TSG-22093 Manipulation支持Library Tag相关策略的扫描与日志发送
This commit is contained in:
fengweihao
@@ -277,14 +277,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
|
||||
hit_cnt += scan_ret;
|
||||
}
|
||||
|
||||
scan_ret = tfe_scan_ip_location(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
|
||||
if (scan_ret > 0)
|
||||
{
|
||||
hit_cnt += scan_ret;
|
||||
}
|
||||
|
||||
scan_ret = tfe_scan_ip_asn(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
|
||||
if (scan_ret > 0)
|
||||
scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger);
|
||||
if(scan_ret>0)
|
||||
{
|
||||
hit_cnt += scan_ret;
|
||||
}
|
||||
@@ -312,6 +306,12 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
|
||||
{
|
||||
hit_cnt += n_hit_result;
|
||||
}
|
||||
|
||||
scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt += n_hit_result;
|
||||
}
|
||||
}
|
||||
|
||||
// scan addr
|
||||
|
||||
@@ -292,44 +292,6 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int doh_get_ip_client_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
|
||||
{
|
||||
unsigned int i=0, j=0;
|
||||
char opt_val[128]={0}; uint16_t opt_out_size;
|
||||
const char *client_geo_area_map[] = {"client_country","client_province","client_city","client_subdivision"};
|
||||
|
||||
for(i=TFE_CMSG_SRC_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
|
||||
{
|
||||
memset(opt_val, 0, sizeof(opt_val));
|
||||
int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
|
||||
if (ret == 0)
|
||||
{
|
||||
cJSON_AddStringToObject(common_obj, client_geo_area_map[j], opt_val);
|
||||
}
|
||||
j++;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int doh_get_ip_server_geolocation(struct tfe_cmsg * cmsg, cJSON *common_obj)
|
||||
{
|
||||
unsigned int i=0, j=0;
|
||||
char opt_val[128]={0}; uint16_t opt_out_size;
|
||||
const char *server_geo_area_map[] = {"server_country","server_province","server_city","server_subdivision"};
|
||||
|
||||
for(i=TFE_CMSG_DST_REGION_STR; i <= TFE_CMSG_DST_SUBDIVISION_STR; i+=2)
|
||||
{
|
||||
memset(opt_val, 0, sizeof(opt_val));
|
||||
int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)i, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
|
||||
if (ret == 0)
|
||||
{
|
||||
cJSON_AddStringToObject(common_obj, server_geo_area_map[j], opt_val);
|
||||
}
|
||||
j++;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
|
||||
{
|
||||
unsigned int port;
|
||||
@@ -341,6 +303,29 @@ int doh_add_host_to_object(cJSON *common_obj, const char *req_spec_host)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int doh_tags_line_to_json_array(cJSON *per_hit_obj, const char *tags_key, char *opt_val)
|
||||
{
|
||||
if(per_hit_obj == NULL || tags_key == NULL || opt_val == NULL)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
char *opt_val_tmp = strdup(opt_val);
|
||||
cJSON *tags_array = cJSON_CreateArray();
|
||||
|
||||
char *token = strtok(opt_val_tmp, ",");
|
||||
while (token != NULL)
|
||||
{
|
||||
while (*token == ' ') token++;
|
||||
cJSON_AddItemToArray(tags_array, cJSON_CreateString(token));
|
||||
token = strtok(NULL, ",");
|
||||
}
|
||||
cJSON_AddItemToObject(per_hit_obj, tags_key, tags_array);
|
||||
|
||||
FREE(&opt_val_tmp)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, const struct tfe_stream *stream, struct doh_ctx *ctx)
|
||||
{
|
||||
struct doh_maat_rule_t *result = ctx->result;
|
||||
@@ -475,19 +460,26 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c
|
||||
|
||||
if (cmsg!=NULL)
|
||||
{
|
||||
uint64_t src_asn=0, dst_asn=0;
|
||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN_VAL, (unsigned char *)&src_asn, sizeof(src_asn), &opt_out_size);
|
||||
if (ret == 0)
|
||||
char opt_val[128]={0}; uint16_t opt_out_size=0;
|
||||
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)64, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
|
||||
if (ret == 0 && strlen(opt_val) > 0)
|
||||
{
|
||||
cJSON_AddNumberToObject(common_obj, "client_asn", src_asn);
|
||||
doh_tags_line_to_json_array(common_obj, "client_ip_tags", opt_val);
|
||||
}
|
||||
ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN_VAL, (unsigned char *)&dst_asn, sizeof(dst_asn), &opt_out_size);
|
||||
if (ret == 0)
|
||||
|
||||
memset(opt_val, 0, sizeof(opt_val));
|
||||
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)65, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
|
||||
if (ret == 0 && strlen(opt_val) > 0)
|
||||
{
|
||||
cJSON_AddNumberToObject(common_obj, "server_asn", dst_asn);
|
||||
doh_tags_line_to_json_array(common_obj, "server_ip_tags", opt_val);
|
||||
}
|
||||
doh_get_ip_client_geolocation(cmsg, common_obj);
|
||||
doh_get_ip_server_geolocation(cmsg, common_obj);
|
||||
|
||||
memset(opt_val, 0, sizeof(opt_val));
|
||||
ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)63, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size);
|
||||
if (ret == 0 && strlen(opt_val) > 0)
|
||||
{
|
||||
doh_tags_line_to_json_array(common_obj, "server_fqdn_tags", opt_val);
|
||||
}
|
||||
}
|
||||
|
||||
add_dns_info_to_log(common_obj, dns_info);
|
||||
|
||||
Reference in New Issue
Block a user