TSG-3417 TFE 适配 FQDNv4.3.11-202011

	* 修改 cmsg 接口
	* DOH 不支持扫描 fqdn cat id

5 files changed, 43 insertions, 36 deletions

diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h
index 0b4caf2..e8b4b8b 100644
--- a/common/include/tfe_cmsg.h
+++ b/common/include/tfe_cmsg.h
@@ -78,8 +78,8 @@ enum tfe_cmsg_tlv_type
     /* SSL ja3 fingerprint */
     TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, // string max size 32
 
-    TFE_CMSG_SRC_FQDN_ID,
-    TFE_CMSG_SRC_FQDN_NUM,
+    TFE_CMSG_FQDN_CAT_ID_NUM, // unsigned int
+    TFE_CMSG_FQDN_CAT_ID_VAL, // max size 8 * sizeof(unsigned int)
 
     /* Add new cmsg here */
     /* Add new cmsg here */
diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h
index cc93a4b..7a18b4d 100644
--- a/common/include/tfe_scan.h
+++ b/common/include/tfe_scan.h
@@ -10,4 +10,4 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, struct Maat_rule_t *result,
 int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
                          int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client);
 int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
-					  int hit_cnt, unsigned int thread_id, void *logger, int table_id);
+                      int hit_cnt, unsigned int thread_id, void *logger, const char *addr, int table_id);
diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp
index b746a1b..4289f99 100644
--- a/common/src/tfe_scan.cpp
+++ b/common/src/tfe_scan.cpp
@@ -68,44 +68,55 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *r
 }
 
 int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
-					  int hit_cnt, unsigned int thread_id, void *logger, int table_id)
+                      int hit_cnt, unsigned int thread_id, void *logger, const char *addr, int table_id)
 {
-	int scan_ret = 0, i, fqdn_len =0;
+	int scan_ret = 0;
+    unsigned int i = 0;
 	uint16_t opt_out_size;
-	int category_num = 0, hit_cnt_fqdn = 0;
-	char category_id_num[24] = {0};
-	char category_id_val[TFE_SYMBOL_MAX] = {0};
+	int hit_cnt_fqdn = 0;
+	unsigned int category_id_num = 0;
+	unsigned int category_id_val[TFE_SYMBOL_MAX] = {0};
 
     struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
 	if (cmsg != NULL)
     {
-        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_FQDN_ID, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size);
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_NUM, (unsigned char *)&category_id_num, sizeof(category_id_num), &opt_out_size);
         if (scan_ret != 0)
         {
-            TFE_LOG_ERROR(logger, "fetch fqdn cat id from cmsg failed, ret: %d", scan_ret);
+            TFE_LOG_ERROR(logger, "fetch fqdn cat id num from cmsg failed, ret: %d addr: %s", scan_ret, addr);
         }
-		scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_FQDN_NUM, (unsigned char *)category_id_num, sizeof(category_id_num), &opt_out_size);
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size);
         if (scan_ret != 0)
         {
-            TFE_LOG_ERROR(logger, "fetch fqdn cat id from cmsg failed, ret: %d", scan_ret);
+            TFE_LOG_ERROR(logger, "fetch fqdn cat id val from cmsg failed, ret: %d addr: %s", scan_ret, addr);
         }
-		category_num = atoll(category_id_num);
     }
+    TFE_LOG_DEBUG(logger, "fetch fqdn cat id:%d val:%d,%d,%d,%d,%d,%d,%d,%d addr: %s", category_id_num,
+                  (category_id_num >= 1 ? category_id_val[0] : 0),
+                  (category_id_num >= 2 ? category_id_val[1] : 0),
+                  (category_id_num >= 3 ? category_id_val[2] : 0),
+                  (category_id_num >= 4 ? category_id_val[3] : 0),
+                  (category_id_num >= 5 ? category_id_val[4] : 0),
+                  (category_id_num >= 6 ? category_id_val[5] : 0),
+                  (category_id_num >= 7 ? category_id_val[6] : 0),
+                  (category_id_num >= 8 ? category_id_val[7] : 0),
+                  addr);
 
-	for(i = 0; i< category_num && i < 8; i++)
-	{
-		int fqdn_id =0;
-		char fqdn_val[16]={0};
-
-		snprintf(fqdn_val, sizeof(int), "%s", category_id_val + fqdn_len);
-		fqdn_id = atoi(fqdn_val);
-		scan_ret=Maat_scan_intval(tfe_bussiness_resouce_get(STATIC_MAAT), table_id, fqdn_id, result + hit_cnt + hit_cnt_fqdn,
-								  MAX_SCAN_RESULT-hit_cnt-hit_cnt_fqdn, scan_mid, (int) thread_id);
-		if(scan_ret>0)
+    for (i = 0; i < category_id_num && i < 8; i++)
+    {
+		scan_ret = Maat_scan_intval(tfe_bussiness_resouce_get(STATIC_MAAT), table_id, category_id_val[i], result + hit_cnt + hit_cnt_fqdn,
+								  MAX_SCAN_RESULT - hit_cnt - hit_cnt_fqdn, scan_mid, (int)thread_id);
+		if (scan_ret > 0)
 		{
-			hit_cnt_fqdn+=scan_ret;
+            TFE_LOG_INFO(logger, "Scan FQDN_CAT, Hit catid: %d scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         category_id_val[i], scan_ret, result[hit_cnt + hit_cnt_fqdn].config_id, result[hit_cnt + hit_cnt_fqdn].service_id, result[hit_cnt + hit_cnt_fqdn].action, addr);
+            hit_cnt_fqdn += scan_ret;
 		}
-		fqdn_len += sizeof(int);
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan FQDN_CAT, NO hit catid: %d scan ret: %d addr: %s",
+                         category_id_val[i], scan_ret, addr);
+        }
 	}
 	return hit_cnt_fqdn;
 }
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp
index f53f5a7..aa0af29 100644
--- a/plugin/business/doh/src/doh.cpp
+++ b/plugin/business/doh/src/doh.cpp
@@ -244,8 +244,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
                          g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, ctx->addr_string);
         }
 
-		scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, g_doh_conf->tables[TYPE_HOST].id);
-		if( scan_ret > 0)
+        scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, ctx->addr_string, g_doh_conf->tables[TYPE_HOST].id);
+        if( scan_ret > 0)
 		{
 			hit_cnt += scan_ret;
 		}
@@ -295,11 +295,6 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
         TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s",
                      g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, ctx->addr_string);
     }
-	scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, g_doh_conf->tables[TYPE_QNAME].id);
-	if( scan_ret > 0)
-	{
-		hit_cnt += scan_ret;
-	}
 
 	if (hit_cnt)
 	{
diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 244012d..841dd9f 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -1957,12 +1957,14 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 			{
 				hit_cnt += scan_ret;
 			}
-			scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN]);
-			if (scan_ret > 0)
+            char *addr_string = tfe_stream_addr_to_str(stream->addr);
+            scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger, addr_string, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN]);
+            if (scan_ret > 0)
 			{
 				hit_cnt += scan_ret;
 			}
-		}
+            free(addr_string);
+        }
 
 		const char * str_url = session->req->req_spec.url;
 		int str_url_length = (int) (strlen(session->req->req_spec.url));
@@ -2385,7 +2387,6 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
 	{
 		hit_cnt+=scan_ret;
 	}
-
 	int scan_val=106;
 	scan_ret=Maat_scan_intval(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_APP_ID], scan_val, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), (int) thread_id);
 	if(scan_ret>0)