diff options
| author | luwenpeng <[email protected]> | 2023-12-20 18:52:01 +0800 |
|---|---|---|
| committer | luwenpeng <[email protected]> | 2023-12-20 19:01:54 +0800 |
| commit | 4f9372d9667f21b346da2389987fc938591f3888 (patch) | |
| tree | b81ec5984d13277bbad397642f3cdf986b6fa085 | |
| parent | 8a4f672ab9a1336926c1e0048c62f1e4b35bb942 (diff) | |
TFE根据拦截策略编译表的do_log字段判断是否发送log_update的控制报文v4.8.54-20231220
| -rw-r--r-- | common/include/tfe_cmsg.h | 1 | ||||
| -rw-r--r-- | common/src/intercept_policy.cpp | 10 | ||||
| -rw-r--r-- | common/src/tfe_packet_io.cpp | 4 |
3 files changed, 15 insertions, 0 deletions
diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h index 85f2a22..a46e36a 100644 --- a/common/include/tfe_cmsg.h +++ b/common/include/tfe_cmsg.h @@ -101,6 +101,7 @@ enum tfe_cmsg_tlv_type TFE_CMSG_COMMON_DIRECTION, // unsigned int TFE_CMSG_SSL_PASSTHROUGH_REASON, // string max size 32 TFE_CMSG_POLICY_VSYS_ID, // unsigned int + TFE_CMSG_POLICY_DO_LOG, // unsigned int /* Add new cmsg here */ /* Add new cmsg here */ /* Add new cmsg here */ diff --git a/common/src/intercept_policy.cpp b/common/src/intercept_policy.cpp index 68888e5..4a7c38c 100644 --- a/common/src/intercept_policy.cpp +++ b/common/src/intercept_policy.cpp @@ -8,6 +8,7 @@ struct intercept_param { int vsys_id; uint64_t rule_id; + int do_log; int ref_cnt; int action; int keyring_for_trusted; @@ -29,6 +30,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c int vsys_id = 0; size_t len = 0; size_t offset = 0; + size_t do_log = 0; char buffer[8] = {0}; char *json_str = NULL; cJSON *json = NULL; @@ -49,6 +51,12 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c TFE_LOG_ERROR(enforcer->logger, "Invalid intercept action: %s", table_line); goto error_out; } + + if (maat_helper_read_column(table_line, 5, &do_log, &len) < 0) + { + TFE_LOG_ERROR(enforcer->logger, "Invalid do log: %s", table_line); + goto error_out; + } if (maat_helper_read_column(table_line, 7, &offset, &len) < 0) { @@ -76,6 +84,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c param = ALLOC(struct intercept_param, 1); param->vsys_id = vsys_id; param->rule_id = atoll(key); + param->do_log = (do_log == 0 ? 0 : 1); param->ref_cnt = 1; param->action = action; param->keyring_for_trusted = 1; @@ -343,6 +352,7 @@ int intercept_policy_enforce(struct intercept_policy_enforcer *enforcer, struct tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&reason_hit_no_intercept, strlen(reason_hit_no_intercept)); } + tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_DO_LOG, (const unsigned char *)¶m->do_log, sizeof(param->do_log)); tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_VSYS_ID, (const unsigned char *)¶m->vsys_id, sizeof(param->vsys_id)); tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char *)&tcp_passthrough, sizeof(tcp_passthrough)); tfe_cmsg_set(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (const unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept)); diff --git a/common/src/tfe_packet_io.cpp b/common/src/tfe_packet_io.cpp index 1ff0e44..7c34912 100644 --- a/common/src/tfe_packet_io.cpp +++ b/common/src/tfe_packet_io.cpp @@ -760,6 +760,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx) void * logger = thread->logger; int ret = 0; + int do_log = 0; uint8_t hit_no_intercept = 0; uint64_t rule_id = 0; uint16_t length = 0; @@ -781,6 +782,9 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx) size_t size; mpack_writer_t writer; + ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (unsigned char *)&do_log, sizeof(do_log), &length); + if (ret < 0 || do_log == 0) + return; ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &length); if (ret < 0) return; |