2019-10-22 15:13:14 +08:00
|
|
|
/*************************************************************************
|
|
|
|
|
> File Name: verify_policy.h
|
2020-01-09 14:32:00 +08:00
|
|
|
> Author:
|
|
|
|
|
> Mail:
|
2019-10-22 15:13:14 +08:00
|
|
|
> Created Time: 2019年08月23日 星期五 18时06分03秒
|
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
|
|
#ifndef _VERIFY_POLICY_H
|
|
|
|
|
#define _VERIFY_POLICY_H
|
|
|
|
|
|
|
|
|
|
#include <event2/event.h>
|
|
|
|
|
#include "verify_policy_utils.h"
|
|
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
enum verify_policy_type
|
2020-01-17 10:59:34 +08:00
|
|
|
{
|
|
|
|
|
PXY_TABLE_SECURITY,
|
|
|
|
|
PXY_TABLE_MANIPULATION,
|
|
|
|
|
PXY_TABLE_DEFENCE,
|
|
|
|
|
__SCAN_POLICY_MAX
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum manipulate_sacn_table
|
2019-10-22 15:13:14 +08:00
|
|
|
{
|
|
|
|
|
PXY_CTRL_IP,
|
|
|
|
|
PXY_CTRL_HTTP_URL,
|
|
|
|
|
PXY_CTRL_HTTP_FQDN,
|
|
|
|
|
PXY_CTRL_HTTP_REQ_HDR,
|
|
|
|
|
PXY_CTRL_HTTP_REQ_BODY,
|
|
|
|
|
PXY_CTRL_HTTP_RES_HDR,
|
|
|
|
|
PXY_CTRL_HTTP_RES_BODY,
|
|
|
|
|
PXY_CTRL_SUBSCRIBE_ID,
|
2020-04-01 14:29:24 +08:00
|
|
|
PXY_CTRL_APP_ID,
|
2019-10-22 15:13:14 +08:00
|
|
|
__SCAN_TABLE_MAX
|
|
|
|
|
};
|
|
|
|
|
|
2020-01-17 10:59:34 +08:00
|
|
|
enum security_scan_table
|
|
|
|
|
{
|
|
|
|
|
PXY_SECURITY_IP,
|
|
|
|
|
PXY_SECURITY_HTTP_URL,
|
|
|
|
|
PXY_SECURITY_HTTP_FQDN,
|
|
|
|
|
PXY_SECURITY_HTTP_REQ_HDR,
|
|
|
|
|
PXY_SECURITY_HTTP_REQ_BODY,
|
|
|
|
|
PXY_SECURITY_HTTP_RES_HDR,
|
|
|
|
|
PXY_SECURITY_HTTP_RES_BODY,
|
|
|
|
|
PXY_SECURITY_SUBSCRIBE_ID,
|
|
|
|
|
PXY_SECURITY_HTTPS_SNI,
|
|
|
|
|
PXY_SECURITY_HTTPS_CN,
|
|
|
|
|
PXY_SECURITY_HTTPS_SAN,
|
|
|
|
|
PXY_SECURITY_DNS_QNAME,
|
|
|
|
|
PXY_SECURITY_MAIL_ACCOUNT,
|
|
|
|
|
PXY_SECURITY_MAIL_FROM,
|
|
|
|
|
PXY_SECURITY_MAIL_TO,
|
|
|
|
|
PXY_SECURITY_MAIL_SUBJECT,
|
|
|
|
|
PXY_SECURITY_MAIL_CONTENT,
|
|
|
|
|
PXY_SECURITY_MAIL_ATT_NAME,
|
|
|
|
|
PXY_SECURITY_MAIL_ATT_CONTENT,
|
|
|
|
|
PXY_SECURITY_FTP_URI,
|
|
|
|
|
PXY_SECURITY_FTP_CONTENT,
|
|
|
|
|
PXY_SECURITY_FTP_ACCOUNT,
|
2020-03-18 15:40:21 +08:00
|
|
|
PXY_SECURITY_APP_ID,
|
2020-01-17 10:59:34 +08:00
|
|
|
__SECURITY_TABLE_MAX
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-22 15:13:14 +08:00
|
|
|
enum http_ev_bit_number
|
|
|
|
|
{
|
|
|
|
|
IP_BITNUM = 0,
|
|
|
|
|
URL_BITNUM,
|
|
|
|
|
FQDN_BITNUM,
|
|
|
|
|
REQ_HDR_BITNUM,
|
|
|
|
|
RESP_HDR_BITNUM,
|
|
|
|
|
CONTENT_BITNUM,
|
|
|
|
|
SUBSCRIBE_ID
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum tfe_http_event
|
|
|
|
|
{
|
|
|
|
|
EV_HTTP_IP = 1ULL << IP_BITNUM,
|
2020-01-09 14:32:00 +08:00
|
|
|
EV_HTTP_URL = 1ULL << URL_BITNUM,
|
2019-10-22 15:13:14 +08:00
|
|
|
EV_HTTP_FQDN = 1ULL << FQDN_BITNUM,
|
|
|
|
|
EV_HTTP_REQ_HDR = 1ULL << REQ_HDR_BITNUM,
|
|
|
|
|
EV_HTTP_RESP_HDR = 1ULL << RESP_HDR_BITNUM,
|
|
|
|
|
EV_HTTP_CONTENT = 1ULL << CONTENT_BITNUM,
|
|
|
|
|
EV_HTTP_SUBSCRIBE_ID = 1ULL << SUBSCRIBE_ID,
|
|
|
|
|
};
|
|
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
struct verify_policy_thread
|
2019-10-22 15:13:14 +08:00
|
|
|
{
|
|
|
|
|
int id;
|
2020-01-09 14:32:00 +08:00
|
|
|
pthread_t pid;
|
2019-10-22 15:13:14 +08:00
|
|
|
evutil_socket_t accept_fd;
|
2020-01-09 14:32:00 +08:00
|
|
|
pthread_attr_t *attr;
|
2019-10-22 15:13:14 +08:00
|
|
|
struct evhttp *http;
|
|
|
|
|
struct event_base *base;
|
2020-01-09 14:32:00 +08:00
|
|
|
void * (*routine)(void *);
|
2019-10-22 15:13:14 +08:00
|
|
|
};
|
|
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
struct verify_policy
|
2020-01-09 14:32:00 +08:00
|
|
|
{
|
|
|
|
|
char name[VERIFY_SYMBOL_MAX];
|
2019-10-22 15:13:14 +08:00
|
|
|
void * logger;
|
|
|
|
|
unsigned int log_level;
|
|
|
|
|
unsigned int nr_work_threads;
|
2020-01-09 14:32:00 +08:00
|
|
|
unsigned int listen_port;
|
2020-02-18 17:54:15 +08:00
|
|
|
struct verify_policy_thread *work_threads[TFE_THREAD_MAX];
|
2019-10-22 15:13:14 +08:00
|
|
|
};
|
|
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
struct verify_policy_query_obj
|
|
|
|
|
{
|
|
|
|
|
int protocol_field;
|
|
|
|
|
|
|
|
|
|
char *keyword;
|
|
|
|
|
char *attri_name;
|
|
|
|
|
|
|
|
|
|
struct ipaddr *ip_addr;
|
|
|
|
|
|
|
|
|
|
char *subscriberid;
|
|
|
|
|
|
|
|
|
|
int nth_scan;
|
|
|
|
|
cJSON* attributes;
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct verify_policy_query
|
|
|
|
|
{
|
|
|
|
|
enum verify_policy_type type;
|
2020-04-15 19:06:31 +08:00
|
|
|
struct verify_policy_query_obj verify_object[32];
|
2020-02-18 17:54:15 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern struct verify_policy * g_verify_proxy;
|
2019-10-22 15:13:14 +08:00
|
|
|
|
|
|
|
|
void * pangu_http_ctx_new(unsigned int thread_id);
|
|
|
|
|
|
2020-01-17 18:57:51 +08:00
|
|
|
void pangu_http_ctx_free(void * pme);
|
2020-01-17 10:59:34 +08:00
|
|
|
|
2020-06-22 15:15:52 +08:00
|
|
|
size_t http_policy_scan(enum verify_policy_type policy_type, struct verify_policy_query_obj *query_obj, cJSON *data_obj, void *pme);
|
2020-02-18 17:54:15 +08:00
|
|
|
|
2020-06-22 15:15:52 +08:00
|
|
|
void http_get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attributes, cJSON *data_obj, void *pme);
|
2020-01-17 10:59:34 +08:00
|
|
|
|
2020-02-18 17:54:15 +08:00
|
|
|
int security_policy_init(struct verify_policy * verify, const char* profile_path);
|
2019-10-22 15:13:14 +08:00
|
|
|
|
|
|
|
|
#endif
|
