summaryrefslogtreecommitdiff
path: root/common/src
diff options
context:
space:
mode:
authorwangmenglan <[email protected]>2024-09-23 18:35:47 +0800
committerluwenpeng <[email protected]>2024-09-25 18:10:57 +0800
commit707b4182506ed31afc1f5fe290974b40e3f88311 (patch)
tree975c77196f0d5438711212ef2fc4f015dacda3a3 /common/src
parenta571c85b4716b0d065cf347fbc87655cad9cf91a (diff)
TSG-22699 适配控制报文修改
Diffstat (limited to 'common/src')
-rw-r--r--common/src/intercept_policy.cpp152
-rw-r--r--common/src/tfe_ctrl_packet.cpp75
-rw-r--r--common/src/tfe_fieldstat.cpp9
-rw-r--r--common/src/tfe_packet_io.cpp67
-rw-r--r--common/src/tfe_scan.cpp14
5 files changed, 172 insertions, 145 deletions
diff --git a/common/src/intercept_policy.cpp b/common/src/intercept_policy.cpp
index d8f57cb..777c871 100644
--- a/common/src/intercept_policy.cpp
+++ b/common/src/intercept_policy.cpp
@@ -7,7 +7,7 @@
struct intercept_param
{
int vsys_id;
- uint64_t rule_id;
+ uuid_t rule_id;
int do_log;
int ref_cnt;
int action;
@@ -20,82 +20,77 @@ struct intercept_param
struct intercept_policy_enforcer
{
struct maat *maat;
- int table_id;
+ char table_name[32];
void *logger;
};
-static void intercept_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
+static void intercept_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
int action = 0;
+ int do_log = 0;
int vsys_id = 0;
- size_t len = 0;
- size_t offset = 0;
- size_t do_log = 0;
- char buffer[8] = {0};
- char *json_str = NULL;
- cJSON *json = NULL;
- cJSON *item = NULL;
+ cJSON * json_root = NULL;
+ cJSON * json_subroot = NULL;
+ cJSON * item = NULL;
struct intercept_param *param = NULL;
struct intercept_policy_enforcer *enforcer = (struct intercept_policy_enforcer *)argp;
- if (maat_helper_read_column(table_line, 3, &offset, &len) < 0)
+ json_root = cJSON_Parse(table_line);
+ if (unlikely(!json_root))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept action: %s", table_line);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s %s", key, table_line);
goto error_out;
}
- memcpy(buffer, table_line + offset, MIN(sizeof(buffer), len));
- action = atoi(buffer);
- if (action != 2 && action != 3)
+ item = cJSON_GetObjectItem(json_root, "ACTION");
+ if (unlikely(!item || !cJSON_IsNumber(item)))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept action: %s", table_line);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid ACTION format) %s.", key, table_line);
goto error_out;
}
- if (maat_helper_read_column(table_line, 5, &offset, &len) < 0)
+ if (item->valueint != 2 && item->valueint != 3)
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid do log: %s", table_line);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid ACTION format) %s.", key, table_line);
goto error_out;
}
- memset(buffer, 0, sizeof(buffer));
- memcpy(buffer, table_line + offset, MIN(sizeof(buffer), len));
- do_log = atoi(buffer);
+ action = item->valueint;
- if (maat_helper_read_column(table_line, 7, &offset, &len) < 0)
+ item = cJSON_GetObjectItem(json_root, "DO_LOG");
+ if (!item || !cJSON_IsNumber(item))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept user region: %s", table_line);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid DO_LOG format) %s.", key, table_line);
goto error_out;
}
+ param->do_log = !!item->valueint;
- json_str = ALLOC(char, len + 1);
- memcpy(json_str, table_line + offset, len);
- json = cJSON_Parse(json_str);
- if (json == NULL)
+ json_subroot = cJSON_GetObjectItem(json_root, "USER_REGION");
+ if (unlikely(!json_subroot))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: id = %s", key);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid USER_REGION format) %s.", key, table_line);
goto error_out;
}
- item = cJSON_GetObjectItem(json, "vsys_id");
+ item = cJSON_GetObjectItem(json_subroot, "vsys_id");
if (!item || !cJSON_IsNumber(item))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %s invalid vsys_id format", key);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid vsys_id format) %s.", key, table_line);
goto error_out;
}
vsys_id = item->valueint;
-
+
param = ALLOC(struct intercept_param, 1);
- param->vsys_id = vsys_id;
- param->rule_id = atoll(key);
- param->do_log = (do_log == 0 ? 0 : 1);
param->ref_cnt = 1;
param->action = action;
+ param->do_log = do_log;
+ param->vsys_id = vsys_id;
+ uuid_parse(key, param->rule_id);
param->keyring_for_trusted = 1;
param->keyring_for_untrusted = 0;
param->decryption_profile = 0;
param->tcp_option_profile = 0;
- item = cJSON_GetObjectItem(json, "keyring_for_trusted");
+ item = cJSON_GetObjectItem(json_subroot, "keyring_for_trusted");
if (item)
{
if (item->type == cJSON_Number)
@@ -108,11 +103,11 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
}
else
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %lu invalid keyring_for_trusted format", param->rule_id);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule: %s (invalid keyring_for_trusted format) %s.", key, table_line);
}
}
- item = cJSON_GetObjectItem(json, "keyring_for_untrusted");
+ item = cJSON_GetObjectItem(json_subroot, "keyring_for_untrusted");
if (item)
{
if (item->type == cJSON_Number)
@@ -125,11 +120,11 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
}
else
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %lu invalid keyring_for_untrusted format", param->rule_id);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule: %s (invalid keyring_for_untrusted format) %s", key, table_line);
}
}
- item = cJSON_GetObjectItem(json, "decryption_profile");
+ item = cJSON_GetObjectItem(json_subroot, "decryption_profile");
if (item)
{
if (item->type == cJSON_Number)
@@ -142,11 +137,11 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
}
else
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %lu invalid decryption_profile format", param->rule_id);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid decryption_profile format) %s.", key, table_line);
}
}
- item = cJSON_GetObjectItem(json, "tcp_option_profile");
+ item = cJSON_GetObjectItem(json_subroot, "tcp_option_profile");
if (item)
{
if (item->type == cJSON_Number)
@@ -159,26 +154,23 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c
}
else
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %lu invalid tcp_option_profile format", param->rule_id);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid intercept rule:%s (invalid tcp_option_profile format) %s.", key, table_line);
}
}
*ad = param;
- TFE_LOG_INFO(enforcer->logger, "Add intercept policy: %lu", param->rule_id);
+ TFE_LOG_INFO(enforcer->logger, "Add intercept rule: %s", key);
error_out:
- if (json)
- {
- cJSON_Delete(json);
- }
- if (json_str)
+ if (json_root)
{
- free(json_str);
+ cJSON_Delete(json_root);
}
}
-static void intercept_param_free_cb(int table_id, void **ad, long argl, void *argp)
+static void intercept_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
{
+ char str_rule_id[UUID_STR_LEN] = {0};
struct intercept_policy_enforcer *enforcer = (struct intercept_policy_enforcer *)argp;
struct intercept_param *param = (struct intercept_param *)*ad;
if (param == NULL)
@@ -188,13 +180,14 @@ static void intercept_param_free_cb(int table_id, void **ad, long argl, void *ar
if ((__sync_sub_and_fetch(&param->ref_cnt, 1) == 0))
{
- TFE_LOG_INFO(enforcer->logger, "Del intercept policy %lu", param->rule_id);
+ uuid_unparse(param->rule_id, str_rule_id);
+ TFE_LOG_INFO(enforcer->logger, "Del intercept policy %s", str_rule_id);
free(param);
*ad = NULL;
}
}
-static void intercept_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
+static void intercept_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp)
{
struct intercept_param *param = (struct intercept_param *)*from;
if (param)
@@ -219,16 +212,10 @@ struct intercept_policy_enforcer *intercept_policy_enforcer_create(void *logger)
struct intercept_policy_enforcer *enforcer = ALLOC(struct intercept_policy_enforcer, 1);
enforcer->maat = tfe_get_maat_handle();
enforcer->logger = logger;
- enforcer->table_id = maat_get_table_id(enforcer->maat, "PXY_INTERCEPT_COMPILE");
-
- if (enforcer->table_id < 0)
- {
- TFE_LOG_ERROR(enforcer->logger, "failed at register table of PXY_INTERCEPT_COMPILE, ret = %d", enforcer->table_id);
- goto error_out;
- }
+ snprintf(enforcer->table_name, sizeof(enforcer->table_name), "PXY_INTERCEPT_COMPILE");
ret = maat_plugin_table_ex_schema_register(enforcer->maat,
- "PXY_INTERCEPT_COMPILE",
+ enforcer->table_name,
intercept_param_new_cb,
intercept_param_free_cb,
intercept_param_dup_cb,
@@ -258,25 +245,24 @@ void intercept_policy_enforce_destory(struct intercept_policy_enforcer *enforcer
// return 0 : success
// return -1 : error (need passthrough)
-int intercept_policy_select(struct intercept_policy_enforcer *enforcer, uint64_t *rule_id_array, int rule_id_num, uint64_t *selected_rule_id)
+int intercept_policy_select(struct intercept_policy_enforcer *enforcer, uuid_t *rule_id_array, int rule_id_num, uuid_t selected_rule_id)
{
- uint64_t rule_id = 0;
+ uuid_t rule_id;
+ char str_rule_id[UUID_STR_LEN] = {0};
uint8_t is_hit_intercept_rule = 0;
uint8_t is_hit_no_intercept_rule = 0;
- uint64_t max_intercept_rule_id = 0;
- uint64_t max_no_intercept_rule_id = 0;
-
- char buff[16] = {0};
+ uuid_t max_intercept_rule_id = {0};
+ uuid_t max_no_intercept_rule_id = {0};
struct intercept_param *param = NULL;
for (int i = 0; i < rule_id_num; i++)
{
- rule_id = rule_id_array[i];
- snprintf(buff, sizeof(buff), "%lu", rule_id);
- param = (struct intercept_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_id, buff, strlen(buff));
+ memcpy(rule_id, rule_id_array[i], UUID_LEN);
+ uuid_unparse(rule_id, str_rule_id);
+ param = (struct intercept_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_name, str_rule_id, UUID_STR_LEN-1);
if (param == NULL)
{
- TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %lu.", rule_id);
+ TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %s.", str_rule_id);
continue;
}
@@ -284,27 +270,29 @@ int intercept_policy_select(struct intercept_policy_enforcer *enforcer, uint64_t
if (param->action == 2)
{
is_hit_intercept_rule = 1;
- max_intercept_rule_id = MAX(max_intercept_rule_id, rule_id);
- TFE_LOG_INFO(enforcer->logger, "rule[%d/%d]: %lu is intercept.", i, rule_id_num, rule_id);
+ if (uuid_compare(max_intercept_rule_id, rule_id) < 0)
+ memcpy(max_intercept_rule_id, rule_id, UUID_LEN);
+ TFE_LOG_INFO(enforcer->logger, "rule[%d/%d]: %s is intercept.", i, rule_id_num, str_rule_id);
}
// not intercept
else
{
is_hit_no_intercept_rule = 1;
- max_no_intercept_rule_id = MAX(max_no_intercept_rule_id, rule_id);
- TFE_LOG_INFO(enforcer->logger, "rule[%d/%d]: %lu is no intercept.", i, rule_id_num, rule_id);
+ if (uuid_compare(max_no_intercept_rule_id, rule_id) < 0)
+ memcpy(max_no_intercept_rule_id, rule_id, UUID_LEN);
+ TFE_LOG_INFO(enforcer->logger, "rule[%d/%d]: %s is no intercept.", i, rule_id_num, str_rule_id);
}
}
if (is_hit_no_intercept_rule)
{
- *selected_rule_id = max_no_intercept_rule_id;
+ memcpy(selected_rule_id, max_no_intercept_rule_id, UUID_LEN);
return 0;
}
if (is_hit_intercept_rule)
{
- *selected_rule_id = max_intercept_rule_id;
+ memcpy(selected_rule_id, max_intercept_rule_id, UUID_LEN);
return 0;
}
@@ -318,26 +306,26 @@ int intercept_policy_enforce(struct intercept_policy_enforcer *enforcer, struct
{
int ret = 0;
uint16_t size = 0;
- uint64_t rule_id = 0;
- char buff[16] = {0};
+ uuid_t rule_id;
+ char str_rule_id[UUID_STR_LEN] = {0};
struct intercept_param *param = NULL;
uint8_t hit_no_intercept = 0;
int tcp_passthrough = 0;
char reason_hit_no_intercept[] = "Hit No Intercept";
char reason_invalid_intercept_param[] = "Invalid Intercept Param";
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &size);
+ ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)rule_id, UUID_LEN, &size);
if (ret < 0)
{
TFE_LOG_ERROR(g_default_logger, "Failed at fetch intercept rule_id from cmsg: %s", strerror(-ret));
goto error_passthrough;
}
- snprintf(buff, sizeof(buff), "%lu", rule_id);
- param = (struct intercept_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_id, buff, strlen(buff));
+ uuid_unparse(rule_id, str_rule_id);
+ param = (struct intercept_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_name, str_rule_id, UUID_STR_LEN-1);
if (param == NULL)
{
- TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %lu.", rule_id);
+ TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %s.", str_rule_id);
goto error_passthrough;
}
diff --git a/common/src/tfe_ctrl_packet.cpp b/common/src/tfe_ctrl_packet.cpp
index 509cc58..2941d81 100644
--- a/common/src/tfe_ctrl_packet.cpp
+++ b/common/src/tfe_ctrl_packet.cpp
@@ -59,15 +59,15 @@ enum {
};
int tags_ids_cmsg_maps[] = {
- [INDEX_SRC_IP_TAGS_IDS] = TFE_CMSG_SRC_IP_TAGS_IDS_STR,
- [INDEX_DST_IP_TAGS_IDS] = TFE_CMSG_DST_IP_TAGS_IDS_STR,
- [INDEX_FQDN_TAGS_IDS] = TFE_CMSG_FQDN_TAGS_IDS_STR,
+ [INDEX_SRC_IP_TAGS_IDS] = TFE_CMSG_SRC_IP_TAGS_IDS_ARR,
+ [INDEX_DST_IP_TAGS_IDS] = TFE_CMSG_DST_IP_TAGS_IDS_ARR,
+ [INDEX_FQDN_TAGS_IDS] = TFE_CMSG_FQDN_TAGS_IDS_ARR,
};
const char *tags_ids_cmsg_name_maps[] = {
- [INDEX_SRC_IP_TAGS_IDS] = "TFE_CMSG_SRC_IP_TAGS_IDS_STR",
- [INDEX_DST_IP_TAGS_IDS] = "TFE_CMSG_DST_IP_TAGS_IDS_STR",
- [INDEX_FQDN_TAGS_IDS] = "TFE_CMSG_FQDN_TAGS_IDS_STR",
+ [INDEX_SRC_IP_TAGS_IDS] = "TFE_CMSG_SRC_IP_TAGS_IDS_ARR",
+ [INDEX_DST_IP_TAGS_IDS] = "TFE_CMSG_DST_IP_TAGS_IDS_ARR",
+ [INDEX_FQDN_TAGS_IDS] = "TFE_CMSG_FQDN_TAGS_IDS_ARR",
};
struct mpack_mmap_id2type
@@ -118,6 +118,15 @@ struct mpack_mmap_id2type
extern void * g_packet_io_logger;
+static int mpack_parse_uuid(mpack_node_t node, uuid_t uuid)
+{
+ size_t len = mpack_node_bin_size(node);
+ if (len != UUID_LEN)
+ return -1;
+ memcpy(uuid, mpack_node_bin_data(node), len);
+ return 0;
+}
+
static int sids_array_parse_mpack(struct ctrl_pkt_parser *handler, mpack_node_t node, int is_seq)
{
struct sids *sid = is_seq ? &handler->seq_sids : &handler->ack_sids;
@@ -169,21 +178,23 @@ static int pkt_header_parse_mpack(struct ctrl_pkt_parser *handler, mpack_node_t
static int tags_ids_array_parse_mpack(struct ctrl_pkt_parser *handler, mpack_node_t node, int map_index)
{
- uint64_t value = 0;
- int tags_ids_len = 0;
- char tags_ids_str[TAGS_IDS_STR_LEN] = {0};
-
uint32_t array_cnt = mpack_node_array_length(node);
if (!array_cnt)
return 0;
+ int tags_ids_len = UUID_LEN*array_cnt;
+ uuid_t *tags_ids = (uuid_t *)calloc(tags_ids_len, 1);
+
for (uint32_t i = 0; i < array_cnt; i++)
{
- value = mpack_node_u64(mpack_node_array_at(node, i));
- tags_ids_len += snprintf(tags_ids_str+tags_ids_len, TAGS_IDS_STR_LEN-tags_ids_len, "%s%lu", i==0?"":",", value);
+ if (mpack_parse_uuid(mpack_node_array_at(node, i), tags_ids[i]) != 0)
+ {
+ TFE_LOG_ERROR(g_packet_io_logger, "%s: session %lu unexpected control packet: (%s[%d] len != uuid_t[%d])", LOG_TAG_CTRLPKT, handler->session_id, tags_ids_cmsg_name_maps[map_index], i, UUID_LEN);
+ return -1;
+ }
}
- tfe_cmsg_set(handler->cmsg, (enum tfe_cmsg_tlv_type)tags_ids_cmsg_maps[map_index], (const unsigned char*)tags_ids_str, tags_ids_len);
+ tfe_cmsg_set(handler->cmsg, (enum tfe_cmsg_tlv_type)tags_ids_cmsg_maps[map_index], (const unsigned char*)tags_ids, tags_ids_len);
return 0;
}
@@ -336,8 +347,13 @@ static int proxy_parse_messagepack(mpack_node_t node, void *ctx, void *logger)
return -1;
}
handler->tfe_policy_id_num = mpack_node_array_length(mpack_node_map_cstr(node, "rule_ids"));
- for (int i = 0; i < handler->tfe_policy_id_num; i++) {
- handler->tfe_policy_ids[i] = mpack_node_u64(mpack_node_array_at(mpack_node_map_cstr(node, "rule_ids"), i));
+ for (int i = 0; i < handler->tfe_policy_id_num; i++)
+ {
+ if (mpack_parse_uuid(mpack_node_array_at(mpack_node_map_cstr(node, "rule_ids"), i), handler->tfe_policy_ids[i]) != 0)
+ {
+ TFE_LOG_ERROR(g_packet_io_logger, "%s: session %lu unexpected control packet: (proxy rule_ids[index:%d] len != uuid_t[16])", LOG_TAG_CTRLPKT, handler->session_id, i);
+ return -1;
+ }
}
mpack_node_t tcp_handshake = mpack_node_map_cstr(node, "tcp_handshake");
@@ -466,8 +482,13 @@ int ctrl_packet_parser_parse(void *ctx, const char* data, size_t length, void *l
goto error;
}
handler->sce_policy_id_num = mpack_node_array_length(mpack_node_map_cstr(sce_map, "rule_ids"));
- for (int i = 0; i < handler->sce_policy_id_num; i++) {
- handler->sce_policy_ids[i] = mpack_node_u64(mpack_node_array_at(mpack_node_map_cstr(sce_map, "rule_ids"), i));
+ for (int i = 0; i < handler->sce_policy_id_num; i++)
+ {
+ if (mpack_parse_uuid(mpack_node_array_at(mpack_node_map_cstr(sce_map, "rule_ids"), i), handler->sce_policy_ids[i]) != 0)
+ {
+ TFE_LOG_ERROR(logger, "%s: session %lu unexpected control packet: (sce rule_ids[index:%d] len != uuid_t[16])", LOG_TAG_CTRLPKT, handler->session_id, i);
+ goto error;
+ }
}
}
@@ -545,7 +566,7 @@ void ctrl_packet_parser_dump(struct ctrl_pkt_parser *handler, void *logger)
struct sids *sid = NULL;
int map_index = 0;
char *log_str = NULL;
- char tags_ids_str[4096] = {0};
+ uuid_t tags_ids_array[128];
int log_len = 0;
log_str = (char *)calloc(1, LOG_STR_LEN);
@@ -560,12 +581,16 @@ void ctrl_packet_parser_dump(struct ctrl_pkt_parser *handler, void *logger)
log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, ", tfe policy_id_num: %d, tfe policy_ids[", handler->tfe_policy_id_num);
for (int i = 0; i < handler->tfe_policy_id_num; i++) {
- log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, "%03lu ", handler->tfe_policy_ids[i]);
+ char str_tfe_policy_ids[UUID_STR_LEN] = {0};
+ uuid_unparse(handler->tfe_policy_ids[i], str_tfe_policy_ids);
+ log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, "%s, ", str_tfe_policy_ids);
}
log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, "], sce policy_id_num: %d, sce policy_ids[", handler->sce_policy_id_num);
for (int i = 0; i < handler->sce_policy_id_num; i++) {
- log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, "%03lu ", handler->sce_policy_ids[i]);
+ char str_sce_policy_ids[UUID_STR_LEN] = {0};
+ uuid_unparse(handler->sce_policy_ids[i], str_sce_policy_ids);
+ log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, "%s, ", str_sce_policy_ids);
}
log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, "]");
@@ -596,13 +621,17 @@ void ctrl_packet_parser_dump(struct ctrl_pkt_parser *handler, void *logger)
else if (mpack_table[i].type == MPACK_ARRAY_FQDN_TAGS_IDS)
map_index = INDEX_FQDN_TAGS_IDS;
- memset(tags_ids_str, 0, sizeof(tags_ids_str));
- ret = tfe_cmsg_get_value(handler->cmsg, (enum tfe_cmsg_tlv_type)tags_ids_cmsg_maps[map_index], (unsigned char *)tags_ids_str, sizeof(tags_ids_str), &size);
+ memset(tags_ids_array, 0, sizeof(tags_ids_array));
+ ret = tfe_cmsg_get_value(handler->cmsg, (enum tfe_cmsg_tlv_type)tags_ids_cmsg_maps[map_index], (unsigned char *)tags_ids_array, sizeof(tags_ids_array), &size);
if (ret < 0) {
log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, ", %s:null", tags_ids_cmsg_name_maps[map_index]);
break;
}
- log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, ", %s:%s", tags_ids_cmsg_name_maps[map_index], tags_ids_str);
+ for (int i = 0; i < size/UUID_LEN; i++) {
+ char str_tags_ids[UUID_STR_LEN] = {0};
+ uuid_unparse(tags_ids_array[i], str_tags_ids);
+ log_len += snprintf(log_str + log_len, LOG_STR_LEN - log_len, ", %s:%s", tags_ids_cmsg_name_maps[map_index], str_tags_ids);
+ }
break;
case MPACK_ARRAY_SEQ_ROUTE_CTX:
case MPACK_ARRAY_ACK_ROUTE_CTX:
diff --git a/common/src/tfe_fieldstat.cpp b/common/src/tfe_fieldstat.cpp
index 03ecacc..beab100 100644
--- a/common/src/tfe_fieldstat.cpp
+++ b/common/src/tfe_fieldstat.cpp
@@ -1,5 +1,6 @@
#include <stdlib.h>
#include <unistd.h>
+#include <uuid/uuid.h>
#include <tfe_fieldstat.h>
#include "tfe_stream.h"
@@ -41,13 +42,15 @@ int tfe_fieldstat_intercept_incrby(struct fieldstat_easy_intercept *metrics, voi
return 0;
}
- uint64_t rule_id = 0;
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &out_size);
+ uuid_t rule_id;
+ char str_rule_id[UUID_STR_LEN] = {0};
+ ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)rule_id, UUID_LEN, &out_size);
if (ret != 0)
{
TFE_LOG_ERROR(g_default_logger, "failed at fetch rule_id from cmsg: %s", strerror(-ret));
return 0;
}
+ uuid_unparse(rule_id, str_rule_id);
uint8_t hit_no_intercept = 0;
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept), &out_size);
@@ -98,7 +101,7 @@ int tfe_fieldstat_intercept_incrby(struct fieldstat_easy_intercept *metrics, voi
struct field tags[5] = {0};
FIELDSTAT_TAG_INIT(tags, nr_tags, "vsys_id", FIELD_VALUE_INTEGER, vsys_id);
nr_tags++;
- FIELDSTAT_TAG_INIT(tags, nr_tags, "rule_id", FIELD_VALUE_INTEGER, rule_id);
+ FIELDSTAT_TAG_STR(tags, nr_tags, "rule_uuid", FIELD_VALUE_CSTRING, str_rule_id);
nr_tags++;
uint8_t pinning_status = 0;
if (tfe_cmsg_get_value(cmsg, TFE_CMSG_SSL_PINNING_STATE, (unsigned char *)&pinning_status, sizeof(pinning_status), &out_size) == 0)
diff --git a/common/src/tfe_packet_io.cpp b/common/src/tfe_packet_io.cpp
index 32e1250..2d02213 100644
--- a/common/src/tfe_packet_io.cpp
+++ b/common/src/tfe_packet_io.cpp
@@ -156,7 +156,7 @@ struct packet_identify
extern int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg *cmsg);
extern int tfe_proxy_fds_accept(struct tfe_proxy * ctx, int fd_downstream, int fd_upstream, int fd_fake_c, int fd_fake_s, struct tfe_cmsg * cmsg);
-extern void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id);
+extern void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uuid_t rule_id);
/******************************************************************************
* dup packet filter
@@ -821,7 +821,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
int ret = 0;
int do_log = 0;
uint8_t hit_no_intercept = 0;
- uint64_t rule_id = 0;
+ uuid_t rule_id;
uint16_t length = 0;
uint8_t ssl_intercept_status = 0;
uint64_t ssl_upstream_latency = 0;
@@ -844,7 +844,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_DO_LOG, (unsigned char *)&do_log, sizeof(do_log), &length);
if (ret < 0 || do_log == 0)
return;
- ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&rule_id, sizeof(rule_id), &length);
+ ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)rule_id, UUID_LEN, &length);
if (ret < 0)
return;
ret = tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept), &length);
@@ -881,7 +881,7 @@ static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
// proxy rule list
mpack_build_array(&writer);
- mpack_write_u64(&writer, rule_id);
+ mpack_write_bin(&writer, (const char*)rule_id, UUID_LEN);
mpack_complete_array(&writer);
tfe_cmsg_get_value(s_ctx->cmsg, TFE_CMSG_SSL_INTERCEPT_STATE, (unsigned char *)&ssl_intercept_status, sizeof(ssl_intercept_status), &length);
@@ -1127,22 +1127,24 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
packet_get_innermost_tuple4(&pkt, &inner_tuple4);
tfe_cmsg_get_value(parser->cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (unsigned char *)&stream_protocol_in_char, sizeof(stream_protocol_in_char), &size);
- uint64_t rule_id = 0;
- ret = intercept_policy_select(thread->ref_proxy->int_ply_enforcer, parser->tfe_policy_ids, parser->tfe_policy_id_num, &rule_id);
+ uuid_t rule_id = {0};
+ char str_rule_id[UUID_STR_LEN] = {0};
+ ret = intercept_policy_select(thread->ref_proxy->int_ply_enforcer, parser->tfe_policy_ids, parser->tfe_policy_id_num, rule_id);
+ uuid_unparse(rule_id, str_rule_id);
if (ret != 0)
{
is_passthrough = 1;
set_passthrough_reason(parser->cmsg, reason_invalid_intercept_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, 0, meta->session_id, "active", "passthrough", "invalid intercept param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid intercept param");
goto passthrough;
}
- tfe_cmsg_set(parser->cmsg, TFE_CMSG_POLICY_ID, (const unsigned char *)&rule_id, sizeof(uint64_t));
+ tfe_cmsg_set(parser->cmsg, TFE_CMSG_POLICY_ID, (const unsigned char *)rule_id, UUID_LEN);
ret = intercept_policy_enforce(thread->ref_proxy->int_ply_enforcer, parser->cmsg);
if (ret != 0) {
is_passthrough = 1;
set_passthrough_reason(parser->cmsg, reason_invalid_intercept_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid intercept param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid intercept param");
goto passthrough;
}
@@ -1151,7 +1153,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->hit_no_intercept_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_no_intercept_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "hit no intercept");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "hit no intercept");
goto passthrough;
}
__atomic_fetch_add(&packet_io_fs->hit_intercept_num, 1, __ATOMIC_RELAXED);
@@ -1162,7 +1164,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
@@ -1177,7 +1179,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
tcp_restore_info_dump(&restore_info, meta->session_id, logger);
@@ -1189,7 +1191,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
@@ -1201,7 +1203,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
@@ -1219,7 +1221,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
@@ -1230,7 +1232,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
}
@@ -1248,7 +1250,7 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
is_passthrough = 1;
__atomic_fetch_add(&packet_io_fs->tcp_pcy_inval_num, 1, __ATOMIC_RELAXED);
set_passthrough_reason(parser->cmsg, reason_invalid_tcp_policy_param);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "invalid tcp policy param");
goto passthrough;
}
__atomic_fetch_add(&packet_io_fs->can_intercept_num, 1, __ATOMIC_RELAXED);
@@ -1258,11 +1260,11 @@ static int handle_session_opening(struct metadata *meta, marsio_buff_t *rx_buff,
set_passthrough_reason(parser->cmsg, reason_underlying_stream_error);
if (parser->intercpet_data & IS_SINGLE) {
__atomic_fetch_add(&packet_io_fs->asymmetric_num, 1, __ATOMIC_RELAXED);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "asymmetric traffic");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "asymmetric traffic");
}
else if (parser->intercpet_data & IS_TUNNEL) {
__atomic_fetch_add(&packet_io_fs->tunnel_num, 1, __ATOMIC_RELAXED);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "passthrough", "tunnel traffic");
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "passthrough", "tunnel traffic");
}
}
@@ -1275,7 +1277,7 @@ passthrough:
s_ctx->session_id = meta->session_id;
tuple4_tostring(&inner_tuple4, s_ctx->session_addr, sizeof(s_ctx->session_addr));
s_ctx->cmsg = parser->cmsg;
- s_ctx->policy_ids = rule_id;
+ memcpy(s_ctx->policy_ids, rule_id, UUID_LEN);
s_ctx->is_passthrough = is_passthrough;
metadata_deep_copy(s_ctx->ctrl_meta, meta);
sids_copy(&s_ctx->ctrl_meta->sids, &meta->sids);
@@ -1306,7 +1308,7 @@ passthrough:
sids_copy(&s_ctx->s2c_info.sids, &parser->ack_sids);
route_ctx_copy(&s_ctx->s2c_info.route_ctx, &parser->ack_route_ctx);
- TFE_LOG_INFO(logger, "%s: session %lu %s active first, hit rule %lu", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr, rule_id);
+ TFE_LOG_INFO(logger, "%s: session %lu %s active first, hit rule %s", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr, str_rule_id);
session_table_insert(thread->session_table, s_ctx->session_id, &(s_ctx->c2s_info.tuple4), s_ctx, session_value_free_cb);
ATOMIC_INC(&(packet_io_fs->session_num));
if (parser->seq_header)
@@ -1316,7 +1318,7 @@ passthrough:
if (is_passthrough == 0)
{
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, rule_id, meta->session_id, "active", "intercept", NULL);
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_rule_id, meta->session_id, "active", "intercept", NULL);
}
return 0;
}
@@ -1344,6 +1346,7 @@ static int handle_session_closing(struct metadata *meta, marsio_buff_t *rx_buff,
struct packet_io *packet_io = thread->ref_io;
struct packet_io_fs *packet_io_fs = thread->ret_fs_state;
void * logger = thread->logger;
+ char str_policy_id[UUID_STR_LEN] = {0};
struct session_node *node = session_table_search_by_id(thread->session_table, meta->session_id);
if (node)
@@ -1351,7 +1354,8 @@ static int handle_session_closing(struct metadata *meta, marsio_buff_t *rx_buff,
struct session_ctx *s_ctx = (struct session_ctx *)node->val_data;
tfe_fieldstat_intercept_incrby(thread->ref_acceptor_ctx->metrics, s_ctx, thread->thread_index);
TFE_LOG_INFO(logger, "%s: session %lu closing", LOG_TAG_PKTIO, s_ctx->session_id);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, s_ctx->policy_ids, meta->session_id, "closing", NULL, NULL);
+ uuid_unparse(s_ctx->policy_ids, str_policy_id);
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_policy_id, meta->session_id, "closing", NULL, NULL);
session_table_delete_by_id(thread->session_table, meta->session_id);
ATOMIC_DEC(&(packet_io_fs->session_num));
return 0;
@@ -1369,9 +1373,10 @@ static int handle_session_resetall(struct metadata *meta, marsio_buff_t *rx_buff
struct packet_io *packet_io = thread->ref_io;
struct packet_io_fs *packet_io_fs = thread->ret_fs_state;
void * logger = thread->logger;
+ char str_policy_id[UUID_STR_LEN] = {0};
TFE_LOG_ERROR(logger, "%s: session %lu resetall: notification clears all session tables !!!", LOG_TAG_PKTIO, meta->session_id);
- tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, 0, meta->session_id, "resetall", NULL, NULL);
+ tfe_dp_telemetry_on_ctrl_pkt(packet_io->instance, rx_buff, str_policy_id, meta->session_id, "resetall", NULL, NULL);
ATOMIC_ZERO(&(packet_io_fs->session_num));
for (int i = 0; i < acceptor_ctx->nr_worker_threads; i++)
{
@@ -1452,6 +1457,7 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
char *header = NULL;
int header_len = 0;
void * logger = thread->logger;
+ char str_policy_id[UUID_STR_LEN] = {0};
int raw_len = marsio_buff_datalen(rx_buff);
char *raw_data = marsio_buff_mtod(rx_buff);
@@ -1466,7 +1472,7 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
LOG_TAG_PKTIO, meta.session_id, meta.raw_len, meta.is_e2i_dir, meta.is_ctrl_pkt, meta.l7offset, meta.is_decrypted, meta.sids.num);
throughput_metrics_inc(&packet_io_fs->raw_pkt_rx, 1, raw_len);
throughput_metrics_inc(&packet_io_fs->raw_bypass, 1, raw_len);
- tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, 0, "raw", "passthrough", "miss metadata");
+ tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, str_policy_id, "raw", "passthrough", "miss metadata");
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
return -1;
}
@@ -1478,7 +1484,7 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
throughput_metrics_inc(&packet_io_fs->raw_pkt_rx, 1, raw_len);
throughput_metrics_inc(&packet_io_fs->raw_bypass, 1, raw_len);
throughput_metrics_inc(&packet_io_fs->dup_bypass, 1, raw_len);
- tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, 0, "duplicated", "passthrough", NULL);
+ tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, str_policy_id, "duplicated", "passthrough", NULL);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
return -1;
}
@@ -1501,12 +1507,13 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
tuple4_tostring(&inner_addr, buffer, sizeof(buffer));
TFE_LOG_ERROR(logger, "packet from nf %lu: %s (ipid: %u) miss session table", meta.session_id, buffer, ipid);
}
- tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, 0, "decrypted", "passthrough", "miss session");
+ tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, str_policy_id, "decrypted", "passthrough", "miss session");
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
return -1;
}
struct session_ctx *s_ctx = (struct session_ctx *)node->val_data;
+ uuid_unparse(s_ctx->policy_ids, str_policy_id);
if (s_ctx->is_passthrough > 0) {
throughput_metrics_inc(&packet_io_fs->raw_pkt_rx, 1, raw_len);
@@ -1525,14 +1532,14 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
send_event_log(s_ctx, thread_seq, ctx);
tfe_cmsg_set_flag(s_ctx->cmsg, TFE_CMSG_FLAG_INIT);
}
- tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, s_ctx->policy_ids, "decrypted", "passthrough", NULL);
+ tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, str_policy_id, "decrypted", "passthrough", NULL);
marsio_send_burst(handle->dev_nf_interface.mr_path, thread_seq, &rx_buff, 1);
return 0;
}
if (meta.is_decrypted)
{
- tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, s_ctx->policy_ids, "decrypted", "intercept", NULL);
+ tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, str_policy_id, "decrypted", "intercept", NULL);
throughput_metrics_inc(&packet_io_fs->decrypt_rx, 1, raw_len);
if (memcmp(&inner_addr, &s_ctx->c2s_info.tuple4, sizeof(struct tuple4)) == 0) {
add_ether_header(raw_data, packet_io->config.tap_c_mac, packet_io->config.tap_s_mac);
@@ -1557,7 +1564,7 @@ static int handle_raw_packet_from_nf(struct packet_io *handle, marsio_buff_t *rx
}
else
{
- tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, s_ctx->policy_ids, "raw", "intercept", NULL);
+ tfe_dp_on_raw_pkt(packet_io->instance, rx_buff, str_policy_id, "raw", "intercept", NULL);
throughput_metrics_inc(&packet_io_fs->raw_pkt_rx, 1, raw_len);
if (memcmp(&inner_addr, &s_ctx->c2s_info.tuple4, sizeof(struct tuple4)) == 0) {
s_ctx->c2s_info.sids = meta.sids;
diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp
index aa292bc..8191630 100644
--- a/common/src/tfe_scan.cpp
+++ b/common/src/tfe_scan.cpp
@@ -152,22 +152,22 @@ int tfe_get_library_tags(const struct tfe_stream *stream, cJSON *common_obj, tfe
struct library_tag_ctx *library_tag =(struct library_tag_ctx *)maat_plugin_table_get_ex_data(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_LIBRARY_TAG), (const char *)&tag_id_array[i], sizeof(long long));
if(library_tag != NULL)
{
- if(library_tag->category == CATEGORY_TYPE_ASN && tlv_type == TFE_CMSG_SRC_IP_TAGS_IDS_STR && atol(library_tag->tag_value) > 0)
+ if(library_tag->category == CATEGORY_TYPE_ASN && tlv_type == TFE_CMSG_SRC_IP_TAGS_IDS_ARR && atol(library_tag->tag_value) > 0)
{
cJSON_AddNumberToObject(common_obj, "client_asn", atol(library_tag->tag_value));
}
- if(library_tag->category == CATEGORY_TYPE_CONTRY_CODE && tlv_type== TFE_CMSG_SRC_IP_TAGS_IDS_STR)
+ if(library_tag->category == CATEGORY_TYPE_CONTRY_CODE && tlv_type== TFE_CMSG_SRC_IP_TAGS_IDS_ARR)
{
cJSON_AddStringToObject(common_obj, "client_country", library_tag->tag_value);
}
- if(library_tag->category == CATEGORY_TYPE_ASN && tlv_type == TFE_CMSG_DST_IP_TAGS_IDS_STR && atol(library_tag->tag_value) > 0)
+ if(library_tag->category == CATEGORY_TYPE_ASN && tlv_type == TFE_CMSG_DST_IP_TAGS_IDS_ARR && atol(library_tag->tag_value) > 0)
{
cJSON_AddNumberToObject(common_obj, "server_asn", atol(library_tag->tag_value));
}
- if(library_tag->category == CATEGORY_TYPE_CONTRY_CODE && tlv_type== TFE_CMSG_DST_IP_TAGS_IDS_STR)
+ if(library_tag->category == CATEGORY_TYPE_CONTRY_CODE && tlv_type== TFE_CMSG_DST_IP_TAGS_IDS_ARR)
{
cJSON_AddStringToObject(common_obj, "server_country", library_tag->tag_value);
}
@@ -190,7 +190,7 @@ int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct
int scan_ret = 0, hit_cnt_ip = 0, n_tag_ids = 0;
char opt_val[128]={0};
- n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_SRC_IP_TAGS_IDS_STR, opt_val, tag_id_array);
+ n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_SRC_IP_TAGS_IDS_ARR, opt_val, tag_id_array);
if(n_tag_ids == 0)
{
return hit_cnt_ip;
@@ -224,7 +224,7 @@ int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct
memset(opt_val, 0, sizeof(opt_val));
memset(tag_id_array, 0, sizeof(tag_id_array));
- n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_DST_IP_TAGS_IDS_STR, opt_val, tag_id_array);
+ n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_DST_IP_TAGS_IDS_ARR, opt_val, tag_id_array);
if(n_tag_ids == 0)
{
return hit_cnt_ip;
@@ -261,7 +261,7 @@ int tfe_scan_fqdn_tags(const struct tfe_stream *stream, long long *result, struc
long long tag_id_array[128]={0};
int scan_ret = 0, hit_cnt_fqdn = 0, n_tag_ids = 0;
- n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_FQDN_TAGS_IDS_STR, opt_val, tag_id_array);
+ n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_FQDN_TAGS_IDS_ARR, opt_val, tag_id_array);
if(n_tag_ids == 0)
{
return hit_cnt_fqdn;
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:36:05 +0000