TSG-23925 Supports scanning of source_zone and destination_zone, and removes internal and external

common/include/tfe_resource.h

@@ -38,29 +38,7 @@ struct library_tag_ctx
 void app_id_dict_free(struct app_id_dict *app_dict);
 void library_tag_free(struct library_tag_ctx *library_tags);
 
-enum scan_common_table
-{
-	PXY_CTRL_SOURCE_IP,
-	PXY_CTRL_DESTINATION_IP,
-	PXY_CTRL_INTERNAL_IP,
-	PXY_CTRL_EXTERNAL_IP,
-	PXY_CTRL_SOURCE_PORT,
-	PXY_CTRL_DESTINATION_PORT,
-	PXY_CTRL_INTERNAL_PORT,
-	PXY_CTRL_EXTERNAL_PORT,
-	PXY_CTRL_IP_PROTOCOL,
-    PXY_CTRL_SUBSCRIBER_ID,
-    PXY_CTRL_APP_ID_DICT,
-	PXY_CTRL_LIBRARY_TAG,
-	PXY_CTRL_IMSI,
-	PXY_CTRL_APN,
-	PXY_CTRL_PHONE_NUMBER,
-	PXY_CTRL_GTP_IMEI,
-	__SCAN_COMMON_TABLE_MAX
-};
-
 int tfe_env_init();
-int tfe_bussiness_tableid_get(enum scan_common_table type);
 
 int tfe_get_vsys_id();
 const char *tfe_get_device_id();

common/include/tfe_scan.h

@@ -12,5 +12,6 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m
 int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr);
 int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest);
 int tfe_scan_device(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, void *logger);
+int tfe_scan_zone(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt);
 
 int tfe_get_library_tags(const struct tfe_stream *stream, cJSON *common_obj, tfe_cmsg_tlv_type tlv_type, const char *tag_key);

common/src/tfe_resource.cpp

@@ -9,7 +9,6 @@
 #define MAAT_INPUT_JSON 0
 #define MAAT_INPUT_REDIS 1
 
-static int scan_table_id[__SCAN_COMMON_TABLE_MAX];
 static struct tfe_fieldstat_easy_t *fieldstat4_easy = NULL;
 static char *device_tag=NULL;
 
@@ -454,7 +453,3 @@ int tfe_env_init()
 	return 0;
 }
 
-int tfe_bussiness_tableid_get(enum scan_common_table type)
-{
-	return scan_table_id[type];
-}

common/src/tfe_scan.cpp

@@ -40,85 +40,6 @@ static int get_route_dir(const struct tfe_stream * stream)
 	return (route_dir==69) ? 1 : 0;
 }
 
-const char *get_filed_name(const struct tfe_stream *stream, enum scan_common_table table_type)
-{
-    int c2s = 0;
-    const char *filed_name=NULL;
-    int dir_is_e2i = get_route_dir(stream);
-
-    if (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP || table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT)
-    {
-        c2s = (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_SOURCE_PORT) ? 1 : 0;
-
-        if(table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP)
-        {
-            filed_name = (c2s == dir_is_e2i) ? "INTERNAL_IP" : "EXTERNAL_IP";
-        }
-        if(table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT)
-        {
-            filed_name = (c2s == dir_is_e2i) ? "INTERNAL_PORT" : "EXTERNAL_PORT";
-        }
-    }
-    return filed_name;
-}
-
-const char *get_table_name(const struct tfe_stream *stream, enum scan_common_table table_type)
-{
-    const char *table_name=NULL;
-    switch (table_type)
-    {
-        case PXY_CTRL_SOURCE_IP:
-        case PXY_CTRL_DESTINATION_IP:
-            table_name = "TSG_OBJ_IP_ADDR";
-            break;
-        case PXY_CTRL_SOURCE_PORT:
-        case PXY_CTRL_DESTINATION_PORT:
-            table_name = "TSG_OBJ_PORT";
-            break;
-        default:
-            break;
-    }
-    return table_name;
-}
-
-int tfe_scan_internal_exteral_by_last_group(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, enum scan_common_table table_type)
-{
-    size_t array_size=256, n_hit_result = 0;
-    int hit_cnt_group = 0, scan_ret = 0;
-    struct maat_hit_object last_hit_objects[256] = {0};
-
-    const char *table_name = get_table_name(stream, table_type);
-    if(table_name == NULL)
-    {
-        return hit_cnt_group;
-    }
-
-    const char *filed_name = get_filed_name(stream, table_type);
-    if(filed_name == NULL)
-    {
-        return hit_cnt_group;
-    }
-
-    size_t n_last_hit_object = maat_state_get_last_hit_object_cnt(scan_mid);
-    if(n_last_hit_object > 0)
-    {
-        maat_state_get_last_hit_objects(scan_mid, last_hit_objects, array_size);
-        scan_ret = maat_scan_object(tfe_get_maat_handle(), table_name, filed_name, last_hit_objects, array_size, result+hit_cnt+hit_cnt_group,
-                             MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid);
-        if(scan_ret == MAAT_SCAN_HIT)
-        {
-            hit_cnt_group += n_hit_result;
-        }
-        scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_name, filed_name,
-                                       result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid);
-        if (scan_ret == MAAT_SCAN_HIT)
-        {
-            hit_cnt_group += n_hit_result;
-        }
-    }
-    return hit_cnt_group;
-}
-
 int tfe_get_entry_tags(const struct tfe_stream * stream, enum tfe_cmsg_tlv_type tlv_type, uuid_t *opt_val)
 {
     int n_tag_ids = 0;
@@ -240,11 +161,6 @@ int tfe_scan_ip_tags(const struct tfe_stream *stream, uuid_t *result, struct maa
         {
             TFE_LOG_INFO(logger, "Scan Src TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info);
         }
-        scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP);
-        if(scan_ret > 0)
-        {
-            hit_cnt_ip += scan_ret;
-        }
     }
 
     memset(opt_val, 0, sizeof(opt_val));
@@ -273,11 +189,6 @@ int tfe_scan_ip_tags(const struct tfe_stream *stream, uuid_t *result, struct maa
         {
             TFE_LOG_INFO(logger, "Scan Dst TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info);
         }
-        scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP);
-        if(scan_ret > 0)
-        {
-            hit_cnt_ip += scan_ret;
-        }
     }
     return hit_cnt_ip;
 }
@@ -420,11 +331,6 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s
     if(scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_port+=n_hit_result;
-    }
-    scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_PORT);
-    if(scan_ret > 0)
-    {
-        hit_cnt_port+=scan_ret;
     }
 	scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_PORT", "SOURCE_PORT",
                                       result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
@@ -438,11 +344,6 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s
     if(scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_port+=n_hit_result;
-    }
-    scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_PORT);
-    if(scan_ret > 0)
-    {
-        hit_cnt_port+=scan_ret;
     }
 	scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_PORT", "DESTINATION_PORT", result+hit_cnt+hit_cnt_port,
                                    MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
@@ -454,6 +355,47 @@ int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_s
     return hit_cnt_port;
 }
 
+#define INTERNAL_ZONE_OBJECT_UUID	"00000000-0000-0000-0000-000000000008"
+#define EXTERNAL_ZONE_OBJECT_UUID	"00000000-0000-0000-0000-000000000009"
+int tfe_scan_zone(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt)
+{
+	int scan_ret = 0;
+	int hit_cnt_zone = 0;
+	struct maat_hit_object source_zone_objects, dest_zone_objects;
+
+	uuid_t internal_objects_uuid;
+	const char *internal_objects_uuid_str = INTERNAL_ZONE_OBJECT_UUID;
+	uuid_parse(internal_objects_uuid_str, internal_objects_uuid);
+
+	uuid_t external_objects_uuid;
+	const char *external_objects_uuid_str = EXTERNAL_ZONE_OBJECT_UUID;
+	uuid_parse(external_objects_uuid_str, external_objects_uuid);
+
+	if(get_route_dir(stream))
+	{
+		uuid_copy(source_zone_objects.object_uuid, internal_objects_uuid);
+		uuid_copy(dest_zone_objects.object_uuid, external_objects_uuid);
+	}
+	else
+	{
+		uuid_copy(source_zone_objects.object_uuid, external_objects_uuid);
+		uuid_copy(dest_zone_objects.object_uuid, internal_objects_uuid);
+	}
+
+    scan_ret = scan_object(result, scan_mid, hit_cnt, source_zone_objects, "TSG_OBJ_ZONE", "SOURCE_ZONE");
+    if (scan_ret > 0)
+    {
+		hit_cnt_zone += scan_ret;
+    }
+
+	scan_ret = scan_object(result, scan_mid, hit_cnt, source_zone_objects, "TSG_OBJ_ZONE", "DESTINATION_ZONE");
+	if (scan_ret > 0)
+	{
+		hit_cnt_zone += scan_ret;
+	}
+	return hit_cnt_zone;
+}
+
 #define PROTOCOL_TCP_UUID_ID "00000000-0000-0000-0000-000000000006"
 int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
 {
@@ -485,11 +427,6 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m
     if (scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_ip += n_hit_result;
-    }
-    scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP);
-    if(scan_ret > 0)
-    {
-        hit_cnt_ip += scan_ret;
     }
 	scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", result+hit_cnt+hit_cnt_ip,
                                    MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
@@ -503,11 +440,6 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m
     if(scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_ip += n_hit_result;
-    }
-    scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP);
-    if(scan_ret > 0)
-    {
-        hit_cnt_ip += scan_ret;
     }
 	scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP",
 								  result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
@@ -548,11 +480,6 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct m
     if (scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_ip += n_hit_result;
-    }
-    scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP);
-    if(scan_ret > 0)
-    {
-        hit_cnt_ip += scan_ret;
     }
 	scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP",
                                   result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
@@ -566,11 +493,6 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct m
     if (scan_ret == MAAT_SCAN_HIT)
     {
         hit_cnt_ip += n_hit_result;
-    }
-    scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP);
-    if(scan_ret > 0)
-    {
-        hit_cnt_ip += scan_ret;
     }
 	scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP",
                                    result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);

plugin/business/doh/src/doh.cpp

@@ -353,6 +353,11 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
 	{
 		hit_cnt += scan_ret;
 	}
+	scan_ret = tfe_scan_zone(stream, result, ctx->scan_mid, hit_cnt);
+	if(scan_ret > 0)
+	{
+		hit_cnt += scan_ret;
+	}
 
 	// scan qname
 	scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "DOH_QNAME", qname, strlen(qname),

plugin/business/tsg-http/src/tsg_http.cpp

@@ -3073,6 +3073,12 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_
 		hit_cnt += scan_ret;
 	}
 
+	scan_ret = tfe_scan_zone(stream, ctx->result, ctx->scan_mid, hit_cnt);
+	if(scan_ret > 0)
+	{
+		hit_cnt += scan_ret;
+	}
+
 	addr_tfe2sapp(stream->addr, &sapp_addr);
 	if (sapp_addr.addrtype == ADDR_TYPE_IPV4)
 	{

resource/pangu/table_info.conf

@@ -246,5 +246,10 @@
         "table_id":33,
         "table_name":"TSG_OBJ_IMEI",
         "table_type":"expr"
+    },
+    {
+        "table_id": 34,
+        "table_name": "TSG_OBJ_ZONE",
+        "table_type": "expr"
     }
 ]