TFE处理decrypted traffic steering(service chaining rule)时支持多命中

    若命中intercept rule的流同时命中了多条service chaining rule
    只要有一条service chaining rule开启了decrypted traffic steering
    TFE就要执行decrypted traffic steering

1 files changed, 7 insertions, 1 deletions

diff --git a/plugin/business/chaining-policy/src/chaining_policy.cpp b/plugin/business/chaining-policy/src/chaining_policy.cpp
index 8405d99..1c73e1c 100644
--- a/plugin/business/chaining-policy/src/chaining_policy.cpp
+++ b/plugin/business/chaining-policy/src/chaining_policy.cpp
@@ -182,15 +182,21 @@ void chaining_policy_enforcer_destory(struct chaining_policy_enforcer *enforcer)
 
 void chaining_policy_enforce(struct chaining_policy_enforcer *enforcer, struct tfe_cmsg *cmsg, uint64_t rule_id)
 {
+    uint16_t size = 0;
     char rule_id_str[16] = {0};
     uint8_t enalbe_decrypted_traffic_steering = 0;
 
+    tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering), &size);
+    if (enalbe_decrypted_traffic_steering == 1)
+    {
+        return;
+    }
+
     snprintf(rule_id_str, sizeof(rule_id_str), "%lu", rule_id);
     struct chaining_param *param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->table_id, rule_id_str);
     if (param == NULL)
     {
         TFE_LOG_INFO(enforcer->logger, "Failed to get chaining parameter of policy %lu.", rule_id);
-        tfe_cmsg_set(cmsg, TFE_CMSG_TCP_DECRYPTED_TRAFFIC_STEERING, (unsigned char *)&enalbe_decrypted_traffic_steering, sizeof(enalbe_decrypted_traffic_steering));
         return;
     }