summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfengweihao <[email protected]>2020-10-12 11:04:35 +0800
committerluwenpeng <[email protected]>2020-10-14 11:40:06 +0800
commit40aab0a2984a6b74a9c2aed9c0c59e2c33c54e2e (patch)
tree7610fb12d68d26f45be4673bf1f748c944520036
parente16931d7c5ec1faabc90d852c2c9353111de1578 (diff)
fqdn服务划分接口适配修改
Diffstat
-rw-r--r--common/include/tfe_cmsg.h3
-rw-r--r--common/include/tfe_scan.h4
-rw-r--r--common/src/tfe_resource.cpp24
-rw-r--r--common/src/tfe_scan.cpp43
-rw-r--r--plugin/business/doh/src/doh.cpp11
-rw-r--r--plugin/business/pangu-http/src/pangu_http.cpp11
-rw-r--r--plugin/protocol/http2/src/http2_stream.cpp4
-rw-r--r--resource/pangu/table_info.conf68
8 files changed, 106 insertions, 62 deletions
diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h
index e042def..0b4caf2 100644
--- a/common/include/tfe_cmsg.h
+++ b/common/include/tfe_cmsg.h
@@ -78,6 +78,9 @@ enum tfe_cmsg_tlv_type
/* SSL ja3 fingerprint */
TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, // string max size 32
+ TFE_CMSG_SRC_FQDN_ID,
+ TFE_CMSG_SRC_FQDN_NUM,
+
/* Add new cmsg here */
/* Add new cmsg here */
/* Add new cmsg here */
diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h
index 50170ba..cc93a4b 100644
--- a/common/include/tfe_scan.h
+++ b/common/include/tfe_scan.h
@@ -8,4 +8,6 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *r
int tfe_scan_ip_asn(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **asn_server, char **asn_client);
int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
- int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client); \ No newline at end of file
+ int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client);
+int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
+ int hit_cnt, unsigned int thread_id, void *logger, int table_id);
diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp
index 4fc8265..1cb61ff 100644
--- a/common/src/tfe_resource.cpp
+++ b/common/src/tfe_resource.cpp
@@ -13,9 +13,6 @@ struct maat_table_info
{
int id;
const char *name;
- Maat_plugin_EX_new_func_t *new_func;
- Maat_plugin_EX_dup_func_t *dup_func;
- Maat_plugin_EX_free_func_t *free_func;
};
static Maat_feather_t static_maat = NULL;
static tfe_kafka_logger_t *kafka_logger = NULL;
@@ -235,16 +232,11 @@ finish:
}
static struct maat_table_info maat_pub_tables[TABLE_TYPE_MAX] = {
- // TABLE_SECURITY_SOURCE_ASN
- {0, "TSG_SECURITY_SOURCE_ASN", NULL, NULL, NULL},
- // TABLE_SECURITY_DESTINATION_ASN
- {0, "TSG_SECURITY_DESTINATION_ASN", NULL, NULL, NULL},
- // TABLE_SECURITY_SOURCE_LOCATION
- {0, "TSG_SECURITY_SOURCE_LOCATION", NULL, NULL, NULL},
- // TABLE_SECURITY_DESTINATION_LOCATION
- {0, "TSG_SECURITY_DESTINATION_LOCATION", NULL, NULL, NULL},
- // TABLE_OBJ_SUBSCRIBER_ID
- {0, "TSG_OBJ_SUBSCRIBER_ID", NULL, NULL, NULL}};
+ {0, "TSG_SECURITY_SOURCE_ASN"},
+ {0, "TSG_SECURITY_DESTINATION_ASN"},
+ {0, "TSG_SECURITY_SOURCE_LOCATION"},
+ {0, "TSG_SECURITY_DESTINATION_LOCATION"},
+ {0, "TSG_OBJ_SUBSCRIBER_ID"}};
static int register_maat_table()
{
@@ -256,12 +248,6 @@ static int register_maat_table()
TFE_LOG_ERROR(g_default_logger, "Maat table %s register failed.", maat_pub_tables[i].name);
return -1;
}
-
- if (maat_pub_tables[i].new_func || maat_pub_tables[i].dup_func || maat_pub_tables[i].free_func)
- {
- Maat_ip_plugin_EX_register(static_maat, maat_pub_tables[i].id, maat_pub_tables[i].new_func,
- maat_pub_tables[i].free_func, maat_pub_tables[i].dup_func, 0, NULL);
- }
}
return 0;
diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp
index 5e7ec5b..b746a1b 100644
--- a/common/src/tfe_scan.cpp
+++ b/common/src/tfe_scan.cpp
@@ -67,6 +67,49 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *r
return hit_cnt_ip;
}
+int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
+ int hit_cnt, unsigned int thread_id, void *logger, int table_id)
+{
+ int scan_ret = 0, i, fqdn_len =0;
+ uint16_t opt_out_size;
+ int category_num = 0, hit_cnt_fqdn = 0;
+ char category_id_num[24] = {0};
+ char category_id_val[TFE_SYMBOL_MAX] = {0};
+
+ struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
+ if (cmsg != NULL)
+ {
+ scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_FQDN_ID, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size);
+ if (scan_ret != 0)
+ {
+ TFE_LOG_ERROR(logger, "fetch fqdn cat id from cmsg failed, ret: %d", scan_ret);
+ }
+ scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_FQDN_NUM, (unsigned char *)category_id_num, sizeof(category_id_num), &opt_out_size);
+ if (scan_ret != 0)
+ {
+ TFE_LOG_ERROR(logger, "fetch fqdn cat id from cmsg failed, ret: %d", scan_ret);
+ }
+ category_num = atoll(category_id_num);
+ }
+
+ for(i = 0; i< category_num && i < 8; i++)
+ {
+ int fqdn_id =0;
+ char fqdn_val[16]={0};
+
+ snprintf(fqdn_val, sizeof(int), "%s", category_id_val + fqdn_len);
+ fqdn_id = atoi(fqdn_val);
+ scan_ret=Maat_scan_intval(tfe_bussiness_resouce_get(STATIC_MAAT), table_id, fqdn_id, result + hit_cnt + hit_cnt_fqdn,
+ MAX_SCAN_RESULT-hit_cnt-hit_cnt_fqdn, scan_mid, (int) thread_id);
+ if(scan_ret>0)
+ {
+ hit_cnt_fqdn+=scan_ret;
+ }
+ fqdn_len += sizeof(int);
+ }
+ return hit_cnt_fqdn;
+}
+
int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client)
{
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp
index dfc2eb3..f53f5a7 100644
--- a/plugin/business/doh/src/doh.cpp
+++ b/plugin/business/doh/src/doh.cpp
@@ -243,6 +243,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit host: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, ctx->addr_string);
}
+
+ scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, g_doh_conf->tables[TYPE_HOST].id);
+ if( scan_ret > 0)
+ {
+ hit_cnt += scan_ret;
+ }
}
// scan addr
@@ -289,6 +295,11 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, ctx->addr_string);
}
+ scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, g_doh_conf->tables[TYPE_QNAME].id);
+ if( scan_ret > 0)
+ {
+ hit_cnt += scan_ret;
+ }
if (hit_cnt)
{
diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 058fa8e..244012d 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -1934,7 +1934,7 @@ static void http_manipulate(const struct tfe_stream * stream, const struct tfe_h
}
enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_http_event events,
- const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx)
+ const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx, const struct tfe_stream * stream)
{
void * iterator = NULL;
const char * field_val = NULL;
@@ -1957,6 +1957,11 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
{
hit_cnt += scan_ret;
}
+ scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN]);
+ if (scan_ret > 0)
+ {
+ hit_cnt += scan_ret;
+ }
}
const char * str_url = session->req->req_spec.url;
@@ -2046,8 +2051,6 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id);
}
}
-
-
__out:
return ctx->action;
}
@@ -2059,7 +2062,7 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h
if(ctx->action==PG_ACTION_NONE||ctx->action==PG_ACTION_MONIT)
{
//ctx->action changed in http_scan.
- http_scan(session, events, body_frag, frag_size, ctx);
+ http_scan(session, events, body_frag, frag_size, ctx, stream);
}
switch (ctx->action)
{
diff --git a/plugin/protocol/http2/src/http2_stream.cpp b/plugin/protocol/http2/src/http2_stream.cpp
index a493a13..58c1f6b 100644
--- a/plugin/protocol/http2/src/http2_stream.cpp
+++ b/plugin/protocol/http2/src/http2_stream.cpp
@@ -448,9 +448,6 @@ void h2_half_ops_free(struct tfe_http_half * half)
delete_stream_half_data(&h2_private, 1, CONN_DIR_DOWNSTREAM);
- free(h2_private);
- h2_private = NULL;
-
return;
}
@@ -952,7 +949,6 @@ nghttp2_submit_frame_settings(struct tfe_h2_stream *connection,const nghttp2_fra
nghttp2_settings settings = frame->settings;
nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir);
- nghttp2_session *ngh2_peer_session = tfe_h2_stream_get_nghttp2_peer_session(connection, dir);
rv = nghttp2_submit_settings(ngh2_session, settings.hd.flags,
nghttp2_iv_packet(settings, iv), settings.niv);
diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf
index 90b70df..e4d8217 100644
--- a/resource/pangu/table_info.conf
+++ b/resource/pangu/table_info.conf
@@ -23,37 +23,37 @@
4 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
5 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
6 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
-6 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
-7 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
-8 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
-9 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
-10 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
-11 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
-12 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
-13 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
-14 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
-15 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0
-16 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR --
-17 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR --
-18 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"}
-19 PXY_CACHE_COMPILE compile escape --
-20 PXY_CACHE_GROUP group --
-21 PXY_CACHE_HTTP_URL expr UTF8 UTF8 yes 0 quickoff
-22 PXY_CACHE_HTTP_COOKIE expr UTF8 UTF8 yes 0 quickoff
-23 PXY_PROFILE_TRUSTED_CA_CERT plugin {"key":1,"valid":4,"foreign":"3"}
-23 PXY_EXCH_INTERMEDIA_CERT plugin {"key":1,"valid":4,"foreign":"3"}
-24 PXY_OBJ_TRUSTED_CA_CRL plugin {"valid":4,"foreign":"3"}
-25 TSG_PROFILE_RESPONSE_PAGES plugin {"key":1,"foreign":"4","valid":5}
-26 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6}
-27 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6}
-28 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8}
-29 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}
-30 TSG_PROFILE_DECRYPTION plugin {"key":1,"valid":4}
-31 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0
-32 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER --
-33 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER --
-34 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0
-35 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION --
-36 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION --
-37 TSG_FIELD_DOH_QNAME virtual TSG_OBJ_FQDN --
-38 TSG_FIELD_DOH_HOST virtual TSG_OBJ_FQDN -- \ No newline at end of file
+7 TSG_OBJ_FQDN_CAT intval UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
+8 TSG_FIELD_HTTP_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
+9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
+10 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
+11 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
+12 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
+13 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
+14 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
+15 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
+16 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0
+17 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR --
+18 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR --
+19 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"}
+20 PXY_CACHE_COMPILE compile escape --
+21 PXY_CACHE_GROUP group --
+22 PXY_CACHE_HTTP_URL expr UTF8 UTF8 yes 0 quickoff
+23 PXY_CACHE_HTTP_COOKIE expr UTF8 UTF8 yes 0 quickoff
+24 PXY_PROFILE_TRUSTED_CA_CERT plugin {"key":1,"valid":4,"foreign":"3"}
+24 PXY_EXCH_INTERMEDIA_CERT plugin {"key":1,"valid":4,"foreign":"3"}
+25 PXY_OBJ_TRUSTED_CA_CRL plugin {"valid":4,"foreign":"3"}
+26 TSG_PROFILE_RESPONSE_PAGES plugin {"key":1,"foreign":"4","valid":5}
+27 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6}
+28 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6}
+29 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8}
+30 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}
+31 TSG_PROFILE_DECRYPTION plugin {"key":1,"valid":4}
+32 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0
+33 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER --
+34 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER --
+35 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0
+36 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION --
+37 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION --
+38 TSG_FIELD_DOH_QNAME virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
+39 TSG_FIELD_DOH_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:53:33 +0000