
sids_copy(&s_ctx->first_ctrl_pkt.sids, &meta->sids);
route_ctx_copy(&s_ctx->first_ctrl_pkt.route_ctx, &meta->route_ctx);
s_ctx->chaining = selected_chaining_create(policy_enforce_max_chaining_size(thread->ref_enforcer));
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string);
@@ -1275,6 +1279,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
meta.l7_offset = s_ctx->first_ctrl_pkt.header_len;
meta.sids.num = 1;
meta.sids.elems[0] = sce_ctx->firewall_sids;
route_ctx_copy(&meta.route_ctx, &s_ctx->first_ctrl_pkt.route_ctx);
packet_io_set_metadata(tx_buffs[0], &meta);
marsio_send_burst(packet_io->dev_nf_interface.mr_path, thread_seq, tx_buffs, 1);