gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

调整扫描的属地表名称,同时调整table_info,IP归属地表不能使用composition聚合表

Browse Source 
支持扫描quic协议,增加相关代码
调整发送IP归属地字段的位置,保证拦截日志能正常填充IP归属地字段
This commit is contained in:
liuxueli
2020-05-29 14:40:15 +08:00
parent 0ebd134553
commit fdd6c8ab2b
6 changed files with 151 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
bin/tsg_maat.json
View File

@@ -1,11 +1,11 @@
{
"compile_table": "TSG_SECURITY_COMPILE",
"group_table": "POLICY_OBJECT",
"group_table": "GROUP_COMPILE_RELATION",
"rules": [
{
"compile_id": 1,
"service": 0,
"action": 16,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
@@ -13,18 +13,18 @@
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"group_name": "IP_ADDR_1",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"src_ip": "61.135.169.125",
"src_ip": "192.168.100.5",
"mask_src_ip": "255.255.255.255",
"src_port": "80",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "192.168.41.228",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
@@ -33,11 +33,73 @@
}
}
]
},
{
"group_name": "IP_ADDR_2",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.50.37",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 6,
"direction": "double"
}
}
]
},
{
"group_name": "ASN",
"regions": [
{
"table_name": "TSG_OBJ_AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "101",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
},
{
"table_name": "TSG_OBJ_AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "102",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "LOCATION",
"regions": [
{
"table_name": "TSG_OBJ_GEO_LOCATION",
"table_type": "expr",
"table_content": {
"keywords": "China",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 2,
"compile_id": 5,
"service": 0,
"action": 128,
"do_blacklist": 0,
@@ -47,38 +109,42 @@
"is_valid": "yes",
"groups": [
{
"group_name": "FQDN_SNI",
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 3,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "Virtual",
"is_valid": "yes",
"groups": [
"group_name":"IP_ADDR_1",
"virtual_table":"TSG_SECURITY_SOURCE_ADDR",
"not_flag":0
},
{
"group_name":"FQDN_SNI",
"virtual_table":"TSG_FIELD_SSL_SNI",
"not_flag" : 0
"group_name":"IP_ADDR_2",
"virtual_table":"TSG_SECURITY_DESTINATION_ADDR",
"not_flag":0
},
{
"group_name":"ASN",
"virtual_table":"TSG_SECURITY_SOURCE_ASN",
"not_flag":0
},
{
"group_name":"LOCATION",
"virtual_table":"TSG_SECURITY_DESTINATION_LOCATION",
"not_flag":0
}
]
]
}
],
"plugin_table": [
{
"table_name": "TSG_IP_ASN_USER_DEFINED",
"table_content": [
"101\t4\t192.168.50.1\t192.168.50.255\t101\tmesa\t1",
"102\t4\t192.168.100.1\t192.168.100.255\t102\tgeedge\t1"
]
},
{
"table_name": "TSG_IP_LOCATION_USER_DEFINED",
"table_content": [
"201\t20100\t4\t192.168.50.1\t192.168.50.255\t11.12\t11.12\t0\ten\tAS\tAsia\tCN\tChina\tBJ\tBeijing\tBeijing\tAsia/Singapore\t1",
"202\t20200\t4\t192.168.100.1\t192.168.100.255\t11.12\t11.12\t0\ten\tAS\tAsia\tCN\tChina\tSH\tShanghai\tShanghai\tAsia/Singapore\t1"
]
}
]
}

16
bin/tsg_static_tableinfo.conf
View File

@@ -49,12 +49,10 @@
37 TSG_IP_ASN_USER_DEFINED ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7}
38 TSG_IP_LOCATION_BUILT_IN ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":18}
39 TSG_IP_LOCATION_USER_DEFINED ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":18}
40 TSG_OBJ_IP_ASN expr UTF8 UTF8/GBK yes 0
41 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_IP_ASN --
42 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_IP_ASN --
43 TSG_SECURITY_ASN composition {"source":"TSG_SECURITY_SOURCE_ASN","destination":"TSG_SECURITY_DESTINATION_ASN"}
44 TSG_OBJ_IP_LOCATION expr UTF8 UTF8/GBK yes 0
45 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_IP_LOCATION --
46 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_IP_LOCATION --
47 TSG_SECURITY_LOCATION composition {"source":"TSG_SECURITY_SOURCE_LOCATION","destination":"TSG_SECURITY_DESTINATION_LOCATION"}
48 TSG_FIELD_QUIC_SNI virtual TSG_OBJ_FQDN --
40 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0
41 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER --
42 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER --
43 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0
44 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION --
45 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION --
46 TSG_FIELD_QUIC_SNI virtual TSG_OBJ_FQDN --