summaryrefslogtreecommitdiff
path: root/plugin/business/tcp-policy/src/tcp_policy.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/business/tcp-policy/src/tcp_policy.cpp')
-rw-r--r--plugin/business/tcp-policy/src/tcp_policy.cpp58
1 files changed, 32 insertions, 26 deletions
diff --git a/plugin/business/tcp-policy/src/tcp_policy.cpp b/plugin/business/tcp-policy/src/tcp_policy.cpp
index 26e54a2..4443840 100644
--- a/plugin/business/tcp-policy/src/tcp_policy.cpp
+++ b/plugin/business/tcp-policy/src/tcp_policy.cpp
@@ -37,7 +37,7 @@ struct tcp_profile_param
struct side_conn_param server_side;
};
-static int parser_side_conn_param(cJSON * json, struct side_conn_param *out_val, void *logger)
+static int parser_side_conn_param(cJSON *json, struct side_conn_param *out_val, void *logger)
{
cJSON *object = NULL;
cJSON *item = NULL;
@@ -113,21 +113,21 @@ static int parser_side_conn_param(cJSON * json, struct side_conn_param *out_val,
out_val->user_timeout = 0;
}
}
- cJSON_Delete(json);
return 0;
}
static void profile_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp)
{
- cJSON * json_root = NULL;
- cJSON * json_subroot = NULL;
- cJSON * item = NULL;
+ cJSON *json_root = NULL;
+ cJSON *json_subroot = NULL;
+ cJSON *item = NULL;
struct tcp_profile_param *param = NULL;
struct tcp_policy_enforcer *enforcer = (struct tcp_policy_enforcer *)argp;
- json_root = cJSON_Parse(table_line);
- if (unlikely(!json_root))
+ char *json_str = strdup(table_line);
+ json_root = cJSON_Parse(json_str);
+ if (json_root == NULL)
{
TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option profile: %s", table_line);
goto error_out;
@@ -139,7 +139,7 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
item = cJSON_GetObjectItem(json_root, "tcp_passthrough");
if (unlikely(!item || !cJSON_IsNumber(item)))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid tcp_passthrough format.", key);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid tcp_passthrough format) %s", table_line);
goto error_out;
}
param->tcp_passthrough = item->valueint;
@@ -147,15 +147,15 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
item = cJSON_GetObjectItem(json_root, "bypass_duplicated_packet");
if (unlikely(!item || !cJSON_IsNumber(item)))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid bypass_duplicated_packet format.", key);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid bypass_duplicated_packet format) %s", table_line);
goto error_out;
}
param->bypass_duplicated_packet = item->valueint;
json_subroot = cJSON_GetObjectItem(json_root, "client_side_conn_param");
- if (unlikely(!json_subroot))
+ if (unlikely(!json_subroot || !cJSON_IsObject(json_subroot)))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid client_side_conn_param format.", key);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid client_side_conn_param format) %s", table_line);
goto error_out;
}
if (parser_side_conn_param(json_subroot, &param->client_side, enforcer->logger) == -1)
@@ -164,9 +164,9 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
}
json_subroot = cJSON_GetObjectItem(json_root, "server_side_conn_param");
- if (unlikely(!json_subroot))
+ if (unlikely(!json_subroot || !cJSON_IsObject(json_subroot)))
{
- TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: %s invalid server_side_conn_param format.", key);
+ TFE_LOG_ERROR(enforcer->logger, "Invalid tcp option parameter: (invalid server_side_conn_param format) %s", table_line);
goto error_out;
}
if (parser_side_conn_param(json_subroot, &param->server_side, enforcer->logger) == -1)
@@ -176,18 +176,24 @@ static void profile_param_new_cb(const char *table_name, const char *key, const
*ad = param;
TFE_LOG_INFO(enforcer->logger, "Add tcp option profile: %s", key);
+
cJSON_Delete(json_root);
+ free(json_str);
return;
error_out:
- if (param)
- {
- free(param);
- }
if (json_root)
{
cJSON_Delete(json_root);
}
+ if (json_str)
+ {
+ free(json_str);
+ }
+ if (param)
+ {
+ free(param);
+ }
}
static void profile_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
@@ -221,7 +227,7 @@ static void profile_param_dup_cb(const char *table_name, void **to, void **from,
static void profile_param_free(struct tcp_profile_param *param)
{
- profile_param_free_cb(0, (void **)&param, 0, NULL);
+ profile_param_free_cb(NULL, (void **)&param, 0, NULL);
}
struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger)
@@ -263,22 +269,22 @@ void tcp_policy_enforcer_destory(struct tcp_policy_enforcer *enforcer)
int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg *cmsg)
{
int ret = 0;
- int profile_id = 0;
+ uuid_t profile_uuid;
uint16_t size = 0;
- char buffer[16] = {0};
+ char profile_uuid_str[UUID_STRING_SIZE] = {0};
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_OPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &size);
+ ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_TCP_OPTION_PROFILE_ID, (unsigned char *)&profile_uuid, sizeof(uuid_t), &size);
if (ret < 0)
{
TFE_LOG_ERROR(g_default_logger, "Failed at fetch tcp_option_profile from cmsg: %s", strerror(-ret));
return -1;
}
- snprintf(buffer, sizeof(buffer), "%d", profile_id);
- struct tcp_profile_param *param = (struct tcp_profile_param *)maat_plugin_table_get_ex_data(tcp_enforcer->maat, tcp_enforcer->table_name, buffer, strlen(buffer));
+ uuid_unparse(profile_uuid, profile_uuid_str);
+ struct tcp_profile_param *param = (struct tcp_profile_param *)maat_plugin_table_get_ex_data(tcp_enforcer->maat, tcp_enforcer->table_name, (const char *)&profile_uuid, sizeof(uuid_t));
if (param == NULL)
{
- TFE_LOG_INFO(tcp_enforcer->logger, "Failed to get tcp option parameter of profile %d.", profile_id);
+ TFE_LOG_INFO(tcp_enforcer->logger, "Failed to get tcp option parameter of profile %s.", profile_uuid_str);
return -1;
}
@@ -311,10 +317,10 @@ int tcp_policy_enforce(struct tcp_policy_enforcer *tcp_enforcer, struct tfe_cmsg
tfe_cmsg_set(cmsg, TFE_CMSG_UPSTREAM_TCP_KEEPINTVL, (unsigned char *)&server_side->keepintvl, sizeof(server_side->keepintvl));
tfe_cmsg_set(cmsg, TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT, (unsigned char *)&server_side->user_timeout, sizeof(server_side->user_timeout));
- TFE_LOG_INFO(tcp_enforcer->logger, "hit tcp_option_profile %d tcp_passthrough %d "
+ TFE_LOG_INFO(tcp_enforcer->logger, "hit tcp_option_profile %s tcp_passthrough %d "
"client_side={maxseg_enable:%d, maxseg_vaule:%d, nodelay:%d, ttl:%d, keepalive:%d, keepcnt:%d, keepidle:%d, keepintvl:%d, user_timeout:%d} "
"server_side={maxseg_enable:%d, maxseg_vaule:%d, nodelay:%d, ttl:%d, keepalive:%d, keepcnt:%d, keepidle:%d, keepintvl:%d, user_timeout:%d} ",
- profile_id, param->tcp_passthrough,
+ profile_uuid_str, param->tcp_passthrough,
client_side->maxseg_enable, client_side->maxseg_vaule, client_side->nodelay, client_side->ttl, client_side->keepalive, client_side->keepcnt, client_side->keepidle, client_side->keepintvl, client_side->user_timeout,
server_side->maxseg_enable, server_side->maxseg_vaule, server_side->nodelay, server_side->ttl, server_side->keepalive, server_side->keepcnt, server_side->keepidle, server_side->keepintvl, server_side->user_timeout);
profile_param_free(param);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:27:36 +0000