summaryrefslogtreecommitdiff
path: root/plugin
diff options
context:
space:
mode:
Diffstat (limited to 'plugin')
-rw-r--r--plugin/business/doh/src/doh.cpp16
-rw-r--r--plugin/business/doh/src/logger.cpp86
-rw-r--r--plugin/business/tsg-http/src/tsg_http.cpp18
-rw-r--r--plugin/business/tsg-http/src/tsg_logger.cpp90
4 files changed, 98 insertions, 112 deletions
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp
index f51e9ce..177012d 100644
--- a/plugin/business/doh/src/doh.cpp
+++ b/plugin/business/doh/src/doh.cpp
@@ -277,14 +277,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
hit_cnt += scan_ret;
}
- scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
- if (scan_ret > 0)
- {
- hit_cnt += scan_ret;
- }
-
- scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
- if (scan_ret > 0)
+ scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
+ if(scan_ret>0)
{
hit_cnt += scan_ret;
}
@@ -312,6 +306,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
{
hit_cnt += n_hit_result;
}
+
+ scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger);
+ if (scan_ret == MAAT_SCAN_HIT)
+ {
+ hit_cnt += n_hit_result;
+ }
}
// scan addr
diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp
index 279915c..f099b05 100644
--- a/plugin/business/doh/src/logger.cpp
+++ b/plugin/business/doh/src/logger.cpp
@@ -292,44 +292,6 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf)
return 0;
}
-static int doh_get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
-{
- unsigned int i=0, j=0;
- char opt_val[128]={0}; uint16_t opt_out_size;
- const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"};
-
- for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
- {
- memset(opt_val, 0, sizeof(opt_val));
- int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
- if (ret == 0)
- {
- cJSON_AddStringToObject(common_obj, client_geo_area_map[j], opt_val);
- }
- j++;
- }
- return 0;
-}
-
-static int doh_get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
-{
- unsigned int i=0, j=0;
- char opt_val[128]={0}; uint16_t opt_out_size;
- const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"};
-
- for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
- {
- memset(opt_val, 0, sizeof(opt_val));
- int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
- if (ret == 0)
- {
- cJSON_AddStringToObject(common_obj, server_geo_area_map[j], opt_val);
- }
- j++;
- }
- return 0;
-}
-
int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
{
unsigned int port;
@@ -341,6 +303,29 @@ int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
return 0;
}
+int doh_tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val)
+{
+ if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
+ {
+ return 0;
+ }
+
+ char *opt_val_tmp = strdup(opt_val);
+ cJSON *tags_array = cJSON_CreateArray();
+
+ char *token = strtok(opt_val_tmp, ",");
+ while (token != NULL)
+ {
+ while (*token == ' ') token++;
+ cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
+ token = strtok(NULL, ",");
+ }
+ cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
+
+ FREE(&opt_val_tmp)
+ return 1;
+}
+
int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, const struct tfe_stream *stream, struct doh_ctx *ctx)
{
struct doh_maat_rule_t *result = ctx->result;
@@ -475,19 +460,26 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c
if (cmsg!=NULL)
{
- uint64_t src_asn=0, dst_asn=0;
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
- if (ret == 0)
+ char opt_val[128]={0}; uint16_t opt_out_size=0;
+ ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+ if (ret == 0 && strlen(opt_val) > 0)
{
- cJSON_AddNumberToObject(common_obj, "client_asn", src_asn);
+ doh_tags_line_to_json_array(common_obj, "client_ip_tags", opt_val);
}
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
- if (ret == 0)
+
+ memset(opt_val, 0, sizeof(opt_val));
+ ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+ if (ret == 0 && strlen(opt_val) > 0)
{
- cJSON_AddNumberToObject(common_obj, "server_asn", dst_asn);
+ doh_tags_line_to_json_array(common_obj, "server_ip_tags", opt_val);
}
- doh_get_ip_client_geolocation(cmsg, common_obj);
- doh_get_ip_server_geolocation(cmsg, common_obj);
+
+ memset(opt_val, 0, sizeof(opt_val));
+ ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+ if (ret == 0 && strlen(opt_val) > 0)
+ {
+ doh_tags_line_to_json_array(common_obj, "server_fqdn_tags", opt_val);
+ }
}
add_dns_info_to_log(common_obj, dns_info);
diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp
index 9a684ad..3a926d0 100644
--- a/plugin/business/tsg-http/src/tsg_http.cpp
+++ b/plugin/business/tsg-http/src/tsg_http.cpp
@@ -2720,6 +2720,12 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
{
hit_cnt += n_hit_result;
}
+
+ scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], g_proxy_rt->local_logger);
+ if (scan_ret == MAAT_SCAN_HIT)
+ {
+ hit_cnt += n_hit_result;
+ }
}
const char * str_url = session->req->req_spec.url;
@@ -2915,19 +2921,15 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_
scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
if(scan_ret>0)
{
- hit_cnt+=scan_ret;
- }
- scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
- if(scan_ret>0)
- {
- hit_cnt+=scan_ret;
+ hit_cnt += scan_ret;
}
- scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
+ scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
if(scan_ret>0)
{
- hit_cnt+=scan_ret;
+ hit_cnt += scan_ret;
}
+
long long app_id=67;
scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID]);
if(scan_ret > 0)
diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp
index b3a324b..2a699af 100644
--- a/plugin/business/tsg-http/src/tsg_logger.cpp
+++ b/plugin/business/tsg-http/src/tsg_logger.cpp
@@ -110,44 +110,6 @@ struct proxy_logger* proxy_log_handle_create(const char* profile, const char* se
return instance;
}
-static int get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
-{
- unsigned int i=0, j=0;
- char opt_val[128]={0}; uint16_t opt_out_size;
- const char *client_geo_area_map[] = {"client_country","client_super_administrative_area","client_administrative_area","client_sub_administrative_area"};
-
- for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
- {
- memset(opt_val, 0, sizeof(opt_val));
- int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
- if (ret == 0)
- {
- cJSON_AddStringToObject(per_hit_obj, client_geo_area_map[j], opt_val);
- }
- j++;
- }
- return 0;
-}
-
-static int get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
-{
- unsigned int i=0, j=0;
- char opt_val[128]={0}; uint16_t opt_out_size;
- const char *server_geo_area_map[] = {"server_country","server_super_administrative_area","server_administrative_area","server_sub_administrative_area"};
-
- for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
- {
- memset(opt_val, 0, sizeof(opt_val));
- int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
- if (ret == 0)
- {
- cJSON_AddStringToObject(per_hit_obj, server_geo_area_map[j], opt_val);
- }
- j++;
- }
- return 0;
-}
-
int proxy_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
{
unsigned int port;
@@ -159,6 +121,29 @@ int proxy_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
return 0;
}
+int tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val)
+{
+ if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
+ {
+ return 0;
+ }
+
+ char *opt_val_tmp = strdup(opt_val);
+ cJSON *tags_array = cJSON_CreateArray();
+
+ char *token = strtok(opt_val_tmp, ",");
+ while (token != NULL)
+ {
+ while (*token == ' ') token++;
+ cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
+ token = strtok(NULL, ",");
+ }
+ cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
+
+ FREE(&opt_val_tmp)
+ return 1;
+}
+
int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
{
const struct tfe_http_session* http=log_msg->http;
@@ -412,19 +397,26 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
}
if (cmsg!=NULL)
{
- uint64_t src_asn=0, dst_asn=0;
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
- if (ret == 0)
- {
- cJSON_AddNumberToObject(per_hit_obj, "client_asn", src_asn);
- }
- ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
- if (ret == 0)
+ char opt_val[128]={0}; uint16_t opt_out_size;
+ ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+ if (ret == 0 && strlen(opt_val) > 0)
+ {
+ tags_line_to_json_array(per_hit_obj, "client_ip_tags", opt_val);
+ }
+
+ memset(opt_val, 0, sizeof(opt_val));
+ ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+ if (ret == 0 && strlen(opt_val) > 0)
+ {
+ tags_line_to_json_array(per_hit_obj, "server_ip_tags", opt_val);
+ }
+
+ memset(opt_val, 0, sizeof(opt_val));
+ ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
+ if (ret == 0 && strlen(opt_val) > 0)
{
- cJSON_AddNumberToObject(per_hit_obj, "server_asn", dst_asn);
+ tags_line_to_json_array(per_hit_obj, "server_fqdn_tags", opt_val);
}
- get_ip_client_geolocation(cmsg, per_hit_obj);
- get_ip_server_geolocation(cmsg, per_hit_obj);
}
log_payload = cJSON_PrintUnformatted(per_hit_obj);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:18:48 +0000