gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14586 策略验证异常重启

Browse Source
This commit is contained in:
fengweihao
2023-04-07 14:42:54 +08:00
parent 57e21ab6d0
commit 871c28af41
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
platform/src/verify_matcher.cpp
View File

@@ -22,6 +22,7 @@
#include "verify_policy_utils.h" #include "verify_policy_utils.h"
#include "verify_policy_logging.h" #include "verify_policy_logging.h"
#define HIT_PATH_SIZE 2048
#define MAX_SCAN_RESULT 16 #define MAX_SCAN_RESULT 16
enum policy_action enum policy_action
@@ -1348,7 +1349,7 @@ int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int
{ {
hit_cnt_fqdn+=n_hit_result; hit_cnt_fqdn+=n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
if(ret >0) if(ret >0)
{ {
query_obj->nth_scan[hit_path_cnt] = ctx->hit_path[ctx->n_read].Nth_scan; query_obj->nth_scan[hit_path_cnt] = ctx->hit_path[ctx->n_read].Nth_scan;
@@ -1369,7 +1370,7 @@ int get_fqdn_category_id(long long *result, const char *fqdn, int table_id, int
{ {
hit_cnt_fqdn+=n_hit_result; hit_cnt_fqdn+=n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
if(ret>0) if(ret>0)
{ {
query_obj->nth_scan[hit_path_cnt] = ctx->hit_path[ctx->n_read].Nth_scan; query_obj->nth_scan[hit_path_cnt] = ctx->hit_path[ctx->n_read].Nth_scan;
@@ -1414,7 +1415,7 @@ int policy_verify_scan_tunnel_id(long long *result, struct ip_addr *sip, int hit
{ {
hit_cnt_tunnel+=n_hit_result; hit_cnt_tunnel+=n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
if(ret >0) if(ret >0)
{ {
query_obj->nth_scan[hit_path_cnt] = ctx->hit_path[ctx->n_read].Nth_scan; query_obj->nth_scan[hit_path_cnt] = ctx->hit_path[ctx->n_read].Nth_scan;
@@ -1528,7 +1529,7 @@ static int policy_verify_scan_app_id(struct request_query_obj *request, struct p
{ {
hit_cnt_app_id+=n_hit_result; hit_cnt_app_id+=n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan; request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read; ctx->n_read=n_read;
return hit_cnt_app_id; return hit_cnt_app_id;
@@ -1550,7 +1551,7 @@ static int policy_verify_scan_flag(struct request_query_obj *request, struct pol
{ {
hit_cnt_flag+=n_hit_result; hit_cnt_flag+=n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan; request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read; ctx->n_read=n_read;
return hit_cnt_flag; return hit_cnt_flag;
@@ -1579,7 +1580,7 @@ static int policy_verify_scan_http_hdr(struct request_query_obj *request, struct
{ {
hit_cnt_hdr += n_hit_result; hit_cnt_hdr += n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan; request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read; ctx->n_read=n_read;
return hit_cnt_hdr; return hit_cnt_hdr;
@@ -1618,7 +1619,7 @@ static int policy_verify_scan_ip_addr(struct request_query_obj *request, struct
} }
if(scan_ret >= MAAT_SCAN_HALF_HIT) if(scan_ret >= MAAT_SCAN_HALF_HIT)
{ {
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan; request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read; ctx->n_read=n_read;
} }
@@ -1647,7 +1648,7 @@ static int policy_verify_scan_ip_addr(struct request_query_obj *request, struct
} }
if(scan_ret >= MAAT_SCAN_HALF_HIT) if(scan_ret >= MAAT_SCAN_HALF_HIT)
{ {
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan; request->nth_scan[0] = ctx->hit_path[ctx->n_read].Nth_scan;
ctx->n_read=n_read; ctx->n_read=n_read;
} }
@@ -1767,7 +1768,7 @@ size_t policy_verify_scan(int vsys_id, enum compile_table_typle compile_type, st
{ {
hit_cnt+=n_hit_result; hit_cnt+=n_hit_result;
} }
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, sizeof(ctx->hit_path)); n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
if(scan_ret >0) if(scan_ret >0)
{ {
request->nth_scan[request->nth_scan_num] = ctx->hit_path[ctx->n_read].Nth_scan; request->nth_scan[request->nth_scan_num] = ctx->hit_path[ctx->n_read].Nth_scan;

1
platform/src/verify_policy.cpp
View File

@@ -396,7 +396,6 @@ cJSON *get_query_from_request(const char *data, int thread_id)
verify_policy->vsys_id = item->valueint; verify_policy->vsys_id = item->valueint;
} }
mesa_runtime_log(RLOG_LV_DEBUG, " [I] vsysId= %d", verify_policy->vsys_id); mesa_runtime_log(RLOG_LV_DEBUG, " [I] vsysId= %d", verify_policy->vsys_id);
item = cJSON_GetObjectItem(subitem,"verifySession"); item = cJSON_GetObjectItem(subitem,"verifySession");
if(item == NULL || item->type!=cJSON_Object) if(item == NULL || item->type!=cJSON_Object)
{ {