gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-20137 Proxy支持Geolication Object和Asn Object及对应日志展示

Browse Source
This commit is contained in:
fengweihao
2024-03-26 19:02:14 +08:00
committed by luwenpeng
parent fc380a65c8
commit 8a2dcfcb31
9 changed files with 274 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

212
common/src/tfe_scan.cpp
View File

@@ -68,7 +68,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st
TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
dest_subscribe_id, scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID),
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID),
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
@@ -79,85 +79,95 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st
return hit_cnt_ip;
}
int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid,
int hit_cnt, void *logger, char **location_server, char **location_client)
static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id)
{
size_t n_hit_result=0;
int scan_ret=0, hit_cnt_group=0;
scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, &hit_group, 1,
result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_group+=n_hit_result;
}
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_group,
MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_group+=n_hit_result;
}
return hit_cnt_group;
}
int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger)
{
int scan_ret = 0;
int hit_cnt_ip = 0;
size_t n_hit_result = 0;
uint16_t opt_out_size;
char src_ip_location[TFE_STRING_MAX * 5] = {0};
char dst_ip_location[TFE_STRING_MAX * 5] = {0};
unsigned int i=0, group_id=0, group_id_num=0;
unsigned int group_id_val[TFE_SYMBOL_MAX] = {0};
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
if (cmsg != NULL)
if(cmsg == NULL)
{
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION, (unsigned char *)src_ip_location, sizeof(src_ip_location), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION, (unsigned char *)dst_ip_location, sizeof(dst_ip_location), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
return hit_cnt_ip;
}
TFE_LOG_DEBUG(logger, "fetch src ip location: %s dst ip location: %s addr: %s", src_ip_location, dst_ip_location, stream->str_stream_info);
if (strlen(dst_ip_location))
for(i=TFE_CMSG_SRC_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2)
{
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION),
dst_ip_location, strlen(dst_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size);
if (scan_ret == 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, Hit location: %s scan ret: %d policy_id: %lld addr: %s",
dst_ip_location, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += n_hit_result;
group_id_val[group_id_num] = group_id;
}
group_id_num++;
}
TFE_LOG_DEBUG(logger, "fetch src ip location group id num:%d val:%d,%d,%d,%d, addr: %s", group_id_num, group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info);
struct maat_hit_group hit_group;
for (i = 0; i < group_id_num; i++)
{
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=group_id_val[i];
scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_SOURCE_GEO_COUNTRY+i)));
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s",
dst_ip_location, scan_ret, stream->str_stream_info);
TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION),
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip += n_hit_result;
}
*location_server = (char *)ALLOC(char, strlen(dst_ip_location));
memcpy(*location_server,dst_ip_location,strlen(dst_ip_location)-1);
}
if (strlen(src_ip_location))
group_id_num=0;
memset(group_id_val, 0, sizeof(group_id_val));
for(i=TFE_CMSG_DST_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2)
{
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION),
src_ip_location, strlen(src_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size);
if (scan_ret == 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, Hit location: %s scan ret: %d policy_id: %lld addr: %s",
src_ip_location, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += n_hit_result;
group_id_val[group_id_num] = group_id;
}
group_id_num++;
}
TFE_LOG_DEBUG(logger, "fetch dst ip location group id num:%d val:%d,%d,%d,%d, addr: %s", group_id_num, group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info);
for (i = 0; i < group_id_num; i++)
{
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=group_id_val[i];
scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_DESTINATION_GEO_COUNTRY+i)));
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s",
src_ip_location, scan_ret, stream->str_stream_info);
TFE_LOG_INFO(logger, "Scan IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION),
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip += n_hit_result;
}
*location_client = (char *)ALLOC(char, strlen(src_ip_location));
memcpy(*location_client,src_ip_location, strlen(src_ip_location)-1);
}
return hit_cnt_ip;
}
@@ -168,89 +178,61 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m
int hit_cnt_ip = 0;
size_t n_hit_result = 0;
uint16_t opt_out_size;
char buff[TFE_STRING_MAX * 5] = {0};
char src_asn[TFE_STRING_MAX] = {0};
char dst_asn[TFE_STRING_MAX] = {0};
char src_org[TFE_STRING_MAX] = {0};
char dst_org[TFE_STRING_MAX] = {0};
uint64_t src_asn_group_id=0, dst_asn_group_id=0;
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
if (cmsg != NULL)
{
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN, (unsigned char *)src_asn, sizeof(src_asn), &opt_out_size);
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_ID, (unsigned char *)&src_asn_group_id, sizeof(src_asn_group_id), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN, (unsigned char *)dst_asn, sizeof(dst_asn), &opt_out_size);
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_ID, (unsigned char *)&dst_asn_group_id, sizeof(dst_asn_group_id), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ORGANIZATION, (unsigned char *)src_org, sizeof(src_org), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ORGANIZATION, (unsigned char *)dst_org, sizeof(dst_org), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info);
}
}
TFE_LOG_DEBUG(logger, "fetch src asn:%s org:%s; dst asn:%s org:%s addr: %s", src_asn, src_org, dst_asn, dst_org, stream->str_stream_info);
TFE_LOG_DEBUG(logger, "fetch src asn:%lu; dst asn:%lu addr: %s", src_asn_group_id, dst_asn_group_id, stream->str_stream_info);
if (strlen(dst_asn))
struct maat_hit_group hit_group;
if (dst_asn_group_id > 0)
{
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN),
dst_asn, strlen(dst_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=dst_asn_group_id;
scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN));
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, Hit asn: %s scan ret: %d policy_id: %lld addr: %s",
dst_asn, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += n_hit_result;
TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s",
dst_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += n_hit_result;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s",
dst_asn, scan_ret, stream->str_stream_info);
TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, NO hit asn: %lu scan ret: %d addr: %s",
dst_asn_group_id, scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN),
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip += n_hit_result;
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s", dst_asn);
*asn_server = tfe_strdup(buff);
}
if (strlen(src_asn))
if(src_asn_group_id > 0)
{
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN),
src_asn, strlen(src_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=src_asn_group_id;
scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN));
if(scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %s scan ret: %d policy_id: %lld addr: %s",
src_asn, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s",
src_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info);
hit_cnt_ip += n_hit_result;
}
else
{
TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s",
src_asn, scan_ret, stream->str_stream_info);
TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %lu scan ret: %d addr: %s",
src_asn_group_id, scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN),
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip += n_hit_result;
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s", src_asn);
*asn_client = tfe_strdup(buff);
}
return hit_cnt_ip;
}
@@ -489,9 +471,9 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc
{
hit_cnt_ip += n_hit_result;
}
scan_ret = maat_scan_ipv6_port((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source),
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr,
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip += n_hit_result;