feature: TSG-17786 TFE增加对intercept策略的排序功能

1 files changed, 11 insertions, 1 deletions

diff --git a/common/src/tfe_packet_io.cpp b/common/src/tfe_packet_io.cpp
index aae8f87..c510298 100644
--- a/common/src/tfe_packet_io.cpp
+++ b/common/src/tfe_packet_io.cpp
@@ -1024,6 +1024,16 @@ static int handle_session_opening(struct metadata *meta, struct ctrl_pkt_parser
     raw_packet_parser_get_most_inner_tuple4(&raw_parser, &inner_tuple4, logger);
     tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
 
+    uint64_t rule_id = 0;
+    ret = intercept_policy_select(thread->ref_proxy->int_ply_enforcer, parser->tfe_policy_ids, parser->tfe_policy_id_num, &rule_id);
+    if (ret != 0)
+    {
+        is_passthrough = 1;
+        set_passthrough_reason(parser->cmsg, reason_invalid_intercept_param);
+        goto passthrough;
+    }
+    tfe_cmsg_set(parser->cmsg, TFE_CMSG_POLICY_ID, (const unsigned char *)&rule_id, sizeof(uint64_t));
+
     ret = intercept_policy_enforce(thread->ref_proxy->int_ply_enforcer, parser->cmsg);
     if (ret != 0) {
         is_passthrough = 1;
@@ -1173,7 +1183,7 @@ passthrough:
         route_ctx_copy(&s_ctx->raw_meta_e2i->route_ctx, &parser->ack_route_ctx);
     }
 
-    TFE_LOG_INFO(logger, "%s: session %lu %s active first", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr);
+    TFE_LOG_INFO(logger, "%s: session %lu %s active first, hit rule %lu", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr, rule_id);
 
     session_table_insert(thread->session_table, s_ctx->session_id, &(s_ctx->c2s_info.tuple4), s_ctx, session_value_free_cb);
     ATOMIC_INC(&(packet_io_fs->session_num));