summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common/include/verify_policy.h5
-rw-r--r--conf/verify_policy.conf3
-rw-r--r--platform/src/verify_policy.cpp163
-rw-r--r--resource/pangu_http.json323
-rw-r--r--resource/table_info.conf47
-rw-r--r--resource/tsg_static_tableinfo.conf42
-rw-r--r--scan/src/pangu_http.cpp35
7 files changed, 461 insertions, 157 deletions
diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h
index c7625d8..c3c0421 100644
--- a/common/include/verify_policy.h
+++ b/common/include/verify_policy.h
@@ -11,7 +11,7 @@
#include <event2/event.h>
#include "verify_policy_utils.h"
-enum policy_type
+enum tsg_policy_type
{
PXY_TABLE_SECURITY,
PXY_TABLE_MANIPULATION,
@@ -106,8 +106,9 @@ extern struct verify_proxy * g_verify_proxy;
void * pangu_http_ctx_new(unsigned int thread_id);
+void pangu_http_ctx_free(void * pme);
-void http_scan(const char * value, enum policy_type type, int protocol_field, void *pme, cJSON *data_obj, struct ipaddr *ip_addr);
+void http_scan(const char *value, enum tsg_policy_type policy_type, int protocol_field, struct ipaddr *ip_addr, cJSON *data_obj, void *pme);
int security_policy_init(struct verify_proxy * verify, const char* profile_path);
diff --git a/conf/verify_policy.conf b/conf/verify_policy.conf
index 4e7d913..142f0f9 100644
--- a/conf/verify_policy.conf
+++ b/conf/verify_policy.conf
@@ -12,12 +12,13 @@ thread-nu = 4
# 0:json 1: redis 2: iris
maat_input_mode=1
table_info=./resource/table_info.conf
+table_info_tsg=./resource/tsg_static_tableinfo.conf
json_cfg_file=./resource/pangu_http.json
stat_file=logs/verify-policy.status
full_cfg_dir=verify-policy/
inc_cfg_dir=verify-policy/
-maat_redis_server=192.168.40.120
+maat_redis_server=192.168.40.131
maat_redis_port_range=7002
maat_redis_db_index=0
effect_interval_s=1
diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp
index 589b6d7..8b001cf 100644
--- a/platform/src/verify_policy.cpp
+++ b/platform/src/verify_policy.cpp
@@ -30,31 +30,22 @@
struct verify_proxy * g_verify_proxy = NULL;
-struct keyword_obj
+struct policy_table_obj
{
int protocol_field;
- char *content_type;
- char *content;
- char *protocol_field_name;
- struct ipaddr *ip_addr;
+ char *keyword;
+ char *keyword_scope;
- int addr_type;
- int protocol;
- char *clientIp1;
- unsigned int clientPort1;
- char *serverIp1;
- unsigned int serverPort1;
+ struct ipaddr *ip_addr;
char *subscriberid;
};
-struct verify_policy_query
+struct policy_query_list
{
- int c_num;
- enum policy_type type;
- char *policy_type_name;
- struct keyword_obj keywords[32];
+ enum tsg_policy_type type;
+ struct policy_table_obj table_obj[32];
};
/* VERSION STRING */
@@ -87,7 +78,7 @@ static int verify_policy_init(struct verify_proxy * verify, const char *profile)
return xret;
}
-enum policy_type policy_type_str2idx(const char *action_str)
+enum tsg_policy_type tsg_policy_type_str2idx(const char *action_str)
{
const char * policy_name[__SCAN_POLICY_MAX];
policy_name[PXY_TABLE_SECURITY] = "tsg_security";
@@ -101,10 +92,11 @@ enum policy_type policy_type_str2idx(const char *action_str)
if (0 == strcasecmp(action_str, policy_name[i]))
break;
}
- return (enum policy_type)i;
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] policyType= %s", action_str);
+ return (enum tsg_policy_type)i;
}
-int field_type_str2idx(enum policy_type type, const char *action_str)
+int protoco_field_type_str2idx(enum tsg_policy_type type, const char *action_str, char *buff, char *p)
{
const char * table_name[__SECURITY_TABLE_MAX] ={0};
@@ -158,45 +150,11 @@ int field_type_str2idx(enum policy_type type, const char *action_str)
if (0 == strcasecmp(action_str, table_name[i]))
break;
}
+ p += snprintf(p, sizeof(buff) - (p - buff), "protocolField=%s,%d",action_str, (int)i);
return i;
}
-void verify_policy_query(struct verify_policy_query *policy_query, int thread_id, cJSON *data_obj)
-{
- int i = 0;
- char buff[VERIFY_STRING_MAX], *p = NULL;;
-
- void *ctx = pangu_http_ctx_new(thread_id);
-
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Query policy table is %s", policy_query->policy_type_name);
- for (i = 0; i < policy_query->c_num; i++)
- {
- p = buff;
- if(0 == strcasecmp(policy_query->keywords[i].content_type, "ip"))
- {
- http_scan(policy_query->keywords[i].content, policy_query->type, PXY_CTRL_IP, ctx, data_obj, policy_query->keywords[i].ip_addr);
- }
- else if(0 == strcasecmp(policy_query->keywords[i].content_type, "subscriberid"))
- {
- p += snprintf(p, sizeof(buff) - (p - buff), "contentType=%s, subscriberid=%s", policy_query->keywords[i].content_type,
- policy_query->keywords[i].subscriberid);
- http_scan(policy_query->keywords[i].content, policy_query->type, PXY_CTRL_SUBSCRIBE_ID, ctx, data_obj, NULL);
- }else
- {
- p += snprintf(p, sizeof(buff) - (p - buff), "contentType=%s, protocolField=%s content=%s", policy_query->keywords[i].content_type,
- policy_query->keywords[i].protocol_field_name, policy_query->keywords[i].content);
- http_scan(policy_query->keywords[i].content, policy_query->type, policy_query->keywords[i].protocol_field, ctx, data_obj, NULL);
- }
- *p = '\0';
- mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%s", buff);
- }
-
- FREE(&ctx);
-
- return;
-}
-
struct ipaddr *ip_to_stream_addr(char *clientIp1, unsigned int clientPort1, char *serverIp1, unsigned int serverPort1, int addr_type)
{
struct ipaddr *ip_addr = ALLOC(struct ipaddr, 1);
@@ -220,12 +178,16 @@ struct ipaddr *ip_to_stream_addr(char *clientIp1, unsigned int clientPort1, char
v6_addr->dest=htons(serverPort1);
ip_addr->v6=v6_addr;
}
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] contentType = ip, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type = %d",
+ clientIp1, clientPort1, serverIp1, serverPort1, addr_type);
+
return ip_addr;
}
cJSON *get_query_from_request(const char *data, int thread_id)
{
- int c_num = 0, i = 0;
+ int i = 0;
+ char buff[VERIFY_STRING_MAX], *p = NULL;;
cJSON* data_json = cJSON_Parse(data);
if(data_json == NULL)
@@ -233,7 +195,6 @@ cJSON *get_query_from_request(const char *data, int thread_id)
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "invalid policy parameter");
return NULL;
}
-
cJSON *policy_obj=NULL, *data_obj=NULL;
policy_obj=cJSON_CreateObject();
@@ -248,97 +209,90 @@ cJSON *get_query_from_request(const char *data, int thread_id)
item = cJSON_GetObjectItem(data_json,"verifyList");
if(item && item->type==cJSON_Array)
{
- c_num=cJSON_GetArraySize(item);
for (subitem = item->child; subitem != NULL; subitem = subitem->next)
{
- struct verify_policy_query *query_ctx = ALLOC(struct verify_policy_query, 1);
+ struct policy_query_list *query_list = ALLOC(struct policy_query_list, 1);
item = cJSON_GetObjectItem(subitem,"policyType");
if(item && item->type==cJSON_String)
{
- query_ctx->type = policy_type_str2idx(item->valuestring);
- query_ctx->policy_type_name = item->valuestring;
+ query_list->type = tsg_policy_type_str2idx(item->valuestring);
}
item = cJSON_GetObjectItem(subitem,"verifyConditions");
if(item && item->type==cJSON_Array)
{
- query_ctx->c_num=c_num=cJSON_GetArraySize(item);
+ void *ctx = pangu_http_ctx_new(thread_id);
+
for (subchild = item->child; subchild != NULL; subchild = subchild->next)
{
+ p = buff;
item = cJSON_GetObjectItem(subchild, "contentType");
if(item && item->type==cJSON_String)
{
- query_ctx->keywords[i].content_type = item->valuestring;
+ query_list->table_obj[i].keyword_scope = item->valuestring;
+ p += snprintf(p, sizeof(buff) - (p - buff), "contentType = %s",query_list->table_obj[i].keyword_scope);
}
- if(0 == strcasecmp(query_ctx->keywords[i].content_type, "subscriberid"))
+ if(0 == strcasecmp(query_list->table_obj[i].keyword_scope, "subscriberid"))
{
item = cJSON_GetObjectItem(subchild,"subscriberid");
if(item && item->type==cJSON_String)
{
- query_ctx->keywords[i].subscriberid = item->valuestring;
+ query_list->table_obj[i].subscriberid = item->valuestring;
+ p += snprintf(p, sizeof(buff) - (p - buff), "subscriberid = %s",query_list->table_obj[i].subscriberid);
}
+ http_scan(query_list->table_obj[i].keyword, query_list->type, EV_HTTP_SUBSCRIBE_ID, NULL, data_obj, ctx);
+
i++;
continue;
}
- if(0 == strcasecmp(query_ctx->keywords[i].content_type, "ip"))
+ if(0 == strcasecmp(query_list->table_obj[i].keyword_scope, "ip"))
{
int addr_type=0, protocol=0;
char *clientIp1=NULL,*serverIp1=NULL;
unsigned int clientPort1=0,serverPort1=0;
+
item = cJSON_GetObjectItem(subchild,"clientIp");
- if(item && item->type==cJSON_String)
- {
- clientIp1 = item->valuestring;
- }
+ if(item && item->type==cJSON_String) clientIp1 = item->valuestring;
item = cJSON_GetObjectItem(subchild,"serverIp");
- if(item && item->type==cJSON_String)
- {
- serverIp1 = (item->valuestring);
- }
+ if(item && item->type==cJSON_String) serverIp1 = (item->valuestring);
item = cJSON_GetObjectItem(subchild,"clientPort");
- if(item && item->type==cJSON_String)
- {
- clientPort1 =atoi(item->valuestring);
- }
+ if(item && item->type==cJSON_String) clientPort1 =atoi(item->valuestring);
item = cJSON_GetObjectItem(subchild,"serverPort");
- if(item && item->type==cJSON_String)
- {
- serverPort1 =atoi(item->valuestring);
- }
+ if(item && item->type==cJSON_String) serverPort1 =atoi(item->valuestring);
item = cJSON_GetObjectItem(subchild,"protocol");
- if(item && item->type==cJSON_Number)
- {
- protocol = item->valueint;
- }
+ if(item && item->type==cJSON_Number) protocol = item->valueint;
item=cJSON_GetObjectItem(subchild,"addrType");
- if(item && item->type==cJSON_Number)
- {
- addr_type = item->valueint;
- }
+ if(item && item->type==cJSON_Number) addr_type = item->valueint;
+ query_list->table_obj[i].ip_addr = ip_to_stream_addr(clientIp1, clientPort1, serverIp1, serverPort1, addr_type);
+
+ http_scan(NULL, query_list->type, PXY_CTRL_IP, query_list->table_obj[i].ip_addr, data_obj, ctx);
- query_ctx->keywords[i].ip_addr = ip_to_stream_addr(clientIp1, clientPort1, serverIp1, serverPort1, addr_type);
i++;
continue;
}
item = cJSON_GetObjectItem(subchild, "protocolField");
if(item && item->type==cJSON_String)
{
- query_ctx->keywords[i].protocol_field = field_type_str2idx(query_ctx->type, item->valuestring);
- query_ctx->keywords[i].protocol_field_name = item->valuestring;
+ query_list->table_obj[i].protocol_field = protoco_field_type_str2idx(query_list->type, item->valuestring, buff, p);
}
item = cJSON_GetObjectItem(subchild, "content");
if(item && item->type==cJSON_String)
{
- query_ctx->keywords[i].content = item->valuestring;
+ query_list->table_obj[i].keyword = item->valuestring;
+ p += snprintf(p, sizeof(buff) - (p - buff), " content = %s",query_list->table_obj[i].keyword);
}
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] %s", buff);
+
+ http_scan(query_list->table_obj[i].keyword, query_list->type, query_list->table_obj[i].protocol_field, NULL, data_obj, ctx);
+
i++;
+ memset(buff, 0, VERIFY_STRING_MAX);
}
+ pangu_http_ctx_free(ctx);
}
- verify_policy_query(query_ctx, thread_id, data_obj);
-
i=0;
- FREE(&query_ctx);
+ FREE(&query_list);
}
}
cJSON_Delete(data_json);
@@ -396,27 +350,12 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
}
policy_payload = cJSON_PrintUnformatted(policy_obj);
- printf("%s\n", policy_payload);
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[O] %s", policy_payload);
evhttp_socket_send(evh_req, policy_payload);
cJSON_Delete(policy_obj);
free(policy_payload);
- #if 0
- if (policy_query == NULL)
- {
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Data parsing failed.");
- goto error;
- }
-
- policy_payload = verify_policy_scan(policy_query, thread_ctx->id);
- if (policy_payload)
- {
- mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%s", policy_payload);
- evhttp_socket_send(evh_req, policy_payload);
- free(policy_payload);
- }
- #endif
goto finish;
error:
diff --git a/resource/pangu_http.json b/resource/pangu_http.json
new file mode 100644
index 0000000..742ab75
--- /dev/null
+++ b/resource/pangu_http.json
@@ -0,0 +1,323 @@
+{
+ "compile_table": "PXY_CTRL_COMPILE",
+ "group_table": "PXY_CTRL_GROUP",
+ "rules": [
+ {
+ "compile_id": 1021,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "www.rbc.ru",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1022,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "bing.com",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1023,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":102}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "pc.wps.cn",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1024,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "edu.csdn.net/course/detail/6998",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1025,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "www.wireshark.org/download/win32/WiresharkPortable_2.6.8.paf.exe",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1026,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "www.downcc.com/ajax.asp",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1027,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":202}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "dldir1.qq.com/foxmail/windows/FoxmailSetup_7.2.10.151.exe",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1028,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":302}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "mirror.hoster.kz/centos",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1029,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"after-page-load\"}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "100wa.com/music",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1030,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "www.youku.com",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 1031,
+ "service": 1,
+ "action": 48,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_range": 0,
+ "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)q=([^&|^#]*)(?=&|$)\",\"replace_with\":\"q=find\"},{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)ei=([^&|^#]*)(?=&|$)\",\"replace_with\":\"ei=chaxun\"}]}",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_name": "PXY_CTRL_HTTP_URL",
+ "table_type": "string",
+ "table_content": {
+ "keywords": "www.google.com/search?",
+ "expr_type": "regex",
+ "match_method": "sub",
+ "format": "uncase plain"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "plugin_table": [
+ {
+ "table_name": "PXY_PROFILE_RESPONSE_PAGES",
+ "table_content": [
+ "101\t404\thtml\t./resource/pangu/policy_file/404.html\t1",
+ "102\tHTTP403\ttemplate\t./resource/pangu/HTTP403.html\t1"
+ ]
+ },
+ {
+ "table_name": "PXY_PROFILE_HIJACK_FILES",
+ "table_content": [
+ "201\tchakanqi\tchakanqi-947KB.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/chakanqi-947KB.exe\t1",
+ "202\tWPS8648\tWPS8648-132M.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/WPS8648-132M.exe\t1"
+ ]
+ },
+ {
+ "table_name": "PXY_PROFILE_INSERT_SCRIPTS",
+ "table_content": [
+ "301\ttime\tjs\t./resource/pangu/policy_file/time.js\tbefore_page_load\t1",
+ "302\tu1\tcss\t./resource/pangu/policy_file/u1.css\tbefore_page_load\t1",
+ "303\tu1\tjs\t./resource/pangu/policy_file/alert.js\tbefore_page_load\t1"
+ ]
+ },
+ {
+ "table_name": "TSG_SECURITY_COMPILE",
+ "table_content": [
+ "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2",
+ "1\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2"
+ ]
+ }
+ ]
+}
diff --git a/resource/table_info.conf b/resource/table_info.conf
index 04e70e8..fb5b282 100644
--- a/resource/table_info.conf
+++ b/resource/table_info.conf
@@ -15,35 +15,18 @@
#
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
-0 PXY_CTRL_COMPILE compile escape --
-1 GROUP_COMPILE_RELATION group --
-2 TSG_OBJ_IP_ADDR ip_plus ---
-3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
-4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
-5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
-5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
-6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
-7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
-8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
-9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
-10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
-11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
-12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
-13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
-14 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
-15 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
-16 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
-17 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
-18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
-19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
-20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
-21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
-22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
-23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
-24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
-25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
-26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
-27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
-28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
-
-
+0 PXY_CTRL_COMPILE compile escape --
+1 GROUP_COMPILE_RELATION group --
+2 TSG_OBJ_IP_ADDR ip_plus ---
+3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
+4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
+5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
+5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
+6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
+7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
+8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
+9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
+10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
+11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
+12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
+13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
diff --git a/resource/tsg_static_tableinfo.conf b/resource/tsg_static_tableinfo.conf
new file mode 100644
index 0000000..549f9a0
--- /dev/null
+++ b/resource/tsg_static_tableinfo.conf
@@ -0,0 +1,42 @@
+#each collumn seperate with '\t'
+#id (0~65535)
+#name string
+#type one of ip,expr,expr_plus,digest,intval,compile or plugin
+#src_charset one of GBK,BIG5,UNICODE,UTF8
+#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
+#do_merege yes or no
+#cross cache 0~max
+#quickswitch quickon or quick off
+#id name type src_charset dst_charset do_merge cross_cache quickswitch
+0 TSG_SECURITY_COMPILE compile escape --
+1 GROUP_COMPILE_RELATION group UTF8 UTF8 no 0
+2 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0
+3 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0
+4 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
+5 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0
+6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0
+6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0
+7 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK yes 0
+8 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0
+9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0
+10 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
+11 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
+12 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
+13 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
+14 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
+15 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
+16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
+17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
+18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
+19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
+20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
+21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
+22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
+23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
+24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
+25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
+26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
+27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
+28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
+29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
+30 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} --
diff --git a/scan/src/pangu_http.cpp b/scan/src/pangu_http.cpp
index 908aba5..a34e1ab 100644
--- a/scan/src/pangu_http.cpp
+++ b/scan/src/pangu_http.cpp
@@ -74,6 +74,21 @@ void * pangu_http_ctx_new(unsigned int thread_id)
return (void *)ctx;
}
+void pangu_http_ctx_free(void * pme)
+{
+ struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme;
+
+ FREE(&ctx->enforce_rules);
+ Maat_clean_status(&(ctx->scan_mid));
+ ctx->scan_mid = NULL;
+
+ if(ctx->sp)
+ {
+ Maat_stream_scan_string_end(&(ctx->sp));
+ }
+ FREE(&ctx);
+}
+
static int pangu_action_weight[__PG_ACTION_MAX] = {0};
void __pangu_action_weight_init() __attribute__((constructor, used));
void __pangu_action_weight_init()
@@ -218,18 +233,16 @@ char *web_json_table_add(void *pme)
return policy_payload;
}
-void http_scan(const char * value, enum policy_type type, int protocol_field, void *pme, cJSON *data_obj, struct ipaddr *ip_addr)
+void http_scan(const char *value, enum tsg_policy_type policy_type, int protocol_field, struct ipaddr *ip_addr, cJSON *data_obj, void *pme)
{
int scan_ret = 0, table_id = 0;
- struct Maat_rule_t result[MAX_SCAN_RESULT];
- char buff[VERIFY_STRING_MAX], * p = NULL;
size_t hit_cnt = 0, i = 0;
struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme;
if (protocol_field == PXY_CTRL_IP)
{
- scan_ret = Maat_scan_proto_addr(g_pangu_rt->maat[type], g_pangu_rt->scan_table_id[type][protocol_field], ip_addr, 0,
+ scan_ret = Maat_scan_proto_addr(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_IP], ip_addr, 0,
ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), ctx->thread_id);
if (scan_ret > 0)
{
@@ -240,13 +253,13 @@ void http_scan(const char * value, enum policy_type type, int protocol_field, vo
if ((protocol_field == PXY_CTRL_HTTP_REQ_HDR) || (protocol_field == PXY_CTRL_HTTP_RES_HDR))
{
- table_id = (protocol_field == PXY_CTRL_HTTP_REQ_HDR) ? g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_RES_HDR];
+ table_id = (protocol_field == PXY_CTRL_HTTP_REQ_HDR) ? g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_RES_HDR];
const char * str_field_name = NULL;
- scan_ret = Maat_set_scan_status(g_pangu_rt->maat[type], &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT,
+ scan_ret = Maat_set_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT,
str_field_name, strlen(str_field_name));
assert(scan_ret == 0);
- scan_ret = Maat_full_scan_string(g_pangu_rt->maat[type], table_id,
+ scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], table_id,
CHARSET_UTF8, value, strlen(value),
ctx->result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
if (scan_ret > 0)
@@ -259,8 +272,8 @@ void http_scan(const char * value, enum policy_type type, int protocol_field, vo
if ((protocol_field == PXY_CTRL_HTTP_REQ_BODY) || protocol_field == PXY_CTRL_HTTP_RES_BODY)
{
assert(ctx->sp == NULL);
- table_id = protocol_field == PXY_CTRL_HTTP_REQ_BODY ? g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_REQ_BODY] : g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_RES_BODY];
- ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat[type], table_id, ctx->thread_id);
+ table_id = protocol_field == PXY_CTRL_HTTP_REQ_BODY ? g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_REQ_BODY] : g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_RES_BODY];
+ ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat[policy_type], table_id, ctx->thread_id);
scan_ret = Maat_stream_scan_string(&(ctx->sp), CHARSET_UTF8, (const char *) value, (int) strlen(value),
ctx->result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid));
if (scan_ret > 0)
@@ -272,7 +285,7 @@ void http_scan(const char * value, enum policy_type type, int protocol_field, vo
goto decide;
}
- scan_ret = Maat_full_scan_string(g_pangu_rt->maat[type], g_pangu_rt->scan_table_id[type][protocol_field],
+ scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][protocol_field],
CHARSET_UTF8, value, strlen(value),
ctx->result+hit_cnt, NULL, MAX_SCAN_RESULT-hit_cnt,
&(ctx->scan_mid), ctx->thread_id);
@@ -456,6 +469,7 @@ int pangu_policy_init(struct verify_proxy * verify, const char* profile_path)
g_pangu_rt->thread_num = verify->nr_work_threads;
g_pangu_rt->local_logger = verify->logger;
+#if 1
g_pangu_rt->maat[PXY_TABLE_MANIPULATION] = create_maat_feather("static", profile_path, "MAAT", "table_info", g_pangu_rt->thread_num, g_pangu_rt->local_logger);
if (!g_pangu_rt->maat[PXY_TABLE_MANIPULATION])
{
@@ -502,6 +516,7 @@ int pangu_policy_init(struct verify_proxy * verify, const char* profile_path)
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Pangu HTTP Dynamic Maat TSG_DYN_SUBSCRIBER_IP EX data register failed.");
goto error_out;
}
+#endif
ret = 0;
error_out:
return ret;
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:05:06 +0000