gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-2489 DOH 支持 IP 归属地

Browse Source 
* tfe maat IP 归属地回调表的注册从 pangu 移动到 tfe_resource 中
	* 修复 Pangu IP 归属地 SRC && DST 同时命中时 maat 计数的 bug
This commit is contained in:
luwenpeng
2020-07-15 11:30:11 +08:00
parent 39bff0023c
commit 444b9c7935
11 changed files with 518 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
common/src/tfe_resource.cpp
View File

@@ -10,6 +10,14 @@
#define MAAT_INPUT_REDIS 1
#define MAAT_INPUT_FILE 2
struct maat_table_info
{
int id;
char *name;
Maat_plugin_EX_new_func_t *new_func;
Maat_plugin_EX_dup_func_t *dup_func;
Maat_plugin_EX_free_func_t *free_func;
};
static Maat_feather_t static_maat = NULL;
static Maat_feather_t dynamic_maat = NULL;
static tfe_kafka_logger_t *kafka_logger = NULL;
@@ -27,6 +35,7 @@ static Maat_feather_t create_maat_feather(const char *instance_name, const char
int redis_port_begin = 0, redis_port_end = 0;
int redis_port_select = 0;
int redis_db_idx = 0;
int deferred_load_on = 0;
char json_cfg_file[TFE_STRING_MAX] = {0}, maat_stat_file[TFE_STRING_MAX] = {0};
MESA_load_profile_int_def(profile, section, "maat_input_mode", &(input_mode), 0);
@@ -42,6 +51,7 @@ static Maat_feather_t create_maat_feather(const char *instance_name, const char
MESA_load_profile_string_def(profile, section, "full_cfg_dir", ful_cfg_dir, sizeof(ful_cfg_dir), "");
MESA_load_profile_string_def(profile, section, "stat_file", maat_stat_file, sizeof(maat_stat_file), "");
MESA_load_profile_int_def(profile, section, "effect_interval_s", &(effect_interval), 60);
MESA_load_profile_int_def(profile, section, "deferred_load_on", &(deferred_load_on), 0);
effect_interval *= 1000; //convert s to ms
@@ -119,6 +129,7 @@ static Maat_feather_t create_maat_feather(const char *instance_name, const char
}
}
Maat_set_feather_opt(target, MAAT_OPT_DEFERRED_LOAD, &deferred_load_on, sizeof(deferred_load_on));
Maat_set_feather_opt(target, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
Maat_set_feather_opt(target, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
if (strlen(accept_tags) > 0)
@@ -219,6 +230,160 @@ finish:
return (char *)device_def_id;
}
static void ip_asn_table_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
{
int addr_type;
int ret = 0, profile_id = 0, is_valid = 0;
char start_ip[40], end_ip[40], asn[40] = {0};
char organization[TFE_PATH_MAX];
ret = sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%d", &profile_id, &addr_type, start_ip, end_ip, asn, organization, &is_valid);
if (ret != 7)
{
TFE_LOG_ERROR(g_default_logger, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line);
return;
}
tfe_unescape(organization);
struct ip_data_table *ip_asn = ALLOC(struct ip_data_table, 1);
memset(ip_asn, 0, sizeof(struct ip_data_table));
ip_asn->profile_id = profile_id;
ip_asn->asn = tfe_strdup(asn);
ip_asn->organization = tfe_strdup(organization);
ip_asn->ref_cnt = 1;
pthread_mutex_init(&(ip_asn->lock), NULL);
TFE_LOG_INFO(g_default_logger, "Policy table add success %d", profile_id);
*ad = ip_asn;
}
static void ip_location_table_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
{
int ret = 0, profile_id = 0, is_valid = 0;
int geoname_id = 0, addr_type = 0;
double latitude, longitude, coords;
char language[40], start_ip[40], end_ip[40];
char continent_abbr[TFE_PATH_MAX], continent_full[TFE_PATH_MAX];
char country_abbr[TFE_PATH_MAX], province_abbr[TFE_PATH_MAX], time_zone[TFE_PATH_MAX];
char country_full[TFE_PATH_MAX], province_full[TFE_PATH_MAX], city_full[TFE_PATH_MAX];
ret = sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id, &geoname_id,
&addr_type, start_ip, end_ip, &latitude, &longitude, &coords, language,
continent_abbr, continent_full, country_abbr, country_full, province_abbr, province_full,
city_full, time_zone, &is_valid);
if (ret != 18)
{
TFE_LOG_ERROR(g_default_logger, "Policy table parse ip location failed, ret:%d, %s", ret, table_line);
return;
}
tfe_unescape(continent_full);
tfe_unescape(country_full);
tfe_unescape(province_full);
tfe_unescape(city_full);
struct ip_data_table *ip_asn = ALLOC(struct ip_data_table, 1);
memset(ip_asn, 0, sizeof(struct ip_data_table));
ip_asn->profile_id = profile_id;
ip_asn->country_full = tfe_strdup(country_full);
ip_asn->province_full = tfe_strdup(province_full);
ip_asn->city_full = tfe_strdup(city_full);
ip_asn->ref_cnt = 1;
pthread_mutex_init(&(ip_asn->lock), NULL);
TFE_LOG_INFO(g_default_logger, "Policy table add success %d", profile_id);
*ad = ip_asn;
}
static void ip_table_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
{
struct ip_data_table *ip_asn = (struct ip_data_table *)(*from);
pthread_mutex_lock(&(ip_asn->lock));
ip_asn->ref_cnt++;
pthread_mutex_unlock(&(ip_asn->lock));
*to = ip_asn;
}
static void ip_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
{
if (*ad == NULL)
{
return;
}
struct ip_data_table *ip_asn = (struct ip_data_table *)(*ad);
pthread_mutex_lock(&(ip_asn->lock));
ip_asn->ref_cnt--;
if (ip_asn->ref_cnt > 0)
{
pthread_mutex_unlock(&(ip_asn->lock));
return;
}
pthread_mutex_unlock(&(ip_asn->lock));
pthread_mutex_destroy(&(ip_asn->lock));
if (ip_asn->asn)
FREE(&ip_asn->asn);
if (ip_asn->organization)
FREE(&ip_asn->organization);
if (ip_asn->country_full)
FREE(&ip_asn->country_full);
if (ip_asn->province_full)
FREE(&ip_asn->province_full);
if (ip_asn->city_full)
FREE(&ip_asn->city_full);
FREE(&ip_asn);
*ad = NULL;
return;
}
void ip_table_free(struct ip_data_table *ip_asn)
{
ip_table_free_cb(0, (void **)&ip_asn, 0, NULL);
}
static struct maat_table_info maat_pub_tables[TABLE_TYPE_MAX] = {
// TABLE_IP_ASN_USER_DEFINED
{0, "TSG_IP_ASN_USER_DEFINED", ip_asn_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_IP_ASN_BUILT_IN
{0, "TSG_IP_ASN_BUILT_IN", ip_asn_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_IP_LOCATION_USER_DEFINED
{0, "TSG_IP_LOCATION_USER_DEFINED", ip_location_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_IP_LOCATION_BUILT_IN
{0, "TSG_IP_LOCATION_BUILT_IN", ip_location_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_SECURITY_SOURCE_ASN
{0, "TSG_SECURITY_SOURCE_ASN", NULL, NULL, NULL},
// TABLE_SECURITY_DESTINATION_ASN
{0, "TSG_SECURITY_DESTINATION_ASN", NULL, NULL, NULL},
// TABLE_SECURITY_SOURCE_LOCATION
{0, "TSG_SECURITY_SOURCE_LOCATION", NULL, NULL, NULL},
// TABLE_SECURITY_DESTINATION_LOCATION
{0, "TSG_SECURITY_DESTINATION_LOCATION", NULL, NULL, NULL}
};
static int register_maat_table()
{
for (int i = 0; i < TABLE_TYPE_MAX; i++)
{
maat_pub_tables[i].id = Maat_table_register(static_maat, maat_pub_tables[i].name);
if (maat_pub_tables[i].id < 0)
{
TFE_LOG_ERROR(g_default_logger, "Maat table %s register failed.", maat_pub_tables[i].name);
return -1;
}
if (maat_pub_tables[i].new_func || maat_pub_tables[i].dup_func || maat_pub_tables[i].free_func)
{
Maat_ip_plugin_EX_register(static_maat, maat_pub_tables[i].id, maat_pub_tables[i].new_func,
maat_pub_tables[i].free_func, maat_pub_tables[i].dup_func, 0, NULL);
}
}
return 0;
}
int tfe_bussiness_resouce_init()
{
const char *profile_path = "./conf/tfe/tfe.conf";
@@ -243,6 +408,11 @@ int tfe_bussiness_resouce_init()
device_id = cerate_device_id(profile_path, "kafka", g_default_logger);
if (register_maat_table())
{
return -1;
}
return 0;
}
@@ -261,4 +431,9 @@ void *tfe_bussiness_resouce_get(enum RESOURCE_TYPE type)
default:
return NULL;
}
}
int tfe_bussiness_tableid_get(enum TABLE_TYPE type)
{
return maat_pub_tables[type].id;
}