TSG-15187: 增加遗漏的category的库表注册v6.0.12

author: 刘学利 <[email protected]> 2023-05-26 07:23:57 +0000
committer: 刘学利 <[email protected]> 2023-05-26 07:23:57 +0000
commit: 7bd3fe594c32e865a3ab066d49326d0e5001b34b (patch)
tree: d532e104346a10f5e181dfa187dbf01977a7b60e
parent: b9e33e36bb89141c5acd66d8db834ab3a47a8081 (diff)
4 files changed, 53 insertions, 37 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 3b00af0..2f98f78 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1773,8 +1773,10 @@ static size_t session_pending_state_deal(const struct streaminfo *a_stream, stru
 			}
 		}
 		
-		int table_idx=tsg_table_idx_get_by_protocol(srt_process_context->proto);
+		int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
 		hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
+		
+		table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto);
 		hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
 		if(srt_process_context->is_esni)
 		{
diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp
index 7759912..619a62d 100644
--- a/src/tsg_rule.cpp
+++ b/src/tsg_rule.cpp
@@ -1805,6 +1805,11 @@ int init_scan_table(struct maat *feather, const char *conffile)
 	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_TUNNEL_ID].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
 	MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SESSION_FLAGS].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
 
+	MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_HTTP_HOST_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST_CAT");
+	MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SSL_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI_CAT");
+	MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_QUIC_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI_CAT");
+	MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DTLS_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI_CAT");
+
 	for(int i=0; i<MAAT_SCAN_MAX; i++)
 	{
 		g_tsg_maat_rt_para.scan_tb[i].id=maat_get_table_id(feather, g_tsg_maat_rt_para.scan_tb[i].name);
@@ -3089,7 +3094,7 @@ size_t tsg_select_rules_by_service_id(struct maat_rule *matched_rules, size_t n_
 	return offset;
 }
 
-int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
+int tsg_domain_table_idx_get(enum TSG_PROTOCOL proto)
 {
 	switch(proto)
 	{
@@ -3108,6 +3113,25 @@ int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
 	return -1;
 }
 
+int tsg_fqdn_category_table_idx_get(enum TSG_PROTOCOL proto)
+{
+	switch(proto)
+	{
+		case	PROTO_HTTP:
+			return MAAT_SCAN_HTTP_HOST_CAT;
+		case	PROTO_SSL:
+			return MAAT_SCAN_SSL_SNI_CAT;
+		case	PROTO_QUIC:
+			return MAAT_SCAN_QUIC_SNI_CAT;
+		case	PROTO_DTLS:
+			return MAAT_SCAN_DTLS_SNI_CAT;
+		default:
+			break;
+	}
+
+	return -1;
+}
+
 int tsg_http_url_table_idx_get(void)
 {
 	return MAAT_SCAN_HTTP_URL;
diff --git a/src/tsg_rule_internal.h b/src/tsg_rule_internal.h
index 962e2eb..4989413 100644
--- a/src/tsg_rule_internal.h
+++ b/src/tsg_rule_internal.h
@@ -88,6 +88,10 @@ enum MAAT_SCAN_TB
 	MAAT_SCAN_DTLS_SNI,
 	MAAT_SCAN_TUNNEL_ID,
 	MAAT_SCAN_SESSION_FLAGS,
+	MAAT_SCAN_HTTP_HOST_CAT,
+	MAAT_SCAN_SSL_SNI_CAT,
+	MAAT_SCAN_QUIC_SNI_CAT,
+	MAAT_SCAN_DTLS_SNI_CAT,
 	MAAT_SCAN_MAX
 };
 
@@ -148,7 +152,8 @@ char *tsg_data_center_get(void);
 char *tsg_device_tag_get(void);
 int tsg_location_type_get(void);
 int tsg_session_record_switch_get(void);
-int tsg_table_idx_get_by_protocol(enum TSG_PROTOCOL proto);
+int tsg_domain_table_idx_get(enum TSG_PROTOCOL proto);
+int tsg_fqdn_category_table_idx_get(enum TSG_PROTOCOL proto);
 int tsg_http_url_table_idx_get(void);
 long long tsg_default_compile_id_get(void);
 
diff --git a/test/src/gtest_tableinfo.cpp b/test/src/gtest_tableinfo.cpp
index dac31bd..263a9f3 100644
--- a/test/src/gtest_tableinfo.cpp
+++ b/test/src/gtest_tableinfo.cpp
@@ -72,15 +72,12 @@ TEST(TSG_Table, http_host)
 TEST(TSG_Table, TSG_FIELD_HTTP_HOST_CAT)
 {
     const struct streaminfo a_stream = {0};
-    long long integer = 1003;
+    unsigned int integer = 1003;
     struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
 
-    size_t n_matched_rules = 0;
-    long long matched_rules[MAX_RESULT_NUM];
-    int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_HTTP_HOST_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
-    EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
-    EXPECT_EQ(n_matched_rules, 1);
-    EXPECT_EQ(matched_rules[0], 6);
+    struct maat_rule matched_rules[MAX_RESULT_NUM];
+    EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_HTTP_HOST_CAT, mid, matched_rules, MAX_RESULT_NUM));
+    EXPECT_EQ(matched_rules[0].rule_id, 6);
     maat_state_free(mid);
     mid = NULL;
 }
@@ -239,15 +236,12 @@ TEST(TSG_Table, ssl_handshake_extensions_server_name)
 TEST(TSG_Table, TSG_FIELD_SSL_SNI_CAT)
 {
     const struct streaminfo a_stream = {0};
-    long long integer = 1002;
+    unsigned int integer = 1002;
     struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
 
-    size_t n_matched_rules = 0;
-    long long matched_rules[MAX_RESULT_NUM];
-    int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_SSL_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
-    EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
-    EXPECT_EQ(n_matched_rules, 1);
-    EXPECT_EQ(matched_rules[0], 13);
+    struct maat_rule matched_rules[MAX_RESULT_NUM];
+    EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_SSL_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
+    EXPECT_EQ(matched_rules[0].rule_id, 13);
     maat_state_free(mid);
     mid = NULL;
 }
@@ -392,12 +386,9 @@ TEST(TSG_Table, TSG_FIELD_QUIC_SNI)
     size_t s_data_len = strlen(s_data);
     struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
 
-    size_t n_matched_rules = 0;
-    long long matched_rules[MAX_RESULT_NUM];
-    int is_hited = maat_scan_string(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_QUIC_SNI"), s_data, s_data_len, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
-    EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
-    EXPECT_EQ(n_matched_rules, 1);
-    EXPECT_EQ(matched_rules[0], 20);
+    struct maat_rule matched_rules[MAX_RESULT_NUM];
+	EXPECT_EQ(1, tsg_scan_string(&a_stream, g_tsg_maat_feather, s_data, s_data_len, MAAT_SCAN_QUIC_SNI, mid, matched_rules, MAX_RESULT_NUM));
+    EXPECT_EQ(matched_rules[0].rule_id, 20);
     maat_state_free(mid);
     mid = NULL;
 }
@@ -422,15 +413,12 @@ TEST(TSG_Table, quic_sni)
 TEST(TSG_Table, TSG_FIELD_QUIC_SNI_CAT)
 {
     const struct streaminfo a_stream = {0};
-    long long integer = 1011;
+    unsigned int integer = 1011;
     struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
 
-    size_t n_matched_rules = 0;
-    long long matched_rules[MAX_RESULT_NUM];
-    int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_QUIC_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
-    EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
-    EXPECT_EQ(n_matched_rules, 1);
-    EXPECT_EQ(matched_rules[0], 21);
+    struct maat_rule matched_rules[MAX_RESULT_NUM];
+    EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_QUIC_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
+    EXPECT_EQ(matched_rules[0].rule_id, 21);
     maat_state_free(mid);
     mid = NULL;
 }
@@ -927,15 +915,12 @@ TEST(TSG_Table, TSG_FIELD_DTLS_SNI)
 TEST(TSG_Table, TSG_FIELD_DTLS_SNI_CAT)
 {
     const struct streaminfo a_stream = {0};
-    long long integer = 1007;
+    unsigned int integer = 1007;
     struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
 
-    size_t n_matched_rules = 0;
-    long long matched_rules[MAX_RESULT_NUM];
-    int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_DTLS_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
-    EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
-    EXPECT_EQ(n_matched_rules, 1);
-    EXPECT_EQ(matched_rules[0], 49);
+    struct maat_rule matched_rules[MAX_RESULT_NUM];
+    EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_DTLS_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
+    EXPECT_EQ(matched_rules[0].rule_id, 49);
     maat_state_free(mid);
     mid = NULL;
 }
author	刘学利 <[email protected]>	2023-05-26 07:23:57 +0000
committer	刘学利 <[email protected]>	2023-05-26 07:23:57 +0000
commit	7bd3fe594c32e865a3ab066d49326d0e5001b34b (patch)
tree	d532e104346a10f5e181dfa187dbf01977a7b60e
parent	b9e33e36bb89141c5acd66d8db834ab3a47a8081 (diff)