gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14704 用户自定义域中带有特殊字符策略无法生效

Browse Source 
TSG-14703 扫描ip和app_id后策略没有执行
This commit is contained in:
fengweihao
2023-04-13 14:34:34 +08:00
parent 77927208f9
commit 915dd00731
3 changed files with 100 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugin/business/doh/src/doh.cpp
View File

@@ -319,14 +319,14 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
if (sapp_addr.addrtype == ADDR_TYPE_IPV4)
{
scan_ret = maat_scan_ipv4(g_doh_conf->maat, g_doh_conf->tables[TYPE_SRC_ADDR].id,sapp_addr.v4->saddr,
sapp_addr.v4->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v4->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if (n_hit_result == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
scan_ret = maat_scan_ipv4(g_doh_conf->maat, g_doh_conf->tables[TYPE_DST_ADDR].id,sapp_addr.v4->daddr,
sapp_addr.v4->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v4->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
@@ -337,14 +337,14 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
if (sapp_addr.addrtype == ADDR_TYPE_IPV6)
{
scan_ret = maat_scan_ipv6(g_doh_conf->maat, g_doh_conf->tables[TYPE_SRC_ADDR].id, sapp_addr.v6->saddr,
sapp_addr.v6->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v6->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
scan_ret = maat_scan_ipv6(g_doh_conf->maat,g_doh_conf->tables[TYPE_DST_ADDR].id, sapp_addr.v6->daddr,
sapp_addr.v6->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v6->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{

53
plugin/business/tsg-http/src/tsg_http.cpp
View File

@@ -387,6 +387,43 @@ void octal_utf8_escapes(char *input)
return;
}
char* str_unescape(char* s)
{
int i=0,j=0;
int len=strlen(s);
for(i=0,j=0;i<len;i++)
{
if(s[i]=='\\')
{
switch(s[i+1])
{
case '&':
s[j]='&';
break;
case 'b':
s[j]=' ';
break;
case '\\':
s[j]='\\';
break;
default:
s[j]=s[i];
i--;
break;
}
i++;
j++;
}
else
{
s[j]=s[i];
j++;
}
}
s[j]='\0';
return s;
}
void policy_action_param_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp)
{
int ret=0;
@@ -405,6 +442,8 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k
}
*ad=NULL;
str_unescape(srv_def_large);
int serv_def_len=strlen(srv_def_large);
if((unsigned int)serv_def_len<strlen("{}")+1)
{
@@ -1531,6 +1570,10 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit,
{
*param=(struct policy_action_param*)ex_data;
}
if(hit_rules)
{
FREE(&hit_rules);
}
return PX_ACTION_WHITELIST;
}
@@ -3103,14 +3146,14 @@ void proxy_on_http_begin(const struct tfe_stream * stream,
if (sapp_addr.addrtype == ADDR_TYPE_IPV4)
{
scan_ret = maat_scan_ipv4(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_SOURCE_ADDR],
sapp_addr.v4->saddr, sapp_addr.v4->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v4->saddr, sapp_addr.v4->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if (n_hit_result == MAAT_SCAN_HIT)
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
scan_ret = maat_scan_ipv4(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_DESTINATION_ADDR],
sapp_addr.v4->daddr, sapp_addr.v4->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v4->daddr, sapp_addr.v4->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
@@ -3121,14 +3164,14 @@ void proxy_on_http_begin(const struct tfe_stream * stream,
if (sapp_addr.addrtype == ADDR_TYPE_IPV6)
{
scan_ret = maat_scan_ipv6(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_SOURCE_ADDR],
sapp_addr.v6->saddr, sapp_addr.v6->source, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v6->saddr, sapp_addr.v6->source, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
scan_ret = maat_scan_ipv6(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_DESTINATION_ADDR],
sapp_addr.v6->daddr, sapp_addr.v6->dest, 0, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
sapp_addr.v6->daddr, sapp_addr.v6->dest, 6, result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{