gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.修改app payload特征,拆分L3_header为L3_header_IP,L3_header_ICMP,支持偏移量表达式;

Browse Source 
2.域名统计界面的域名查询条件,去除id=0(Other)的域名查询;
3.通联关系日志的下拉列表查询条件,增select为空的条件,否则reset时,全部定位在了Other。
This commit is contained in:
zhangwei
2019-01-13 21:32:25 +06:00
parent 1766fd80bd
commit eb0f298058
11 changed files with 397 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
src/main/java/com/nis/web/service/configuration/AppMultiFeatureCfgService.java
View File

@@ -100,7 +100,14 @@ public class AppMultiFeatureCfgService extends BaseService {
if(entity.getStrList()!=null){
for(AppStringFeatureCfg cfg:entity.getStrList()){
if(StringUtils.isNotBlank(cfg.getCfgKeywords())){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
if(cfg.getExprType()==null){
if(cfg.getCfgKeywords().contains(Constants.KEYWORD_EXPR)){
cfg.setExprType(1);//与表达式
}else{
cfg.setExprType(0);//无表达式
}
}
appMultiFeatureCfgDao.insertAppStringFeatureCfg(cfg);
}
@@ -108,8 +115,8 @@ public class AppMultiFeatureCfgService extends BaseService {
}
if(entity.getComplexList()!=null){
for(AppComplexFeatureCfg cfg:entity.getComplexList()){
if(StringUtils.isNotBlank(cfg.getDistrict()) && cfg.getDistrict().equals("L3_header")){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
if(StringUtils.isNotBlank(cfg.getDistrict()) && (cfg.getDistrict().equals("L3_header_IP")||cfg.getDistrict().equals("L3_header_ICMP"))){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
cfg.setIsHexbin(1);
cfg.setIsCaseInsenstive(0);
cfg.setExprType(3);
@@ -117,9 +124,28 @@ public class AppMultiFeatureCfgService extends BaseService {
this.setL3HeaderKeyword(cfg);
appMultiFeatureCfgDao.insertAppComplexFeatureCfg(cfg);
}else if(StringUtils.isNotBlank(cfg.getCfgKeywords())){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
}else if(StringUtils.isNotBlank(cfg.getDistrict()) && cfg.getDistrict().equals("Payload") && cfg.getExprType()==3){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
cfg.setIsHexbin(1);
cfg.setIsCaseInsenstive(0);
cfg.setExprType(3);
cfg.setMatchMethod(0);
cfg.setHeaderType(null);
//设置payload特征的偏移量表达之关键字字符串
cfg.setCfgKeywords(cfg.getPayloadOffset()+"-"+cfg.getCfgKeywords().length()/2+":"+cfg.getCfgKeywords());
appMultiFeatureCfgDao.insertAppComplexFeatureCfg(cfg);
}else if(StringUtils.isNotBlank(cfg.getCfgKeywords())){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
cfg.setHeaderType(null);
if(cfg.getExprType()==null){
if(cfg.getCfgKeywords().contains(Constants.KEYWORD_EXPR)){
cfg.setExprType(1);//与表达式
}else{
cfg.setExprType(0);//无表达式
}
}
appMultiFeatureCfgDao.insertAppComplexFeatureCfg(cfg);
}
@@ -161,15 +187,22 @@ public class AppMultiFeatureCfgService extends BaseService {
if(entity.getStrList()!=null){
for(AppStringFeatureCfg cfg:entity.getStrList()){
if(StringUtils.isNotBlank(cfg.getCfgKeywords())){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
if(cfg.getExprType()==null){
if(cfg.getCfgKeywords().contains(Constants.KEYWORD_EXPR)){
cfg.setExprType(1);//与表达式
}else{
cfg.setExprType(0);//无表达式
}
}
appMultiFeatureCfgDao.insertAppStringFeatureCfg(cfg);
}
}
}
if(entity.getComplexList()!=null){
for(AppComplexFeatureCfg cfg:entity.getComplexList()){
if(StringUtils.isNotBlank(cfg.getDistrict()) && cfg.getDistrict().equals("L3_header")){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
if(StringUtils.isNotBlank(cfg.getDistrict()) && (cfg.getDistrict().equals("L3_header_IP")||cfg.getDistrict().equals("L3_header_ICMP"))){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
cfg.setIsHexbin(1);
cfg.setIsCaseInsenstive(0);
cfg.setExprType(3);
@@ -177,9 +210,27 @@ public class AppMultiFeatureCfgService extends BaseService {
this.setL3HeaderKeyword(cfg);
appMultiFeatureCfgDao.insertAppComplexFeatureCfg(cfg);
}else if(StringUtils.isNotBlank(cfg.getCfgKeywords())){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
}else if(StringUtils.isNotBlank(cfg.getDistrict()) && cfg.getDistrict().equals("Payload") && cfg.getExprType()==3){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
cfg.setIsHexbin(1);
cfg.setIsCaseInsenstive(0);
cfg.setExprType(3);
cfg.setMatchMethod(0);
cfg.setHeaderType(null);
//设置payload特征的偏移量表达之关键字字符串
cfg.setCfgKeywords(cfg.getPayloadOffset()+"-"+cfg.getCfgKeywords().length()/2+":"+cfg.getCfgKeywords());
appMultiFeatureCfgDao.insertAppComplexFeatureCfg(cfg);
}else if(StringUtils.isNotBlank(cfg.getCfgKeywords())){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType","exprType","matchMethod","isHexbin"});
cfg.setHeaderType(null);
if(cfg.getExprType()==null){
if(cfg.getCfgKeywords().contains(Constants.KEYWORD_EXPR)){
cfg.setExprType(1);//与表达式
}else{
cfg.setExprType(0);//无表达式
}
}
appMultiFeatureCfgDao.insertAppComplexFeatureCfg(cfg);
}
}
@@ -197,37 +248,38 @@ public class AppMultiFeatureCfgService extends BaseService {
public void setL3HeaderKeyword(AppComplexFeatureCfg cfg) {
String keyword = "";
if(cfg.getHeaderType().equals("IP_header")){
if(StringUtils.isNoneBlank(cfg.getVer())){
if(cfg.getHeaderType().equals("L3_header_IP")){
/*if(StringUtils.isNoneBlank(cfg.getVer())){
keyword += "0-3:"+cfg.getVer()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getIhl())){
keyword += "4-7:"+cfg.getIhl()+Constants.KEYWORD_EXPR;
}
}*/
if(StringUtils.isNotBlank(cfg.getTos())){
keyword += "8-15:"+cfg.getTos()+Constants.KEYWORD_EXPR;
keyword += "1-2:"+cfg.getTos()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getTotalLength())){
keyword += "16-31:"+cfg.getTotalLength()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getFlags())){
keyword += "48-50:"+cfg.getFlags()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getFragmentOffset())){
keyword += "56-63:"+cfg.getFragmentOffset()+Constants.KEYWORD_EXPR;
keyword += "2-4:"+cfg.getTotalLength()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getProtocol())){
keyword += "72-79:"+cfg.getProtocol()+Constants.KEYWORD_EXPR;
keyword += "9-10:"+cfg.getProtocol()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getFragmentOffset())){//记录IP头的客户端IP
keyword += "12-16:"+cfg.getFragmentOffset()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getFlags())){//记录IP头的服务端IP
keyword += "16-20:"+cfg.getFlags()+Constants.KEYWORD_EXPR;
}
}else{
if(StringUtils.isNoneBlank(cfg.getIcmpType())){
keyword += "0-7:"+cfg.getIcmpType()+Constants.KEYWORD_EXPR;
keyword += "0-1:"+cfg.getIcmpType()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getIcmpCode())){
keyword += "8-15:"+cfg.getIcmpCode()+Constants.KEYWORD_EXPR;
keyword += "1-2:"+cfg.getIcmpCode()+Constants.KEYWORD_EXPR;
}
if(StringUtils.isNotBlank(cfg.getIcmpIdentifier())){
keyword += "32-47:"+cfg.getIcmpIdentifier()+Constants.KEYWORD_EXPR;
keyword += "4-6:"+cfg.getIcmpIdentifier()+Constants.KEYWORD_EXPR;
}
}
keyword=keyword.substring(0,keyword.lastIndexOf(Constants.KEYWORD_EXPR));
@@ -289,9 +341,44 @@ public class AppMultiFeatureCfgService extends BaseService {
cfg.setTableName(AppComplexFeatureCfg.getTablename());
appMultiFeatureCfgDao.auditCfg(cfg);
if(isAudit==1){
//如果是payload特征需要判断匹配区域是否为Payload并且判断包大小或者本包方向如果不为空需要创建域配置
if(entity.getServiceId().equals(1025)){//app payload特征
for(AppComplexFeatureCfg c:complexList){
if(c.getDistrict().equals("Payload")){
//payload特征的payloadSize,payloadPacketDirection两个参数各自为单独的域配置下发
if(c.getPayloadSize()!=null){
AppComplexFeatureCfg payloadSizeCfg = new AppComplexFeatureCfg();
BeanUtils.copyProperties(c, payloadSizeCfg, new String[]{"cfgId"});
payloadSizeCfg.setCfgKeywords(c.getPayloadSize().toString());
payloadSizeCfg.setCfgType("APP_PAYLOAD_SIZE");//综合服务前端redis表名
payloadSizeCfg.setDistrict(null);
payloadSizeCfg.setExprType(0);;
payloadSizeCfg.setMatchMethod(3);
payloadSizeCfg.setIsHexbin(0);
complexList.add(payloadSizeCfg);
}
if(c.getPayloadPacketDirection()!=null){
AppComplexFeatureCfg packetDirectionCfg = new AppComplexFeatureCfg();
BeanUtils.copyProperties(c, packetDirectionCfg, new String[]{"cfgId"});
packetDirectionCfg.setCfgKeywords(c.getPayloadPacketDirection().toString());
packetDirectionCfg.setCfgType("APP_PKT_SEQ");//综合服务前端redis表名
packetDirectionCfg.setDistrict(null);
packetDirectionCfg.setExprType(0);;
packetDirectionCfg.setMatchMethod(3);
packetDirectionCfg.setIsHexbin(0);
complexList.add(packetDirectionCfg);
}
}
}
}
Map<String,List> map = cfgConvert(strRegionList,complexList,2,entity,groupRelationList);
groupRelationList=map.get("groupList");
strRegionList=map.get("dstList");
}
}
List<AppTcpCfg> numCfgList = appMultiFeatureCfgDao.getAppTcpCfg(entity.getCompileId(),entity.getFunctionId(),null);