gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-22707 tfe adapts to maat interface changes

Browse Source
This commit is contained in:
fengweihao
2024-09-29 20:01:49 +08:00
parent a94b7d55b5
commit a032f97535
16 changed files with 909 additions and 1361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
plugin/business/doh/src/doh.cpp
View File

@@ -118,7 +118,7 @@ static cJSON *doh_get_answer_records(struct doh_ctx *ctx, cJSON *object, int qty
return NULL;
}
void doh_action_param_free_cb(int table_id, void **ad, long argl, void *argp)
void doh_action_param_free_cb(const char *table_name, void **ad, long argl, void *argp)
{
if(*ad==NULL)
{
@@ -135,14 +135,14 @@ void doh_action_param_free_cb(int table_id, void **ad, long argl, void *argp)
pthread_mutex_unlock(&(param->lock));
pthread_mutex_destroy(&(param->lock));
if(param->hit_rule.srv_def_large)
FREE(&(param->hit_rule.srv_def_large))
if(param->hit_rule.action_parameter)
FREE(&(param->hit_rule.action_parameter))
FREE(&(param));
return;
}
static void doh_get_cheat_data(long long p_result, int qtype, struct doh_ctx *ctx, const char *str_stream_info)
static void doh_get_cheat_data(uuid_t p_result, int qtype, struct doh_ctx *ctx, const char *str_stream_info)
{
int i;
int answer_size = 0;
@@ -150,28 +150,24 @@ static void doh_get_cheat_data(long long p_result, int qtype, struct doh_ctx *ct
cJSON *item = NULL;
cJSON *object = NULL;
cJSON *answer_array = NULL;
int table_id=0;
table_id=maat_get_table_id(g_doh_conf->maat, "PXY_CTRL_COMPILE_PLUGIN");
if(table_id < 0)
{
return;
}
struct doh_action_param *get_ex_param=(struct doh_action_param *)maat_plugin_table_get_ex_data(g_doh_conf->maat, table_id, (const char *)&p_result, sizeof(p_result));
char result_str[UUID_STRING_SIZE]={0};
uuid_unparse(p_result, result_str);
struct doh_action_param *get_ex_param=(struct doh_action_param *)maat_plugin_table_get_ex_data(g_doh_conf->maat, "PXY_CTRL_RULE_PLUGIN", result_str, strlen(result_str));
if(get_ex_param==NULL)
{
return;
}
struct doh_maat_rule_t *hit_rule = &(get_ex_param->hit_rule);
if(hit_rule==NULL || hit_rule->srv_def_large==NULL)
if(hit_rule==NULL || hit_rule->action_parameter==NULL)
{
goto end;
}
memcpy(ctx->result, hit_rule, sizeof(struct doh_maat_rule_t));
TFE_LOG_INFO(g_doh_conf->local_logger, "%s hit %lld %s", str_stream_info, p_result, hit_rule->srv_def_large);
TFE_LOG_INFO(g_doh_conf->local_logger, "%s hit %s %s", str_stream_info, result_str, hit_rule->action_parameter);
object = cJSON_Parse(hit_rule->srv_def_large);
object = cJSON_Parse(hit_rule->action_parameter);
if (object == NULL)
{
goto end;
@@ -240,26 +236,25 @@ end:
}
}
static long long doh_fetch_rule(long long *result, int result_num)
static int doh_fetch_rule(uuid_t *result, uuid_t p_result, int result_num)
{
int i = 0;
long long p_result = 0;
uuid_clear(p_result);
for (i = 0; i < result_num && i < MAX_SCAN_RESULT; i++)
for (int i = 0; i < result_num && i < MAX_SCAN_RESULT; i++)
{
if (p_result == 0)
if (uuid_is_null(p_result) == 1)
{
p_result = result[i];
uuid_copy(p_result, result[i]);
continue;
}
if (result[i] > p_result)
if(uuid_compare(result[i], p_result) > 0)
{
p_result = result[i];
uuid_copy(p_result, result[i]);
}
}
return p_result;
return 0;
}
static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http_session *session, struct doh_ctx *ctx, char *qname, int qtype)
@@ -268,8 +263,9 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
int scan_ret = 0;
size_t n_hit_result;
struct ipaddr sapp_addr;
long long p_result = 0;
long long result[MAX_SCAN_RESULT];
uuid_t p_result;
uuid_t result[MAX_SCAN_RESULT]={0};
char result_str[UUID_STRING_SIZE]={0};
scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
if (scan_ret > 0)
@@ -287,27 +283,29 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
const char *host = session->req->req_spec.host;
if (host)
{
scan_ret = maat_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_HOST].id,host, strlen(host),
scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", host, strlen(host),
result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit host: %s scan ret: %d policy_id: %lld addr: %s",
g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, result[hit_cnt], stream->str_stream_info);
memset(result_str, 0, sizeof(result_str));
uuid_unparse(result[hit_cnt], result_str);
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit host: %s scan ret: %d policy_id: %s addr: %s",
"ATTR_SERVER_FQDN", host, scan_ret, result_str, stream->str_stream_info);
hit_cnt += n_hit_result;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit host: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, stream->str_stream_info);
"ATTR_SERVER_FQDN", host, scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic(g_doh_conf->maat, g_doh_conf->tables[TYPE_HOST].id,
scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN",
result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger);
scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
if (scan_ret > 0)
{
hit_cnt += scan_ret;
@@ -344,7 +342,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
}
// scan appid
long long app_id = 8006;
scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_doh_conf->tables[TYPE_APPID].id);
scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id);
if(scan_ret > 0)
{
hit_cnt += scan_ret;
@@ -355,22 +353,24 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
{
hit_cnt += scan_ret;
}
// scan qname
scan_ret = maat_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_QNAME].id, qname, strlen(qname),
scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_DOH_QNAME", qname, strlen(qname),
result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit domain: %s scan ret: %d qtype: %d policy_id: %lld addr: %s",
g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, qtype, result[hit_cnt], stream->str_stream_info);
memset(result_str, 0, sizeof(result_str));
uuid_unparse(result[hit_cnt], result_str);
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit domain: %s scan ret: %d qtype: %d policy_id: %s addr: %s",
"ATTR_DOH_QNAME", qname, scan_ret, qtype, result_str, stream->str_stream_info);
hit_cnt += n_hit_result;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, stream->str_stream_info);
"ATTR_DOH_QNAME", qname, scan_ret, stream->str_stream_info);
}
scan_ret = maat_scan_not_logic(g_doh_conf->maat, g_doh_conf->tables[TYPE_QNAME].id,
scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_DOH_QNAME",
result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
@@ -379,8 +379,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
if (hit_cnt)
{
p_result = doh_fetch_rule(result, hit_cnt);
if (p_result != 0)
doh_fetch_rule(result, p_result, hit_cnt);
if (uuid_is_null(p_result) != 1)
{
ctx->result_num = 1;
ctx->result = ALLOC(struct doh_maat_rule_t, ctx->result_num);
@@ -389,26 +389,6 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
}
}
static int doh_maat_init(const char *profile, const char *section)
{
g_doh_conf->maat = tfe_get_maat_handle();
MESA_load_profile_string_def(profile, section, "table_appid", g_doh_conf->tables[TYPE_APPID].name, TFE_STRING_MAX, "ATTR_APP_ID");
MESA_load_profile_string_def(profile, section, "table_qname", g_doh_conf->tables[TYPE_QNAME].name, TFE_STRING_MAX, "ATTR_DOH_QNAME");
MESA_load_profile_string_def(profile, section, "table_host", g_doh_conf->tables[TYPE_HOST].name, TFE_STRING_MAX, "ATTR_SERVER_FQDN");
for (int i = 0; i < TYPE_MAX; i++)
{
g_doh_conf->tables[i].id = maat_get_table_id(g_doh_conf->maat, g_doh_conf->tables[i].name);
if (g_doh_conf->tables[i].id < 0)
{
TFE_LOG_ERROR(g_doh_conf->local_logger, "maat_get_table_id failed, table_name: %s", g_doh_conf->tables[i].name);
return -1;
}
}
return 0;
}
static void doh_gc_cb(evutil_socket_t fd, short what, void *arg)
{
int i = 0;
@@ -664,12 +644,6 @@ int doh_on_init(struct tfe_proxy *proxy)
TFE_LOG_ERROR(NULL, "Doh init kafka failed.");
goto error;
}
if (doh_maat_init(profile, "maat") != 0)
{
TFE_LOG_ERROR(NULL, "Doh init maat failed.");
goto error;
}
TFE_LOG_INFO(g_doh_conf->local_logger, "Doh init success.");
success:
@@ -838,7 +812,7 @@ void doh_send_metric_log(const struct tfe_stream * stream, struct doh_ctx *ctx,
}
fieldstat->tags[thread_id][TAG_VSYS_ID].value_longlong = ctx->result->vsys_id;
fieldstat->tags[thread_id][TAG_RULE_ID].value_longlong = ctx->result->config_id;
fieldstat->tags[thread_id][TAG_RULE_ID].value_str = ctx->result->config_uuid_string;
fieldstat->tags[thread_id][TAG_ACTION].value_longlong = 48;
fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = "redirect";