TSG-2385 策略验证结果增加流量属性的描述信息
This commit is contained in:
fengweihao
@@ -21,7 +21,8 @@ enum verify_policy_type
|
|||||||
|
|
||||||
enum manipulate_sacn_table
|
enum manipulate_sacn_table
|
||||||
{
|
{
|
||||||
PXY_CTRL_IP,
|
PXY_CTRL_SOURCE_ADDR,
|
||||||
|
PXY_CTRL_DESTINATION_ADDR,
|
||||||
PXY_CTRL_HTTP_URL,
|
PXY_CTRL_HTTP_URL,
|
||||||
PXY_CTRL_HTTP_FQDN,
|
PXY_CTRL_HTTP_FQDN,
|
||||||
PXY_CTRL_HTTP_REQ_HDR,
|
PXY_CTRL_HTTP_REQ_HDR,
|
||||||
@@ -41,7 +42,8 @@ enum manipulate_sacn_table
|
|||||||
|
|
||||||
enum security_scan_table
|
enum security_scan_table
|
||||||
{
|
{
|
||||||
PXY_SECURITY_IP,
|
PXY_SECURITY_SOURCE_ADDR,
|
||||||
|
PXY_SECURITY_DESTINATION_ADDR,
|
||||||
PXY_SECURITY_HTTP_URL,
|
PXY_SECURITY_HTTP_URL,
|
||||||
PXY_SECURITY_HTTP_FQDN,
|
PXY_SECURITY_HTTP_FQDN,
|
||||||
PXY_SECURITY_HTTP_REQ_HDR,
|
PXY_SECURITY_HTTP_REQ_HDR,
|
||||||
|
|||||||
@@ -85,7 +85,8 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
|
|||||||
switch(type)
|
switch(type)
|
||||||
{
|
{
|
||||||
case PXY_TABLE_MANIPULATION:
|
case PXY_TABLE_MANIPULATION:
|
||||||
table_name[PXY_CTRL_IP] = "TSG_OBJ_IP_ADDR";
|
table_name[PXY_CTRL_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR";
|
||||||
|
table_name[PXY_CTRL_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR";
|
||||||
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
||||||
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
||||||
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
||||||
@@ -98,7 +99,8 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
|
|||||||
table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST";
|
table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST";
|
||||||
break;
|
break;
|
||||||
case PXY_TABLE_SECURITY:
|
case PXY_TABLE_SECURITY:
|
||||||
table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR";
|
table_name[PXY_SECURITY_SOURCE_ADDR]="TSG_SECURITY_SOURCE_ADDR";
|
||||||
|
table_name[PXY_SECURITY_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR";
|
||||||
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
||||||
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
||||||
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
||||||
@@ -139,7 +141,7 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
|
|||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct ipaddr *ip_to_stream_addr(char *clientIp1, unsigned int clientPort1, char *serverIp1, unsigned int serverPort1, int addr_type)
|
struct ipaddr *ip_to_stream_addr(const char *clientIp1, unsigned int clientPort1, const char *serverIp1, unsigned int serverPort1, int addr_type)
|
||||||
{
|
{
|
||||||
struct ipaddr *ip_addr = ALLOC(struct ipaddr, 1);
|
struct ipaddr *ip_addr = ALLOC(struct ipaddr, 1);
|
||||||
if(addr_type == 4)
|
if(addr_type == 4)
|
||||||
@@ -182,29 +184,32 @@ void ipaddr_free(struct ipaddr *ip_addr)
|
|||||||
free(ip_addr);
|
free(ip_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct ipaddr * get_ip_from_json(cJSON *attributeValue)
|
static struct ipaddr * get_ip_from_json(cJSON *attributeValue, char *attributeName)
|
||||||
{
|
{
|
||||||
cJSON* item = NULL;
|
cJSON* item = NULL;
|
||||||
int addr_type=0, __attribute__((__unused__))protocol=0;
|
int addr_type=0, __attribute__((__unused__))protocol=0;
|
||||||
char *clientIp1=NULL,*serverIp1=NULL;
|
const char *Ip=NULL;
|
||||||
unsigned int clientPort1=0,serverPort1=0;
|
unsigned int Port=0;
|
||||||
|
|
||||||
item = cJSON_GetObjectItem(attributeValue,"clientIp");
|
item = cJSON_GetObjectItem(attributeValue,"ip");
|
||||||
if(item && item->type==cJSON_String) clientIp1 = item->valuestring;
|
if(item && item->type==cJSON_String) Ip = item->valuestring;
|
||||||
item = cJSON_GetObjectItem(attributeValue,"serverIp");
|
item = cJSON_GetObjectItem(attributeValue,"port");
|
||||||
if(item && item->type==cJSON_String) serverIp1 = (item->valuestring);
|
if(item && item->type==cJSON_String) Port =atoi(item->valuestring);
|
||||||
item = cJSON_GetObjectItem(attributeValue,"clientPort");
|
|
||||||
if(item && item->type==cJSON_String) clientPort1 =atoi(item->valuestring);
|
|
||||||
item = cJSON_GetObjectItem(attributeValue,"serverPort");
|
|
||||||
if(item && item->type==cJSON_String) serverPort1 =atoi(item->valuestring);
|
|
||||||
item = cJSON_GetObjectItem(attributeValue,"protocol");
|
item = cJSON_GetObjectItem(attributeValue,"protocol");
|
||||||
if(item && item->type==cJSON_Number) protocol = item->valueint;
|
if(item && item->type==cJSON_Number) protocol = item->valueint;
|
||||||
item=cJSON_GetObjectItem(attributeValue,"addrType");
|
item=cJSON_GetObjectItem(attributeValue,"addrType");
|
||||||
if(item && item->type==cJSON_Number) addr_type = item->valueint;
|
if(item && item->type==cJSON_Number) addr_type = item->valueint;
|
||||||
|
|
||||||
struct ipaddr *ip_addr = NULL;
|
struct ipaddr *ip_addr = NULL;
|
||||||
ip_addr = ip_to_stream_addr(clientIp1, clientPort1, serverIp1, serverPort1, addr_type);
|
if(strcasecmp(attributeName, "source") == 0)
|
||||||
|
{
|
||||||
|
ip_addr = ip_to_stream_addr(Ip, Port, "0.0.0.0", 0, addr_type);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(strcasecmp(attributeName, "destination") == 0)
|
||||||
|
{
|
||||||
|
ip_addr = ip_to_stream_addr("0.0.0.0", 0, Ip, Port, addr_type);
|
||||||
|
}
|
||||||
return ip_addr;
|
return ip_addr;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -239,9 +244,10 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
|
|||||||
{
|
{
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
if(0 == strcasecmp(policy_query->verify_object[curr_id].attri_name, "ip"))
|
if(0 == strcasecmp(policy_query->verify_object[curr_id].attri_name, "source") ||
|
||||||
|
0 == strcasecmp(policy_query->verify_object[curr_id].attri_name, "destination"))
|
||||||
{
|
{
|
||||||
policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue);
|
policy_query->verify_object[curr_id].ip_addr = get_ip_from_json(attributeValue, policy_query->verify_object[curr_id].attri_name);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
item = cJSON_GetObjectItem(attributeValue,"string");
|
item = cJSON_GetObjectItem(attributeValue,"string");
|
||||||
|
|||||||
@@ -78,6 +78,16 @@ struct http_field_name
|
|||||||
enum tfe_http_std_field field_id;
|
enum tfe_http_std_field field_id;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct ip_data_ctx
|
||||||
|
{
|
||||||
|
char *asn_client;
|
||||||
|
char *asn_server;
|
||||||
|
char *organization_client;
|
||||||
|
char *organization_server;
|
||||||
|
char *location_client;
|
||||||
|
char *location_server;
|
||||||
|
};
|
||||||
|
|
||||||
struct pangu_http_ctx
|
struct pangu_http_ctx
|
||||||
{
|
{
|
||||||
enum pangu_action action;
|
enum pangu_action action;
|
||||||
@@ -90,6 +100,8 @@ struct pangu_http_ctx
|
|||||||
struct Maat_rule_t * enforce_rules;
|
struct Maat_rule_t * enforce_rules;
|
||||||
int n_read;
|
int n_read;
|
||||||
struct Maat_hit_path_t hit_path[2048];
|
struct Maat_hit_path_t hit_path[2048];
|
||||||
|
|
||||||
|
struct ip_data_ctx ip_ctx;
|
||||||
int thread_id;
|
int thread_id;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -126,6 +138,19 @@ void pangu_http_ctx_free(void * pme)
|
|||||||
Maat_clean_status(&(ctx->scan_mid));
|
Maat_clean_status(&(ctx->scan_mid));
|
||||||
ctx->scan_mid = NULL;
|
ctx->scan_mid = NULL;
|
||||||
|
|
||||||
|
struct ip_data_ctx *ip_ctx = &ctx->ip_ctx;
|
||||||
|
if(ip_ctx->asn_client)
|
||||||
|
FREE(&ip_ctx->asn_client);
|
||||||
|
if(ip_ctx->asn_server)
|
||||||
|
FREE(&ip_ctx->asn_server);
|
||||||
|
if(ip_ctx->organization_client)
|
||||||
|
FREE(&ip_ctx->organization_client);
|
||||||
|
if(ip_ctx->organization_server)
|
||||||
|
FREE(&ip_ctx->organization_server);
|
||||||
|
if(ip_ctx->location_client)
|
||||||
|
FREE(&ip_ctx->location_client);
|
||||||
|
if(ip_ctx->location_server)
|
||||||
|
FREE(&ip_ctx->location_server);
|
||||||
if(ctx->sp)
|
if(ctx->sp)
|
||||||
{
|
{
|
||||||
Maat_stream_scan_string_end(&(ctx->sp));
|
Maat_stream_scan_string_end(&(ctx->sp));
|
||||||
@@ -371,6 +396,55 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
|
|||||||
return prior_action;
|
return prior_action;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void http_get_location_status(cJSON *attributes, cJSON *attributeObj, struct ip_data_ctx *ip_ctx )
|
||||||
|
{
|
||||||
|
int i=0;
|
||||||
|
cJSON* item=NULL; char *attri_name=NULL;
|
||||||
|
cJSON* ipAsn=NULL;
|
||||||
|
|
||||||
|
item = cJSON_GetObjectItem(attributeObj, "attributeType");
|
||||||
|
if(item == NULL || item->type!=cJSON_String || strcasecmp(item->valuestring, "ip") != 0)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
item = cJSON_GetObjectItem(attributeObj, "attributeName");
|
||||||
|
if(item && item->type==cJSON_String)
|
||||||
|
{
|
||||||
|
attri_name = item->valuestring;
|
||||||
|
if(strcasecmp(attri_name, "source") == 0)
|
||||||
|
{
|
||||||
|
cJSON_AddStringToObject(attributeObj, "ipGeoLocation",ip_ctx->location_client);
|
||||||
|
|
||||||
|
ipAsn=cJSON_CreateArray();
|
||||||
|
cJSON_AddItemToObject(attributeObj, "ipAsn", ipAsn);
|
||||||
|
cJSON *ipAsnObj=NULL;
|
||||||
|
for(i=0; i< 1; i++)
|
||||||
|
{
|
||||||
|
ipAsnObj=cJSON_CreateObject();
|
||||||
|
cJSON_AddItemToArray(ipAsn, ipAsnObj);
|
||||||
|
cJSON_AddStringToObject(ipAsnObj, "asNumber", ip_ctx->asn_client);
|
||||||
|
cJSON_AddStringToObject(ipAsnObj, "organization", ip_ctx->organization_client);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(strcasecmp(attri_name, "destination") == 0)
|
||||||
|
{
|
||||||
|
cJSON_AddStringToObject(attributeObj, "ipGeoLocation",ip_ctx->location_server);
|
||||||
|
|
||||||
|
ipAsn=cJSON_CreateArray();
|
||||||
|
cJSON_AddItemToObject(attributeObj, "ipAsn", ipAsn);
|
||||||
|
cJSON *ipAsnObj=NULL;
|
||||||
|
for(i=0; i< 1; i++)
|
||||||
|
{
|
||||||
|
ipAsnObj=cJSON_CreateObject();
|
||||||
|
cJSON_AddItemToArray(ipAsn, ipAsnObj);
|
||||||
|
cJSON_AddStringToObject(ipAsnObj, "asNumber", ip_ctx->asn_server);
|
||||||
|
cJSON_AddStringToObject(ipAsnObj, "organization", ip_ctx->organization_server);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
void http_get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attributes, cJSON *data_obj, void *pme)
|
void http_get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attributes, cJSON *data_obj, void *pme)
|
||||||
{
|
{
|
||||||
int i=0;
|
int i=0;
|
||||||
@@ -404,6 +478,7 @@ void http_get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attr
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
http_get_location_status(attributes, attributeObj, &ctx->ip_ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int http_hit_policy_list(Maat_feather_t maat, size_t hit_cnt, cJSON *data_obj, void *pme)
|
static int http_hit_policy_list(Maat_feather_t maat, size_t hit_cnt, cJSON *data_obj, void *pme)
|
||||||
@@ -498,7 +573,12 @@ int http_ip_location_scan(struct Maat_rule_t *result, struct ip_address *sip, st
|
|||||||
int ip_location_table = 0;
|
int ip_location_table = 0;
|
||||||
if(ip_location_server!=NULL)
|
if(ip_location_server!=NULL)
|
||||||
{
|
{
|
||||||
|
memset(buff,0,sizeof(buff));
|
||||||
|
snprintf(buff, sizeof(buff), "%s,%s,%s", ip_location_server->city_full, ip_location_server->province_full, ip_location_server->country_full);
|
||||||
|
ctx->ip_ctx.location_server=strdup(buff);
|
||||||
|
|
||||||
ip_location_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_DST_LOCATION : (int)PXY_CTRL_IP_DST_LOCATION;
|
ip_location_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_DST_LOCATION : (int)PXY_CTRL_IP_DST_LOCATION;
|
||||||
|
memset(buff,0,sizeof(buff));
|
||||||
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_server->country_full, ip_location_server->city_full);
|
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_server->country_full, ip_location_server->city_full);
|
||||||
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_location_table],
|
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_location_table],
|
||||||
CHARSET_GBK, buff, strlen(buff),
|
CHARSET_GBK, buff, strlen(buff),
|
||||||
@@ -511,7 +591,13 @@ int http_ip_location_scan(struct Maat_rule_t *result, struct ip_address *sip, st
|
|||||||
}
|
}
|
||||||
if(ip_location_client!=NULL)
|
if(ip_location_client!=NULL)
|
||||||
{
|
{
|
||||||
|
memset(buff,0,sizeof(buff));
|
||||||
|
snprintf(buff, sizeof(buff), "%s,%s,%s", ip_location_client->city_full, ip_location_client->province_full, ip_location_client->country_full);
|
||||||
|
ctx->ip_ctx.location_client=strdup(buff);
|
||||||
|
|
||||||
ip_location_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_SRC_LOCATION : (int)PXY_CTRL_IP_SRC_LOCATION;
|
ip_location_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_SRC_LOCATION : (int)PXY_CTRL_IP_SRC_LOCATION;
|
||||||
|
|
||||||
|
memset(buff,0,sizeof(buff));
|
||||||
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_client->country_full, ip_location_client->city_full);
|
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_client->country_full, ip_location_client->city_full);
|
||||||
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_location_table],
|
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_location_table],
|
||||||
CHARSET_GBK, buff, strlen(buff),
|
CHARSET_GBK, buff, strlen(buff),
|
||||||
@@ -550,6 +636,9 @@ int http_ip_asn_scan(struct Maat_rule_t *result, struct ip_address* sip, struct
|
|||||||
int ip_asn_table = 0;
|
int ip_asn_table = 0;
|
||||||
if(ip_asn_server!=NULL)
|
if(ip_asn_server!=NULL)
|
||||||
{
|
{
|
||||||
|
ctx->ip_ctx.asn_server=strdup(ip_asn_server->asn);
|
||||||
|
ctx->ip_ctx.organization_server=strdup(ip_asn_server->organization);
|
||||||
|
|
||||||
ip_asn_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_DST_ASN : (int)PXY_CTRL_IP_DST_ASN;
|
ip_asn_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_DST_ASN : (int)PXY_CTRL_IP_DST_ASN;
|
||||||
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_asn_table],
|
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_asn_table],
|
||||||
CHARSET_UTF8, ip_asn_server->asn, strlen(ip_asn_server->asn),
|
CHARSET_UTF8, ip_asn_server->asn, strlen(ip_asn_server->asn),
|
||||||
@@ -563,6 +652,9 @@ int http_ip_asn_scan(struct Maat_rule_t *result, struct ip_address* sip, struct
|
|||||||
}
|
}
|
||||||
if(ip_asn_client!=NULL)
|
if(ip_asn_client!=NULL)
|
||||||
{
|
{
|
||||||
|
ctx->ip_ctx.asn_client=strdup(ip_asn_client->asn);
|
||||||
|
ctx->ip_ctx.organization_client=strdup(ip_asn_client->organization);
|
||||||
|
|
||||||
ip_asn_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_SRC_ASN : (int)PXY_CTRL_IP_SRC_ASN;
|
ip_asn_table = (policy_type == PXY_TABLE_SECURITY) ? (int)PXY_SECURITY_IP_SRC_ASN : (int)PXY_CTRL_IP_SRC_ASN;
|
||||||
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_asn_table],
|
scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][ip_asn_table],
|
||||||
CHARSET_UTF8, ip_asn_client->asn, strlen(ip_asn_client->asn),
|
CHARSET_UTF8, ip_asn_client->asn, strlen(ip_asn_client->asn),
|
||||||
@@ -596,7 +688,7 @@ size_t http_policy_scan(enum verify_policy_type policy_type, struct verify_polic
|
|||||||
int protocol_field = query_obj->protocol_field;
|
int protocol_field = query_obj->protocol_field;
|
||||||
const char *value = query_obj->keyword;
|
const char *value = query_obj->keyword;
|
||||||
|
|
||||||
if (protocol_field == PXY_CTRL_IP && query_obj->ip_addr != NULL)
|
if ((protocol_field == PXY_CTRL_SOURCE_ADDR || protocol_field == PXY_CTRL_DESTINATION_ADDR) && query_obj->ip_addr != NULL)
|
||||||
{
|
{
|
||||||
struct ip_address dest_ip, source_ip;
|
struct ip_address dest_ip, source_ip;
|
||||||
verify_ip_addr_to_address(query_obj->ip_addr, &dest_ip, &source_ip);
|
verify_ip_addr_to_address(query_obj->ip_addr, &dest_ip, &source_ip);
|
||||||
@@ -611,7 +703,7 @@ size_t http_policy_scan(enum verify_policy_type policy_type, struct verify_polic
|
|||||||
hit_cnt+=scan_ret;
|
hit_cnt+=scan_ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
scan_ret = Maat_scan_proto_addr(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_IP], query_obj->ip_addr, 0,
|
scan_ret = Maat_scan_proto_addr(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][protocol_field], query_obj->ip_addr, 0,
|
||||||
ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), ctx->thread_id);
|
ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), ctx->thread_id);
|
||||||
if (scan_ret > 0)
|
if (scan_ret > 0)
|
||||||
{
|
{
|
||||||
@@ -817,7 +909,8 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path)
|
|||||||
}
|
}
|
||||||
|
|
||||||
const char * table_name[__SCAN_TABLE_MAX];
|
const char * table_name[__SCAN_TABLE_MAX];
|
||||||
table_name[PXY_CTRL_IP] = "TSG_SECURITY_ADDR";
|
table_name[PXY_CTRL_SOURCE_ADDR] = "TSG_SECURITY_SOURCE_ADDR";
|
||||||
|
table_name[PXY_CTRL_DESTINATION_ADDR]="TSG_SECURITY_DESTINATION_ADDR";
|
||||||
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
||||||
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
||||||
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
||||||
@@ -876,7 +969,8 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path
|
|||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
const char * table_name[__SECURITY_TABLE_MAX];
|
const char * table_name[__SECURITY_TABLE_MAX];
|
||||||
table_name[PXY_SECURITY_IP] = "TSG_SECURITY_ADDR";
|
table_name[PXY_SECURITY_SOURCE_ADDR] = "TSG_SECURITY_SOURCE_ADDR";
|
||||||
|
table_name[PXY_SECURITY_DESTINATION_ADDR] = "TSG_SECURITY_DESTINATION_ADDR";
|
||||||
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
||||||
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
||||||
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
||||||
|
|||||||
Reference in New Issue
Block a user