diff --git a/common/include/tfe_scan.h b/common/include/tfe_scan.h index f5baa2b..77d6071 100644 --- a/common/include/tfe_scan.h +++ b/common/include/tfe_scan.h @@ -12,9 +12,5 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str int tfe_scan_fqdn_cat(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger, int table_id); int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, int app_id, int table_id); -int tfe_scan_ipv4_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); -int tfe_scan_ipv6_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); -int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, struct ipaddr sapp_addr); -int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, - int hit_cnt, struct ipaddr sapp_addr); \ No newline at end of file +int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); +int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr); \ No newline at end of file diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index 5d3edcc..1948526 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -341,80 +341,6 @@ int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, return hit_app_id; } -int tfe_scan_ipv4_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) -{ - int table_id=0; - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); - scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); - scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - - return hit_cnt_ip; -} - -int tfe_scan_ipv6_addr(long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) -{ - int table_id=0; - int scan_ret = 0; - int hit_cnt_ip = 0; - size_t n_hit_result = 0; - - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); - scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); - scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, - result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip += n_hit_result; - } - return hit_cnt_ip; -} - static int get_route_dir(const struct tfe_stream * stream) { uint16_t out_size; @@ -429,21 +355,54 @@ static int get_route_dir(const struct tfe_stream * stream) return ret; } } - return (route_dir==69) ? 0 : 1; + return (route_dir==69) ? 1 : 0; } -int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) +int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) +{ + int scan_ret = 0; + int table_id=0; + int hit_cnt_ip = 0; + size_t array_size=256; + size_t n_hit_result = 0; + long long group_id_array[256]={0}; + + int dir_is_e2i = get_route_dir(stream); + int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR"); + int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR"); + + if(c2s == 1) table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id; + if(c2s == 0) table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id; + + size_t n_last_hit_group = maat_state_get_last_hit_group_id_cnt(scan_mid); + if(n_last_hit_group > 0) + { + maat_state_get_last_hit_group_ids(scan_mid, group_id_array, array_size); + scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, group_id_array, array_size, result+hit_cnt+hit_cnt_ip, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } + } + + return hit_cnt_ip; +} + +int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int table_id=0; int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; - int dir_is_e2i = get_route_dir(stream); - int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR"); - int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR"); - - table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id; + table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -456,8 +415,13 @@ int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *resu { hit_cnt_ip += n_hit_result; } + scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } - table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id; + table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) @@ -470,22 +434,23 @@ int tfe_scan_ipv4_internal_addr(const struct tfe_stream *stream, long long *resu { hit_cnt_ip += n_hit_result; } + scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } return hit_cnt_ip; } -int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) +int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int table_id=0; int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; - int dir_is_e2i = get_route_dir(stream); - int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR"); - int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR"); - - table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id; + table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -498,7 +463,13 @@ int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *resu { hit_cnt_ip += n_hit_result; } - table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id; + scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + + table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) @@ -511,5 +482,11 @@ int tfe_scan_ipv6_internal_addr(const struct tfe_stream *stream, long long *resu { hit_cnt_ip += n_hit_result; } + scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); + if(scan_ret > 0) + { + hit_cnt_ip += scan_ret; + } + return hit_cnt_ip; } \ No newline at end of file diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index b6c7ce2..c5e080a 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -325,12 +325,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http doh_addr_tfe2sapp(stream->addr, &sapp_addr); if (sapp_addr.addrtype == ADDR_TYPE_IPV4) { - scan_ret = tfe_scan_ipv4_addr(result, ctx->scan_mid, hit_cnt, sapp_addr); - if (scan_ret > 0) - { - hit_cnt += scan_ret; - } - scan_ret = tfe_scan_ipv4_internal_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); + scan_ret = tfe_scan_ipv4_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); if (scan_ret > 0) { hit_cnt += scan_ret; @@ -338,12 +333,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http } if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { - scan_ret = tfe_scan_ipv6_addr(result, ctx->scan_mid, hit_cnt, sapp_addr); - if (scan_ret > 0) - { - hit_cnt += scan_ret; - } - scan_ret = tfe_scan_ipv6_internal_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); + scan_ret = tfe_scan_ipv6_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); if (scan_ret > 0) { hit_cnt += scan_ret; diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index e2644e2..f44863d 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -3159,12 +3159,7 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ addr_tfe2sapp(stream->addr, &sapp_addr); if (sapp_addr.addrtype == ADDR_TYPE_IPV4) { - scan_ret = tfe_scan_ipv4_addr(result, ctx->scan_mid, hit_cnt, sapp_addr); - if (scan_ret > 0) - { - hit_cnt += scan_ret; - } - scan_ret = tfe_scan_ipv4_internal_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); + scan_ret = tfe_scan_ipv4_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); if (scan_ret > 0) { hit_cnt += scan_ret; @@ -3172,12 +3167,7 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ } if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { - scan_ret = tfe_scan_ipv6_addr(result, ctx->scan_mid, hit_cnt, sapp_addr); - if (scan_ret > 0) - { - hit_cnt += scan_ret; - } - scan_ret = tfe_scan_ipv6_internal_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); + scan_ret = tfe_scan_ipv6_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); if (scan_ret > 0) { hit_cnt += scan_ret; diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index d755449..d2addeb 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -130,14 +130,14 @@ { "table_id": 10, "table_name": "ATTR_HTTP_HOST_VIRTUAL", - "db_tables": ["ATTR_HTTP_HOST", "ATTR_DESTINATION_SERVER_FQDN"], + "db_tables": ["ATTR_HTTP_HOST", "ATTR_SERVER_FQDN"], "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { "table_id": 11, "table_name": "ATTR_HTTP_HOST_CAT_VIRTUAL", - "db_tables": ["ATTR_HTTP_HOST_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "db_tables": ["ATTR_HTTP_HOST_CAT", "ATTR_SERVER_FQDN_CAT"], "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" },