gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-22707 Adaptation of DB indicates changes, fixes self-check process testing issues

Browse Source
This commit is contained in:
fengweihao
2024-10-16 16:16:44 +08:00
parent 8e38bbcf48
commit 48cba684fe
9 changed files with 82 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/src/tfe_resource.cpp
View File

@@ -247,7 +247,7 @@ void app_dict_table_new_cb(const char *table_name, const char* key, const char*
app_dict->app_id = item->valueint;
}
item = cJSON_GetObjectItem(app_id_dict_json, "uuid");
item = cJSON_GetObjectItem(app_id_dict_json, "object_uuid");
if(item && item->type==cJSON_String)
{
uuid_parse(item->valuestring, app_dict->object_uuid);

2
common/src/tfe_scan.cpp
View File

@@ -458,7 +458,7 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s
return hit_cnt_port;
}
#define PROTOCOL_TCP_UUID_ID "6"
#define PROTOCOL_TCP_UUID_ID "00000000-0000-0000-0000-000000000006"
int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
{
int scan_ret = 0;

2
platform/src/ssl_stream.cpp
View File

@@ -2225,7 +2225,7 @@ void ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream, uu
uuid_clear(*profile_id);
uint16_t out_size;
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)profile_id, sizeof(profile_id), &out_size);
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)profile_id, sizeof(uuid_t), &out_size);
assert(ret == 0);
assert(out_size == sizeof(uuid_t));
(void)ret;

24
plugin/business/ssl-policy/src/ssl_policy.cpp
View File

@@ -237,7 +237,7 @@ struct ssl_policy_enforcer *ssl_policy_enforcer_create()
struct ssl_policy_enforcer *enforcer = ALLOC(struct ssl_policy_enforcer, 1);
enforcer->maat = tfe_get_maat_handle();
ret = maat_plugin_table_ex_schema_register(enforcer->maat,
"PXY_PROFILE_DECRYPTION",
"DECRYPTION_PROFILE",
profile_param_new_cb,
profile_param_free_cb,
profile_param_dup_cb,
@@ -272,7 +272,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p
uuid_unparse(decrypted_uuid, decrypted_uuid_str);
TFE_LOG_DEBUG(g_default_logger, "%s %s enforce policy %s", addr_string, sni, rule_uuid_str);
struct decryption_param *profile_param = (struct decryption_param *)maat_plugin_table_get_ex_data(enforcer->maat, "PXY_PROFILE_DECRYPTION", (const char *)decrypted_uuid_str, strlen(decrypted_uuid_str));
struct decryption_param *profile_param = (struct decryption_param *)maat_plugin_table_get_ex_data(enforcer->maat, "DECRYPTION_PROFILE", (const char *)decrypted_uuid_str, strlen(decrypted_uuid_str));
if (profile_param == NULL)
{
TFE_LOG_INFO(g_default_logger, "Failed to get decryption parameter of profile %s.", decrypted_uuid_str);
@@ -283,32 +283,32 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_p
if (!profile_param->mirror_client_version)
{
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MIN_VERSION, profile_param->ssl_min_version);
assert(ret == 0);
assert(ret == 1);
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_PROTOCOL_MAX_VERSION, profile_param->ssl_max_version);
assert(ret == 0);
assert(ret == 1);
}
if (profile_param->allow_http2)
{
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_ENABLE_ALPN, 1);
assert(ret == 0);
assert(ret == 1);
}
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME, profile_param->no_verify_cn);
assert(ret == 0);
assert(ret == 1);
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_ISSUER, profile_param->no_verify_issuer);
assert(ret == 0);
assert(ret == 1);
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED, profile_param->no_verify_self_signed);
assert(ret == 0);
assert(ret == 1);
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE, profile_param->no_verify_expry_date);
assert(ret == 0);
assert(ret == 1);
if (profile_param->block_fake_cert)
{
ret = ssl_stream_set_integer_opt(upstream, SSL_STREAM_OPT_BLOCK_FAKE_CERT, 1);
assert(ret == 0);
assert(ret == 1);
}
ret = ssl_stream_set_uuid_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_TRUSTED, &trusted_keyring_uuid);
assert(ret == 0);
assert(ret == 1);
ret = ssl_stream_set_uuid_opt(upstream, SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED, &untrusted_keyring_uuid);
assert(ret == 0);
assert(ret == 1);
ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
assert(ret == 0);
ret = ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_APP_STATUS, &is_app_not_pinning);

4
plugin/business/tcp-policy/src/tcp_policy.cpp
View File

@@ -236,7 +236,7 @@ struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger)
struct tcp_policy_enforcer *enforcer = ALLOC(struct tcp_policy_enforcer, 1);
enforcer->maat = tfe_get_maat_handle();
enforcer->logger = logger;
snprintf(enforcer->table_name, sizeof(enforcer->table_name), "PXY_PROFILE_TCP_OPTION");
snprintf(enforcer->table_name, sizeof(enforcer->table_name), "PROXY_TCP_OPTION");
ret = maat_plugin_table_ex_schema_register(enforcer->maat, enforcer->table_name,
profile_param_new_cb,
@@ -245,7 +245,7 @@ struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger)
0, enforcer);
if (ret < 0)
{
TFE_LOG_ERROR(enforcer->logger, "failed at register callback of PXY_PROFILE_TCP_OPTION, ret = %d", ret);
TFE_LOG_ERROR(enforcer->logger, "failed at register callback of PROXY_TCP_OPTION, ret = %d", ret);
goto error_out;
}
return enforcer;

48
plugin/business/tsg-http/src/tsg_http.cpp
View File

@@ -245,7 +245,7 @@ void trusted_CA_update_cert_cb(const char *table_name, const char *table_line, e
cJSON* trust_ca_cert = cJSON_Parse(table_line);
if(trust_ca_cert == NULL)
{
TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_TRUSTED_CA_CERT parse table_line failed. table_line:%s", table_line);
TFE_LOG_ERROR(g_proxy_rt->local_logger, "TRUSTED_CERTIFICATE_AUTHORITY parse table_line failed. table_line:%s", table_line);
return;
}
@@ -837,7 +837,7 @@ void ma_profile_table_new_cb(const char *table_name, const char* key, const char
cJSON* response_pages = cJSON_Parse(table_line);
if(response_pages == NULL)
{
TFE_LOG_ERROR(g_proxy_rt->local_logger, "TSG_PROFILE_RESPONSE_PAGES parse table_line failed. table_line:%s", table_line);
TFE_LOG_ERROR(g_proxy_rt->local_logger, "RESPONSE_PAGE parse table_line failed. table_line:%s", table_line);
return;
}
@@ -892,7 +892,7 @@ void ma_insert_profile_table_new_cb(const char *table_name, const char* key, con
cJSON* insert_script = cJSON_Parse(table_line);
if(insert_script == NULL)
{
TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_INSERT_SCRIPTS parse table_line failed. table_line:%s", table_line);
TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_INJECT_SCRIPT parse table_line failed. table_line:%s", table_line);
return;
}
@@ -952,7 +952,7 @@ void ma_hijack_profile_table_new_cb(const char *table_name, const char* key, con
cJSON* hihijack_files = cJSON_Parse(table_line);
if(hihijack_files == NULL)
{
TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_HIJACK_FILES parse table_line failed. table_line:%s", table_line);
TFE_LOG_ERROR(g_proxy_rt->local_logger, "PROXY_HIJACK_FILE parse table_line failed. table_line:%s", table_line);
return;
}
@@ -994,7 +994,7 @@ void ma_lua_profile_table_new_cb(const char *table_name, const char* key, const
cJSON* run_scripts = cJSON_Parse(table_line);
if(run_scripts == NULL)
{
TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_RUN_SCRIPTS parse table_line failed. table_line:%s", table_line);
TFE_LOG_ERROR(g_proxy_rt->local_logger, "HTTP_MANIPULATION_SCRIPT parse table_line failed. table_line:%s", table_line);
return;
}
@@ -1108,10 +1108,10 @@ void ma_profile_table_dup_cb(const char *table_name, void **to, void **from, lon
const char* table_name_idx2str(int profile_idx)
{
const char *table_name_map[] = {"TSG_PROFILE_RESPONSE_PAGES",
"PXY_PROFILE_INSERT_SCRIPTS",
"PXY_PROFILE_HIJACK_FILES",
"PXY_PROFILE_RUN_SCRIPTS"};
const char *table_name_map[] = {"RESPONSE_PAGE",
"PROXY_INJECT_SCRIPT",
"PROXY_HIJACK_FILE",
"HTTP_MANIPULATION_SCRIPT"};
return table_name_map[profile_idx];
}
@@ -1159,7 +1159,7 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons
goto error_out;
}
ret = maat_table_callback_register(g_proxy_rt->feather, "PXY_PROFILE_TRUSTED_CA_CERT",
ret = maat_table_callback_register(g_proxy_rt->feather, "TRUSTED_CERTIFICATE_AUTHORITY",
trusted_CA_update_start_cb,
trusted_CA_update_cert_cb,
trusted_CA_update_finish_cb,
@@ -1781,7 +1781,13 @@ static int html_generate(char *profile_uuid, const char* msg, char ** page_buff,
{
int ret = 0;
struct manipulate_profile* block_profile=get_profile_by_id("TSG_PROFILE_RESPONSE_PAGES", profile_uuid);
if(profile_uuid==NULL)
{
ret=-1;
return ret;
}
struct manipulate_profile* block_profile=get_profile_by_id("RESPONSE_PAGE", profile_uuid);
if(block_profile==NULL)
{
ret=-1;
@@ -1832,7 +1838,7 @@ int http_lua_profile(char *profile_uuid_str, struct elua_script ***elua_ctx, cha
{
int ret = 0;
struct manipulate_profile* lua_profile=get_profile_by_id("PXY_PROFILE_RUN_SCRIPTS", profile_uuid_str);
struct manipulate_profile* lua_profile=get_profile_by_id("HTTP_MANIPULATION_SCRIPT", profile_uuid_str);
if(lua_profile==NULL)
{
ret=-1;
@@ -2323,12 +2329,6 @@ static void http_block(const struct tfe_stream * stream, const struct tfe_http_s
int resp_code = param->status_code;
char *message = param->message;
if (param->profile_uuid_str< 0){
TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid block rule %s", ctx->enforce_rules[0].config_uuid_string);
ctx->action = PX_ACTION_NONE;
return;
}
struct tfe_http_session * to_write_sess = NULL;
if (events & EV_HTTP_RESP_HDR || tfe_http_in_hdr(events))
{
@@ -2399,7 +2399,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e
if(events & EV_HTTP_RESP_HDR)
{
struct manipulate_profile* hijack_profile=get_profile_by_id("PXY_PROFILE_HIJACK_FILES", param->profile_uuid_str);
struct manipulate_profile* hijack_profile=get_profile_by_id("PROXY_HIJACK_FILE", param->profile_uuid_str);
if (NULL == hijack_profile)
{
TFE_LOG_ERROR(g_proxy_rt->local_logger, "get table obj faild, profile_id = %s", param->profile_uuid_str);
@@ -2469,7 +2469,7 @@ static int format_insert_rule(char *profile_uuid, struct insert_rule *rule)
{
int ret = 0;
struct manipulate_profile* insert_profile=get_profile_by_id("PXY_PROFILE_INSERT_SCRIPTS", profile_uuid);
struct manipulate_profile* insert_profile=get_profile_by_id("PROXY_INJECT_SCRIPT", profile_uuid);
if(insert_profile==NULL)
{
ret=-1;
@@ -2882,14 +2882,14 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
break;
}
scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, field_val, strlen(field_val),
scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, field_val, strlen(field_val),
result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
}
scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt,
scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
@@ -2901,7 +2901,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
{
assert(ctx->sp == NULL);
attribute_name = events & EV_HTTP_REQ_BODY_BEGIN ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY";
ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, ctx->scan_mid);
ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, ctx->scan_mid);
}
const unsigned char *scan_body_frag=NULL; size_t scan_len=0;
@@ -2925,7 +2925,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END))
{
attribute_name = events & EV_HTTP_REQ_BODY_END ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY";
scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", "attribute_name", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt,
scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", "attribute_name", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{

26
resource/pangu/doh.json
View File

@@ -10,7 +10,7 @@
"log_option": "all",
"action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.abc.com","ttl":{"min":60,"max":300}},{"atype":"A","value":"1.1.1.1","ttl":{"min":60,"max":300}}]},{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"aaaa:ffff:00","ttl":{"min":60,"max":300}},{"atype":"CNAME","value":"abc.com.cn","ttl":{"min":60,"max":300}}]}]},
"is_valid": "yes",
"conditions": [
"and_conditions": [
{
"attribute_name": "ATTR_DOH_QNAME",
"objects": [
@@ -38,7 +38,7 @@
"log_option": "all",
"action_parameter":{"protocol":"DoH","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.a.shifen.com","ttl":{"min":10,"max":10}},{"atype":"A","value":"182.61.200.6","ttl":{"min":20,"max":30}},{"atype":"A","value":"182.61.200.7","ttl":{"min":60,"max":61}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.taobao.com.danuoyi.tbcache.com","ttl":{"min":100,"max":100}},{"atype":"AAAA","value":"2408:871a:2800:4:3::3fa","ttl":{"min":200,"max":300}},{"atype":"AAAA","value":"2408:871a:2800:2:3::3fa","ttl":{"min":600,"max":310}}]}]},
"is_valid": "yes",
"conditions": [
"and_conditions": [
{
"attribute_name": "ATTR_DOH_QNAME",
"objects": [
@@ -65,27 +65,9 @@
"table_content": [
{"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1}
]
},
{
"table_name": "TSG_PROFILE_RESPONSE_PAGES",
"table_content": [
{"uuid":"RESPONSE-PAGES-0000-0000-000000000001","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"}
]
},
{
"table_name": "PXY_PROFILE_HIJACK_FILES",
"table_content": [
{"uuid":"HIJACK-FILES-0000-0000-000000000001","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"}
]
},
{
"table_name": "PXY_PROFILE_INSERT_SCRIPTS",
"table_content": [
{"uuid":"INSERT-SCRIPTS-0000-0000-000000000001","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"}
]
},
{
"table_name": "PXY_PROFILE_DECRYPTION",
"table_name": " DECRYPTION_PROFILE",
"table_content": [
{"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
{"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
@@ -107,7 +89,7 @@
]
},
{
"table_name": "PXY_PROFILE_TCP_OPTION",
"table_name": "PROXY_TCP_OPTION",
"table_content": [
{"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
]

24
resource/pangu/pangu_http.json
View File

@@ -10,7 +10,7 @@
"log_option": "all",
"action_parameter": {"protocol":"http","method":"redirect","code":302,"to":"https://www.jd.com"},
"is_valid": "yes",
"conditions": [
"and_conditions": [
{
"attribute_name": "ATTR_HTTP_URL",
"objects": [
@@ -43,9 +43,9 @@
"action": "manipulate",
"blacklist_option": 1,
"log_option": "all",
"action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>","replace_with":"test"}]},
"action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}]},
"is_valid": "yes",
"conditions": [
"and_conditions": [
{
"attribute_name": "ATTR_SERVER_FQDN",
"objects": [
@@ -73,7 +73,7 @@
"log_option": "all",
"action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"},
"is_valid": "yes",
"conditions": [
"and_conditions": [
{
"attribute_name": "ATTR_HTTP_REQ_HDR",
"objects": [
@@ -118,7 +118,7 @@
"log_option": "all",
"action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"},
"is_valid": "yes",
"conditions": [
"and_conditions": [
{
"attribute_name": "ATTR_HTTP_URL",
"objects": [
@@ -147,25 +147,25 @@
]
},
{
"table_name": "TSG_PROFILE_RESPONSE_PAGES",
"table_name": "RESPONSE_PAGE",
"table_content": [
{"uuid":"00000101-0000-0000-0000-000000000000","profile_name":"404","format":"html","path":"./resource/pangu/policy_file/404.html","is_valid":1,"modified_time":"1716531859000000"}
]
},
{
"table_name": "PXY_PROFILE_HIJACK_FILES",
"table_name": "PROXY_HIJACK_FILE",
"table_content": [
{"uuid":"00000201-0000-0000-0000-000000000000","profile_name":"chakanqi","content_name":"chakanqi-947KB.exe","content_type":"application/x-msdos-program","path":"./resource/pangu/policy_file/chakanqi-947KB.exe","is_valid":1,"modified_time":"1716531859000000"}
]
},
{
"table_name": "PXY_PROFILE_INSERT_SCRIPTS",
"table_name": "PROXY_INJECT_SCRIPT",
"table_content": [
{"uuid":"00000301-0000-0000-0000-000000000000","profile_name":"time","format":"js","insert_on":"before_page_load","path":"./resource/pangu/policy_file/time.js","is_valid":1,"modified_time":"1716531859000000"}
]
},
{
"table_name": "PXY_PROFILE_DECRYPTION",
"table_name": " DECRYPTION_PROFILE",
"table_content": [
{"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
{"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
@@ -187,7 +187,7 @@
]
},
{
"table_name": "PXY_PROFILE_TCP_OPTION",
"table_name": "PROXY_TCP_OPTION",
"table_content": [
{"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
]
@@ -195,8 +195,8 @@
{
"table_name": "APP_ID_DICT",
"table_content": [
{"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"},
{"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","parent_app_id":0,"parent_app_name":null,"category":"general-internet","subcategory":"internet-utility","content":"unknown","risk":"1","characteristics":null,"deny_action":null,"depends_on_app_ids":"null","implicitly_uses_app_ids":"null","continue_scanning":0,"tcp_timeout":120,"udp_timeout":120,"tcp_half_close":0,"tcp_time_wait":0,"is_valid":1,"modified_time":"1716531859000000"}
{"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","is_valid":1},
{"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","is_valid":1}
]
}
]

46
resource/pangu/table_info.conf
View File

@@ -28,7 +28,7 @@
},
{
"table_id":4,
"table_name":"TSG_OBJ_IP",
"table_name":"TSG_OBJ_IP_ADDR",
"table_type":"ip"
},
{
@@ -43,7 +43,7 @@
},
{
"table_id":7,
"table_name":"TSG_OBJ_KEYWORDS",
"table_name":"TSG_OBJ_KEYWORD",
"table_type":"expr"
},
{
@@ -85,11 +85,13 @@
},
{
"table_id":14,
"table_name": "PXY_PROFILE_TRUSTED_CA_CERT",
"table_name": "TRUSTED_CERTIFICATE_AUTHORITY",
"table_type": "plugin",
"custom": {
"key_name":"uuid",
"key_type":"pointer"
"key_type":"pointer",
"foreign_names":["cert_file"]
}
},
{
@@ -103,29 +105,32 @@
},
{
"table_id":16,
"table_name":"TSG_PROFILE_RESPONSE_PAGES",
"table_name":"RESPONSE_PAGE",
"table_type":"plugin",
"custom": {
"key_name":"uuid",
"key_type":"pointer"
"key_type":"pointer",
"foreign_names": ["path"]
}
},
{
"table_id":17,
"table_name":"PXY_PROFILE_HIJACK_FILES",
"table_name":"PROXY_HIJACK_FILE",
"table_type":"plugin",
"custom": {
"key_name":"uuid",
"key_type":"pointer"
"key_type":"pointer",
"foreign_names": ["path"]
}
},
{
"table_id":18,
"table_name":"PXY_PROFILE_INSERT_SCRIPTS",
"table_name":"PROXY_INJECT_SCRIPT",
"table_type":"plugin",
"custom": {
"key_name":"uuid",
"key_type":"pointer"
"key_type":"pointer",
"foreign_names": ["path"]
}
},
{
@@ -148,7 +153,7 @@
},
{
"table_id":21,
"table_name":"PXY_PROFILE_DECRYPTION",
"table_name":"DECRYPTION_PROFILE",
"table_type":"plugin",
"custom": {
"key_type":"pointer",
@@ -157,16 +162,17 @@
},
{
"table_id":23,
"table_name":"PXY_PROFILE_RUN_SCRIPTS",
"table_name":"HTTP_MANIPULATION_SCRIPT",
"table_type":"plugin",
"custom": {
"key_type":"pointer",
"key_name":"uuid"
"key_name":"uuid",
"foreign_names": ["path"]
}
},
{
"table_id":24,
"table_name":"PXY_PROFILE_TCP_OPTION",
"table_name":"PROXY_TCP_OPTION",
"table_type":"plugin",
"custom": {
"key_type":"pointer",
@@ -187,19 +193,15 @@
"table_name": "APP_ID_DICT",
"table_type": "plugin",
"custom": {
"key_name":"app_id",
"key_type":"integer",
"key_len":8
"key_len":8,
"key_name":"app_id"
}
},
{
"table_id":27,
"table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin",
"custom": {
"key_name":"uuid",
"key_type":"pointer"
}
"table_name":"TSG_OBJ_IP_PROTOCOL",
"table_type":"expr"
},
{
"table_id":28,