TSG-23705 Fix array_size error in last_hit_objects causing coredump TSG-23454 Supports streaming scanning of HTTP request/response headers

2024-11-12 15:44:10 +08:00
parent 1620b69329
commit aa98cf915e
4 changed files with 39 additions and 40 deletions
--- a/resource/pangu/doh.json
+++ b/resource/pangu/doh.json
@@ -63,35 +63,35 @@
        {
            "table_name": "TRAFFIC_MIRRORING_PROFILE",
            "table_content": [
-                {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1}
+                {"uuid":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1}
            ]
        },
 		{		
            "table_name": " DECRYPTION_PROFILE",
            "table_content": [
-                {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
-                {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
-                {"uuid":"DECRYPT0-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
+                {"uuid":"00000000-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
+                {"uuid":"00000000-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}
            ]
        },
 		{
            "table_name": "PXY_INTERCEPT_RULE",
            "table_content": [
-                {"uuid":"INTERCEP-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1},
-                {"uuid":"INTERCEP-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"TRAFFIC0-MIRR-0000-0000-000000000001"}},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000002","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1},
+                {"uuid":"00000000-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000002","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8"}},"is_valid":1}
            ]
        },
        {
            "table_name": "SERVICE_CHAINING_RULE",
            "table_content": [
-                {"uuid":"SC000000-0000-0000-1111-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1},
-                {"uuid":"SC000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1},
+                {"uuid":"00000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}
            ]
        },
        {
            "table_name": "PROXY_TCP_OPTION_PROFILE",
            "table_content": [
-                {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
            ]
        },
 		{
--- a/resource/pangu/pangu_http.json
+++ b/resource/pangu/pangu_http.json
@@ -5,10 +5,10 @@
        {
            "uuid": "00001021-0000-0000-0000-000000000000",
            "service": 1,
-            "action": "manipulate",
+            "action": "redirect",
            "blacklist_option": 1,
            "log_option": "all",
-            "action_parameter": {"protocol":"http","method":"redirect","code":302,"to":"https://www.jd.com"},
+            "action_parameter": {"code":302,"to":"https://www.jd.com"},
            "is_valid": "yes",
            "and_conditions": [
                {
@@ -40,10 +40,10 @@
        {
            "uuid": "00001023-0000-0000-0000-000000000000",
            "service": 1,
-            "action": "manipulate",
+            "action": "modify",
            "blacklist_option": 1,
-            "log_option": "all",
-            "action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}]},
+            "log_option": "all",	    
+            "action_parameter": {"rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}],"vsys_id":1,"sub_action":"replace_text"},
            "is_valid": "yes",
            "and_conditions": [
                {
@@ -55,7 +55,7 @@
                                    "table_name": "TSG_OBJ_FQDN",
                                    "table_type": "expr",
                                    "table_content": {
-                                        "expression": "baidu.com",
+                                        "expression": "126.com",
                                        "expr_type": "and"
                                    }
                                }
@@ -68,10 +68,10 @@
        {
            "uuid": "00001026-0000-0000-0000-000000000000",
            "service": 1,
-            "action": "manipulate",
+            "action": "deny",
            "blacklist_option": 1,
            "log_option": "all",
-            "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"},
+            "action_parameter":{"sub_action":"block","message":"E33F01E50AFE043191931DD40190B09B","code":404,"vsys_id":1},
            "is_valid": "yes",
            "and_conditions": [
                {
@@ -113,10 +113,10 @@
        {
            "uuid": "00001028-0000-0000-0000-000000000000",
            "service": 1,
-            "action": "manipulate",
+            "action": "deny",
            "blacklist_option": 1,
            "log_option": "all",
-            "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"},
+            "action_parameter": {"sub_action":"block","message":"E33F01E50AFE043191931DD40190B09B","code":404,"vsys_id":1},
            "is_valid": "yes",
            "and_conditions": [
                {
@@ -143,7 +143,7 @@
        {
            "table_name": "TRAFFIC_MIRRORING_PROFILE",
            "table_content": [
-                {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1}
+                {"uuid":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1}
            ]
        },
        {
@@ -165,31 +165,31 @@
            ]
        },
 		{		
-            "table_name": " DECRYPTION_PROFILE",
+            "table_name": "DECRYPTION_PROFILE",
            "table_content": [
-                {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
-                {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
-                {"uuid":"DECRYPT0-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1},
+                {"uuid":"00000000-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1},
+                {"uuid":"00000000-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}
            ]
        },
 		{
            "table_name": "PXY_INTERCEPT_RULE",
            "table_content": [
-                {"uuid":"INTERCEP-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1},
-                {"uuid":"INTERCEP-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"TRAFFIC0-MIRR-0000-0000-000000000001"}},"is_valid":1}
+                {"uuid":"37828c5a-bbb7-42d2-87fa-2c29b91f22c3","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000001","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1},
+                {"uuid":"00000000-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000002","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8"}},"is_valid":1}
            ]
        },
        {
            "table_name": "SERVICE_CHAINING_RULE",
            "table_content": [
-                {"uuid":"SC000000-0000-0000-1111-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1},
-                {"uuid":"SC000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1},
+                {"uuid":"00000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}
            ]
        },
        {
            "table_name": "PROXY_TCP_OPTION_PROFILE",
            "table_content": [
-                {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
+                {"uuid":"00000000-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1}
            ]
        },
 		{