2019-11-12 13:35:19 +08:00
|
|
|
#ifndef __TSG_RULE_H__
|
|
|
|
|
#define __TSG_RULE_H__
|
|
|
|
|
|
|
|
|
|
#include <MESA/Maat_rule.h>
|
|
|
|
|
|
2020-08-19 16:56:10 +08:00
|
|
|
#include "tsg_label.h"
|
|
|
|
|
|
2021-03-02 10:39:33 +08:00
|
|
|
#define TSG_DOMAIN_MAX 256
|
|
|
|
|
#define MAX_APP_ID_PROPERTY_LEN 128
|
|
|
|
|
|
2020-01-07 13:04:00 +08:00
|
|
|
#define TSG_ACTION_NONE 0x00
|
|
|
|
|
#define TSG_ACTION_MONITOR 0x01
|
|
|
|
|
#define TSG_ACTION_INTERCEPT 0x02
|
|
|
|
|
#define TSG_ACTION_DENY 0x10
|
|
|
|
|
#define TSG_ACTION_MANIPULATE 0x30
|
|
|
|
|
#define TSG_ACTION_BYPASS 0x80
|
|
|
|
|
#define TSG_ACTION_MAX 0x80
|
|
|
|
|
|
2021-03-02 10:39:33 +08:00
|
|
|
enum TSG_METHOD_TYPE
|
2019-12-20 11:15:29 +08:00
|
|
|
{
|
|
|
|
|
TSG_METHOD_TYPE_UNKNOWN=0,
|
|
|
|
|
TSG_METHOD_TYPE_DROP,
|
|
|
|
|
TSG_METHOD_TYPE_REDIRECTION,
|
|
|
|
|
TSG_METHOD_TYPE_BLOCK,
|
|
|
|
|
TSG_METHOD_TYPE_RESET,
|
2021-12-06 11:37:05 +03:00
|
|
|
TSG_METHOD_TYPE_RST,
|
2020-04-16 13:03:56 +08:00
|
|
|
TSG_METHOD_TYPE_ALERT,
|
2021-08-27 19:33:54 +08:00
|
|
|
TSG_METHOD_TYPE_RATE_LIMIT,
|
2021-08-04 02:08:30 +00:00
|
|
|
TSG_METHOD_TYPE_MIRRORED,
|
2021-11-02 17:39:42 +08:00
|
|
|
TSG_METHOD_TYPE_TAMPER,
|
2021-12-31 16:28:00 +03:00
|
|
|
TSG_METHOD_TYPE_DEFAULT,
|
2022-02-09 21:25:49 +08:00
|
|
|
TSG_METHOD_TYPE_APP_DROP,
|
2022-04-02 17:52:06 +08:00
|
|
|
TSG_METHOD_TYPE_ALLOW,
|
2019-12-20 11:15:29 +08:00
|
|
|
TSG_METHOD_TYPE_MAX
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-02 10:39:33 +08:00
|
|
|
struct identify_info
|
2019-11-14 11:52:40 +08:00
|
|
|
{
|
|
|
|
|
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
|
|
|
|
|
int domain_len;
|
2021-08-07 17:27:55 +08:00
|
|
|
char domain[MAX_DOMAIN_LEN];
|
2021-03-02 10:39:33 +08:00
|
|
|
};
|
2020-06-09 10:20:47 +08:00
|
|
|
|
2019-11-12 13:35:19 +08:00
|
|
|
typedef enum _PULL_RESULT_TYPE
|
|
|
|
|
{
|
|
|
|
|
PULL_KNI_RESULT,
|
2021-07-10 03:40:39 +00:00
|
|
|
PULL_FW_RESULT,
|
|
|
|
|
PULL_ALL_RESULT
|
2019-11-12 13:35:19 +08:00
|
|
|
}PULL_RESULT_TYPE;
|
|
|
|
|
|
|
|
|
|
extern Maat_feather_t g_tsg_maat_feather;
|
|
|
|
|
|
2019-11-15 14:37:18 +08:00
|
|
|
int tsg_rule_init(const char *conffile, void *logger);
|
2019-11-12 13:35:19 +08:00
|
|
|
|
|
|
|
|
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
|
2021-03-02 10:39:33 +08:00
|
|
|
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info);
|
2022-06-02 10:48:00 +08:00
|
|
|
char *tsg_pull_quic_ua(struct streaminfo *a_stream);
|
|
|
|
|
char *tsg_pull_http_url(struct streaminfo *a_stream);
|
|
|
|
|
|
2019-11-12 13:35:19 +08:00
|
|
|
|
2019-12-09 18:58:05 +08:00
|
|
|
//return NULL if none exists, otherwise return one deny rule;
|
|
|
|
|
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
|
2019-11-12 13:35:19 +08:00
|
|
|
|
2021-08-01 10:48:19 +00:00
|
|
|
enum ACTION_RETURN_TYPE
|
|
|
|
|
{
|
|
|
|
|
ACTION_RETURN_TYPE_PROT=0,
|
|
|
|
|
ACTION_RETURN_TYPE_APP
|
|
|
|
|
};
|
2021-08-07 17:27:55 +08:00
|
|
|
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data);
|
2021-08-01 10:48:19 +00:00
|
|
|
|
2019-12-20 11:15:29 +08:00
|
|
|
int tsg_get_method_id(char *method);
|
|
|
|
|
|
2021-08-01 10:48:19 +00:00
|
|
|
int tsg_free_compile_user_region(const struct Maat_rule_t *rule, struct compile_user_region *user_region);
|
|
|
|
|
struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maat_feather, struct Maat_rule_t *result);
|
|
|
|
|
|
2021-08-07 17:27:55 +08:00
|
|
|
|
|
|
|
|
////return -1 if none exists otherwise return >=0
|
|
|
|
|
int tsg_get_column_integer_value(const char* line, int column_seq);
|
|
|
|
|
|
|
|
|
|
//return NULL if none exists, otherwise return value;
|
|
|
|
|
char *tsg_get_column_string_value(const char* line, int column_seq);
|
|
|
|
|
|
2021-08-13 10:23:05 +00:00
|
|
|
int tsg_set_fqdn_category_id(const struct streaminfo *a_stream, unsigned int *category_id, int category_id_num, int thread_seq);
|
2020-09-28 17:27:28 +08:00
|
|
|
int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq);
|
2021-05-11 17:19:41 +08:00
|
|
|
int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq);
|
|
|
|
|
int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq);
|
2021-08-01 10:48:19 +00:00
|
|
|
int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
|
2020-09-28 17:13:39 +08:00
|
|
|
|
2019-11-12 13:35:19 +08:00
|
|
|
#endif
|
