TSG-17777 优化App ID的扫描处理逻辑, HTTP多次扫描支持非配置

TSG-17797 TFE适配虚拟表名变更
author: fengweihao <[email protected]> 2023-11-24 15:26:23 +0800
committer: fengweihao <[email protected]> 2023-11-24 15:26:23 +0800
commit: 72f7290ccd41bc70c9ab29e9f05a575bb6fc0b8b (patch)
tree: 801a114c3848ce9c2427953a2e28ab7764eafeeb /plugin/business/tsg-http/src/tsg_http.cpp
parent: d3e49bf46133302bf2a5b68b4296c5f8cf198589 (diff)
1 files changed, 119 insertions, 14 deletions
diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp
index 01afccc..6d91e8b 100644
--- a/plugin/business/tsg-http/src/tsg_http.cpp
+++ b/plugin/business/tsg-http/src/tsg_http.cpp
@@ -103,9 +103,19 @@ enum manipulate_profile_table
 	POLICY_PROFILE_TABLE_INSERT,
 	POLICY_PROFILE_TABLE_HIJACK,
 	POLICY_PROFILE_TABLE_LUA,
+	POLICY_PROFILE_TABLE_APP_ID,
 	POLICY_PROFILE_TABLE_MAX
 };
 
+struct app_id_dict
+{
+	int ref_cnt;
+	int app_id;
+	long long int group_id;
+
+	pthread_mutex_t lock;
+};
+
 struct manipulate_profile
 {
 	int profile_id;
@@ -958,6 +968,76 @@ void ma_profile_table_dup_cb(int table_id, void **to, void **from, long argl, vo
 	*to=ply_obj;
 }
 
+void app_dict_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp)
+{
+	int ret=0;
+	size_t offset=0, len=0;
+	char *app_id_str=NULL, *group_id_str=NULL;
+	struct app_id_dict *app_dict=ALLOC(struct app_id_dict, 1);
+
+	ret = maat_helper_read_column(table_line, 1, &offset, &len);
+	if(ret >= 0)
+	{
+		app_id_str=ALLOC(char, len+1);
+		memcpy(app_id_str, table_line+offset, len);
+		app_dict->app_id=atoi(app_id_str);
+		FREE(&app_id_str);
+	}
+	
+	ret = maat_helper_read_column(table_line, 18, &offset, &len);
+	if(ret >= 0)
+	{
+		group_id_str=ALLOC(char, len+1);
+		memcpy(group_id_str, table_line+offset, len);
+		app_dict->group_id=atoll(group_id_str);
+		FREE(&group_id_str);
+	}
+
+	app_dict->ref_cnt=1;
+	pthread_mutex_init(&(app_dict->lock), NULL);
+	*ad=app_dict;
+	return;
+}
+
+void app_dict_table_free_cb(int table_id, void **ad, long argl, void* argp)
+{
+	if(*ad==NULL)
+	{
+		return;
+	}
+
+	struct app_id_dict *app_dict=(struct app_id_dict *)(*ad);
+	pthread_mutex_lock(&(app_dict->lock));
+	app_dict->ref_cnt--;
+	if(app_dict->ref_cnt>0)
+	{
+		pthread_mutex_unlock(&(app_dict->lock));
+		return;
+	}
+	pthread_mutex_unlock(&(app_dict->lock));
+	pthread_mutex_destroy(&(app_dict->lock));
+
+	FREE(&app_dict);
+	*ad=NULL;
+	return;
+}
+
+void app_id_dict_free(struct app_id_dict *app_dict)
+{
+	app_dict_table_free_cb(0, (void **)&app_dict, 0, NULL);
+}
+
+void app_dict_table_dup_cb(int table_id, void **to, void **from, long argl, void* argp)
+{
+	struct app_id_dict *app_dict=(struct app_id_dict *)(*from);
+	pthread_mutex_lock(&(app_dict->lock));
+	app_dict->ref_cnt++;
+	pthread_mutex_unlock(&(app_dict->lock));
+	*to=app_dict;
+
+	return;
+}
+
 int maat_table_init(const char* table_name,
 					maat_start_callback_t *start, maat_update_callback_t *update, maat_finish_callback_t *finish,
 					void *u_para)
@@ -1017,16 +1097,16 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons
 	g_proxy_rt->feather = (struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT);
 
 	const char * table_name[__SCAN_TABLE_MAX];
-	table_name[PXY_CTRL_SOURCE_ADDR] = "TSG_SECURITY_SOURCE_ADDR";
-	table_name[PXY_CTRL_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR";
-	table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
-	table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
-	table_name[PXY_CTRL_HTTP_FQDN_CAT] = "TSG_FIELD_HTTP_HOST_CAT";
-	table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
-	table_name[PXY_CTRL_HTTP_REQ_BODY] = "TSG_FIELD_HTTP_REQ_BODY";
-	table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
-	table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_BODY";
-	table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
+	table_name[PXY_CTRL_SOURCE_ADDR] = "ATTR_SOURCE_ADDR";
+	table_name[PXY_CTRL_DESTINATION_ADDR]="ATTR_DESTINATION_ADDR";
+	table_name[PXY_CTRL_HTTP_URL] = "ATTR_HTTP_URL";
+	table_name[PXY_CTRL_HTTP_FQDN] = "ATTR_HTTP_HOST";
+	table_name[PXY_CTRL_HTTP_FQDN_CAT] = "ATTR_HTTP_HOST_CAT";
+	table_name[PXY_CTRL_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR";
+	table_name[PXY_CTRL_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY";
+	table_name[PXY_CTRL_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR";
+	table_name[PXY_CTRL_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY";
+	table_name[PXY_CTRL_APP_ID] = "ATTR_APP_ID";
 	for (int i = 0; i < __SCAN_TABLE_MAX; i++)
 	{
 		g_proxy_rt->scan_table_id[i] = maat_get_table_id(g_proxy_rt->feather, table_name[i]);
@@ -1044,6 +1124,13 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons
 										 policy_action_param_dup,
 										 0, NULL);
 
+	g_proxy_rt->plolicy_table_id[POLICY_PROFILE_TABLE_APP_ID]=maat_get_table_id(g_proxy_rt->feather, "APP_ID_DICT");
+	maat_plugin_table_ex_schema_register(g_proxy_rt->feather, "APP_ID_DICT",
+										 app_dict_table_new_cb,
+										 app_dict_table_free_cb, 
+										 app_dict_table_dup_cb,
+										 0, NULL);
+
 	ret = maat_table_init("PXY_PROFILE_TRUSTED_CA_CERT",
 						  trusted_CA_update_start_cb,
 						  trusted_CA_update_cert_cb,
@@ -2739,6 +2826,12 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 				hit_cnt += n_hit_result;
 			}
 		}
+		scan_ret = maat_scan_not_logic(g_proxy_rt->feather, table_id, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt,
+                          	      &n_hit_result, ctx->scan_mid);
+		if (scan_ret == MAAT_SCAN_HIT)
+		{
+			hit_cnt += n_hit_result;
+		}
 	}
 
 	if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN))
@@ -2761,6 +2854,12 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 
 	if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END))
 	{
+		scan_ret = maat_scan_not_logic(g_proxy_rt->feather, table_id, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt,
+                          	      	   &n_hit_result, ctx->scan_mid);
+		if (scan_ret == MAAT_SCAN_HIT)
+		{
+			hit_cnt += n_hit_result;
+		}
 		maat_stream_free(ctx->sp);
 		ctx->sp = NULL;
 	}
@@ -3124,11 +3223,17 @@ void proxy_on_http_begin(const struct tfe_stream * stream,
 	{
 		hit_cnt+=scan_ret;
 	}
-	int scan_val=67;
-	scan_ret=maat_scan_integer(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID], scan_val, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid);
-	if(scan_ret==MAAT_SCAN_HIT)
+
+	long long app_id=67;
+	struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data(g_proxy_rt->feather, g_proxy_rt->plolicy_table_id[POLICY_PROFILE_TABLE_APP_ID], (const char *)&app_id, sizeof(long long));
+	if(app_dict!=NULL)
 	{
-		hit_cnt+=n_hit_result;
+		scan_ret = maat_scan_group(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID], &app_dict->group_id, 1, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result,  ctx->scan_mid);
+		if(scan_ret==MAAT_SCAN_HIT)
+		{
+			hit_cnt+=n_hit_result;
+		}
+		app_id_dict_free(app_dict);
 	}
 
 	addr_tfe2sapp(stream->addr, &sapp_addr);
author	fengweihao <[email protected]>	2023-11-24 15:26:23 +0800
committer	fengweihao <[email protected]>	2023-11-24 15:26:23 +0800
commit	72f7290ccd41bc70c9ab29e9f05a575bb6fc0b8b (patch)
tree	801a114c3848ce9c2427953a2e28ab7764eafeeb /plugin/business/tsg-http/src/tsg_http.cpp
parent	d3e49bf46133302bf2a5b68b4296c5f8cf198589 (diff)