diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 9a083d3..75a5bb8 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -67,6 +67,7 @@ struct matched_policy_rules struct maat_rule rules[MAX_RESULT_NUM]; }; +int session_packet_capture_by_rules_notify(const struct streaminfo * a_stream, struct maat_rule * rules, size_t n_rules, int thread_seq); void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *rules, size_t n_rules, int thread_seq); size_t tsg_matched_rules_select(struct maat *feather, TSG_SERVICE service, long long *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *feather, enum TSG_PROTOCOL proto, struct maat_state *s_mid, struct maat_rule *rules, size_t n_rules); diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 44e89f2..1c6486c 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -915,7 +915,7 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc break; } - session_packet_capture_notify(a_stream, p_result, 1, a_stream->threadnum); + session_packet_capture_by_rules_notify(a_stream, p_result, 1, a_stream->threadnum); if(method_type!=TSG_METHOD_TYPE_DEFAULT && method_type!=TSG_METHOD_TYPE_APP_DROP) { diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp index f351dcf..1447311 100644 --- a/src/tsg_bridge.cpp +++ b/src/tsg_bridge.cpp @@ -13,6 +13,8 @@ extern int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); extern int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); extern int tm_get_ssl_ja3_fingerprint(const struct streaminfo *a_stream, char **ja3_fingerprint); +extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *s_chaining_rules, size_t n_s_chaining_rules, int thread_seq); +extern int matched_shaping_rules_deal(const struct streaminfo * a_stream, struct maat_rule * shaping_results, size_t n_shaping_results, int thread_seq); struct bridge_info { @@ -777,10 +779,16 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE case TSG_SERVICE_INTERCEPT: bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT; break; + case TSG_SERVICE_CHAINING: + matched_service_chaining_rules_deal(a_stream, rules, n_rules, thread_seq); + break; + case TSG_SERVICE_SHAPING: + matched_shaping_rules_deal(a_stream, rules, n_rules, thread_seq); + break; default: return ; } - + struct matched_policy_rules *matched_policy=(struct matched_policy_rules *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[bridge_idx].id); if(matched_policy==NULL) { @@ -822,7 +830,7 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE memcpy(&(matched_policy->rules[matched_policy->n_rules++]), &(rules[i]), sizeof(struct maat_rule)); } } - + return ; } diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 3258299..d03ac74 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1447,7 +1447,7 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre tsg_set_policy_flow(a_stream, p_rule, a_stream->threadnum); } - session_packet_capture_notify(a_stream, security_rules, n_security_rules, a_stream->threadnum); + session_packet_capture_by_rules_notify(a_stream, security_rules, n_security_rules, a_stream->threadnum); session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, security_rules, n_security_rules, a_stream->threadnum); break; case TSG_ACTION_BYPASS: @@ -1847,7 +1847,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns session_runtime_process_log_send(a_stream, p_result, 1, NULL, thread_seq); break; case TSG_ACTION_MONITOR: - session_packet_capture_notify(a_stream, security_results, hit_num, thread_seq); + session_packet_capture_by_rules_notify(a_stream, security_results, hit_num, thread_seq); session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, security_results, security_result_num,thread_seq); break; default: diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index c2d205e..98511f5 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -171,7 +171,7 @@ static int get_column_pos(const char* line, int column_seq, size_t *offset, size return ret; } -static char* tm_str_unescape(char* s) +static char* tsg_str_unescape(char* s) { if(s==NULL) { @@ -436,10 +436,10 @@ void ex_data_gtp_c_new(const char *table_name, int table_id, const char* key, co user_info->apn=column_string_get_value(table_line, apn); user_info->imei=column_string_get_value(table_line, imei); - tm_str_unescape(user_info->imsi); - tm_str_unescape(user_info->msisdn); - tm_str_unescape(user_info->apn); - tm_str_unescape(user_info->imei); + tsg_str_unescape(user_info->imsi); + tsg_str_unescape(user_info->msisdn); + tsg_str_unescape(user_info->apn); + tsg_str_unescape(user_info->imei); atomic_inc(&user_info->ref_cnt); *ad=(void *)user_info; @@ -504,8 +504,8 @@ void ex_data_asn_number_new(const char *table_name, int table_id, const char* ke return ; } - tm_str_unescape(asn->asn_id); - tm_str_unescape(asn->organization); + tsg_str_unescape(asn->asn_id); + tsg_str_unescape(asn->organization); atomic_inc(&asn->ref_cnt); *ad=(void *)asn; @@ -557,14 +557,14 @@ void ex_data_location_new(const char *table_name, int table_id, const char* key, location->country_full=column_string_get_value(table_line, 13); // country_full location->province_full=column_string_get_value(table_line, 15); // province_full location->city_full=column_string_get_value(table_line, 16); // city_full - tm_str_unescape(location->country_full); - tm_str_unescape(location->province_full); - tm_str_unescape(location->city_full); + tsg_str_unescape(location->country_full); + tsg_str_unescape(location->province_full); + tsg_str_unescape(location->city_full); if(g_tsg_maat_rt_para.location_field_num==19) { location->subdivision_addr=column_string_get_value(table_line, 17); // subdivision_addr - tm_str_unescape(location->subdivision_addr); + tsg_str_unescape(location->subdivision_addr); } atomic_inc(&location->ref_cnt); @@ -786,13 +786,13 @@ void ex_data_app_id_dict_new(const char *table_name, int table_id, const char* k tsg_free_field(deny_action_str); deny_action_str=NULL; - tm_str_unescape(dict->risk); - tm_str_unescape(dict->app_name); - tm_str_unescape(dict->parent_app_name); - tm_str_unescape(dict->category); - tm_str_unescape(dict->subcategory); - tm_str_unescape(dict->technology); - tm_str_unescape(dict->characteristics); + tsg_str_unescape(dict->risk); + tsg_str_unescape(dict->app_name); + tsg_str_unescape(dict->parent_app_name); + tsg_str_unescape(dict->category); + tsg_str_unescape(dict->subcategory); + tsg_str_unescape(dict->technology); + tsg_str_unescape(dict->characteristics); atomic_inc(&dict->ref_cnt); *ad=(void *)dict; @@ -1212,6 +1212,7 @@ void ex_data_security_compile_new(const char *table_name, int table_id, const ch if(compile->p_user_region!=NULL && strlen(compile->p_user_region)>2) { + tsg_str_unescape(compile->p_user_region); user_region_object=cJSON_Parse(compile->p_user_region); if(user_region_object!=NULL) { @@ -2386,16 +2387,31 @@ size_t tsg_scan_ipv6_address(const struct streaminfo *a_stream, struct maat *fea } int is_hited=0; + int protocol=-1; size_t n_matched_rules=0; long long matched_rules[MAX_RESULT_NUM]; + + switch(a_stream->type) + { + case STREAM_TYPE_TCP: + protocol=6; + break; + case STREAM_TYPE_UDP: + protocol=17; + break; + default: + protocol=-1; + break; + } + switch(idx) { case MAAT_SCAN_SRC_IP_ADDR: - is_hited=maat_scan_ipv6(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v6->saddr, p_addr->v6->source, -1, + is_hited=maat_scan_ipv6(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v6->saddr, p_addr->v6->source, protocol, matched_rules+n_matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); break; case MAAT_SCAN_DST_IP_ADDR: - is_hited=maat_scan_ipv6(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v6->daddr, p_addr->v6->dest, -1, + is_hited=maat_scan_ipv6(feather, g_tsg_maat_rt_para.scan_tb[idx].id, p_addr->v6->daddr, p_addr->v6->dest, protocol, matched_rules+n_matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); break; default: @@ -2936,19 +2952,19 @@ struct maat_compile *matched_rule_cites_security_compile(struct maat *feather, s return (struct maat_compile *)maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (const char *)&(result->rule_id)); } -int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *results, size_t n_results, int thread_seq) +int session_packet_capture_by_rules_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq) { struct maat_compile *maat_compile=NULL; struct traffic_mirror_profile *mirror_profile=NULL; - for(size_t i=0; iuser_region->mirror->profile_id)); if(mirror_profile!=NULL) { - session_mirror_packets_sync(a_stream, &results[i], &(mirror_profile->vlan)); + session_mirror_packets_sync(a_stream, &rules[i], &(mirror_profile->vlan)); ex_data_mirrored_profile_free(0, (void **)&mirror_profile, 0, NULL); } else { - session_mirror_packets_sync(a_stream, &results[i], &(g_tsg_maat_rt_para.default_vlan)); + session_mirror_packets_sync(a_stream, &rules[i], &(g_tsg_maat_rt_para.default_vlan)); } } if(maat_compile->user_region->capture.enabled==1) { - session_capture_packets_sync(a_stream, &results[i], maat_compile->user_region->capture.depth); + session_capture_packets_sync(a_stream, &rules[i], maat_compile->user_region->capture.depth); } plugin_ex_data_security_compile_free(maat_compile); diff --git a/src/tsg_rule_internal.h b/src/tsg_rule_internal.h index 2910e1a..3a2c802 100644 --- a/src/tsg_rule_internal.h +++ b/src/tsg_rule_internal.h @@ -173,5 +173,3 @@ size_t tsg_select_matched_security_rules(struct maat_rule * matched_rules, size_ size_t tsg_select_matched_shaping_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); size_t tsg_select_matched_service_chaining_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules); -int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq); - diff --git a/test/src/gtest_action.cpp b/test/src/gtest_action.cpp index c8008de..dd9b142 100644 --- a/test/src/gtest_action.cpp +++ b/test/src/gtest_action.cpp @@ -94,7 +94,7 @@ int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_s return 0; } -int session_packet_capture_notify(const struct streaminfo * a_stream, struct maat_rule *results, size_t n_results, int thread_seq) +int session_packet_capture_by_rules_notify(const struct streaminfo * a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq) { return 0; } diff --git a/test/src/gtest_bridge.cpp b/test/src/gtest_bridge.cpp index 57a04fb..9632972 100644 --- a/test/src/gtest_bridge.cpp +++ b/test/src/gtest_bridge.cpp @@ -81,6 +81,21 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli return 0; } +int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *s_chaining_rules, size_t n_s_chaining_rules, int thread_seq) +{ + return 0; +} + +int matched_shaping_rules_deal(const struct streaminfo * a_stream, struct maat_rule * shaping_results, size_t n_shaping_results, int thread_seq) +{ + return 0; +} + +int session_packet_capture_by_rules_notify(const struct streaminfo * a_stream, struct maat_rule * rules, size_t n_rules, int thread_seq) +{ + return 0; +} + TEST(TM_Bridge, HitedSecurityPolicyResult) { EXPECT_EQ(1,1); diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp index 7da2057..cf95413 100644 --- a/test/src/gtest_master.cpp +++ b/test/src/gtest_master.cpp @@ -490,7 +490,7 @@ TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify) EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY)); } -extern int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq); +extern int session_packet_capture_by_rules_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq); TEST(TSGMaster, SecurityPolicyIntercept) { diff --git a/test/src/gtest_rule.cpp b/test/src/gtest_rule.cpp index dbd0666..74ec87e 100644 --- a/test/src/gtest_rule.cpp +++ b/test/src/gtest_rule.cpp @@ -1055,7 +1055,7 @@ TEST(TMAPI, NotifyPacketCaptureByPolicy) "845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1", "123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1" **************************************************************************************************************************/ - // int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *result, int result_num, int thread_seq) + // int session_packet_capture_by_rules_notify(const struct streaminfo *a_stream, struct maat_rule *rules, int n_rules, int thread_seq) } TEST(TMAPI, ScanNestingAddr)