修复命中路径中缺少服务分类表名

common/include/verify_policy.h

@@ -116,6 +116,8 @@ struct fqdn_category_id
     long long int group_id[8];
 };
 
+#define MERGE_SCAN_NTH 128
+
 struct request_query_obj
 {
 	int table_id;
@@ -130,10 +132,11 @@ struct request_query_obj
 
 	char *subscriberid;
 
-    int nth_scan[256];
+    int merge_nth_scan_num;
-    int nth_scan_num;
+    int exclude_nth_scan[MERGE_SCAN_NTH];
-    cJSON* attributes;
+    int merge_nth_scan[MERGE_SCAN_NTH];
 
+    cJSON* attributes;
     struct fqdn_category_id fqdn_user;
     struct fqdn_category_id fqdn_builtin;
 };
@@ -142,7 +145,7 @@ struct verify_policy_query
 {
     int vsys_id;
 	int compile_table_id;
-	struct request_query_obj verify_object[32];
+	struct request_query_obj request_object[32];
 };
 
 extern struct verify_policy * g_verify_proxy;

platform/src/verify_matcher.cpp

@@ -1159,9 +1159,9 @@ void http_get_scan_status(struct request_query_obj *query_obj, int compile_table
 	cJSON *histObj=NULL;
 	for(i=0; i< ctx->n_read; i++)
 	{
-		for(j=0; j<=query_obj->nth_scan_num; j++)
+		for(j=0; j<=query_obj->merge_nth_scan_num; j++)
 		{
-			if (query_obj->nth_scan[j] == ctx->hit_path[i].Nth_scan)
+			if (query_obj->merge_nth_scan[j] == ctx->hit_path[i].Nth_scan && query_obj->exclude_nth_scan[j] != 1)
 			{
 				if(ctx->hit_path[i].compile_id > 0)
 				{
@@ -1218,9 +1218,9 @@ int get_attributes_table_name(struct request_query_obj *query_obj, int num, int
 
 	for(i=0; i<num; i++)
 	{
-		for(j=0; j<= query_obj[i].nth_scan_num; j++)
+		for(j=0; j<= query_obj[i].merge_nth_scan_num; j++)
 		{
-			if (query_obj[i].nth_scan[j] == Nth_scan)
+			if (query_obj[i].merge_nth_scan[j] == Nth_scan)
 			{
 				attributeObj=query_obj[i].attributes;
 				subchild = cJSON_GetObjectItem(attributeObj, "tableName");
@@ -1298,7 +1298,7 @@ int http_hit_policy_list(struct verify_policy_query *verify_policy, int num, siz
 					cJSON_AddNumberToObject(topObject, "objectId", ctx->hit_path[j].top_group_id);
 					cJSON_AddNumberToObject(topObject, "notFlag", ctx->hit_path[j].NOT_flag);
 					cJSON_AddNumberToObject(topObject, "nthClause", ctx->hit_path[j].clause_index);
-					get_attributes_table_name(verify_policy->verify_object, num, ctx->hit_path[j].Nth_scan, &ctx->ip_ctx, ctx->tunnel_endpoint_x, topObject);
+					get_attributes_table_name(verify_policy->request_object, num, ctx->hit_path[j].Nth_scan, &ctx->ip_ctx, ctx->tunnel_endpoint_x, topObject);
 					cJSON_AddItemToArray(topObjectList, topObject);
 				}
 			}
@@ -1521,7 +1521,7 @@ int ip_asn_scan(long long *result, struct ip_addr* sip, struct ip_addr* dip, int
 int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int hit_cnt, unsigned int thread_id, int vsys_id, struct policy_scan_ctx * ctx, struct request_query_obj *query_obj)
 {
 	int j=0, k=0;
-	size_t n_hit_result=0;
+	size_t n_read=0, n_hit_result=0;
 	int hit_path_cnt=0;
 	int i=0,ret=0, hit_cnt_fqdn=0;
 	struct fqdn_category_ctx *fqdn_cat_user[8]={0},*fqdn_cat_built[8]={0};
@@ -1579,8 +1579,15 @@ int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int
 			{
 				hit_cnt_fqdn+=n_hit_result;
 			}
+			n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
+			if(ret >= MAAT_SCAN_OK)
+			{
+				query_obj->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);;
+				query_obj->exclude_nth_scan[hit_path_cnt] = 1;
+				ctx->n_read=n_read;
 				hit_path_cnt++;
 			}
+		}
 		goto finish;
 	}
 	if (query_obj->fqdn_builtin.fqdn_cat_num > 0)
@@ -1599,11 +1606,18 @@ int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int
 			{
 				hit_cnt_fqdn+=n_hit_result;
 			}
+			n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
+			if(ret >= MAAT_SCAN_OK)
+			{
+				query_obj->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
+				query_obj->exclude_nth_scan[hit_path_cnt] = 1;
+				ctx->n_read=n_read;
 				hit_path_cnt++;
 			}
 		}
+	}
 finish:
-	query_obj->nth_scan_num = hit_path_cnt;
+	query_obj->merge_nth_scan_num = hit_path_cnt;
 	return hit_cnt_fqdn;
 }
 
@@ -1645,13 +1659,13 @@ int policy_verify_scan_tunnel(long long *result, struct ip_addr *sip, int hit_cn
 		if(scan_ret >= MAAT_SCAN_OK)
 		{
 			n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-			query_obj->nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
+			query_obj->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
 			ctx->n_read=n_read;
 			hit_path_cnt++;
 		}
 		tunnel_table_free(tunnel_catalog[i]);
 	}
-	query_obj->nth_scan_num = hit_path_cnt;
+	query_obj->merge_nth_scan_num = hit_path_cnt;
 	return hit_cnt_tunnel;
 }
 
@@ -1685,7 +1699,7 @@ static int policy_verify_scan_app_id(struct request_query_obj *request, struct p
 	}
 	app_id_dict_free(app_dict);
 	n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-	request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
+	request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
 	ctx->n_read=n_read;
 	return hit_cnt_app_id;
 }
@@ -1713,7 +1727,7 @@ static int policy_verify_scan_flag(struct request_query_obj *request, struct pol
 		hit_cnt_flag+=n_hit_result;
 	}
 	n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-	request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
+	request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
 	ctx->n_read=n_read;
 	return hit_cnt_flag;
 }
@@ -1751,7 +1765,7 @@ static int policy_verify_scan_http_hdr(struct request_query_obj *request, struct
 		}
 	}
 	n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-	request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
+	request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
 	ctx->n_read=n_read;
 	return hit_cnt_hdr;
 }
@@ -1802,7 +1816,7 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct
 		if(scan_ret >= MAAT_SCAN_OK)
 		{
 			n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-			request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
+			request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
 			ctx->n_read=n_read;
 		}
 	}
@@ -1843,7 +1857,7 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct
 		if(scan_ret >= MAAT_SCAN_OK)
 		{
 			n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-			request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
+			request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
 			ctx->n_read=n_read;
 		}
 	}
@@ -1958,7 +1972,7 @@ size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_quer
 		hit_cnt+=n_hit_result;
 	}
 	n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
-	request->nth_scan[request->nth_scan_num] = maat_state_get_scan_count(ctx->scan_mid);
+	request->merge_nth_scan[request->merge_nth_scan_num] = maat_state_get_scan_count(ctx->scan_mid);
 	ctx->n_read=n_read;
 decide:
 	ctx->hit_cnt = hit_cnt;

platform/src/verify_policy.cpp

@@ -273,16 +273,16 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
 	item = cJSON_GetObjectItem(subchild, "attributeName");
 	if(item && item->type==cJSON_String)
 	{
-		policy_query->verify_object[curr_id].attri_name = item->valuestring;
+		policy_query->request_object[curr_id].attri_name = item->valuestring;
-		p += snprintf(p, sizeof(buff) - (p - buff), "attributeName = %s",policy_query->verify_object[curr_id].attri_name);
+		p += snprintf(p, sizeof(buff) - (p - buff), "attributeName = %s",policy_query->request_object[curr_id].attri_name);
 	}
-	policy_query->verify_object[curr_id].attributes=cJSON_Duplicate(subchild, 1);
+	policy_query->request_object[curr_id].attributes=cJSON_Duplicate(subchild, 1);
 
 	item = cJSON_GetObjectItem(subchild, "tableName");
 	if(item && item->type==cJSON_String)
 	{
-		policy_query->verify_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p);
+		policy_query->request_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p);
-		if(policy_query->verify_object[curr_id].table_id == __TSG_OBJ_MAX)
+		if(policy_query->request_object[curr_id].table_id == __TSG_OBJ_MAX)
 		{
 			mesa_runtime_log(RLOG_LV_FATAL, "Get table id failed form table name:%s", item->valuestring);
 			return xret;
@@ -295,27 +295,27 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
 		goto finish;
 	}
 
-	if(match_ip_attribute_name(policy_query->verify_object[curr_id].attri_name) >= 0)
+	if(match_ip_attribute_name(policy_query->request_object[curr_id].attri_name) >= 0)
 	{
-		policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name, &(policy_query->verify_object[curr_id].protocol));
+		policy_query->request_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->request_object[curr_id].attri_name, &(policy_query->request_object[curr_id].protocol));
 		goto end;
 	}
 
 	item = cJSON_GetObjectItem(attributeValue,"district");
 	if(item!=NULL)
 	{
-		policy_query->verify_object[curr_id].district = item->valuestring;
+		policy_query->request_object[curr_id].district = item->valuestring;
-		p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->verify_object[curr_id].district);
+		p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->request_object[curr_id].district);
 	}
 
-	if(policy_query->verify_object[curr_id].table_id == TSG_OBJ_APP_ID ||
+	if(policy_query->request_object[curr_id].table_id == TSG_OBJ_APP_ID ||
-	   policy_query->verify_object[curr_id].table_id == TSG_OBJ_FLAG)
+	   policy_query->request_object[curr_id].table_id == TSG_OBJ_FLAG)
 	{
 		item = cJSON_GetObjectItem(attributeValue, "numeric");
 		if(item && item->type==cJSON_Number)
 		{
-			policy_query->verify_object[curr_id].numeric = item->valueint;
+			policy_query->request_object[curr_id].numeric = item->valueint;
-			p += snprintf(p, sizeof(buff) - (p - buff), ", content = %d", policy_query->verify_object[curr_id].numeric);
+			p += snprintf(p, sizeof(buff) - (p - buff), ", content = %d", policy_query->request_object[curr_id].numeric);
 		}
 	}
 	else
@@ -323,8 +323,8 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
 		item = cJSON_GetObjectItem(attributeValue, "string");
 		if(item!=NULL)
 		{
-			policy_query->verify_object[curr_id].keyword = item->valuestring;
+			policy_query->request_object[curr_id].keyword = item->valuestring;
-			p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->verify_object[curr_id].keyword);
+			p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->request_object[curr_id].keyword);
 		}
 	}
 	mesa_runtime_log(RLOG_LV_INFO, "[I]    %s", buff);
@@ -469,10 +469,10 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id)
 			{
 				goto free;
 			}
-			hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->compile_table_id, &verify_policy->verify_object[i], ctx);
+			hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->compile_table_id, &verify_policy->request_object[i], ctx);
-			if(match_ip_attribute_name(verify_policy->verify_object[i].attri_name) >= 0)
+			if(match_ip_attribute_name(verify_policy->request_object[i].attri_name) >= 0)
 			{
-				ipaddr_free(verify_policy->verify_object[i].ip_addr);
+				ipaddr_free(verify_policy->request_object[i].ip_addr);
 			}
 			i++;
 		}
@@ -485,7 +485,7 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id)
 		cJSON_AddItemToObject(verfifySession, "attributes", attributes);
 		for (item = 0; item < i; item++)
 		{
-			http_get_scan_status(&verify_policy->verify_object[item], verify_policy->compile_table_id, attributes,data_obj, ctx);
+			http_get_scan_status(&verify_policy->request_object[item], verify_policy->compile_table_id, attributes,data_obj, ctx);
 		}
 		policy_scan_ctx_free(ctx);
 	}