增加ip_plus类型表,可以支持范围和掩码两种描述IP和端口的方式。
This commit is contained in:
zhengchao
@@ -937,6 +937,82 @@
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"compile_id": 154,
|
||||
"service": 0,
|
||||
"action": 0,
|
||||
"do_blacklist": 0,
|
||||
"do_log": 0,
|
||||
"effective_rage": 0,
|
||||
"user_region": "ipv4_plus",
|
||||
"is_valid": "yes",
|
||||
"groups": [
|
||||
{
|
||||
"regions": [
|
||||
{
|
||||
"table_type": "ip_plus",
|
||||
"table_name": "IP_PLUS_CONFIG",
|
||||
"table_content": {
|
||||
"addr_type": "ipv4",
|
||||
"saddr_format": "range",
|
||||
"src_ip1": "10.0.7.100",
|
||||
"src_ip2": "10.0.7.106",
|
||||
"sport_format": "range",
|
||||
"src_port1": "5000",
|
||||
"src_port2": "5001",
|
||||
"daddr_format": "mask",
|
||||
"dst_ip1": "123.56.104.218",
|
||||
"dst_ip2": "255.255.255.0",
|
||||
"dport_format": "range",
|
||||
"dst_port1": "7400",
|
||||
"dst_port2": "7400",
|
||||
"protocol": 6,
|
||||
"direction": "double"
|
||||
}
|
||||
}
|
||||
],
|
||||
"not_flag" : 0
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"compile_id": 155,
|
||||
"service": 0,
|
||||
"action": 0,
|
||||
"do_blacklist": 0,
|
||||
"do_log": 0,
|
||||
"effective_rage": 0,
|
||||
"user_region": "ipv6_plus",
|
||||
"is_valid": "yes",
|
||||
"groups": [
|
||||
{
|
||||
"regions": [
|
||||
{
|
||||
"table_type": "ip_plus",
|
||||
"table_name": "IP_PLUS_CONFIG",
|
||||
"table_content": {
|
||||
"addr_type": "ipv6",
|
||||
"saddr_format": "range",
|
||||
"src_ip1": "1001:da8:205:1::101",
|
||||
"src_ip2": "1001:da8:205:1::201",
|
||||
"sport_format": "mask",
|
||||
"src_port1": "5210",
|
||||
"src_port2": "65520",
|
||||
"daddr_format": "mask",
|
||||
"dst_ip1": "3001:da8:205:1::401",
|
||||
"dst_ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
|
||||
"dport_format": "mask",
|
||||
"dst_port1": "0",
|
||||
"dst_port2": "65535",
|
||||
"protocol": 6,
|
||||
"direction": "double"
|
||||
}
|
||||
}
|
||||
],
|
||||
"not_flag" : 0
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"plugin_table": [
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#each collumn seperate with '\t'
|
||||
#id (0~65535)
|
||||
#name string
|
||||
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
|
||||
#type one of ip, ip_plus, expr, expr_plus, digest, intval, compile or plugin
|
||||
#src_charset one of GBK,BIG5,UNICODE,UTF8
|
||||
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
|
||||
#do_merege [yes/no]
|
||||
@@ -34,4 +34,5 @@
|
||||
15 IR_INTERCEPT_IP plugin {"valid":14,"tag":18}
|
||||
16 APP_PAYLOAD expr_plus UTF8 UTF8 yes 0 quickoff
|
||||
17 TROJAN_PAYLOAD expr UTF8 UTF8 yes 0 quickoff
|
||||
18 MAIL_ADDR expr UTF8 UTF8 yes 0 quickoff
|
||||
18 MAIL_ADDR expr UTF8 UTF8 yes 0 quickoff
|
||||
19 IP_PLUS_CONFIG ip_plus --
|
||||
@@ -422,7 +422,7 @@ TEST(StringScan, ExprPlusWithOffset)
|
||||
EXPECT_EQ(result[0].config_id, 148);
|
||||
return;
|
||||
}
|
||||
TEST(IPScan, IPv4)
|
||||
TEST(IPScan, IPv4_mask)
|
||||
{
|
||||
int table_id=0,ret=0;
|
||||
const char* table_name="IP_CONFIG";
|
||||
@@ -455,7 +455,7 @@ TEST(IPScan, IPv4)
|
||||
Maat_clean_status(&mid);
|
||||
return;
|
||||
}
|
||||
TEST(IPScan, IPv6)
|
||||
TEST(IPScan, IPv6_mask)
|
||||
{
|
||||
int table_id=0,ret=0;
|
||||
struct Maat_rule_t result[4];
|
||||
@@ -480,6 +480,63 @@ TEST(IPScan, IPv6)
|
||||
Maat_clean_status(&mid);
|
||||
return;
|
||||
}
|
||||
TEST(IPScan, IPv4_range)
|
||||
{
|
||||
int table_id=0,ret=0;
|
||||
const char* table_name="IP_PLUS_CONFIG";
|
||||
struct Maat_rule_t result[4];
|
||||
scan_status_t mid=NULL;
|
||||
struct ipaddr ipv4_addr;
|
||||
struct stream_tuple4_v4 v4_addr;
|
||||
ipv4_addr.addrtype=ADDR_TYPE_IPV4;
|
||||
inet_pton(AF_INET, "10.0.7.106", &(v4_addr.saddr));
|
||||
v4_addr.source=htons(5000);
|
||||
inet_pton(AF_INET, "123.56.104.254", &(v4_addr.daddr));
|
||||
v4_addr.dest=htons(7400);
|
||||
ipv4_addr.v4=&v4_addr;
|
||||
|
||||
|
||||
table_id=Maat_table_register(g_feather, table_name);
|
||||
|
||||
EXPECT_GT(table_id, 0);
|
||||
|
||||
ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0);
|
||||
|
||||
EXPECT_EQ(ret, 1);
|
||||
EXPECT_EQ(result[0].config_id, 154);
|
||||
|
||||
Maat_clean_status(&mid);
|
||||
return;
|
||||
}
|
||||
|
||||
TEST(IPScan, IPv6_range)
|
||||
{
|
||||
int table_id=0,ret=0;
|
||||
struct Maat_rule_t result[4];
|
||||
struct ipaddr ipv6_addr;
|
||||
struct stream_tuple4_v6 v6_addr;
|
||||
scan_status_t mid=NULL;
|
||||
|
||||
ipv6_addr.addrtype=ADDR_TYPE_IPV6;
|
||||
inet_pton(AF_INET6,"1001:da8:205:1::151",&(v6_addr.saddr));
|
||||
v6_addr.source=htons(5204);//5200~5299?
|
||||
inet_pton(AF_INET6,"3001:da8:205:1::901",&(v6_addr.daddr));
|
||||
v6_addr.dest=htons(80);//any
|
||||
ipv6_addr.v6=&v6_addr;
|
||||
const char* table_name="IP_PLUS_CONFIG";
|
||||
table_id=Maat_table_register(g_feather,table_name);
|
||||
EXPECT_GT(table_id, 0);
|
||||
|
||||
//for improving performance.
|
||||
Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION,NULL, 0);
|
||||
ret=Maat_scan_proto_addr(g_feather, table_id, &ipv6_addr, 6, result,4, &mid, 0);
|
||||
EXPECT_EQ(ret, 1);
|
||||
EXPECT_EQ(result[0].config_id, 155);
|
||||
Maat_clean_status(&mid);
|
||||
return;
|
||||
|
||||
}
|
||||
|
||||
TEST(NOTLogic, OneRegion)
|
||||
{
|
||||
const char* string_should_hit="This string ONLY contains must-contained-string-of-rule-143.";
|
||||
|
||||
Reference in New Issue
Block a user