summaryrefslogtreecommitdiff
path: root/common/src/tfe_scan.cpp
diff options
context:
space:
mode:
authorfengweihao <[email protected]>2023-12-25 14:43:00 +0800
committerfengweihao <[email protected]>2023-12-25 14:43:00 +0800
commitf69de9f4e3d5abff660220e86e164e83ca18aff7 (patch)
tree66a9904e435ae16d0ea55b3553eefe047dbbe1ec /common/src/tfe_scan.cpp
parent4f9372d9667f21b346da2389987fc938591f3888 (diff)
TSG-18071 选择Internal作为Condition时,无法命中策略
Diffstat (limited to 'common/src/tfe_scan.cpp')
-rw-r--r--common/src/tfe_scan.cpp153
1 files changed, 65 insertions, 88 deletions
diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp
index 5d3edcc..1948526 100644
--- a/common/src/tfe_scan.cpp
+++ b/common/src/tfe_scan.cpp
@@ -341,80 +341,6 @@ int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt,
return hit_app_id;
}
-int tfe_scan_ipv4_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
-{
- int table_id=0;
- int scan_ret = 0;
- int hit_cnt_ip = 0;
- size_t n_hit_result = 0;
-
- table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
- scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
- scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
-
- table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
- scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if(scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
- scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
-
- return hit_cnt_ip;
-}
-
-int tfe_scan_ipv6_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
-{
- int table_id=0;
- int scan_ret = 0;
- int hit_cnt_ip = 0;
- size_t n_hit_result = 0;
-
- table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
- scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
- scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
- table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
- scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
- scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
- result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
- if (scan_ret == MAAT_SCAN_HIT)
- {
- hit_cnt_ip += n_hit_result;
- }
- return hit_cnt_ip;
-}
-
static int get_route_dir(const struct tfe_stream * stream)
{
uint16_t out_size;
@@ -429,21 +355,54 @@ static int get_route_dir(const struct tfe_stream * stream)
return ret;
}
}
- return (route_dir==69) ? 0 : 1;
+ return (route_dir==69) ? 1 : 0;
}
-int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
+int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s)
{
- int table_id=0;
int scan_ret = 0;
+ int table_id=0;
int hit_cnt_ip = 0;
- size_t n_hit_result = 0;
-
+ size_t array_size=256;
+ size_t n_hit_result = 0;
+ long long group_id_array[256]={0};
+
int dir_is_e2i = get_route_dir(stream);
int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR");
int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR");
- table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
+ if(c2s == 1) table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
+ if(c2s == 0) table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
+
+ size_t n_last_hit_group = maat_state_get_last_hit_group_id_cnt(scan_mid);
+ if(n_last_hit_group > 0)
+ {
+ maat_state_get_last_hit_group_ids(scan_mid, group_id_array, array_size);
+ scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, group_id_array, array_size, result+hit_cnt+hit_cnt_ip,
+ MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
+ if(scan_ret == MAAT_SCAN_HIT)
+ {
+ hit_cnt_ip += n_hit_result;
+ }
+ scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
+ result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
+ if (scan_ret == MAAT_SCAN_HIT)
+ {
+ hit_cnt_ip += n_hit_result;
+ }
+ }
+
+ return hit_cnt_ip;
+}
+
+int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
+{
+ int table_id=0;
+ int scan_ret = 0;
+ int hit_cnt_ip = 0;
+ size_t n_hit_result = 0;
+
+ table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6,
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
@@ -456,8 +415,13 @@ int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *resu
{
hit_cnt_ip += n_hit_result;
}
+ scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1);
+ if(scan_ret > 0)
+ {
+ hit_cnt_ip += scan_ret;
+ }
- table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
+ table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6,
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
@@ -470,22 +434,23 @@ int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *resu
{
hit_cnt_ip += n_hit_result;
}
+ scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0);
+ if(scan_ret > 0)
+ {
+ hit_cnt_ip += scan_ret;
+ }
return hit_cnt_ip;
}
-int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
+int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
{
int table_id=0;
int scan_ret = 0;
int hit_cnt_ip = 0;
size_t n_hit_result = 0;
- int dir_is_e2i = get_route_dir(stream);
- int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR");
- int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR");
-
- table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
+ table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6,
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
@@ -498,7 +463,13 @@ int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *resu
{
hit_cnt_ip += n_hit_result;
}
- table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
+ scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1);
+ if(scan_ret > 0)
+ {
+ hit_cnt_ip += scan_ret;
+ }
+
+ table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6,
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
@@ -511,5 +482,11 @@ int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *resu
{
hit_cnt_ip += n_hit_result;
}
+ scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0);
+ if(scan_ret > 0)
+ {
+ hit_cnt_ip += scan_ret;
+ }
+
return hit_cnt_ip;
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 23:23:10 +0000