TSG Master 共享部分扫描结果给 TFE

* TSG-2847 - TFE 新增 cmsg 共享 TSG Master 的扫描结果 * TSG-2851 - Pangu 从 cmsg 获取 TSG Master 的扫描结果 * TSG-2852 - DOH 从 cmsg 获取 TSG Master 的扫描结果 * TSG-2849 - TFE DOH 功能支持 SUBID * 合并 pangu/doh 的 maat scan 的代码为 tfe_scan
2020-08-10 18:13:44 +08:00
parent ddb1ccba12
commit fbc7b5a715
16 changed files with 351 additions and 718 deletions
--- a/common/src/tfe_scan.cpp
+++ b/common/src/tfe_scan.cpp
@@ -0,0 +1,251 @@
+#include <MESA/Maat_rule.h>
+#include <tfe_resource.h>
+#include <tfe_scan.h>
+
+int tfe_scan_subscribe_id(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
+                          int hit_cnt, unsigned int thread_id, void *logger, const char *addr)
+{
+    int scan_ret = 0;
+    int hit_cnt_ip = 0;
+    uint16_t opt_out_size;
+    char dest_subscribe_id[TFE_STRING_MAX] = {0};
+    char source_subscribe_id[TFE_STRING_MAX] = {0};
+    struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
+    if (cmsg != NULL)
+    {
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+    }
+    TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, addr);
+
+    if (strlen(source_subscribe_id))
+    {
+        scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
+                                         CHARSET_UTF8, source_subscribe_id, strlen(source_subscribe_id),
+                                         result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
+                                         scan_mid, (int)thread_id);
+        if (scan_ret > 0)
+        {
+            TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
+            hit_cnt_ip += scan_ret;
+        }
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
+                         source_subscribe_id, scan_ret, addr);
+        }
+    }
+
+    if (strlen(dest_subscribe_id))
+    {
+        scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
+                                         CHARSET_UTF8, dest_subscribe_id, strlen(dest_subscribe_id),
+                                         result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
+                                         scan_mid, (int)thread_id);
+        if (scan_ret > 0)
+        {
+            TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
+            hit_cnt_ip += scan_ret;
+        }
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
+                         dest_subscribe_id, scan_ret, addr);
+        }
+    }
+
+    return hit_cnt_ip;
+}
+
+int tfe_scan_ip_location(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
+                         int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **location_server, char **location_client)
+{
+    int scan_ret = 0;
+    int hit_cnt_ip = 0;
+    uint16_t opt_out_size;
+    char buff[TFE_STRING_MAX] = {0};
+    char src_city[TFE_STRING_MAX] = {0};
+    char dst_city[TFE_STRING_MAX] = {0};
+    char src_provine[TFE_STRING_MAX] = {0};
+    char dst_provine[TFE_STRING_MAX] = {0};
+    char src_country[TFE_STRING_MAX] = {0};
+    char dst_country[TFE_STRING_MAX] = {0};
+    struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
+    if (cmsg != NULL)
+    {
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (unsigned char *)src_country, sizeof(src_country), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch src country from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (unsigned char *)dst_country, sizeof(dst_country), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch dst country from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (unsigned char *)src_provine, sizeof(src_provine), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch src provine from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (unsigned char *)dst_provine, sizeof(dst_provine), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch dst provine from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (unsigned char *)src_city, sizeof(src_city), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch src city from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (unsigned char *)dst_city, sizeof(dst_city), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch dst city from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+    }
+    TFE_LOG_DEBUG(logger, "fetch src country:%s provine:%s city:%s; dst country:%s provine:%s city:%s addr: %s", src_country, src_provine, src_city, dst_country, dst_provine, dst_city, addr);
+
+    if (strlen(dst_country) || strlen(dst_city))
+    {
+        memset(buff, 0, sizeof(buff));
+        snprintf(buff, sizeof(buff), "%s.%s.", dst_country, dst_city);
+        scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION),
+                                         CHARSET_GBK, buff, strlen(buff),
+                                         result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
+                                         scan_mid, (int)thread_id);
+        if (scan_ret > 0)
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
+            hit_cnt_ip += scan_ret;
+        }
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s",
+                         buff, scan_ret, addr);
+        }
+        memset(buff, 0, sizeof(buff));
+        snprintf(buff, sizeof(buff), "%s,%s,%s", dst_city, dst_provine, dst_country);
+        *location_server = tfe_strdup(buff);
+    }
+    if (strlen(src_country) || strlen(src_city))
+    {
+        memset(buff, 0, sizeof(buff));
+        snprintf(buff, sizeof(buff), "%s.%s.", src_country, src_city);
+        scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION),
+                                         CHARSET_GBK, buff, strlen(buff),
+                                         result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
+                                         scan_mid, (int)thread_id);
+        if (scan_ret > 0)
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
+            hit_cnt_ip += scan_ret;
+        }
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s",
+                         buff, scan_ret, addr);
+        }
+
+        memset(buff, 0, sizeof(buff));
+        snprintf(buff, sizeof(buff), "%s,%s,%s", src_city, src_provine, src_country);
+        *location_client = tfe_strdup(buff);
+    }
+
+    return hit_cnt_ip;
+}
+
+int tfe_scan_ip_asn(const struct tfe_stream *stream, struct Maat_rule_t *result, scan_status_t *scan_mid,
+                    int hit_cnt, unsigned int thread_id, void *logger, const char *addr, char **asn_server, char **asn_client)
+{
+    int scan_ret = 0;
+    int hit_cnt_ip = 0;
+    uint16_t opt_out_size;
+    char buff[TFE_STRING_MAX] = {0};
+    char src_asn[TFE_STRING_MAX] = {0};
+    char dst_asn[TFE_STRING_MAX] = {0};
+    char src_org[TFE_STRING_MAX] = {0};
+    char dst_org[TFE_STRING_MAX] = {0};
+    struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream);
+    if (cmsg != NULL)
+    {
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN, (unsigned char *)src_asn, sizeof(src_asn), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN, (unsigned char *)dst_asn, sizeof(dst_asn), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ORGANIZATION, (unsigned char *)src_org, sizeof(src_org), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch src org from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+        scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ORGANIZATION, (unsigned char *)dst_org, sizeof(dst_org), &opt_out_size);
+        if (scan_ret != 0)
+        {
+            TFE_LOG_ERROR(logger, "fetch dst org from cmsg failed, ret: %d addr: %s", scan_ret, addr);
+        }
+    }
+    TFE_LOG_DEBUG(logger, "fetch src asn:%s org:%s; dst asn:%s org:%s addr: %s", src_asn, src_org, dst_asn, dst_org, addr);
+
+    if (strlen(dst_asn))
+    {
+        scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN),
+                                         CHARSET_UTF8, dst_asn, strlen(dst_asn),
+                                         result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
+                                         scan_mid, (int)thread_id);
+        if (scan_ret > 0)
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         dst_asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
+            hit_cnt_ip += scan_ret;
+        }
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s",
+                         dst_asn, scan_ret, addr);
+        }
+        memset(buff, 0, sizeof(buff));
+        snprintf(buff, sizeof(buff), "%s(%s)", dst_asn, dst_org);
+        *asn_server = tfe_strdup(buff);
+    }
+    if (strlen(src_asn))
+    {
+        scan_ret = Maat_full_scan_string(tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN),
+                                         CHARSET_UTF8, src_asn, strlen(src_asn),
+                                         result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
+                                         scan_mid, (int)thread_id);
+        if (scan_ret > 0)
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+                         src_asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, addr);
+            hit_cnt_ip += scan_ret;
+        }
+        else
+        {
+            TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s",
+                         src_asn, scan_ret, addr);
+        }
+
+        memset(buff, 0, sizeof(buff));
+        snprintf(buff, sizeof(buff), "%s(%s)", src_asn, src_org);
+        *asn_client = tfe_strdup(buff);
+    }
+    return hit_cnt_ip;
+}