gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-16563 安全策略支持monitor动作与其他动作可同时执行

Browse Source
This commit is contained in:
fengweihao
2023-08-09 15:39:34 +08:00
parent a0e647a963
commit 194a645fb2
1 changed files with 2 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
platform/src/verify_matcher.cpp
View File

@@ -858,12 +858,6 @@ static enum policy_action decide_ctrl_action(int vsys_id, int compile_table_id,
return PG_ACTION_WHITELIST; return PG_ACTION_WHITELIST;
} }
size_t monit_enable=1;
if(compile_table_id == TSG_TABLE_SECURITY && n_monit != n_hit)
{
monit_enable=0;
}
exist_enforce_num = *n_enforce; exist_enforce_num = *n_enforce;
if (multiple_hit_actions(prior_action)) if (multiple_hit_actions(prior_action))
{ {
@@ -875,7 +869,7 @@ static enum policy_action decide_ctrl_action(int vsys_id, int compile_table_id,
} }
*enforce_rules = (struct rule_data_ctx *) realloc(*enforce_rules, sizeof(struct rule_data_ctx ) * (*n_enforce)); *enforce_rules = (struct rule_data_ctx *) realloc(*enforce_rules, sizeof(struct rule_data_ctx ) * (*n_enforce));
if (multiple_hit_actions(prior_action) && monit_enable) if (multiple_hit_actions(prior_action))
{ {
memcpy(*enforce_rules + exist_enforce_num, monit_rule, n_monit * sizeof(struct rule_data_ctx )); memcpy(*enforce_rules + exist_enforce_num, monit_rule, n_monit * sizeof(struct rule_data_ctx ));
} }
@@ -883,10 +877,7 @@ static enum policy_action decide_ctrl_action(int vsys_id, int compile_table_id,
{ {
memmove(*enforce_rules+1, *enforce_rules, exist_enforce_num*sizeof(struct rule_data_ctx )); memmove(*enforce_rules+1, *enforce_rules, exist_enforce_num*sizeof(struct rule_data_ctx ));
memcpy(*enforce_rules, prior_rule, sizeof(struct rule_data_ctx )); memcpy(*enforce_rules, prior_rule, sizeof(struct rule_data_ctx ));
if(monit_enable) memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct rule_data_ctx ));
{
memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct rule_data_ctx ));
}
} }
return prior_action; return prior_action;
} }