gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持Decryption Exclusion

Browse Source 
适配策略优先级排序接口
This commit is contained in:
liuxueli
2020-04-16 17:12:30 +08:00
parent 64f487d084
commit dcd936caaf
3 changed files with 48 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/tsg_entry.cpp
View File

@@ -291,15 +291,54 @@ static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_re
return 1; return 1;
} }
static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num, char *domain, int domain_len, int thread_seq)
{ {
int i=0; int i=0,ret=0;
Maat_rule_t *p_result=NULL; Maat_rule_t *p_result=NULL;
Maat_rule_t q_result;
scan_status_t mid=NULL;
if(result==NULL || result_num<=0) if(result==NULL || result_num<=0)
{ {
return NULL; return NULL;
} }
ret=Maat_rule_sort_by_evaluation_order(g_tsg_maat_feather, result, result_num);
if(ret!=result_num)
{
return NULL;
}
p_result=&result[0];
if(p_result->action==TSG_ACTION_INTERCEPT && domain!=NULL && domain_len>0)
{
ret=Maat_full_scan_string(g_tsg_maat_feather,
g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI],
CHARSET_UTF8,
domain,
domain_len,
&q_result,
NULL,
1,
&mid,
thread_seq);
if(ret>0)
{
p_result=NULL;
for(i=1; i<result_num; i++)
{
if(p_result->action==TSG_ACTION_INTERCEPT)
{
continue;
}
p_result=&result[i];
}
}
}
return p_result;
p_result=&result[0]; p_result=&result[0];
for(i=1; i<result_num; i++) for(i=1; i<result_num; i++)
@@ -467,7 +506,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
if(ret>0) if(ret>0)
{ {
hit_num+=ret; hit_num+=ret;
q_result=tsg_policy_decision_criteria(all_result, hit_num); q_result=tsg_policy_decision_criteria(all_result, hit_num, identify_info.domain, identify_info.domain_len, thread_seq);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
} }
@@ -510,7 +549,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
mid=NULL; mid=NULL;
} }
p_result=tsg_policy_decision_criteria(all_result, hit_num); p_result=tsg_policy_decision_criteria(all_result, hit_num, identify_info.domain, identify_info.domain_len, thread_seq);
if(p_result!=NULL) if(p_result!=NULL)
{ {
@@ -651,7 +690,7 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t
Maat_clean_status(&mid); Maat_clean_status(&mid);
mid=NULL; mid=NULL;
} }
p_result=tsg_policy_decision_criteria(result, ret); p_result=tsg_policy_decision_criteria(result, ret, identify_info.domain, identify_info.domain_len, thread_seq);
if(p_result!=NULL) if(p_result!=NULL)
{ {
switch((unsigned char)p_result->action) switch((unsigned char)p_result->action)

1
src/tsg_entry.h
View File

@@ -16,6 +16,7 @@ enum MASTER_TABLE{
TABLE_APP_ID, TABLE_APP_ID,
TABLE_HTTP_HOST, TABLE_HTTP_HOST,
TABLE_SSL_SNI, TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_MAX TABLE_MAX
}; };

3
src/tsg_rule.cpp
View File

@@ -216,11 +216,12 @@ int tsg_rule_init(const char* conffile, void *logger)
char cb_subscriber_ip_table[32]={0}; char cb_subscriber_ip_table[32]={0};
MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf"); MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf");
MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_OBJ_IP_ADDR"); MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR");
MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID"); MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST"); MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST");
MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI"); MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI");
//init dynamic maat feather //init dynamic maat feather
g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger); g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger);