TSG-6000 策略验证接口支持移动网流量属性验证

2021-04-23 16:11:52 +08:00
parent de39bb7b68
commit 4993982f17
5 changed files with 33 additions and 3 deletions
--- a/common/include/verify_policy.h
+++ b/common/include/verify_policy.h
@@ -42,6 +42,9 @@ enum manipulate_sacn_table
    PXY_CTRL_APP_ID,
    PXY_CTRL_DOH_QNAME,
    PXY_CTRL_DOH_HOST,
+    PXY_CTRL_IMSI,
+    PXY_CTRL_PHONE_NUMBER,
+    PXY_CTRL_APN,
    PXY_CTRL_IP_SRC_ASN,
 	PXY_CTRL_IP_DST_ASN,
 	PXY_CTRL_IP_SRC_LOCATION,
@@ -78,6 +81,9 @@ enum security_scan_table
    PXY_SECURITY_FTP_ACCOUNT,
    PXY_SECURITY_SIP_FROM,
    PXY_SECURITY_SIP_TO,
+    PXY_SECURITY_IMSI,
+    PXY_SECURITY_PHONE_NUMBER,
+    PXY_SECURITY_APN,
    PXY_SECURITY_IP_SRC_ASN,
    PXY_SECURITY_IP_DST_ASN,
    PXY_SECURITY_IP_SRC_LOCATION,
--- a/platform/src/verify_policy.cpp
+++ b/platform/src/verify_policy.cpp
@@ -107,7 +107,10 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
 			table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
 			table_name[PXY_CTRL_DOH_QNAME]="TSG_FIELD_DOH_QNAME";
 			table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST";
-			scan_table_max = PXY_CTRL_DOH_HOST;
+			table_name[PXY_CTRL_IMSI]="TSG_FILED_GTP_IMSI";
+			table_name[PXY_CTRL_PHONE_NUMBER]="TSG_FILED_GTP_PHONE_NUMBER";
+			table_name[PXY_CTRL_APN]="TSG_FILED_GTP_APN";
+			scan_table_max = PXY_CTRL_APN;
 			break;
 		case PXY_TABLE_SECURITY:
 			table_name[PXY_SECURITY_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR";
@@ -137,7 +140,10 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
 			table_name[PXY_SECURITY_FTP_ACCOUNT] = "TSG_FIELD_FTP_ACCOUNT";
 			table_name[PXY_SECURITY_SIP_FROM]="TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION";
 			table_name[PXY_SECURITY_SIP_TO]="TSG_FIELD_SIP_RESPONDER_DESCRIPTION";
-			scan_table_max = PXY_SECURITY_SIP_TO;
+			table_name[PXY_SECURITY_IMSI]="TSG_FILED_GTP_PHONE_NUMBER";
+			table_name[PXY_SECURITY_PHONE_NUMBER]="TSG_FILED_GTP_PHONE_NUMBER";
+			table_name[PXY_SECURITY_APN]="TSG_FILED_GTP_APN";
+			scan_table_max = PXY_SECURITY_APN;
 			break;
 		case PXY_TABLE_WANNAT:
 			table_name[PXY_WANNAT_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR";
--- a/resource/table_info_proxy.conf
+++ b/resource/table_info_proxy.conf
@@ -48,3 +48,9 @@
 29	TSG_SECURITY_DESTINATION_LOCATION   virtual TSG_OBJ_GEO_LOCATION    --
 30	TSG_FIELD_DOH_QNAME virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]    --
 31	TSG_FIELD_DOH_HOST  virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]    --
+32      TSG_OBJ_IMSI    expr    UTF8    UTF8    yes     0
+33      TSG_OBJ_PHONE_NUMBER    expr    UTF8    UTF8    yes     0
+34      TSG_OBJ_APN     expr    UTF8    UTF8    yes     0
+35      TSG_FILED_GTP_IMSI      virtual TSG_OBJ_IMSI    --
+36      TSG_FILED_GTP_PHONE_NUMBER      virtual TSG_OBJ_PHONE_NUMBER    --
+37      TSG_FILED_GTP_APN       virtual TSG_OBJ_APN     --
--- a/resource/table_info_security.conf
+++ b/resource/table_info_security.conf
@@ -59,3 +59,9 @@
 47	TSG_FQDN_CATEGORY_USER_DEFINED	fqdn_plugin	{"row_id":1,"is_suffix_match":4,"fqdn":3,"valid":5}	--
 48	TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION	virtual	TSG_OBJ_ACCOUNT --
 49	TSG_FIELD_SIP_RESPONDER_DESCRIPTION	virtual	TSG_OBJ_ACCOUNT	--
+50	TSG_OBJ_IMSI	expr	UTF8	UTF8	yes	0
+51	TSG_OBJ_PHONE_NUMBER	expr	UTF8	UTF8	yes	0
+52	TSG_OBJ_APN	expr	UTF8	UTF8	yes	0
+53	TSG_FILED_GTP_IMSI	virtual	TSG_OBJ_IMSI	--
+54	TSG_FILED_GTP_PHONE_NUMBER	virtual	TSG_OBJ_PHONE_NUMBER	--
+55	TSG_FILED_GTP_APN	virtual	TSG_OBJ_APN	--
--- a/scan/src/policy_scan.cpp
+++ b/scan/src/policy_scan.cpp
@@ -1298,6 +1298,9 @@ int proxy_policy_init(struct verify_policy * verify, const char* profile_path)
 	table_name[PXY_CTRL_IP_DST_ASN]="TSG_SECURITY_DESTINATION_ASN";
 	table_name[PXY_CTRL_IP_SRC_LOCATION]="TSG_SECURITY_SOURCE_LOCATION";
 	table_name[PXY_CTRL_IP_DST_LOCATION]="TSG_SECURITY_DESTINATION_LOCATION";
+	table_name[PXY_CTRL_IMSI]="TSG_FILED_GTP_PHONE_NUMBER";
+	table_name[PXY_CTRL_PHONE_NUMBER]="TSG_OBJ_PHONE_NUMBER";
+	table_name[PXY_CTRL_APN]="TSG_FILED_GTP_APN";
 	for (int i = 0; i < __SCAN_TABLE_MAX; i++)
 	{
 		g_pangu_rt->scan_table_id[PXY_TABLE_MANIPULATION][i] = Maat_table_register(g_pangu_rt->maat[PXY_TABLE_MANIPULATION], table_name[i]);
@@ -1373,6 +1376,9 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path
 	table_name[PXY_SECURITY_IP_DST_LOCATION]="TSG_SECURITY_DESTINATION_LOCATION";
 	table_name[PXY_SECURITY_SIP_FROM]="TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION";
 	table_name[PXY_SECURITY_SIP_TO]="TSG_FIELD_SIP_RESPONDER_DESCRIPTION";
+	table_name[PXY_SECURITY_IMSI]="TSG_FILED_GTP_IMSI";
+	table_name[PXY_SECURITY_PHONE_NUMBER]="TSG_FILED_GTP_PHONE_NUMBER";
+	table_name[PXY_SECURITY_APN]="TSG_FILED_GTP_APN";

 	for (int i = 0; i < __SECURITY_TABLE_MAX; i++)
 	{