Fix: Remove EnableProcess from config.go and enable-process from config.yaml.
Fix: FindProcess is now enabled by default when the rule set contains process-name rules.
This commit is contained in:
Larvan2
@ -42,6 +42,11 @@ func (c *classicalStrategy) OnUpdate(rules []string) {
|
||||
shouldResolveIP := false
|
||||
for _, rawRule := range rules {
|
||||
ruleType, rule, params := ruleParse(rawRule)
|
||||
|
||||
if ruleType == "PROCESS-NAME" {
|
||||
c.shouldFindProcess = true
|
||||
}
|
||||
|
||||
r, err := c.parse(ruleType, rule, "", params)
|
||||
if err != nil {
|
||||
log.Warnln("parse rule error:[%s]", err.Error())
|
||||
|
||||
@ -12,6 +12,10 @@ type domainStrategy struct {
|
||||
domainRules *trie.DomainTrie[struct{}]
|
||||
}
|
||||
|
||||
func (d *domainStrategy) ShouldFindProcess() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (d *domainStrategy) Match(metadata *C.Metadata) bool {
|
||||
return d.domainRules != nil && d.domainRules.Search(metadata.Host) != nil
|
||||
}
|
||||
|
||||
@ -12,6 +12,10 @@ type ipcidrStrategy struct {
|
||||
trie *trie.IpCidrTrie
|
||||
}
|
||||
|
||||
func (i *ipcidrStrategy) ShouldFindProcess() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (i *ipcidrStrategy) Match(metadata *C.Metadata) bool {
|
||||
return i.trie != nil && i.trie.IsContain(metadata.DstIP.AsSlice())
|
||||
}
|
||||
|
||||
@ -37,6 +37,7 @@ type ruleStrategy interface {
|
||||
Match(metadata *C.Metadata) bool
|
||||
Count() int
|
||||
ShouldResolveIP() bool
|
||||
ShouldFindProcess() bool
|
||||
OnUpdate(rules []string)
|
||||
}
|
||||
|
||||
@ -86,6 +87,10 @@ func (rp *ruleSetProvider) ShouldResolveIP() bool {
|
||||
return rp.strategy.ShouldResolveIP()
|
||||
}
|
||||
|
||||
func (rp *ruleSetProvider) ShouldFindProcess() bool {
|
||||
return rp.strategy.ShouldFindProcess()
|
||||
}
|
||||
|
||||
func (rp *ruleSetProvider) AsRule(adaptor string) C.Rule {
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
@ -9,14 +9,15 @@ import (
|
||||
|
||||
type RuleSet struct {
|
||||
*common.Base
|
||||
ruleProviderName string
|
||||
adapter string
|
||||
ruleProvider P.RuleProvider
|
||||
noResolveIP bool
|
||||
ruleProviderName string
|
||||
adapter string
|
||||
ruleProvider P.RuleProvider
|
||||
noResolveIP bool
|
||||
shouldFindProcess bool
|
||||
}
|
||||
|
||||
func (rs *RuleSet) ShouldFindProcess() bool {
|
||||
return false
|
||||
return !rs.shouldFindProcess && rs.getProviders().ShouldFindProcess()
|
||||
}
|
||||
|
||||
func (rs *RuleSet) RuleType() C.RuleType {
|
||||
|
||||
Reference in New Issue
Block a user