diff --git a/common/include/tfe_resource.h b/common/include/tfe_resource.h index d396bf3..01693be 100644 --- a/common/include/tfe_resource.h +++ b/common/include/tfe_resource.h @@ -20,17 +20,26 @@ enum RESOURCE_TYPE DYNAMIC_FIELDSTAT, }; -enum TABLE_TYPE +enum scan_common_table { - TABLE_SECURITY_SOURCE_ASN, - TABLE_SECURITY_DESTINATION_ASN, - TABLE_SECURITY_SOURCE_LOCATION, - TABLE_SECURITY_DESTINATION_LOCATION, - TABLE_OBJ_SUBSCRIBER_ID, - TABLE_OBJ_APP_ID_DICT, - TABLE_TYPE_MAX + PXY_CTRL_SOURCE_IP, + PXY_CTRL_DESTINATION_IP, + PXY_CTRL_INTERNAL_IP, + PXY_CTRL_EXTERNAL_IP, + PXY_CTRL_SOURCE_PORT, + PXY_CTRL_DESTINATION_PORT, + PXY_CTRL_INTERNAL_PORT, + PXY_CTRL_EXTERNAL_PORT, + PXY_CTRL_IP_PROTOCOL, + PXY_CTRL_SOURCE_ASN, + PXY_CTRL_DESTINATION_ASN, + PXY_CTRL_SOURCE_LOCATION, + PXY_CTRL_DESTINATION_LOCATION, + PXY_CTRL_SUBSCRIBER_ID, + PXY_CTRL_APP_ID_DICT, + __SCAN_COMMON_TABLE_MAX }; int tfe_bussiness_resouce_init(); void *tfe_bussiness_resouce_get(enum RESOURCE_TYPE type); -int tfe_bussiness_tableid_get(enum TABLE_TYPE type); \ No newline at end of file +int tfe_bussiness_tableid_get(enum scan_common_table type); \ No newline at end of file diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index df61326..a983484 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -11,4 +11,5 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str int hit_cnt, void *logger, char **location_server, char **location_client); int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id); int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); -int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); \ No newline at end of file +int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); +int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest); \ No newline at end of file diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 3ec83bc..f1626ae 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -10,7 +10,7 @@ #define MAAT_INPUT_REDIS 1 #define MAAT_INPUT_FILE 2 -static int scan_table_id[TABLE_TYPE_MAX]; +static int scan_table_id[__SCAN_COMMON_TABLE_MAX]; static struct maat *static_maat = NULL; static tfe_kafka_logger_t *kafka_logger = NULL; static struct tfe_fieldstat_metric_t *dynamic_fieldstat = NULL; @@ -384,15 +384,24 @@ void app_dict_table_dup_cb(int table_id, void **to, void **from, long argl, void static int maat_common_table_init() { - const char * table_name[TABLE_TYPE_MAX]; - table_name[TABLE_SECURITY_SOURCE_ASN] = "ATTR_SOURCE_ASN"; - table_name[TABLE_SECURITY_DESTINATION_ASN]="ATTR_DESTINATION_ASN"; - table_name[TABLE_SECURITY_SOURCE_LOCATION] = "ATTR_SOURCE_LOCATION"; - table_name[TABLE_SECURITY_DESTINATION_LOCATION] = "ATTR_DESTINATION_LOCATION"; - table_name[TABLE_OBJ_SUBSCRIBER_ID] = "ATTR_SUBSCRIBER_ID"; - table_name[TABLE_OBJ_APP_ID_DICT] = "APP_ID_DICT"; + const char * table_name[__SCAN_COMMON_TABLE_MAX]; + table_name[PXY_CTRL_SOURCE_IP] = "ATTR_SOURCE_IP"; + table_name[PXY_CTRL_DESTINATION_IP]="ATTR_DESTINATION_IP"; + table_name[PXY_CTRL_INTERNAL_IP] = "ATTR_INTERNAL_IP"; + table_name[PXY_CTRL_EXTERNAL_IP] = "ATTR_EXTERNAL_IP"; + table_name[PXY_CTRL_SOURCE_PORT] = "ATTR_SOURCE_PORT"; + table_name[PXY_CTRL_DESTINATION_PORT] = "ATTR_DESTINATION_PORT"; + table_name[PXY_CTRL_INTERNAL_PORT] = "ATTR_INTERNAL_PORT"; + table_name[PXY_CTRL_EXTERNAL_PORT] = "ATTR_EXTERNAL_PORT"; + table_name[PXY_CTRL_IP_PROTOCOL] = "ATTR_IP_PROTOCOL"; + table_name[PXY_CTRL_SOURCE_ASN] = "ATTR_SOURCE_ASN"; + table_name[PXY_CTRL_DESTINATION_ASN]="ATTR_DESTINATION_ASN"; + table_name[PXY_CTRL_SOURCE_LOCATION] = "ATTR_SOURCE_LOCATION"; + table_name[PXY_CTRL_DESTINATION_LOCATION] = "ATTR_DESTINATION_LOCATION"; + table_name[PXY_CTRL_SUBSCRIBER_ID] = "ATTR_SUBSCRIBER_ID"; + table_name[PXY_CTRL_APP_ID_DICT] = "APP_ID_DICT"; - for (int i = 0; i < TABLE_TYPE_MAX; i++) + for (int i = 0; i < __SCAN_COMMON_TABLE_MAX; i++) { scan_table_id[i] = maat_get_table_id(static_maat, table_name[i]); if (scan_table_id[i] < 0) @@ -458,7 +467,7 @@ void *tfe_bussiness_resouce_get(enum RESOURCE_TYPE type) } } -int tfe_bussiness_tableid_get(enum TABLE_TYPE type) +int tfe_bussiness_tableid_get(enum scan_common_table type) { return scan_table_id[type]; } \ No newline at end of file diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index 7b36f2c..53df5c7 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -30,7 +30,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st if (strlen(source_subscribe_id)) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), + scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -44,7 +44,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", source_subscribe_id, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -54,7 +54,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st if (strlen(dest_subscribe_id)) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), + scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), dest_subscribe_id, strlen(dest_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,&n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -68,7 +68,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", dest_subscribe_id, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -107,7 +107,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str if (strlen(dst_ip_location)) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION), + scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION), dst_ip_location, strlen(dst_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -121,7 +121,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s", dst_ip_location, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -133,7 +133,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str } if (strlen(src_ip_location)) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION), + scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION), src_ip_location, strlen(src_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -147,7 +147,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s", src_ip_location, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -201,7 +201,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m if (strlen(dst_asn)) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN), + scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN), dst_asn, strlen(dst_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -215,7 +215,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s", dst_asn, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -227,7 +227,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m } if (strlen(src_asn)) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN), + scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN), src_asn, strlen(src_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -241,7 +241,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s", src_asn, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -260,8 +260,8 @@ int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, int hit_app_id = 0; size_t n_hit_result = 0; struct maat_hit_group hit_group; - - struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_APP_ID_DICT), + + struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_APP_ID_DICT), (const char *)&app_id, sizeof(long long)); if(app_dict!=NULL) { @@ -310,11 +310,8 @@ int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *r struct maat_hit_group last_hit_groups[256] = {0}; int dir_is_e2i = get_route_dir(stream); - int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR"); - int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR"); - - if(c2s == 1) table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id; - if(c2s == 0) table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id; + if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); + if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); if(n_last_hit_group > 0) @@ -337,22 +334,109 @@ int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *r return hit_cnt_ip; } +int tfe_scan_internal_exteral_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) +{ + int scan_ret = 0; + int table_id=0; + int hit_cnt_port = 0; + size_t array_size=256; + size_t n_hit_result = 0; + struct maat_hit_group last_hit_groups[256] = {0}; + + int dir_is_e2i = get_route_dir(stream); + if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); + if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); + + size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); + if(n_last_hit_group > 0) + { + maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); + scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_port, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port += n_hit_result; + } + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port += n_hit_result; + } + } + return hit_cnt_port; +} + +int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest) +{ + int scan_ret = 0; + int hit_cnt_port = 0; + size_t n_hit_result = 0; + + scan_ret=maat_scan_integer((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), source, + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 1); + if(scan_ret > 0) + { + hit_cnt_port+=scan_ret; + } + + scan_ret=maat_scan_integer((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), dest, + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 0); + if(scan_ret > 0) + { + hit_cnt_port+=scan_ret; + } + + return hit_cnt_port; +} + +#define PROTOCOL_TCP_GROUP_ID 6 int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { - int table_id=0; int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; + struct maat_hit_group hit_group; - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); - scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=PROTOCOL_TCP_GROUP_ID; + scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; @@ -363,15 +447,14 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc hit_cnt_ip += scan_ret; } - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); - scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v4->daddr, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; @@ -387,19 +470,27 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { - int table_id=0; int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; + struct maat_hit_group hit_group; - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); - scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=PROTOCOL_TCP_GROUP_ID; + scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -411,14 +502,13 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc hit_cnt_ip += scan_ret; } - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); - scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6, + scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v6->daddr, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { diff --git a/conf/doh/doh.conf b/conf/doh/doh.conf index edecec2..1d2c687 100644 --- a/conf/doh/doh.conf +++ b/conf/doh/doh.conf @@ -3,8 +3,6 @@ enable=1 [maat] table_appid=ATTR_APP_ID -table_src_addr=ATTR_SOURCE_ADDR -table_dst_addr=ATTR_DESTINATION_ADDR table_qname=ATTR_DOH_QNAME table_host=ATTR_SERVER_FQDN diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index 89afd2a..c983571 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -323,6 +323,11 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http { hit_cnt += scan_ret; } + scan_ret = tfe_scan_port(stream, result, ctx->scan_mid, hit_cnt, sapp_addr.v4->source, sapp_addr.v4->dest); + if(scan_ret > 0) + { + hit_cnt += scan_ret; + } } if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { @@ -331,6 +336,11 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http { hit_cnt += scan_ret; } + scan_ret = tfe_scan_port(stream, result, ctx->scan_mid, hit_cnt, sapp_addr.v6->source, sapp_addr.v6->dest); + if(scan_ret > 0) + { + hit_cnt += scan_ret; + } } // scan appid long long app_id = 8006; @@ -377,12 +387,8 @@ static int doh_maat_init(const char *profile, const char *section) { g_doh_conf->maat = (struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT); MESA_load_profile_string_def(profile, section, "table_appid", g_doh_conf->tables[TYPE_APPID].name, TFE_STRING_MAX, "ATTR_APP_ID"); - MESA_load_profile_string_def(profile, section, "table_src_addr", g_doh_conf->tables[TYPE_SRC_ADDR].name, TFE_STRING_MAX, "ATTR_SOURCE_ADDR"); - MESA_load_profile_string_def(profile, section, "table_dst_addr", g_doh_conf->tables[TYPE_DST_ADDR].name, TFE_STRING_MAX, "ATTR_DESTINATION_ADDR"); MESA_load_profile_string_def(profile, section, "table_qname", g_doh_conf->tables[TYPE_QNAME].name, TFE_STRING_MAX, "ATTR_DOH_QNAME"); MESA_load_profile_string_def(profile, section, "table_host", g_doh_conf->tables[TYPE_HOST].name, TFE_STRING_MAX, "ATTR_SERVER_FQDN"); - MESA_load_profile_string_def(profile, section, "table_internal_addr", g_doh_conf->tables[TYPE_INTERNAL_ADDR].name, TFE_STRING_MAX, "ATTR_INTERNAL_ADDR"); - MESA_load_profile_string_def(profile, section, "table_external_addr", g_doh_conf->tables[TYPE_EXTERNAL_ADDR].name, TFE_STRING_MAX, "ATTR_EXTERNAL_ADDR"); for (int i = 0; i < TYPE_MAX; i++) { diff --git a/plugin/business/doh/src/pub.h b/plugin/business/doh/src/pub.h index 2ca5271..1e7aef9 100644 --- a/plugin/business/doh/src/pub.h +++ b/plugin/business/doh/src/pub.h @@ -30,13 +30,9 @@ enum pangu_http_stat enum table_type { - TYPE_SRC_ADDR, - TYPE_DST_ADDR, TYPE_APPID, TYPE_QNAME, TYPE_HOST, - TYPE_INTERNAL_ADDR, - TYPE_EXTERNAL_ADDR, TYPE_MAX }; diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 336dc85..42afd8c 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -63,8 +63,6 @@ enum manipulate_action enum scan_table { - PXY_CTRL_SOURCE_ADDR, - PXY_CTRL_DESTINATION_ADDR, PXY_CTRL_HTTP_URL, PXY_CTRL_HTTP_FQDN, PXY_CTRL_HTTP_REQ_HDR, @@ -72,8 +70,6 @@ enum scan_table PXY_CTRL_HTTP_RES_HDR, PXY_CTRL_HTTP_RES_BODY, PXY_CTRL_APP_ID, - PXY_CTRL_INTERNAL_ADDR, - PXY_CTRL_EXTERNAL_ADDR, __SCAN_TABLE_MAX }; @@ -1011,8 +1007,6 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons g_proxy_rt->feather = (struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT); const char * table_name[__SCAN_TABLE_MAX]; - table_name[PXY_CTRL_SOURCE_ADDR] = "ATTR_SOURCE_ADDR"; - table_name[PXY_CTRL_DESTINATION_ADDR]="ATTR_DESTINATION_ADDR"; table_name[PXY_CTRL_HTTP_URL] = "ATTR_HTTP_URL"; table_name[PXY_CTRL_HTTP_FQDN] = "ATTR_SERVER_FQDN"; table_name[PXY_CTRL_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR"; @@ -1020,8 +1014,6 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons table_name[PXY_CTRL_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR"; table_name[PXY_CTRL_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY"; table_name[PXY_CTRL_APP_ID] = "ATTR_APP_ID"; - table_name[PXY_CTRL_INTERNAL_ADDR] = "ATTR_INTERNAL_ADDR"; - table_name[PXY_CTRL_EXTERNAL_ADDR] = "ATTR_EXTERNAL_ADDR"; for (int i = 0; i < __SCAN_TABLE_MAX; i++) { @@ -2889,6 +2881,11 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ { hit_cnt += scan_ret; } + scan_ret = tfe_scan_port(stream, result, ctx->scan_mid, hit_cnt, sapp_addr.v4->source, sapp_addr.v4->dest); + if(scan_ret > 0) + { + hit_cnt += scan_ret; + } } if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { @@ -2897,6 +2894,11 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ { hit_cnt += scan_ret; } + scan_ret = tfe_scan_port(stream, result, ctx->scan_mid, hit_cnt, sapp_addr.v6->source, sapp_addr.v6->dest); + if(scan_ret > 0) + { + hit_cnt += scan_ret; + } } if(hit_cnt > 0) diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 5c2aca9..e16534f 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -67,18 +67,14 @@ "table_name":"TSG_OBJ_IP", "db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"], "table_type":"ip_plus", - "valid_column":11, + "valid_column":7, "custom": { "item_id":1, "group_id":2, "addr_type":3, "addr_format":4, "ip1":5, - "ip2":6, - "port_format":7, - "port1":8, - "port2":9, - "protocol":10 + "ip2":6 } }, { @@ -123,8 +119,8 @@ "custom": { "item_id":1, "group_id":2, - "low_bound":3, - "up_bound":4 + "low_boundary":3, + "up_boundary":4 } }, { @@ -202,30 +198,18 @@ }, { "table_id":19, - "table_name":"TSG_OBJ_APP_ID", - "table_type":"interval", - "valid_column":5, - "custom": { - "item_id":1, - "group_id":2, - "low_bound":3, - "up_bound":4 - } + "table_name":"ATTR_SOURCE_IP", + "table_type":"virtual", + "physical_table": "TSG_OBJ_IP" }, { "table_id":20, - "table_name":"ATTR_SOURCE_ADDR", + "table_name":"ATTR_DESTINATION_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { "table_id":21, - "table_name":"ATTR_DESTINATION_ADDR", - "table_type":"virtual", - "physical_table": "TSG_OBJ_IP" - }, - { - "table_id":22, "table_name":"PXY_CACHE_COMPILE", "table_type":"compile", "user_region_encoded":"escape", @@ -237,7 +221,7 @@ } }, { - "table_id":23, + "table_id":22, "table_name":"PXY_CACHE_COMPILE_CONJUNCTION", "db_tables":["PXY_CACHE_COMPILE"], "default_compile_table":1, @@ -251,7 +235,7 @@ } }, { - "table_id":24, + "table_id":23, "table_name":"PXY_CACHE_COMPILE_PLUGIN", "db_tables":["PXY_CACHE_COMPILE"], "table_type":"plugin", @@ -263,7 +247,7 @@ } }, { - "table_id":25, + "table_id":24, "table_name":"PXY_CACHE_GROUP", "table_type":"group2compile", "associated_compile_table_id":0, @@ -277,7 +261,7 @@ } }, { - "table_id":26, + "table_id":25, "table_name":"PXY_CACHE_HTTP_URL", "table_type":"expr", "valid_column":7, @@ -291,7 +275,7 @@ } }, { - "table_id":27, + "table_id":26, "table_name":"PXY_CACHE_HTTP_COOKIE", "table_type":"expr", "valid_column":7, @@ -305,7 +289,7 @@ } }, { - "table_id":28, + "table_id":27, "table_name":"PXY_PROFILE_TRUSTED_CA_CERT", "table_type":"plugin", "valid_column":4, @@ -316,7 +300,7 @@ } }, { - "table_id":29, + "table_id":28, "table_name":"PXY_OBJ_TRUSTED_CA_CRL", "table_type":"plugin", "valid_column":4, @@ -327,7 +311,7 @@ } }, { - "table_id":30, + "table_id":29, "table_name":"TSG_PROFILE_RESPONSE_PAGES", "table_type":"plugin", "valid_column":5, @@ -338,7 +322,7 @@ } }, { - "table_id":31, + "table_id":30, "table_name":"PXY_PROFILE_HIJACK_FILES", "table_type":"plugin", "valid_column":6, @@ -349,7 +333,7 @@ } }, { - "table_id":32, + "table_id":31, "table_name":"PXY_PROFILE_INSERT_SCRIPTS", "table_type":"plugin", "valid_column":6, @@ -360,7 +344,7 @@ } }, { - "table_id":33, + "table_id":32, "table_name":"PXY_INTERCEPT_COMPILE", "table_type":"plugin", "valid_column":9, @@ -370,7 +354,7 @@ } }, { - "table_id":34, + "table_id":33, "table_name":"TSG_PROFILE_TRAFFIC_MIRROR", "table_type":"plugin", "valid_column":4, @@ -380,7 +364,7 @@ } }, { - "table_id":35, + "table_id":34, "table_name":"PXY_PROFILE_DECRYPTION", "table_type":"plugin", "valid_column":4, @@ -390,7 +374,7 @@ } }, { - "table_id":36, + "table_id":35, "table_name":"TSG_OBJ_AS_NUMBER", "table_type":"expr", "valid_column":7, @@ -404,19 +388,19 @@ } }, { - "table_id":37, + "table_id":36, "table_name":"ATTR_SOURCE_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":38, + "table_id":37, "table_name":"ATTR_DESTINATION_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":39, + "table_id":38, "table_name":"TSG_OBJ_GEO_LOCATION", "table_type":"expr", "valid_column":7, @@ -430,25 +414,25 @@ } }, { - "table_id":40, + "table_id":39, "table_name":"ATTR_SOURCE_LOCATION", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":41, + "table_id":40, "table_name":"ATTR_DESTINATION_LOCATION", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":42, + "table_id":41, "table_name":"ATTR_DOH_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":43, + "table_id":42, "table_name":"PXY_SSL_FINGERPRINT", "table_type":"plugin", "valid_column":4, @@ -458,7 +442,7 @@ } }, { - "table_id":44, + "table_id":43, "table_name":"PXY_PROFILE_RUN_SCRIPTS", "table_type":"plugin", "valid_column":4, @@ -469,7 +453,7 @@ } }, { - "table_id":45, + "table_id":44, "table_name":"PXY_PROFILE_TCP_OPTION", "table_type":"plugin", "valid_column":6, @@ -479,7 +463,7 @@ } }, { - "table_id":46, + "table_id":45, "table_name":"SERVICE_CHAINING_COMPILE", "table_type":"plugin", "valid_column":9, @@ -489,7 +473,7 @@ } }, { - "table_id": 47, + "table_id": 46, "table_name": "APP_ID_DICT", "table_type": "plugin", "valid_column": 19, @@ -500,27 +484,80 @@ } }, { - "table_id":48, + "table_id":47, "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" }, { - "table_id":49, + "table_id":48, "table_name":"ATTR_SUBSCRIBER_ID", "table_type":"virtual", "physical_table": "TSG_OBJ_SUBSCRIBER_ID" }, { - "table_id":50, - "table_name":"ATTR_INTERNAL_ADDR", + "table_id":49, + "table_name":"ATTR_INTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":51, - "table_name":"ATTR_EXTERNAL_ADDR", + "table_id":50, + "table_name":"ATTR_EXTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" + }, + { + "table_id":51, + "table_name": "TSG_IP_PROTOCOL", + "table_type": "plugin", + "valid_column": 4, + "custom": { + "key": 1, + "key_type": "integer", + "key_len": 8 + } + }, + { + "table_id":52, + "table_name":"TSG_OBJ_PORT", + "table_type":"interval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_boundary":3, + "up_boundary":4 + } + }, + { + "table_id":53, + "table_name": "ATTR_SOURCE_PORT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_PORT" + }, + { + "table_id":54, + "table_name": "ATTR_DESTINATION_PORT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_PORT" + }, + { + "table_id":55, + "table_name": "ATTR_INTERNAL_PORT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_PORT" + }, + { + "table_id":56, + "table_name": "ATTR_EXTERNAL_PORT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_PORT" + }, + { + "table_id":57, + "table_name": "ATTR_IP_PROTOCOL", + "table_type": "virtual", + "physical_table": "TSG_IP_PROTOCOL" } ] \ No newline at end of file