diff --git a/test/maat_json.json b/test/maat_json.json index 3bd1aa8..4de4373 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1275,75 +1275,75 @@ "not_flag":0 } ] - }, - { - "compile_id": 164, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "CharsetWindows1251", - "is_valid": "yes", - "groups": [ - { - "group_name": "Untitled", - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "string", - "table_content": { - "keywords": ">ЗАО\\b«Севергазвтоматика\\bАйС»<", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } + }, + { + "compile_id": 164, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "CharsetWindows1251", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "string", + "table_content": { + "keywords": ">ЗАО\\b«Севергазвтоматика\\bАйС»<", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" } - ] - } - ] - }, - { - "compile_id": 165, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order":"2.111", - "groups": [ - { - "group_name": "Untitled", - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "string", - "table_content": { - "keywords": "cavemancircus.com/", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } + } + ] + } + ] + }, + { + "compile_id": 165, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order":"2.111", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "cavemancircus.com/", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" } - ] - }, - { - "regions": [ - { - "table_type": "ip_plus", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.23.1", - "src_ip2": "24" + } + ] + }, + { + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "192.168.23.1", + "src_ip2": "24" + } + } + ], + "not_flag" : 0 } - } - ], - "not_flag" : 0 - } - ] - }, + ] + }, { "compile_id": 166, "service": 1, @@ -1352,7 +1352,7 @@ "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", - "evaluation_order":"100.233", + "evaluation_order":"100.233", "groups": [ { "group_name": "Untitled", @@ -1379,7 +1379,7 @@ "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", - "evaluation_order":"300.999", + "evaluation_order":"300.999", "groups": [ { "group_name": "Untitled", @@ -1406,7 +1406,7 @@ "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", - "evaluation_order":"0", + "evaluation_order":"0", "groups": [ { "group_name": "Untitled", @@ -1462,7 +1462,107 @@ "not_flag" : 0 } ] - } + }, + { + "compile_id": 170, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "IPScan.IPv4_component.source", + "is_valid": "no", + "groups": [ + { + "group_name": "ipv4_component.source", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "192.168.40.10", + "src_ip2": "0", + "sport_format": "mask", + "src_port1": "443", + "src_port2": "65535", + "daddr_format": "CIDR", + "dst_ip1": "0.0.0.0", + "dst_ip2": "0", + "dport_format": "range", + "dst_port1": "0", + "dst_port2": "0", + "protocol": 6, + "direction": "double" + } + } + ], + "not_flag" : 0 + } + ] + }, + { + "compile_id": 171, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "IPScan.IPv4_component.destination", + "is_valid": "no", + "groups": [ + { + "group_name": "ipv4_component.destination", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "192.168.231.46", + "src_ip2": "0", + "sport_format": "mask", + "src_port1": "25705", + "src_port2": "65535", + "daddr_format": "CIDR", + "dst_ip1": "0.0.0.0", + "dst_ip2": "0", + "dport_format": "range", + "dst_port1": "0", + "dst_port2": "0", + "protocol": 6, + "direction": "double" + } + } + ], + "not_flag" : 0 + } + ] + }, + { + "compile_id": 172, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_component.match", + "is_valid": "yes", + "groups": [ + { + "group_name":"ipv4_component.source", + "virtual_table":"VIRTUAL_IP_PLUS_SOURCE", + "not_flag":0 + }, + { + "group_name":"ipv4_component.destination", + "virtual_table":"VIRTUAL_IP_PLUS_DESTINATION", + "not_flag":0 + } + ] + } ], "plugin_table": [ { diff --git a/test/table_info.conf b/test/table_info.conf index b698c40..f76bf5b 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -41,4 +41,7 @@ 19 IP_PLUS_CONFIG ip_plus -- 20 HTTP_RESPONSE_KEYWORDS virtual KEYWORDS_TABLE -- 21 HTTP_REQUEST_HEADER virtual HTTP_SIGNATURE -- -22 HTTP_RESPONSE_HEADER virtual HTTP_SIGNATURE -- \ No newline at end of file +22 HTTP_RESPONSE_HEADER virtual HTTP_SIGNATURE -- +23 VIRTUAL_IP_PLUS_TABLE virtual IP_PLUS_CONFIG -- +23 VIRTUAL_IP_PLUS_SOURCE virtual IP_PLUS_CONFIG -- +23 VIRTUAL_IP_PLUS_DESTINATION virtual IP_PLUS_CONFIG -- \ No newline at end of file diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index ad3ba8a..687338a 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -703,6 +703,28 @@ TEST(IPScan, IPv4_Port) Maat_clean_status(&mid); return; } +TEST(IPScan, IPv4_virtual) +{ + int table_id=0,ret=0; + const char* table_name="VIRTUAL_IP_PLUS_TABLE"; + struct Maat_rule_t result[4]; + scan_status_t mid=NULL; + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.40.10", 443, "192.168.231.46", 25705); + + table_id=Maat_table_register(g_feather, table_name); + + EXPECT_GT(table_id, 0); + + ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0); + + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 172); + + Maat_clean_status(&mid); + return; +} #define TEST_NOTLogic 1