gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-22093 Manipulation支持Library Tag相关策略的扫描与日志发送

Browse Source
This commit is contained in:
fengweihao
2024-08-16 11:57:20 +08:00
parent 88e6b0ae9b
commit c2c20d3310
9 changed files with 585 additions and 714 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugin/business/doh/src/doh.cpp
View File

@@ -277,14 +277,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
hit_cnt += scan_ret;
}
scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
if (scan_ret > 0)
{
hit_cnt += scan_ret;
}
scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
if (scan_ret > 0)
scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
if(scan_ret>0)
{
hit_cnt += scan_ret;
}
@@ -312,6 +306,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
{
hit_cnt += n_hit_result;
}
scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
}
// scan addr

86
plugin/business/doh/src/logger.cpp
View File

@@ -292,44 +292,6 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf)
return 0;
}
static int doh_get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
{
unsigned int i=0, j=0;
char opt_val[128]={0}; uint16_t opt_out_size;
const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"};
for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
{
memset(opt_val, 0, sizeof(opt_val));
int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0)
{
cJSON_AddStringToObject(common_obj, client_geo_area_map[j], opt_val);
}
j++;
}
return 0;
}
static int doh_get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
{
unsigned int i=0, j=0;
char opt_val[128]={0}; uint16_t opt_out_size;
const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"};
for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
{
memset(opt_val, 0, sizeof(opt_val));
int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0)
{
cJSON_AddStringToObject(common_obj, server_geo_area_map[j], opt_val);
}
j++;
}
return 0;
}
int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
{
unsigned int port;
@@ -341,6 +303,29 @@ int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
return 0;
}
int doh_tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val)
{
if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
{
return 0;
}
char *opt_val_tmp = strdup(opt_val);
cJSON *tags_array = cJSON_CreateArray();
char *token = strtok(opt_val_tmp, ",");
while (token != NULL)
{
while (*token == ' ') token++;
cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
token = strtok(NULL, ",");
}
cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
FREE(&opt_val_tmp)
return 1;
}
int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, const struct tfe_stream *stream, struct doh_ctx *ctx)
{
struct doh_maat_rule_t *result = ctx->result;
@@ -475,19 +460,26 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c
if (cmsg!=NULL)
{
uint64_t src_asn=0, dst_asn=0;
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
if (ret == 0)
char opt_val[128]={0}; uint16_t opt_out_size=0;
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0 && strlen(opt_val) > 0)
{
cJSON_AddNumberToObject(common_obj, "client_asn", src_asn);
doh_tags_line_to_json_array(common_obj, "client_ip_tags", opt_val);
}
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
if (ret == 0)
memset(opt_val, 0, sizeof(opt_val));
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0 && strlen(opt_val) > 0)
{
cJSON_AddNumberToObject(common_obj, "server_asn", dst_asn);
doh_tags_line_to_json_array(common_obj, "server_ip_tags", opt_val);
}
doh_get_ip_client_geolocation(cmsg, common_obj);
doh_get_ip_server_geolocation(cmsg, common_obj);
memset(opt_val, 0, sizeof(opt_val));
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0 && strlen(opt_val) > 0)
{
doh_tags_line_to_json_array(common_obj, "server_fqdn_tags", opt_val);
}
}
add_dns_info_to_log(common_obj, dns_info);

18
plugin/business/tsg-http/src/tsg_http.cpp
View File

@@ -2720,6 +2720,12 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht
{
hit_cnt += n_hit_result;
}
scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], g_proxy_rt->local_logger);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt += n_hit_result;
}
}
const char * str_url = session->req->req_spec.url;
@@ -2915,19 +2921,15 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_
scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
if(scan_ret>0)
{
hit_cnt+=scan_ret;
}
scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
if(scan_ret>0)
{
hit_cnt+=scan_ret;
hit_cnt += scan_ret;
}
scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger);
if(scan_ret>0)
{
hit_cnt+=scan_ret;
hit_cnt += scan_ret;
}
long long app_id=67;
scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID]);
if(scan_ret > 0)

90
plugin/business/tsg-http/src/tsg_logger.cpp
View File

@@ -110,44 +110,6 @@ struct proxy_logger* proxy_log_handle_create(const char* profile, const char* se
return instance;
}
static int get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
{
unsigned int i=0, j=0;
char opt_val[128]={0}; uint16_t opt_out_size;
const char *client_geo_area_map[] = {"client_country","client_super_administrative_area","client_administrative_area","client_sub_administrative_area"};
for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
{
memset(opt_val, 0, sizeof(opt_val));
int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0)
{
cJSON_AddStringToObject(per_hit_obj, client_geo_area_map[j], opt_val);
}
j++;
}
return 0;
}
static int get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *per_hit_obj)
{
unsigned int i=0, j=0;
char opt_val[128]={0}; uint16_t opt_out_size;
const char *server_geo_area_map[] = {"server_country","server_super_administrative_area","server_administrative_area","server_sub_administrative_area"};
for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
{
memset(opt_val, 0, sizeof(opt_val));
int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0)
{
cJSON_AddStringToObject(per_hit_obj, server_geo_area_map[j], opt_val);
}
j++;
}
return 0;
}
int proxy_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
{
unsigned int port;
@@ -159,6 +121,29 @@ int proxy_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
return 0;
}
int tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val)
{
if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
{
return 0;
}
char *opt_val_tmp = strdup(opt_val);
cJSON *tags_array = cJSON_CreateArray();
char *token = strtok(opt_val_tmp, ",");
while (token != NULL)
{
while (*token == ' ') token++;
cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
token = strtok(NULL, ",");
}
cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
FREE(&opt_val_tmp)
return 1;
}
int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
{
const struct tfe_http_session* http=log_msg->http;
@@ -412,19 +397,26 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg)
}
if (cmsg!=NULL)
{
uint64_t src_asn=0, dst_asn=0;
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
if (ret == 0)
{
cJSON_AddNumberToObject(per_hit_obj, "client_asn", src_asn);
}
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
if (ret == 0)
char opt_val[128]={0}; uint16_t opt_out_size;
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0 && strlen(opt_val) > 0)
{
cJSON_AddNumberToObject(per_hit_obj, "server_asn", dst_asn);
tags_line_to_json_array(per_hit_obj, "client_ip_tags", opt_val);
}
memset(opt_val, 0, sizeof(opt_val));
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0 && strlen(opt_val) > 0)
{
tags_line_to_json_array(per_hit_obj, "server_ip_tags", opt_val);
}
memset(opt_val, 0, sizeof(opt_val));
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
if (ret == 0 && strlen(opt_val) > 0)
{
tags_line_to_json_array(per_hit_obj, "server_fqdn_tags", opt_val);
}
get_ip_client_geolocation(cmsg, per_hit_obj);
get_ip_server_geolocation(cmsg, per_hit_obj);
}
log_payload = cJSON_PrintUnformatted(per_hit_obj);