tango-verify-policy/common/include/verify_policy.h

/*************************************************************************
	> File Name: verify_policy.h
	> Author:
	> Mail:
	> Created Time: 2019年08月23日 星期五 18时06分03秒
 ************************************************************************/

#ifndef _VERIFY_POLICY_H
#define _VERIFY_POLICY_H

#include <event2/event.h>
#include "verify_policy_utils.h"

struct breakpad_instance;

#define VSYS_ID_MAX 255

enum verify_type
{
    VERIFY_TYPE_POLICY,
    VERIFY_TYPE_REGEX
};

enum compile_table_typle
{
    TSG_TABLE_SECURITY,
    PXY_TABLE_MANIPULATION,
    TSG_TRAFFIC_SHAPING,
    TSG_SERVICE_CHAINGNG,
    PXY_TABLE_INTERCEPT,
    TSG_STATISTICS,
    TSG_MONITOR,
    PXY_TABLE_DEFENCE,
    __SCAN_POLICY_MAX
};

enum tsg_obj_table
{
    TSG_OBJ_SOURCE_ADDR,
    TSG_OBJ_DESTINATION_ADDR,
    TSG_OBJ_SUBSCRIBE_ID,
    TSG_OBJ_APP_ID,
	TSG_OBJ_HTTP_URL,
	TSG_OBJ_HTTP_HOST,
    TSG_OBJ_HTTP_HOST_CAT,
	TSG_OBJ_HTTP_REQ_HDR,
	TSG_OBJ_HTTP_REQ_BODY,
	TSG_OBJ_HTTP_RES_HDR,
	TSG_OBJ_HTTP_RES_BODY,
    TSG_OBJ_SSL_SNI,
    TSG_OBJ_SSL_SNI_CAT,
    TSG_OBJ_SSL_CN,
    TSG_OBJ_SSL_CN_CAT,
    TSG_OBJ_SSL_SAN,
    TSG_OBJ_SSL_SAN_CAT,
    TSG_OBJ_DOH_QNAME,
    TSG_OBJ_DOH_HOST,
    TSG_OBJ_DOH_HOST_CAT,
    TSG_OBJ_DNS_QNAME,
    TSG_OBJ_QUIC_SNI,
    TSG_OBJ_QUIC_SNI_CAT,
    TSG_OBJ_MAIL_ACCOUNT,
    TSG_OBJ_MAIL_FROM,
    TSG_OBJ_MAIL_TO,
    TSG_OBJ_MAIL_SUBJECT,
    TSG_OBJ_MAIL_CONTENT,
    TSG_OBJ_MAIL_ATT_NAME,
    TSG_OBJ_MAIL_ATT_CONTENT,
    TSG_OBJ_FTP_URI,
    TSG_OBJ_FTP_CONTENT,
    TSG_OBJ_FTP_ACCOUNT,
    TSG_OBJ_SIP_FROM,
    TSG_OBJ_SIP_TO,
    TSG_OBJ_IMSI,
    TSG_OBJ_PHONE_NUMBER,
    TSG_OBJ_APN,
    TSG_OBJ_TUNNEL,
    TSG_OBJ_FLAG,
    TSG_OBJ_GTP_IMEI,
    TSG_OBJ_IP_SRC_ASN,
	TSG_OBJ_IP_DST_ASN,
	TSG_OBJ_IP_SRC_LOCATION,
	TSG_OBJ_IP_DST_LOCATION,
    __TSG_OBJ_MAX
};

struct verify_policy_thread
{
	int  id;
	pthread_t pid;
	evutil_socket_t accept_fd;
	pthread_attr_t *attr;
	struct evhttp *http;
	struct event_base *base;
	void * (*routine)(void *);
};

struct verify_policy
{
	char name[VERIFY_SYMBOL_MAX];
	void * logger;
	unsigned int log_level;
	unsigned int nr_work_threads;
	unsigned int listen_port;
    struct breakpad_instance * breakpad;
	struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX];
};

struct fqdn_category_id
{
    int fqdn_cat_num;
    long long int group_id[8];
    unsigned int fqdn_cat_id[8];
};

struct request_query_obj
{
	int table_id;

    int numeric;
	char *keyword;
    char *district;
	char *attri_name;

    int protocol;
	struct ipaddr *ip_addr;
    struct ipaddr *endpoint;

	char *subscriberid;

    int nth_scan[256];
    int nth_scan_num;
    cJSON* attributes;

    struct fqdn_category_id fqdn_user;
    struct fqdn_category_id fqdn_builtin;
};

struct verify_policy_query
{
    int vsys_id;
	int compile_table_id;
	struct request_query_obj verify_object[32];
};

extern struct verify_policy * g_verify_proxy;

void *policy_scan_ctx_new(unsigned int thread_id, int vsys_id, int compile_table_id);
void policy_scan_ctx_free(void * pme);
size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_query_obj *query_obj, void *pme);
void http_get_scan_status(struct request_query_obj *query_obj, int type, cJSON *attributes, cJSON  *data_obj, void *pme);
int maat_table_init(struct verify_policy * verify, const char* profile_path);
int http_hit_policy_list(struct verify_policy_query *verify_policy, int num, size_t hit_cnt, cJSON *data_obj, void *pme);
void http_res_hdr_num(void *pem);
void http_req_hdr_num(void *pem);
void verify_policy_tunnle_add(void * pme);
int policy_verify_regex_expression(const char *expression);

#endif
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`/*************************************************************************`
			`> File Name: verify_policy.h`
策略验证配置文件、rpm包修改 1. 支持虚拟表配置修改 2. 支持tar、rpm打包 3. 修改table_info配置 2020-01-09 14:32:00 +08:00			`> Author:`
			`> Mail:`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`> Created Time: 2019年08月23日星期五 18时06分03秒`
			`************************************************************************/`

			`#ifndef _VERIFY_POLICY_H`
			`#define _VERIFY_POLICY_H`

			`#include <event2/event.h>`
			`#include "verify_policy_utils.h"`

策略验证支持minidump 2020-09-25 14:56:36 +08:00			`struct breakpad_instance;`

TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`#define VSYS_ID_MAX 255`
TSG-11997 策略验证支持按Traffic Vsys验证流量 2022-10-10 15:31:41 +08:00
TSG-14952 策略验证支持正则表达式验证功能 2023-05-11 11:50:34 +08:00			`enum verify_type`
			`{`
			`VERIFY_TYPE_POLICY,`
			`VERIFY_TYPE_REGEX`
			`};`

TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`enum compile_table_typle`
*初始化两个maat能命中版本 2020-01-17 10:59:34 +08:00			`{`
TSG-13214 策略验证支持验证Shaping Policy 2023-01-31 17:43:12 +08:00			`TSG_TABLE_SECURITY,`
*初始化两个maat能命中版本 2020-01-17 10:59:34 +08:00			`PXY_TABLE_MANIPULATION,`
TSG-13214 策略验证支持验证Shaping Policy 2023-01-31 17:43:12 +08:00			`TSG_TRAFFIC_SHAPING,`
TSG-14186 策略验证支持Service Chaining 2023-03-14 10:36:03 +08:00			`TSG_SERVICE_CHAINGNG,`
TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`PXY_TABLE_INTERCEPT,`
TSG-16235 策略验证支持统计策略 2023-07-24 18:41:01 +08:00			`TSG_STATISTICS,`
TSG-17798 PolicyVerify适配新增的Monitor Policy编译表 2023-11-24 17:59:26 +08:00			`TSG_MONITOR,`
TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`PXY_TABLE_DEFENCE,`
*初始化两个maat能命中版本 2020-01-17 10:59:34 +08:00			`__SCAN_POLICY_MAX`
			`};`

TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`enum tsg_obj_table`
策略验证支持wannat 2021-01-28 18:42:19 +08:00			`{`
TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`TSG_OBJ_SOURCE_ADDR,`
			`TSG_OBJ_DESTINATION_ADDR,`
			`TSG_OBJ_SUBSCRIBE_ID,`
			`TSG_OBJ_APP_ID,`
			`TSG_OBJ_HTTP_URL,`
			`TSG_OBJ_HTTP_HOST,`
			`TSG_OBJ_HTTP_HOST_CAT,`
			`TSG_OBJ_HTTP_REQ_HDR,`
			`TSG_OBJ_HTTP_REQ_BODY,`
			`TSG_OBJ_HTTP_RES_HDR,`
			`TSG_OBJ_HTTP_RES_BODY,`
			`TSG_OBJ_SSL_SNI,`
			`TSG_OBJ_SSL_SNI_CAT,`
			`TSG_OBJ_SSL_CN,`
			`TSG_OBJ_SSL_CN_CAT,`
			`TSG_OBJ_SSL_SAN,`
			`TSG_OBJ_SSL_SAN_CAT,`
			`TSG_OBJ_DOH_QNAME,`
			`TSG_OBJ_DOH_HOST,`
			`TSG_OBJ_DOH_HOST_CAT,`
			`TSG_OBJ_DNS_QNAME,`
			`TSG_OBJ_QUIC_SNI,`
			`TSG_OBJ_QUIC_SNI_CAT,`
			`TSG_OBJ_MAIL_ACCOUNT,`
			`TSG_OBJ_MAIL_FROM,`
			`TSG_OBJ_MAIL_TO,`
			`TSG_OBJ_MAIL_SUBJECT,`
			`TSG_OBJ_MAIL_CONTENT,`
			`TSG_OBJ_MAIL_ATT_NAME,`
			`TSG_OBJ_MAIL_ATT_CONTENT,`
			`TSG_OBJ_FTP_URI,`
			`TSG_OBJ_FTP_CONTENT,`
			`TSG_OBJ_FTP_ACCOUNT,`
			`TSG_OBJ_SIP_FROM,`
			`TSG_OBJ_SIP_TO,`
			`TSG_OBJ_IMSI,`
			`TSG_OBJ_PHONE_NUMBER,`
			`TSG_OBJ_APN,`
			`TSG_OBJ_TUNNEL,`
			`TSG_OBJ_FLAG,`
TSG-17514 策略验证支持扫描IMEI 2023-10-31 14:21:20 +08:00			`TSG_OBJ_GTP_IMEI,`
TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`TSG_OBJ_IP_SRC_ASN,`
			`TSG_OBJ_IP_DST_ASN,`
			`TSG_OBJ_IP_SRC_LOCATION,`
			`TSG_OBJ_IP_DST_LOCATION,`
			`__TSG_OBJ_MAX`
*初始化两个maat能命中版本 2020-01-17 10:59:34 +08:00			`};`

TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`struct verify_policy_thread`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`{`
			`int id;`
策略验证配置文件、rpm包修改 1. 支持虚拟表配置修改 2. 支持tar、rpm打包 3. 修改table_info配置 2020-01-09 14:32:00 +08:00			`pthread_t pid;`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`evutil_socket_t accept_fd;`
策略验证配置文件、rpm包修改 1. 支持虚拟表配置修改 2. 支持tar、rpm打包 3. 修改table_info配置 2020-01-09 14:32:00 +08:00			`pthread_attr_t *attr;`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`struct evhttp *http;`
			`struct event_base *base;`
策略验证配置文件、rpm包修改 1. 支持虚拟表配置修改 2. 支持tar、rpm打包 3. 修改table_info配置 2020-01-09 14:32:00 +08:00			`void * (routine)(void );`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`};`

TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`struct verify_policy`
策略验证配置文件、rpm包修改 1. 支持虚拟表配置修改 2. 支持tar、rpm打包 3. 修改table_info配置 2020-01-09 14:32:00 +08:00			`{`
			`char name[VERIFY_SYMBOL_MAX];`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`void * logger;`
			`unsigned int log_level;`
			`unsigned int nr_work_threads;`
策略验证配置文件、rpm包修改 1. 支持虚拟表配置修改 2. 支持tar、rpm打包 3. 修改table_info配置 2020-01-09 14:32:00 +08:00			`unsigned int listen_port;`
策略验证支持minidump 2020-09-25 14:56:36 +08:00			`struct breakpad_instance * breakpad;`
支持IP归属地ASN验证 2020-06-24 16:36:16 +08:00			`struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX];`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`};`

TSG-17778 优化App ID、FQDN Category ID和Tunnel ID的处理逻辑，多次扫描支持非配置 2023-11-23 11:17:11 +08:00			`struct fqdn_category_id`
			`{`
			`int fqdn_cat_num;`
			`long long int group_id[8];`
			`unsigned int fqdn_cat_id[8];`
			`};`

TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`struct request_query_obj`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`{`
TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`int table_id;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00
TSG-13111 策略验证支持Flag Object 2022-12-28 14:36:53 +08:00			`int numeric;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`char *keyword;`
TSG-6016 修复请求应答头未解析district 2021-04-19 16:35:36 +08:00			`char *district;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`char *attri_name;`

TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`int protocol;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`struct ipaddr *ip_addr;`
TSG-11996 策略验证支持Tunnel Object 2022-09-22 16:06:33 +08:00			`struct ipaddr *endpoint;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00
			`char *subscriberid;`

TSG-11996 策略验证支持Tunnel Object,修复合并tunnel问题 2022-09-26 16:13:24 +08:00			`int nth_scan[256];`
TSG-3252 category返回信息修改 2020-10-16 09:56:39 +08:00			`int nth_scan_num;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`cJSON* attributes;`

TSG-17778 优化App ID、FQDN Category ID和Tunnel ID的处理逻辑，多次扫描支持非配置 2023-11-23 11:17:11 +08:00			`struct fqdn_category_id fqdn_user;`
			`struct fqdn_category_id fqdn_builtin;`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`};`

			`struct verify_policy_query`
			`{`
TSG-11997 策略验证支持按Traffic Vsys验证流量 2022-10-10 15:31:41 +08:00			`int vsys_id;`
TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`int compile_table_id;`
TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`struct request_query_obj verify_object[32];`
TSG-792 增加校验条件的命中路径信息 2020-02-18 17:54:15 +08:00			`};`

			`extern struct verify_policy * g_verify_proxy;`
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00
TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`void *policy_scan_ctx_new(unsigned int thread_id, int vsys_id, int compile_table_id);`
TSG-14952 策略验证支持正则表达式验证功能 2023-05-11 11:50:34 +08:00			`void policy_scan_ctx_free(void * pme);`
TSG-15190 Proxy-Intercept的策略当Filter选择Category时，策略验证无法命中 2023-05-22 15:34:21 +08:00			`size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_query_obj query_obj, void pme);`
TSG-13721 策略验证支持MAAT4 2023-03-30 19:50:00 +08:00			`void http_get_scan_status(struct request_query_obj query_obj, int type, cJSON attributes, cJSON data_obj, void pme);`
TSG-14954 verify-policy支持验证代理拦截策略 TSG-14955 verify-policy合并安全策略和代理策略maat句柄 2023-05-09 14:26:43 +08:00			`int maat_table_init(struct verify_policy * verify, const char* profile_path);`
TSG-15717 Policy Verify输出命中策略的Top Object，返回Superior Object 2023-06-28 16:07:27 +08:00			`int http_hit_policy_list(struct verify_policy_query verify_policy, int num, size_t hit_cnt, cJSON data_obj, void *pme);`
TSG-17778 优化App ID、FQDN Category ID和Tunnel ID的处理逻辑，多次扫描支持非配置 2023-11-23 11:17:11 +08:00			`void http_res_hdr_num(void *pem);`
			`void http_req_hdr_num(void *pem);`
TSG-11996 策略验证支持Tunnel Object,修复合并tunnel问题 2022-09-26 16:13:24 +08:00			`void verify_policy_tunnle_add(void * pme);`
TSG-14952 策略验证支持正则表达式验证功能 2023-05-11 11:50:34 +08:00			`int policy_verify_regex_expression(const char *expression);`
TSG-11996 策略验证支持Tunnel Object,修复合并tunnel问题 2022-09-26 16:13:24 +08:00
* 提交策略验证框架及实现 2019-10-22 15:13:14 +08:00			`#endif`