2019-10-22 15:13:14 +08:00
|
|
|
/*************************************************************************
|
|
|
|
|
> File Name: verify_policy.h
|
2020-01-09 14:32:00 +08:00
|
|
|
> Author:
|
|
|
|
|
> Mail:
|
2019-10-22 15:13:14 +08:00
|
|
|
> Created Time: 2019年08月23日 星期五 18时06分03秒
|
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
|
|
#ifndef _VERIFY_POLICY_H
|
|
|
|
|
#define _VERIFY_POLICY_H
|
|
|
|
|
|
|
|
|
|
#include <event2/event.h>
|
2024-07-02 10:16:29 +08:00
|
|
|
#include <log.h>
|
2019-10-22 15:13:14 +08:00
|
|
|
#include "verify_policy_utils.h"
|
|
|
|
|
|
2020-09-25 14:56:36 +08:00
|
|
|
struct breakpad_instance;
|
|
|
|
|
|
2023-03-30 19:50:00 +08:00
|
|
|
#define VSYS_ID_MAX 255
|
2022-10-10 15:31:41 +08:00
|
|
|
|
2023-05-11 11:50:34 +08:00
|
|
|
enum verify_type
|
|
|
|
|
{
|
|
|
|
|
VERIFY_TYPE_POLICY,
|
|
|
|
|
VERIFY_TYPE_REGEX
|
|
|
|
|
};
|
|
|
|
|
|
2023-03-30 19:50:00 +08:00
|
|
|
enum compile_table_typle
|
2020-01-17 10:59:34 +08:00
|
|
|
{
|
2023-01-31 17:43:12 +08:00
|
|
|
TSG_TABLE_SECURITY,
|
2020-01-17 10:59:34 +08:00
|
|
|
PXY_TABLE_MANIPULATION,
|
2023-01-31 17:43:12 +08:00
|
|
|
TSG_TRAFFIC_SHAPING,
|
2023-03-14 10:36:03 +08:00
|
|
|
TSG_SERVICE_CHAINGNG,
|
2023-05-09 14:26:43 +08:00
|
|
|
PXY_TABLE_INTERCEPT,
|
2023-07-24 18:41:01 +08:00
|
|
|
TSG_STATISTICS,
|
2023-11-24 17:59:26 +08:00
|
|
|
TSG_MONITOR,
|
2024-04-02 17:49:53 +08:00
|
|
|
DOS_PROTECTION,
|
2024-04-07 17:55:59 +08:00
|
|
|
TSG_TUNNEL,
|
2023-03-30 19:50:00 +08:00
|
|
|
PXY_TABLE_DEFENCE,
|
2020-01-17 10:59:34 +08:00
|
|
|
__SCAN_POLICY_MAX
|
|
|
|
|
};
|
|
|
|
|
|
2023-05-09 14:26:43 +08:00
|
|
|
enum tsg_obj_table
|
2021-01-28 18:42:19 +08:00
|
|
|
{
|
2023-05-09 14:26:43 +08:00
|
|
|
TSG_OBJ_SOURCE_ADDR,
|
|
|
|
|
TSG_OBJ_DESTINATION_ADDR,
|
|
|
|
|
TSG_OBJ_SUBSCRIBE_ID,
|
|
|
|
|
TSG_OBJ_APP_ID,
|
|
|
|
|
TSG_OBJ_HTTP_URL,
|
|
|
|
|
TSG_OBJ_HTTP_REQ_HDR,
|
|
|
|
|
TSG_OBJ_HTTP_REQ_BODY,
|
|
|
|
|
TSG_OBJ_HTTP_RES_HDR,
|
|
|
|
|
TSG_OBJ_HTTP_RES_BODY,
|
|
|
|
|
TSG_OBJ_SSL_CN,
|
|
|
|
|
TSG_OBJ_SSL_CN_CAT,
|
|
|
|
|
TSG_OBJ_SSL_SAN,
|
|
|
|
|
TSG_OBJ_SSL_SAN_CAT,
|
|
|
|
|
TSG_OBJ_DOH_QNAME,
|
|
|
|
|
TSG_OBJ_DNS_QNAME,
|
|
|
|
|
TSG_OBJ_MAIL_ACCOUNT,
|
|
|
|
|
TSG_OBJ_MAIL_FROM,
|
|
|
|
|
TSG_OBJ_MAIL_TO,
|
|
|
|
|
TSG_OBJ_MAIL_SUBJECT,
|
|
|
|
|
TSG_OBJ_MAIL_CONTENT,
|
|
|
|
|
TSG_OBJ_MAIL_ATT_NAME,
|
|
|
|
|
TSG_OBJ_MAIL_ATT_CONTENT,
|
|
|
|
|
TSG_OBJ_FTP_URI,
|
|
|
|
|
TSG_OBJ_FTP_CONTENT,
|
|
|
|
|
TSG_OBJ_FTP_ACCOUNT,
|
|
|
|
|
TSG_OBJ_SIP_FROM,
|
|
|
|
|
TSG_OBJ_SIP_TO,
|
|
|
|
|
TSG_OBJ_IMSI,
|
|
|
|
|
TSG_OBJ_PHONE_NUMBER,
|
|
|
|
|
TSG_OBJ_APN,
|
|
|
|
|
TSG_OBJ_TUNNEL,
|
|
|
|
|
TSG_OBJ_FLAG,
|
2023-10-31 14:21:20 +08:00
|
|
|
TSG_OBJ_GTP_IMEI,
|
2023-05-09 14:26:43 +08:00
|
|
|
TSG_OBJ_IP_SRC_ASN,
|
|
|
|
|
TSG_OBJ_IP_DST_ASN,
|
2024-04-02 17:49:53 +08:00
|
|
|
TSG_OBJ_IP_SRC_GEO_COUNTRY,
|
|
|
|
|
TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA,
|
|
|
|
|
TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA,
|
|
|
|
|
TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA,
|
|
|
|
|
TSG_OBJ_IP_DST_GEO_COUNTRY,
|
|
|
|
|
TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA,
|
|
|
|
|
TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA,
|
|
|
|
|
TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA,
|
2023-12-08 18:34:17 +08:00
|
|
|
TSG_OBJ_DST_SERVER_FQDN,
|
|
|
|
|
TSG_OBJ_DST_SERVER_FQDN_CAT,
|
2023-12-12 16:59:04 +08:00
|
|
|
TSG_OBJ_INTERNAL_ADDR,
|
|
|
|
|
TSG_OBJ_EXTERNAL_ADDR,
|
2024-01-31 15:25:30 +08:00
|
|
|
TSG_OBJ_SOURCE_PORT,
|
|
|
|
|
TSG_OBJ_DESTINATION_PORT,
|
|
|
|
|
TSG_OBJ_INTERNAL_PORT,
|
|
|
|
|
TSG_OBJ_EXTERNAL_PORT,
|
|
|
|
|
TSG_OBJ_IP_PROTOCOL,
|
|
|
|
|
TSG_OBJ_SSL_ECH,
|
|
|
|
|
TSG_OBJ_SSL_ESNI,
|
|
|
|
|
TSG_OBJ_SSL_NO_SNI,
|
|
|
|
|
TSG_OBJ_TUNNEL_LEVEL,
|
2024-03-01 15:36:17 +08:00
|
|
|
TSG_OBJ_INTERNAL_ASN,
|
|
|
|
|
TSG_OBJ_EXTERNAL_ASN,
|
2024-04-07 17:55:59 +08:00
|
|
|
TSG_OBJ_TUNNEL_GTP_ENDPOINT,
|
|
|
|
|
TSG_OBJ_TUNNEL_GRE_ENDPOINT,
|
|
|
|
|
TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT,
|
2023-05-09 14:26:43 +08:00
|
|
|
__TSG_OBJ_MAX
|
2020-01-17 10:59:34 +08:00
|
|
|
};
|
|
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
struct verify_policy_thread
|
2019-10-22 15:13:14 +08:00
|
|
|
{
|
|
|
|
|
int id;
|
2020-01-09 14:32:00 +08:00
|
|
|
pthread_t pid;
|
2019-10-22 15:13:14 +08:00
|
|
|
evutil_socket_t accept_fd;
|
2020-01-09 14:32:00 +08:00
|
|
|
pthread_attr_t *attr;
|
2019-10-22 15:13:14 +08:00
|
|
|
struct evhttp *http;
|
|
|
|
|
struct event_base *base;
|
2020-01-09 14:32:00 +08:00
|
|
|
void * (*routine)(void *);
|
2019-10-22 15:13:14 +08:00
|
|
|
};
|
|
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
struct verify_policy
|
2020-01-09 14:32:00 +08:00
|
|
|
{
|
|
|
|
|
char name[VERIFY_SYMBOL_MAX];
|
2024-07-02 10:16:29 +08:00
|
|
|
struct log_handle *logger;
|
2019-10-22 15:13:14 +08:00
|
|
|
unsigned int log_level;
|
|
|
|
|
unsigned int nr_work_threads;
|
2020-01-09 14:32:00 +08:00
|
|
|
unsigned int listen_port;
|
2020-09-25 14:56:36 +08:00
|
|
|
struct breakpad_instance * breakpad;
|
2020-06-24 16:36:16 +08:00
|
|
|
struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX];
|
2019-10-22 15:13:14 +08:00
|
|
|
};
|
|
|
|
|
|
2023-11-23 11:17:11 +08:00
|
|
|
struct fqdn_category_id
|
|
|
|
|
{
|
|
|
|
|
int fqdn_cat_num;
|
|
|
|
|
long long int group_id[8];
|
|
|
|
|
};
|
|
|
|
|
|
2023-12-21 16:06:45 +08:00
|
|
|
#define MERGE_SCAN_NTH 128
|
|
|
|
|
|
2023-03-30 19:50:00 +08:00
|
|
|
struct request_query_obj
|
2020-02-18 17:54:15 +08:00
|
|
|
{
|
2023-03-30 19:50:00 +08:00
|
|
|
int table_id;
|
2022-12-28 14:36:53 +08:00
|
|
|
int numeric;
|
2024-01-31 15:25:30 +08:00
|
|
|
char *string;
|
2021-04-19 16:35:36 +08:00
|
|
|
char *district;
|
2020-02-18 17:54:15 +08:00
|
|
|
char *attri_name;
|
|
|
|
|
struct ipaddr *ip_addr;
|
|
|
|
|
char *subscriberid;
|
2024-04-07 17:55:59 +08:00
|
|
|
char *tunnel_type;
|
2023-12-21 16:06:45 +08:00
|
|
|
int merge_nth_scan_num;
|
|
|
|
|
int exclude_nth_scan[MERGE_SCAN_NTH];
|
|
|
|
|
int merge_nth_scan[MERGE_SCAN_NTH];
|
|
|
|
|
cJSON* attributes;
|
2023-11-23 11:17:11 +08:00
|
|
|
struct fqdn_category_id fqdn_user;
|
|
|
|
|
struct fqdn_category_id fqdn_builtin;
|
2020-02-18 17:54:15 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct verify_policy_query
|
|
|
|
|
{
|
2022-10-10 15:31:41 +08:00
|
|
|
int vsys_id;
|
2023-05-09 14:26:43 +08:00
|
|
|
int compile_table_id;
|
2023-12-21 16:06:45 +08:00
|
|
|
struct request_query_obj request_object[32];
|
2020-02-18 17:54:15 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern struct verify_policy * g_verify_proxy;
|
2019-10-22 15:13:14 +08:00
|
|
|
|
2023-05-09 14:26:43 +08:00
|
|
|
void *policy_scan_ctx_new(unsigned int thread_id, int vsys_id, int compile_table_id);
|
2023-05-11 11:50:34 +08:00
|
|
|
void policy_scan_ctx_free(void * pme);
|
2023-05-22 15:34:21 +08:00
|
|
|
size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_query_obj *query_obj, void *pme);
|
2023-03-30 19:50:00 +08:00
|
|
|
void http_get_scan_status(struct request_query_obj *query_obj, int type, cJSON *attributes, cJSON *data_obj, void *pme);
|
2023-05-09 14:26:43 +08:00
|
|
|
int maat_table_init(struct verify_policy * verify, const char* profile_path);
|
2023-06-28 16:07:27 +08:00
|
|
|
int http_hit_policy_list(struct verify_policy_query *verify_policy, int num, size_t hit_cnt, cJSON *data_obj, void *pme);
|
2022-09-26 16:13:24 +08:00
|
|
|
void verify_policy_tunnle_add(void * pme);
|
2023-05-11 11:50:34 +08:00
|
|
|
int policy_verify_regex_expression(const char *expression);
|
2024-01-31 15:25:30 +08:00
|
|
|
void verify_reload_loglevel();
|
2022-09-26 16:13:24 +08:00
|
|
|
|
2019-10-22 15:13:14 +08:00
|
|
|
#endif
|
