gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增composition类型表,支持IP构成功能,可将Source和Destination两个子表组合为待扫描的IP表,子表可以是虚拟表。

Browse Source
This commit is contained in:
zhengchao
2020-03-11 23:26:55 +08:00
parent 7bf6dd6278
commit 54c5cf9d86
13 changed files with 689 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
test/maat_json.json
View File

@@ -1470,11 +1470,11 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_component.source",
"user_region": "IPScan.IPv4_virtual.source",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_component.source",
"group_name": "ipv4_virtual.source",
"regions": [
{
"table_type": "ip_plus",
@@ -1483,7 +1483,7 @@
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.40.10",
"src_ip2": "0",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "443",
"src_port2": "65535",
@@ -1509,11 +1509,11 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_component.destination",
"user_region": "IPScan.IPv4_virtual.destination",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_component.destination",
"group_name": "ipv4_virtual.destination",
"regions": [
{
"table_type": "ip_plus",
@@ -1522,7 +1522,7 @@
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.231.46",
"src_ip2": "0",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "25705",
"src_port2": "65535",
@@ -1548,20 +1548,176 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_component.match",
"user_region": "ipv4_virtual.match",
"is_valid": "yes",
"groups": [
{
"group_name":"ipv4_component.source",
"group_name":"ipv4_virtual.source",
"virtual_table":"VIRTUAL_IP_PLUS_SOURCE",
"not_flag":0
},
{
"group_name":"ipv4_component.destination",
"group_name":"ipv4_virtual.destination",
"virtual_table":"VIRTUAL_IP_PLUS_DESTINATION",
"not_flag":0
}
]
},
{
"compile_id": 173,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.source",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.source",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.40.11",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "443",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "0.0.0.0",
"dst_ip2": "0",
"dport_format": "range",
"dst_port1": "0",
"dst_port2": "0",
"protocol": 6,
"direction": "double"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 174,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.destination",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.destination",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.231.47",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "25715",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "0.0.0.0",
"dst_ip2": "0",
"dport_format": "range",
"dst_port1": "0",
"dst_port2": "0",
"protocol": 6,
"direction": "double"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 175,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.match",
"is_valid": "yes",
"groups": [
{
"group_name":"ipv4_composition.source",
"virtual_table":"COMPOSITION_IP_SOURCE",
"not_flag":0
},
{
"group_name":"ipv4_composition.destination",
"virtual_table":"COMPOSITION_IP_DESTINATION",
"not_flag":0
}
]
},
{
"compile_id": 176,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.session",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.session",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.40.11",
"src_ip2": "2",
"sport_format": "mask",
"src_port1": "443",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "192.168.231.47",
"dst_ip2": "32",
"dport_format": "range",
"dst_port1": "25715",
"dst_port2": "25715",
"protocol": 6,
"direction": "single"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 177,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.session.match",
"is_valid": "yes",
"groups": [
{
"group_name":"ipv4_composition.session",
"virtual_table":"COMPOSITION_IP_SESSION",
"not_flag":0
}
]
}
],
"plugin_table": [

13
test/table_info.conf
View File

@@ -6,7 +6,6 @@
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege [yes/no]
#cross cache [number]
#quick mode [quickon/quickoff], default [quickoff]
#For ip/intval/digest/compile/group table.
#id name type
#
@@ -17,11 +16,11 @@
#id name type real_table_name
#
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
#id name type src_charset dst_charset do_merge cross_cache
0 COMPILE compile escape --
1 GROUP group --
2 HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff
2 HTTP_HOST expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff
2 HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128
2 HTTP_HOST expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128
3 KEYWORDS_TABLE expr UTF8 GBK/BIG5/UNICODE/UTF8/unicode_ascii_esc/unicode_ascii_aligned/unicode_ncr_dec/unicode_ncr_hex/windows-1251 yes 0
4 IP_CONFIG ip --
5 CONTENT_SIZE intval --
@@ -44,4 +43,8 @@
22 HTTP_RESPONSE_HEADER virtual HTTP_SIGNATURE --
23 VIRTUAL_IP_PLUS_TABLE virtual IP_PLUS_CONFIG --
23 VIRTUAL_IP_PLUS_SOURCE virtual IP_PLUS_CONFIG --
23 VIRTUAL_IP_PLUS_DESTINATION virtual IP_PLUS_CONFIG --
23 VIRTUAL_IP_PLUS_DESTINATION virtual IP_PLUS_CONFIG --
24 COMPOSITION_IP_SOURCE virtual IP_PLUS_CONFIG --
25 COMPOSITION_IP_DESTINATION virtual IP_PLUS_CONFIG --
26 COMPOSITION_IP_SESSION virtual IP_PLUS_CONFIG --
27 COMPOSITION_IP composition {"source":"COMPOSITION_IP_SOURCE","destination":"COMPOSITION_IP_DESTINATION","session":"COMPOSITION_IP_SESSION"}

23
test/test_maatframe.cpp
View File

@@ -725,6 +725,29 @@ TEST(IPScan, IPv4_virtual)
Maat_clean_status(&mid);
return;
}
TEST(IPScan, IPv4_composition)
{
int table_id=0,ret=0;
const char* table_name="COMPOSITION_IP";
struct Maat_rule_t result[4];
scan_status_t mid=NULL;
struct ipaddr ipv4_addr;
struct stream_tuple4_v4 v4_addr;
ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.40.11", 443, "192.168.231.47", 25715);
table_id=Maat_table_register(g_feather, table_name);
EXPECT_GT(table_id, 0);
ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0);
EXPECT_EQ(ret, 2);
EXPECT_EQ(result[0].config_id, 177);
EXPECT_EQ(result[1].config_id, 175);
Maat_clean_status(&mid);
return;
}
#define TEST_NOTLogic 1