gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-21927 策略验证支持Library扫描

Browse Source
This commit is contained in:
fengweihao
2024-07-25 15:29:45 +08:00
parent 5b25651ff6
commit 60cd4283db
7 changed files with 837 additions and 1447 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
common/include/verify_policy.h
View File

@@ -49,9 +49,7 @@ enum tsg_obj_table
TSG_OBJ_HTTP_RES_HDR, TSG_OBJ_HTTP_RES_HDR,
TSG_OBJ_HTTP_RES_BODY, TSG_OBJ_HTTP_RES_BODY,
TSG_OBJ_SSL_CN, TSG_OBJ_SSL_CN,
TSG_OBJ_SSL_CN_CAT,
TSG_OBJ_SSL_SAN, TSG_OBJ_SSL_SAN,
TSG_OBJ_SSL_SAN_CAT,
TSG_OBJ_DOH_QNAME, TSG_OBJ_DOH_QNAME,
TSG_OBJ_DNS_QNAME, TSG_OBJ_DNS_QNAME,
TSG_OBJ_MAIL_ACCOUNT, TSG_OBJ_MAIL_ACCOUNT,
@@ -72,18 +70,7 @@ enum tsg_obj_table
TSG_OBJ_TUNNEL, TSG_OBJ_TUNNEL,
TSG_OBJ_FLAG, TSG_OBJ_FLAG,
TSG_OBJ_GTP_IMEI, TSG_OBJ_GTP_IMEI,
TSG_OBJ_IP_SRC_ASN,
TSG_OBJ_IP_DST_ASN,
TSG_OBJ_IP_SRC_GEO_COUNTRY,
TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_DST_GEO_COUNTRY,
TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA,
TSG_OBJ_DST_SERVER_FQDN, TSG_OBJ_DST_SERVER_FQDN,
TSG_OBJ_DST_SERVER_FQDN_CAT,
TSG_OBJ_INTERNAL_ADDR, TSG_OBJ_INTERNAL_ADDR,
TSG_OBJ_EXTERNAL_ADDR, TSG_OBJ_EXTERNAL_ADDR,
TSG_OBJ_SOURCE_PORT, TSG_OBJ_SOURCE_PORT,
@@ -95,8 +82,6 @@ enum tsg_obj_table
TSG_OBJ_SSL_ESNI, TSG_OBJ_SSL_ESNI,
TSG_OBJ_SSL_NO_SNI, TSG_OBJ_SSL_NO_SNI,
TSG_OBJ_TUNNEL_LEVEL, TSG_OBJ_TUNNEL_LEVEL,
TSG_OBJ_INTERNAL_ASN,
TSG_OBJ_EXTERNAL_ASN,
TSG_OBJ_TUNNEL_GTP_ENDPOINT, TSG_OBJ_TUNNEL_GTP_ENDPOINT,
TSG_OBJ_TUNNEL_GRE_ENDPOINT, TSG_OBJ_TUNNEL_GRE_ENDPOINT,
TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT, TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT,
@@ -125,10 +110,11 @@ struct verify_policy
struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX]; struct verify_policy_thread *work_threads[VERIFY_ARRAY_MAX];
}; };
struct fqdn_category_id struct fqdn_category_entry
{ {
int fqdn_cat_num; int fqdn_entry_num;
long long int group_id[8]; long long entry_id[MAX_TAG_ID_NUM];
long long tag_id[MAX_TAG_ID_NUM];
}; };
#define MERGE_SCAN_NTH 128 #define MERGE_SCAN_NTH 128
@@ -147,8 +133,7 @@ struct request_query_obj
int exclude_nth_scan[MERGE_SCAN_NTH]; int exclude_nth_scan[MERGE_SCAN_NTH];
int merge_nth_scan[MERGE_SCAN_NTH]; int merge_nth_scan[MERGE_SCAN_NTH];
cJSON* attributes; cJSON* attributes;
struct fqdn_category_id fqdn_user; struct fqdn_category_entry fqdn_entry;
struct fqdn_category_id fqdn_builtin;
}; };
struct verify_policy_query struct verify_policy_query

1
common/include/verify_policy_utils.h
View File

@@ -8,6 +8,7 @@
#define VERIFY_PATH_MAX 258 #define VERIFY_PATH_MAX 258
#define VERIFY_STRING_MAX 2048 #define VERIFY_STRING_MAX 2048
#define VERIFY_ARRAY_MAX 512 #define VERIFY_ARRAY_MAX 512
#define MAX_TAG_ID_NUM 128
/** Alway treated the expr as true */ /** Alway treated the expr as true */
#ifndef likely #ifndef likely

1163
platform/src/verify_matcher.cpp
View File

File diff suppressed because it is too large Load Diff

268
platform/src/verify_policy.cpp
View File

@@ -15,6 +15,7 @@
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h> #include <fcntl.h>
#include <signal.h>
#include <event2/listener.h> #include <event2/listener.h>
#include <event2/http.h> #include <event2/http.h>
@@ -105,9 +106,7 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p)
table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR"; table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR";
table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY"; table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY";
table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN"; table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN";
table_name[TSG_OBJ_SSL_CN_CAT] = "ATTR_SSL_CN_CAT";
table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN"; table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN";
table_name[TSG_OBJ_SSL_SAN_CAT] = "ATTR_SSL_SAN_CAT";
table_name[TSG_OBJ_DOH_QNAME]="ATTR_DOH_QNAME"; table_name[TSG_OBJ_DOH_QNAME]="ATTR_DOH_QNAME";
table_name[TSG_OBJ_DNS_QNAME] = "ATTR_DNS_QNAME"; table_name[TSG_OBJ_DNS_QNAME] = "ATTR_DNS_QNAME";
table_name[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT"; table_name[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT";
@@ -128,18 +127,7 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p)
table_name[TSG_OBJ_TUNNEL]="ATTR_TUNNEL", table_name[TSG_OBJ_TUNNEL]="ATTR_TUNNEL",
table_name[TSG_OBJ_FLAG]="ATTR_FLAG"; table_name[TSG_OBJ_FLAG]="ATTR_FLAG";
table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI"; table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI";
table_name[TSG_OBJ_IP_SRC_ASN]="ATTR_SOURCE_ASN";
table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN";
table_name[TSG_OBJ_IP_SRC_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY";
table_name[TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY";
table_name[TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN"; table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN";
table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_SERVER_FQDN_CAT";
table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP"; table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP";
table_name[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP"; table_name[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP";
table_name[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT"; table_name[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT";
@@ -151,12 +139,10 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p)
table_name[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI"; table_name[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI";
table_name[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI"; table_name[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI";
table_name[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL"; table_name[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL";
table_name[TSG_OBJ_INTERNAL_ASN]="ATTR_INTERNAL_ASN";
table_name[TSG_OBJ_EXTERNAL_ASN]="ATTR_EXTERNAL_ASN";
table_name[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT"; table_name[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT";
table_name[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT"; table_name[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT";
table_name[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT"; table_name[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT";
size_t i = 0; size_t i = 0;
for (i = 0; i < __TSG_OBJ_MAX; i++) for (i = 0; i < __TSG_OBJ_MAX; i++)
{ {
@@ -234,7 +220,7 @@ struct ipaddr *tunnel_to_stream_addr(const char *Ip, int addr_type)
inet_pton(AF_INET6,Ip,&(v6_addr->saddr)); inet_pton(AF_INET6,Ip,&(v6_addr->saddr));
ip_addr->v6=v6_addr; ip_addr->v6=v6_addr;
} }
log_debug(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type); log_debug(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] attribute_name = ip, clientIp1=%s, addr_type = %d", Ip, addr_type);
return ip_addr; return ip_addr;
} }
@@ -266,7 +252,7 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri
if(attributeName==NULL) if(attributeName==NULL)
{ {
log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "The attributeType is of type iP, but the attributeName is empty, resulting in IP type parsing failure."); log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "The attribute_type is of type iP, but the attribute_name is empty, resulting in IP type parsing failure.");
return NULL; return NULL;
} }
@@ -276,7 +262,7 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri
if(item && item->type==cJSON_String) Port =atoi(item->valuestring); if(item && item->type==cJSON_String) Port =atoi(item->valuestring);
item = cJSON_GetObjectItem(attributeValue,"protocol"); item = cJSON_GetObjectItem(attributeValue,"protocol");
if(item && item->type==cJSON_Number) *protocol = item->valueint; if(item && item->type==cJSON_Number) *protocol = item->valueint;
item=cJSON_GetObjectItem(attributeValue,"addrType"); item=cJSON_GetObjectItem(attributeValue,"addr_type");
if(item && item->type==cJSON_Number) addr_type = item->valueint; if(item && item->type==cJSON_Number) addr_type = item->valueint;
if(strcasecmp(attributeName, "ip_protocol") == 0) if(strcasecmp(attributeName, "ip_protocol") == 0)
@@ -305,7 +291,7 @@ static char* get_port_from_json(cJSON *attributeValue, int *protocol, char *buff
char *string=NULL; char *string=NULL;
item = cJSON_GetObjectItem(attributeValue,"port"); item = cJSON_GetObjectItem(attributeValue,"port");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
string = item->valuestring; string = item->valuestring;
} }
@@ -321,7 +307,7 @@ static char* get_port_from_json(cJSON *attributeValue, int *protocol, char *buff
static inline int match_attributeType_in_numeric(const char *attribute_type, int table_id) static inline int match_attributeType_in_numeric(const char *attribute_type, int table_id)
{ {
if(0 == strcasecmp(attribute_type, "numeric") || 0 == strcasecmp(attribute_type, "flag") || if(0 == strcasecmp(attribute_type, "numeric") || 0 == strcasecmp(attribute_type, "flag") ||
0 == strcasecmp(attribute_type, "boolean") || table_id == TSG_OBJ_IP_PROTOCOL) 0 == strcasecmp(attribute_type, "boolean") || table_id == TSG_OBJ_IP_PROTOCOL)
{ {
return 1; return 1;
@@ -340,22 +326,22 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
cJSON* item = NULL, *attributeValue=NULL, *tunnelType_item=NULL; cJSON* item = NULL, *attributeValue=NULL, *tunnelType_item=NULL;
p = buff; p = buff;
item = cJSON_GetObjectItem(subchild, "attributeType"); item = cJSON_GetObjectItem(subchild, "attribute_type");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
attribute_type = item->valuestring; attribute_type = item->valuestring;
p += snprintf(p, sizeof(buff) - (p - buff), "attributeType = %s", attribute_type); p += snprintf(p, sizeof(buff) - (p - buff), "attribute_type = %s", attribute_type);
} }
item = cJSON_GetObjectItem(subchild, "attributeName"); item = cJSON_GetObjectItem(subchild, "attribute_name");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
policy_query->request_object[curr_id].attri_name = item->valuestring; policy_query->request_object[curr_id].attri_name = item->valuestring;
p += snprintf(p, sizeof(buff) - (p - buff), ", attributeName = %s",policy_query->request_object[curr_id].attri_name); p += snprintf(p, sizeof(buff) - (p - buff), ", attribute_name = %s",policy_query->request_object[curr_id].attri_name);
} }
policy_query->request_object[curr_id].attributes=cJSON_Duplicate(subchild, 1); policy_query->request_object[curr_id].attributes=cJSON_Duplicate(subchild, 1);
item = cJSON_GetObjectItem(subchild, "tableName"); item = cJSON_GetObjectItem(subchild, "table_name");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
policy_query->request_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p); policy_query->request_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p);
@@ -366,17 +352,17 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
} }
} }
attributeValue = cJSON_GetObjectItem(subchild, "attributeValue"); attributeValue = cJSON_GetObjectItem(subchild, "atrribute_value");
if(attributeValue == NULL || attributeValue->type!=cJSON_Object) if(attributeValue == NULL || attributeValue->type!=cJSON_Object)
{ {
goto finish; goto finish;
} }
tunnelType_item = cJSON_GetObjectItem(attributeValue,"tunnelType"); tunnelType_item = cJSON_GetObjectItem(attributeValue,"tunnel_type");
if(tunnelType_item && tunnelType_item->type==cJSON_String) if(tunnelType_item && tunnelType_item->type==cJSON_String)
{ {
policy_query->request_object[curr_id].tunnel_type=tunnelType_item->valuestring; policy_query->request_object[curr_id].tunnel_type=tunnelType_item->valuestring;
p += snprintf(p, sizeof(buff) - (p - buff), ", tunnelType=%s",policy_query->request_object[curr_id].tunnel_type); p += snprintf(p, sizeof(buff) - (p - buff), ", tunnel_type=%s",policy_query->request_object[curr_id].tunnel_type);
} }
if(0 == strcasecmp(attribute_type, "ip")) if(0 == strcasecmp(attribute_type, "ip"))
@@ -386,7 +372,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
} }
if(0 == strcasecmp(attribute_type, "port")) if(0 == strcasecmp(attribute_type, "port"))
{ {
policy_query->request_object[curr_id].string = get_port_from_json(attributeValue, &(policy_query->request_object[curr_id].numeric), buff); policy_query->request_object[curr_id].string = get_port_from_json(attributeValue, &(policy_query->request_object[curr_id].numeric), buff);
goto end; goto end;
} }
@@ -428,7 +414,7 @@ enum verify_type get_verify_type(cJSON* http_respone)
cJSON *item = NULL; cJSON *item = NULL;
enum verify_type type = VERIFY_TYPE_POLICY; enum verify_type type = VERIFY_TYPE_POLICY;
item = cJSON_GetObjectItem(http_respone,"verifyType"); item = cJSON_GetObjectItem(http_respone,"verify_type");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
if(0 == strcasecmp(item->valuestring, "policy")) if(0 == strcasecmp(item->valuestring, "policy"))
@@ -440,7 +426,7 @@ enum verify_type get_verify_type(cJSON* http_respone)
{ {
type = VERIFY_TYPE_REGEX; type = VERIFY_TYPE_REGEX;
} }
log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] verifyType= %s", item->valuestring); log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] verify_type= %s", item->valuestring);
} }
return type; return type;
} }
@@ -451,7 +437,7 @@ static int get_query_result_regex(cJSON *verifylist_array_item, cJSON *http_body
cJSON *regexstr_obj[32],*attributes=NULL; cJSON *regexstr_obj[32],*attributes=NULL;
cJSON *item = NULL, *subchild = NULL; cJSON *item = NULL, *subchild = NULL;
attributes = cJSON_GetObjectItem(verifylist_array_item, "verifyRegex"); attributes = cJSON_GetObjectItem(verifylist_array_item, "verify_regex");
if(attributes==NULL || attributes->type != cJSON_Array) if(attributes==NULL || attributes->type != cJSON_Array)
{ {
return -1; return -1;
@@ -459,7 +445,7 @@ static int get_query_result_regex(cJSON *verifylist_array_item, cJSON *http_body
for (subchild = attributes->child; subchild != NULL; subchild = subchild->next) for (subchild = attributes->child; subchild != NULL; subchild = subchild->next)
{ {
item = cJSON_GetObjectItem(subchild, "regexStr"); item = cJSON_GetObjectItem(subchild, "regex_str");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
is_valid[cur_id] = policy_verify_regex_expression(item->valuestring); is_valid[cur_id] = policy_verify_regex_expression(item->valuestring);
@@ -471,12 +457,12 @@ static int get_query_result_regex(cJSON *verifylist_array_item, cJSON *http_body
cJSON *verify_regex_obj=NULL; cJSON *verify_regex_obj=NULL;
cJSON *verifyRegex=cJSON_CreateArray(); cJSON *verifyRegex=cJSON_CreateArray();
cJSON_AddItemToObject(http_body, "verifyRegex", verifyRegex); cJSON_AddItemToObject(http_body, "verify_regex", verifyRegex);
for (i = 0; i < cur_id; i++) for (i = 0; i < cur_id; i++)
{ {
verify_regex_obj=cJSON_CreateObject(); verify_regex_obj=cJSON_CreateObject();
cJSON_AddItemToObject(verify_regex_obj, "regexStr", regexstr_obj[i]); cJSON_AddItemToObject(verify_regex_obj, "regex_str", regexstr_obj[i]);
cJSON_AddNumberToObject(verify_regex_obj, "isValid", is_valid[i]); cJSON_AddNumberToObject(verify_regex_obj, "is_valid", is_valid[i]);
cJSON_AddItemToArray(verifyRegex, verify_regex_obj); cJSON_AddItemToArray(verifyRegex, verify_regex_obj);
} }
return 1; return 1;
@@ -486,7 +472,7 @@ static void get_count_form_attributeName(void *ctx, cJSON *subchild)
{ {
cJSON *item = NULL; cJSON *item = NULL;
item = cJSON_GetObjectItem(subchild, "attributeName"); item = cJSON_GetObjectItem(subchild, "attribute_name");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
if(0 == strcasecmp(item->valuestring, "tunnel_endpointa")) if(0 == strcasecmp(item->valuestring, "tunnel_endpointa"))
@@ -503,7 +489,7 @@ static void get_count_form_attributeName(void *ctx, cJSON *subchild)
int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int thread_id) int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int thread_id)
{ {
int i = 0; int attribute_num = 0;
int hit_cnt = 0, xret =0; int hit_cnt = 0, xret =0;
cJSON *item = NULL, *subchild = NULL, *attributes=NULL; cJSON *item = NULL, *subchild = NULL, *attributes=NULL;
struct verify_policy_query *verify_policy = NULL; struct verify_policy_query *verify_policy = NULL;
@@ -520,14 +506,14 @@ int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int
} }
} }
item = cJSON_GetObjectItem(verifylist_array_item, "vsysId"); item = cJSON_GetObjectItem(verifylist_array_item, "vsys_id");
if(item && item->type==cJSON_Number) if(item && item->type==cJSON_Number)
{ {
verify_policy->vsys_id = item->valueint; verify_policy->vsys_id = item->valueint;
} }
log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] vsysId= %d", verify_policy->vsys_id); log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] vsys_id= %d", verify_policy->vsys_id);
item = cJSON_GetObjectItem(verifylist_array_item,"verifySession"); item = cJSON_GetObjectItem(verifylist_array_item,"verify_session");
if(item == NULL || item->type!=cJSON_Object) if(item == NULL || item->type!=cJSON_Object)
{ {
goto free; goto free;
@@ -545,33 +531,33 @@ int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int
for (subchild = attributes->child; subchild != NULL; subchild = subchild->next) for (subchild = attributes->child; subchild != NULL; subchild = subchild->next)
{ {
xret = get_attribute_from_json(i, subchild, verify_policy); xret = get_attribute_from_json(attribute_num, subchild, verify_policy);
if (xret < 0) if (xret < 0)
{ {
goto free; goto free;
} }
hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->compile_table_id, &verify_policy->request_object[i], ctx); hit_cnt = policy_verify_scan(verify_policy->vsys_id, verify_policy->compile_table_id, &verify_policy->request_object[attribute_num], ctx);
if(match_ip_attribute_name(verify_policy->request_object[i].attri_name) >= 0) if(match_ip_attribute_name(verify_policy->request_object[attribute_num].attri_name) >= 0)
{ {
ipaddr_free(verify_policy->request_object[i].ip_addr); ipaddr_free(verify_policy->request_object[attribute_num].ip_addr);
} }
i++; attribute_num++;
} }
http_hit_policy_list(verify_policy, i, hit_cnt, http_body, ctx); http_hit_policy_list(verify_policy, attribute_num, hit_cnt, http_body, ctx);
int item = 0; int item = 0;
cJSON *verfifySession = cJSON_CreateObject(); cJSON *verfifySession = cJSON_CreateObject();
cJSON_AddItemToObject(http_body, "verifySession", verfifySession); cJSON_AddItemToObject(http_body, "verify_session", verfifySession);
cJSON *attributes=cJSON_CreateArray(); cJSON *attributes=cJSON_CreateArray();
cJSON_AddItemToObject(verfifySession, "attributes", attributes); cJSON_AddItemToObject(verfifySession, "attributes", attributes);
for (item = 0; item < i; item++) for (item = 0; item < attribute_num; item++)
{ {
http_get_scan_status(&verify_policy->request_object[item], verify_policy->compile_table_id, attributes, http_body, ctx); http_get_scan_status(&verify_policy->request_object[item], verify_policy->compile_table_id, attributes, http_body, ctx);
} }
policy_scan_ctx_free(ctx); policy_scan_ctx_free(ctx);
} }
i=0; attribute_num=0;
free: free:
if (verify_policy) if (verify_policy)
{ {
@@ -603,7 +589,7 @@ cJSON *get_verify_policy_query(const char *data, ssize_t data_len, int thread_id
int type=get_verify_type(http_request); int type=get_verify_type(http_request);
cJSON *item = NULL, *subitem = NULL; cJSON *item = NULL, *subitem = NULL;
item = cJSON_GetObjectItem(http_request,"verifyList"); item = cJSON_GetObjectItem(http_request,"verify_list");
if(item && item->type==cJSON_Array) if(item && item->type==cJSON_Array)
{ {
for (subitem = item->child; subitem != NULL; subitem = subitem->next) for (subitem = item->child; subitem != NULL; subitem = subitem->next)
@@ -646,9 +632,9 @@ int http_get_headers(struct evhttp_request *evh_req, struct evkeyvalq *headers)
int http_get_int_param(struct evhttp_request *evh_req, const char *key) int http_get_int_param(struct evhttp_request *evh_req, const char *key)
{ {
int xret=-1; int xret=-1, vsys_id=-1;
struct evkeyvalq headers; struct evkeyvalq headers;
xret = http_get_headers(evh_req, &headers); xret = http_get_headers(evh_req, &headers);
if(xret != 0) if(xret != 0)
{ {
@@ -657,10 +643,10 @@ int http_get_int_param(struct evhttp_request *evh_req, const char *key)
const char *value = evhttp_find_header(&headers, key); const char *value = evhttp_find_header(&headers, key);
if (value) if (value)
{ {
xret = atoi(value); vsys_id = atoi(value);
} }
evhttp_clear_headers(&headers); evhttp_clear_headers(&headers);
return xret; return vsys_id;
} }
char *http_get_string_param(struct evhttp_request *evh_req, const char *key) char *http_get_string_param(struct evhttp_request *evh_req, const char *key)
@@ -692,8 +678,8 @@ int get_ip_type(const char *ip)
if (inet_pton(AF_INET, ip, &(sa.sin_addr)) > 0) if (inet_pton(AF_INET, ip, &(sa.sin_addr)) > 0)
{ {
addr_type = 4; addr_type = 4;
} }
else if (inet_pton(AF_INET6, ip, &(sa6.sin6_addr)) > 0) else if (inet_pton(AF_INET6, ip, &(sa6.sin6_addr)) > 0)
{ {
addr_type = 6; addr_type = 6;
} }
@@ -716,6 +702,7 @@ cJSON *get_library_search_query(struct evhttp_request *evh_req)
int vsys_id = http_get_int_param(evh_req, "vsys_id"); int vsys_id = http_get_int_param(evh_req, "vsys_id");
if(vsys_id < 0) if(vsys_id < 0)
{ {
log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "invalid vsys_id");
return NULL; return NULL;
} }
@@ -776,7 +763,7 @@ void verify_policy_request_cb(struct evhttp_request *evh_req, void *arg)
struct evbuffer * evbuf_body = NULL; struct evbuffer * evbuf_body = NULL;
char *input = NULL; ssize_t inputlen=0; char *input = NULL; ssize_t inputlen=0;
struct verify_policy_thread *thread_ctx = (struct verify_policy_thread *)arg; struct verify_policy_thread *thread = (struct verify_policy_thread *)arg;
if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST) if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST)
{ {
@@ -792,7 +779,7 @@ void verify_policy_request_cb(struct evhttp_request *evh_req, void *arg)
goto error; goto error;
} }
http_payload = get_verify_policy_query(input, inputlen, thread_ctx->id); http_payload = get_verify_policy_query(input, inputlen, thread->id);
if(http_payload == NULL) if(http_payload == NULL)
{ {
goto error; goto error;
@@ -847,163 +834,92 @@ finish:
void * verify_policy_thread_func(void * arg) void * verify_policy_thread_func(void * arg)
{ {
struct evhttp_bound_socket *bound = NULL; struct evhttp_bound_socket *bound = NULL;
struct verify_policy_thread *thread_ctx = (struct verify_policy_thread *)arg; struct verify_policy_thread *thread = (struct verify_policy_thread *)arg;
thread_ctx->base = event_base_new(); thread->http = evhttp_new(thread->base);
if (! thread_ctx->base) if (!thread->http)
{ {
log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Can'thread_ctx allocate event base"); log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "couldn'thread create evhttp. Exiting.");
goto finish;
}
thread_ctx->http = evhttp_new(thread_ctx->base);
if (!thread_ctx->http)
{
log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "couldn'thread_ctx create evhttp. Exiting.");
goto error; goto error;
} }
evhttp_set_cb(thread_ctx->http, "/v1/policy/trouble_shooting/policy_verification", verify_policy_request_cb, thread_ctx); evhttp_set_cb(thread->http, "/v1/policy/trouble_shooting/policy_verification", verify_policy_request_cb, thread);
evhttp_set_cb(thread_ctx->http, "/v1/policy/trouble_shooting/library_search", library_search_request_cb, thread_ctx); evhttp_set_cb(thread->http, "/v1/policy/trouble_shooting/library_search", library_search_request_cb, thread);
bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd); bound = evhttp_accept_socket_with_handle(thread->http, thread->accept_fd);
if (bound == NULL) if (bound == NULL)
{ {
goto error; goto error;
} }
log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Work thread %u is run...", thread_ctx->id); log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Work thread %u is run...", thread->id);
event_base_dispatch(thread_ctx->base); event_base_dispatch(thread->base);
error: error:
event_base_free(thread_ctx->base); event_base_free(thread->base);
finish:
return NULL; return NULL;
} }
static int int create_and_listen_socket(const struct sockaddr *sa, int socklen, int backlog)
evutil_fast_socket_nonblocking(evutil_socket_t fd)
{ {
#ifdef _WIN32 int fd;
return evutil_make_socket_nonblocking(fd); int on = 1;
#else int family = sa ? sa->sa_family : AF_UNSPEC;
if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) { int socktype = SOCK_STREAM | EVUTIL_SOCK_NONBLOCK;
return -1;
}
return 0;
#endif
}
static int fd = socket(family, socktype, 0);
evutil_fast_socket_closeonexec(evutil_socket_t fd) if (fd == -1)
{ {
#if !defined(_WIN32) && defined(EVENT__HAVE_SETFD) return fd;
if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
return -1;
}
#endif
return 0;
}
evutil_socket_t
evutil_socket_(int domain, int type, int protocol)
{
evutil_socket_t r;
#if defined(SOCK_NONBLOCK) && defined(SOCK_CLOEXEC)
r = socket(domain, type, protocol);
if (r >= 0)
return r;
else if ((type & (SOCK_NONBLOCK|SOCK_CLOEXEC)) == 0)
return -1;
#endif
#define SOCKET_TYPE_MASK (~(EVUTIL_SOCK_NONBLOCK|EVUTIL_SOCK_CLOEXEC))
r = socket(domain, type & SOCKET_TYPE_MASK, protocol);
if (r < 0)
return -1;
if (type & EVUTIL_SOCK_NONBLOCK) {
if (evutil_fast_socket_nonblocking(r) < 0) {
evutil_closesocket(r);
return -1;
}
}
if (type & EVUTIL_SOCK_CLOEXEC) {
if (evutil_fast_socket_closeonexec(r) < 0) {
evutil_closesocket(r);
return -1;
}
}
return r;
}
static evutil_socket_t
evhttp_listen_socket_byuser(const struct sockaddr *sa, int socklen,
unsigned flags, int backlog)
{
evutil_socket_t fd;
int on = 1;
int family = sa ? sa->sa_family : AF_UNSPEC;
int socktype = SOCK_STREAM | EVUTIL_SOCK_NONBLOCK;
if (flags & LEV_OPT_CLOSE_ON_EXEC)
socktype |= EVUTIL_SOCK_CLOEXEC;
fd = evutil_socket_(family, socktype, 0);
if (fd == -1)
return fd;
if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void*)&on, sizeof(on))<0)
goto err;
if (flags & LEV_OPT_REUSEABLE) {
if (evutil_make_listen_socket_reuseable(fd) < 0)
goto err;
}
if (flags & LEV_OPT_REUSEABLE_PORT) {
if (evutil_make_listen_socket_reuseable_port(fd) < 0){
goto err;
}
}
if (sa) {
if (bind(fd, sa, socklen)<0)
goto err;
}
if (listen(fd, backlog) == -1) {
goto err;
} }
return fd;
err: if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0 ||
evutil_closesocket(fd); setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) != 0)
return fd; {
evutil_closesocket(fd);
return -1;
}
if (bind(fd, sa, socklen) < 0)
{
evutil_closesocket(fd);
return -1;
}
listen(fd, backlog);
return fd;
} }
int verify_policy_work_thread_run(struct verify_policy * verify) int verify_policy_work_thread_run(struct verify_policy * verify)
{ {
int xret = 0; int xret = 0;
unsigned int tid = 0; struct verify_policy_thread *thread = NULL;
struct verify_policy_thread *thread_ctx = NULL;
struct sockaddr_in sin; struct sockaddr_in sin;
memset(&sin, 0, sizeof(struct sockaddr_in)); memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET; sin.sin_family = AF_INET;
sin.sin_port = htons(verify->listen_port); sin.sin_port = htons(verify->listen_port);
evutil_socket_t accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in),LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1); evutil_socket_t accept_fd = create_and_listen_socket((struct sockaddr*)&sin, sizeof(struct sockaddr_in), -1);
if (accept_fd < 0) if (accept_fd < 0)
{ {
log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Could not create a listen!"); log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Could not create a listen!");
goto finish; goto finish;
} }
for (tid = 0; tid < verify->nr_work_threads; tid++) for (unsigned tid = 0; tid < verify->nr_work_threads; tid++)
{ {
verify->work_threads[tid] = ALLOC(struct verify_policy_thread, 1); verify->work_threads[tid] = ALLOC(struct verify_policy_thread, 1);
thread_ctx = verify->work_threads[tid]; thread = verify->work_threads[tid];
thread_ctx->id = tid; thread->id = tid;
thread_ctx->accept_fd =accept_fd; thread->accept_fd = accept_fd;
thread_ctx->routine = verify_policy_thread_func; thread->base = event_base_new();
thread->routine = verify_policy_thread_func;
if (pthread_create(&thread_ctx->pid, thread_ctx->attr, thread_ctx->routine, thread_ctx)) if (pthread_create(&thread->pid, thread->attr, thread->routine, thread))
{ {
log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno)); log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno));
goto finish; goto finish;
} }
if (pthread_detach(thread_ctx->pid)) if (pthread_detach(thread->pid))
{ {
log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno)); log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno));
goto finish; goto finish;

339
resource/table_info.conf
View File

@@ -552,18 +552,6 @@
}, },
{ {
"table_id":42, "table_id":42,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"interval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_boundary":3,
"up_boundary":4
}
},
{
"table_id":43,
"table_name":"TSG_OBJ_KEYWORDS", "table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -577,7 +565,7 @@
} }
}, },
{ {
"table_id":44, "table_id":43,
"table_name":"TSG_OBJ_HTTP_SIGNATURE", "table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus", "table_type":"expr_plus",
"valid_column":8, "valid_column":8,
@@ -592,315 +580,139 @@
} }
}, },
{ {
"table_id":45, "table_id":44,
"table_name":"ATTR_HTTP_URL", "table_name":"ATTR_HTTP_URL",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_URL" "physical_table": "TSG_OBJ_URL"
}, },
{ {
"table_id":46, "table_id":45,
"table_name":"ATTR_HTTP_REQ_HDR", "table_name":"ATTR_HTTP_REQ_HDR",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE" "physical_table": "TSG_OBJ_HTTP_SIGNATURE"
}, },
{ {
"table_id":47, "table_id":46,
"table_name":"ATTR_HTTP_RES_HDR", "table_name":"ATTR_HTTP_RES_HDR",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE" "physical_table": "TSG_OBJ_HTTP_SIGNATURE"
}, },
{ {
"table_id":48, "table_id":47,
"table_name":"ATTR_HTTP_REQ_BODY", "table_name":"ATTR_HTTP_REQ_BODY",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":49, "table_id":48,
"table_name":"ATTR_HTTP_RES_BODY", "table_name":"ATTR_HTTP_RES_BODY",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":50, "table_id":49,
"table_name":"ATTR_SSL_CN", "table_name":"ATTR_SSL_CN",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":51, "table_id":50,
"table_name":"ATTR_SSL_CN_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":52,
"table_name":"ATTR_SSL_SAN", "table_name":"ATTR_SSL_SAN",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":53, "table_id":51,
"table_name":"ATTR_SSL_SAN_CAT",
"table_type":"virtual",
"physical_table":"TSG_OBJ_FQDN_CAT"
},
{
"table_id":54,
"table_name":"ATTR_DNS_QNAME", "table_name":"ATTR_DNS_QNAME",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":55, "table_id":52,
"table_name":"ATTR_MAIL_ACCOUNT", "table_name":"ATTR_MAIL_ACCOUNT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":56, "table_id":53,
"table_name":"ATTR_MAIL_FROM", "table_name":"ATTR_MAIL_FROM",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":57, "table_id":54,
"table_name":"ATTR_MAIL_TO", "table_name":"ATTR_MAIL_TO",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":58, "table_id":55,
"table_name":"ATTR_MAIL_SUBJECT", "table_name":"ATTR_MAIL_SUBJECT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":59, "table_id":56,
"table_name":"ATTR_MAIL_CONTENT", "table_name":"ATTR_MAIL_CONTENT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":60, "table_id":57,
"table_name":"ATTR_MAIL_ATT_NAME", "table_name":"ATTR_MAIL_ATT_NAME",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":61, "table_id":58,
"table_name":"ATTR_MAIL_ATT_CONTENT", "table_name":"ATTR_MAIL_ATT_CONTENT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":62, "table_id":59,
"table_name":"ATTR_FTP_URI", "table_name":"ATTR_FTP_URI",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_URL" "physical_table": "TSG_OBJ_URL"
}, },
{ {
"table_id":63, "table_id":60,
"table_name":"ATTR_FTP_CONTENT", "table_name":"ATTR_FTP_CONTENT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":64, "table_id":61,
"table_name":"ATTR_FTP_ACCOUNT", "table_name":"ATTR_FTP_ACCOUNT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":65, "table_id":62,
"table_name":"ATTR_SOURCE_IP", "table_name":"ATTR_SOURCE_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":66, "table_id":63,
"table_name":"ATTR_DESTINATION_IP", "table_name":"ATTR_DESTINATION_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
},
{
"table_id":67,
"table_name":"TSG_OBJ_IP_ASN_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":9,
"custom": {
"item_id":1,
"group_id":2,
"ip_type":3,
"addr_format":4,
"start_ip":5,
"end_ip":6
}
}, },
{ {
"table_id":68, "table_id":64,
"table_name":"TSG_OBJ_IP_ASN_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":9,
"custom": {
"item_id":1,
"group_id":2,
"ip_type":3,
"addr_format":4,
"start_ip":5,
"end_ip":6
}
},
{
"table_id":69,
"table_name":"TSG_IP_LOCATION_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":24,
"custom": {
"item_id":1,
"ip_type":7,
"start_ip":9,
"end_ip":10,
"addr_format":8
}
},
{
"table_id":70,
"table_name":"TSG_IP_LOCATION_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":24,
"custom": {
"item_id":1,
"ip_type":7,
"start_ip":9,
"end_ip":10,
"addr_format":8
}
},
{
"table_id":71,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":72,
"table_name":"ATTR_SOURCE_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":73,
"table_name":"ATTR_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":74,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":75,
"table_name":"ATTR_SOURCE_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":76,
"table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":77,
"table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":78,
"table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":79,
"table_name":"ATTR_DESTINATION_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":80,
"table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":81,
"table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":82,
"table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":83,
"table_name":"TSG_FQDN_CATEGORY_BUILT_IN",
"table_type":"fqdn_plugin",
"valid_column":6,
"custom": {
"item_id":1,
"suffix_match_method":4,
"fqdn":3
}
},
{
"table_id":84,
"table_name":"TSG_FQDN_CATEGORY_USER_DEFINED",
"table_type":"fqdn_plugin",
"valid_column":6,
"custom": {
"item_id":1,
"suffix_match_method":4,
"fqdn":3
}
},
{
"table_id":85,
"table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION", "table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":86, "table_id":65,
"table_name":"ATTR_SIP_RESPONDER_DESCRIPTION", "table_name":"ATTR_SIP_RESPONDER_DESCRIPTION",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":87, "table_id":66,
"table_name":"TSG_OBJ_IMSI", "table_name":"TSG_OBJ_IMSI",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -914,7 +726,7 @@
} }
}, },
{ {
"table_id":88, "table_id":67,
"table_name":"TSG_OBJ_PHONE_NUMBER", "table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -928,7 +740,7 @@
} }
}, },
{ {
"table_id":89, "table_id":68,
"table_name":"TSG_OBJ_APN", "table_name":"TSG_OBJ_APN",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -942,25 +754,25 @@
} }
}, },
{ {
"table_id":90, "table_id":69,
"table_name":"ATTR_GTP_IMSI", "table_name":"ATTR_GTP_IMSI",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IMSI" "physical_table": "TSG_OBJ_IMSI"
}, },
{ {
"table_id":91, "table_id":70,
"table_name":"ATTR_GTP_PHONE_NUMBER", "table_name":"ATTR_GTP_PHONE_NUMBER",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER" "physical_table": "TSG_OBJ_PHONE_NUMBER"
}, },
{ {
"table_id":92, "table_id":71,
"table_name":"ATTR_GTP_APN", "table_name":"ATTR_GTP_APN",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_APN" "physical_table": "TSG_OBJ_APN"
}, },
{ {
"table_id":93, "table_id":72,
"table_name":"TSG_TUNNEL_CATALOG", "table_name":"TSG_TUNNEL_CATALOG",
"table_type":"bool_plugin", "table_type":"bool_plugin",
"valid_column":6, "valid_column":6,
@@ -970,7 +782,7 @@
} }
}, },
{ {
"table_id":94, "table_id":73,
"table_name":"TSG_TUNNEL_ENDPOINT", "table_name":"TSG_TUNNEL_ENDPOINT",
"table_type":"ip_plugin", "table_type":"ip_plugin",
"valid_column":6, "valid_column":6,
@@ -982,7 +794,7 @@
} }
}, },
{ {
"table_id":95, "table_id":74,
"table_name":"TSG_TUNNEL_LABEL", "table_name":"TSG_TUNNEL_LABEL",
"table_type":"plugin", "table_type":"plugin",
"valid_column":4, "valid_column":4,
@@ -993,13 +805,13 @@
} }
}, },
{ {
"table_id":96, "table_id":75,
"table_name":"ATTR_TUNNEL", "table_name":"ATTR_TUNNEL",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG" "physical_table": "TSG_TUNNEL_CATALOG"
}, },
{ {
"table_id":97, "table_id":76,
"table_name":"TSG_OBJ_FLAG", "table_name":"TSG_OBJ_FLAG",
"table_type":"flag", "table_type":"flag",
"valid_column":5, "valid_column":5,
@@ -1011,19 +823,19 @@
} }
}, },
{ {
"table_id":98, "table_id":77,
"table_name":"ATTR_FLAG", "table_name":"ATTR_FLAG",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FLAG" "physical_table": "TSG_OBJ_FLAG"
}, },
{ {
"table_id":99, "table_id":78,
"table_name":"ATTR_DOH_QNAME", "table_name":"ATTR_DOH_QNAME",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":100, "table_id":79,
"table_name":"TSG_OBJ_IMEI", "table_name":"TSG_OBJ_IMEI",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -1037,13 +849,13 @@
} }
}, },
{ {
"table_id":101, "table_id":80,
"table_name":"ATTR_GTP_IMEI", "table_name":"ATTR_GTP_IMEI",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IMEI" "physical_table": "TSG_OBJ_IMEI"
}, },
{ {
"table_id":102, "table_id":81,
"table_name": "APP_ID_DICT", "table_name": "APP_ID_DICT",
"table_type": "plugin", "table_type": "plugin",
"valid_column": 19, "valid_column": 19,
@@ -1054,43 +866,37 @@
} }
}, },
{ {
"table_id":103, "table_id":82,
"table_name":"ATTR_SUBSCRIBER_ID", "table_name":"ATTR_SUBSCRIBER_ID",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_SUBSCRIBER_ID" "physical_table": "TSG_OBJ_SUBSCRIBER_ID"
}, },
{ {
"table_id":104, "table_id":83,
"table_name":"ATTR_APP_ID", "table_name":"ATTR_APP_ID",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "APP_ID_DICT" "physical_table": "APP_ID_DICT"
}, },
{ {
"table_id":105, "table_id":84,
"table_name": "ATTR_SERVER_FQDN", "table_name": "ATTR_SERVER_FQDN",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":106, "table_id":85,
"table_name": "ATTR_SERVER_FQDN_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":107,
"table_name":"ATTR_INTERNAL_IP", "table_name":"ATTR_INTERNAL_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":108, "table_id":86,
"table_name":"ATTR_EXTERNAL_IP", "table_name":"ATTR_EXTERNAL_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":109, "table_id":87,
"table_name": "TSG_IP_PROTOCOL", "table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin", "table_type": "plugin",
"valid_column": 4, "valid_column": 4,
@@ -1101,7 +907,7 @@
} }
}, },
{ {
"table_id":110, "table_id":88,
"table_name":"TSG_OBJ_PORT", "table_name":"TSG_OBJ_PORT",
"table_type":"interval", "table_type":"interval",
"valid_column":5, "valid_column":5,
@@ -1113,91 +919,90 @@
} }
}, },
{ {
"table_id":111, "table_id":89,
"table_name": "ATTR_SOURCE_PORT", "table_name": "ATTR_SOURCE_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":112, "table_id":90,
"table_name": "ATTR_DESTINATION_PORT", "table_name": "ATTR_DESTINATION_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":113, "table_id":91,
"table_name": "ATTR_INTERNAL_PORT", "table_name": "ATTR_INTERNAL_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":114, "table_id":92,
"table_name": "ATTR_EXTERNAL_PORT", "table_name": "ATTR_EXTERNAL_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":115, "table_id":93,
"table_name": "ATTR_IP_PROTOCOL", "table_name": "ATTR_IP_PROTOCOL",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_IP_PROTOCOL" "physical_table": "TSG_IP_PROTOCOL"
}, },
{ {
"table_id":116, "table_id":94,
"table_name": "ATTR_SSL_ECH", "table_name": "ATTR_SSL_ECH",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":117, "table_id":95,
"table_name": "ATTR_SSL_ESNI", "table_name": "ATTR_SSL_ESNI",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":118, "table_id":96,
"table_name": "ATTR_SSL_NO_SNI", "table_name": "ATTR_SSL_NO_SNI",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":119, "table_id":97,
"table_name":"ATTR_TUNNEL_LEVEL", "table_name":"ATTR_TUNNEL_LEVEL",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG" "physical_table": "TSG_TUNNEL_CATALOG"
}, },
{ {
"table_id":120, "table_id":98,
"table_name":"ATTR_INTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":121,
"table_name":"ATTR_EXTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":122,
"table_name":"ATTR_TUNNEL_GTP_ENDPOINT", "table_name":"ATTR_TUNNEL_GTP_ENDPOINT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":123, "table_id":99,
"table_name":"ATTR_TUNNEL_GRE_ENDPOINT", "table_name":"ATTR_TUNNEL_GRE_ENDPOINT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":124, "table_id":100,
"table_name":"ATTR_TUNNEL_IP_IN_IP_ENDPOINT", "table_name":"ATTR_TUNNEL_IP_IN_IP_ENDPOINT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":125, "table_id": 101,
"table_name": "LIBRARY_TAG",
"table_type": "plugin",
"valid_column": 6,
"custom": {
"key": 1,
"key_type": "integer",
"key_len": 8
}
},
{
"table_id":102,
"table_name":"FQDN_ENTRY", "table_name":"FQDN_ENTRY",
"table_type":"fqdn_plugin", "table_type":"fqdn_plugin",
"valid_column":5, "valid_column":5,
@@ -1208,10 +1013,10 @@
} }
}, },
{ {
"table_id":126, "table_id":103,
"table_name":"IP_ADDR_ENTRY", "table_name":"IP_ADDR_ENTRY",
"table_type":"ip_plugin", "table_type":"ip_plugin",
"valid_column":8, "valid_column":7,
"custom": { "custom": {
"item_id":1, "item_id":1,
"ip_type":3, "ip_type":3,

263
resource/table_info_simple.conf
View File

@@ -552,18 +552,6 @@
}, },
{ {
"table_id":42, "table_id":42,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"interval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_boundary":3,
"up_boundary":4
}
},
{
"table_id":43,
"table_name":"TSG_OBJ_KEYWORDS", "table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -577,7 +565,7 @@
} }
}, },
{ {
"table_id":44, "table_id":43,
"table_name":"TSG_OBJ_HTTP_SIGNATURE", "table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus", "table_type":"expr_plus",
"valid_column":8, "valid_column":8,
@@ -592,239 +580,139 @@
} }
}, },
{ {
"table_id":45, "table_id":44,
"table_name":"ATTR_HTTP_URL", "table_name":"ATTR_HTTP_URL",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_URL" "physical_table": "TSG_OBJ_URL"
}, },
{ {
"table_id":46, "table_id":45,
"table_name":"ATTR_HTTP_REQ_HDR", "table_name":"ATTR_HTTP_REQ_HDR",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE" "physical_table": "TSG_OBJ_HTTP_SIGNATURE"
}, },
{ {
"table_id":47, "table_id":46,
"table_name":"ATTR_HTTP_RES_HDR", "table_name":"ATTR_HTTP_RES_HDR",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE" "physical_table": "TSG_OBJ_HTTP_SIGNATURE"
}, },
{ {
"table_id":48, "table_id":47,
"table_name":"ATTR_HTTP_REQ_BODY", "table_name":"ATTR_HTTP_REQ_BODY",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":49, "table_id":48,
"table_name":"ATTR_HTTP_RES_BODY", "table_name":"ATTR_HTTP_RES_BODY",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":50, "table_id":49,
"table_name":"ATTR_SSL_CN", "table_name":"ATTR_SSL_CN",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":51, "table_id":50,
"table_name":"ATTR_SSL_CN_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":52,
"table_name":"ATTR_SSL_SAN", "table_name":"ATTR_SSL_SAN",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":53, "table_id":51,
"table_name":"ATTR_SSL_SAN_CAT",
"table_type":"virtual",
"physical_table":"TSG_OBJ_FQDN_CAT"
},
{
"table_id":54,
"table_name":"ATTR_DNS_QNAME", "table_name":"ATTR_DNS_QNAME",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":55, "table_id":52,
"table_name":"ATTR_MAIL_ACCOUNT", "table_name":"ATTR_MAIL_ACCOUNT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":56, "table_id":53,
"table_name":"ATTR_MAIL_FROM", "table_name":"ATTR_MAIL_FROM",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":57, "table_id":54,
"table_name":"ATTR_MAIL_TO", "table_name":"ATTR_MAIL_TO",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":58, "table_id":55,
"table_name":"ATTR_MAIL_SUBJECT", "table_name":"ATTR_MAIL_SUBJECT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":59, "table_id":56,
"table_name":"ATTR_MAIL_CONTENT", "table_name":"ATTR_MAIL_CONTENT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":60, "table_id":57,
"table_name":"ATTR_MAIL_ATT_NAME", "table_name":"ATTR_MAIL_ATT_NAME",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":61, "table_id":58,
"table_name":"ATTR_MAIL_ATT_CONTENT", "table_name":"ATTR_MAIL_ATT_CONTENT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":62, "table_id":59,
"table_name":"ATTR_FTP_URI", "table_name":"ATTR_FTP_URI",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_URL" "physical_table": "TSG_OBJ_URL"
}, },
{ {
"table_id":63, "table_id":60,
"table_name":"ATTR_FTP_CONTENT", "table_name":"ATTR_FTP_CONTENT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS" "physical_table": "TSG_OBJ_KEYWORDS"
}, },
{ {
"table_id":64, "table_id":61,
"table_name":"ATTR_FTP_ACCOUNT", "table_name":"ATTR_FTP_ACCOUNT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":65, "table_id":62,
"table_name":"ATTR_SOURCE_IP", "table_name":"ATTR_SOURCE_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":66, "table_id":63,
"table_name":"ATTR_DESTINATION_IP", "table_name":"ATTR_DESTINATION_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":67, "table_id":64,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":72,
"table_name":"ATTR_SOURCE_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":73,
"table_name":"ATTR_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":74,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":75,
"table_name":"ATTR_SOURCE_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":76,
"table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":77,
"table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":78,
"table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":79,
"table_name":"ATTR_DESTINATION_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":80,
"table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":81,
"table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":82,
"table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":85,
"table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION", "table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":86, "table_id":65,
"table_name":"ATTR_SIP_RESPONDER_DESCRIPTION", "table_name":"ATTR_SIP_RESPONDER_DESCRIPTION",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT" "physical_table": "TSG_OBJ_ACCOUNT"
}, },
{ {
"table_id":87, "table_id":66,
"table_name":"TSG_OBJ_IMSI", "table_name":"TSG_OBJ_IMSI",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -838,7 +726,7 @@
} }
}, },
{ {
"table_id":88, "table_id":67,
"table_name":"TSG_OBJ_PHONE_NUMBER", "table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -852,7 +740,7 @@
} }
}, },
{ {
"table_id":89, "table_id":68,
"table_name":"TSG_OBJ_APN", "table_name":"TSG_OBJ_APN",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -866,25 +754,25 @@
} }
}, },
{ {
"table_id":90, "table_id":69,
"table_name":"ATTR_GTP_IMSI", "table_name":"ATTR_GTP_IMSI",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IMSI" "physical_table": "TSG_OBJ_IMSI"
}, },
{ {
"table_id":91, "table_id":70,
"table_name":"ATTR_GTP_PHONE_NUMBER", "table_name":"ATTR_GTP_PHONE_NUMBER",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER" "physical_table": "TSG_OBJ_PHONE_NUMBER"
}, },
{ {
"table_id":92, "table_id":71,
"table_name":"ATTR_GTP_APN", "table_name":"ATTR_GTP_APN",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_APN" "physical_table": "TSG_OBJ_APN"
}, },
{ {
"table_id":93, "table_id":72,
"table_name":"TSG_TUNNEL_CATALOG", "table_name":"TSG_TUNNEL_CATALOG",
"table_type":"bool_plugin", "table_type":"bool_plugin",
"valid_column":6, "valid_column":6,
@@ -894,7 +782,7 @@
} }
}, },
{ {
"table_id":94, "table_id":73,
"table_name":"TSG_TUNNEL_ENDPOINT", "table_name":"TSG_TUNNEL_ENDPOINT",
"table_type":"ip_plugin", "table_type":"ip_plugin",
"valid_column":6, "valid_column":6,
@@ -906,7 +794,7 @@
} }
}, },
{ {
"table_id":95, "table_id":74,
"table_name":"TSG_TUNNEL_LABEL", "table_name":"TSG_TUNNEL_LABEL",
"table_type":"plugin", "table_type":"plugin",
"valid_column":4, "valid_column":4,
@@ -917,13 +805,13 @@
} }
}, },
{ {
"table_id":96, "table_id":75,
"table_name":"ATTR_TUNNEL", "table_name":"ATTR_TUNNEL",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG" "physical_table": "TSG_TUNNEL_CATALOG"
}, },
{ {
"table_id":97, "table_id":76,
"table_name":"TSG_OBJ_FLAG", "table_name":"TSG_OBJ_FLAG",
"table_type":"flag", "table_type":"flag",
"valid_column":5, "valid_column":5,
@@ -935,19 +823,19 @@
} }
}, },
{ {
"table_id":98, "table_id":77,
"table_name":"ATTR_FLAG", "table_name":"ATTR_FLAG",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FLAG" "physical_table": "TSG_OBJ_FLAG"
}, },
{ {
"table_id":99, "table_id":78,
"table_name":"ATTR_DOH_QNAME", "table_name":"ATTR_DOH_QNAME",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":100, "table_id":79,
"table_name":"TSG_OBJ_IMEI", "table_name":"TSG_OBJ_IMEI",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
@@ -961,13 +849,13 @@
} }
}, },
{ {
"table_id":101, "table_id":80,
"table_name":"ATTR_GTP_IMEI", "table_name":"ATTR_GTP_IMEI",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IMEI" "physical_table": "TSG_OBJ_IMEI"
}, },
{ {
"table_id":102, "table_id":81,
"table_name": "APP_ID_DICT", "table_name": "APP_ID_DICT",
"table_type": "plugin", "table_type": "plugin",
"valid_column": 19, "valid_column": 19,
@@ -978,43 +866,37 @@
} }
}, },
{ {
"table_id":103, "table_id":82,
"table_name":"ATTR_SUBSCRIBER_ID", "table_name":"ATTR_SUBSCRIBER_ID",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_SUBSCRIBER_ID" "physical_table": "TSG_OBJ_SUBSCRIBER_ID"
}, },
{ {
"table_id":104, "table_id":83,
"table_name":"ATTR_APP_ID", "table_name":"ATTR_APP_ID",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "APP_ID_DICT" "physical_table": "APP_ID_DICT"
}, },
{ {
"table_id":105, "table_id":84,
"table_name": "ATTR_SERVER_FQDN", "table_name": "ATTR_SERVER_FQDN",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":106, "table_id":85,
"table_name": "ATTR_SERVER_FQDN_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":107,
"table_name":"ATTR_INTERNAL_IP", "table_name":"ATTR_INTERNAL_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":108, "table_id":86,
"table_name":"ATTR_EXTERNAL_IP", "table_name":"ATTR_EXTERNAL_IP",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":109, "table_id":87,
"table_name": "TSG_IP_PROTOCOL", "table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin", "table_type": "plugin",
"valid_column": 4, "valid_column": 4,
@@ -1025,7 +907,7 @@
} }
}, },
{ {
"table_id":110, "table_id":88,
"table_name":"TSG_OBJ_PORT", "table_name":"TSG_OBJ_PORT",
"table_type":"interval", "table_type":"interval",
"valid_column":5, "valid_column":5,
@@ -1037,91 +919,90 @@
} }
}, },
{ {
"table_id":111, "table_id":89,
"table_name": "ATTR_SOURCE_PORT", "table_name": "ATTR_SOURCE_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":112, "table_id":90,
"table_name": "ATTR_DESTINATION_PORT", "table_name": "ATTR_DESTINATION_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":113, "table_id":91,
"table_name": "ATTR_INTERNAL_PORT", "table_name": "ATTR_INTERNAL_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":114, "table_id":92,
"table_name": "ATTR_EXTERNAL_PORT", "table_name": "ATTR_EXTERNAL_PORT",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_PORT" "physical_table": "TSG_OBJ_PORT"
}, },
{ {
"table_id":115, "table_id":93,
"table_name": "ATTR_IP_PROTOCOL", "table_name": "ATTR_IP_PROTOCOL",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_IP_PROTOCOL" "physical_table": "TSG_IP_PROTOCOL"
}, },
{ {
"table_id":116, "table_id":94,
"table_name": "ATTR_SSL_ECH", "table_name": "ATTR_SSL_ECH",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":117, "table_id":95,
"table_name": "ATTR_SSL_ESNI", "table_name": "ATTR_SSL_ESNI",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":118, "table_id":96,
"table_name": "ATTR_SSL_NO_SNI", "table_name": "ATTR_SSL_NO_SNI",
"table_type": "virtual", "table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN" "physical_table": "TSG_OBJ_FQDN"
}, },
{ {
"table_id":119, "table_id":97,
"table_name":"ATTR_TUNNEL_LEVEL", "table_name":"ATTR_TUNNEL_LEVEL",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG" "physical_table": "TSG_TUNNEL_CATALOG"
}, },
{ {
"table_id":120, "table_id":98,
"table_name":"ATTR_INTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":121,
"table_name":"ATTR_EXTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":122,
"table_name":"ATTR_TUNNEL_GTP_ENDPOINT", "table_name":"ATTR_TUNNEL_GTP_ENDPOINT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":123, "table_id":99,
"table_name":"ATTR_TUNNEL_GRE_ENDPOINT", "table_name":"ATTR_TUNNEL_GRE_ENDPOINT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":124, "table_id":100,
"table_name":"ATTR_TUNNEL_IP_IN_IP_ENDPOINT", "table_name":"ATTR_TUNNEL_IP_IN_IP_ENDPOINT",
"table_type":"virtual", "table_type":"virtual",
"physical_table": "TSG_OBJ_IP" "physical_table": "TSG_OBJ_IP"
}, },
{ {
"table_id":125, "table_id": 101,
"table_name": "LIBRARY_TAG",
"table_type": "plugin",
"valid_column": 6,
"custom": {
"key": 1,
"key_type": "integer",
"key_len": 8
}
},
{
"table_id":102,
"table_name":"FQDN_ENTRY", "table_name":"FQDN_ENTRY",
"table_type":"fqdn_plugin", "table_type":"fqdn_plugin",
"valid_column":5, "valid_column":5,
@@ -1132,10 +1013,10 @@
} }
}, },
{ {
"table_id":126, "table_id":103,
"table_name":"IP_ADDR_ENTRY", "table_name":"IP_ADDR_ENTRY",
"table_type":"ip_plugin", "table_type":"ip_plugin",
"valid_column":8, "valid_column":7,
"custom": { "custom": {
"item_id":1, "item_id":1,
"ip_type":3, "ip_type":3,

225
resource/verify-policy.json
View File

@@ -31,34 +31,48 @@
} }
} }
] ]
},
{
"virtual_table":"ATTR_SERVER_FQDN",
"group_name":"http_fqdn",
"group_id":1011,
"not_flag":0,
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"virtual_table":"ATTR_SSL_SAN",
"group_name":"ssl_san",
"group_id":11011,
"not_flag":0,
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}, },
{ {
"virtual_table":"ATTR_APP_ID", "virtual_table":"ATTR_APP_ID",
"group_name":"app_id", "group_name":"app_id",
"group_id":201, "group_id":201,
"not_flag":0 "not_flag":0
},
{
"not_flag": 0,
"group_id": 301,
"group_name":"ipv4_addr",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.55.4",
"ip2": "192.168.55.4",
"port_format": "range",
"port1": "80",
"port2": "80",
"protocol": -1
}
}
]
} }
] ]
}, },
@@ -74,8 +88,132 @@
"is_valid": "yes", "is_valid": "yes",
"groups": [ "groups": [
{ {
"group_name":"http_url", "group_name":"http_fqdn",
"virtual_table":"ATTR_HTTP_URL" "virtual_table":"ATTR_SERVER_FQDN"
},
{
"group_name":"ssl_san",
"virtual_table":"ATTR_SSL_SAN"
},
{
"not_flag": 0,
"group_id": 604,
"group_name":"IPv4TCPSoureServiceChaining604",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.55.4",
"ip2": "192.168.55.4"
}
}
]
},
{
"group_id": 9,
"group_name": "ip.source.ip12",
"virtual_table": "ATTR_SOURCE_IP"
},
{
"group_id": 10,
"group_name": "ip.source.ip13",
"virtual_table": "ATTR_DESTINATION_IP"
},
{
"group_id": 6,
"group_name": "host.fqdn6",
"virtual_table": "ATTR_SERVER_FQDN"
},
{
"group_id": 9,
"group_name": "ip.source.ip14",
"virtual_table": "ATTR_INTERNAL_IP"
},
{
"group_id": 10,
"group_name": "ip.source.ip15",
"virtual_table": "ATTR_EXTERNAL_IP"
}
]
},
{
"compile_id": 11022,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"{\"tag_sets\":[[{\"tag\":\"device_id\",\"value\":[\"device_3\",\"device_4\"]}]]}",
"user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.jd.com\"}",
"is_valid": "no",
"groups": [
{
"not_flag": 0,
"group_id": 704,
"group_name":"IPv4TCPSoureServiceChaining604",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.55.7",
"ip2": "192.168.55.7"
}
}
]
}
]
},
{
"compile_id": 11023,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"{\"tag_sets\":[[{\"tag\":\"device_id\",\"value\":[\"device_3\",\"device_4\"]}]]}",
"user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.jd.com\"}",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 604,
"group_name":"IPv4TCPSoureServiceChaining604",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.55.4",
"ip2": "192.168.55.4"
}
}
]
},
{
"group_id": 9,
"group_name": "ip.source.ip12",
"virtual_table": "ATTR_SOURCE_IP"
},
{
"group_id": 10,
"group_name": "ip.source.ip13",
"virtual_table": "ATTR_DESTINATION_IP"
},
{
"group_id": 9,
"group_name": "ip.source.ip14",
"virtual_table": "ATTR_INTERNAL_IP"
} }
] ]
}, },
@@ -309,33 +447,34 @@
"68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t68000\t1" "68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t68000\t1"
] ]
}, },
{ {
"table_name": "TSG_FQDN_CATEGORY_BUILT_IN",
"table_content": [
"0\t1\t126.com\t1\t601\t1",
"1\t2\tbaidu.com\t1\t602\t1"
]
},
{
"table_name": "TSG_FQDN_CATEGORY_USER_DEFINED",
"table_content": [
"0\t3\t126.com\t1\t701\t1",
"1\t4\tbaidu.com\t1\t702\t1"
]
},
{
"table_name": "FQDN_ENTRY", "table_name": "FQDN_ENTRY",
"table_content": [ "table_content": [
"1\t2,4,5\twww.126.com\t1\t1", "1\t2,4,5\twww.126.com\t1\t1",
"2\t6,7,8\twww.baidu.com\t1\t1" "2\t6,7,8\twww.baidu.com\t1\t1"
] ]
}, },
{ {
"table_name": "IP_ADDR_ENTRY", "table_name": "IP_ADDR_ENTRY",
"table_content": [ "table_content": [
"1\t2,4,5\t4\tsingle\t192.168.55.4\t192.168.55.4\t0\t1", "7\t12,14,15\t4\tsingle\t192.168.55.5\t192.168.55.5\t1",
"1\t2,4,5\t4\tsingle\t192.168.55.4\t192.168.55.4\t0\t1" "8\t22,24,25\t4\tsingle\t192.168.55.5\t192.168.55.5\t1",
"9\t9,15\t4\trange\t192.168.55.4\t192.168.55.4\t1",
"10\t10\t4\trange\t192.168.55.6\t192.168.55.6\t1"
] ]
} },
{
"table_name": "LIBRARY_TAG",
"table_content": [
"6\tnone\twebsite_category\twebsite_category\tsearch\\bengines\t1",
"7\tnone\twebsite_category\twebsite_category\tbusiness\t1",
"8\tnone\twebsite_category\twebsite_category\tsearch\\bengines\t1",
"12\tnone\tgeoip\ttest1\ttest1\t1",
"14\tnone\tgeoip\ttest2\ttest2\t1",
"15\tnone\tgeoip\ttest3\ttest3\t1",
"9\tnone\tgeoip\ttest4\ttest4\t1",
"10\tnone\tgeoip\ttest5\ttest5\t1"
]
}
] ]
} }