diff options
| author | fengweihao <[email protected]> | 2023-03-14 10:36:03 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2023-03-14 10:36:03 +0800 |
| commit | 92e9c25946b952c7209ab2f7135451e0ea58a928 (patch) | |
| tree | 77b065b5e127964ba8ebce9ca3b2a0e39d6e734f | |
| parent | 212cd1a4f6c83ee5a2099f1c8077deb05bb8d716 (diff) | |
TSG-14186 策略验证支持Service Chainingv2.4.0-20230314master
| -rw-r--r-- | common/include/verify_policy.h | 1 | ||||
| -rw-r--r-- | platform/src/verify_policy.cpp | 6 | ||||
| -rw-r--r-- | resource/table_info_security.conf | 1 | ||||
| -rw-r--r-- | scan/src/policy_scan.cpp | 19 |
4 files changed, 24 insertions, 3 deletions
diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index 9734b5a..2b152f0 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -21,6 +21,7 @@ enum verify_policy_type PXY_TABLE_MANIPULATION, PXY_TABLE_DEFENCE, TSG_TRAFFIC_SHAPING, + TSG_SERVICE_CHAINGNG, __SCAN_POLICY_MAX }; diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index 904d19f..3601243 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -75,6 +75,7 @@ enum verify_policy_type tsg_policy_type_str2idx(const char *action_str) policy_name[PXY_TABLE_MANIPULATION] = "pxy_manipulation"; policy_name[PXY_TABLE_DEFENCE] = "active_defence"; policy_name[TSG_TRAFFIC_SHAPING] = "traffic_shaping"; + policy_name[TSG_SERVICE_CHAINGNG] = "service_chaining"; size_t i = 0; @@ -374,6 +375,11 @@ cJSON *get_query_from_request(const char *data, int thread_id) verify_policy->shaping=1; verify_policy->type = TSG_TABLE_SECURITY; } + if(verify_policy->type == TSG_SERVICE_CHAINGNG) + { + verify_policy->shaping=2; + verify_policy->type = TSG_TABLE_SECURITY; + } if (verify_policy->type >= __SCAN_POLICY_MAX) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "policy type error, policy id = %d", verify_policy->type); diff --git a/resource/table_info_security.conf b/resource/table_info_security.conf index e8c1bc6..c4145b0 100644 --- a/resource/table_info_security.conf +++ b/resource/table_info_security.conf @@ -10,6 +10,7 @@ #id name type src_charset dst_charset do_merge cross_cache quickswitch 0 TSG_SECURITY_COMPILE compile escape -- 0 TRAFFIC_SHAPING_COMPILE compile escape -- +0 SERVICE_CHAINING_COMPILE compile escape -- 1 GROUP_COMPILE_RELATION group2compile -- 2 GROUP_GROUP_RELATION group2group -- 3 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0 diff --git a/scan/src/policy_scan.cpp b/scan/src/policy_scan.cpp index 7c37c50..8a39f63 100644 --- a/scan/src/policy_scan.cpp +++ b/scan/src/policy_scan.cpp @@ -34,6 +34,7 @@ enum policy_action PG_ACTION_REJECT = 0x10, PG_ACTION_SHAPING = 0x20, PG_ACTION_MANIPULATE = 0x30, + PG_ACTION_SERVICE_CHAINING = 0x40, PG_ACTION_INLINE_DEVICE = 0x60, PG_ACTION_WHITELIST = 0x80, __PG_ACTION_MAX @@ -754,7 +755,11 @@ static enum policy_action decide_ctrl_action(enum verify_policy_type policy_type { continue; } - if (shaping == 0 && __action == PG_ACTION_SHAPING) + if (shaping ==2 && __action != PG_ACTION_SERVICE_CHAINING) + { + continue; + } + if (shaping == 0 && (__action == PG_ACTION_SHAPING || __action == PG_ACTION_SERVICE_CHAINING)) { continue; } @@ -950,7 +955,11 @@ int verify_shaping_policy_filter(struct verify_policy_scan_ctx * ctx, int shapin { return 1; } - if(shaping == 0 && ctx->result[i].action != PG_ACTION_SHAPING) + if(shaping == 2 && ctx->result[i].action == PG_ACTION_SERVICE_CHAINING) + { + return 1; + } + if(shaping == 0 && (ctx->result[i].action != PG_ACTION_SHAPING || ctx->result[i].action != PG_ACTION_SERVICE_CHAINING)) { return 1; } @@ -1059,7 +1068,11 @@ int http_hit_policy_list(enum verify_policy_type policy_type, int shaping, size_ { continue; } - if(shaping == 0 && ctx->result[i].action == PG_ACTION_SHAPING) + if(shaping == 2 && ctx->result[i].action != PG_ACTION_SERVICE_CHAINING) + { + continue; + } + if(shaping == 0 && (ctx->result[i].action == PG_ACTION_SHAPING || ctx->result[i].action == PG_ACTION_SERVICE_CHAINING)) { continue; } |