diff options
Diffstat (limited to 'plugin/business/doh/src/doh.cpp')
| -rw-r--r-- | plugin/business/doh/src/doh.cpp | 106 |
1 files changed, 74 insertions, 32 deletions
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index 9d280d8..f8b4ba9 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -10,6 +10,32 @@ extern void increase_redirect_policy_hit_num(void); #define REQ_METHOD_IS_GET(method) ((method == TFE_HTTP_METHOD_GET) ? 1 : 0) #define REQ_METHOD_IS_POST(method) ((method == TFE_HTTP_METHOD_POST) ? 1 : 0) +struct doh_action_param +{ + int ref_cnt; + int action; + char *message; + char *position; + float enforcement_ratio; + int profile_id; + int status_code; + size_t n_rule; + void *repl_rule; + size_t e_rule; + void *elem_rule; + struct doh_maat_rule_t hit_rule; + pthread_mutex_t lock; +}; + +struct doh_app_id_dict +{ + int ref_cnt; + int app_id; + long long int group_id; + + pthread_mutex_t lock; +}; + struct dns_str2idx { int index; @@ -101,23 +127,6 @@ static cJSON *doh_get_answer_records(struct doh_ctx *ctx, cJSON *object, int qty return NULL; } -struct doh_action_param -{ - int ref_cnt; - int action; - char *message; - char *position; - float enforcement_ratio; - int profile_id; - int status_code; - size_t n_rule; - void *repl_rule; - size_t e_rule; - void *elem_rule; - struct doh_maat_rule_t hit_rule; - pthread_mutex_t lock; -}; - void doh_action_param_free_cb(int table_id, void **ad, long argl, void *argp) { if(*ad==NULL) @@ -142,6 +151,29 @@ void doh_action_param_free_cb(int table_id, void **ad, long argl, void *argp) return; } +void doh_app_dict_table_free_cb(int table_id, void **ad, long argl, void* argp) +{ + if(*ad==NULL) + { + return; + } + + struct doh_app_id_dict *app_dict=(struct doh_app_id_dict *)(*ad); + pthread_mutex_lock(&(app_dict->lock)); + app_dict->ref_cnt--; + if(app_dict->ref_cnt>0) + { + pthread_mutex_unlock(&(app_dict->lock)); + return; + } + pthread_mutex_unlock(&(app_dict->lock)); + pthread_mutex_destroy(&(app_dict->lock)); + + FREE(&app_dict); + *ad=NULL; + return; +} + static void doh_get_cheat_data(long long p_result, int qtype, struct doh_ctx *ctx, const char *str_stream_info) { int i; @@ -353,18 +385,28 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http } } // scan appid - scan_ret=maat_scan_integer(g_doh_conf->maat, g_doh_conf->tables[TYPE_APPID].id, app_id, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); - if (scan_ret == MAAT_SCAN_HIT) + int table_id=maat_get_table_id(g_doh_conf->maat, "APP_ID_DICT"); + if(table_id < 0) { - TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit proto: %d scan ret: %d policy_id: %lld addr: %s", - g_doh_conf->tables[TYPE_APPID].name, app_id, scan_ret, result[hit_cnt], stream->str_stream_info); - hit_cnt += n_hit_result; + return; } - else + struct doh_app_id_dict *app_dict = (struct doh_app_id_dict *)maat_plugin_table_get_ex_data(g_doh_conf->maat, table_id, (const char *)&app_id, sizeof(long long)); + if(app_dict!=NULL) { - TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit proto: %d scan ret: %d addr: %s", - g_doh_conf->tables[TYPE_APPID].name, app_id, scan_ret, stream->str_stream_info); - } + scan_ret = maat_scan_group(g_doh_conf->maat, g_doh_conf->tables[TYPE_APPID].id, &app_dict->group_id, 1, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit proto: %d scan ret: %d policy_id: %lld addr: %s", + g_doh_conf->tables[TYPE_APPID].name, app_id, scan_ret, result[hit_cnt], stream->str_stream_info); + hit_cnt += n_hit_result; + } + else + { + TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit proto: %d scan ret: %d addr: %s", + g_doh_conf->tables[TYPE_APPID].name, app_id, scan_ret, stream->str_stream_info); + } + doh_app_dict_table_free_cb(0, (void **)&app_dict, 0, NULL); + } // scan qname scan_ret = maat_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_QNAME].id, qname, strlen(qname), @@ -396,12 +438,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http static int doh_maat_init(const char *profile, const char *section) { g_doh_conf->maat = (struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT); - MESA_load_profile_string_def(profile, section, "table_appid", g_doh_conf->tables[TYPE_APPID].name, TFE_STRING_MAX, "TSG_OBJ_APP_ID"); - MESA_load_profile_string_def(profile, section, "table_src_addr", g_doh_conf->tables[TYPE_SRC_ADDR].name, TFE_STRING_MAX, "TSG_SECURITY_SOURCE_ADDR"); - MESA_load_profile_string_def(profile, section, "table_dst_addr", g_doh_conf->tables[TYPE_DST_ADDR].name, TFE_STRING_MAX, "TSG_SECURITY_DESTINATION_ADDR"); - MESA_load_profile_string_def(profile, section, "table_qname", g_doh_conf->tables[TYPE_QNAME].name, TFE_STRING_MAX, "TSG_FIELD_DOH_QNAME"); - MESA_load_profile_string_def(profile, section, "table_host", g_doh_conf->tables[TYPE_HOST].name, TFE_STRING_MAX, "TSG_FIELD_DOH_HOST"); - MESA_load_profile_string_def(profile, section, "table_host_cat", g_doh_conf->tables[TYPE_HOST_CAT].name, TFE_STRING_MAX, "TSG_FIELD_DOH_HOST_CAT"); + MESA_load_profile_string_def(profile, section, "table_appid", g_doh_conf->tables[TYPE_APPID].name, TFE_STRING_MAX, "ATTR_APP_ID"); + MESA_load_profile_string_def(profile, section, "table_src_addr", g_doh_conf->tables[TYPE_SRC_ADDR].name, TFE_STRING_MAX, "ATTR_SOURCE_ADDR"); + MESA_load_profile_string_def(profile, section, "table_dst_addr", g_doh_conf->tables[TYPE_DST_ADDR].name, TFE_STRING_MAX, "ATTR_DESTINATION_ADDR"); + MESA_load_profile_string_def(profile, section, "table_qname", g_doh_conf->tables[TYPE_QNAME].name, TFE_STRING_MAX, "ATTR_DOH_QNAME"); + MESA_load_profile_string_def(profile, section, "table_host", g_doh_conf->tables[TYPE_HOST].name, TFE_STRING_MAX, "ATTR_DOH_HOST"); + MESA_load_profile_string_def(profile, section, "table_host_cat", g_doh_conf->tables[TYPE_HOST_CAT].name, TFE_STRING_MAX, "ATTR_DOH_HOST_CAT"); for (int i = 0; i < TYPE_MAX; i++) { |