scanner and security enforcer rebase developdev-scanner

3 files changed, 25 insertions, 30 deletions

diff --git a/enforcer/security/CMakeLists.txt b/enforcer/security/CMakeLists.txt
index ba6869a..93295c8 100644
--- a/enforcer/security/CMakeLists.txt
+++ b/enforcer/security/CMakeLists.txt
@@ -3,10 +3,10 @@ include_directories(${CMAKE_SOURCE_DIR}/deps)
 
 set(SECURITY_ENFORCER_SRC ${DEPS_SRC} security_maat.c security_enforcer.cpp bucket.c)
 
-add_library(security_enforcer-static STATIC ${SECURITY_ENFORCER_SRC})
-target_link_libraries(security_enforcer-static fieldstat4 yyjson toml uuid maatframe ctemplate-static)
-set_target_properties(security_enforcer-static PROPERTIES OUTPUT_NAME security_enforcer PREFIX "")
-set_target_properties(security_enforcer-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
+add_library(security_enforcer STATIC ${SECURITY_ENFORCER_SRC})
+target_link_libraries(security_enforcer fieldstat4 yyjson toml uuid maatframe ctemplate-static)
+set_target_properties(security_enforcer PROPERTIES OUTPUT_NAME security_enforcer PREFIX "")
+set_target_properties(security_enforcer PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
 
 # add_library(security_enforcer-shared SHARED ${SECURITY_ENFORCER_SRC})
 # set_target_properties(security_enforcer-shared PROPERTIES OUTPUT_NAME security_enforcer PREFIX "")
diff --git a/enforcer/security/security_enforcer.cpp b/enforcer/security/security_enforcer.cpp
index 309a453..7dec5c9 100644
--- a/enforcer/security/security_enforcer.cpp
+++ b/enforcer/security/security_enforcer.cpp
@@ -14,10 +14,10 @@
 #include <stellar/module.h>
 #include <stellar/session.h>
 #include <stellar/packet.h>
+#include <stellar/security_enforcer.h>
 
 #include "bucket.h"
 #include "security_maat.h"
-#include "security_enforcer.h"
 
 #define	ENFORCER_RULE_UUID_NUM	128
 
@@ -353,7 +353,7 @@ void security_enforcer_enforce_drop(struct security_enforcer_env *enforcer_env,
     }
 
 	packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
-	session_set_discard((struct session *)sess);
+	session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
 
     // if(drop->send_icmp_enable)
     // {
@@ -489,7 +489,7 @@ void security_enforcer_enforce_mail_block(struct security_enforcer_env *enforcer
 	}
 
     packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
-	session_set_discard((struct session *)sess);
+	session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
 }
 
 void policy_user_define_variable_replace(ctemplate::TemplateDictionary *tpl_dict, uuid_t rule_uuid, char *client_ip, char *subscriber)
@@ -556,7 +556,7 @@ void security_enforcer_enforce_http_block(struct security_enforcer_env *enforcer
 	}
 
     packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
-	session_set_discard((struct session *)sess);
+	session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
 
 	uint16_t http_hdr_len=0;
 	char http_hdr[512]={0};
@@ -967,7 +967,7 @@ void security_enforcer_enforce_http_redirect(struct security_enforcer_env *enfor
 		struct packet *redirect_pkt=packet_manager_build_tcp_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), c2s_origin_pkt, th_seq, th_ack, TH_PUSH, NULL, 0, payload, payload_offset);
 		packet_manager_schedule_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), redirect_pkt, PACKET_STAGE_POSTROUTING);
 		packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
-		session_set_discard((struct session *)sess);
+		session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
 	}
 }
 
@@ -1076,10 +1076,15 @@ size_t maat_state_compile(struct maat_state *state __attribute__((unused)), cons
 	return 0;
 }
 
-void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, void *arg)
+void packet_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer)
 {
-	struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg;
-	if(enforcer_env==NULL || rawpkt==NULL)
+	if(rawpkt==NULL || mod_enforcer==NULL)
+	{
+		return ;
+	}
+
+	struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer);
+	if(enforcer_env==NULL)
 	{
 		return ;
 	}
@@ -1107,10 +1112,15 @@ void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, v
 	// packet_tag_get(rawpkt, &pkt_tag_key_bits, &pkt_tag_val_bits);
 }
 
-void security_enforcer_session_based_node_callback(const struct packet *rawpkt, void *arg)
+void session_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer)
 {
-	struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg;
-	if(enforcer_env==NULL || rawpkt==NULL)
+	if(rawpkt==NULL || mod_enforcer==NULL)
+	{
+		return ;
+	}
+
+	struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer);
+	if(enforcer_env==NULL)
 	{
 		return ;
 	}
diff --git a/enforcer/security/security_enforcer.h b/enforcer/security/security_enforcer.h
deleted file mode 100644
index 43f0f67..0000000
--- a/enforcer/security/security_enforcer.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#pragma once
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module"
-struct security_enforcer;
-struct security_enforcer *security_enforcer_module_to_enforcer(struct module *mod);
-
-
-#ifdef __cplusplus
-}
-#endif
\ No newline at end of file