diff options
| author | fengweihao <[email protected]> | 2024-08-16 11:57:20 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2024-08-16 11:57:20 +0800 |
| commit | c2c20d33108dbe35e4ee1f98b7ed956d27cfc710 (patch) | |
| tree | a67d6cbfa075b1a7e1f97b2ab52d956949a81b67 /common | |
| parent | 88e6b0ae9bee35e5b39c6cf25a7f53c0217c584f (diff) | |
TSG-22093 Manipulation支持Library Tag相关策略的扫描与日志发送
Diffstat (limited to 'common')
| -rw-r--r-- | common/include/tfe_resource.h | 10 | ||||
| -rw-r--r-- | common/include/tfe_scan.h | 7 | ||||
| -rw-r--r-- | common/src/tfe_resource.cpp | 14 | ||||
| -rw-r--r-- | common/src/tfe_scan.cpp | 498 |
4 files changed, 257 insertions, 272 deletions
diff --git a/common/include/tfe_resource.h b/common/include/tfe_resource.h index fff74d7..060a967 100644 --- a/common/include/tfe_resource.h +++ b/common/include/tfe_resource.h @@ -22,16 +22,6 @@ enum scan_common_table PXY_CTRL_INTERNAL_PORT, PXY_CTRL_EXTERNAL_PORT, PXY_CTRL_IP_PROTOCOL, - PXY_CTRL_SOURCE_ASN, - PXY_CTRL_DESTINATION_ASN, - PXY_CTRL_SOURCE_GEO_COUNTRY, - PXY_CTRL_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA, - PXY_CTRL_SOURCE_GEO_ADMINISTRATIVE_AREA, - PXY_CTRL_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA, - PXY_CTRL_DESTINATION_GEO_COUNTRY, - PXY_CTRL_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA, - PXY_CTRL_DESTINATION_GEO_ADMINISTRATIVE_AREA, - PXY_CTRL_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA, PXY_CTRL_SUBSCRIBER_ID, PXY_CTRL_APP_ID_DICT, __SCAN_COMMON_TABLE_MAX diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index ea0d53b..cc3f3ac 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -3,10 +3,9 @@ #include <tfe_stream.h> #define MAX_SCAN_RESULT 16 -int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, void *logger); -int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); -int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_fqdn_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id, void *logger); int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id); int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 3203775..b1faa32 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -103,7 +103,7 @@ static struct maat *create_maat_feather(const char *instance_name, const char *p { struct maat *target=NULL; int input_mode = 0, maat_stat_on = 0, maat_perf_on = 0; - int ret = 0, effect_interval = 60, log_level=0; + int ret = 0, effect_interval = 60, log_level=0, max_size_mb=0; char table_info[TFE_STRING_MAX] = {0}, inc_cfg_dir[TFE_STRING_MAX] = {0}, ful_cfg_dir[TFE_STRING_MAX] = {0}; char redis_server[TFE_STRING_MAX] = {0}; char redis_port_range[TFE_STRING_MAX] = {0}; @@ -130,11 +130,13 @@ static struct maat *create_maat_feather(const char *instance_name, const char *p MESA_load_profile_int_def(profile, section, "effect_interval_s", &(effect_interval), 60); MESA_load_profile_int_def(profile, section, "deferred_load_on", &(deferred_load_on), 0); MESA_load_profile_int_def(profile, section, "log_level", &(log_level), LOG_LEVEL_FATAL); + MESA_load_profile_int_def(profile, section, "log_max_size_mb", &(max_size_mb), 0); effect_interval *= 1000; //convert s to ms struct maat_options *opts = maat_options_new(); maat_options_set_logger(opts, "log/maat.log", (enum log_level)log_level); + //maat_options_set_log_file_max_size(opts, max_size_mb); maat_options_set_instance_name(opts, instance_name); maat_options_set_caller_thread_number(opts, max_thread); switch (input_mode) @@ -329,16 +331,6 @@ static int maat_common_table_init() table_name[PXY_CTRL_INTERNAL_PORT] = "ATTR_INTERNAL_PORT"; table_name[PXY_CTRL_EXTERNAL_PORT] = "ATTR_EXTERNAL_PORT"; table_name[PXY_CTRL_IP_PROTOCOL] = "ATTR_IP_PROTOCOL"; - table_name[PXY_CTRL_SOURCE_ASN] = "ATTR_SOURCE_ASN"; - table_name[PXY_CTRL_DESTINATION_ASN]="ATTR_DESTINATION_ASN"; - table_name[PXY_CTRL_SOURCE_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY"; - table_name[PXY_CTRL_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_SOURCE_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_DESTINATION_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY"; - table_name[PXY_CTRL_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_DESTINATION_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"; table_name[PXY_CTRL_SUBSCRIBER_ID] = "ATTR_SUBSCRIBER_ID"; table_name[PXY_CTRL_APP_ID_DICT] = "APP_ID_DICT"; diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index a886e68..7c2d08c 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -3,110 +3,130 @@ #include <tfe_scan.h> #include <MESA/stream.h> -int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, void *logger) +static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id) { - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - uint16_t opt_out_size; - char dest_subscribe_id[TFE_STRING_MAX] = {0}; - char source_subscribe_id[TFE_STRING_MAX] = {0}; - struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if (cmsg != NULL) + size_t n_hit_result=0; + int scan_ret=0, hit_cnt_group=0; + + scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, + result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + return hit_cnt_group; +} + +int tfe_get_tags_id_array(char *tag_ids, long long *tag_id_array) +{ + if(tag_ids==NULL) + { + return 0; + } + + int n_tag_ids=0; + char *tag_ids_tmp = ALLOC(char, strlen(tag_ids)+1); + strcpy(tag_ids_tmp, tag_ids); + + char *tag_ids_str=strtok(tag_ids_tmp, ","); + while(tag_ids_str!=NULL && n_tag_ids < 128) + { + tag_id_array[n_tag_ids++]=strtoll(tag_ids_str, NULL, 10); + tag_ids_str=strtok(NULL, ","); + } + FREE(&tag_ids_tmp); + return n_tag_ids; +} + +static int get_route_dir(const struct tfe_stream * stream) +{ + uint16_t out_size; + unsigned int route_dir; int ret=0; + + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); + if (cmsg != NULL) + { + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); + if (ret != 0) + { + return ret; + } + } + return (route_dir==69) ? 1 : 0; +} + +int get_table_id(const struct tfe_stream *stream, enum scan_common_table table_type) +{ + int table_id = 0, c2s = 0; + int dir_is_e2i = get_route_dir(stream); + + if (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP || table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) { - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size); - if (scan_ret != 0) + c2s = (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_SOURCE_PORT) ? 1 : 0; + + if(table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP) { - TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); + table_id = (c2s == dir_is_e2i) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size); - if (scan_ret != 0) + if(table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) { - TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); + table_id = (c2s == dir_is_e2i) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); } } - TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, stream->str_stream_info); + return table_id; +} - if (strlen(source_subscribe_id)) +int tfe_scan_internal_exteral_by_last_group(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, enum scan_common_table table_type) +{ + size_t array_size=256, n_hit_result = 0; + int hit_cnt_group = 0, scan_ret = 0, table_id = 0; + struct maat_hit_group last_hit_groups[256] = {0}; + + table_id = get_table_id(stream, table_type); + if(table_id <= 0) { - scan_ret = maat_scan_string(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), - source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip, - MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", - source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; - } - else - { - TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", - source_subscribe_id, scan_ret, stream->str_stream_info); - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), - result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } + return hit_cnt_group; } - if (strlen(dest_subscribe_id)) + size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); + if(n_last_hit_group > 0) { - scan_ret = maat_scan_string(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), - dest_subscribe_id, strlen(dest_subscribe_id),result + hit_cnt + hit_cnt_ip, - MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,&n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", - dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; - } - else + maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); + scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) { - TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", - dest_subscribe_id, scan_ret, stream->str_stream_info); + hit_cnt_group += n_hit_result; } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), - result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, + result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { - hit_cnt_ip += n_hit_result; + hit_cnt_group += n_hit_result; } } - - return hit_cnt_ip; + return hit_cnt_group; } -static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id) -{ - size_t n_hit_result=0; - int scan_ret=0, hit_cnt_group=0; +/**for Provisional compilation definitions**/ +#define TFE_CMSG_FQDN_TAGS_ID_STR 60 /*1,2,3,4,5*/ +#define TFE_CMSG_SRC_TAGS_ID_STR 61 /*11,12,13,14*/ +#define TFE_CMSG_DST_TAGS_ID_STR 62 /*6,7,8,9,10*/ +#define TFE_CMSG_FQDN_TAGS_LOG_STR 63 /*"Category Name:Search Engines, Cloude Provider:aws, CDN Provider:aws, category_name: ab"*/ +#define TFE_CMSG_SRC_TAGS_LOG_STR 64 /*"administrative_area:Singapore, country:Singapore", CDN Provider:Light CDN*/ +#define TFE_CMSG_DST_TAGS_LOG_STR 65 /*"ASN:55967, CDN Provider:Light CDN, country:Hong Kong"*/ - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, - result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group+=n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_cnt_group, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group+=n_hit_result; - } - return hit_cnt_group; -} - -int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) +int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { - int scan_ret = 0; - int hit_cnt_ip = 0; - uint16_t opt_out_size; - unsigned int i=0, group_id_num=0; - uint64_t group_id=0; - uint64_t group_id_val[TFE_SYMBOL_MAX] = {0}; + size_t n_hit_result = 0; + long long tag_id_array[128]={0}; + int scan_ret = 0, hit_cnt_ip = 0, n_tag_ids = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if(cmsg == NULL) @@ -114,125 +134,117 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str return hit_cnt_ip; } - for(i=TFE_CMSG_SRC_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2) + char opt_val[128]={0}; uint16_t opt_out_size = 0; + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_SRC_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if(ret == 0) { - scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size); - if (scan_ret == 0) + n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); + if(n_tag_ids == 0) { - group_id_val[group_id_num] = group_id; + return hit_cnt_ip; } - group_id_num++; } - TFE_LOG_DEBUG(logger, "fetch src ip location region_id:%lu, province_id:%lu, city_id:%lu, subdivision_id:%lu, addr: %s", group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info); + TFE_LOG_DEBUG(logger, "fetch src ip tags: %s", opt_val); struct maat_hit_group hit_group; - for (i = 0; i < group_id_num; i++) + for (int i = 0; i < n_tag_ids; i++) { memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=group_id_val[i]; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_SOURCE_GEO_COUNTRY+i))); - if (scan_ret > 0) + hit_group.group_id=tag_id_array[i]; + + scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), &hit_group, 1, result+hit_cnt+hit_cnt_ip, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + TFE_LOG_INFO(logger, "Scan Src TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += scan_ret; + } + else { - TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += scan_ret; + TFE_LOG_INFO(logger, "Scan Src TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } - else + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); + if(scan_ret > 0) { - TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); + hit_cnt_ip += scan_ret; } } - group_id_num=0; - memset(group_id_val, 0, sizeof(group_id_val)); - for(i=TFE_CMSG_DST_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2) + n_tag_ids=0; + memset(tag_id_array, 0, sizeof(tag_id_array)); + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_DST_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if(ret == 0) { - scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size); - if (scan_ret == 0) + n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); + if(n_tag_ids == 0) { - group_id_val[group_id_num] = group_id; + return hit_cnt_ip; } - group_id_num++; } - TFE_LOG_DEBUG(logger, "fetch dst ip location region_id:%lu, province_id:%lu, city_id:%lu, subdivision_id:%lu, addr: %s", group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info); - for (i = 0; i < group_id_num; i++) + TFE_LOG_DEBUG(logger, "fetch dst ip tags: %s", opt_val); + for (int i = 0; i < n_tag_ids; i++) { memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=group_id_val[i]; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_DESTINATION_GEO_COUNTRY+i))); - if (scan_ret > 0) + hit_group.group_id=tag_id_array[i]; + scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), &hit_group, 1, result+hit_cnt+hit_cnt_ip, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + TFE_LOG_INFO(logger, "Scan Dst TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += scan_ret; + } + else { - TFE_LOG_INFO(logger, "Scan IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += scan_ret; + TFE_LOG_INFO(logger, "Scan Dst TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } - else + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); + if(scan_ret > 0) { - TFE_LOG_INFO(logger, "Scan IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); + hit_cnt_ip += scan_ret; } } return hit_cnt_ip; } -int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) +int tfe_scan_fqdn_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id, void *logger) { - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - uint16_t opt_out_size; - uint64_t src_asn_group_id=0, dst_asn_group_id=0; + long long tag_id_array[128]={0}; + int scan_ret = 0, hit_cnt_fqdn = 0, n_tag_ids = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if (cmsg != NULL) + if(cmsg == NULL) { - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_ID, (unsigned char *)&src_asn_group_id, sizeof(src_asn_group_id), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_ID, (unsigned char *)&dst_asn_group_id, sizeof(dst_asn_group_id), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } + return hit_cnt_fqdn; } - TFE_LOG_DEBUG(logger, "fetch src asn:%lu; dst asn:%lu addr: %s", src_asn_group_id, dst_asn_group_id, stream->str_stream_info); - struct maat_hit_group hit_group; - if (dst_asn_group_id > 0) + char opt_val[128]={0}; uint16_t opt_out_size = 0; + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_FQDN_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if(ret == 0) { - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=dst_asn_group_id; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN)); - if (scan_ret > 0) - { - TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s", - dst_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; - } - else + n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); + if(n_tag_ids == 0) { - TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, NO hit asn: %lu scan ret: %d addr: %s", - dst_asn_group_id, scan_ret, stream->str_stream_info); + return hit_cnt_fqdn; } } - if(src_asn_group_id > 0) + + TFE_LOG_DEBUG(logger, "fetch fqdn tags: %s", opt_val); + struct maat_hit_group hit_group; + for (int i = 0; i < n_tag_ids; i++) { memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=src_asn_group_id; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN)); - if(scan_ret > 0) + hit_group.group_id=tag_id_array[i]; + scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, table_id); + if (scan_ret > 0) { - TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s", - src_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; - + TFE_LOG_INFO(logger, "Scan Fqdn TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_fqdn], stream->str_stream_info); + hit_cnt_fqdn += scan_ret; } else { - TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %lu scan ret: %d addr: %s", - src_asn_group_id, scan_ret, stream->str_stream_info); + TFE_LOG_INFO(logger, "Scan Fqdn TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } } - - return hit_cnt_ip; + return hit_cnt_fqdn; } int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id) @@ -264,90 +276,6 @@ int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, return hit_app_id; } -static int get_route_dir(const struct tfe_stream * stream) -{ - uint16_t out_size; - unsigned int route_dir; int ret=0; - - struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if (cmsg != NULL) - { - ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); - if (ret != 0) - { - return ret; - } - } - return (route_dir==69) ? 1 : 0; -} - -int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) -{ - int scan_ret = 0; - int table_id=0; - int hit_cnt_ip = 0; - size_t array_size=256; - size_t n_hit_result = 0; - struct maat_hit_group last_hit_groups[256] = {0}; - - int dir_is_e2i = get_route_dir(stream); - if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); - if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); - - size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); - if(n_last_hit_group > 0) - { - maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_ip, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - } - - return hit_cnt_ip; -} - -int tfe_scan_internal_exteral_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) -{ - int scan_ret = 0; - int table_id=0; - int hit_cnt_port = 0; - size_t array_size=256; - size_t n_hit_result = 0; - struct maat_hit_group last_hit_groups[256] = {0}; - - int dir_is_e2i = get_route_dir(stream); - if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); - if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); - - size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); - if(n_last_hit_group > 0) - { - maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_port, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, - result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port += n_hit_result; - } - } - return hit_cnt_port; -} - int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest) { int scan_ret = 0; @@ -360,7 +288,7 @@ int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maa { hit_cnt_port+=n_hit_result; } - scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 1); + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_PORT); if(scan_ret > 0) { hit_cnt_port+=scan_ret; @@ -378,7 +306,7 @@ int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maa { hit_cnt_port+=n_hit_result; } - scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 0); + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_PORT); if(scan_ret > 0) { hit_cnt_port+=scan_ret; @@ -422,7 +350,7 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc { hit_cnt_ip += n_hit_result; } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; @@ -440,7 +368,7 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc { hit_cnt_ip += n_hit_result; } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; @@ -482,7 +410,7 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc { hit_cnt_ip += n_hit_result; } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; @@ -500,7 +428,7 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc { hit_cnt_ip += n_hit_result; } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; @@ -513,4 +441,80 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc } return hit_cnt_ip; -}
\ No newline at end of file +} + +int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, + int hit_cnt, void *logger) +{ + int scan_ret = 0; + int hit_cnt_ip = 0; + size_t n_hit_result = 0; + uint16_t opt_out_size; + char dest_subscribe_id[TFE_STRING_MAX] = {0}; + char source_subscribe_id[TFE_STRING_MAX] = {0}; + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); + if (cmsg != NULL) + { + scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size); + if (scan_ret != 0) + { + TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); + } + scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size); + if (scan_ret != 0) + { + TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); + } + } + TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, stream->str_stream_info); + + if (strlen(source_subscribe_id)) + { + scan_ret = maat_scan_string(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), + source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip, + MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", + source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += n_hit_result; + } + else + { + TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", + source_subscribe_id, scan_ret, stream->str_stream_info); + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), + result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + } + + if (strlen(dest_subscribe_id)) + { + scan_ret = maat_scan_string(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), + dest_subscribe_id, strlen(dest_subscribe_id),result + hit_cnt + hit_cnt_ip, + MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,&n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", + dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += n_hit_result; + } + else + { + TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", + dest_subscribe_id, scan_ret, stream->str_stream_info); + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), + result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + } + + return hit_cnt_ip; +} |