From 43cbb3745f333a83be6123734e0981d548abf771 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Wed, 27 Nov 2024 10:40:40 +0800 Subject: TSG-23921 Tfe uses field instead of attribute and field_name value to remove the attr prefix --- plugin/business/doh/src/doh.cpp | 16 ++++++++-------- plugin/business/doh/src/logger.cpp | 22 +++++++++++----------- plugin/business/tsg-http/src/tsg_http.cpp | 24 ++++++++++++------------ plugin/business/tsg-http/src/tsg_logger.cpp | 22 +++++++++++----------- 4 files changed, 42 insertions(+), 42 deletions(-) (limited to 'plugin') diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index 49f8ad5..17b55e0 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -283,22 +283,22 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http const char *host = session->req->req_spec.host; if (host) { - scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", host, strlen(host), + scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "SERVER_FQDN", host, strlen(host), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { memset(result_str, 0, sizeof(result_str)); uuid_unparse(result[hit_cnt], result_str); TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit host: %s scan ret: %d policy_id: %s addr: %s", - "ATTR_SERVER_FQDN", host, scan_ret, result_str, stream->str_stream_info); + "SERVER_FQDN", host, scan_ret, result_str, stream->str_stream_info); hit_cnt += n_hit_result; } else { TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit host: %s scan ret: %d addr: %s", - "ATTR_SERVER_FQDN", host, scan_ret, stream->str_stream_info); + "SERVER_FQDN", host, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", + scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "SERVER_FQDN", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -355,22 +355,22 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http } // scan qname - scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_DOH_QNAME", qname, strlen(qname), + scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "DOH_QNAME", qname, strlen(qname), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { memset(result_str, 0, sizeof(result_str)); uuid_unparse(result[hit_cnt], result_str); TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit domain: %s scan ret: %d qtype: %d policy_id: %s addr: %s", - "ATTR_DOH_QNAME", qname, scan_ret, qtype, result_str, stream->str_stream_info); + "DOH_QNAME", qname, scan_ret, qtype, result_str, stream->str_stream_info); hit_cnt += n_hit_result; } else { TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s", - "ATTR_DOH_QNAME", qname, scan_ret, stream->str_stream_info); + "DOH_QNAME", qname, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_DOH_QNAME", + scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "DOH_QNAME", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp index 12d383a..50e2648 100644 --- a/plugin/business/doh/src/logger.cpp +++ b/plugin/business/doh/src/logger.cpp @@ -372,9 +372,9 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c doh_get_integer_by_cmsg(common_obj, cmsg, TFE_CMSG_COMMON_DIRECTION, "direction"); } - tfe_get_library_tags(stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_ARR, "client_ip_tags"); - tfe_get_library_tags(stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_ARR, "server_ip_tags"); - tfe_get_library_tags(stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_ARR, "server_fqdn_tags"); + tfe_get_library_tags(stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_ARR, "source_ip_tags"); + tfe_get_library_tags(stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_ARR, "destination_ip_tags"); + tfe_get_library_tags(stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_ARR, "destination_fqdn_tags"); if (http->req) { @@ -400,19 +400,19 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c cJSON_AddNumberToObject(common_obj, "address_type", 4); inet_ntop(AF_INET, &addr->tuple4_v4->saddr, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET, &addr->tuple4_v4->daddr, dst_ip_str, sizeof(dst_ip_str)); - cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str); - cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str); - cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v4->source)); - cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v4->dest)); + cJSON_AddStringToObject(common_obj, "source_ip", src_ip_str); + cJSON_AddStringToObject(common_obj, "destination_ip", dst_ip_str); + cJSON_AddNumberToObject(common_obj, "source_port", ntohs(addr->tuple4_v4->source)); + cJSON_AddNumberToObject(common_obj, "destination_port", ntohs(addr->tuple4_v4->dest)); break; case TFE_ADDR_STREAM_TUPLE4_V6: cJSON_AddNumberToObject(common_obj, "address_type", 6); inet_ntop(AF_INET6, &addr->tuple4_v6->saddr, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET6, &addr->tuple4_v6->daddr, dst_ip_str, sizeof(dst_ip_str)); - cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str); - cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str); - cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v6->source)); - cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v6->dest)); + cJSON_AddStringToObject(common_obj, "source_ip", src_ip_str); + cJSON_AddStringToObject(common_obj, "destination_ip", dst_ip_str); + cJSON_AddNumberToObject(common_obj, "source_port", ntohs(addr->tuple4_v6->source)); + cJSON_AddNumberToObject(common_obj, "destination_port", ntohs(addr->tuple4_v6->dest)); break; default: break; diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 26cc7ac..ab5de9f 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -2808,7 +2808,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht const unsigned char * body_frag, size_t frag_size, struct proxy_http_ctx * ctx, const struct tfe_stream * stream) { void * iterator = NULL; - const char *attribute_name=NULL; + const char *filed_name=NULL; const char * field_val = NULL; struct http_field_name field_name; struct tfe_http_half * http_half; @@ -2824,13 +2824,13 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht int str_host_length = get_fqdn_len(str_host); if (str_host != NULL && str_host_length != 0) { - scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", str_host, str_host_length, + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_FQDN", "SERVER_FQDN", str_host, str_host_length, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_FQDN", "SERVER_FQDN", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2846,14 +2846,14 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht const char * str_url = session->req->req_spec.url; int str_url_length = (int) (strlen(session->req->req_spec.url)); - scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_URL", "ATTR_HTTP_URL", str_url, str_url_length, + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_URL", "HTTP_URL", str_url, str_url_length, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_URL", "ATTR_HTTP_URL", + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_URL", "HTTP_URL", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2863,8 +2863,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR)) { - attribute_name = events & EV_HTTP_REQ_HDR ? "ATTR_HTTP_REQ_HDR" : "ATTR_HTTP_RES_HDR"; - struct maat_stream *sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, ctx->scan_mid); + filed_name = events & EV_HTTP_REQ_HDR ? "HTTP_REQ_HDR" : "HTTP_RES_HDR"; + struct maat_stream *sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", filed_name, ctx->scan_mid); http_half = events & EV_HTTP_REQ_HDR ? session->req : session->resp; while (hit_cnt < MAX_SCAN_RESULT) @@ -2892,7 +2892,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht hit_cnt += n_hit_result; } } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", filed_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2904,8 +2904,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN)) { assert(ctx->sp == NULL); - attribute_name = events & EV_HTTP_REQ_BODY_BEGIN ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY"; - ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, ctx->scan_mid); + filed_name = events & EV_HTTP_REQ_BODY_BEGIN ? "HTTP_REQ_BODY" : "HTTP_RES_BODY"; + ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", filed_name, ctx->scan_mid); } const unsigned char *scan_body_frag=NULL; size_t scan_len=0; @@ -2928,8 +2928,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END)) { - attribute_name = events & EV_HTTP_REQ_BODY_END ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY"; - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", "attribute_name", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + filed_name = events & EV_HTTP_REQ_BODY_END ? "HTTP_REQ_BODY" : "HTTP_RES_BODY"; + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", filed_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index 7d9ecd3..e7875aa 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -255,9 +255,9 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) tfe_get_integer_by_cmsg(common_obj, cmsg, TFE_CMSG_COMMON_DIRECTION, "direction"); } - tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_ARR, "client_ip_tags"); - tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_ARR, "server_ip_tags"); - tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_ARR, "server_fqdn_tags"); + tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_SRC_IP_TAGS_IDS_ARR, "source_ip_tags"); + tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_DST_IP_TAGS_IDS_ARR, "destination_ip_tags"); + tfe_get_library_tags(log_msg->stream, common_obj, TFE_CMSG_FQDN_TAGS_IDS_ARR, "destination_fqdn_tags"); if (http->req) { @@ -284,19 +284,19 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) cJSON_AddNumberToObject(common_obj, "address_type", 4); inet_ntop(AF_INET, &addr->tuple4_v4->saddr, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET, &addr->tuple4_v4->daddr, dst_ip_str, sizeof(dst_ip_str)); - cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str); - cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str); - cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v4->source)); - cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v4->dest)); + cJSON_AddStringToObject(common_obj, "source_ip", src_ip_str); + cJSON_AddStringToObject(common_obj, "destination_ip", dst_ip_str); + cJSON_AddNumberToObject(common_obj, "source_port", ntohs(addr->tuple4_v4->source)); + cJSON_AddNumberToObject(common_obj, "destination_port", ntohs(addr->tuple4_v4->dest)); break; case TFE_ADDR_STREAM_TUPLE4_V6: cJSON_AddNumberToObject(common_obj, "address_type", 6); inet_ntop(AF_INET6, &addr->tuple4_v6->saddr, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET6, &addr->tuple4_v6->daddr, dst_ip_str, sizeof(dst_ip_str)); - cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str); - cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str); - cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v6->source)); - cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v6->dest)); + cJSON_AddStringToObject(common_obj, "source_ip", src_ip_str); + cJSON_AddStringToObject(common_obj, "destination_ip", dst_ip_str); + cJSON_AddNumberToObject(common_obj, "source_port", ntohs(addr->tuple4_v6->source)); + cJSON_AddNumberToObject(common_obj, "destination_port", ntohs(addr->tuple4_v6->dest)); break; default: break; -- cgit v1.2.3