修复命中路径中缺少服务分类表名
This commit is contained in:
fengweihao
@@ -116,6 +116,8 @@ struct fqdn_category_id
|
||||
long long int group_id[8];
|
||||
};
|
||||
|
||||
#define MERGE_SCAN_NTH 128
|
||||
|
||||
struct request_query_obj
|
||||
{
|
||||
int table_id;
|
||||
@@ -130,10 +132,11 @@ struct request_query_obj
|
||||
|
||||
char *subscriberid;
|
||||
|
||||
int nth_scan[256];
|
||||
int nth_scan_num;
|
||||
cJSON* attributes;
|
||||
int merge_nth_scan_num;
|
||||
int exclude_nth_scan[MERGE_SCAN_NTH];
|
||||
int merge_nth_scan[MERGE_SCAN_NTH];
|
||||
|
||||
cJSON* attributes;
|
||||
struct fqdn_category_id fqdn_user;
|
||||
struct fqdn_category_id fqdn_builtin;
|
||||
};
|
||||
@@ -142,7 +145,7 @@ struct verify_policy_query
|
||||
{
|
||||
int vsys_id;
|
||||
int compile_table_id;
|
||||
struct request_query_obj verify_object[32];
|
||||
struct request_query_obj request_object[32];
|
||||
};
|
||||
|
||||
extern struct verify_policy * g_verify_proxy;
|
||||
|
||||
@@ -1159,9 +1159,9 @@ void http_get_scan_status(struct request_query_obj *query_obj, int compile_table
|
||||
cJSON *histObj=NULL;
|
||||
for(i=0; i< ctx->n_read; i++)
|
||||
{
|
||||
for(j=0; j<=query_obj->nth_scan_num; j++)
|
||||
for(j=0; j<=query_obj->merge_nth_scan_num; j++)
|
||||
{
|
||||
if (query_obj->nth_scan[j] == ctx->hit_path[i].Nth_scan)
|
||||
if (query_obj->merge_nth_scan[j] == ctx->hit_path[i].Nth_scan && query_obj->exclude_nth_scan[j] != 1)
|
||||
{
|
||||
if(ctx->hit_path[i].compile_id > 0)
|
||||
{
|
||||
@@ -1218,9 +1218,9 @@ int get_attributes_table_name(struct request_query_obj *query_obj, int num, int
|
||||
|
||||
for(i=0; i<num; i++)
|
||||
{
|
||||
for(j=0; j<= query_obj[i].nth_scan_num; j++)
|
||||
for(j=0; j<= query_obj[i].merge_nth_scan_num; j++)
|
||||
{
|
||||
if (query_obj[i].nth_scan[j] == Nth_scan)
|
||||
if (query_obj[i].merge_nth_scan[j] == Nth_scan)
|
||||
{
|
||||
attributeObj=query_obj[i].attributes;
|
||||
subchild = cJSON_GetObjectItem(attributeObj, "tableName");
|
||||
@@ -1298,7 +1298,7 @@ int http_hit_policy_list(struct verify_policy_query *verify_policy, int num, siz
|
||||
cJSON_AddNumberToObject(topObject, "objectId", ctx->hit_path[j].top_group_id);
|
||||
cJSON_AddNumberToObject(topObject, "notFlag", ctx->hit_path[j].NOT_flag);
|
||||
cJSON_AddNumberToObject(topObject, "nthClause", ctx->hit_path[j].clause_index);
|
||||
get_attributes_table_name(verify_policy->verify_object, num, ctx->hit_path[j].Nth_scan, &ctx->ip_ctx, ctx->tunnel_endpoint_x, topObject);
|
||||
get_attributes_table_name(verify_policy->request_object, num, ctx->hit_path[j].Nth_scan, &ctx->ip_ctx, ctx->tunnel_endpoint_x, topObject);
|
||||
cJSON_AddItemToArray(topObjectList, topObject);
|
||||
}
|
||||
}
|
||||
@@ -1521,7 +1521,7 @@ int ip_asn_scan(long long *result, struct ip_addr* sip, struct ip_addr* dip, int
|
||||
int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int hit_cnt, unsigned int thread_id, int vsys_id, struct policy_scan_ctx * ctx, struct request_query_obj *query_obj)
|
||||
{
|
||||
int j=0, k=0;
|
||||
size_t n_hit_result=0;
|
||||
size_t n_read=0, n_hit_result=0;
|
||||
int hit_path_cnt=0;
|
||||
int i=0,ret=0, hit_cnt_fqdn=0;
|
||||
struct fqdn_category_ctx *fqdn_cat_user[8]={0},*fqdn_cat_built[8]={0};
|
||||
@@ -1579,8 +1579,15 @@ int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int
|
||||
{
|
||||
hit_cnt_fqdn+=n_hit_result;
|
||||
}
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
if(ret >= MAAT_SCAN_OK)
|
||||
{
|
||||
query_obj->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);;
|
||||
query_obj->exclude_nth_scan[hit_path_cnt] = 1;
|
||||
ctx->n_read=n_read;
|
||||
hit_path_cnt++;
|
||||
}
|
||||
}
|
||||
goto finish;
|
||||
}
|
||||
if (query_obj->fqdn_builtin.fqdn_cat_num > 0)
|
||||
@@ -1599,11 +1606,18 @@ int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int
|
||||
{
|
||||
hit_cnt_fqdn+=n_hit_result;
|
||||
}
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
if(ret >= MAAT_SCAN_OK)
|
||||
{
|
||||
query_obj->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
query_obj->exclude_nth_scan[hit_path_cnt] = 1;
|
||||
ctx->n_read=n_read;
|
||||
hit_path_cnt++;
|
||||
}
|
||||
}
|
||||
}
|
||||
finish:
|
||||
query_obj->nth_scan_num = hit_path_cnt;
|
||||
query_obj->merge_nth_scan_num = hit_path_cnt;
|
||||
return hit_cnt_fqdn;
|
||||
}
|
||||
|
||||
@@ -1645,13 +1659,13 @@ int policy_verify_scan_tunnel(long long *result, struct ip_addr *sip, int hit_cn
|
||||
if(scan_ret >= MAAT_SCAN_OK)
|
||||
{
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
query_obj->nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
query_obj->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
hit_path_cnt++;
|
||||
}
|
||||
tunnel_table_free(tunnel_catalog[i]);
|
||||
}
|
||||
query_obj->nth_scan_num = hit_path_cnt;
|
||||
query_obj->merge_nth_scan_num = hit_path_cnt;
|
||||
return hit_cnt_tunnel;
|
||||
}
|
||||
|
||||
@@ -1685,7 +1699,7 @@ static int policy_verify_scan_app_id(struct request_query_obj *request, struct p
|
||||
}
|
||||
app_id_dict_free(app_dict);
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
return hit_cnt_app_id;
|
||||
}
|
||||
@@ -1713,7 +1727,7 @@ static int policy_verify_scan_flag(struct request_query_obj *request, struct pol
|
||||
hit_cnt_flag+=n_hit_result;
|
||||
}
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
return hit_cnt_flag;
|
||||
}
|
||||
@@ -1751,7 +1765,7 @@ static int policy_verify_scan_http_hdr(struct request_query_obj *request, struct
|
||||
}
|
||||
}
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
return hit_cnt_hdr;
|
||||
}
|
||||
@@ -1802,7 +1816,7 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct
|
||||
if(scan_ret >= MAAT_SCAN_OK)
|
||||
{
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
}
|
||||
}
|
||||
@@ -1843,7 +1857,7 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct
|
||||
if(scan_ret >= MAAT_SCAN_OK)
|
||||
{
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
request->nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
request->merge_nth_scan[0] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
}
|
||||
}
|
||||
@@ -1958,7 +1972,7 @@ size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_quer
|
||||
hit_cnt+=n_hit_result;
|
||||
}
|
||||
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
|
||||
request->nth_scan[request->nth_scan_num] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
request->merge_nth_scan[request->merge_nth_scan_num] = maat_state_get_scan_count(ctx->scan_mid);
|
||||
ctx->n_read=n_read;
|
||||
decide:
|
||||
ctx->hit_cnt = hit_cnt;
|
||||
|
||||
@@ -273,16 +273,16 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
|
||||
item = cJSON_GetObjectItem(subchild, "attributeName");
|
||||
if(item && item->type==cJSON_String)
|
||||
{
|
||||
policy_query->verify_object[curr_id].attri_name = item->valuestring;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), "attributeName = %s",policy_query->verify_object[curr_id].attri_name);
|
||||
policy_query->request_object[curr_id].attri_name = item->valuestring;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), "attributeName = %s",policy_query->request_object[curr_id].attri_name);
|
||||
}
|
||||
policy_query->verify_object[curr_id].attributes=cJSON_Duplicate(subchild, 1);
|
||||
policy_query->request_object[curr_id].attributes=cJSON_Duplicate(subchild, 1);
|
||||
|
||||
item = cJSON_GetObjectItem(subchild, "tableName");
|
||||
if(item && item->type==cJSON_String)
|
||||
{
|
||||
policy_query->verify_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p);
|
||||
if(policy_query->verify_object[curr_id].table_id == __TSG_OBJ_MAX)
|
||||
policy_query->request_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p);
|
||||
if(policy_query->request_object[curr_id].table_id == __TSG_OBJ_MAX)
|
||||
{
|
||||
mesa_runtime_log(RLOG_LV_FATAL, "Get table id failed form table name:%s", item->valuestring);
|
||||
return xret;
|
||||
@@ -295,27 +295,27 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
|
||||
goto finish;
|
||||
}
|
||||
|
||||
if(match_ip_attribute_name(policy_query->verify_object[curr_id].attri_name) >= 0)
|
||||
if(match_ip_attribute_name(policy_query->request_object[curr_id].attri_name) >= 0)
|
||||
{
|
||||
policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name, &(policy_query->verify_object[curr_id].protocol));
|
||||
policy_query->request_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->request_object[curr_id].attri_name, &(policy_query->request_object[curr_id].protocol));
|
||||
goto end;
|
||||
}
|
||||
|
||||
item = cJSON_GetObjectItem(attributeValue,"district");
|
||||
if(item!=NULL)
|
||||
{
|
||||
policy_query->verify_object[curr_id].district = item->valuestring;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->verify_object[curr_id].district);
|
||||
policy_query->request_object[curr_id].district = item->valuestring;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->request_object[curr_id].district);
|
||||
}
|
||||
|
||||
if(policy_query->verify_object[curr_id].table_id == TSG_OBJ_APP_ID ||
|
||||
policy_query->verify_object[curr_id].table_id == TSG_OBJ_FLAG)
|
||||
if(policy_query->request_object[curr_id].table_id == TSG_OBJ_APP_ID ||
|
||||
policy_query->request_object[curr_id].table_id == TSG_OBJ_FLAG)
|
||||
{
|
||||
item = cJSON_GetObjectItem(attributeValue, "numeric");
|
||||
if(item && item->type==cJSON_Number)
|
||||
{
|
||||
policy_query->verify_object[curr_id].numeric = item->valueint;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), ", content = %d", policy_query->verify_object[curr_id].numeric);
|
||||
policy_query->request_object[curr_id].numeric = item->valueint;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), ", content = %d", policy_query->request_object[curr_id].numeric);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -323,8 +323,8 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
|
||||
item = cJSON_GetObjectItem(attributeValue, "string");
|
||||
if(item!=NULL)
|
||||
{
|
||||
policy_query->verify_object[curr_id].keyword = item->valuestring;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->verify_object[curr_id].keyword);
|
||||
policy_query->request_object[curr_id].keyword = item->valuestring;
|
||||
p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->request_object[curr_id].keyword);
|
||||
}
|
||||
}
|
||||
mesa_runtime_log(RLOG_LV_INFO, "[I] %s", buff);
|
||||
@@ -469,10 +469,10 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id)
|
||||
{
|
||||
goto free;
|
||||
}
|
||||
hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->compile_table_id, &verify_policy->verify_object[i], ctx);
|
||||
if(match_ip_attribute_name(verify_policy->verify_object[i].attri_name) >= 0)
|
||||
hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->compile_table_id, &verify_policy->request_object[i], ctx);
|
||||
if(match_ip_attribute_name(verify_policy->request_object[i].attri_name) >= 0)
|
||||
{
|
||||
ipaddr_free(verify_policy->verify_object[i].ip_addr);
|
||||
ipaddr_free(verify_policy->request_object[i].ip_addr);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
@@ -485,7 +485,7 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id)
|
||||
cJSON_AddItemToObject(verfifySession, "attributes", attributes);
|
||||
for (item = 0; item < i; item++)
|
||||
{
|
||||
http_get_scan_status(&verify_policy->verify_object[item], verify_policy->compile_table_id, attributes,data_obj, ctx);
|
||||
http_get_scan_status(&verify_policy->request_object[item], verify_policy->compile_table_id, attributes,data_obj, ctx);
|
||||
}
|
||||
policy_scan_ctx_free(ctx);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user