TSG-22093 Manipulation支持Library Tag相关策略的扫描与日志发送

author: fengweihao <[email protected]> 2024-08-16 11:57:20 +0800
committer: fengweihao <[email protected]> 2024-08-16 11:57:20 +0800
commit: c2c20d33108dbe35e4ee1f98b7ed956d27cfc710 (patch)
tree: a67d6cbfa075b1a7e1f97b2ab52d956949a81b67 /plugin
parent: 88e6b0ae9bee35e5b39c6cf25a7f53c0217c584f (diff)
4 files changed, 98 insertions, 112 deletions
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp
index f51e9ce..177012d 100644
--- a/plugin/business/doh/src/doh.cpp
+++ b/plugin/business/doh/src/doh.cpp
@@ -277,14 +277,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
 		hit_cnt += scan_ret;
 	}
 
-	scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
-	if (scan_ret > 0)
-	{
-		hit_cnt += scan_ret;
-	}
-
-	scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
-	if (scan_ret > 0)
+	scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
+	if(scan_ret>0)
 	{
 		hit_cnt += scan_ret;
 	}
@@ -312,6 +306,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
         {
 			hit_cnt += n_hit_result;
         }
+
+		scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger);
+		if (scan_ret == MAAT_SCAN_HIT)
+		{
+			hit_cnt += n_hit_result;
+        }
 	}
 
 	// scan addr
diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp
index 279915c..f099b05 100644
--- a/plugin/business/doh/src/logger.cpp
+++ b/plugin/business/doh/src/logger.cpp
@@ -292,44 +292,6 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf)
     return 0;
 }
 
-static int doh_get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
-{
-	unsigned int i=0, j=0;
-	char opt_val[128]={0}; uint16_t opt_out_size;
-	const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"};
-
-	for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
-	{
-        memset(opt_val, 0, sizeof(opt_val));
-		int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
-		if (ret == 0)
-		{
-			cJSON_AddStringToObject(common_obj, client_geo_area_map[j], opt_val);
-		}
-		j++;
-	}
-	return 0;
-}
-
-static int doh_get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
-{
-	unsigned int i=0, j=0;
-	char opt_val[128]={0}; uint16_t opt_out_size;
-	const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"};
-
-	for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
-	{
-        memset(opt_val, 0, sizeof(opt_val));
-		int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
-		if (ret == 0)
-		{
-			cJSON_AddStringToObject(common_obj, server_geo_area_map[j], opt_val);
-		}
-		j++;
-	}
-	return 0;
-}
-
 int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
 {
 	unsigned int port;
@@ -341,6 +303,29 @@ int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
 	return 0;
 }
 
+int doh_tags_line_to_json_array(cJSON  *per_hit_obj, const char *tags_key, char *opt_val)
+{
+	if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
+	{
+		return 0;
+	}
+
+	char *opt_val_tmp = strdup(opt_val);
+	cJSON *tags_array = cJSON_CreateArray();
+
+    char *token = strtok(opt_val_tmp, ",");
+	while (token != NULL)
+	{
+        while (*token == ' ') token++;
+        cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
+        token = strtok(NULL, ",");
+    }
+	cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
+
+	FREE(&opt_val_tmp)
+	return 1;
+}
+
 int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, const struct tfe_stream *stream, struct doh_ctx *ctx)
 {
     struct doh_maat_rule_t *result = ctx->result;
@@ -475,19 +460,26 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c
     
     if (cmsg!=NULL)
     {
-        uint64_t src_asn=0, dst_asn=0;
-        ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
-        if (ret == 0)
+        char opt_val[128]={0}; uint16_t opt_out_size=0;
+        ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+        if (ret == 0 && strlen(opt_val) > 0)
         {
-            cJSON_AddNumberToObject(common_obj, "client_asn", src_asn);
+            doh_tags_line_to_json_array(common_obj, "client_ip_tags", opt_val);
         }
-        ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
-        if (ret == 0)
+
+        memset(opt_val, 0, sizeof(opt_val));
+        ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+        if (ret == 0 && strlen(opt_val) > 0)
         {
-            cJSON_AddNumberToObject(common_obj, "server_asn", dst_asn);
+            doh_tags_line_to_json_array(common_obj, "server_ip_tags", opt_val);
         }
-        doh_get_ip_client_geolocation(cmsg, common_obj);
-        doh_get_ip_server_geolocation(cmsg, common_obj);			
+        
+        memset(opt_val, 0, sizeof(opt_val));
+        ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+        if (ret == 0 && strlen(opt_val) > 0)
+        {
+            doh_tags_line_to_json_array(common_obj, "server_fqdn_tags", opt_val);
+        }			
     }
 
     add_dns_info_to_log(common_obj, dns_info);
diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp
index 9a684ad..3a926d0 100644
--- a/plugin/business/tsg-http/src/tsg_http.cpp
+++ b/plugin/business/tsg-http/src/tsg_http.cpp
@@ -2720,6 +2720,12 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 			{
 				hit_cnt += n_hit_result;
 			}
+
+			scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], g_proxy_rt->local_logger);
+			if (scan_ret == MAAT_SCAN_HIT)
+			{
+				hit_cnt += n_hit_result;
+			}
         }
 
 		const char * str_url = session->req->req_spec.url;
@@ -2915,19 +2921,15 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_
 	scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
 	if(scan_ret>0)
 	{
-		hit_cnt+=scan_ret;
-	}
-	scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
-	if(scan_ret>0)
-	{
-		hit_cnt+=scan_ret;
+		hit_cnt += scan_ret;
 	}
 
-	scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
+	scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
 	if(scan_ret>0)
 	{
-		hit_cnt+=scan_ret;
+		hit_cnt += scan_ret;
 	}
+
 	long long app_id=67;
 	scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID]);
 	if(scan_ret > 0)
diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp
index b3a324b..2a699af 100644
--- a/plugin/business/tsg-http/src/tsg_logger.cpp
+++ b/plugin/business/tsg-http/src/tsg_logger.cpp
@@ -110,44 +110,6 @@ struct proxy_logger* proxy_log_handle_create(const char* profile, const char* se
 	return instance;
 }
 
-static int get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
-{
-	unsigned int i=0, j=0;
-	char opt_val[128]={0}; uint16_t opt_out_size;
-	const char *client_geo_area_map[] = {"client_country","client_super_administrative_area","client_administrative_area","client_sub_administrative_area"};
-
-	for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
-	{
-		memset(opt_val, 0, sizeof(opt_val));
-		int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
-		if (ret == 0)
-		{
-			cJSON_AddStringToObject(per_hit_obj, client_geo_area_map[j], opt_val);
-		}
-		j++;
-	}
-	return 0;
-}
-
-static int get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
-{
-	unsigned int i=0, j=0;
-	char opt_val[128]={0}; uint16_t opt_out_size;
-	const char *server_geo_area_map[] = {"server_country","server_super_administrative_area","server_administrative_area","server_sub_administrative_area"};
-
-	for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
-	{
-		memset(opt_val, 0, sizeof(opt_val));
-		int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
-		if (ret == 0)
-		{
-			cJSON_AddStringToObject(per_hit_obj, server_geo_area_map[j], opt_val);
-		}
-		j++;
-	}
-	return 0;
-}
-
 int proxy_add_host_to_object(cJSON  *common_obj, const char *req_spec_host)
 {
 	unsigned int port;
@@ -159,6 +121,29 @@ int proxy_add_host_to_object(cJSON  *common_obj, const char *req_spec_host)
 	return 0;
 }
 
+int tags_line_to_json_array(cJSON  *per_hit_obj, const char *tags_key, char *opt_val)
+{
+	if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
+	{
+		return 0;
+	}
+
+	char *opt_val_tmp = strdup(opt_val);
+	cJSON *tags_array = cJSON_CreateArray();
+
+    char *token = strtok(opt_val_tmp, ",");
+	while (token != NULL)
+	{
+        while (*token == ' ') token++;
+        cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
+        token = strtok(NULL, ",");
+    }
+	cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
+
+	FREE(&opt_val_tmp)
+	return 1;
+}
+
 int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
 {
 	const struct tfe_http_session* http=log_msg->http;
@@ -412,19 +397,26 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
 		}
 		if (cmsg!=NULL)
     	{
-			uint64_t src_asn=0, dst_asn=0;
-			ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
-        	if (ret == 0)
-        	{
-				cJSON_AddNumberToObject(per_hit_obj, "client_asn", src_asn);
-        	}
-			ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
-			if (ret == 0)
+			char opt_val[128]={0}; uint16_t opt_out_size;
+			ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+			if (ret == 0 && strlen(opt_val) > 0)
+			{
+				tags_line_to_json_array(per_hit_obj, "client_ip_tags", opt_val);
+			}
+
+			memset(opt_val, 0, sizeof(opt_val));
+			ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+			if (ret == 0 && strlen(opt_val) > 0)
+			{
+				tags_line_to_json_array(per_hit_obj, "server_ip_tags", opt_val);
+			}
+			
+			memset(opt_val, 0, sizeof(opt_val));
+			ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+			if (ret == 0 && strlen(opt_val) > 0)
 			{
-				cJSON_AddNumberToObject(per_hit_obj, "server_asn", dst_asn);
+				tags_line_to_json_array(per_hit_obj, "server_fqdn_tags", opt_val);
 			}
-			get_ip_client_geolocation(cmsg, per_hit_obj);
-			get_ip_server_geolocation(cmsg, per_hit_obj);
 		}
 
 		log_payload = cJSON_PrintUnformatted(per_hit_obj);
author	fengweihao <[email protected]>	2024-08-16 11:57:20 +0800
committer	fengweihao <[email protected]>	2024-08-16 11:57:20 +0800
commit	c2c20d33108dbe35e4ee1f98b7ed956d27cfc710 (patch)
tree	a67d6cbfa075b1a7e1f97b2ab52d956949a81b67 /plugin
parent	88e6b0ae9bee35e5b39c6cf25a7f53c0217c584f (diff)