2020-08-10 18:13:44 +08:00
|
|
|
#include <MESA/Maat_rule.h>
|
|
|
|
|
#include <tfe_resource.h>
|
|
|
|
|
#include <tfe_scan.h>
|
|
|
|
|
|
|
|
|
|
int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
|
2021-04-28 18:01:32 +08:00
|
|
|
int hit_cnt, unsigned int thread_id, void *logger)
|
2020-08-10 18:13:44 +08:00
|
|
|
{
|
|
|
|
|
int scan_ret = 0;
|
|
|
|
|
int hit_cnt_ip = 0;
|
|
|
|
|
uint16_t opt_out_size;
|
|
|
|
|
char dest_subscribe_id[TFE_STRING_MAX] = {0};
|
|
|
|
|
char source_subscribe_id[TFE_STRING_MAX] = {0};
|
|
|
|
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
|
|
|
|
|
if (cmsg != NULL)
|
|
|
|
|
{
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
}
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
|
|
|
|
|
if (strlen(source_subscribe_id))
|
|
|
|
|
{
|
|
|
|
|
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
|
|
|
|
|
CHARSET_UTF8, source_subscribe_id, strlen(source_subscribe_id),
|
|
|
|
|
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
|
|
|
|
scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
hit_cnt_ip += scan_ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
source_subscribe_id, scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strlen(dest_subscribe_id))
|
|
|
|
|
{
|
|
|
|
|
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
|
|
|
|
|
CHARSET_UTF8, dest_subscribe_id, strlen(dest_subscribe_id),
|
|
|
|
|
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
|
|
|
|
scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
hit_cnt_ip += scan_ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
dest_subscribe_id, scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return hit_cnt_ip;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-12 11:04:35 +08:00
|
|
|
int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
|
2021-04-28 18:01:32 +08:00
|
|
|
int hit_cnt, unsigned int thread_id, void *logger, int table_id)
|
2020-10-12 11:04:35 +08:00
|
|
|
{
|
2020-10-12 15:43:27 +08:00
|
|
|
int scan_ret = 0;
|
|
|
|
|
unsigned int i = 0;
|
2020-10-12 11:04:35 +08:00
|
|
|
uint16_t opt_out_size;
|
2020-10-12 15:43:27 +08:00
|
|
|
int hit_cnt_fqdn = 0;
|
|
|
|
|
unsigned int category_id_num = 0;
|
|
|
|
|
unsigned int category_id_val[TFE_SYMBOL_MAX] = {0};
|
2020-10-12 11:04:35 +08:00
|
|
|
|
|
|
|
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
|
|
|
|
|
if (cmsg != NULL)
|
|
|
|
|
{
|
2020-10-12 15:43:27 +08:00
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_NUM, (unsigned char *)&category_id_num, sizeof(category_id_num), &opt_out_size);
|
2020-10-12 11:04:35 +08:00
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch fqdn cat id num from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-10-12 11:04:35 +08:00
|
|
|
}
|
2020-10-12 15:43:27 +08:00
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size);
|
2020-10-12 11:04:35 +08:00
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch fqdn cat id val from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-10-12 11:04:35 +08:00
|
|
|
}
|
|
|
|
|
}
|
2020-10-12 15:43:27 +08:00
|
|
|
TFE_LOG_DEBUG(logger, "fetch fqdn cat id:%d val:%d,%d,%d,%d,%d,%d,%d,%d addr: %s", category_id_num,
|
|
|
|
|
(category_id_num >= 1 ? category_id_val[0] : 0),
|
|
|
|
|
(category_id_num >= 2 ? category_id_val[1] : 0),
|
|
|
|
|
(category_id_num >= 3 ? category_id_val[2] : 0),
|
|
|
|
|
(category_id_num >= 4 ? category_id_val[3] : 0),
|
|
|
|
|
(category_id_num >= 5 ? category_id_val[4] : 0),
|
|
|
|
|
(category_id_num >= 6 ? category_id_val[5] : 0),
|
|
|
|
|
(category_id_num >= 7 ? category_id_val[6] : 0),
|
|
|
|
|
(category_id_num >= 8 ? category_id_val[7] : 0),
|
2021-04-28 18:01:32 +08:00
|
|
|
stream->str_stream_info);
|
2020-10-12 11:04:35 +08:00
|
|
|
|
2020-10-12 15:43:27 +08:00
|
|
|
for (i = 0; i < category_id_num && i < 8; i++)
|
|
|
|
|
{
|
|
|
|
|
scan_ret = Maat_scan_intval(tfe_bussiness_resouce_get(STATIC_MAAT), table_id, category_id_val[i], result + hit_cnt + hit_cnt_fqdn,
|
|
|
|
|
MAX_SCAN_RESULT - hit_cnt - hit_cnt_fqdn, scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
2020-10-12 11:04:35 +08:00
|
|
|
{
|
2020-10-12 15:43:27 +08:00
|
|
|
TFE_LOG_INFO(logger, "Scan FQDN_CAT, Hit catid: %d scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
category_id_val[i], scan_ret, result[hit_cnt + hit_cnt_fqdn].config_id, result[hit_cnt + hit_cnt_fqdn].service_id, result[hit_cnt + hit_cnt_fqdn].action, stream->str_stream_info);
|
2020-10-12 15:43:27 +08:00
|
|
|
hit_cnt_fqdn += scan_ret;
|
2020-10-12 11:04:35 +08:00
|
|
|
}
|
2020-10-12 15:43:27 +08:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan FQDN_CAT, NO hit catid: %d scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
category_id_val[i], scan_ret, stream->str_stream_info);
|
2020-10-12 15:43:27 +08:00
|
|
|
}
|
2020-10-12 11:04:35 +08:00
|
|
|
}
|
|
|
|
|
return hit_cnt_fqdn;
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-10 18:13:44 +08:00
|
|
|
int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
|
2021-04-28 18:01:32 +08:00
|
|
|
int hit_cnt, unsigned int thread_id, void *logger, char **location_server, char **location_client)
|
2020-08-10 18:13:44 +08:00
|
|
|
{
|
|
|
|
|
int scan_ret = 0;
|
|
|
|
|
int hit_cnt_ip = 0;
|
|
|
|
|
uint16_t opt_out_size;
|
|
|
|
|
char buff[TFE_STRING_MAX] = {0};
|
|
|
|
|
char src_city[TFE_STRING_MAX] = {0};
|
|
|
|
|
char dst_city[TFE_STRING_MAX] = {0};
|
|
|
|
|
char src_provine[TFE_STRING_MAX] = {0};
|
|
|
|
|
char dst_provine[TFE_STRING_MAX] = {0};
|
|
|
|
|
char src_country[TFE_STRING_MAX] = {0};
|
|
|
|
|
char dst_country[TFE_STRING_MAX] = {0};
|
2022-02-11 09:57:33 +08:00
|
|
|
char src_subdivsion[TFE_STRING_MAX] = {0};
|
|
|
|
|
char dst_subdivsion[TFE_STRING_MAX] = {0};
|
2020-08-10 18:13:44 +08:00
|
|
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
|
|
|
|
|
if (cmsg != NULL)
|
|
|
|
|
{
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (unsigned char *)src_country, sizeof(src_country), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch src country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (unsigned char *)dst_country, sizeof(dst_country), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch dst country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (unsigned char *)src_provine, sizeof(src_provine), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch src provine from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (unsigned char *)dst_provine, sizeof(dst_provine), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch dst provine from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (unsigned char *)src_city, sizeof(src_city), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch src city from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (unsigned char *)dst_city, sizeof(dst_city), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch dst city from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2022-02-11 09:57:33 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (unsigned char *)src_subdivsion, sizeof(src_subdivsion), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_ERROR(logger, "fetch src subdivsion from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
|
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (unsigned char *)dst_subdivsion, sizeof(dst_subdivsion), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_ERROR(logger, "fetch dst subdivsion from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
}
|
2022-02-11 09:57:33 +08:00
|
|
|
TFE_LOG_DEBUG(logger, "fetch src country:%s provine:%s city:%s; subdivsion:%s, dst country:%s provine:%s city:%s subdivsion:%s addr: %s", src_country, src_provine, src_city, src_subdivsion, dst_country, dst_provine, dst_city, dst_subdivsion, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
|
|
|
|
|
if (strlen(dst_country) || strlen(dst_city))
|
|
|
|
|
{
|
|
|
|
|
memset(buff, 0, sizeof(buff));
|
2022-02-11 09:57:33 +08:00
|
|
|
|
2022-03-03 18:28:29 +08:00
|
|
|
snprintf(buff, sizeof(buff),"%s.%s.%s.%s.", dst_country, dst_provine, dst_city, dst_subdivsion);
|
2020-08-10 18:13:44 +08:00
|
|
|
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION),
|
|
|
|
|
CHARSET_GBK, buff, strlen(buff),
|
|
|
|
|
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
|
|
|
|
scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
hit_cnt_ip += scan_ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
buff, scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
memset(buff, 0, sizeof(buff));
|
2022-02-11 09:57:33 +08:00
|
|
|
if(strlen(dst_subdivsion))
|
|
|
|
|
{
|
2022-09-09 10:44:11 +08:00
|
|
|
snprintf(buff, sizeof(buff), "%s.%s.%s.%s", dst_country, dst_provine, dst_city, dst_subdivsion);
|
2022-02-11 09:57:33 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2022-09-09 10:44:11 +08:00
|
|
|
snprintf(buff, sizeof(buff), "%s.%s.%s", dst_country, dst_provine, dst_city);
|
2022-02-11 09:57:33 +08:00
|
|
|
}
|
2020-08-10 18:13:44 +08:00
|
|
|
*location_server = tfe_strdup(buff);
|
|
|
|
|
}
|
|
|
|
|
if (strlen(src_country) || strlen(src_city))
|
|
|
|
|
{
|
|
|
|
|
memset(buff, 0, sizeof(buff));
|
2022-03-03 18:28:29 +08:00
|
|
|
|
|
|
|
|
snprintf(buff, sizeof(buff), "%s.%s.%s.%s.", src_country, src_provine, src_city, src_subdivsion);
|
2020-08-10 18:13:44 +08:00
|
|
|
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION),
|
|
|
|
|
CHARSET_GBK, buff, strlen(buff),
|
|
|
|
|
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
|
|
|
|
scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
hit_cnt_ip += scan_ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
buff, scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(buff, 0, sizeof(buff));
|
2022-02-11 09:57:33 +08:00
|
|
|
if(strlen(src_subdivsion))
|
|
|
|
|
{
|
2022-09-09 10:44:11 +08:00
|
|
|
snprintf(buff, sizeof(buff), "%s.%s.%s.%s", src_country, src_provine, src_city, src_subdivsion);
|
2022-02-11 09:57:33 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2022-09-09 10:44:11 +08:00
|
|
|
snprintf(buff, sizeof(buff), "%s.%s.%s", src_country, src_provine, src_city);
|
2022-02-11 09:57:33 +08:00
|
|
|
}
|
2020-08-10 18:13:44 +08:00
|
|
|
*location_client = tfe_strdup(buff);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return hit_cnt_ip;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int tfe_scan_ip_asn(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
|
2021-04-28 18:01:32 +08:00
|
|
|
int hit_cnt, unsigned int thread_id, void *logger, char **asn_server, char **asn_client)
|
2020-08-10 18:13:44 +08:00
|
|
|
{
|
|
|
|
|
int scan_ret = 0;
|
|
|
|
|
int hit_cnt_ip = 0;
|
|
|
|
|
uint16_t opt_out_size;
|
|
|
|
|
char buff[TFE_STRING_MAX] = {0};
|
|
|
|
|
char src_asn[TFE_STRING_MAX] = {0};
|
|
|
|
|
char dst_asn[TFE_STRING_MAX] = {0};
|
|
|
|
|
char src_org[TFE_STRING_MAX] = {0};
|
|
|
|
|
char dst_org[TFE_STRING_MAX] = {0};
|
|
|
|
|
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
|
|
|
|
|
if (cmsg != NULL)
|
|
|
|
|
{
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN, (unsigned char *)src_asn, sizeof(src_asn), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN, (unsigned char *)dst_asn, sizeof(dst_asn), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ORGANIZATION, (unsigned char *)src_org, sizeof(src_org), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch src org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ORGANIZATION, (unsigned char *)dst_org, sizeof(dst_org), &opt_out_size);
|
|
|
|
|
if (scan_ret != 0)
|
|
|
|
|
{
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_ERROR(logger, "fetch dst org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
}
|
2021-04-28 18:01:32 +08:00
|
|
|
TFE_LOG_DEBUG(logger, "fetch src asn:%s org:%s; dst asn:%s org:%s addr: %s", src_asn, src_org, dst_asn, dst_org, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
|
|
|
|
|
if (strlen(dst_asn))
|
|
|
|
|
{
|
|
|
|
|
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN),
|
|
|
|
|
CHARSET_UTF8, dst_asn, strlen(dst_asn),
|
|
|
|
|
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
|
|
|
|
scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
dst_asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
hit_cnt_ip += scan_ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
dst_asn, scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
memset(buff, 0, sizeof(buff));
|
|
|
|
|
snprintf(buff, sizeof(buff), "%s(%s)", dst_asn, dst_org);
|
|
|
|
|
*asn_server = tfe_strdup(buff);
|
|
|
|
|
}
|
|
|
|
|
if (strlen(src_asn))
|
|
|
|
|
{
|
|
|
|
|
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN),
|
|
|
|
|
CHARSET_UTF8, src_asn, strlen(src_asn),
|
|
|
|
|
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
|
|
|
|
scan_mid, (int)thread_id);
|
|
|
|
|
if (scan_ret > 0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
src_asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
hit_cnt_ip += scan_ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s",
|
2021-04-28 18:01:32 +08:00
|
|
|
src_asn, scan_ret, stream->str_stream_info);
|
2020-08-10 18:13:44 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(buff, 0, sizeof(buff));
|
|
|
|
|
snprintf(buff, sizeof(buff), "%s(%s)", src_asn, src_org);
|
|
|
|
|
*asn_client = tfe_strdup(buff);
|
|
|
|
|
}
|
|
|
|
|
return hit_cnt_ip;
|
|
|
|
|
}
|
