From dd4e2e6d66fcd20b29e6733ef2f10d7c1dfad942 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Wed, 27 Nov 2024 17:26:57 +0800 Subject: [PATCH] TSG-23925 Supports scanning of source_zone and destination_zone, and removes internal and external --- common/include/tfe_resource.h | 22 --- common/include/tfe_scan.h | 1 + common/src/tfe_resource.cpp | 5 - common/src/tfe_scan.cpp | 160 ++++++---------------- plugin/business/doh/src/doh.cpp | 5 + plugin/business/tsg-http/src/tsg_http.cpp | 6 + resource/pangu/table_info.conf | 5 + 7 files changed, 58 insertions(+), 146 deletions(-) diff --git a/common/include/tfe_resource.h b/common/include/tfe_resource.h index a35e5cf..2a25474 100644 --- a/common/include/tfe_resource.h +++ b/common/include/tfe_resource.h @@ -38,29 +38,7 @@ struct library_tag_ctx void app_id_dict_free(struct app_id_dict *app_dict); void library_tag_free(struct library_tag_ctx *library_tags); -enum scan_common_table -{ - PXY_CTRL_SOURCE_IP, - PXY_CTRL_DESTINATION_IP, - PXY_CTRL_INTERNAL_IP, - PXY_CTRL_EXTERNAL_IP, - PXY_CTRL_SOURCE_PORT, - PXY_CTRL_DESTINATION_PORT, - PXY_CTRL_INTERNAL_PORT, - PXY_CTRL_EXTERNAL_PORT, - PXY_CTRL_IP_PROTOCOL, - PXY_CTRL_SUBSCRIBER_ID, - PXY_CTRL_APP_ID_DICT, - PXY_CTRL_LIBRARY_TAG, - PXY_CTRL_IMSI, - PXY_CTRL_APN, - PXY_CTRL_PHONE_NUMBER, - PXY_CTRL_GTP_IMEI, - __SCAN_COMMON_TABLE_MAX -}; - int tfe_env_init(); -int tfe_bussiness_tableid_get(enum scan_common_table type); int tfe_get_vsys_id(); const char *tfe_get_device_id(); diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index 67a6740..1669c0b 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -12,5 +12,6 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest); int tfe_scan_device(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, void *logger); +int tfe_scan_zone(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt); int tfe_get_library_tags(const struct tfe_stream *stream, cJSON *common_obj, tfe_cmsg_tlv_type tlv_type, const char *tag_key); diff --git a/common/src/tfe_resource.cpp b/common/src/tfe_resource.cpp index 881ef1a..381b6c9 100644 --- a/common/src/tfe_resource.cpp +++ b/common/src/tfe_resource.cpp @@ -9,7 +9,6 @@ #define MAAT_INPUT_JSON 0 #define MAAT_INPUT_REDIS 1 -static int scan_table_id[__SCAN_COMMON_TABLE_MAX]; static struct tfe_fieldstat_easy_t *fieldstat4_easy = NULL; static char *device_tag=NULL; @@ -454,7 +453,3 @@ int tfe_env_init() return 0; } -int tfe_bussiness_tableid_get(enum scan_common_table type) -{ - return scan_table_id[type]; -} \ No newline at end of file diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index ebd9fe7..5dc0bff 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -40,85 +40,6 @@ static int get_route_dir(const struct tfe_stream * stream) return (route_dir==69) ? 1 : 0; } -const char *get_filed_name(const struct tfe_stream *stream, enum scan_common_table table_type) -{ - int c2s = 0; - const char *filed_name=NULL; - int dir_is_e2i = get_route_dir(stream); - - if (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP || table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) - { - c2s = (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_SOURCE_PORT) ? 1 : 0; - - if(table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP) - { - filed_name = (c2s == dir_is_e2i) ? "INTERNAL_IP" : "EXTERNAL_IP"; - } - if(table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) - { - filed_name = (c2s == dir_is_e2i) ? "INTERNAL_PORT" : "EXTERNAL_PORT"; - } - } - return filed_name; -} - -const char *get_table_name(const struct tfe_stream *stream, enum scan_common_table table_type) -{ - const char *table_name=NULL; - switch (table_type) - { - case PXY_CTRL_SOURCE_IP: - case PXY_CTRL_DESTINATION_IP: - table_name = "TSG_OBJ_IP_ADDR"; - break; - case PXY_CTRL_SOURCE_PORT: - case PXY_CTRL_DESTINATION_PORT: - table_name = "TSG_OBJ_PORT"; - break; - default: - break; - } - return table_name; -} - -int tfe_scan_internal_exteral_by_last_group(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, enum scan_common_table table_type) -{ - size_t array_size=256, n_hit_result = 0; - int hit_cnt_group = 0, scan_ret = 0; - struct maat_hit_object last_hit_objects[256] = {0}; - - const char *table_name = get_table_name(stream, table_type); - if(table_name == NULL) - { - return hit_cnt_group; - } - - const char *filed_name = get_filed_name(stream, table_type); - if(filed_name == NULL) - { - return hit_cnt_group; - } - - size_t n_last_hit_object = maat_state_get_last_hit_object_cnt(scan_mid); - if(n_last_hit_object > 0) - { - maat_state_get_last_hit_objects(scan_mid, last_hit_objects, array_size); - scan_ret = maat_scan_object(tfe_get_maat_handle(), table_name, filed_name, last_hit_objects, array_size, result+hit_cnt+hit_cnt_group, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group += n_hit_result; - } - scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_name, filed_name, - result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group += n_hit_result; - } - } - return hit_cnt_group; -} - int tfe_get_entry_tags(const struct tfe_stream * stream, enum tfe_cmsg_tlv_type tlv_type, uuid_t *opt_val) { int n_tag_ids = 0; @@ -240,11 +161,6 @@ int tfe_scan_ip_tags(const struct tfe_stream *stream, uuid_t *result, struct maa { TFE_LOG_INFO(logger, "Scan Src TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; - } } memset(opt_val, 0, sizeof(opt_val)); @@ -273,11 +189,6 @@ int tfe_scan_ip_tags(const struct tfe_stream *stream, uuid_t *result, struct maa { TFE_LOG_INFO(logger, "Scan Dst TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; - } } return hit_cnt_ip; } @@ -420,11 +331,6 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_PORT); - if(scan_ret > 0) - { - hit_cnt_port+=scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_PORT", "SOURCE_PORT", result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); @@ -438,11 +344,6 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_PORT); - if(scan_ret > 0) - { - hit_cnt_port+=scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_PORT", "DESTINATION_PORT", result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); @@ -454,6 +355,47 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s return hit_cnt_port; } +#define INTERNAL_ZONE_OBJECT_UUID "00000000-0000-0000-0000-000000000008" +#define EXTERNAL_ZONE_OBJECT_UUID "00000000-0000-0000-0000-000000000009" +int tfe_scan_zone(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt) +{ + int scan_ret = 0; + int hit_cnt_zone = 0; + struct maat_hit_object source_zone_objects, dest_zone_objects; + + uuid_t internal_objects_uuid; + const char *internal_objects_uuid_str = INTERNAL_ZONE_OBJECT_UUID; + uuid_parse(internal_objects_uuid_str, internal_objects_uuid); + + uuid_t external_objects_uuid; + const char *external_objects_uuid_str = EXTERNAL_ZONE_OBJECT_UUID; + uuid_parse(external_objects_uuid_str, external_objects_uuid); + + if(get_route_dir(stream)) + { + uuid_copy(source_zone_objects.object_uuid, internal_objects_uuid); + uuid_copy(dest_zone_objects.object_uuid, external_objects_uuid); + } + else + { + uuid_copy(source_zone_objects.object_uuid, external_objects_uuid); + uuid_copy(dest_zone_objects.object_uuid, internal_objects_uuid); + } + + scan_ret = scan_object(result, scan_mid, hit_cnt, source_zone_objects, "TSG_OBJ_ZONE", "SOURCE_ZONE"); + if (scan_ret > 0) + { + hit_cnt_zone += scan_ret; + } + + scan_ret = scan_object(result, scan_mid, hit_cnt, source_zone_objects, "TSG_OBJ_ZONE", "DESTINATION_ZONE"); + if (scan_ret > 0) + { + hit_cnt_zone += scan_ret; + } + return hit_cnt_zone; +} + #define PROTOCOL_TCP_UUID_ID "00000000-0000-0000-0000-000000000006" int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { @@ -485,11 +427,6 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); @@ -503,11 +440,6 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); @@ -548,11 +480,6 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct m if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); @@ -566,11 +493,6 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct m if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; - } - scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); - if(scan_ret > 0) - { - hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index 17b55e0..dc91fcd 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -353,6 +353,11 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http { hit_cnt += scan_ret; } + scan_ret = tfe_scan_zone(stream, result, ctx->scan_mid, hit_cnt); + if(scan_ret > 0) + { + hit_cnt += scan_ret; + } // scan qname scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "DOH_QNAME", qname, strlen(qname), diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index ab5de9f..d059355 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -3073,6 +3073,12 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ hit_cnt += scan_ret; } + scan_ret = tfe_scan_zone(stream, ctx->result, ctx->scan_mid, hit_cnt); + if(scan_ret > 0) + { + hit_cnt += scan_ret; + } + addr_tfe2sapp(stream->addr, &sapp_addr); if (sapp_addr.addrtype == ADDR_TYPE_IPV4) { diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 33551ef..12362c5 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -246,5 +246,10 @@ "table_id":33, "table_name":"TSG_OBJ_IMEI", "table_type":"expr" + }, + { + "table_id": 34, + "table_name": "TSG_OBJ_ZONE", + "table_type": "expr" } ] \ No newline at end of file