gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13721 策略验证支持MAAT4

Browse Source
This commit is contained in:
fengweihao
2023-03-30 19:50:00 +08:00
parent 92e9c25946
commit 5287253976
14 changed files with 1819 additions and 736 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -53,4 +53,4 @@ enable_testing()
add_subdirectory(vendor) add_subdirectory(vendor)
add_subdirectory(common) add_subdirectory(common)
add_subdirectory(platform) add_subdirectory(platform)
add_subdirectory(scan)

2
ci/travis.sh
View File

@@ -33,7 +33,7 @@ env | sort
: "${COMPILER_IS_GNUCXX:=OFF}" : "${COMPILER_IS_GNUCXX:=OFF}"
# Install dependency from YUM # Install dependency from YUM
yum install -y libcjson-devel libmaatframe-devel libMESA_handle_logger-devel librulescan-devel libMESA_prof_load-devel sapp-devel yum install -y libcjson-devel libmaat4-devel libMESA_handle_logger-devel libMESA_prof_load-devel sapp-devel
mkdir build || true mkdir build || true
cd build cd build

70
common/include/verify_policy.h
View File

@@ -13,15 +13,15 @@
struct breakpad_instance; struct breakpad_instance;
#define TRAFFIC_VSYS_ID_MAX 255 #define VSYS_ID_MAX 255
enum verify_policy_type enum compile_table_typle
{ {
TSG_TABLE_SECURITY, TSG_TABLE_SECURITY,
PXY_TABLE_MANIPULATION, PXY_TABLE_MANIPULATION,
PXY_TABLE_DEFENCE,
TSG_TRAFFIC_SHAPING, TSG_TRAFFIC_SHAPING,
TSG_SERVICE_CHAINGNG, TSG_SERVICE_CHAINGNG,
PXY_TABLE_DEFENCE,
__SCAN_POLICY_MAX __SCAN_POLICY_MAX
}; };
@@ -36,7 +36,8 @@ enum manipulate_sacn_table
PXY_CTRL_SOURCE_ADDR, PXY_CTRL_SOURCE_ADDR,
PXY_CTRL_DESTINATION_ADDR, PXY_CTRL_DESTINATION_ADDR,
PXY_CTRL_HTTP_URL, PXY_CTRL_HTTP_URL,
PXY_CTRL_HTTP_FQDN, PXY_CTRL_HTTP_HOST,
PXY_CTRL_HTTP_HOST_CAT,
PXY_CTRL_HTTP_REQ_HDR, PXY_CTRL_HTTP_REQ_HDR,
PXY_CTRL_HTTP_REQ_BODY, PXY_CTRL_HTTP_REQ_BODY,
PXY_CTRL_HTTP_RES_HDR, PXY_CTRL_HTTP_RES_HDR,
@@ -45,6 +46,7 @@ enum manipulate_sacn_table
PXY_CTRL_APP_ID, PXY_CTRL_APP_ID,
PXY_CTRL_DOH_QNAME, PXY_CTRL_DOH_QNAME,
PXY_CTRL_DOH_HOST, PXY_CTRL_DOH_HOST,
PXY_CTRL_DOH_HOST_CAT,
PXY_CTRL_IMSI, PXY_CTRL_IMSI,
PXY_CTRL_PHONE_NUMBER, PXY_CTRL_PHONE_NUMBER,
PXY_CTRL_APN, PXY_CTRL_APN,
@@ -60,18 +62,23 @@ enum security_scan_table
TSG_SECURITY_SOURCE_ADDR, TSG_SECURITY_SOURCE_ADDR,
TSG_SECURITY_DESTINATION_ADDR, TSG_SECURITY_DESTINATION_ADDR,
TSG_SECURITY_HTTP_URL, TSG_SECURITY_HTTP_URL,
TSG_SECURITY_HTTP_FQDN, TSG_SECURITY_HTTP_HOST,
TSG_SECURITY_HTTP_HOST_CAT,
TSG_SECURITY_HTTP_REQ_HDR, TSG_SECURITY_HTTP_REQ_HDR,
TSG_SECURITY_HTTP_REQ_BODY, TSG_SECURITY_HTTP_REQ_BODY,
TSG_SECURITY_HTTP_RES_HDR, TSG_SECURITY_HTTP_RES_HDR,
TSG_SECURITY_HTTP_RES_BODY, TSG_SECURITY_HTTP_RES_BODY,
TSG_SECURITY_SUBSCRIBE_ID, TSG_SECURITY_SUBSCRIBE_ID,
TSG_SECURITY_APP_ID, TSG_SECURITY_APP_ID,
TSG_SECURITY_HTTPS_SNI, TSG_SECURITY_SSL_SNI,
TSG_SECURITY_HTTPS_CN, TSG_SECURITY_SSL_SNI_CAT,
TSG_SECURITY_HTTPS_SAN, TSG_SECURITY_SSL_CN,
TSG_SECURITY_SSL_CN_CAT,
TSG_SECURITY_SSL_SAN,
TSG_SECURITY_SSL_SAN_CAT,
TSG_SECURITY_DNS_QNAME, TSG_SECURITY_DNS_QNAME,
TSG_SECURITY_QUIC_SNI, TSG_SECURITY_QUIC_SNI,
TSG_SECURITY_QUIC_SNI_CAT,
TSG_SECURITY_MAIL_ACCOUNT, TSG_SECURITY_MAIL_ACCOUNT,
TSG_SECURITY_MAIL_FROM, TSG_SECURITY_MAIL_FROM,
TSG_SECURITY_MAIL_TO, TSG_SECURITY_MAIL_TO,
@@ -97,28 +104,6 @@ enum security_scan_table
__SECURITY_TABLE_MAX __SECURITY_TABLE_MAX
}; };
enum http_ev_bit_number
{
IP_BITNUM = 0,
URL_BITNUM,
FQDN_BITNUM,
REQ_HDR_BITNUM,
RESP_HDR_BITNUM,
CONTENT_BITNUM,
SUBSCRIBE_ID
};
enum policy_http_event
{
EV_HTTP_IP = 1ULL << IP_BITNUM,
EV_HTTP_URL = 1ULL << URL_BITNUM,
EV_HTTP_FQDN = 1ULL << FQDN_BITNUM,
EV_HTTP_REQ_HDR = 1ULL << REQ_HDR_BITNUM,
EV_HTTP_RESP_HDR = 1ULL << RESP_HDR_BITNUM,
EV_HTTP_CONTENT = 1ULL << CONTENT_BITNUM,
EV_HTTP_SUBSCRIBE_ID = 1ULL << SUBSCRIBE_ID,
};
struct verify_policy_thread struct verify_policy_thread
{ {
int id; int id;
@@ -141,15 +126,16 @@ struct verify_policy
struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX]; struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX];
}; };
struct verify_policy_query_obj struct request_query_obj
{ {
int protocol_field; int table_id;
int numeric; int numeric;
char *keyword; char *keyword;
char *district; char *district;
char *attri_name; char *attri_name;
int protocol;
struct ipaddr *ip_addr; struct ipaddr *ip_addr;
struct ipaddr *endpoint; struct ipaddr *endpoint;
@@ -169,25 +155,19 @@ struct verify_policy_query_obj
struct verify_policy_query struct verify_policy_query
{ {
int vsys_id; int vsys_id;
int shaping; enum compile_table_typle table_typle;
enum verify_policy_type type; struct request_query_obj verify_object[32];
struct verify_policy_query_obj verify_object[32];
}; };
extern struct verify_policy * g_verify_proxy; extern struct verify_policy * g_verify_proxy;
void * pangu_http_ctx_new(unsigned int thread_id); void *policy_scan_ctx_new(unsigned int thread_id, int vsys_id, enum compile_table_typle table_typle, int compile_table_id);
void pangu_http_ctx_free(void * pme); void pangu_http_ctx_free(void * pme);
size_t policy_verify_scan(int vsys_id, enum compile_table_typle policy_type, struct request_query_obj *query_obj, cJSON *data_obj, void *pme);
size_t verify_policy_scan(int vsys_id, enum verify_policy_type policy_type, struct verify_policy_query_obj *query_obj, cJSON *data_obj, void *pme); void http_get_scan_status(struct request_query_obj *query_obj, int type, cJSON *attributes, cJSON *data_obj, void *pme);
int proxy_policy_init(struct verify_policy * verify, const char* profile_path);
void http_get_scan_status(struct verify_policy_query_obj *query_obj, int type, int shaping, cJSON *attributes, cJSON *data_obj, void *pme);
int security_policy_init(struct verify_policy * verify, const char* profile_path); int security_policy_init(struct verify_policy * verify, const char* profile_path);
int http_hit_policy_list(int vsys_id, enum compile_table_typle policy_type, int compile_table_id, size_t hit_cnt, cJSON *data_obj, void *pme);
int http_hit_policy_list(enum verify_policy_type policy_type, int shaping, size_t hit_cnt, cJSON *data_obj, void *pme);
void verify_policy_tunnle_add(void * pme); void verify_policy_tunnle_add(void * pme);
#endif #endif

8
common/include/verify_policy_logging.h
View File

@@ -29,9 +29,7 @@ extern RTLogInit2Data logging_sc_lid;
/* The maximum length of the log message */ /* The maximum length of the log message */
#define RT_LOG_MAX_LOG_MSG_LEN 4096 #define RT_LOG_MAX_LOG_MSG_LEN 4096
extern void mesa_logging_print(int log_level, const char *module, const char *msg); #define mesa_log(x, y, ...) do { \
#define mesa_log(x, y, z, ...) do { \
char _sc_log_msg[RT_LOG_MAX_LOG_MSG_LEN] = ""; \ char _sc_log_msg[RT_LOG_MAX_LOG_MSG_LEN] = ""; \
char *_sc_log_temp = _sc_log_msg; \ char *_sc_log_temp = _sc_log_msg; \
if ( !x ) \ if ( !x ) \
@@ -40,11 +38,11 @@ extern void mesa_logging_print(int log_level, const char *module, const char *ms
(RT_LOG_MAX_LOG_MSG_LEN - \ (RT_LOG_MAX_LOG_MSG_LEN - \
(_sc_log_temp - _sc_log_msg)), \ (_sc_log_temp - _sc_log_msg)), \
__VA_ARGS__); \ __VA_ARGS__); \
mesa_logging_print(y, z, _sc_log_msg); \ MESA_handle_runtime_log(logging_sc_lid.run_log_handle, y, __FUNCTION__, _sc_log_msg); \
} \ } \
} while(0) } while(0)
#define mesa_runtime_log(level, module, ...) mesa_log(logging_sc_lid.debug_switch, level, module, __VA_ARGS__) #define mesa_runtime_log(level, ...) mesa_log(logging_sc_lid.debug_switch, level, __VA_ARGS__)
extern void * verify_syslog_init(const char *config); extern void * verify_syslog_init(const char *config);

2
common/include/verify_policy_utils.h
View File

@@ -52,6 +52,6 @@
char* rt_strdup(const char* s); char* rt_strdup(const char* s);
#define CHECK_OR_EXIT(condition, fmt, ...) \ #define CHECK_OR_EXIT(condition, fmt, ...) \
do { if(!(condition)) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE); } } while(0) \ do { if(!(condition)) { mesa_runtime_log(RLOG_LV_FATAL, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE); } } while(0) \
#endif #endif

15
common/src/verify_policy_logging.cpp
View File

@@ -19,15 +19,8 @@
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h> #include <MESA/MESA_handle_logger.h>
RTLogInit2Data logging_sc_lid; RTLogInit2Data logging_sc_lid;
void mesa_logging_print(int log_level, const char *module, const char *msg)
{
MESA_handle_runtime_log(logging_sc_lid.run_log_handle, log_level, (const char *)module, msg);
return;
}
void * verify_syslog_init(const char *config) void * verify_syslog_init(const char *config)
{ {
@@ -44,14 +37,14 @@ void * verify_syslog_init(const char *config)
logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle("verify_policy", RLOG_LV_DEBUG); logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle("verify_policy", RLOG_LV_DEBUG);
if(logging_sc_lid.run_log_handle == NULL){ if(logging_sc_lid.run_log_handle == NULL){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Create log runtime_log_handle error, init failed!"); mesa_runtime_log(RLOG_LV_FATAL, "Create log runtime_log_handle error, init failed!");
goto finish; goto finish;
}else{ }else{
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Log module initialization"); mesa_runtime_log(RLOG_LV_INFO, "Log module initialization");
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "Log level", logging_sc_lid.run_log_level); mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Log level", logging_sc_lid.run_log_level);
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%s", "Log Directory", logging_sc_lid.run_log_path); mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Log Directory", logging_sc_lid.run_log_path);
return logging_sc_lid.run_log_handle; return logging_sc_lid.run_log_handle;
finish: finish:

4
platform/CMakeLists.txt
View File

@@ -2,11 +2,11 @@ if(COMMAND cmake_policy)
cmake_policy(SET CMP0003 NEW) cmake_policy(SET CMP0003 NEW)
endif(COMMAND cmake_policy) endif(COMMAND cmake_policy)
add_executable(verify-policy src/verify_policy.cpp) add_executable(verify-policy src/verify_policy.cpp src/verify_matcher.cpp)
#target_include_directories(verify-policy PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) #target_include_directories(verify-policy PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
target_link_libraries(verify-policy common policy_scan) target_link_libraries(verify-policy common cjson maatframe)
target_link_libraries(verify-policy pthread dl target_link_libraries(verify-policy pthread dl
libevent-static libevent-static
MESA_handle_logger MESA_handle_logger

1075
scan/src/policy_scan.cpp → platform/src/verify_matcher.cpp
View File

File diff suppressed because it is too large Load Diff

151
platform/src/verify_policy.cpp
View File

@@ -49,33 +49,31 @@ const char * version()
static int signals[] = {SIGHUP, SIGPIPE, SIGUSR1}; static int signals[] = {SIGHUP, SIGPIPE, SIGUSR1};
extern int proxy_policy_init(struct verify_policy * verify, const char* profile_path); static int load_system_conf(struct verify_policy * verify, const char *profile)
static int verify_policy_init(struct verify_policy * verify, const char *profile)
{ {
int xret = -1; int xret = -1;
xret = MESA_load_profile_uint_nodef(profile, "CONFIG", "thread-nu", &(verify->nr_work_threads)); xret = MESA_load_profile_uint_nodef(profile, "CONFIG", "thread-nu", &(verify->nr_work_threads));
if (xret < 0){ if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed"); mesa_runtime_log(RLOG_LV_FATAL, "Reading the number of running threads failed");
} }
xret = MESA_load_profile_short_nodef(profile, "LISTEN", "port", (short *)&(verify->listen_port)); xret = MESA_load_profile_short_nodef(profile, "LISTEN", "port", (short *)&(verify->listen_port));
if (xret < 0){ if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Listen Port invalid"); mesa_runtime_log(RLOG_LV_FATAL, "Listen Port invalid");
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "The Threads", verify->nr_work_threads); mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "The Threads", verify->nr_work_threads);
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "Libevent Port", verify->listen_port); mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Libevent Port", verify->listen_port);
return xret; return xret;
} }
enum verify_policy_type tsg_policy_type_str2idx(const char *action_str) enum compile_table_typle tsg_policy_type_str2idx(const char *action_str, int *table_id)
{ {
const char * policy_name[__SCAN_POLICY_MAX]; const char * policy_name[__SCAN_POLICY_MAX];
policy_name[TSG_TABLE_SECURITY] = "tsg_security"; policy_name[TSG_TABLE_SECURITY] = "tsg_security";
policy_name[PXY_TABLE_MANIPULATION] = "pxy_manipulation"; policy_name[PXY_TABLE_MANIPULATION] = "pxy_manipulation";
policy_name[PXY_TABLE_DEFENCE] = "active_defence";
policy_name[TSG_TRAFFIC_SHAPING] = "traffic_shaping"; policy_name[TSG_TRAFFIC_SHAPING] = "traffic_shaping";
policy_name[TSG_SERVICE_CHAINGNG] = "service_chaining"; policy_name[TSG_SERVICE_CHAINGNG] = "service_chaining";
policy_name[PXY_TABLE_DEFENCE] = "active_defence";
size_t i = 0; size_t i = 0;
@@ -84,11 +82,17 @@ enum verify_policy_type tsg_policy_type_str2idx(const char *action_str)
if (0 == strcasecmp(action_str, policy_name[i])) if (0 == strcasecmp(action_str, policy_name[i]))
break; break;
} }
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] policyType= %s", action_str); mesa_runtime_log(RLOG_LV_DEBUG, "[I] policyType= %s", action_str);
return (enum verify_policy_type)i;
*table_id = i;
if(i == TSG_TRAFFIC_SHAPING || i == TSG_SERVICE_CHAINGNG)
{
i = TSG_TABLE_SECURITY;
}
return (enum compile_table_typle)i;
} }
int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_str, char *buff, char **p) int protoco_field_type_str2idx(enum compile_table_typle type, const char *action_str, char *buff, char **p)
{ {
size_t scan_table_max=0; size_t scan_table_max=0;
const char * table_name[__SECURITY_TABLE_MAX] ={0}; const char * table_name[__SECURITY_TABLE_MAX] ={0};
@@ -98,8 +102,9 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
case PXY_TABLE_MANIPULATION: case PXY_TABLE_MANIPULATION:
table_name[PXY_CTRL_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR"; table_name[PXY_CTRL_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR";
table_name[PXY_CTRL_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR"; table_name[PXY_CTRL_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR";
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL"; table_name[PXY_CTRL_HTTP_URL] ="TSG_FIELD_HTTP_URL";
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST"; table_name[PXY_CTRL_HTTP_HOST] = "TSG_FIELD_HTTP_HOST";
table_name[PXY_CTRL_HTTP_HOST_CAT] = "TSG_FIELD_HTTP_HOST_CAT";
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR"; table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
table_name[PXY_CTRL_HTTP_REQ_BODY] = "TSG_FIELD_HTTP_REQ_BODY"; table_name[PXY_CTRL_HTTP_REQ_BODY] = "TSG_FIELD_HTTP_REQ_BODY";
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR"; table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
@@ -108,6 +113,7 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID"; table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
table_name[PXY_CTRL_DOH_QNAME]="TSG_FIELD_DOH_QNAME"; table_name[PXY_CTRL_DOH_QNAME]="TSG_FIELD_DOH_QNAME";
table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST"; table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST";
table_name[PXY_CTRL_DOH_HOST_CAT]="TSG_FIELD_DOH_HOST_CAT";
table_name[PXY_CTRL_IMSI]="TSG_FILED_GTP_IMSI"; table_name[PXY_CTRL_IMSI]="TSG_FILED_GTP_IMSI";
table_name[PXY_CTRL_PHONE_NUMBER]="TSG_FILED_GTP_PHONE_NUMBER"; table_name[PXY_CTRL_PHONE_NUMBER]="TSG_FILED_GTP_PHONE_NUMBER";
table_name[PXY_CTRL_APN]="TSG_FILED_GTP_APN"; table_name[PXY_CTRL_APN]="TSG_FILED_GTP_APN";
@@ -117,18 +123,23 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
table_name[TSG_SECURITY_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR"; table_name[TSG_SECURITY_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR";
table_name[TSG_SECURITY_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR"; table_name[TSG_SECURITY_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR";
table_name[TSG_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL"; table_name[TSG_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
table_name[TSG_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST"; table_name[TSG_SECURITY_HTTP_HOST] = "TSG_FIELD_HTTP_HOST";
table_name[TSG_SECURITY_HTTP_HOST_CAT] = "TSG_FIELD_HTTP_HOST_CAT";
table_name[TSG_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR"; table_name[TSG_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
table_name[TSG_SECURITY_HTTP_REQ_BODY] = "TSG_FIELD_HTTP_REQ_BODY"; table_name[TSG_SECURITY_HTTP_REQ_BODY] = "TSG_FIELD_HTTP_REQ_BODY";
table_name[TSG_SECURITY_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR"; table_name[TSG_SECURITY_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
table_name[TSG_SECURITY_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_BODY"; table_name[TSG_SECURITY_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_BODY";
table_name[TSG_SECURITY_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID"; table_name[TSG_SECURITY_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
table_name[TSG_SECURITY_APP_ID] = "TSG_OBJ_APP_ID"; table_name[TSG_SECURITY_APP_ID] = "TSG_OBJ_APP_ID";
table_name[TSG_SECURITY_HTTPS_SNI] = "TSG_FIELD_SSL_SNI"; table_name[TSG_SECURITY_SSL_SNI] = "TSG_FIELD_SSL_SNI";
table_name[TSG_SECURITY_HTTPS_CN] = "TSG_FIELD_SSL_CN"; table_name[TSG_SECURITY_SSL_SNI_CAT] = "TSG_FIELD_SSL_SNI_CAT";
table_name[TSG_SECURITY_HTTPS_SAN] = "TSG_FIELD_SSL_SAN"; table_name[TSG_SECURITY_SSL_CN] = "TSG_FIELD_SSL_CN";
table_name[TSG_SECURITY_SSL_CN_CAT] = "TSG_FIELD_SSL_CN_CAT";
table_name[TSG_SECURITY_SSL_SAN] = "TSG_FIELD_SSL_SAN";
table_name[TSG_SECURITY_SSL_SAN_CAT] = "TSG_FIELD_SSL_SAN_CAT";
table_name[TSG_SECURITY_DNS_QNAME] = "TSG_FIELD_DNS_QNAME"; table_name[TSG_SECURITY_DNS_QNAME] = "TSG_FIELD_DNS_QNAME";
table_name[TSG_SECURITY_QUIC_SNI] = "TSG_FIELD_QUIC_SNI"; table_name[TSG_SECURITY_QUIC_SNI] = "TSG_FIELD_QUIC_SNI";
table_name[TSG_SECURITY_QUIC_SNI_CAT] = "TSG_FIELD_QUIC_SNI";
table_name[TSG_SECURITY_MAIL_ACCOUNT] = "TSG_FIELD_MAIL_ACCOUNT"; table_name[TSG_SECURITY_MAIL_ACCOUNT] = "TSG_FIELD_MAIL_ACCOUNT";
table_name[TSG_SECURITY_MAIL_FROM] = "TSG_FIELD_MAIL_FROM"; table_name[TSG_SECURITY_MAIL_FROM] = "TSG_FIELD_MAIL_FROM";
table_name[TSG_SECURITY_MAIL_TO] = "TSG_FIELD_MAIL_TO"; table_name[TSG_SECURITY_MAIL_TO] = "TSG_FIELD_MAIL_TO";
@@ -188,7 +199,7 @@ struct ipaddr *ip_to_stream_addr(const char *clientIp1, unsigned int clientPort1
v6_addr->dest=htons(serverPort1); v6_addr->dest=htons(serverPort1);
ip_addr->v6=v6_addr; ip_addr->v6=v6_addr;
} }
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] attributeName = ip, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type = %d", mesa_runtime_log(RLOG_LV_DEBUG, "[I] attributeName = ip, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type = %d",
clientIp1, clientPort1, serverIp1, serverPort1, addr_type); clientIp1, clientPort1, serverIp1, serverPort1, addr_type);
return ip_addr; return ip_addr;
@@ -211,7 +222,7 @@ struct ipaddr *tunnel_to_stream_addr(const char *Ip, int addr_type)
inet_pton(AF_INET6,Ip,&(v6_addr->saddr)); inet_pton(AF_INET6,Ip,&(v6_addr->saddr));
ip_addr->v6=v6_addr; ip_addr->v6=v6_addr;
} }
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type); mesa_runtime_log(RLOG_LV_DEBUG, "[I] attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type);
return ip_addr; return ip_addr;
} }
@@ -277,11 +288,11 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
item = cJSON_GetObjectItem(subchild, "tableName"); item = cJSON_GetObjectItem(subchild, "tableName");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
policy_query->verify_object[curr_id].protocol_field = protoco_field_type_str2idx(policy_query->type, item->valuestring, buff, &p); policy_query->verify_object[curr_id].table_id = protoco_field_type_str2idx(policy_query->table_typle, item->valuestring, buff, &p);
if ((policy_query->type == PXY_TABLE_MANIPULATION && policy_query->verify_object[curr_id].protocol_field == __SCAN_TABLE_MAX) if ((policy_query->table_typle == PXY_TABLE_MANIPULATION && policy_query->verify_object[curr_id].table_id == __SCAN_TABLE_MAX)
|| (policy_query->type == TSG_TABLE_SECURITY && policy_query->verify_object[curr_id].protocol_field == __SECURITY_TABLE_MAX)) || (policy_query->table_typle == TSG_TABLE_SECURITY && policy_query->verify_object[curr_id].table_id == __SECURITY_TABLE_MAX))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "policy table name error, table name = %s", item->valuestring); mesa_runtime_log(RLOG_LV_FATAL, "policy table name error, table name = %s", item->valuestring);
goto finish; goto finish;
} }
} }
@@ -294,6 +305,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
0 == strcasecmp(policy_query->verify_object[curr_id].attri_name, "destination")) 0 == strcasecmp(policy_query->verify_object[curr_id].attri_name, "destination"))
{ {
policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name); policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name);
policy_query->verify_object[curr_id].protocol= cJSON_GetObjectItem(attributeValue , "protocol")->valueint;
goto end; goto end;
} }
@@ -311,8 +323,8 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->verify_object[curr_id].district); p += snprintf(p, sizeof(buff) - (p - buff), ", district = %s",policy_query->verify_object[curr_id].district);
} }
if(policy_query->verify_object[curr_id].protocol_field == PXY_CTRL_APP_ID || if(policy_query->verify_object[curr_id].table_id == PXY_CTRL_APP_ID ||
policy_query->verify_object[curr_id].protocol_field == TSG_SECURITY_FLAG) policy_query->verify_object[curr_id].table_id == TSG_SECURITY_FLAG)
{ {
item = cJSON_GetObjectItem(attributeValue, "numeric"); item = cJSON_GetObjectItem(attributeValue, "numeric");
if(item && item->type==cJSON_Number) if(item && item->type==cJSON_Number)
@@ -330,7 +342,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->verify_object[curr_id].keyword); p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->verify_object[curr_id].keyword);
} }
} }
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] %s", buff); mesa_runtime_log(RLOG_LV_DEBUG, "[I] %s", buff);
memset(buff, 0, VERIFY_STRING_MAX); memset(buff, 0, VERIFY_STRING_MAX);
end: end:
xret = 1; xret = 1;
@@ -347,7 +359,7 @@ cJSON *get_query_from_request(const char *data, int thread_id)
cJSON* data_json = cJSON_Parse(data); cJSON* data_json = cJSON_Parse(data);
if(data_json == NULL) if(data_json == NULL)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "invalid policy parameter"); mesa_runtime_log(RLOG_LV_FATAL, "invalid policy parameter");
return NULL; return NULL;
} }
cJSON *policy_obj=NULL, *data_obj=NULL; cJSON *policy_obj=NULL, *data_obj=NULL;
@@ -365,24 +377,15 @@ cJSON *get_query_from_request(const char *data, int thread_id)
{ {
for (subitem = item->child; subitem != NULL; subitem = subitem->next) for (subitem = item->child; subitem != NULL; subitem = subitem->next)
{ {
int compile_table_id=0;
verify_policy = ALLOC(struct verify_policy_query, 1); verify_policy = ALLOC(struct verify_policy_query, 1);
item = cJSON_GetObjectItem(subitem,"policyType"); item = cJSON_GetObjectItem(subitem,"policyType");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
verify_policy->type = tsg_policy_type_str2idx(item->valuestring); verify_policy->table_typle = tsg_policy_type_str2idx(item->valuestring, &compile_table_id);
if(verify_policy->type == TSG_TRAFFIC_SHAPING) if (verify_policy->table_typle >= __SCAN_POLICY_MAX)
{ {
verify_policy->shaping=1; mesa_runtime_log(RLOG_LV_FATAL, "policy type error, policy id = %d", verify_policy->table_typle);
verify_policy->type = TSG_TABLE_SECURITY;
}
if(verify_policy->type == TSG_SERVICE_CHAINGNG)
{
verify_policy->shaping=2;
verify_policy->type = TSG_TABLE_SECURITY;
}
if (verify_policy->type >= __SCAN_POLICY_MAX)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "policy type error, policy id = %d", verify_policy->type);
goto free; goto free;
} }
} }
@@ -398,10 +401,11 @@ cJSON *get_query_from_request(const char *data, int thread_id)
{ {
goto free; goto free;
} }
attributes = cJSON_GetObjectItem(item,"attributes"); attributes = cJSON_GetObjectItem(item,"attributes");
if(attributes && attributes->type==cJSON_Array) if(attributes && attributes->type==cJSON_Array)
{ {
void *ctx = pangu_http_ctx_new(thread_id); void *ctx = policy_scan_ctx_new(thread_id, verify_policy->vsys_id, verify_policy->table_typle, compile_table_id);
for (subchild = attributes->child; subchild != NULL; subchild = subchild->next) for (subchild = attributes->child; subchild != NULL; subchild = subchild->next)
{ {
@@ -410,7 +414,7 @@ cJSON *get_query_from_request(const char *data, int thread_id)
{ {
goto free; goto free;
} }
hit_cnt = verify_policy_scan(verify_policy->vsys_id, verify_policy->type, &verify_policy->verify_object[i], data_obj, ctx); hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->table_typle, &verify_policy->verify_object[i], data_obj, ctx);
if(0 == strcasecmp(verify_policy->verify_object[i].attri_name, "source") || if(0 == strcasecmp(verify_policy->verify_object[i].attri_name, "source") ||
0 == strcasecmp(verify_policy->verify_object[i].attri_name, "destination")) 0 == strcasecmp(verify_policy->verify_object[i].attri_name, "destination"))
{ {
@@ -424,7 +428,7 @@ cJSON *get_query_from_request(const char *data, int thread_id)
i++; i++;
} }
http_hit_policy_list(verify_policy->type, verify_policy->shaping, hit_cnt, data_obj, ctx); http_hit_policy_list(verify_policy->vsys_id, verify_policy->table_typle, compile_table_id, hit_cnt, data_obj, ctx);
int item = 0; int item = 0;
cJSON *verfifySession = cJSON_CreateObject(); cJSON *verfifySession = cJSON_CreateObject();
@@ -433,7 +437,7 @@ cJSON *get_query_from_request(const char *data, int thread_id)
cJSON_AddItemToObject(verfifySession, "attributes", attributes); cJSON_AddItemToObject(verfifySession, "attributes", attributes);
for (item = 0; item < i; item++) for (item = 0; item < i; item++)
{ {
http_get_scan_status(&verify_policy->verify_object[item], verify_policy->type, verify_policy->shaping, attributes,data_obj, ctx); http_get_scan_status(&verify_policy->verify_object[item], verify_policy->table_typle, attributes,data_obj, ctx);
} }
pangu_http_ctx_free(ctx); pangu_http_ctx_free(ctx);
} }
@@ -495,13 +499,13 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST) if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST)
{ {
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "FAILED (post type)"); mesa_runtime_log(RLOG_LV_DEBUG, "FAILED (post type)");
goto error; goto error;
} }
evbuf_body = evhttp_request_get_input_buffer(evh_req); evbuf_body = evhttp_request_get_input_buffer(evh_req);
if (!evbuf_body || 0==(inputlen = evbuffer_get_length(evbuf_body)) ||!(input = (char *)evbuffer_pullup(evbuf_body,inputlen))) if (!evbuf_body || 0==(inputlen = evbuffer_get_length(evbuf_body)) ||!(input = (char *)evbuffer_pullup(evbuf_body,inputlen)))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get post data information."); mesa_runtime_log(RLOG_LV_FATAL, "Failed to get post data information.");
goto error; goto error;
} }
@@ -512,7 +516,7 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
} }
policy_payload = cJSON_PrintUnformatted(policy_obj); policy_payload = cJSON_PrintUnformatted(policy_obj);
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[O] %s", policy_payload); mesa_runtime_log(RLOG_LV_DEBUG, "[O] %s", policy_payload);
evhttp_socket_send(evh_req, policy_payload); evhttp_socket_send(evh_req, policy_payload);
cJSON_Delete(policy_obj); cJSON_Delete(policy_obj);
@@ -534,13 +538,13 @@ void * verify_policy_thread_func(void * arg)
thread_ctx->base = event_base_new(); thread_ctx->base = event_base_new();
if (! thread_ctx->base) if (! thread_ctx->base)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Can'thread_ctx allocate event base"); mesa_runtime_log(RLOG_LV_FATAL, "Can'thread_ctx allocate event base");
goto finish; goto finish;
} }
thread_ctx->http = evhttp_new(thread_ctx->base); thread_ctx->http = evhttp_new(thread_ctx->base);
if (!thread_ctx->http) if (!thread_ctx->http)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "couldn'thread_ctx create evhttp. Exiting."); mesa_runtime_log(RLOG_LV_FATAL, "couldn'thread_ctx create evhttp. Exiting.");
goto error; goto error;
} }
@@ -549,10 +553,10 @@ void * verify_policy_thread_func(void * arg)
bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd); bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd);
if (bound != NULL) if (bound != NULL)
{ {
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound, mesa_runtime_log(RLOG_LV_INFO, "Bound(%p) to port %d - Awaiting connections ... ", bound,
g_verify_proxy->listen_port); g_verify_proxy->listen_port);
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Work thread %u is run...", thread_ctx->id); mesa_runtime_log(RLOG_LV_INFO, "Work thread %u is run...", thread_ctx->id);
event_base_dispatch(thread_ctx->base); event_base_dispatch(thread_ctx->base);
error: error:
@@ -655,7 +659,7 @@ err:
return fd; return fd;
} }
int pangu_policy_work_thread_run(struct verify_policy * verify) int verify_policy_work_thread_run(struct verify_policy * verify)
{ {
int xret = 0; int xret = 0;
unsigned int tid = 0; unsigned int tid = 0;
@@ -668,7 +672,7 @@ int pangu_policy_work_thread_run(struct verify_policy * verify)
evutil_socket_t accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in),LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1); evutil_socket_t accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in),LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1);
if (accept_fd < 0) if (accept_fd < 0)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Could not create a listen!"); mesa_runtime_log(RLOG_LV_FATAL, "Could not create a listen!");
goto finish; goto finish;
} }
@@ -682,18 +686,15 @@ int pangu_policy_work_thread_run(struct verify_policy * verify)
if (pthread_create(&thread_ctx->pid, thread_ctx->attr, thread_ctx->routine, thread_ctx)) if (pthread_create(&thread_ctx->pid, thread_ctx->attr, thread_ctx->routine, thread_ctx))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "%s", strerror(errno)); mesa_runtime_log(RLOG_LV_FATAL, "%s", strerror(errno));
goto finish; goto finish;
} }
if (pthread_detach(thread_ctx->pid)) if (pthread_detach(thread_ctx->pid))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "%s", strerror(errno)); mesa_runtime_log(RLOG_LV_FATAL, "%s", strerror(errno));
goto finish; goto finish;
} }
} }
FOREVER{
sleep(1);
}
finish: finish:
return xret; return xret;
} }
@@ -749,14 +750,14 @@ int breakpad_init_minidump_upload(struct breakpad_instance * instance, const cha
if (unlikely(ret < 0)) if (unlikely(ret < 0))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "breakpad_upload_url is necessary, failed. "); mesa_runtime_log(RLOG_LV_FATAL, "breakpad_upload_url is necessary, failed. ");
goto errout; goto errout;
} }
ret = readlink("/proc/self/exe", execpath, sizeof(execpath)); ret = readlink("/proc/self/exe", execpath, sizeof(execpath));
if(unlikely(ret < 0)) if(unlikely(ret < 0))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed at readlink /proc/self/exec: %s", strerror(errno)); mesa_runtime_log(RLOG_LV_FATAL, "Failed at readlink /proc/self/exec: %s", strerror(errno));
/* after log, reset errno */ /* after log, reset errno */
errno = 0; errno = 0;
goto errout; goto errout;
@@ -857,7 +858,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
ret = setrlimit(RLIMIT_CORE, &__rlimit_vars); ret = setrlimit(RLIMIT_CORE, &__rlimit_vars);
if (ret < 0) if (ret < 0)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno)); mesa_runtime_log(RLOG_LV_FATAL, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno));
/* after log, reset errno */ /* after log, reset errno */
errno = 0; errno = 0;
} }
@@ -866,7 +867,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
MESA_load_profile_uint_def(profile, "system", "enable_breakpad", &instance->en_breakpad, 1); MESA_load_profile_uint_def(profile, "system", "enable_breakpad", &instance->en_breakpad, 1);
if (instance->en_breakpad <= 0) if (instance->en_breakpad <= 0)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Breakpad Crash Reporting System is disabled. "); mesa_runtime_log(RLOG_LV_FATAL, "Breakpad Crash Reporting System is disabled. ");
return instance; return instance;
} }
@@ -885,7 +886,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
ret = breakpad_init_minidump_upload(instance, profile); ret = breakpad_init_minidump_upload(instance, profile);
if (ret < 0) if (ret < 0)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Breakpad upload init failed, using local breakpad dumpfile"); mesa_runtime_log(RLOG_LV_FATAL, "Breakpad upload init failed, using local breakpad dumpfile");
instance->en_breakpad_upload = 0; instance->en_breakpad_upload = 0;
} }
@@ -894,7 +895,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
ret = setrlimit(RLIMIT_CORE, &__rlimit_vars); ret = setrlimit(RLIMIT_CORE, &__rlimit_vars);
if (ret < 0) if (ret < 0)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno)); mesa_runtime_log(RLOG_LV_FATAL, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno));
/* after log, reset errno */ /* after log, reset errno */
errno = 0; errno = 0;
} }
@@ -912,8 +913,8 @@ struct breakpad_instance * breakpad_init(const char * profile)
google_breakpad::MinidumpDescriptor(instance->minidump_dir_prefix), NULL, google_breakpad::MinidumpDescriptor(instance->minidump_dir_prefix), NULL,
tfe_breakpad_dump_to_file, NULL, true, -1); tfe_breakpad_dump_to_file, NULL, true, -1);
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Breakpad Crash Report is enable. "); mesa_runtime_log(RLOG_LV_INFO, "Breakpad Crash Report is enable. ");
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Minidump Dir: %s", instance->minidump_dir_prefix); mesa_runtime_log(RLOG_LV_INFO, "Minidump Dir: %s", instance->minidump_dir_prefix);
return instance; return instance;
} }
@@ -922,7 +923,7 @@ void __signal_handler_cb(int sig)
switch (sig) switch (sig)
{ {
case SIGHUP: case SIGHUP:
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Reload log config"); mesa_runtime_log(RLOG_LV_INFO, "Reload log config");
MESA_handle_runtime_log_reconstruction(NULL); MESA_handle_runtime_log_reconstruction(NULL);
break; break;
case SIGPIPE: case SIGPIPE:
@@ -961,21 +962,21 @@ int main(int argc, char * argv[])
g_verify_proxy->logger = verify_syslog_init(main_profile); g_verify_proxy->logger = verify_syslog_init(main_profile);
CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit."); CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit.");
ret = verify_policy_init(g_verify_proxy, main_profile); ret = load_system_conf(g_verify_proxy, main_profile);
CHECK_OR_EXIT(ret == 0, "Failed at loading profile %s, Exit.", main_profile); CHECK_OR_EXIT(ret == 0, "Failed at loading profile %s, Exit.", main_profile);
ret = proxy_policy_init(g_verify_proxy, main_profile); ret = proxy_policy_init(g_verify_proxy, main_profile);
CHECK_OR_EXIT(ret == 0, "Failed at init panggu module, Exit."); CHECK_OR_EXIT(ret == 0, "Failed at init proxy module, Exit.");
clock_gettime(CLOCK_REALTIME, &(end_time)); clock_gettime(CLOCK_REALTIME, &(end_time));
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Read table_info_proxy.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec); mesa_runtime_log(RLOG_LV_DEBUG, "Read table_info_proxy.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec);
printf("Read table_info_proxy.conf, take time %lu(s)\n", end_time.tv_sec - start_time.tv_sec); printf("Read table_info_proxy.conf, take time %lu(s)\n", end_time.tv_sec - start_time.tv_sec);
clock_gettime(CLOCK_REALTIME, &(start_time)); clock_gettime(CLOCK_REALTIME, &(start_time));
ret = security_policy_init(g_verify_proxy, main_profile); ret = security_policy_init(g_verify_proxy, main_profile);
CHECK_OR_EXIT(ret == 0, "Failed at init security module, Exit."); CHECK_OR_EXIT(ret == 0, "Failed at init security module, Exit.");
clock_gettime(CLOCK_REALTIME, &(end_time)); clock_gettime(CLOCK_REALTIME, &(end_time));
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Read table_info_security.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec); mesa_runtime_log(RLOG_LV_DEBUG, "Read table_info_security.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec);
printf("Read table_info_security.conf, take time %lu(s)\n", end_time.tv_sec - start_time.tv_sec); printf("Read table_info_security.conf, take time %lu(s)\n", end_time.tv_sec - start_time.tv_sec);
g_verify_proxy->breakpad = breakpad_init(main_profile); g_verify_proxy->breakpad = breakpad_init(main_profile);
@@ -986,7 +987,11 @@ int main(int argc, char * argv[])
signal(signals[i], __signal_handler_cb); signal(signals[i], __signal_handler_cb);
} }
ret = pangu_policy_work_thread_run(g_verify_proxy); ret = verify_policy_work_thread_run(g_verify_proxy);
FOREVER{
sleep(1);
}
return ret; return ret;
} }

450
resource/table_info_proxy.conf
View File

@@ -1,56 +1,394 @@
#each collumn seperate with '\t' [
#id (0~65535) {
#name string "table_id":0,
#type one of ip,expr,expr_plus,digest,intval,compile or plugin "table_name":"PXY_CTRL_COMPILE",
#src_charset one of GBK,BIG5,UNICODE,UTF8 "table_type":"compile",
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' "user_region_encoded":"escape",
#do_merege [yes/no] "valid_column":8,
#cross cache [number] "custom": {
#quick mode [quickon/quickoff], default [quickoff] "compile_id":1,
#For ip/intval/digest/compile/group "service_id":2,
#id name type "action":3,
# "do_blacklist":4,
#For plugin table "do_log":5,
#id name type json_descr "tags":6,
# "user_region":7,
#For expr/expr_plus Table "clause_num":9,
#id name type src_charset dst_charset do_merge cross_cache quick_mode "evaluation_order":10
0 PXY_CTRL_COMPILE compile escape -- }
1 GROUP_COMPILE_RELATION group2compile -- },
2 GROUP_GROUP_RELATION group2group -- {
3 TSG_OBJ_IP_ADDR ip_plus --- "table_id":1,
3 TSG_OBJ_IP_LEARNING_ADDR ip_plus UTF8 UTF8 no 0 "table_name":"GROUP_PXY_CTRL_COMPILE_RELATION",
4 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff "table_type":"group2compile",
5 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- "associated_compile_table_id":0,
6 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff "valid_column":3,
7 TSG_OBJ_FQDN_CAT intval UTF8 UTF8 yes 0 "custom": {
8 TSG_FIELD_HTTP_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "group_id":1,
9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff "compile_id":2,
10 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- "not_flag":4,
11 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- "virtual_table_name":5,
12 TSG_OBJ_KEYWORDS expr UTF8 GBK/BIG5/UNICODE/UTF8/unicode_ascii_esc/unicode_ascii_aligned/unicode_ncr_dec/unicode_ncr_hex/windows-1251 yes 128 quickoff "clause_index":6
13 TSG_FIELD_HTTP_REQ_BODY virtual TSG_OBJ_KEYWORDS -- }
14 TSG_FIELD_HTTP_RES_BODY virtual TSG_OBJ_KEYWORDS -- },
15 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon {
16 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 "table_id":2,
17 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- "table_name":"GROUP_GROUP_RELATION",
18 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- "table_type":"group2group",
19 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} "valid_column":3,
20 TSG_IP_ASN_BUILT_IN ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7,"estimate_size":4194304} "custom": {
21 TSG_IP_ASN_USER_DEFINED ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7,"estimate_size":4194304} "group_id":1,
22 TSG_IP_LOCATION_BUILT_IN ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":18,"estimate_size":4194304} "super_group_id":2
23 TSG_IP_LOCATION_USER_DEFINED ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":18,"estimate_size":4194304} }
24 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 },
25 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- {
26 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER -- "table_id":3,
27 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0 "table_name":"TSG_OBJ_IP",
28 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- "db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"],
29 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- "table_type":"ip_plus",
30 TSG_FIELD_DOH_QNAME virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "valid_column":11,
31 TSG_FIELD_DOH_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "custom": {
32 TSG_OBJ_IMSI expr UTF8 UTF8 yes 0 "item_id":1,
33 TSG_OBJ_PHONE_NUMBER expr UTF8 UTF8 yes 0 "group_id":2,
34 TSG_OBJ_APN expr UTF8 UTF8 yes 0 "addr_type":3,
35 TSG_FILED_GTP_IMSI virtual TSG_OBJ_IMSI -- "addr_format":4,
36 TSG_FILED_GTP_PHONE_NUMBER virtual TSG_OBJ_PHONE_NUMBER -- "ip1":5,
37 TSG_FILED_GTP_APN virtual TSG_OBJ_APN -- "ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
}
},
{
"table_id":4,
"table_name":"TSG_OBJ_URL",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":5,
"table_name":"TSG_FIELD_HTTP_URL",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":6,
"table_name":"TSG_OBJ_FQDN",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":7,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":8,
"table_name":"TSG_FIELD_HTTP_HOST",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":9,
"table_name":"TSG_FIELD_HTTP_HOST_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":10,
"table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
"custom": {
"item_id":1,
"group_id":2,
"district":3,
"keywords":4,
"expr_type":5,
"match_method":6,
"is_hexbin":7
}
},
{
"table_id":11,
"table_name":"TSG_FIELD_HTTP_REQ_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":12,
"table_name":"TSG_FIELD_HTTP_RES_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":13,
"table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":14,
"table_name":"TSG_FIELD_HTTP_REQ_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":15,
"table_name":"TSG_FIELD_HTTP_RES_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":16,
"table_name":"TSG_OBJ_SUBSCRIBER_ID",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":17,
"table_name":"TSG_OBJ_APP_ID",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":18,
"table_name":"TSG_SECURITY_SOURCE_ADDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":19,
"table_name":"TSG_SECURITY_DESTINATION_ADDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":20,
"table_name":"TSG_IP_ASN_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":21,
"table_name":"TSG_IP_ASN_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":22,
"table_name":"TSG_IP_LOCATION_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":23,
"table_name":"TSG_IP_LOCATION_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":24,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":25,
"table_name":"TSG_SECURITY_SOURCE_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":26,
"table_name":"TSG_SECURITY_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":27,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":28,
"table_name":"TSG_SECURITY_SOURCE_LOCATION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":29,
"table_name":"TSG_SECURITY_DESTINATION_LOCATION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":30,
"table_name":"TSG_FIELD_DOH_QNAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":31,
"table_name":"TSG_FIELD_DOH_HOST",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":32,
"table_name":"TSG_FIELD_DOH_HOST_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":33,
"table_name":"TSG_OBJ_IMSI",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":34,
"table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":35,
"table_name":"TSG_OBJ_APN",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":36,
"table_name":"TSG_FILED_GTP_IMSI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IMSI"
},
{
"table_id":37,
"table_name":"TSG_FILED_GTP_PHONE_NUMBER",
"table_type":"virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER"
},
{
"table_id":38,
"table_name":"TSG_FILED_GTP_APN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_APN"
}
]

755
resource/table_info_security.conf
View File

@@ -1,77 +1,678 @@
#each collumn seperate with '\t' [
#id (0~65535) {
#name string "table_id":0,
#type one of ip,expr,expr_plus,digest,intval,compile or plugin "table_name":"TSG_SECURITY_COMPILE",
#src_charset one of GBK,BIG5,UNICODE,UTF8 "table_type":"compile",
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' "user_region_encoded":"escape",
#do_merege yes or no "valid_column":8,
#cross cache 0~max "custom": {
#quickswitch quickon or quick off "compile_id":1,
#id name type src_charset dst_charset do_merge cross_cache quickswitch "service_id":2,
0 TSG_SECURITY_COMPILE compile escape -- "action":3,
0 TRAFFIC_SHAPING_COMPILE compile escape -- "do_blacklist":4,
0 SERVICE_CHAINING_COMPILE compile escape -- "do_log":5,
1 GROUP_COMPILE_RELATION group2compile -- "tags":6,
2 GROUP_GROUP_RELATION group2group -- "user_region":7,
3 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0 "clause_num":9,
3 TSG_OBJ_IP_LEARNING_ADDR ip_plus UTF8 UTF8 no 0 "evaluation_order":10
4 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 }
5 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 },
6 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 {
7 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 "table_id":1,
8 TSG_OBJ_FQDN_CAT intval UTF8 UTF8 yes 0 "table_name":"GROUP_SECURITY_COMPILE_RELATION",
9 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 "table_type":"group2compile",
10 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 "associated_compile_table_id":0,
11 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 "valid_column":3,
12 TSG_FIELD_HTTP_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "custom": {
13 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- "group_id":1,
14 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- "compile_id":2,
15 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- "not_flag":4,
16 TSG_FIELD_HTTP_REQ_BODY virtual TSG_OBJ_KEYWORDS -- "virtual_table_name":5,
17 TSG_FIELD_HTTP_RES_BODY virtual TSG_OBJ_KEYWORDS -- "clause_index":6
18 TSG_FIELD_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- }
19 TSG_FIELD_SSL_CN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- },
20 TSG_FIELD_SSL_SAN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- {
21 TSG_FIELD_DNS_QNAME virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "table_id":2,
22 TSG_FIELD_QUIC_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "table_name":"TRAFFIC_SHAPING_COMPILE",
23 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- "table_type":"compile",
24 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- "user_region_encoded":"escape",
25 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- "valid_column":8,
26 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- "custom": {
27 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- "compile_id":1,
28 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- "service_id":2,
29 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- "action":3,
30 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- "do_blacklist":4,
31 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- "do_log":5,
32 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- "tags":6,
33 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- "user_region":7,
34 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- "clause_num":9,
35 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} "evaluation_order":10
36 TSG_IP_ASN_BUILT_IN ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7,"estimate_size":4194304} }
37 TSG_IP_ASN_USER_DEFINED ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7,"estimate_size":4194304} },
38 TSG_IP_LOCATION_BUILT_IN ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":19,"estimate_size":4194304} {
39 TSG_IP_LOCATION_USER_DEFINED ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":19,"estimate_size":4194304} "table_id":3,
40 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 "table_name":"GROUP_SHAPING_COMPILE_RELATION",
41 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- "table_type":"group2compile",
42 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER -- "associated_compile_table_id":2,
43 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0 "valid_column":3,
44 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- "custom": {
45 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- "group_id":1,
46 TSG_FQDN_CATEGORY_BUILT_IN fqdn_plugin {"row_id":1,"is_suffix_match":4,"fqdn":3,"valid":5} -- "compile_id":2,
47 TSG_FQDN_CATEGORY_USER_DEFINED fqdn_plugin {"row_id":1,"is_suffix_match":4,"fqdn":3,"valid":5} -- "not_flag":4,
48 TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION virtual TSG_OBJ_ACCOUNT -- "virtual_table_name":5,
49 TSG_FIELD_SIP_RESPONDER_DESCRIPTION virtual TSG_OBJ_ACCOUNT -- "clause_index":6
50 TSG_OBJ_IMSI expr UTF8 UTF8 yes 0 }
51 TSG_OBJ_PHONE_NUMBER expr UTF8 UTF8 yes 0 },
52 TSG_OBJ_APN expr UTF8 UTF8 yes 0 {
53 TSG_FILED_GTP_IMSI virtual TSG_OBJ_IMSI -- "table_id":4,
54 TSG_FILED_GTP_PHONE_NUMBER virtual TSG_OBJ_PHONE_NUMBER -- "table_name":"SERVICE_CHAINING_COMPILE",
55 TSG_FILED_GTP_APN virtual TSG_OBJ_APN -- "table_type":"compile",
56 TSG_DECYPTION_EXCLUSION_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- "user_region_encoded":"escape",
57 TSG_OBJ_TUNNEL_ID intval UTF8 UTF8 yes 0 "valid_column":8,
58 TSG_TUNNEL_CATALOG bool_plugin {"row_id":1,"bool_expr":4,"valid":5} -- "custom": {
59 TSG_TUNNEL_ENDPOINT ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":6,"estimate_size":4194304} "compile_id":1,
60 TSG_TUNNEL_LABEL plugin {"key":2,"valid":3} -- "service_id":2,
61 TSG_SECURITY_TUNNEL virtual TSG_OBJ_TUNNEL_ID -- "action":3,
62 TSG_OBJ_FLAG flag -- "do_blacklist":4,
63 TSG_SECURITY_FLAG virtual TSG_OBJ_FLAG -- "do_log":5,
"tags":6,
"user_region":7,
"clause_num":9,
"evaluation_order":10
}
},
{
"table_id":5,
"table_name":"GROUP_SERVICE_CHAINING_COMPILE_RELATION",
"table_type":"group2compile",
"associated_compile_table_id":4,
"valid_column":3,
"custom": {
"group_id":1,
"compile_id":2,
"not_flag":4,
"virtual_table_name":5,
"clause_index":6
}
},
{
"table_id":6,
"table_name":"GROUP_GROUP_RELATION",
"table_type":"group2group",
"valid_column":3,
"custom": {
"group_id":1,
"super_group_id":2
}
},
{
"table_id":7,
"table_name":"TSG_OBJ_IP",
"db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"],
"table_type":"ip_plus",
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
"ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
}
},
{
"table_id":8,
"table_name":"TSG_OBJ_SUBSCRIBER_ID",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":9,
"table_name":"TSG_OBJ_ACCOUNT",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":10,
"table_name":"TSG_OBJ_URL",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":11,
"table_name":"TSG_OBJ_FQDN",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":12,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":13,
"table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":14,
"table_name":"TSG_OBJ_APP_ID",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":15,
"table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
"custom": {
"item_id":1,
"group_id":2,
"district":3,
"keywords":4,
"expr_type":5,
"match_method":6,
"is_hexbin":7
}
},
{
"table_id":16,
"table_name":"TSG_FIELD_HTTP_HOST",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":17,
"table_name":"TSG_FIELD_HTTP_HOST_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":18,
"table_name":"TSG_FIELD_HTTP_URL",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":19,
"table_name":"TSG_FIELD_HTTP_REQ_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":20,
"table_name":"TSG_FIELD_HTTP_RES_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":21,
"table_name":"TSG_FIELD_HTTP_REQ_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":22,
"table_name":"TSG_FIELD_HTTP_RES_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":23,
"table_name":"TSG_FIELD_SSL_SNI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":24,
"table_name":"TSG_FIELD_SSL_SNI_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":25,
"table_name":"TSG_FIELD_SSL_CN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":26,
"table_name":"TSG_FIELD_SSL_CN_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":27,
"table_name":"TSG_FIELD_SSL_SAN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":28,
"table_name":"TSG_FIELD_SSL_SAN_CAT",
"table_type":"virtual",
"physical_table":"TSG_OBJ_FQDN_CAT"
},
{
"table_id":29,
"table_name":"TSG_FIELD_DNS_QNAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":30,
"table_name":"TSG_FIELD_QUIC_SNI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":31,
"table_name":"TSG_FIELD_QUIC_SNI_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":32,
"table_name":"TSG_FIELD_MAIL_ACCOUNT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":33,
"table_name":"TSG_FIELD_MAIL_FROM",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":34,
"table_name":"TSG_FIELD_MAIL_TO",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":35,
"table_name":"TSG_FIELD_MAIL_SUBJECT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":36,
"table_name":"TSG_FIELD_MAIL_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":37,
"table_name":"TSG_FIELD_MAIL_ATT_NAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":38,
"table_name":"TSG_FIELD_MAIL_ATT_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":39,
"table_name":"TSG_FIELD_FTP_URI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":40,
"table_name":"TSG_FIELD_FTP_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":41,
"table_name":"TSG_FIELD_FTP_ACCOUNT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":42,
"table_name":"TSG_SECURITY_SOURCE_ADDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":43,
"table_name":"TSG_SECURITY_DESTINATION_ADDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":44,
"table_name":"TSG_IP_ASN_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":45,
"table_name":"TSG_IP_ASN_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":46,
"table_name":"TSG_IP_LOCATION_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":47,
"table_name":"TSG_IP_LOCATION_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":48,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":49,
"table_name":"TSG_SECURITY_SOURCE_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":50,
"table_name":"TSG_SECURITY_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":51,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":52,
"table_name":"TSG_SECURITY_SOURCE_LOCATION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":53,
"table_name":"TSG_SECURITY_DESTINATION_LOCATION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":54,
"table_name":"TSG_FQDN_CATEGORY_BUILT_IN",
"table_type":"fqdn_plugin",
"valid_column":5,
"custom": {
"item_id":1,
"suffix_match_method":4,
"fqdn":3
}
},
{
"table_id":55,
"table_name":"TSG_FQDN_CATEGORY_USER_DEFINED",
"table_type":"fqdn_plugin",
"valid_column":5,
"custom": {
"item_id":1,
"suffix_match_method":4,
"fqdn":3
}
},
{
"table_id":56,
"table_name":"TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":57,
"table_name":"TSG_FIELD_SIP_RESPONDER_DESCRIPTION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":58,
"table_name":"TSG_OBJ_IMSI",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":59,
"table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":60,
"table_name":"TSG_OBJ_APN",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":61,
"table_name":"TSG_FILED_GTP_IMSI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IMSI"
},
{
"table_id":62,
"table_name":"TSG_FILED_GTP_PHONE_NUMBER",
"table_type":"virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER"
},
{
"table_id":63,
"table_name":"TSG_FILED_GTP_APN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_APN"
},
{
"table_id":64,
"table_name":"TSG_DECYPTION_EXCLUSION_SSL_SNI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":65,
"table_name":"TSG_OBJ_TUNNEL_ID",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":66,
"table_name":"TSG_TUNNEL_CATALOG",
"table_type":"bool_plugin",
"valid_column":5,
"custom": {
"item_id":1,
"bool_expr":4
}
},
{
"table_id":67,
"table_name":"TSG_TUNNEL_ENDPOINT",
"table_type":"ip_plugin",
"valid_column":6,
"custom": {
"item_id":1,
"ip_type":2,
"start_ip":3,
"end_ip":4,
"addr_format":7
}
},
{
"table_id":68,
"table_name":"TSG_TUNNEL_LABEL",
"table_type":"plugin",
"valid_column":4,
"custom": {
"key":1,
"key_type":"pointer",
"tag":3
}
},
{
"table_id":69,
"table_name":"TSG_SECURITY_TUNNEL",
"table_type":"virtual",
"physical_table": "TSG_OBJ_TUNNEL_ID"
},
{
"table_id":70,
"table_name":"TSG_OBJ_FLAG",
"table_type":"flag",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"flag":3,
"flag_mask":4
}
},
{
"table_id":71,
"table_name":"TSG_SECURITY_FLAG",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FLAG"
}
]

6
scan/CMakeLists.txt
View File

@@ -1,6 +0,0 @@
add_library(policy_scan src/policy_scan.cpp)
target_include_directories(policy_scan PUBLIC ${CMAKE_CURRENT_LIST_DIR}/incluce)
target_link_libraries(policy_scan PUBLIC common pthread cjson maatframe)

13
scan/include/policy_scan.h
View File

@@ -1,13 +0,0 @@
/*************************************************************************
> File Name: policy_scan.h
> Author:
> Mail:
> Created Time: 2019年08月26日 星期一 19时30分49秒
************************************************************************/
#ifndef _PANGGU_HTTP_H
#define _PANGGU_HTTP_H
extern int proxy_policy_init(struct verify_policy * verify, const char* profile_path);
#endif

2
vendor/CMakeLists.txt vendored
View File

@@ -112,7 +112,7 @@ set_property(TARGET MESA_prof_load PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_L
set_property(TARGET MESA_prof_load PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) set_property(TARGET MESA_prof_load PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
add_library(maatframe SHARED IMPORTED GLOBAL) add_library(maatframe SHARED IMPORTED GLOBAL)
set_property(TARGET maatframe PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaatframe.so) set_property(TARGET maatframe PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaat4.so)
set_property(TARGET maatframe PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) set_property(TARGET maatframe PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
### pcre2 ### pcre2