diff options
| author | fengweihao <[email protected]> | 2023-03-30 19:50:00 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2023-03-30 19:50:00 +0800 |
| commit | 528725397659c8cb99661f980c5a3aca7619ff76 (patch) | |
| tree | 0fbf5b6a3cb044a1e737528cac2b793d6d98a119 /common | |
| parent | 92e9c25946b952c7209ab2f7135451e0ea58a928 (diff) | |
TSG-13721 策略验证支持MAAT4v3.0.0
Diffstat (limited to 'common')
| -rw-r--r-- | common/include/verify_policy.h | 70 | ||||
| -rw-r--r-- | common/include/verify_policy_logging.h | 8 | ||||
| -rw-r--r-- | common/include/verify_policy_utils.h | 2 | ||||
| -rw-r--r-- | common/src/verify_policy_logging.cpp | 15 |
4 files changed, 33 insertions, 62 deletions
diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index 2b152f0..c8d2733 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -13,15 +13,15 @@ struct breakpad_instance; -#define TRAFFIC_VSYS_ID_MAX 255 +#define VSYS_ID_MAX 255 -enum verify_policy_type +enum compile_table_typle { TSG_TABLE_SECURITY, PXY_TABLE_MANIPULATION, - PXY_TABLE_DEFENCE, TSG_TRAFFIC_SHAPING, TSG_SERVICE_CHAINGNG, + PXY_TABLE_DEFENCE, __SCAN_POLICY_MAX }; @@ -36,7 +36,8 @@ enum manipulate_sacn_table PXY_CTRL_SOURCE_ADDR, PXY_CTRL_DESTINATION_ADDR, PXY_CTRL_HTTP_URL, - PXY_CTRL_HTTP_FQDN, + PXY_CTRL_HTTP_HOST, + PXY_CTRL_HTTP_HOST_CAT, PXY_CTRL_HTTP_REQ_HDR, PXY_CTRL_HTTP_REQ_BODY, PXY_CTRL_HTTP_RES_HDR, @@ -45,6 +46,7 @@ enum manipulate_sacn_table PXY_CTRL_APP_ID, PXY_CTRL_DOH_QNAME, PXY_CTRL_DOH_HOST, + PXY_CTRL_DOH_HOST_CAT, PXY_CTRL_IMSI, PXY_CTRL_PHONE_NUMBER, PXY_CTRL_APN, @@ -60,18 +62,23 @@ enum security_scan_table TSG_SECURITY_SOURCE_ADDR, TSG_SECURITY_DESTINATION_ADDR, TSG_SECURITY_HTTP_URL, - TSG_SECURITY_HTTP_FQDN, + TSG_SECURITY_HTTP_HOST, + TSG_SECURITY_HTTP_HOST_CAT, TSG_SECURITY_HTTP_REQ_HDR, TSG_SECURITY_HTTP_REQ_BODY, TSG_SECURITY_HTTP_RES_HDR, TSG_SECURITY_HTTP_RES_BODY, TSG_SECURITY_SUBSCRIBE_ID, TSG_SECURITY_APP_ID, - TSG_SECURITY_HTTPS_SNI, - TSG_SECURITY_HTTPS_CN, - TSG_SECURITY_HTTPS_SAN, + TSG_SECURITY_SSL_SNI, + TSG_SECURITY_SSL_SNI_CAT, + TSG_SECURITY_SSL_CN, + TSG_SECURITY_SSL_CN_CAT, + TSG_SECURITY_SSL_SAN, + TSG_SECURITY_SSL_SAN_CAT, TSG_SECURITY_DNS_QNAME, TSG_SECURITY_QUIC_SNI, + TSG_SECURITY_QUIC_SNI_CAT, TSG_SECURITY_MAIL_ACCOUNT, TSG_SECURITY_MAIL_FROM, TSG_SECURITY_MAIL_TO, @@ -97,28 +104,6 @@ enum security_scan_table __SECURITY_TABLE_MAX }; -enum http_ev_bit_number -{ - IP_BITNUM = 0, - URL_BITNUM, - FQDN_BITNUM, - REQ_HDR_BITNUM, - RESP_HDR_BITNUM, - CONTENT_BITNUM, - SUBSCRIBE_ID -}; - -enum policy_http_event -{ - EV_HTTP_IP = 1ULL << IP_BITNUM, - EV_HTTP_URL = 1ULL << URL_BITNUM, - EV_HTTP_FQDN = 1ULL << FQDN_BITNUM, - EV_HTTP_REQ_HDR = 1ULL << REQ_HDR_BITNUM, - EV_HTTP_RESP_HDR = 1ULL << RESP_HDR_BITNUM, - EV_HTTP_CONTENT = 1ULL << CONTENT_BITNUM, - EV_HTTP_SUBSCRIBE_ID = 1ULL << SUBSCRIBE_ID, -}; - struct verify_policy_thread { int id; @@ -141,15 +126,16 @@ struct verify_policy struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX]; }; -struct verify_policy_query_obj +struct request_query_obj { - int protocol_field; + int table_id; int numeric; char *keyword; char *district; char *attri_name; + int protocol; struct ipaddr *ip_addr; struct ipaddr *endpoint; @@ -169,25 +155,19 @@ struct verify_policy_query_obj struct verify_policy_query { int vsys_id; - int shaping; - enum verify_policy_type type; - struct verify_policy_query_obj verify_object[32]; + enum compile_table_typle table_typle; + struct request_query_obj verify_object[32]; }; extern struct verify_policy * g_verify_proxy; -void * pangu_http_ctx_new(unsigned int thread_id); - +void *policy_scan_ctx_new(unsigned int thread_id, int vsys_id, enum compile_table_typle table_typle, int compile_table_id); void pangu_http_ctx_free(void * pme); - -size_t verify_policy_scan(int vsys_id, enum verify_policy_type policy_type, struct verify_policy_query_obj *query_obj, cJSON *data_obj, void *pme); - -void http_get_scan_status(struct verify_policy_query_obj *query_obj, int type, int shaping, cJSON *attributes, cJSON *data_obj, void *pme); - +size_t policy_verify_scan(int vsys_id, enum compile_table_typle policy_type, struct request_query_obj *query_obj, cJSON *data_obj, void *pme); +void http_get_scan_status(struct request_query_obj *query_obj, int type, cJSON *attributes, cJSON *data_obj, void *pme); +int proxy_policy_init(struct verify_policy * verify, const char* profile_path); int security_policy_init(struct verify_policy * verify, const char* profile_path); - -int http_hit_policy_list(enum verify_policy_type policy_type, int shaping, size_t hit_cnt, cJSON *data_obj, void *pme); - +int http_hit_policy_list(int vsys_id, enum compile_table_typle policy_type, int compile_table_id, size_t hit_cnt, cJSON *data_obj, void *pme); void verify_policy_tunnle_add(void * pme); #endif diff --git a/common/include/verify_policy_logging.h b/common/include/verify_policy_logging.h index bb44782..e2a65fe 100644 --- a/common/include/verify_policy_logging.h +++ b/common/include/verify_policy_logging.h @@ -29,9 +29,7 @@ extern RTLogInit2Data logging_sc_lid; /* The maximum length of the log message */ #define RT_LOG_MAX_LOG_MSG_LEN 4096 -extern void mesa_logging_print(int log_level, const char *module, const char *msg); - -#define mesa_log(x, y, z, ...) do { \ +#define mesa_log(x, y, ...) do { \ char _sc_log_msg[RT_LOG_MAX_LOG_MSG_LEN] = ""; \ char *_sc_log_temp = _sc_log_msg; \ if ( !x ) \ @@ -40,11 +38,11 @@ extern void mesa_logging_print(int log_level, const char *module, const char *ms (RT_LOG_MAX_LOG_MSG_LEN - \ (_sc_log_temp - _sc_log_msg)), \ __VA_ARGS__); \ - mesa_logging_print(y, z, _sc_log_msg); \ + MESA_handle_runtime_log(logging_sc_lid.run_log_handle, y, __FUNCTION__, _sc_log_msg); \ } \ } while(0) -#define mesa_runtime_log(level, module, ...) mesa_log(logging_sc_lid.debug_switch, level, module, __VA_ARGS__) +#define mesa_runtime_log(level, ...) mesa_log(logging_sc_lid.debug_switch, level, __VA_ARGS__) extern void * verify_syslog_init(const char *config); diff --git a/common/include/verify_policy_utils.h b/common/include/verify_policy_utils.h index 68e6041..087a57d 100644 --- a/common/include/verify_policy_utils.h +++ b/common/include/verify_policy_utils.h @@ -52,6 +52,6 @@ char* rt_strdup(const char* s); #define CHECK_OR_EXIT(condition, fmt, ...) \ -do { if(!(condition)) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE); } } while(0) \ +do { if(!(condition)) { mesa_runtime_log(RLOG_LV_FATAL, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE); } } while(0) \ #endif diff --git a/common/src/verify_policy_logging.cpp b/common/src/verify_policy_logging.cpp index 8fab9dc..2d77b6d 100644 --- a/common/src/verify_policy_logging.cpp +++ b/common/src/verify_policy_logging.cpp @@ -19,15 +19,8 @@ #include <MESA/MESA_prof_load.h> #include <MESA/MESA_handle_logger.h> - RTLogInit2Data logging_sc_lid; -void mesa_logging_print(int log_level, const char *module, const char *msg) -{ - MESA_handle_runtime_log(logging_sc_lid.run_log_handle, log_level, (const char *)module, msg); - return; -} - void * verify_syslog_init(const char *config) { @@ -44,14 +37,14 @@ void * verify_syslog_init(const char *config) logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle("verify_policy", RLOG_LV_DEBUG); if(logging_sc_lid.run_log_handle == NULL){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Create log runtime_log_handle error, init failed!"); + mesa_runtime_log(RLOG_LV_FATAL, "Create log runtime_log_handle error, init failed!"); goto finish; }else{ - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Log module initialization"); + mesa_runtime_log(RLOG_LV_INFO, "Log module initialization"); } - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "Log level", logging_sc_lid.run_log_level); - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%s", "Log Directory", logging_sc_lid.run_log_path); + mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Log level", logging_sc_lid.run_log_level); + mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Log Directory", logging_sc_lid.run_log_path); return logging_sc_lid.run_log_handle; finish: |