TSG-15187: 增加遗漏的category的库表注册
This commit is contained in:
刘学利
@@ -1773,8 +1773,10 @@ static size_t session_pending_state_deal(const struct streaminfo *a_stream, stru
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int table_idx=tsg_table_idx_get_by_protocol(srt_process_context->proto);
|
int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
|
||||||
hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
|
hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
|
||||||
|
|
||||||
|
table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto);
|
||||||
hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
|
hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
|
||||||
if(srt_process_context->is_esni)
|
if(srt_process_context->is_esni)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1805,6 +1805,11 @@ int init_scan_table(struct maat *feather, const char *conffile)
|
|||||||
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_TUNNEL_ID].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
|
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_TUNNEL_ID].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
|
||||||
MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SESSION_FLAGS].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
|
MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SESSION_FLAGS].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
|
||||||
|
|
||||||
|
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_HTTP_HOST_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST_CAT");
|
||||||
|
MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SSL_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI_CAT");
|
||||||
|
MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_QUIC_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI_CAT");
|
||||||
|
MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DTLS_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI_CAT");
|
||||||
|
|
||||||
for(int i=0; i<MAAT_SCAN_MAX; i++)
|
for(int i=0; i<MAAT_SCAN_MAX; i++)
|
||||||
{
|
{
|
||||||
g_tsg_maat_rt_para.scan_tb[i].id=maat_get_table_id(feather, g_tsg_maat_rt_para.scan_tb[i].name);
|
g_tsg_maat_rt_para.scan_tb[i].id=maat_get_table_id(feather, g_tsg_maat_rt_para.scan_tb[i].name);
|
||||||
@@ -3089,7 +3094,7 @@ size_t tsg_select_rules_by_service_id(struct maat_rule *matched_rules, size_t n_
|
|||||||
return offset;
|
return offset;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
|
int tsg_domain_table_idx_get(enum TSG_PROTOCOL proto)
|
||||||
{
|
{
|
||||||
switch(proto)
|
switch(proto)
|
||||||
{
|
{
|
||||||
@@ -3108,6 +3113,25 @@ int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int tsg_fqdn_category_table_idx_get(enum TSG_PROTOCOL proto)
|
||||||
|
{
|
||||||
|
switch(proto)
|
||||||
|
{
|
||||||
|
case PROTO_HTTP:
|
||||||
|
return MAAT_SCAN_HTTP_HOST_CAT;
|
||||||
|
case PROTO_SSL:
|
||||||
|
return MAAT_SCAN_SSL_SNI_CAT;
|
||||||
|
case PROTO_QUIC:
|
||||||
|
return MAAT_SCAN_QUIC_SNI_CAT;
|
||||||
|
case PROTO_DTLS:
|
||||||
|
return MAAT_SCAN_DTLS_SNI_CAT;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
int tsg_http_url_table_idx_get(void)
|
int tsg_http_url_table_idx_get(void)
|
||||||
{
|
{
|
||||||
return MAAT_SCAN_HTTP_URL;
|
return MAAT_SCAN_HTTP_URL;
|
||||||
|
|||||||
@@ -88,6 +88,10 @@ enum MAAT_SCAN_TB
|
|||||||
MAAT_SCAN_DTLS_SNI,
|
MAAT_SCAN_DTLS_SNI,
|
||||||
MAAT_SCAN_TUNNEL_ID,
|
MAAT_SCAN_TUNNEL_ID,
|
||||||
MAAT_SCAN_SESSION_FLAGS,
|
MAAT_SCAN_SESSION_FLAGS,
|
||||||
|
MAAT_SCAN_HTTP_HOST_CAT,
|
||||||
|
MAAT_SCAN_SSL_SNI_CAT,
|
||||||
|
MAAT_SCAN_QUIC_SNI_CAT,
|
||||||
|
MAAT_SCAN_DTLS_SNI_CAT,
|
||||||
MAAT_SCAN_MAX
|
MAAT_SCAN_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -148,7 +152,8 @@ char *tsg_data_center_get(void);
|
|||||||
char *tsg_device_tag_get(void);
|
char *tsg_device_tag_get(void);
|
||||||
int tsg_location_type_get(void);
|
int tsg_location_type_get(void);
|
||||||
int tsg_session_record_switch_get(void);
|
int tsg_session_record_switch_get(void);
|
||||||
int tsg_table_idx_get_by_protocol(enum TSG_PROTOCOL proto);
|
int tsg_domain_table_idx_get(enum TSG_PROTOCOL proto);
|
||||||
|
int tsg_fqdn_category_table_idx_get(enum TSG_PROTOCOL proto);
|
||||||
int tsg_http_url_table_idx_get(void);
|
int tsg_http_url_table_idx_get(void);
|
||||||
long long tsg_default_compile_id_get(void);
|
long long tsg_default_compile_id_get(void);
|
||||||
|
|
||||||
|
|||||||
@@ -72,15 +72,12 @@ TEST(TSG_Table, http_host)
|
|||||||
TEST(TSG_Table, TSG_FIELD_HTTP_HOST_CAT)
|
TEST(TSG_Table, TSG_FIELD_HTTP_HOST_CAT)
|
||||||
{
|
{
|
||||||
const struct streaminfo a_stream = {0};
|
const struct streaminfo a_stream = {0};
|
||||||
long long integer = 1003;
|
unsigned int integer = 1003;
|
||||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||||
|
|
||||||
size_t n_matched_rules = 0;
|
struct maat_rule matched_rules[MAX_RESULT_NUM];
|
||||||
long long matched_rules[MAX_RESULT_NUM];
|
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_HTTP_HOST_CAT, mid, matched_rules, MAX_RESULT_NUM));
|
||||||
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_HTTP_HOST_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
|
EXPECT_EQ(matched_rules[0].rule_id, 6);
|
||||||
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
|
|
||||||
EXPECT_EQ(n_matched_rules, 1);
|
|
||||||
EXPECT_EQ(matched_rules[0], 6);
|
|
||||||
maat_state_free(mid);
|
maat_state_free(mid);
|
||||||
mid = NULL;
|
mid = NULL;
|
||||||
}
|
}
|
||||||
@@ -239,15 +236,12 @@ TEST(TSG_Table, ssl_handshake_extensions_server_name)
|
|||||||
TEST(TSG_Table, TSG_FIELD_SSL_SNI_CAT)
|
TEST(TSG_Table, TSG_FIELD_SSL_SNI_CAT)
|
||||||
{
|
{
|
||||||
const struct streaminfo a_stream = {0};
|
const struct streaminfo a_stream = {0};
|
||||||
long long integer = 1002;
|
unsigned int integer = 1002;
|
||||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||||
|
|
||||||
size_t n_matched_rules = 0;
|
struct maat_rule matched_rules[MAX_RESULT_NUM];
|
||||||
long long matched_rules[MAX_RESULT_NUM];
|
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_SSL_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
|
||||||
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_SSL_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
|
EXPECT_EQ(matched_rules[0].rule_id, 13);
|
||||||
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
|
|
||||||
EXPECT_EQ(n_matched_rules, 1);
|
|
||||||
EXPECT_EQ(matched_rules[0], 13);
|
|
||||||
maat_state_free(mid);
|
maat_state_free(mid);
|
||||||
mid = NULL;
|
mid = NULL;
|
||||||
}
|
}
|
||||||
@@ -392,12 +386,9 @@ TEST(TSG_Table, TSG_FIELD_QUIC_SNI)
|
|||||||
size_t s_data_len = strlen(s_data);
|
size_t s_data_len = strlen(s_data);
|
||||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||||
|
|
||||||
size_t n_matched_rules = 0;
|
struct maat_rule matched_rules[MAX_RESULT_NUM];
|
||||||
long long matched_rules[MAX_RESULT_NUM];
|
EXPECT_EQ(1, tsg_scan_string(&a_stream, g_tsg_maat_feather, s_data, s_data_len, MAAT_SCAN_QUIC_SNI, mid, matched_rules, MAX_RESULT_NUM));
|
||||||
int is_hited = maat_scan_string(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_QUIC_SNI"), s_data, s_data_len, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
|
EXPECT_EQ(matched_rules[0].rule_id, 20);
|
||||||
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
|
|
||||||
EXPECT_EQ(n_matched_rules, 1);
|
|
||||||
EXPECT_EQ(matched_rules[0], 20);
|
|
||||||
maat_state_free(mid);
|
maat_state_free(mid);
|
||||||
mid = NULL;
|
mid = NULL;
|
||||||
}
|
}
|
||||||
@@ -422,15 +413,12 @@ TEST(TSG_Table, quic_sni)
|
|||||||
TEST(TSG_Table, TSG_FIELD_QUIC_SNI_CAT)
|
TEST(TSG_Table, TSG_FIELD_QUIC_SNI_CAT)
|
||||||
{
|
{
|
||||||
const struct streaminfo a_stream = {0};
|
const struct streaminfo a_stream = {0};
|
||||||
long long integer = 1011;
|
unsigned int integer = 1011;
|
||||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||||
|
|
||||||
size_t n_matched_rules = 0;
|
struct maat_rule matched_rules[MAX_RESULT_NUM];
|
||||||
long long matched_rules[MAX_RESULT_NUM];
|
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_QUIC_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
|
||||||
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_QUIC_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
|
EXPECT_EQ(matched_rules[0].rule_id, 21);
|
||||||
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
|
|
||||||
EXPECT_EQ(n_matched_rules, 1);
|
|
||||||
EXPECT_EQ(matched_rules[0], 21);
|
|
||||||
maat_state_free(mid);
|
maat_state_free(mid);
|
||||||
mid = NULL;
|
mid = NULL;
|
||||||
}
|
}
|
||||||
@@ -927,15 +915,12 @@ TEST(TSG_Table, TSG_FIELD_DTLS_SNI)
|
|||||||
TEST(TSG_Table, TSG_FIELD_DTLS_SNI_CAT)
|
TEST(TSG_Table, TSG_FIELD_DTLS_SNI_CAT)
|
||||||
{
|
{
|
||||||
const struct streaminfo a_stream = {0};
|
const struct streaminfo a_stream = {0};
|
||||||
long long integer = 1007;
|
unsigned int integer = 1007;
|
||||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||||
|
|
||||||
size_t n_matched_rules = 0;
|
struct maat_rule matched_rules[MAX_RESULT_NUM];
|
||||||
long long matched_rules[MAX_RESULT_NUM];
|
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_DTLS_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
|
||||||
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_DTLS_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
|
EXPECT_EQ(matched_rules[0].rule_id, 49);
|
||||||
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
|
|
||||||
EXPECT_EQ(n_matched_rules, 1);
|
|
||||||
EXPECT_EQ(matched_rules[0], 49);
|
|
||||||
maat_state_free(mid);
|
maat_state_free(mid);
|
||||||
mid = NULL;
|
mid = NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user