gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-15187: 增加遗漏的category的库表注册

Browse Source
This commit is contained in:
刘学利
2023-05-26 07:23:57 +00:00
parent b9e33e36bb
commit 7bd3fe594c
4 changed files with 53 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/tsg_entry.cpp
View File

@@ -1773,8 +1773,10 @@ static size_t session_pending_state_deal(const struct streaminfo *a_stream, stru
}
}
int table_idx=tsg_table_idx_get_by_protocol(srt_process_context->proto);
int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto);
hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
if(srt_process_context->is_esni)
{

26
src/tsg_rule.cpp
View File

@@ -1805,6 +1805,11 @@ int init_scan_table(struct maat *feather, const char *conffile)
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_TUNNEL_ID].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SESSION_FLAGS].name, MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_HTTP_HOST_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST_CAT");
MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SSL_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI_CAT");
MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_QUIC_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI_CAT");
MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_CAT", g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_DTLS_SNI_CAT].name, MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI_CAT");
for(int i=0; i<MAAT_SCAN_MAX; i++)
{
g_tsg_maat_rt_para.scan_tb[i].id=maat_get_table_id(feather, g_tsg_maat_rt_para.scan_tb[i].name);
@@ -3089,7 +3094,7 @@ size_t tsg_select_rules_by_service_id(struct maat_rule *matched_rules, size_t n_
return offset;
}
int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
int tsg_domain_table_idx_get(enum TSG_PROTOCOL proto)
{
switch(proto)
{
@@ -3108,6 +3113,25 @@ int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
return -1;
}
int tsg_fqdn_category_table_idx_get(enum TSG_PROTOCOL proto)
{
switch(proto)
{
case PROTO_HTTP:
return MAAT_SCAN_HTTP_HOST_CAT;
case PROTO_SSL:
return MAAT_SCAN_SSL_SNI_CAT;
case PROTO_QUIC:
return MAAT_SCAN_QUIC_SNI_CAT;
case PROTO_DTLS:
return MAAT_SCAN_DTLS_SNI_CAT;
default:
break;
}
return -1;
}
int tsg_http_url_table_idx_get(void)
{
return MAAT_SCAN_HTTP_URL;

7
src/tsg_rule_internal.h
View File

@@ -88,6 +88,10 @@ enum MAAT_SCAN_TB
MAAT_SCAN_DTLS_SNI,
MAAT_SCAN_TUNNEL_ID,
MAAT_SCAN_SESSION_FLAGS,
MAAT_SCAN_HTTP_HOST_CAT,
MAAT_SCAN_SSL_SNI_CAT,
MAAT_SCAN_QUIC_SNI_CAT,
MAAT_SCAN_DTLS_SNI_CAT,
MAAT_SCAN_MAX
};
@@ -148,7 +152,8 @@ char *tsg_data_center_get(void);
char *tsg_device_tag_get(void);
int tsg_location_type_get(void);
int tsg_session_record_switch_get(void);
int tsg_table_idx_get_by_protocol(enum TSG_PROTOCOL proto);
int tsg_domain_table_idx_get(enum TSG_PROTOCOL proto);
int tsg_fqdn_category_table_idx_get(enum TSG_PROTOCOL proto);
int tsg_http_url_table_idx_get(void);
long long tsg_default_compile_id_get(void);

53
test/src/gtest_tableinfo.cpp
View File

@@ -72,15 +72,12 @@ TEST(TSG_Table, http_host)
TEST(TSG_Table, TSG_FIELD_HTTP_HOST_CAT)
{
const struct streaminfo a_stream = {0};
long long integer = 1003;
unsigned int integer = 1003;
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
size_t n_matched_rules = 0;
long long matched_rules[MAX_RESULT_NUM];
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_HTTP_HOST_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
EXPECT_EQ(n_matched_rules, 1);
EXPECT_EQ(matched_rules[0], 6);
struct maat_rule matched_rules[MAX_RESULT_NUM];
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_HTTP_HOST_CAT, mid, matched_rules, MAX_RESULT_NUM));
EXPECT_EQ(matched_rules[0].rule_id, 6);
maat_state_free(mid);
mid = NULL;
}
@@ -239,15 +236,12 @@ TEST(TSG_Table, ssl_handshake_extensions_server_name)
TEST(TSG_Table, TSG_FIELD_SSL_SNI_CAT)
{
const struct streaminfo a_stream = {0};
long long integer = 1002;
unsigned int integer = 1002;
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
size_t n_matched_rules = 0;
long long matched_rules[MAX_RESULT_NUM];
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_SSL_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
EXPECT_EQ(n_matched_rules, 1);
EXPECT_EQ(matched_rules[0], 13);
struct maat_rule matched_rules[MAX_RESULT_NUM];
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_SSL_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
EXPECT_EQ(matched_rules[0].rule_id, 13);
maat_state_free(mid);
mid = NULL;
}
@@ -392,12 +386,9 @@ TEST(TSG_Table, TSG_FIELD_QUIC_SNI)
size_t s_data_len = strlen(s_data);
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
size_t n_matched_rules = 0;
long long matched_rules[MAX_RESULT_NUM];
int is_hited = maat_scan_string(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_QUIC_SNI"), s_data, s_data_len, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
EXPECT_EQ(n_matched_rules, 1);
EXPECT_EQ(matched_rules[0], 20);
struct maat_rule matched_rules[MAX_RESULT_NUM];
EXPECT_EQ(1, tsg_scan_string(&a_stream, g_tsg_maat_feather, s_data, s_data_len, MAAT_SCAN_QUIC_SNI, mid, matched_rules, MAX_RESULT_NUM));
EXPECT_EQ(matched_rules[0].rule_id, 20);
maat_state_free(mid);
mid = NULL;
}
@@ -422,15 +413,12 @@ TEST(TSG_Table, quic_sni)
TEST(TSG_Table, TSG_FIELD_QUIC_SNI_CAT)
{
const struct streaminfo a_stream = {0};
long long integer = 1011;
unsigned int integer = 1011;
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
size_t n_matched_rules = 0;
long long matched_rules[MAX_RESULT_NUM];
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_QUIC_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
EXPECT_EQ(n_matched_rules, 1);
EXPECT_EQ(matched_rules[0], 21);
struct maat_rule matched_rules[MAX_RESULT_NUM];
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_QUIC_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
EXPECT_EQ(matched_rules[0].rule_id, 21);
maat_state_free(mid);
mid = NULL;
}
@@ -927,15 +915,12 @@ TEST(TSG_Table, TSG_FIELD_DTLS_SNI)
TEST(TSG_Table, TSG_FIELD_DTLS_SNI_CAT)
{
const struct streaminfo a_stream = {0};
long long integer = 1007;
unsigned int integer = 1007;
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
size_t n_matched_rules = 0;
long long matched_rules[MAX_RESULT_NUM];
int is_hited = maat_scan_integer(g_tsg_maat_feather, maat_get_table_id(g_tsg_maat_feather, "TSG_FIELD_DTLS_SNI_CAT"), integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, mid);
EXPECT_EQ(is_hited, MAAT_SCAN_HIT);
EXPECT_EQ(n_matched_rules, 1);
EXPECT_EQ(matched_rules[0], 49);
struct maat_rule matched_rules[MAX_RESULT_NUM];
EXPECT_EQ(1, tsg_scan_fqdn_category_id(&a_stream, g_tsg_maat_feather, &integer, 1, MAAT_SCAN_DTLS_SNI_CAT, mid, matched_rules, MAX_RESULT_NUM));
EXPECT_EQ(matched_rules[0].rule_id, 49);
maat_state_free(mid);
mid = NULL;
}