diff --git a/common/include/tfe_resource.h b/common/include/tfe_resource.h index fff74d7..060a967 100644 --- a/common/include/tfe_resource.h +++ b/common/include/tfe_resource.h @@ -22,16 +22,6 @@ enum scan_common_table PXY_CTRL_INTERNAL_PORT, PXY_CTRL_EXTERNAL_PORT, PXY_CTRL_IP_PROTOCOL, - PXY_CTRL_SOURCE_ASN, - PXY_CTRL_DESTINATION_ASN, - PXY_CTRL_SOURCE_GEO_COUNTRY, - PXY_CTRL_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA, - PXY_CTRL_SOURCE_GEO_ADMINISTRATIVE_AREA, - PXY_CTRL_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA, - PXY_CTRL_DESTINATION_GEO_COUNTRY, - PXY_CTRL_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA, - PXY_CTRL_DESTINATION_GEO_ADMINISTRATIVE_AREA, - PXY_CTRL_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA, PXY_CTRL_SUBSCRIBER_ID, PXY_CTRL_APP_ID_DICT, __SCAN_COMMON_TABLE_MAX diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index ea0d53b..cc3f3ac 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -3,10 +3,9 @@ #include #define MAX_SCAN_RESULT 16 -int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, void *logger); -int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); -int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_fqdn_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id, void *logger); int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id); int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 3203775..b1faa32 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -103,7 +103,7 @@ static struct maat *create_maat_feather(const char *instance_name, const char *p { struct maat *target=NULL; int input_mode = 0, maat_stat_on = 0, maat_perf_on = 0; - int ret = 0, effect_interval = 60, log_level=0; + int ret = 0, effect_interval = 60, log_level=0, max_size_mb=0; char table_info[TFE_STRING_MAX] = {0}, inc_cfg_dir[TFE_STRING_MAX] = {0}, ful_cfg_dir[TFE_STRING_MAX] = {0}; char redis_server[TFE_STRING_MAX] = {0}; char redis_port_range[TFE_STRING_MAX] = {0}; @@ -130,11 +130,13 @@ static struct maat *create_maat_feather(const char *instance_name, const char *p MESA_load_profile_int_def(profile, section, "effect_interval_s", &(effect_interval), 60); MESA_load_profile_int_def(profile, section, "deferred_load_on", &(deferred_load_on), 0); MESA_load_profile_int_def(profile, section, "log_level", &(log_level), LOG_LEVEL_FATAL); + MESA_load_profile_int_def(profile, section, "log_max_size_mb", &(max_size_mb), 0); effect_interval *= 1000; //convert s to ms struct maat_options *opts = maat_options_new(); maat_options_set_logger(opts, "log/maat.log", (enum log_level)log_level); + //maat_options_set_log_file_max_size(opts, max_size_mb); maat_options_set_instance_name(opts, instance_name); maat_options_set_caller_thread_number(opts, max_thread); switch (input_mode) @@ -329,16 +331,6 @@ static int maat_common_table_init() table_name[PXY_CTRL_INTERNAL_PORT] = "ATTR_INTERNAL_PORT"; table_name[PXY_CTRL_EXTERNAL_PORT] = "ATTR_EXTERNAL_PORT"; table_name[PXY_CTRL_IP_PROTOCOL] = "ATTR_IP_PROTOCOL"; - table_name[PXY_CTRL_SOURCE_ASN] = "ATTR_SOURCE_ASN"; - table_name[PXY_CTRL_DESTINATION_ASN]="ATTR_DESTINATION_ASN"; - table_name[PXY_CTRL_SOURCE_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY"; - table_name[PXY_CTRL_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_SOURCE_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_DESTINATION_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY"; - table_name[PXY_CTRL_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_DESTINATION_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA"; - table_name[PXY_CTRL_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"; table_name[PXY_CTRL_SUBSCRIBER_ID] = "ATTR_SUBSCRIBER_ID"; table_name[PXY_CTRL_APP_ID_DICT] = "APP_ID_DICT"; diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index a886e68..7c2d08c 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -3,6 +3,446 @@ #include #include +static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id) +{ + size_t n_hit_result=0; + int scan_ret=0, hit_cnt_group=0; + + scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, + result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + return hit_cnt_group; +} + +int tfe_get_tags_id_array(char *tag_ids, long long *tag_id_array) +{ + if(tag_ids==NULL) + { + return 0; + } + + int n_tag_ids=0; + char *tag_ids_tmp = ALLOC(char, strlen(tag_ids)+1); + strcpy(tag_ids_tmp, tag_ids); + + char *tag_ids_str=strtok(tag_ids_tmp, ","); + while(tag_ids_str!=NULL && n_tag_ids < 128) + { + tag_id_array[n_tag_ids++]=strtoll(tag_ids_str, NULL, 10); + tag_ids_str=strtok(NULL, ","); + } + FREE(&tag_ids_tmp); + return n_tag_ids; +} + +static int get_route_dir(const struct tfe_stream * stream) +{ + uint16_t out_size; + unsigned int route_dir; int ret=0; + + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); + if (cmsg != NULL) + { + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); + if (ret != 0) + { + return ret; + } + } + return (route_dir==69) ? 1 : 0; +} + +int get_table_id(const struct tfe_stream *stream, enum scan_common_table table_type) +{ + int table_id = 0, c2s = 0; + int dir_is_e2i = get_route_dir(stream); + + if (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP || table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) + { + c2s = (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_SOURCE_PORT) ? 1 : 0; + + if(table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP) + { + table_id = (c2s == dir_is_e2i) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); + } + if(table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) + { + table_id = (c2s == dir_is_e2i) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); + } + } + return table_id; +} + +int tfe_scan_internal_exteral_by_last_group(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, enum scan_common_table table_type) +{ + size_t array_size=256, n_hit_result = 0; + int hit_cnt_group = 0, scan_ret = 0, table_id = 0; + struct maat_hit_group last_hit_groups[256] = {0}; + + table_id = get_table_id(stream, table_type); + if(table_id <= 0) + { + return hit_cnt_group; + } + + size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); + if(n_last_hit_group > 0) + { + maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); + scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group += n_hit_result; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, + result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group += n_hit_result; + } + } + return hit_cnt_group; +} + +/**for Provisional compilation definitions**/ +#define TFE_CMSG_FQDN_TAGS_ID_STR 60 /*1,2,3,4,5*/ +#define TFE_CMSG_SRC_TAGS_ID_STR 61 /*11,12,13,14*/ +#define TFE_CMSG_DST_TAGS_ID_STR 62 /*6,7,8,9,10*/ +#define TFE_CMSG_FQDN_TAGS_LOG_STR 63 /*"Category Name:Search Engines, Cloude Provider:aws, CDN Provider:aws, category_name: ab"*/ +#define TFE_CMSG_SRC_TAGS_LOG_STR 64 /*"administrative_area:Singapore, country:Singapore", CDN Provider:Light CDN*/ +#define TFE_CMSG_DST_TAGS_LOG_STR 65 /*"ASN:55967, CDN Provider:Light CDN, country:Hong Kong"*/ + +int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) +{ + size_t n_hit_result = 0; + long long tag_id_array[128]={0}; + int scan_ret = 0, hit_cnt_ip = 0, n_tag_ids = 0; + + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); + if(cmsg == NULL) + { + return hit_cnt_ip; + } + + char opt_val[128]={0}; uint16_t opt_out_size = 0; + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_SRC_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if(ret == 0) + { + n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); + if(n_tag_ids == 0) + { + return hit_cnt_ip; + } + } + TFE_LOG_DEBUG(logger, "fetch src ip tags: %s", opt_val); + struct maat_hit_group hit_group; + for (int i = 0; i < n_tag_ids; i++) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=tag_id_array[i]; + + scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), &hit_group, 1, result+hit_cnt+hit_cnt_ip, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + TFE_LOG_INFO(logger, "Scan Src TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += scan_ret; + } + else + { + TFE_LOG_INFO(logger, "Scan Src TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + } + + n_tag_ids=0; + memset(tag_id_array, 0, sizeof(tag_id_array)); + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_DST_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if(ret == 0) + { + n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); + if(n_tag_ids == 0) + { + return hit_cnt_ip; + } + } + TFE_LOG_DEBUG(logger, "fetch dst ip tags: %s", opt_val); + for (int i = 0; i < n_tag_ids; i++) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=tag_id_array[i]; + scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), &hit_group, 1, result+hit_cnt+hit_cnt_ip, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + TFE_LOG_INFO(logger, "Scan Dst TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); + hit_cnt_ip += scan_ret; + } + else + { + TFE_LOG_INFO(logger, "Scan Dst TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + } + return hit_cnt_ip; +} + +int tfe_scan_fqdn_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id, void *logger) +{ + long long tag_id_array[128]={0}; + int scan_ret = 0, hit_cnt_fqdn = 0, n_tag_ids = 0; + + struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); + if(cmsg == NULL) + { + return hit_cnt_fqdn; + } + + char opt_val[128]={0}; uint16_t opt_out_size = 0; + int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_FQDN_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if(ret == 0) + { + n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); + if(n_tag_ids == 0) + { + return hit_cnt_fqdn; + } + } + + TFE_LOG_DEBUG(logger, "fetch fqdn tags: %s", opt_val); + struct maat_hit_group hit_group; + for (int i = 0; i < n_tag_ids; i++) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=tag_id_array[i]; + scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, table_id); + if (scan_ret > 0) + { + TFE_LOG_INFO(logger, "Scan Fqdn TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_fqdn], stream->str_stream_info); + hit_cnt_fqdn += scan_ret; + } + else + { + TFE_LOG_INFO(logger, "Scan Fqdn TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); + } + } + return hit_cnt_fqdn; +} + +int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id) +{ + int scan_ret = 0; + int hit_app_id = 0; + size_t n_hit_result = 0; + struct maat_hit_group hit_group; + + struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_APP_ID_DICT), + (const char *)&app_id, sizeof(long long)); + if(app_dict!=NULL) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=app_dict->group_id; + scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, result+hit_cnt+hit_app_id, + MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + hit_app_id += n_hit_result; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_app_id += n_hit_result; + } + app_id_dict_free(app_dict); + } + return hit_app_id; +} + +int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest) +{ + int scan_ret = 0; + int hit_cnt_port = 0; + size_t n_hit_result = 0; + + scan_ret=maat_scan_integer(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), ntohs(source), + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_PORT); + if(scan_ret > 0) + { + hit_cnt_port+=scan_ret; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + + scan_ret=maat_scan_integer(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), ntohs(dest), + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_PORT); + if(scan_ret > 0) + { + hit_cnt_port+=scan_ret; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), + result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_port+=n_hit_result; + } + + return hit_cnt_port; +} + +#define PROTOCOL_TCP_GROUP_ID 6 +int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) +{ + int scan_ret = 0; + int hit_cnt_ip = 0; + size_t n_hit_result = 0; + struct maat_hit_group hit_group; + + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=PROTOCOL_TCP_GROUP_ID; + scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr, ntohs(sapp_addr.v4->source), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v4->daddr, ntohs(sapp_addr.v4->dest), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + return hit_cnt_ip; +} + +int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) +{ + int scan_ret = 0; + int hit_cnt_ip = 0; + size_t n_hit_result = 0; + struct maat_hit_group hit_group; + + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=PROTOCOL_TCP_GROUP_ID; + scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret==MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v6->daddr, ntohs(sapp_addr.v6->dest), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + + return hit_cnt_ip; +} + int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { @@ -78,439 +518,3 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st return hit_cnt_ip; } - -static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id) -{ - size_t n_hit_result=0; - int scan_ret=0, hit_cnt_group=0; - - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, - result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group+=n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_cnt_group, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group+=n_hit_result; - } - return hit_cnt_group; -} - -int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) -{ - int scan_ret = 0; - int hit_cnt_ip = 0; - uint16_t opt_out_size; - unsigned int i=0, group_id_num=0; - uint64_t group_id=0; - uint64_t group_id_val[TFE_SYMBOL_MAX] = {0}; - - struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if(cmsg == NULL) - { - return hit_cnt_ip; - } - - for(i=TFE_CMSG_SRC_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2) - { - scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size); - if (scan_ret == 0) - { - group_id_val[group_id_num] = group_id; - } - group_id_num++; - } - TFE_LOG_DEBUG(logger, "fetch src ip location region_id:%lu, province_id:%lu, city_id:%lu, subdivision_id:%lu, addr: %s", group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info); - struct maat_hit_group hit_group; - for (i = 0; i < group_id_num; i++) - { - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=group_id_val[i]; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_SOURCE_GEO_COUNTRY+i))); - if (scan_ret > 0) - { - TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += scan_ret; - } - else - { - TFE_LOG_INFO(logger, "Scan SRC IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - } - - group_id_num=0; - memset(group_id_val, 0, sizeof(group_id_val)); - for(i=TFE_CMSG_DST_REGION_ID; i <= TFE_CMSG_DST_SUBDIVISION_ID; i+=2) - { - scan_ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)&group_id, sizeof(group_id), &opt_out_size); - if (scan_ret == 0) - { - group_id_val[group_id_num] = group_id; - } - group_id_num++; - } - TFE_LOG_DEBUG(logger, "fetch dst ip location region_id:%lu, province_id:%lu, city_id:%lu, subdivision_id:%lu, addr: %s", group_id_val[0], group_id_val[1], group_id_val[2],group_id_val[3], stream->str_stream_info); - for (i = 0; i < group_id_num; i++) - { - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=group_id_val[i]; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, tfe_bussiness_tableid_get((enum scan_common_table)(PXY_CTRL_DESTINATION_GEO_COUNTRY+i))); - if (scan_ret > 0) - { - TFE_LOG_INFO(logger, "Scan IP_LOCATION, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += scan_ret; - } - else - { - TFE_LOG_INFO(logger, "Scan IP_LOCATION, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - } - return hit_cnt_ip; -} - -int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) -{ - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - uint16_t opt_out_size; - uint64_t src_asn_group_id=0, dst_asn_group_id=0; - - struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if (cmsg != NULL) - { - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_ID, (unsigned char *)&src_asn_group_id, sizeof(src_asn_group_id), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_ID, (unsigned char *)&dst_asn_group_id, sizeof(dst_asn_group_id), &opt_out_size); - if (scan_ret != 0) - { - TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); - } - } - TFE_LOG_DEBUG(logger, "fetch src asn:%lu; dst asn:%lu addr: %s", src_asn_group_id, dst_asn_group_id, stream->str_stream_info); - - struct maat_hit_group hit_group; - if (dst_asn_group_id > 0) - { - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=dst_asn_group_id; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN)); - if (scan_ret > 0) - { - TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s", - dst_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; - } - else - { - TFE_LOG_INFO(logger, "Scan ATTR_DESTINATION_ASN, NO hit asn: %lu scan ret: %d addr: %s", - dst_asn_group_id, scan_ret, stream->str_stream_info); - } - } - if(src_asn_group_id > 0) - { - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=src_asn_group_id; - scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt+hit_cnt_ip, tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN)); - if(scan_ret > 0) - { - TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %lu scan ret: %d policy_id: %lld addr: %s", - src_asn_group_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); - hit_cnt_ip += n_hit_result; - - } - else - { - TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %lu scan ret: %d addr: %s", - src_asn_group_id, scan_ret, stream->str_stream_info); - } - } - - return hit_cnt_ip; -} - -int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id) -{ - int scan_ret = 0; - int hit_app_id = 0; - size_t n_hit_result = 0; - struct maat_hit_group hit_group; - - struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_APP_ID_DICT), - (const char *)&app_id, sizeof(long long)); - if(app_dict!=NULL) - { - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=app_dict->group_id; - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, result+hit_cnt+hit_app_id, - MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); - if(scan_ret==MAAT_SCAN_HIT) - { - hit_app_id += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_app_id += n_hit_result; - } - app_id_dict_free(app_dict); - } - return hit_app_id; -} - -static int get_route_dir(const struct tfe_stream * stream) -{ - uint16_t out_size; - unsigned int route_dir; int ret=0; - - struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); - if (cmsg != NULL) - { - ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); - if (ret != 0) - { - return ret; - } - } - return (route_dir==69) ? 1 : 0; -} - -int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) -{ - int scan_ret = 0; - int table_id=0; - int hit_cnt_ip = 0; - size_t array_size=256; - size_t n_hit_result = 0; - struct maat_hit_group last_hit_groups[256] = {0}; - - int dir_is_e2i = get_route_dir(stream); - if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); - if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); - - size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); - if(n_last_hit_group > 0) - { - maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_ip, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - } - - return hit_cnt_ip; -} - -int tfe_scan_internal_exteral_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) -{ - int scan_ret = 0; - int table_id=0; - int hit_cnt_port = 0; - size_t array_size=256; - size_t n_hit_result = 0; - struct maat_hit_group last_hit_groups[256] = {0}; - - int dir_is_e2i = get_route_dir(stream); - if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); - if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); - - size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); - if(n_last_hit_group > 0) - { - maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); - scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_port, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, - result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port += n_hit_result; - } - } - return hit_cnt_port; -} - -int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest) -{ - int scan_ret = 0; - int hit_cnt_port = 0; - size_t n_hit_result = 0; - - scan_ret=maat_scan_integer(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), ntohs(source), - result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port+=n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 1); - if(scan_ret > 0) - { - hit_cnt_port+=scan_ret; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), - result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port+=n_hit_result; - } - - scan_ret=maat_scan_integer(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), ntohs(dest), - result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port+=n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 0); - if(scan_ret > 0) - { - hit_cnt_port+=scan_ret; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), - result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_port+=n_hit_result; - } - - return hit_cnt_port; -} - -#define PROTOCOL_TCP_GROUP_ID 6 -int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) -{ - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - struct maat_hit_group hit_group; - - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=PROTOCOL_TCP_GROUP_ID; - scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if(scan_ret==MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr, ntohs(sapp_addr.v4->source), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v4->daddr, ntohs(sapp_addr.v4->dest), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - return hit_cnt_ip; -} - -int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) -{ - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - struct maat_hit_group hit_group; - - memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=PROTOCOL_TCP_GROUP_ID; - scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if(scan_ret==MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v6->daddr, ntohs(sapp_addr.v6->dest), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - return hit_cnt_ip; -} \ No newline at end of file diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index f51e9ce..177012d 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -277,14 +277,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http hit_cnt += scan_ret; } - scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger); - if (scan_ret > 0) - { - hit_cnt += scan_ret; - } - - scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger); - if (scan_ret > 0) + scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger); + if(scan_ret>0) { hit_cnt += scan_ret; } @@ -312,6 +306,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http { hit_cnt += n_hit_result; } + + scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt += n_hit_result; + } } // scan addr diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp index 279915c..f099b05 100644 --- a/plugin/business/doh/src/logger.cpp +++ b/plugin/business/doh/src/logger.cpp @@ -292,44 +292,6 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf) return 0; } -static int doh_get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj) -{ - unsigned int i=0, j=0; - char opt_val[128]={0}; uint16_t opt_out_size; - const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"}; - - for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) - { - memset(opt_val, 0, sizeof(opt_val)); - int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); - if (ret == 0) - { - cJSON_AddStringToObject(common_obj, client_geo_area_map[j], opt_val); - } - j++; - } - return 0; -} - -static int doh_get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj) -{ - unsigned int i=0, j=0; - char opt_val[128]={0}; uint16_t opt_out_size; - const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"}; - - for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) - { - memset(opt_val, 0, sizeof(opt_val)); - int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); - if (ret == 0) - { - cJSON_AddStringToObject(common_obj, server_geo_area_map[j], opt_val); - } - j++; - } - return 0; -} - int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host) { unsigned int port; @@ -341,6 +303,29 @@ int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host) return 0; } +int doh_tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val) +{ + if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL) + { + return 0; + } + + char *opt_val_tmp = strdup(opt_val); + cJSON *tags_array = cJSON_CreateArray(); + + char *token = strtok(opt_val_tmp, ","); + while (token != NULL) + { + while (*token == ' ') token++; + cJSON_AddItemToArray(tags_array, cJSON_CreateString(token)); + token = strtok(NULL, ","); + } + cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array); + + FREE(&opt_val_tmp) + return 1; +} + int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, const struct tfe_stream *stream, struct doh_ctx *ctx) { struct doh_maat_rule_t *result = ctx->result; @@ -475,19 +460,26 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c if (cmsg!=NULL) { - uint64_t src_asn=0, dst_asn=0; - ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size); - if (ret == 0) + char opt_val[128]={0}; uint16_t opt_out_size=0; + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0 && strlen(opt_val) > 0) { - cJSON_AddNumberToObject(common_obj, "client_asn", src_asn); + doh_tags_line_to_json_array(common_obj, "client_ip_tags", opt_val); } - ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size); - if (ret == 0) + + memset(opt_val, 0, sizeof(opt_val)); + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0 && strlen(opt_val) > 0) { - cJSON_AddNumberToObject(common_obj, "server_asn", dst_asn); + doh_tags_line_to_json_array(common_obj, "server_ip_tags", opt_val); } - doh_get_ip_client_geolocation(cmsg, common_obj); - doh_get_ip_server_geolocation(cmsg, common_obj); + + memset(opt_val, 0, sizeof(opt_val)); + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0 && strlen(opt_val) > 0) + { + doh_tags_line_to_json_array(common_obj, "server_fqdn_tags", opt_val); + } } add_dns_info_to_log(common_obj, dns_info); diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 9a684ad..3a926d0 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -2720,6 +2720,12 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht { hit_cnt += n_hit_result; } + + scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], g_proxy_rt->local_logger); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt += n_hit_result; + } } const char * str_url = session->req->req_spec.url; @@ -2915,19 +2921,15 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if(scan_ret>0) { - hit_cnt+=scan_ret; - } - scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); - if(scan_ret>0) - { - hit_cnt+=scan_ret; + hit_cnt += scan_ret; } - scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); + scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if(scan_ret>0) { - hit_cnt+=scan_ret; + hit_cnt += scan_ret; } + long long app_id=67; scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID]); if(scan_ret > 0) diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index b3a324b..2a699af 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -110,44 +110,6 @@ struct proxy_logger* proxy_log_handle_create(const char* profile, const char* se return instance; } -static int get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj) -{ - unsigned int i=0, j=0; - char opt_val[128]={0}; uint16_t opt_out_size; - const char *client_geo_area_map[] = {"client_country","client_super_administrative_area","client_administrative_area","client_sub_administrative_area"}; - - for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) - { - memset(opt_val, 0, sizeof(opt_val)); - int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); - if (ret == 0) - { - cJSON_AddStringToObject(per_hit_obj, client_geo_area_map[j], opt_val); - } - j++; - } - return 0; -} - -static int get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj) -{ - unsigned int i=0, j=0; - char opt_val[128]={0}; uint16_t opt_out_size; - const char *server_geo_area_map[] = {"server_country","server_super_administrative_area","server_administrative_area","server_sub_administrative_area"}; - - for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2) - { - memset(opt_val, 0, sizeof(opt_val)); - int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); - if (ret == 0) - { - cJSON_AddStringToObject(per_hit_obj, server_geo_area_map[j], opt_val); - } - j++; - } - return 0; -} - int proxy_add_host_to_object(cJSON *common_obj, const char *req_spec_host) { unsigned int port; @@ -159,6 +121,29 @@ int proxy_add_host_to_object(cJSON *common_obj, const char *req_spec_host) return 0; } +int tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val) +{ + if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL) + { + return 0; + } + + char *opt_val_tmp = strdup(opt_val); + cJSON *tags_array = cJSON_CreateArray(); + + char *token = strtok(opt_val_tmp, ","); + while (token != NULL) + { + while (*token == ' ') token++; + cJSON_AddItemToArray(tags_array, cJSON_CreateString(token)); + token = strtok(NULL, ","); + } + cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array); + + FREE(&opt_val_tmp) + return 1; +} + int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) { const struct tfe_http_session* http=log_msg->http; @@ -412,19 +397,26 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) } if (cmsg!=NULL) { - uint64_t src_asn=0, dst_asn=0; - ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size); - if (ret == 0) - { - cJSON_AddNumberToObject(per_hit_obj, "client_asn", src_asn); - } - ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size); - if (ret == 0) + char opt_val[128]={0}; uint16_t opt_out_size; + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0 && strlen(opt_val) > 0) { - cJSON_AddNumberToObject(per_hit_obj, "server_asn", dst_asn); + tags_line_to_json_array(per_hit_obj, "client_ip_tags", opt_val); + } + + memset(opt_val, 0, sizeof(opt_val)); + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0 && strlen(opt_val) > 0) + { + tags_line_to_json_array(per_hit_obj, "server_ip_tags", opt_val); + } + + memset(opt_val, 0, sizeof(opt_val)); + ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); + if (ret == 0 && strlen(opt_val) > 0) + { + tags_line_to_json_array(per_hit_obj, "server_fqdn_tags", opt_val); } - get_ip_client_geolocation(cmsg, per_hit_obj); - get_ip_server_geolocation(cmsg, per_hit_obj); } log_payload = cJSON_PrintUnformatted(per_hit_obj); diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 2a1e864..d1a99e0 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -111,27 +111,15 @@ "match_method":5, "is_hexbin":6 } - }, - { - "table_id":9, - "table_name":"TSG_OBJ_FQDN_CAT", - "table_type":"interval", - "valid_column":5, - "custom": { - "item_id":1, - "group_id":2, - "low_boundary":3, - "up_boundary":4 - } }, { - "table_id": 10, + "table_id":9, "table_name": "ATTR_SERVER_FQDN", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":12, + "table_id":10, "table_name":"TSG_OBJ_HTTP_SIGNATURE", "table_type":"expr_plus", "valid_column":8, @@ -146,19 +134,19 @@ } }, { - "table_id":13, + "table_id":11, "table_name":"ATTR_HTTP_REQ_HDR", "table_type":"virtual", "physical_table": "TSG_OBJ_HTTP_SIGNATURE" }, { - "table_id":14, + "table_id":12, "table_name":"ATTR_HTTP_RES_HDR", "table_type":"virtual", "physical_table": "TSG_OBJ_HTTP_SIGNATURE" }, { - "table_id":15, + "table_id":13, "table_name":"TSG_OBJ_KEYWORDS", "table_type":"expr", "valid_column":7, @@ -172,19 +160,19 @@ } }, { - "table_id":16, + "table_id":14, "table_name":"ATTR_HTTP_REQ_BODY", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":17, + "table_id":15, "table_name":"ATTR_HTTP_RES_BODY", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":18, + "table_id":16, "table_name":"TSG_OBJ_SUBSCRIBER_ID", "table_type":"expr", "valid_column":7, @@ -198,19 +186,19 @@ } }, { - "table_id":19, + "table_id":17, "table_name":"ATTR_SOURCE_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":20, + "table_id":18, "table_name":"ATTR_DESTINATION_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":21, + "table_id":19, "table_name":"PXY_CACHE_COMPILE", "table_type":"compile", "user_region_encoded":"escape", @@ -222,7 +210,7 @@ } }, { - "table_id":22, + "table_id":20, "table_name":"PXY_CACHE_COMPILE_CONJUNCTION", "db_tables":["PXY_CACHE_COMPILE"], "default_compile_table":1, @@ -236,7 +224,7 @@ } }, { - "table_id":23, + "table_id":21, "table_name":"PXY_CACHE_COMPILE_PLUGIN", "db_tables":["PXY_CACHE_COMPILE"], "table_type":"plugin", @@ -248,7 +236,7 @@ } }, { - "table_id":24, + "table_id":22, "table_name":"PXY_CACHE_GROUP", "table_type":"group2compile", "associated_compile_table_id":0, @@ -262,7 +250,7 @@ } }, { - "table_id":25, + "table_id":23, "table_name":"PXY_CACHE_HTTP_URL", "table_type":"expr", "valid_column":7, @@ -276,7 +264,7 @@ } }, { - "table_id":26, + "table_id":24, "table_name":"PXY_CACHE_HTTP_COOKIE", "table_type":"expr", "valid_column":7, @@ -290,7 +278,7 @@ } }, { - "table_id":27, + "table_id":25, "table_name":"PXY_PROFILE_TRUSTED_CA_CERT", "table_type":"plugin", "valid_column":4, @@ -301,7 +289,7 @@ } }, { - "table_id":28, + "table_id":26, "table_name":"PXY_OBJ_TRUSTED_CA_CRL", "table_type":"plugin", "valid_column":4, @@ -312,7 +300,7 @@ } }, { - "table_id":29, + "table_id":27, "table_name":"TSG_PROFILE_RESPONSE_PAGES", "table_type":"plugin", "valid_column":5, @@ -323,7 +311,7 @@ } }, { - "table_id":30, + "table_id":28, "table_name":"PXY_PROFILE_HIJACK_FILES", "table_type":"plugin", "valid_column":6, @@ -334,7 +322,7 @@ } }, { - "table_id":31, + "table_id":29, "table_name":"PXY_PROFILE_INSERT_SCRIPTS", "table_type":"plugin", "valid_column":6, @@ -345,7 +333,7 @@ } }, { - "table_id":32, + "table_id":30, "table_name":"PXY_INTERCEPT_COMPILE", "table_type":"plugin", "valid_column":9, @@ -355,7 +343,7 @@ } }, { - "table_id":33, + "table_id":31, "table_name":"TSG_PROFILE_TRAFFIC_MIRROR", "table_type":"plugin", "valid_column":4, @@ -365,7 +353,7 @@ } }, { - "table_id":34, + "table_id":32, "table_name":"PXY_PROFILE_DECRYPTION", "table_type":"plugin", "valid_column":4, @@ -375,101 +363,13 @@ } }, { - "table_id":35, - "table_name":"TSG_OBJ_AS_NUMBER", - "table_type":"expr", - "valid_column":7, - "custom": { - "item_id":1, - "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - } - }, - { - "table_id":36, - "table_name":"ATTR_SOURCE_ASN", - "table_type":"virtual", - "physical_table": "TSG_OBJ_AS_NUMBER" - }, - { - "table_id":37, - "table_name":"ATTR_DESTINATION_ASN", - "table_type":"virtual", - "physical_table": "TSG_OBJ_AS_NUMBER" - }, - { - "table_id":38, - "table_name":"TSG_OBJ_GEO_LOCATION", - "table_type":"expr", - "valid_column":7, - "custom": { - "item_id":1, - "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - } - }, - { - "table_id":39, - "table_name":"ATTR_SOURCE_GEO_COUNTRY", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":40, - "table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":41, - "table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":42, - "table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":43, - "table_name":"ATTR_DESTINATION_GEO_COUNTRY", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":44, - "table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":45, - "table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":46, - "table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA", - "table_type":"virtual", - "physical_table": "TSG_OBJ_GEO_LOCATION" - }, - { - "table_id":47, + "table_id":33, "table_name":"ATTR_DOH_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":48, + "table_id":34, "table_name":"PXY_SSL_FINGERPRINT", "table_type":"plugin", "valid_column":4, @@ -479,7 +379,7 @@ } }, { - "table_id":49, + "table_id":35, "table_name":"PXY_PROFILE_RUN_SCRIPTS", "table_type":"plugin", "valid_column":4, @@ -490,7 +390,7 @@ } }, { - "table_id":50, + "table_id":36, "table_name":"PXY_PROFILE_TCP_OPTION", "table_type":"plugin", "valid_column":6, @@ -500,7 +400,7 @@ } }, { - "table_id":51, + "table_id":37, "table_name":"SERVICE_CHAINING_COMPILE", "table_type":"plugin", "valid_column":9, @@ -510,7 +410,7 @@ } }, { - "table_id": 52, + "table_id":38, "table_name": "APP_ID_DICT", "table_type": "plugin", "valid_column": 19, @@ -521,31 +421,31 @@ } }, { - "table_id":53, + "table_id":39, "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" }, { - "table_id":54, + "table_id":40, "table_name":"ATTR_SUBSCRIBER_ID", "table_type":"virtual", "physical_table": "TSG_OBJ_SUBSCRIBER_ID" }, { - "table_id":55, + "table_id":41, "table_name":"ATTR_INTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":56, + "table_id":42, "table_name":"ATTR_EXTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":57, + "table_id":43, "table_name": "TSG_IP_PROTOCOL", "table_type": "plugin", "valid_column": 4, @@ -556,7 +456,7 @@ } }, { - "table_id":58, + "table_id":44, "table_name":"TSG_OBJ_PORT", "table_type":"interval", "valid_column":5, @@ -568,31 +468,31 @@ } }, { - "table_id":59, + "table_id":45, "table_name": "ATTR_SOURCE_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":60, + "table_id":46, "table_name": "ATTR_DESTINATION_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":61, + "table_id":47, "table_name": "ATTR_INTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":62, + "table_id":48, "table_name": "ATTR_EXTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":63, + "table_id":49, "table_name": "ATTR_IP_PROTOCOL", "table_type": "virtual", "physical_table": "TSG_IP_PROTOCOL"