diff options
| author | fengweihao <[email protected]> | 2024-03-28 14:32:57 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2024-03-28 14:32:57 +0800 |
| commit | fa59d4cc6041d439c38d0163e414712e0604bf4c (patch) | |
| tree | 3f9f81e00082a73001432038140a65bce30cb434 | |
| parent | 620d367a504571e7c4c16edeea4f75f7269772e0 (diff) | |
TSG-20186 PolicyVerify支持IP+Port组合objectv4.0.12-20240328
| -rw-r--r-- | ci/travis.sh | 2 | ||||
| -rw-r--r-- | platform/src/verify_matcher.cpp | 18 | ||||
| -rw-r--r-- | resource/table_info.conf | 7 | ||||
| -rw-r--r-- | resource/table_info_simple.conf | 19 |
4 files changed, 30 insertions, 16 deletions
diff --git a/ci/travis.sh b/ci/travis.sh index 6a7a20b..a1ddb68 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -33,7 +33,7 @@ env | sort : "${COMPILER_IS_GNUCXX:=OFF}" # Install dependency from YUM -yum install -y libcjson-devel libmaatframe-devel libMESA_handle_logger-devel libMESA_prof_load-devel sapp-devel +yum install -y libcjson-devel libmaatframe-devel libfieldstat4-devel libMESA_handle_logger-devel libMESA_prof_load-devel sapp-devel mkdir build || true cd build diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index 70be885..f3f256b 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -1970,8 +1970,9 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct { if(0 == strcasecmp(request->attri_name, "source") || 0 == strcasecmp(request->attri_name, "internal")) { - scan_ret = maat_scan_ipv4(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v4->saddr, - ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); + + scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v4->saddr, request->ip_addr->v4->source, + ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; @@ -1985,8 +1986,8 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct } if(0 == strcasecmp(request->attri_name, "destination") || 0 == strcasecmp(request->attri_name, "external")) { - scan_ret = maat_scan_ipv4(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v4->daddr, - ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v4->daddr, request->ip_addr->v4->dest, + ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; @@ -2009,8 +2010,8 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct { if(0 == strcasecmp(request->attri_name, "source") || 0 == strcasecmp(request->attri_name, "internal")) { - scan_ret = maat_scan_ipv6(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v6->saddr, - ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_ipv6_port(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v6->saddr,request->ip_addr->v6->source, + ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; @@ -2024,8 +2025,8 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct } if(0 == strcasecmp(request->attri_name, "destination") || 0 == strcasecmp(request->attri_name, "external")) { - scan_ret = maat_scan_ipv6(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v6->daddr, - ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_ipv6_port(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v6->daddr,request->ip_addr->v6->dest, + ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; @@ -2295,7 +2296,6 @@ static struct maat *create_maat_feather(const char * instance_name, const char * break; } maat_options_set_foreign_cont_dir(opts, "./verify_policy_files"); - maat_options_set_rule_effect_interval_ms(opts, effect_interval); maat_options_set_caller_thread_number(opts, max_thread); maat_options_set_hit_path_enabled(opts); diff --git a/resource/table_info.conf b/resource/table_info.conf index f69ee34..6e4a81f 100644 --- a/resource/table_info.conf +++ b/resource/table_info.conf @@ -378,15 +378,16 @@ "table_id":29, "table_name":"TSG_OBJ_IP", "db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"], - "table_type":"ip_plus", - "valid_column":7, + "table_type":"ip", + "valid_column":8, "custom": { "item_id":1, "group_id":2, "addr_type":3, "addr_format":4, "ip1":5, - "ip2":6 + "ip2":6, + "port":7 } }, { diff --git a/resource/table_info_simple.conf b/resource/table_info_simple.conf index e68dce7..c6468a9 100644 --- a/resource/table_info_simple.conf +++ b/resource/table_info_simple.conf @@ -378,15 +378,16 @@ "table_id":29, "table_name":"TSG_OBJ_IP", "db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"], - "table_type":"ip_plus", - "valid_column":7, + "table_type":"ip", + "valid_column":8, "custom": { "item_id":1, "group_id":2, "addr_type":3, "addr_format":4, "ip1":5, - "ip2":6 + "ip2":6, + "port":7 } }, { @@ -949,5 +950,17 @@ "table_name":"ATTR_TUNNEL_LEVEL", "table_type":"virtual", "physical_table": "TSG_TUNNEL_CATALOG" + }, + { + "table_id":106, + "table_name":"ATTR_INTERNAL_ASN", + "table_type":"virtual", + "physical_table": "TSG_OBJ_AS_NUMBER" + }, + { + "table_id":107, + "table_name":"ATTR_EXTERNAL_ASN", + "table_type":"virtual", + "physical_table": "TSG_OBJ_AS_NUMBER" } ]
\ No newline at end of file |