From ad2e957d2f4a8262fdfe8e6124a4bf8709b961a8 Mon Sep 17 00:00:00 2001 From: zhengchao Date: Wed, 4 Mar 2020 19:39:39 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dbug=EF=BC=9AIPv4=E5=92=8CIPv6?= =?UTF-8?q?=E8=A7=84=E5=88=99=E6=9C=AA=E6=AD=A3=E7=A1=AE=E5=8A=A0=E8=BD=BD?= =?UTF-8?q?=E6=BA=90=E7=AB=AF=E5=8F=A3=EF=BC=8CIPv6=E8=A7=84=E5=88=99?= =?UTF-8?q?=E6=9C=AA=E6=AD=A3=E7=A1=AE=E5=8A=A0=E8=BD=BD=E7=9B=AE=E7=9A=84?= =?UTF-8?q?=E7=AB=AF=E5=8F=A3=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/entry/Maat_rule.cpp | 32 +++++++++++++++++++++++++++---- test/maat_json.json | 42 +++++++++++++++++++++++++++++++++++++++-- test/test_maatframe.cpp | 22 +++++++++++++++++++++ 3 files changed, 90 insertions(+), 6 deletions(-) diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp index eb61608..a33ac11 100644 --- a/src/entry/Maat_rule.cpp +++ b/src/entry/Maat_rule.cpp @@ -33,7 +33,7 @@ #include "stream_fuzzy_hash.h" #include "gram_index_engine.h" -int MAAT_FRAME_VERSION_2_8_20200211=1; +int MAAT_FRAME_VERSION_2_8_20200304=1; int is_valid_table_name(const char* str) { @@ -2667,6 +2667,17 @@ void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struc ret_array[0]=ip_format2range(ip_rule->addr_type, ip_format_str2int(saddr_format), src_ip1, src_ip2, &ip_rule->ipv4_rule.min_saddr, &ip_rule->ipv4_rule.max_saddr); ret_array[1]=ip_format2range(ip_rule->addr_type, ip_format_str2int(daddr_format), dst_ip1, dst_ip2, &ip_rule->ipv4_rule.min_daddr, &ip_rule->ipv4_rule.max_daddr); + if(FORMAT_MASK==ip_format_str2int(sport_format)) + { + ip_rule->ipv4_rule.min_sport=src_port1&src_port2; + ip_rule->ipv4_rule.max_sport=src_port1|~src_port2; + } + else + { + ip_rule->ipv4_rule.min_sport=src_port1; + ip_rule->ipv4_rule.max_sport=src_port2; + } + if(FORMAT_MASK==ip_format_str2int(dport_format)) { ip_rule->ipv4_rule.min_dport=dst_port1&dst_port2; @@ -2676,7 +2687,8 @@ void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struc { ip_rule->ipv4_rule.min_dport=dst_port1; ip_rule->ipv4_rule.max_dport=dst_port2; - } + } + ip_rule->ipv4_rule.proto=protocol; ip_rule->ipv4_rule.direction=direction; } @@ -2684,6 +2696,17 @@ void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struc { ret_array[0]=ip_format2range(ip_rule->addr_type, ip_format_str2int(saddr_format), src_ip1, src_ip2, ip_rule->ipv6_rule.min_saddr, ip_rule->ipv6_rule.max_saddr); ret_array[1]=ip_format2range(ip_rule->addr_type, ip_format_str2int(daddr_format), dst_ip1, dst_ip2, ip_rule->ipv6_rule.min_daddr, ip_rule->ipv6_rule.max_daddr); + + if(FORMAT_MASK==ip_format_str2int(sport_format)) + { + ip_rule->ipv6_rule.min_sport=src_port1&src_port2; + ip_rule->ipv6_rule.max_sport=src_port1|~src_port2; + } + else + { + ip_rule->ipv6_rule.min_sport=src_port1; + ip_rule->ipv6_rule.max_sport=src_port2; + } if(FORMAT_MASK==ip_format_str2int(dport_format)) { @@ -2692,9 +2715,10 @@ void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struc } else { - ip_rule->ipv6_rule.min_sport=dst_port1; - ip_rule->ipv6_rule.max_sport=dst_port2; + ip_rule->ipv6_rule.min_dport=dst_port1; + ip_rule->ipv6_rule.max_dport=dst_port2; } + ip_rule->ipv6_rule.proto=protocol; ip_rule->ipv6_rule.direction=direction; } diff --git a/test/maat_json.json b/test/maat_json.json index d772478..3bd1aa8 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1089,7 +1089,7 @@ "src_ip2": "32", "sport_format": "range", "src_port1": "5210", - "src_port2": "65520", + "src_port2": "5211", "daddr_format": "CIDR", "dst_ip1": "10.0.6.1", "dst_ip2": "24", @@ -1424,7 +1424,45 @@ ] } ] - } + }, + { + "compile_id": 169, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "IPScan.IPv4_Any", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "0.0.0.0", + "src_ip2": "0", + "sport_format": "mask", + "src_port1": "20304", + "src_port2": "65535", + "daddr_format": "CIDR", + "dst_ip1": "0.0.0.0", + "dst_ip2": "0", + "dport_format": "range", + "dst_port1": "0", + "dst_port2": "0", + "protocol": 6, + "direction": "single" + } + } + ], + "not_flag" : 0 + } + ] + } ], "plugin_table": [ { diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index cfa0990..ad3ba8a 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -681,6 +681,28 @@ TEST(IPScan, IPv6_CIDR) return; } +TEST(IPScan, IPv4_Port) +{ + int table_id=0,ret=0; + const char* table_name="IP_PLUS_CONFIG"; + struct Maat_rule_t result[4]; + scan_status_t mid=NULL; + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.244.1", 20304, "0.0.0.0", 0); + + table_id=Maat_table_register(g_feather, table_name); + + EXPECT_GT(table_id, 0); + + ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0); + + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 169); + + Maat_clean_status(&mid); + return; +} #define TEST_NOTLogic 1