diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h index e042def..0b4caf2 100644 --- a/common/include/tfe_cmsg.h +++ b/common/include/tfe_cmsg.h @@ -78,6 +78,9 @@ enum tfe_cmsg_tlv_type /* SSL ja3 fingerprint */ TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, // string max size 32 + TFE_CMSG_SRC_FQDN_ID, + TFE_CMSG_SRC_FQDN_NUM, + /* Add new cmsg here */ /* Add new cmsg here */ /* Add new cmsg here */ diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index 50170ba..cc93a4b 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -8,4 +8,6 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *r int tfe_scan_ip_asn(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid, int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **asn_server, char **asn_client); int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid, - int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client); \ No newline at end of file + int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client); +int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid, + int hit_cnt, unsigned int thread_id, void *logger, int table_id); diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 4fc8265..1cb61ff 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -13,9 +13,6 @@ struct maat_table_info { int id; const char *name; - Maat_plugin_EX_new_func_t *new_func; - Maat_plugin_EX_dup_func_t *dup_func; - Maat_plugin_EX_free_func_t *free_func; }; static Maat_feather_t static_maat = NULL; static tfe_kafka_logger_t *kafka_logger = NULL; @@ -235,16 +232,11 @@ finish: } static struct maat_table_info maat_pub_tables[TABLE_TYPE_MAX] = { - // TABLE_SECURITY_SOURCE_ASN - {0, "TSG_SECURITY_SOURCE_ASN", NULL, NULL, NULL}, - // TABLE_SECURITY_DESTINATION_ASN - {0, "TSG_SECURITY_DESTINATION_ASN", NULL, NULL, NULL}, - // TABLE_SECURITY_SOURCE_LOCATION - {0, "TSG_SECURITY_SOURCE_LOCATION", NULL, NULL, NULL}, - // TABLE_SECURITY_DESTINATION_LOCATION - {0, "TSG_SECURITY_DESTINATION_LOCATION", NULL, NULL, NULL}, - // TABLE_OBJ_SUBSCRIBER_ID - {0, "TSG_OBJ_SUBSCRIBER_ID", NULL, NULL, NULL}}; + {0, "TSG_SECURITY_SOURCE_ASN"}, + {0, "TSG_SECURITY_DESTINATION_ASN"}, + {0, "TSG_SECURITY_SOURCE_LOCATION"}, + {0, "TSG_SECURITY_DESTINATION_LOCATION"}, + {0, "TSG_OBJ_SUBSCRIBER_ID"}}; static int register_maat_table() { @@ -256,12 +248,6 @@ static int register_maat_table() TFE_LOG_ERROR(g_default_logger, "Maat table %s register failed.", maat_pub_tables[i].name); return -1; } - - if (maat_pub_tables[i].new_func || maat_pub_tables[i].dup_func || maat_pub_tables[i].free_func) - { - Maat_ip_plugin_EX_register(static_maat, maat_pub_tables[i].id, maat_pub_tables[i].new_func, - maat_pub_tables[i].free_func, maat_pub_tables[i].dup_func, 0, NULL); - } } return 0; diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index 5e7ec5b..b746a1b 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -67,6 +67,49 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *r return hit_cnt_ip; } +int tfe_scan_fqdn_cat(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid, + int hit_cnt, unsigned int thread_id, void *logger, int table_id) +{ + int scan_ret = 0, i, fqdn_len =0; + uint16_t opt_out_size; + int category_num = 0, hit_cnt_fqdn = 0; + char category_id_num[24] = {0}; + char category_id_val[TFE_SYMBOL_MAX] = {0}; + + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); + if (cmsg != NULL) + { + scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_FQDN_ID, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size); + if (scan_ret != 0) + { + TFE_LOG_ERROR(logger, "fetch fqdn cat id from cmsg failed, ret: %d", scan_ret); + } + scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_FQDN_NUM, (unsigned char *)category_id_num, sizeof(category_id_num), &opt_out_size); + if (scan_ret != 0) + { + TFE_LOG_ERROR(logger, "fetch fqdn cat id from cmsg failed, ret: %d", scan_ret); + } + category_num = atoll(category_id_num); + } + + for(i = 0; i< category_num && i < 8; i++) + { + int fqdn_id =0; + char fqdn_val[16]={0}; + + snprintf(fqdn_val, sizeof(int), "%s", category_id_val + fqdn_len); + fqdn_id = atoi(fqdn_val); + scan_ret=Maat_scan_intval(tfe_bussiness_resouce_get(STATIC_MAAT), table_id, fqdn_id, result + hit_cnt + hit_cnt_fqdn, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_fqdn, scan_mid, (int) thread_id); + if(scan_ret>0) + { + hit_cnt_fqdn+=scan_ret; + } + fqdn_len += sizeof(int); + } + return hit_cnt_fqdn; +} + int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid, int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client) { diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index dfc2eb3..f53f5a7 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -243,6 +243,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit host: %s scan ret: %d addr: %s", g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, ctx->addr_string); } + + scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, g_doh_conf->tables[TYPE_HOST].id); + if( scan_ret > 0) + { + hit_cnt += scan_ret; + } } // scan addr @@ -289,6 +295,11 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s", g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, ctx->addr_string); } + scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, g_doh_conf->tables[TYPE_QNAME].id); + if( scan_ret > 0) + { + hit_cnt += scan_ret; + } if (hit_cnt) { diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index 058fa8e..244012d 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -1934,7 +1934,7 @@ static void http_manipulate(const struct tfe_stream * stream, const struct tfe_h } enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_http_event events, - const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx) + const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx, const struct tfe_stream * stream) { void * iterator = NULL; const char * field_val = NULL; @@ -1957,6 +1957,11 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht { hit_cnt += scan_ret; } + scan_ret = tfe_scan_fqdn_cat(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN]); + if (scan_ret > 0) + { + hit_cnt += scan_ret; + } } const char * str_url = session->req->req_spec.url; @@ -2046,8 +2051,6 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id); } } - - __out: return ctx->action; } @@ -2059,7 +2062,7 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h if(ctx->action==PG_ACTION_NONE||ctx->action==PG_ACTION_MONIT) { //ctx->action changed in http_scan. - http_scan(session, events, body_frag, frag_size, ctx); + http_scan(session, events, body_frag, frag_size, ctx, stream); } switch (ctx->action) { diff --git a/plugin/protocol/http2/src/http2_stream.cpp b/plugin/protocol/http2/src/http2_stream.cpp index a493a13..58c1f6b 100644 --- a/plugin/protocol/http2/src/http2_stream.cpp +++ b/plugin/protocol/http2/src/http2_stream.cpp @@ -448,9 +448,6 @@ void h2_half_ops_free(struct tfe_http_half * half) delete_stream_half_data(&h2_private, 1, CONN_DIR_DOWNSTREAM); - free(h2_private); - h2_private = NULL; - return; } @@ -952,7 +949,6 @@ nghttp2_submit_frame_settings(struct tfe_h2_stream *connection,const nghttp2_fra nghttp2_settings settings = frame->settings; nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir); - nghttp2_session *ngh2_peer_session = tfe_h2_stream_get_nghttp2_peer_session(connection, dir); rv = nghttp2_submit_settings(ngh2_session, settings.hd.flags, nghttp2_iv_packet(settings, iv), settings.niv); diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 90b70df..e4d8217 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -23,37 +23,37 @@ 4 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff 5 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- 6 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff -6 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff -7 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- -8 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff -9 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- -10 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- -11 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff -12 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- -13 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- -14 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon -15 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 -16 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- -17 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- -18 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} -19 PXY_CACHE_COMPILE compile escape -- -20 PXY_CACHE_GROUP group -- -21 PXY_CACHE_HTTP_URL expr UTF8 UTF8 yes 0 quickoff -22 PXY_CACHE_HTTP_COOKIE expr UTF8 UTF8 yes 0 quickoff -23 PXY_PROFILE_TRUSTED_CA_CERT plugin {"key":1,"valid":4,"foreign":"3"} -23 PXY_EXCH_INTERMEDIA_CERT plugin {"key":1,"valid":4,"foreign":"3"} -24 PXY_OBJ_TRUSTED_CA_CRL plugin {"valid":4,"foreign":"3"} -25 TSG_PROFILE_RESPONSE_PAGES plugin {"key":1,"foreign":"4","valid":5} -26 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6} -27 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6} -28 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8} -29 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4} -30 TSG_PROFILE_DECRYPTION plugin {"key":1,"valid":4} -31 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 -32 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- -33 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER -- -34 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0 -35 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- -36 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- -37 TSG_FIELD_DOH_QNAME virtual TSG_OBJ_FQDN -- -38 TSG_FIELD_DOH_HOST virtual TSG_OBJ_FQDN -- \ No newline at end of file +7 TSG_OBJ_FQDN_CAT intval UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff +8 TSG_FIELD_HTTP_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff +10 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +11 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +12 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff +13 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- +14 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- +15 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon +16 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 +17 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- +18 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- +19 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} +20 PXY_CACHE_COMPILE compile escape -- +21 PXY_CACHE_GROUP group -- +22 PXY_CACHE_HTTP_URL expr UTF8 UTF8 yes 0 quickoff +23 PXY_CACHE_HTTP_COOKIE expr UTF8 UTF8 yes 0 quickoff +24 PXY_PROFILE_TRUSTED_CA_CERT plugin {"key":1,"valid":4,"foreign":"3"} +24 PXY_EXCH_INTERMEDIA_CERT plugin {"key":1,"valid":4,"foreign":"3"} +25 PXY_OBJ_TRUSTED_CA_CRL plugin {"valid":4,"foreign":"3"} +26 TSG_PROFILE_RESPONSE_PAGES plugin {"key":1,"foreign":"4","valid":5} +27 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6} +28 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6} +29 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8} +30 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4} +31 TSG_PROFILE_DECRYPTION plugin {"key":1,"valid":4} +32 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 +33 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- +34 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER -- +35 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0 +36 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- +37 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- +38 TSG_FIELD_DOH_QNAME virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +39 TSG_FIELD_DOH_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- \ No newline at end of file