gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG Master 共享部分扫描结果给 TFE

Browse Source 
*	TSG-2847 - TFE 新增 cmsg 共享 TSG Master 的扫描结果
*	TSG-2851 - Pangu 从 cmsg 获取 TSG Master 的扫描结果
*	TSG-2852 - DOH   从 cmsg 获取 TSG Master 的扫描结果
*	TSG-2849 - TFE DOH 功能支持 SUBID
*	合并 pangu/doh 的 maat scan 的代码为 tfe_scan
This commit is contained in:
luwenpeng
2020-08-10 18:13:44 +08:00
parent ddb1ccba12
commit fbc7b5a715
16 changed files with 351 additions and 718 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
common/src/tfe_resource.cpp
View File

@@ -1,10 +1,9 @@
#include <tfe_utils.h>
#include <tfe_resource.h>
#include <tfe_proxy.h>
#include <tfe_kafka_logger.h>
#include <cjson/cJSON.h>
#include <MESA/Maat_rule.h>
#include <MESA/MESA_prof_load.h>
#include <MESA/Maat_rule.h>
#include <cjson/cJSON.h>
#include <tfe_kafka_logger.h>
#include <tfe_proxy.h>
#include <tfe_resource.h>
#define MAAT_INPUT_JSON 0
#define MAAT_INPUT_REDIS 1
@@ -13,13 +12,12 @@
struct maat_table_info
{
int id;
char *name;
const char *name;
Maat_plugin_EX_new_func_t *new_func;
Maat_plugin_EX_dup_func_t *dup_func;
Maat_plugin_EX_free_func_t *free_func;
};
static Maat_feather_t static_maat = NULL;
static Maat_feather_t dynamic_maat = NULL;
static tfe_kafka_logger_t *kafka_logger = NULL;
static char *device_id = NULL;
@@ -32,7 +30,7 @@ static Maat_feather_t create_maat_feather(const char *instance_name, const char
char redis_server[TFE_STRING_MAX] = {0};
char redis_port_range[TFE_STRING_MAX] = {0};
char accept_tags[TFE_STRING_MAX] = {0};
char accept_path[TFE_PATH_MAX]={0};
char accept_path[TFE_PATH_MAX] = {0};
int redis_port_begin = 0, redis_port_end = 0;
int redis_port_select = 0;
int redis_db_idx = 0;
@@ -135,9 +133,9 @@ static Maat_feather_t create_maat_feather(const char *instance_name, const char
Maat_set_feather_opt(target, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
if (strlen(accept_path) > 0)
{
MESA_load_profile_string_def(accept_path, "maat", "ACCEPT_TAGS", accept_tags, sizeof(accept_tags), "{\"tags\":[{\"tag\":\"device_id\",\"value\":\"device_1\"}]}");
MESA_load_profile_string_def(accept_path, "maat", "ACCEPT_TAGS", accept_tags, sizeof(accept_tags), "{\"tags\":[{\"tag\":\"device_id\",\"value\":\"device_1\"}]}");
Maat_set_feather_opt(target, MAAT_OPT_ACCEPT_TAGS, &accept_tags, sizeof(accept_tags));
TFE_LOG_INFO(logger, "tfe accept tags : %s", accept_tags);
TFE_LOG_INFO(logger, "tfe accept tags : %s", accept_tags);
}
ret = Maat_initiate_feather(target);
@@ -233,129 +231,7 @@ finish:
return (char *)device_def_id;
}
static void ip_asn_table_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
{
int addr_type;
int ret = 0, profile_id = 0, is_valid = 0;
char start_ip[40], end_ip[40], asn[40] = {0};
char organization[TFE_PATH_MAX];
ret = sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%d", &profile_id, &addr_type, start_ip, end_ip, asn, organization, &is_valid);
if (ret != 7)
{
TFE_LOG_ERROR(g_default_logger, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line);
return;
}
tfe_unescape(organization);
struct ip_data_table *ip_asn = ALLOC(struct ip_data_table, 1);
memset(ip_asn, 0, sizeof(struct ip_data_table));
ip_asn->profile_id = profile_id;
ip_asn->asn = tfe_strdup(asn);
ip_asn->organization = tfe_strdup(organization);
ip_asn->ref_cnt = 1;
pthread_mutex_init(&(ip_asn->lock), NULL);
TFE_LOG_INFO(g_default_logger, "Policy table add success %d", profile_id);
*ad = ip_asn;
}
static void ip_location_table_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
{
int ret = 0, profile_id = 0, is_valid = 0;
int geoname_id = 0, addr_type = 0;
double latitude, longitude, coords;
char language[40], start_ip[40], end_ip[40];
char continent_abbr[TFE_PATH_MAX], continent_full[TFE_PATH_MAX];
char country_abbr[TFE_PATH_MAX], province_abbr[TFE_PATH_MAX], time_zone[TFE_PATH_MAX];
char country_full[TFE_PATH_MAX], province_full[TFE_PATH_MAX], city_full[TFE_PATH_MAX];
ret = sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id, &geoname_id,
&addr_type, start_ip, end_ip, &latitude, &longitude, &coords, language,
continent_abbr, continent_full, country_abbr, country_full, province_abbr, province_full,
city_full, time_zone, &is_valid);
if (ret != 18)
{
TFE_LOG_ERROR(g_default_logger, "Policy table parse ip location failed, ret:%d, %s", ret, table_line);
return;
}
tfe_unescape(continent_full);
tfe_unescape(country_full);
tfe_unescape(province_full);
tfe_unescape(city_full);
struct ip_data_table *ip_asn = ALLOC(struct ip_data_table, 1);
memset(ip_asn, 0, sizeof(struct ip_data_table));
ip_asn->profile_id = profile_id;
ip_asn->country_full = tfe_strdup(country_full);
ip_asn->province_full = tfe_strdup(province_full);
ip_asn->city_full = tfe_strdup(city_full);
ip_asn->ref_cnt = 1;
pthread_mutex_init(&(ip_asn->lock), NULL);
TFE_LOG_INFO(g_default_logger, "Policy table add success %d", profile_id);
*ad = ip_asn;
}
static void ip_table_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
{
struct ip_data_table *ip_asn = (struct ip_data_table *)(*from);
pthread_mutex_lock(&(ip_asn->lock));
ip_asn->ref_cnt++;
pthread_mutex_unlock(&(ip_asn->lock));
*to = ip_asn;
}
static void ip_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
{
if (*ad == NULL)
{
return;
}
struct ip_data_table *ip_asn = (struct ip_data_table *)(*ad);
pthread_mutex_lock(&(ip_asn->lock));
ip_asn->ref_cnt--;
if (ip_asn->ref_cnt > 0)
{
pthread_mutex_unlock(&(ip_asn->lock));
return;
}
pthread_mutex_unlock(&(ip_asn->lock));
pthread_mutex_destroy(&(ip_asn->lock));
if (ip_asn->asn)
FREE(&ip_asn->asn);
if (ip_asn->organization)
FREE(&ip_asn->organization);
if (ip_asn->country_full)
FREE(&ip_asn->country_full);
if (ip_asn->province_full)
FREE(&ip_asn->province_full);
if (ip_asn->city_full)
FREE(&ip_asn->city_full);
FREE(&ip_asn);
*ad = NULL;
return;
}
void ip_table_free(struct ip_data_table *ip_asn)
{
ip_table_free_cb(0, (void **)&ip_asn, 0, NULL);
}
static struct maat_table_info maat_pub_tables[TABLE_TYPE_MAX] = {
// TABLE_IP_ASN_USER_DEFINED
{0, "TSG_IP_ASN_USER_DEFINED", ip_asn_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_IP_ASN_BUILT_IN
{0, "TSG_IP_ASN_BUILT_IN", ip_asn_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_IP_LOCATION_USER_DEFINED
{0, "TSG_IP_LOCATION_USER_DEFINED", ip_location_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_IP_LOCATION_BUILT_IN
{0, "TSG_IP_LOCATION_BUILT_IN", ip_location_table_new_cb, ip_table_dup_cb, ip_table_free_cb},
// TABLE_SECURITY_SOURCE_ASN
{0, "TSG_SECURITY_SOURCE_ASN", NULL, NULL, NULL},
// TABLE_SECURITY_DESTINATION_ASN
@@ -363,8 +239,9 @@ static struct maat_table_info maat_pub_tables[TABLE_TYPE_MAX] = {
// TABLE_SECURITY_SOURCE_LOCATION
{0, "TSG_SECURITY_SOURCE_LOCATION", NULL, NULL, NULL},
// TABLE_SECURITY_DESTINATION_LOCATION
{0, "TSG_SECURITY_DESTINATION_LOCATION", NULL, NULL, NULL}
};
{0, "TSG_SECURITY_DESTINATION_LOCATION", NULL, NULL, NULL},
// TABLE_OBJ_SUBSCRIBER_ID
{0, "TSG_OBJ_SUBSCRIBER_ID", NULL, NULL, NULL}};
static int register_maat_table()
{
@@ -397,12 +274,6 @@ int tfe_bussiness_resouce_init()
return -1;
}
dynamic_maat = create_maat_feather("dyn", profile_path, "DYNAMIC_MAAT", thread_num, g_default_logger);
if (!dynamic_maat)
{
return -1;
}
kafka_logger = create_kafka_logger(profile_path, "kafka", g_default_logger);
if (!kafka_logger)
{
@@ -425,8 +296,6 @@ void *tfe_bussiness_resouce_get(enum RESOURCE_TYPE type)
{
case STATIC_MAAT:
return static_maat;
case DYNAMINC_MAAT:
return dynamic_maat;
case KAFKA_LOGGER:
return kafka_logger;
case DEVICE_ID:

251
common/src/tfe_scan.cpp Normal file
View File

@@ -0,0 +1,251 @@
#include <MESA/Maat_rule.h>
#include <tfe_resource.h>
#include <tfe_scan.h>
int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
int hit_cnt, unsigned int thread_id, void *logger, const char *addr)
{
int scan_ret = 0;
int hit_cnt_ip = 0;
uint16_t opt_out_size;
char dest_subscribe_id[TFE_STRING_MAX] = {0};
char source_subscribe_id[TFE_STRING_MAX] = {0};
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
if (cmsg != NULL)
{
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
}
TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, addr);
if (strlen(source_subscribe_id))
{
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
CHARSET_UTF8, source_subscribe_id, strlen(source_subscribe_id),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
scan_mid, (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
source_subscribe_id, scan_ret, addr);
}
}
if (strlen(dest_subscribe_id))
{
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
CHARSET_UTF8, dest_subscribe_id, strlen(dest_subscribe_id),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
scan_mid, (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
dest_subscribe_id, scan_ret, addr);
}
}
return hit_cnt_ip;
}
int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client)
{
int scan_ret = 0;
int hit_cnt_ip = 0;
uint16_t opt_out_size;
char buff[TFE_STRING_MAX] = {0};
char src_city[TFE_STRING_MAX] = {0};
char dst_city[TFE_STRING_MAX] = {0};
char src_provine[TFE_STRING_MAX] = {0};
char dst_provine[TFE_STRING_MAX] = {0};
char src_country[TFE_STRING_MAX] = {0};
char dst_country[TFE_STRING_MAX] = {0};
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
if (cmsg != NULL)
{
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (unsigned char *)src_country, sizeof(src_country), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src country from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (unsigned char *)dst_country, sizeof(dst_country), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst country from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (unsigned char *)src_provine, sizeof(src_provine), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src provine from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (unsigned char *)dst_provine, sizeof(dst_provine), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst provine from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (unsigned char *)src_city, sizeof(src_city), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src city from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (unsigned char *)dst_city, sizeof(dst_city), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst city from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
}
TFE_LOG_DEBUG(logger, "fetch src country:%s provine:%s city:%s; dst country:%s provine:%s city:%s addr: %s", src_country, src_provine, src_city, dst_country, dst_provine, dst_city, addr);
if (strlen(dst_country) || strlen(dst_city))
{
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s.%s.", dst_country, dst_city);
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION),
CHARSET_GBK, buff, strlen(buff),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
scan_mid, (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s",
buff, scan_ret, addr);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s,%s,%s", dst_city, dst_provine, dst_country);
*location_server = tfe_strdup(buff);
}
if (strlen(src_country) || strlen(src_city))
{
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s.%s.", src_country, src_city);
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION),
CHARSET_GBK, buff, strlen(buff),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
scan_mid, (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s",
buff, scan_ret, addr);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s,%s,%s", src_city, src_provine, src_country);
*location_client = tfe_strdup(buff);
}
return hit_cnt_ip;
}
int tfe_scan_ip_asn(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **asn_server, char **asn_client)
{
int scan_ret = 0;
int hit_cnt_ip = 0;
uint16_t opt_out_size;
char buff[TFE_STRING_MAX] = {0};
char src_asn[TFE_STRING_MAX] = {0};
char dst_asn[TFE_STRING_MAX] = {0};
char src_org[TFE_STRING_MAX] = {0};
char dst_org[TFE_STRING_MAX] = {0};
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
if (cmsg != NULL)
{
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN, (unsigned char *)src_asn, sizeof(src_asn), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN, (unsigned char *)dst_asn, sizeof(dst_asn), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ORGANIZATION, (unsigned char *)src_org, sizeof(src_org), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch src org from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ORGANIZATION, (unsigned char *)dst_org, sizeof(dst_org), &opt_out_size);
if (scan_ret != 0)
{
TFE_LOG_ERROR(logger, "fetch dst org from cmsg failed, ret: %d addr: %s", scan_ret, addr);
}
}
TFE_LOG_DEBUG(logger, "fetch src asn:%s org:%s; dst asn:%s org:%s addr: %s", src_asn, src_org, dst_asn, dst_org, addr);
if (strlen(dst_asn))
{
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN),
CHARSET_UTF8, dst_asn, strlen(dst_asn),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
scan_mid, (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
dst_asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s",
dst_asn, scan_ret, addr);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s(%s)", dst_asn, dst_org);
*asn_server = tfe_strdup(buff);
}
if (strlen(src_asn))
{
scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN),
CHARSET_UTF8, src_asn, strlen(src_asn),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
scan_mid, (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
src_asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s",
src_asn, scan_ret, addr);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s(%s)", src_asn, src_org);
*asn_client = tfe_strdup(buff);
}
return hit_cnt_ip;
}

24
common/src/tfe_types.cpp
View File

@@ -202,28 +202,4 @@ char * tfe_string_addr_create_by_fd(int fd, enum tfe_conn_dir dir)
}
tfe_stream_addr_free(stream_addr);
return addr_str;
}
int tfe_stream_addr_to_address(const struct tfe_stream_addr *addr, struct ip_address *dest_ip, struct ip_address *source_ip)
{
if(addr==NULL) return -1;
if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V4)
{
const struct tfe_stream_addr_tuple4_v4 * tuple4_v4 = addr->tuple4_v4;
source_ip->ip_type=4;
source_ip->ipv4=tuple4_v4->saddr.s_addr;
dest_ip->ip_type=4;
dest_ip->ipv4=tuple4_v4->daddr.s_addr;
}
if (addr->addrtype == TFE_ADDR_STREAM_TUPLE4_V6)
{
const struct tfe_stream_addr_tuple4_v6 * tuple4_v6 = addr->tuple4_v6;
source_ip->ip_type=6;
memcpy((char *)(source_ip->ipv6), tuple4_v6->saddr.__in6_u.__u6_addr32, IPV6_ADDR_LEN);
dest_ip->ip_type=6;
memcpy((char *)(dest_ip->ipv6),tuple4_v6->daddr.__in6_u.__u6_addr32, IPV6_ADDR_LEN);
}
return 0;
}

37
common/src/tfe_utils.cpp
View File

@@ -226,41 +226,4 @@ int tfe_decode_base64url(u_char *dst, u_char *src)
};
return tfe_decode_base64_internal(dst, src, basis64);
}
char *tfe_unescape(char *s)
{
int i=0,j=0;
int len=strlen(s);
for(i=0,j=0;i<len;i++)
{
if(s[i]=='\\')
{
switch(s[i+1])
{
case '&':
s[j]='&';
break;
case 'b':
s[j]=' ';//space,0x20;
break;
case '\\':
s[j]='\\';
break;
default:
s[j]=s[i];
i--; //undo the followed i++
break;
}
i++;
j++;
}
else
{
s[j]=s[i];
j++;
}
}
s[j]='\0';
return s;
}