diff --git a/common/include/tfe_resource.h b/common/include/tfe_resource.h index 01693be..8597770 100644 --- a/common/include/tfe_resource.h +++ b/common/include/tfe_resource.h @@ -33,8 +33,14 @@ enum scan_common_table PXY_CTRL_IP_PROTOCOL, PXY_CTRL_SOURCE_ASN, PXY_CTRL_DESTINATION_ASN, - PXY_CTRL_SOURCE_LOCATION, - PXY_CTRL_DESTINATION_LOCATION, + PXY_CTRL_SOURCE_GEO_COUNTRY, + PXY_CTRL_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA, + PXY_CTRL_SOURCE_GEO_ADMINISTRATIVE_AREA, + PXY_CTRL_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA, + PXY_CTRL_DESTINATION_GEO_COUNTRY, + PXY_CTRL_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA, + PXY_CTRL_DESTINATION_GEO_ADMINISTRATIVE_AREA, + PXY_CTRL_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA, PXY_CTRL_SUBSCRIBER_ID, PXY_CTRL_APP_ID_DICT, __SCAN_COMMON_TABLE_MAX diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index a983484..87c486b 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -7,8 +7,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st int hit_cnt, void *logger); int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger, char **asn_server, char **asn_client); -int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, void *logger, char **location_server, char **location_client); +int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id); int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index f730f8e..d696ecf 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -395,8 +395,14 @@ static int maat_common_table_init() table_name[PXY_CTRL_IP_PROTOCOL] = "ATTR_IP_PROTOCOL"; table_name[PXY_CTRL_SOURCE_ASN] = "ATTR_SOURCE_ASN"; table_name[PXY_CTRL_DESTINATION_ASN]="ATTR_DESTINATION_ASN"; - table_name[PXY_CTRL_SOURCE_LOCATION] = "ATTR_SOURCE_LOCATION"; - table_name[PXY_CTRL_DESTINATION_LOCATION] = "ATTR_DESTINATION_LOCATION"; + table_name[PXY_CTRL_SOURCE_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY"; + table_name[PXY_CTRL_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA"; + table_name[PXY_CTRL_SOURCE_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA"; + table_name[PXY_CTRL_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"; + table_name[PXY_CTRL_DESTINATION_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY"; + table_name[PXY_CTRL_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA"; + table_name[PXY_CTRL_DESTINATION_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA"; + table_name[PXY_CTRL_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"; table_name[PXY_CTRL_SUBSCRIBER_ID] = "ATTR_SUBSCRIBER_ID"; table_name[PXY_CTRL_APP_ID_DICT] = "APP_ID_DICT"; diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index 49a0aa2..63ac9bb 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -68,7 +68,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", dest_subscribe_id, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -79,85 +79,95 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st return hit_cnt_ip; } -int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, void *logger, char **location_server, char **location_client) +static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id) +{ + size_t n_hit_result=0; + int scan_ret=0, hit_cnt_group=0; + + scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, &hit_group, 1, + result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + return hit_cnt_group; +} + +int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { int scan_ret = 0; int hit_cnt_ip = 0; - size_t n_hit_result = 0; uint16_t opt_out_size; - char src_ip_location[TFE_STRING_MAX * 5] = {0}; - char dst_ip_location[TFE_STRING_MAX * 5] = {0}; + unsigned int i=0, group_id=0, group_id_num=0; + unsigned int group_id_val[TFE_SYMBOL_MAX] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if (cmsg != NULL) + if(cmsg == NULL) { - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION, (unsigned char *)src_ip_location, sizeof(src_ip_location), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch src country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION, (unsigned char *)dst_ip_location, sizeof(dst_ip_location), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch dst country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } + return hit_cnt_ip; } - TFE_LOG_DEBUG(logger, "fetch src ip location: %s dst ip location: %s addr: %s", src_ip_location, dst_ip_location, stream->str_stream_info); - if (strlen(dst_ip_location)) + for(i=TFE_CMSG_SRC_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION), - dst_ip_location, strlen(dst_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, - &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) + scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size); + if (scan_ret == 0) { - TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, Hit location: %s scan ret: %d policy_id: %lld addr: %s", - dst_ip_location, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; + group_id_val[group_id_num] = group_id; + } + group_id_num++; + } + TFE_LOG_DEBUG(logger, "fetch src ip location group id num:%d val:%d,%d,%d,%d, addr: %s", group_id_num, group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info); + + struct maat_hit_group hit_group; + for (i = 0; i < group_id_num; i++) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=group_id_val[i]; + scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_SOURCE_GEO_COUNTRY+i))); + if (scan_ret > 0) + { + TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += scan_ret; } else { - TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s", - dst_ip_location, scan_ret, stream->str_stream_info); + TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION), - result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - *location_server = (char *)ALLOC(char, strlen(dst_ip_location)); - memcpy(*location_server,dst_ip_location,strlen(dst_ip_location)-1); } - if (strlen(src_ip_location)) + + group_id_num=0; + memset(group_id_val, 0, sizeof(group_id_val)); + for(i=TFE_CMSG_DST_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION), - src_ip_location, strlen(src_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, - &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) + scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size); + if (scan_ret == 0) { - TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, Hit location: %s scan ret: %d policy_id: %lld addr: %s", - src_ip_location, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; + group_id_val[group_id_num] = group_id; + } + group_id_num++; + } + TFE_LOG_DEBUG(logger, "fetch dst ip location group id num:%d val:%d,%d,%d,%d, addr: %s", group_id_num, group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info); + for (i = 0; i < group_id_num; i++) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=group_id_val[i]; + scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_DESTINATION_GEO_COUNTRY+i))); + if (scan_ret > 0) + { + TFE_LOG_INFO(logger, "Scan IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += scan_ret; } else { - TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s", - src_ip_location, scan_ret, stream->str_stream_info); + TFE_LOG_INFO(logger, "Scan IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION), - result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - *location_client = (char *)ALLOC(char, strlen(src_ip_location)); - memcpy(*location_client,src_ip_location, strlen(src_ip_location)-1); } - return hit_cnt_ip; } @@ -168,89 +178,61 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m int hit_cnt_ip = 0; size_t n_hit_result = 0; uint16_t opt_out_size; - char buff[TFE_STRING_MAX * 5] = {0}; - char src_asn[TFE_STRING_MAX] = {0}; - char dst_asn[TFE_STRING_MAX] = {0}; - char src_org[TFE_STRING_MAX] = {0}; - char dst_org[TFE_STRING_MAX] = {0}; + uint64_t src_asn_group_id=0, dst_asn_group_id=0; + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN, (unsigned char *)src_asn, sizeof(src_asn), &opt_out_size); + scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_ID, (unsigned char *)&src_asn_group_id, sizeof(src_asn_group_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN, (unsigned char *)dst_asn, sizeof(dst_asn), &opt_out_size); + scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_ID, (unsigned char *)&dst_asn_group_id, sizeof(dst_asn_group_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ORGANIZATION, (unsigned char *)src_org, sizeof(src_org), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch src org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ORGANIZATION, (unsigned char *)dst_org, sizeof(dst_org), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch dst org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } } - TFE_LOG_DEBUG(logger, "fetch src asn:%s org:%s; dst asn:%s org:%s addr: %s", src_asn, src_org, dst_asn, dst_org, stream->str_stream_info); + TFE_LOG_DEBUG(logger, "fetch src asn:%lu; dst asn:%lu addr: %s", src_asn_group_id, dst_asn_group_id, stream->str_stream_info); - if (strlen(dst_asn)) + struct maat_hit_group hit_group; + if (dst_asn_group_id > 0) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN), - dst_asn, strlen(dst_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, - &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=dst_asn_group_id; + scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN)); + if (scan_ret > 0) { - TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, Hit asn: %s scan ret: %d policy_id: %lld addr: %s", - dst_asn, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; + TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s", + dst_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += n_hit_result; } else { - TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s", - dst_asn, scan_ret, stream->str_stream_info); + TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, NO hit asn: %lu scan ret: %d addr: %s", + dst_asn_group_id, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN), - result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - memset(buff, 0, sizeof(buff)); - snprintf(buff, sizeof(buff), "%s", dst_asn); - *asn_server = tfe_strdup(buff); } - if (strlen(src_asn)) + if(src_asn_group_id > 0) { - scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN), - src_asn, strlen(src_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, - &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=src_asn_group_id; + scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN)); + if(scan_ret > 0) { - TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %s scan ret: %d policy_id: %lld addr: %s", - src_asn, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s", + src_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; + } else { - TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s", - src_asn, scan_ret, stream->str_stream_info); + TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %lu scan ret: %d addr: %s", + src_asn_group_id, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN), - result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - memset(buff, 0, sizeof(buff)); - snprintf(buff, sizeof(buff), "%s", src_asn); - *asn_client = tfe_strdup(buff); } + return hit_cnt_ip; } @@ -489,9 +471,9 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc { hit_cnt_ip += n_hit_result; } - - scan_ret = maat_scan_ipv6_port((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + + scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index c983571..5e04296 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -277,7 +277,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http hit_cnt += scan_ret; } - scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger, &(ctx->location_server), &(ctx->location_client)); + scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger); if (scan_ret > 0) { hit_cnt += scan_ret; diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp index f269969..db5c0ac 100644 --- a/plugin/business/doh/src/logger.cpp +++ b/plugin/business/doh/src/logger.cpp @@ -299,6 +299,42 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf) return 0; } +static int doh_get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj) +{ + unsigned int i=0, j=0; + char opt_val[128]={0}; uint16_t opt_out_size; + const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"}; + + for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) + { + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0) + { + cJSON_AddStringToObject(common_obj, client_geo_area_map[j], opt_val); + } + j++; + } + return 0; +} + +static int doh_get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj) +{ + unsigned int i=0, j=0; + char opt_val[128]={0}; uint16_t opt_out_size; + const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"}; + + for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) + { + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0) + { + cJSON_AddStringToObject(common_obj, server_geo_area_map[j], opt_val); + } + j++; + } + return 0; +} + int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, const struct tfe_stream *stream, struct doh_ctx *ctx) { struct doh_maat_rule_t *result = ctx->result; @@ -394,7 +430,7 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c default: break; } - size_t c2s_byte_num = 0, s2c_byte_num = 0; + size_t ret=0, c2s_byte_num = 0, s2c_byte_num = 0; tfe_stream_info_get(stream, INFO_FROM_DOWNSTREAM_RX_OFFSET, &c2s_byte_num, sizeof(c2s_byte_num)); tfe_stream_info_get(stream, INFO_FROM_UPSTREAM_RX_OFFSET, &s2c_byte_num, sizeof(s2c_byte_num)); @@ -432,22 +468,22 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c cJSON_AddStringToObject(common_obj, resp_fields[i].log_filed_name, tmp_val); } } - - if (ctx->location_client) + + if (cmsg!=NULL) { - cJSON_AddStringToObject(common_obj, "client_geolocation", ctx->location_client); - } - if (ctx->location_server) - { - cJSON_AddStringToObject(common_obj, "server_geolocation", ctx->location_server); - } - if (ctx->asn_client) - { - cJSON_AddStringToObject(common_obj, "client_asn", ctx->asn_client); - } - if (ctx->asn_server) - { - cJSON_AddStringToObject(common_obj, "server_asn", ctx->asn_server); + uint64_t src_asn=0, dst_asn=0; + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size); + if (ret == 0) + { + cJSON_AddNumberToObject(common_obj, "client_asn", src_asn); + } + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size); + if (ret == 0) + { + cJSON_AddNumberToObject(common_obj, "server_asn", dst_asn); + } + doh_get_ip_client_geolocation(cmsg, common_obj); + doh_get_ip_server_geolocation(cmsg, common_obj); } add_dns_info_to_log(common_obj, dns_info); diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 5e6f96b..6b17216 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -2933,7 +2933,7 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ { hit_cnt+=scan_ret; } - scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger, &(ctx->ip_ctx.location_server), &(ctx->ip_ctx.location_client)); + scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if(scan_ret>0) { hit_cnt+=scan_ret; diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index 4ae7203..f411a40 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -137,6 +137,42 @@ error_out: return NULL; } +static int get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj) +{ + unsigned int i=0, j=0; + char opt_val[128]={0}; uint16_t opt_out_size; + const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"}; + + for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) + { + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0) + { + cJSON_AddStringToObject(per_hit_obj, client_geo_area_map[j], opt_val); + } + j++; + } + return 0; +} + +static int get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj) +{ + unsigned int i=0, j=0; + char opt_val[128]={0}; uint16_t opt_out_size; + const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"}; + + for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) + { + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0) + { + cJSON_AddStringToObject(per_hit_obj, server_geo_area_map[j], opt_val); + } + j++; + } + return 0; +} + int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) { const struct tfe_http_session* http=log_msg->http; @@ -390,21 +426,21 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) { cJSON_AddStringToObject(per_hit_obj, "proxy_action", panggu_action_map[(unsigned char)(log_msg->result[i].action)]); } - if(log_msg->location_client) - { - cJSON_AddStringToObject(per_hit_obj, "client_geolocation", log_msg->location_client); - } - if(log_msg->location_server) - { - cJSON_AddStringToObject(per_hit_obj, "server_geolocation", log_msg->location_server); - } - if(log_msg->asn_client) + if (cmsg!=NULL) { - cJSON_AddStringToObject(common_obj, "client_asn", log_msg->asn_client); - } - if (log_msg->asn_server) - { - cJSON_AddStringToObject(common_obj, "server_asn", log_msg->asn_server); + uint64_t src_asn=0, dst_asn=0; + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size); + if (ret == 0) + { + cJSON_AddNumberToObject(per_hit_obj, "client_asn", src_asn); + } + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size); + if (ret == 0) + { + cJSON_AddNumberToObject(per_hit_obj, "server_asn", dst_asn); + } + get_ip_client_geolocation(cmsg, per_hit_obj); + get_ip_server_geolocation(cmsg, per_hit_obj); } log_payload = cJSON_PrintUnformatted(per_hit_obj); diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 6b27e75..2a1e864 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -416,24 +416,60 @@ }, { "table_id":39, - "table_name":"ATTR_SOURCE_LOCATION", + "table_name":"ATTR_SOURCE_GEO_COUNTRY", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, - { + { "table_id":40, - "table_name":"ATTR_DESTINATION_LOCATION", + "table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":41, + "table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":42, + "table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":43, + "table_name":"ATTR_DESTINATION_GEO_COUNTRY", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":44, + "table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":45, + "table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":46, + "table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":41, + "table_id":47, "table_name":"ATTR_DOH_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":42, + "table_id":48, "table_name":"PXY_SSL_FINGERPRINT", "table_type":"plugin", "valid_column":4, @@ -443,7 +479,7 @@ } }, { - "table_id":43, + "table_id":49, "table_name":"PXY_PROFILE_RUN_SCRIPTS", "table_type":"plugin", "valid_column":4, @@ -454,7 +490,7 @@ } }, { - "table_id":44, + "table_id":50, "table_name":"PXY_PROFILE_TCP_OPTION", "table_type":"plugin", "valid_column":6, @@ -464,7 +500,7 @@ } }, { - "table_id":45, + "table_id":51, "table_name":"SERVICE_CHAINING_COMPILE", "table_type":"plugin", "valid_column":9, @@ -474,7 +510,7 @@ } }, { - "table_id": 46, + "table_id": 52, "table_name": "APP_ID_DICT", "table_type": "plugin", "valid_column": 19, @@ -485,31 +521,31 @@ } }, { - "table_id":47, + "table_id":53, "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" }, { - "table_id":48, + "table_id":54, "table_name":"ATTR_SUBSCRIBER_ID", "table_type":"virtual", "physical_table": "TSG_OBJ_SUBSCRIBER_ID" }, { - "table_id":49, + "table_id":55, "table_name":"ATTR_INTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":50, + "table_id":56, "table_name":"ATTR_EXTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":51, + "table_id":57, "table_name": "TSG_IP_PROTOCOL", "table_type": "plugin", "valid_column": 4, @@ -520,7 +556,7 @@ } }, { - "table_id":52, + "table_id":58, "table_name":"TSG_OBJ_PORT", "table_type":"interval", "valid_column":5, @@ -532,31 +568,31 @@ } }, { - "table_id":53, + "table_id":59, "table_name": "ATTR_SOURCE_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":54, + "table_id":60, "table_name": "ATTR_DESTINATION_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":55, + "table_id":61, "table_name": "ATTR_INTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":56, + "table_id":62, "table_name": "ATTR_EXTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":57, + "table_id":63, "table_name": "ATTR_IP_PROTOCOL", "table_type": "virtual", "physical_table": "TSG_IP_PROTOCOL"