加maat扫描日志
This commit is contained in:
崔一鸣
@@ -5,11 +5,11 @@ extern int g_iThreadNum;
|
||||
|
||||
|
||||
/* 关于没有命中配置情况下的默认配置
|
||||
1. g_maat_default_action = KNI_ACTION_INTERCEPT, policy_id = 0
|
||||
1. g_maat_default_action: 读配置文件, policy_id = 0
|
||||
2. 如果maat的编译配置表中有policy_id = 0的配置,则将 g_maat_default_action设为对应的action, policy_id = 0
|
||||
*/
|
||||
|
||||
int g_maat_default_action = KNI_ACTION_INTERCEPT;
|
||||
int g_maat_default_action;
|
||||
|
||||
struct kni_maat_handle{
|
||||
Maat_feather_t feather;
|
||||
@@ -89,8 +89,14 @@ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){
|
||||
KNI_LOG_ERROR(logger, "MESA_prof_load: compile_alias not set, profile is %s, section is %s", profile, section);
|
||||
goto error_out;
|
||||
}
|
||||
ret = MESA_load_profile_int_nodef(profile, section, "default_action", &g_maat_default_action);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "MESA_prof_load: default_action not set, profile is %s, section is %s", profile, section);
|
||||
goto error_out;
|
||||
}
|
||||
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n readconf_mode: %d\n tableinfo_path: %s\n tablename_intercept_ip: %s\n tablename_intercept_domain: %s\n"
|
||||
"compile_alias: %s\n", section, readconf_mode, tableinfo_path, tablename_intercept_ip, tablename_intercept_domain, compile_alias);
|
||||
"compile_alias: %s\n default_action: %d", section, readconf_mode, tableinfo_path, tablename_intercept_ip,
|
||||
tablename_intercept_domain, compile_alias, g_maat_default_action);
|
||||
feather = Maat_feather(g_iThreadNum, tableinfo_path, logger);
|
||||
handle = ALLOC(struct kni_maat_handle, 1);
|
||||
handle->feather = feather;
|
||||
@@ -171,7 +177,7 @@ error_out:
|
||||
static int maat_process_scan_result(struct kni_maat_handle *handle, int num, struct Maat_rule_t *result, int *policy_id){
|
||||
//void *logger = handle->logger;
|
||||
int action = g_maat_default_action;
|
||||
*policy_id = 0; //默认动作是编译表中policy_id=0的字段,所以默认policy_id=0;
|
||||
*policy_id = 0; //默认动作是编译表中policy_id=0的字段,所以默认policy_id=0;
|
||||
for(int i = 0; i < num; i++){
|
||||
action = result[i].action;
|
||||
*policy_id = result[i].config_id;
|
||||
@@ -184,7 +190,7 @@ static int maat_process_scan_result(struct kni_maat_handle *handle, int num, str
|
||||
|
||||
|
||||
//TODO: Maat_rule_get_ex_new_index compile_ex_param_new: config_id = 0, 取action即为全局变量, 一旦配置更新就回调, tableinfo怎么写,回调表, 编译配置表
|
||||
int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int thread_seq, int *policy_id){
|
||||
int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int thread_seq, int *policy_id, int *maat_hit){
|
||||
//printf("default action is %d\n", g_maat_default_action);
|
||||
void *logger = handle->logger;
|
||||
struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
|
||||
@@ -195,6 +201,10 @@ int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int th
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_scan_proto_addr, ret is %d", ret);
|
||||
return g_maat_default_action;
|
||||
}
|
||||
if(ret == 0){
|
||||
return g_maat_default_action;
|
||||
}
|
||||
*maat_hit = 1;
|
||||
int action = maat_process_scan_result(handle, ret, result, policy_id);
|
||||
|
||||
/*for debug
|
||||
@@ -206,7 +216,7 @@ int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int th
|
||||
return action;
|
||||
}
|
||||
|
||||
int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domain_len, int thread_seq, int *policy_id){
|
||||
int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domain_len, int thread_seq, int *policy_id, int *maat_hit){
|
||||
void *logger = handle->logger;
|
||||
struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
|
||||
//必须要初始化为NULL, 不懂为什么
|
||||
@@ -217,6 +227,10 @@ int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domai
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_full_scan_string, ret is %d", ret);
|
||||
return g_maat_default_action;
|
||||
}
|
||||
if(ret == 0){
|
||||
return g_maat_default_action;
|
||||
}
|
||||
*maat_hit = 1;
|
||||
int action = maat_process_scan_result(handle, ret, result, policy_id);
|
||||
|
||||
//for debug
|
||||
@@ -229,3 +243,43 @@ int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domai
|
||||
}
|
||||
|
||||
|
||||
/* action
|
||||
0x00: none
|
||||
0x01: monitor
|
||||
0x02: intercept
|
||||
0x10: reject
|
||||
0x30: Manipulate
|
||||
0x60: steer
|
||||
0x80: bypass
|
||||
*/
|
||||
int kni_maat_action_trans(int action, char *action_str){
|
||||
switch(action){
|
||||
case 0x00:
|
||||
strcpy(action_str, "none");
|
||||
break;
|
||||
case 0x01:
|
||||
strcpy(action_str, "monitor");
|
||||
break;
|
||||
case 0x02:
|
||||
strcpy(action_str, "intercept");
|
||||
break;
|
||||
case 0x10:
|
||||
strcpy(action_str, "reject");
|
||||
break;
|
||||
case 0x30:
|
||||
strcpy(action_str, "manipulate");
|
||||
break;
|
||||
case 0x60:
|
||||
strcpy(action_str, "steer");
|
||||
break;
|
||||
case 0x80:
|
||||
strcpy(action_str, "bypass");
|
||||
break;
|
||||
default:
|
||||
strcpy(action_str, "unknown");
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user