gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG Master 共享部分扫描结果给 TFE

Browse Source 
*	TSG-2847 - TFE 新增 cmsg 共享 TSG Master 的扫描结果
*	TSG-2851 - Pangu 从 cmsg 获取 TSG Master 的扫描结果
*	TSG-2852 - DOH   从 cmsg 获取 TSG Master 的扫描结果
*	TSG-2849 - TFE DOH 功能支持 SUBID
*	合并 pangu/doh 的 maat scan 的代码为 tfe_scan
This commit is contained in:
luwenpeng
2020-08-10 18:13:44 +08:00
parent ddb1ccba12
commit fbc7b5a715
16 changed files with 351 additions and 718 deletions
Download Patch File Download Diff File Expand all files Collapse all files

228
plugin/business/doh/src/doh.cpp
View File

@@ -1,6 +1,6 @@
#include "logger.h"
#include <tfe_scan.h>
#define MAX_SCAN_RESULT 16
#define DOH_CTX_MAGIC_NUM 20200601
#define REQ_METHOD_IS_GET(method) ((method == TFE_HTTP_METHOD_GET) ? 1 : 0)
@@ -199,172 +199,6 @@ static struct Maat_rule_t *doh_fetch_rule(Maat_rule_t *result, int result_num)
return p_result;
}
static int doh_ip_location_scan(struct Maat_rule_t *result, struct ip_address *sip, struct ip_address *dip, int hit_cnt, unsigned int thread_id, struct doh_ctx *ctx)
{
int scan_ret = 0, hit_cnt_ip = 0;
char buff[TFE_STRING_MAX] = {0};
struct ip_data_table *ip_location_client = NULL, *ip_location_server = NULL;
int is_src_use_user_defined = 1;
int is_dst_use_user_defined = 1;
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_LOCATION_USER_DEFINED), sip, (void **)&ip_location_client, 1);
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_LOCATION_USER_DEFINED), dip, (void **)&ip_location_server, 1);
if (ip_location_client == NULL)
{
is_src_use_user_defined = 0;
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_LOCATION_BUILT_IN), sip, (void **)&ip_location_client, 1);
}
if (ip_location_server == NULL)
{
is_dst_use_user_defined = 0;
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_LOCATION_BUILT_IN), dip, (void **)&ip_location_server, 1);
}
if (ip_location_server != NULL)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "scan dst ip use IP_LOCATION_%s, profile_id: %d ref_cnt: %d asn: %s organization: %s country: %s province: %s city: %s addr: %s",
(is_dst_use_user_defined ? "USER_DEFINED" : "BUILT_IN"), ip_location_server->profile_id, ip_location_server->ref_cnt, ip_location_server->asn,
ip_location_server->organization, ip_location_server->country_full, ip_location_server->province_full, ip_location_server->city_full, ctx->addr_string);
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_server->country_full, ip_location_server->city_full);
scan_ret = Maat_full_scan_string(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION),
CHARSET_GBK, buff, strlen(buff),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&(ctx->scan_mid), (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_DST_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, ctx->addr_string);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_DST_LOCATION, NO hit location: %s scan ret: %d addr: %s",
buff, scan_ret, ctx->addr_string);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s,%s,%s", ip_location_server->city_full, ip_location_server->province_full, ip_location_server->country_full);
ctx->location_server = tfe_strdup(buff);
}
if (ip_location_client != NULL)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "scan src ip use IP_LOCATION_%s, profile_id: %d ref_cnt: %d asn: %s organization: %s country: %s province: %s city: %s addr: %s",
(is_src_use_user_defined ? "USER_DEFINED" : "BUILT_IN"), ip_location_client->profile_id, ip_location_client->ref_cnt, ip_location_client->asn,
ip_location_client->organization, ip_location_client->country_full, ip_location_client->province_full, ip_location_client->city_full, ctx->addr_string);
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_client->country_full, ip_location_client->city_full);
scan_ret = Maat_full_scan_string(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION),
CHARSET_GBK, buff, strlen(buff),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&(ctx->scan_mid), (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_SRC_LOCATION, Hit location: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
buff, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, ctx->addr_string);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_SRC_LOCATION, NO hit location: %s scan ret: %d addr: %s",
buff, scan_ret, ctx->addr_string);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s,%s,%s", ip_location_client->city_full, ip_location_client->province_full, ip_location_client->country_full);
ctx->location_client = tfe_strdup(buff);
}
if (ip_location_server)
ip_table_free(ip_location_server);
if (ip_location_client)
ip_table_free(ip_location_client);
return hit_cnt_ip;
}
static int doh_ip_asn_scan(struct Maat_rule_t *result, struct ip_address *sip, struct ip_address *dip, int hit_cnt, unsigned int thread_id, struct doh_ctx *ctx)
{
int scan_ret = 0, hit_cnt_ip = 0;
char buff[TFE_STRING_MAX] = {0};
struct ip_data_table *ip_asn_client = NULL, *ip_asn_server = NULL;
int is_src_use_user_defined = 1;
int is_dst_use_user_defined = 1;
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_ASN_USER_DEFINED), sip, (void **)&ip_asn_client, 1);
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_ASN_USER_DEFINED), dip, (void **)&ip_asn_server, 1);
if (ip_asn_client == NULL)
{
is_src_use_user_defined = 0;
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_ASN_BUILT_IN), sip, (void **)&ip_asn_client, 1);
}
if (ip_asn_server == NULL)
{
is_dst_use_user_defined = 0;
Maat_ip_plugin_get_EX_data(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_IP_ASN_BUILT_IN), dip, (void **)&ip_asn_server, 1);
}
if (ip_asn_server != NULL)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "scan dst ip use IP_ASN_%s, profile_id: %d ref_cnt: %d asn: %s organization: %s country: %s province: %s city: %s addr: %s",
(is_dst_use_user_defined ? "USER_DEFINED" : "BUILT_IN"), ip_asn_server->profile_id, ip_asn_server->ref_cnt, ip_asn_server->asn,
ip_asn_server->organization, ip_asn_server->country_full, ip_asn_server->province_full, ip_asn_server->city_full, ctx->addr_string);
scan_ret = Maat_full_scan_string(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN),
CHARSET_UTF8, ip_asn_server->asn, strlen(ip_asn_server->asn),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&(ctx->scan_mid), (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_DST_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
ip_asn_server->asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, ctx->addr_string);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_DST_ASN, NO hit asn: %s scan ret: %d addr: %s",
ip_asn_server->asn, scan_ret, ctx->addr_string);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s(%s)", ip_asn_server->asn, ip_asn_server->organization);
ctx->asn_server = tfe_strdup(buff);
}
if (ip_asn_client != NULL)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "scan src ip use IP_ASN_%s, profile_id: %d ref_cnt: %d asn: %s organization: %s country: %s province: %s city: %s addr: %s",
(is_src_use_user_defined ? "USER_DEFINED" : "BUILT_IN"), ip_asn_client->profile_id, ip_asn_client->ref_cnt, ip_asn_client->asn,
ip_asn_client->organization, ip_asn_client->country_full, ip_asn_client->province_full, ip_asn_client->city_full, ctx->addr_string);
scan_ret = Maat_full_scan_string(g_doh_conf->maat, tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN),
CHARSET_UTF8, ip_asn_client->asn, strlen(ip_asn_client->asn),
result + hit_cnt + hit_cnt_ip, NULL, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
&(ctx->scan_mid), (int)thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_SRC_ASN, Hit asn: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
ip_asn_client->asn, scan_ret, result[hit_cnt + hit_cnt_ip].config_id, result[hit_cnt + hit_cnt_ip].service_id, result[hit_cnt + hit_cnt_ip].action, ctx->addr_string);
hit_cnt_ip += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_SRC_ASN, NO hit asn: %s scan ret: %d addr: %s",
ip_asn_client->asn, scan_ret, ctx->addr_string);
}
memset(buff, 0, sizeof(buff));
snprintf(buff, sizeof(buff), "%s(%s)", ip_asn_client->asn, ip_asn_client->organization);
ctx->asn_client = tfe_strdup(buff);
}
if (ip_asn_server)
ip_table_free(ip_asn_server);
if (ip_asn_client)
ip_table_free(ip_asn_client);
return hit_cnt_ip;
}
static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http_session *session, struct doh_ctx *ctx, char *qname, int qtype)
{
int hit_cnt = 0;
@@ -374,15 +208,19 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
struct Maat_rule_t *p_result = NULL;
struct Maat_rule_t result[MAX_SCAN_RESULT];
struct ip_address dest_ip, source_ip;
tfe_stream_addr_to_address(stream->addr, &dest_ip, &source_ip);
scan_ret = doh_ip_location_scan(result, &source_ip, &dest_ip, hit_cnt, ctx->thread_id, ctx);
scan_ret = tfe_scan_subscribe_id(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, ctx->addr_string);
if (scan_ret > 0)
{
hit_cnt += scan_ret;
}
scan_ret = tfe_scan_ip_location(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, ctx->addr_string, &(ctx->location_server), &(ctx->location_client));
if (scan_ret > 0)
{
hit_cnt += scan_ret;
}
scan_ret = doh_ip_asn_scan(result, &source_ip, &dest_ip, hit_cnt, ctx->thread_id, ctx);
scan_ret = tfe_scan_ip_asn(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_doh_conf->local_logger, ctx->addr_string, &(ctx->asn_server), &(ctx->asn_client));
if (scan_ret > 0)
{
hit_cnt += scan_ret;
@@ -396,15 +234,15 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
host, strlen(host), result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_HOST, Hit host: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
host, scan_ret, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action, ctx->addr_string);
hit_cnt += scan_ret;
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit host: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action, ctx->addr_string);
hit_cnt += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_HOST, NO hit host: %s scan ret: %d addr: %s",
host, scan_ret, ctx->addr_string);
}
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit host: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, ctx->addr_string);
}
}
// scan addr
@@ -413,45 +251,45 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http
0, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_ADDR, Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
ctx->addr_string, scan_ret, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action);
hit_cnt += scan_ret;
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
g_doh_conf->tables[TYPE_ADDR].name, ctx->addr_string, scan_ret, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action);
hit_cnt += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_ADDR, NO hit addr: %s scan ret: %d",
ctx->addr_string, scan_ret);
}
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit addr: %s scan ret: %d",
g_doh_conf->tables[TYPE_ADDR].name, ctx->addr_string, scan_ret);
}
// scan appid
scan_ret = Maat_full_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_APPID].id, CHARSET_UTF8,
app_id, strlen(app_id), result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_APPID, Hit proto: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
app_id, scan_ret, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action, ctx->addr_string);
hit_cnt += scan_ret;
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit proto: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
g_doh_conf->tables[TYPE_APPID].name, app_id, scan_ret, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action, ctx->addr_string);
hit_cnt += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_APPID, NO hit proto: %s scan ret: %d addr: %s",
app_id, scan_ret, ctx->addr_string);
}
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit proto: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_APPID].name, app_id, scan_ret, ctx->addr_string);
}
// scan qname
scan_ret = Maat_full_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_QNAME].id, CHARSET_UTF8,
qname, strlen(qname), result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
if (scan_ret > 0)
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_QNAME, Hit domain: %s scan ret: %d qtype: %d policy_id: %d service: %d action: %d addr: %s",
qname, scan_ret, qtype, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action, ctx->addr_string);
hit_cnt += scan_ret;
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit domain: %s scan ret: %d qtype: %d policy_id: %d service: %d action: %d addr: %s",
g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, qtype, result[hit_cnt].config_id, result[hit_cnt].service_id, result[hit_cnt].action, ctx->addr_string);
hit_cnt += scan_ret;
}
else
{
TFE_LOG_INFO(g_doh_conf->local_logger, "SCAN_QNAME, NO hit domain: %s scan ret: %d addr: %s",
qname, scan_ret, ctx->addr_string);
}
TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s",
g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, ctx->addr_string);
}
if (hit_cnt)
{