bugfix: 修复了通过cmsg获取IP归属地的问题v4.8.74-20240403

author: fengweihao <[email protected]> 2024-04-03 16:50:54 +0800
committer: luwenpeng <[email protected]> 2024-04-03 17:29:04 +0800
commit: 641c14f55a74c0b6553f5f41a5d479fe6956b703 (patch)
tree: ee524c94265ba1b651a5e111fc9545c938211870
parent: 8a2dcfcb31c9b07a321f2f083a811760cf1d884a (diff)
7 files changed, 23 insertions, 75 deletions
diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h
index 87c486b..ea0d53b 100644
--- a/common/include/tfe_scan.h
+++ b/common/include/tfe_scan.h
@@ -5,8 +5,7 @@
 
 int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid,
                           int hit_cnt, void *logger);
-int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid,
-                    int hit_cnt, void *logger, char **asn_server, char **asn_client);
+int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger);
 int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger);
 int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id);
 int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr);
diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp
index 63ac9bb..187e658 100644
--- a/common/src/tfe_scan.cpp
+++ b/common/src/tfe_scan.cpp
@@ -104,8 +104,9 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
     int scan_ret = 0;
     int hit_cnt_ip = 0;
     uint16_t opt_out_size;
-    unsigned int i=0, group_id=0, group_id_num=0;
-	unsigned int group_id_val[TFE_SYMBOL_MAX] = {0};
+    unsigned int i=0, group_id_num=0;
+    uint64_t group_id=0;
+	uint64_t group_id_val[TFE_SYMBOL_MAX] = {0};
 
     struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
     if(cmsg == NULL)
@@ -122,8 +123,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
         }
         group_id_num++;
     }
-    TFE_LOG_DEBUG(logger, "fetch src ip location group id num:%d val:%d,%d,%d,%d, addr: %s", group_id_num, group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info);
-
+    TFE_LOG_DEBUG(logger, "fetch src ip location region_id:%lu, province_id:%lu, city_id:%lu, subdivision_id:%lu, addr: %s", group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info);
     struct maat_hit_group hit_group;
     for (i = 0; i < group_id_num; i++)
     {
@@ -152,7 +152,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
         }
         group_id_num++;
     }
-    TFE_LOG_DEBUG(logger, "fetch dst ip location group id num:%d val:%d,%d,%d,%d, addr: %s", group_id_num, group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info);
+    TFE_LOG_DEBUG(logger, "fetch dst ip location region_id:%lu, province_id:%lu, city_id:%lu, subdivision_id:%lu, addr: %s", group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info);
     for (i = 0; i < group_id_num; i++)
     {
         memset(&hit_group, 0, sizeof(hit_group));
@@ -171,8 +171,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
     return hit_cnt_ip;
 }
 
-int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid,
-                    int hit_cnt, void *logger, char **asn_server, char **asn_client)
+int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger)
 {
     int scan_ret = 0;
     int hit_cnt_ip = 0;
@@ -416,7 +415,7 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc
     {
         hit_cnt_ip += n_hit_result;
     }
-
+    
     scan_ret = maat_scan_ipv4_port((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr, ntohs(sapp_addr.v4->source),
                                     result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
     if (scan_ret == MAAT_SCAN_HIT)
@@ -471,9 +470,14 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc
     {
         hit_cnt_ip += n_hit_result;
     }
-    
-    scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr,
-                              result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
+    scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL),
+                                  result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
+    if (scan_ret == MAAT_SCAN_HIT)
+    {
+        hit_cnt_ip += n_hit_result;
+    }
+    scan_ret = maat_scan_ipv6_port((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source),
+                                   result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
     if (scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_ip += n_hit_result;
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp
index 5e04296..4103f69 100644
--- a/plugin/business/doh/src/doh.cpp
+++ b/plugin/business/doh/src/doh.cpp
@@ -283,7 +283,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
 		hit_cnt += scan_ret;
 	}
 
-	scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger, &(ctx->asn_server), &(ctx->asn_client));
+	scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
 	if (scan_ret > 0)
 	{
 		hit_cnt += scan_ret;
@@ -484,30 +484,7 @@ static void doh_ctx_free(struct doh_ctx *ctx)
 		evbuffer_free(ctx->http_req_body);
 		ctx->http_req_body = NULL;
 	}
-
-	if (ctx->asn_client)
-	{
-		free(ctx->asn_client);
-		ctx->asn_client = NULL;
-	}
-
-	if (ctx->asn_server)
-	{
-		free(ctx->asn_server);
-		ctx->asn_server = NULL;
-	}
-
-	if (ctx->location_client)
-	{
-		free(ctx->location_client);
-		ctx->location_client = NULL;
-	}
-
-	if (ctx->location_server)
-	{
-		free(ctx->location_server);
-		ctx->location_server = NULL;
-	}
+	
 	FREE(&ctx);
 }
 
diff --git a/plugin/business/doh/src/pub.h b/plugin/business/doh/src/pub.h
index 1e7aef9..491bfe2 100644
--- a/plugin/business/doh/src/pub.h
+++ b/plugin/business/doh/src/pub.h
@@ -98,11 +98,6 @@ struct doh_ctx
 	enum doh_content_type type;
 	struct evbuffer *http_req_body;
 	dns_info_t *doh_req;
-
-	char *asn_client;
-	char *asn_server;
-	char *location_client;
-	char *location_server;
 };
 
 int base64_encode(char *dst, int dstlen, const char *src, int srclen);
diff --git a/plugin/business/tsg-http/include/tsg_proxy_logger.h b/plugin/business/tsg-http/include/tsg_proxy_logger.h
index e8c656e..1eb0eb3 100644
--- a/plugin/business/tsg-http/include/tsg_proxy_logger.h
+++ b/plugin/business/tsg-http/include/tsg_proxy_logger.h
@@ -23,10 +23,6 @@ struct proxy_log
 	struct evbuffer* req_body, *resp_body;
     unsigned char action;
     size_t inject_sz;
-    char *asn_client;
-    char *asn_server;
-    char *location_client;
-    char *location_server;
     size_t c2s_byte_num;
     size_t s2c_byte_num;
 };
diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp
index 6b17216..d07d529 100644
--- a/plugin/business/tsg-http/src/tsg_http.cpp
+++ b/plugin/business/tsg-http/src/tsg_http.cpp
@@ -1149,14 +1149,6 @@ struct edit_element_ctx
 	int actually_edited;
 };
 
-struct ip_data_ctx
-{
-	char *asn_client;
-	char *asn_server;
-	char *location_client;
-	char *location_server;
-};
-
 struct proxy_http_ctx
 {
 	int magic_num;
@@ -1177,7 +1169,6 @@ struct proxy_http_ctx
 	struct insert_ctx * ins_ctx;
 	struct edit_element_ctx * edit_ctx;
 	struct tsg_script_ctx *tsg_ctx;
-	struct ip_data_ctx ip_ctx;
 
 	int (* resumed_cb)(const struct tfe_stream * stream,
 	const struct tfe_http_session * session, enum tfe_http_event event, const unsigned char * data,
@@ -1316,18 +1307,6 @@ void http_tsg_ctx_free(struct tsg_script_ctx *tsg_ctx, int thread_id)
 	return;
 }
 
-void http_ip_ctx_free(struct ip_data_ctx *ip_ctx)
-{
-	if(ip_ctx->asn_client)
-		FREE(&ip_ctx->asn_client);
-	if(ip_ctx->asn_server)
-		FREE(&ip_ctx->asn_server);
-	if(ip_ctx->location_client)
-		FREE(&ip_ctx->location_client);
-	if(ip_ctx->location_server)
-		FREE(&ip_ctx->location_server);
-}
-
 #define	HTTP_CTX_MAGIC_NUM	20181021
 static struct proxy_http_ctx * proxy_http_ctx_new(unsigned int thread_id)
 {
@@ -1362,7 +1341,6 @@ static void proxy_http_ctx_free(struct proxy_http_ctx * ctx)
 		ctx->tsg_ctx = NULL;
 	}
 
-	http_ip_ctx_free(&ctx->ip_ctx);
 	ctx->manipulate_replaced=0;
 	FREE(&ctx->enforce_rules);
 	policy_action_param_free(ctx->param);
@@ -2939,7 +2917,7 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_
 		hit_cnt+=scan_ret;
 	}
 
-	scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger, &(ctx->ip_ctx.asn_server), &(ctx->ip_ctx.asn_client));
+	scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
 	if(scan_ret>0)
 	{
 		hit_cnt+=scan_ret;
@@ -3021,9 +2999,8 @@ void proxy_on_http_end(const struct tfe_stream * stream,
 		}
 	}
 	struct proxy_log log_msg =  {.stream=stream, .http=session, .result=(struct log_rule_t *)ctx->enforce_rules, .result_num=ctx->n_enforce,
-								.req_body=ctx->log_req_body, .resp_body=ctx->log_resp_body, .action=0, .inject_sz=ctx->inject_sz,
-								.asn_client=ctx->ip_ctx.asn_client, .asn_server=ctx->ip_ctx.asn_server, .location_client=ctx->ip_ctx.location_client,
-								.location_server=ctx->ip_ctx.location_server, .c2s_byte_num=ctx->c2s_byte_num, .s2c_byte_num=ctx->s2c_byte_num};
+								.req_body=ctx->log_req_body, .resp_body=ctx->log_resp_body, .action=0, .inject_sz=ctx->inject_sz, .c2s_byte_num=ctx->c2s_byte_num,
+							    .s2c_byte_num=ctx->s2c_byte_num};
 	if(ctx->action == PX_ACTION_MANIPULATE)
 	{
 		log_msg.action = ctx->param->action;
diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp
index f411a40..52a99e6 100644
--- a/plugin/business/tsg-http/src/tsg_logger.cpp
+++ b/plugin/business/tsg-http/src/tsg_logger.cpp
@@ -141,7 +141,7 @@ static int get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
 {
 	unsigned int i=0, j=0;
 	char opt_val[128]={0}; uint16_t opt_out_size;
-	const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"};
+	const char *client_geo_area_map[] = {"client_country","client_super_administrative_area","client_administrative_area","client_sub_administrative_area"};
 
 	for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
 	{
@@ -159,7 +159,7 @@ static int get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
 {
 	unsigned int i=0, j=0;
 	char opt_val[128]={0}; uint16_t opt_out_size;
-	const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"};
+	const char *server_geo_area_map[] = {"server_country","server_super_administrative_area","server_administrative_area","server_sub_administrative_area"};
 
 	for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
 	{
author	fengweihao <[email protected]>	2024-04-03 16:50:54 +0800
committer	luwenpeng <[email protected]>	2024-04-03 17:29:04 +0800
commit	641c14f55a74c0b6553f5f41a5d479fe6956b703 (patch)
tree	ee524c94265ba1b651a5e111fc9545c938211870
parent	8a2dcfcb31c9b07a321f2f083a811760cf1d884a (diff)