diff options
Diffstat (limited to 'common/src/intercept_policy.cpp')
| -rw-r--r-- | common/src/intercept_policy.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/common/src/intercept_policy.cpp b/common/src/intercept_policy.cpp index 1175c42..134525a 100644 --- a/common/src/intercept_policy.cpp +++ b/common/src/intercept_policy.cpp @@ -6,6 +6,7 @@ struct intercept_param { + int vsys_id; uint64_t rule_id; int ref_cnt; int action; @@ -25,6 +26,7 @@ struct intercept_policy_enforcer static void intercept_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp) { int action = 0; + int vsys_id = 0; size_t len = 0; size_t offset = 0; char buffer[8] = {0}; @@ -63,6 +65,14 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c goto error_out; } + item = cJSON_GetObjectItem(json, "vsys_id"); + if (!item || !cJSON_IsNumber(item)) + { + TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %s invalid vsys_id format", key); + goto error_out; + } + vsys_id = item->valueint; + item = cJSON_GetObjectItem(json, "protocol"); if (unlikely(!item || !cJSON_IsString(item))) { @@ -75,6 +85,7 @@ static void intercept_param_new_cb(const char *table_name, int table_id, const c } param = ALLOC(struct intercept_param, 1); + param->vsys_id = vsys_id; param->rule_id = atoll(key); param->ref_cnt = 1; param->action = action; @@ -287,6 +298,7 @@ int intercept_policy_enforce(struct intercept_policy_enforcer *enforcer, struct tfe_cmsg_set(cmsg, TFE_CMSG_SSL_PASSTHROUGH_REASON, (const unsigned char *)&reason_hit_no_intercept, strlen(reason_hit_no_intercept)); } + tfe_cmsg_set(cmsg, TFE_CMSG_POLICY_VSYS_ID, (const unsigned char *)¶m->vsys_id, sizeof(param->vsys_id)); tfe_cmsg_set(cmsg, TFE_CMSG_TCP_PASSTHROUGH, (const unsigned char *)&tcp_passthrough, sizeof(tcp_passthrough)); tfe_cmsg_set(cmsg, TFE_CMSG_HIT_NO_INTERCEPT, (const unsigned char *)&hit_no_intercept, sizeof(hit_no_intercept)); tfe_cmsg_set(cmsg, TFE_CMSG_TCP_OPTION_PROFILE_ID, (const unsigned char *)&(param->tcp_option_profile), sizeof(param->tcp_option_profile)); |