From a5de936c90755fbaaf1c36e064eead912cd41cb3 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Mon, 14 Aug 2023 15:21:42 +0800 Subject: [PATCH] =?UTF-8?q?TSG-16563=20=E4=BF=AE=E6=94=B9=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E7=AD=96=E7=95=A5=E4=BC=98=E5=85=88=E7=BA=A7=E4=B8=BA?= =?UTF-8?q?Shunt>Allow(monitor)>Deny(monitor)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/src/verify_matcher.cpp | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index d67aed0..ffb5d98 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -229,11 +229,13 @@ void __policy_action_weight_init() policy_action_weight[PG_ACTION_MONIT] = 1; policy_action_weight[PG_ACTION_INTERCEPT] = 2; policy_action_weight[PG_ACTION_NO_INTERCEPT] = 3; - policy_action_weight[PG_ACTION_MANIPULATE] = 4; - policy_action_weight[PG_ACTION_REJECT] = 5; - policy_action_weight[PG_ACTION_WHITELIST] = 6; - policy_action_weight[PX_ACTION_SHUNT] = 7; - policy_action_weight[PG_STATISTICS] = 8; + policy_action_weight[PG_ACTION_SHAPING] = 4; + policy_action_weight[PG_ACTION_MANIPULATE] = 5; + policy_action_weight[PG_ACTION_SERVICE_CHAINING]=6; + policy_action_weight[PG_ACTION_REJECT] = 7; + policy_action_weight[PG_ACTION_WHITELIST] = 8; + policy_action_weight[PX_ACTION_SHUNT] = 9; + policy_action_weight[PG_STATISTICS] = 10; } static inline int action_cmp(enum policy_action a1, enum policy_action a2) @@ -847,7 +849,17 @@ static enum policy_action decide_ctrl_action(int vsys_id, int compile_table_id, } } - if (prior_action == PG_ACTION_WHITELIST) + if(compile_table_id == TSG_TABLE_SECURITY && prior_action == PX_ACTION_SHUNT) + { + if(*n_enforce==0) + { + *enforce_rules=ALLOC(struct rule_data_ctx, 1); + } + *enforce_rules[0]=*prior_rule; + *n_enforce=1; + return PX_ACTION_SHUNT; + } + if(compile_table_id != TSG_TABLE_SECURITY && prior_action == PG_ACTION_WHITELIST) { if(*n_enforce==0) {