diff options
| -rw-r--r-- | common/src/tfe_resource.cpp | 102 | ||||
| -rw-r--r-- | plugin/business/doh/src/doh.cpp | 8 | ||||
| -rw-r--r-- | plugin/business/tsg-http/src/tsg_http.cpp | 53 |
3 files changed, 103 insertions, 60 deletions
diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 54c35a1..356827e 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -60,57 +60,57 @@ static struct maat *create_maat_feather(const char *instance_name, const char *p maat_options_set_caller_thread_number(opts, max_thread); switch (input_mode) { - case MAAT_INPUT_JSON: - if (!strlen(json_cfg_file)) - { - TFE_LOG_ERROR(logger, "Invalid json_cfg_file, MAAT init failed."); - goto error_out; - } - maat_options_set_json_file(opts, json_cfg_file); - break; - case MAAT_INPUT_REDIS: - if (!strlen(redis_server)) - { - TFE_LOG_ERROR(logger, "Invalid maat_redis_server, MAAT init failed."); - goto error_out; - } - - ret = sscanf(redis_port_range, "%d-%d", &redis_port_begin, &redis_port_end); - if (ret == 1) - { - redis_port_select = redis_port_begin; - } - else if (ret == 2) - { - srand(time(NULL)); - redis_port_select = redis_port_begin + rand() % (redis_port_end - redis_port_begin); - } - else - { - TFE_LOG_ERROR(logger, "Invalid redis port range %s, MAAT init failed.", redis_port_range); - - goto error_out; - } - maat_options_set_redis(opts, redis_server, redis_port_select, redis_db_idx); - break; - case MAAT_INPUT_FILE: - if (!strlen(ful_cfg_dir)) - { - TFE_LOG_ERROR(logger, "Invalid ful_cfg_dir, MAAT init failed."); - goto error_out; - } - - if (!strlen(inc_cfg_dir)) - { - TFE_LOG_ERROR(logger, "Invalid inc_cfg_dir, MAAT init failed."); - goto error_out; - } - maat_options_set_iris(opts, ful_cfg_dir, inc_cfg_dir); - break; - default: - TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode); - goto error_out; - break; + case MAAT_INPUT_JSON: + if (!strlen(json_cfg_file)) + { + TFE_LOG_ERROR(logger, "Invalid json_cfg_file, MAAT init failed."); + goto error_out; + } + maat_options_set_json_file(opts, json_cfg_file); + break; + case MAAT_INPUT_REDIS: + if (!strlen(redis_server)) + { + TFE_LOG_ERROR(logger, "Invalid maat_redis_server, MAAT init failed."); + goto error_out; + } + + ret = sscanf(redis_port_range, "%d-%d", &redis_port_begin, &redis_port_end); + if (ret == 1) + { + redis_port_select = redis_port_begin; + } + else if (ret == 2) + { + srand(time(NULL)); + redis_port_select = redis_port_begin + rand() % (redis_port_end - redis_port_begin); + } + else + { + TFE_LOG_ERROR(logger, "Invalid redis port range %s, MAAT init failed.", redis_port_range); + + goto error_out; + } + maat_options_set_redis(opts, redis_server, redis_port_select, redis_db_idx); + break; + case MAAT_INPUT_FILE: + if (!strlen(ful_cfg_dir)) + { + TFE_LOG_ERROR(logger, "Invalid ful_cfg_dir, MAAT init failed."); + goto error_out; + } + + if (!strlen(inc_cfg_dir)) + { + TFE_LOG_ERROR(logger, "Invalid inc_cfg_dir, MAAT init failed."); + goto error_out; + } + maat_options_set_iris(opts, ful_cfg_dir, inc_cfg_dir); + break; + default: + TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode); + goto error_out; + break; } maat_options_set_foreign_cont_dir(opts, "./pangu_files"); if (maat_stat_on) diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index ac5b601..5d0e79e 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -319,14 +319,14 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http if (sapp_addr.addrtype == ADDR_TYPE_IPV4) { scan_ret = maat_scan_ipv4(g_doh_conf->maat, g_doh_conf->tables[TYPE_SRC_ADDR].id,sapp_addr.v4->saddr, - sapp_addr.v4->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v4->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if (n_hit_result == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } scan_ret = maat_scan_ipv4(g_doh_conf->maat, g_doh_conf->tables[TYPE_DST_ADDR].id,sapp_addr.v4->daddr, - sapp_addr.v4->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v4->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) @@ -337,14 +337,14 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { scan_ret = maat_scan_ipv6(g_doh_conf->maat, g_doh_conf->tables[TYPE_SRC_ADDR].id, sapp_addr.v6->saddr, - sapp_addr.v6->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v6->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } scan_ret = maat_scan_ipv6(g_doh_conf->maat,g_doh_conf->tables[TYPE_DST_ADDR].id, sapp_addr.v6->daddr, - sapp_addr.v6->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v6->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 572d419..dac1f35 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -387,6 +387,43 @@ void octal_utf8_escapes(char *input) return; } +char* str_unescape(char* s) +{ + int i=0,j=0; + int len=strlen(s); + for(i=0,j=0;i<len;i++) + { + if(s[i]=='\\') + { + switch(s[i+1]) + { + case '&': + s[j]='&'; + break; + case 'b': + s[j]=' '; + break; + case '\\': + s[j]='\\'; + break; + default: + s[j]=s[i]; + i--; + break; + } + i++; + j++; + } + else + { + s[j]=s[i]; + j++; + } + } + s[j]='\0'; + return s; +} + void policy_action_param_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int ret=0; @@ -405,6 +442,8 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k } *ad=NULL; + + str_unescape(srv_def_large); int serv_def_len=strlen(srv_def_large); if((unsigned int)serv_def_len<strlen("{}")+1) { @@ -1531,6 +1570,10 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, { *param=(struct policy_action_param*)ex_data; } + if(hit_rules) + { + FREE(&hit_rules); + } return PX_ACTION_WHITELIST; } @@ -3103,14 +3146,14 @@ void proxy_on_http_begin(const struct tfe_stream * stream, if (sapp_addr.addrtype == ADDR_TYPE_IPV4) { scan_ret = maat_scan_ipv4(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_SOURCE_ADDR], - sapp_addr.v4->saddr, sapp_addr.v4->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v4->saddr, sapp_addr.v4->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); - if (n_hit_result == MAAT_SCAN_HIT) + if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } scan_ret = maat_scan_ipv4(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_DESTINATION_ADDR], - sapp_addr.v4->daddr, sapp_addr.v4->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v4->daddr, sapp_addr.v4->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) @@ -3121,14 +3164,14 @@ void proxy_on_http_begin(const struct tfe_stream * stream, if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { scan_ret = maat_scan_ipv6(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_SOURCE_ADDR], - sapp_addr.v6->saddr, sapp_addr.v6->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v6->saddr, sapp_addr.v6->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } scan_ret = maat_scan_ipv6(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_DESTINATION_ADDR], - sapp_addr.v6->daddr, sapp_addr.v6->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, + sapp_addr.v6->daddr, sapp_addr.v6->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { |