diff --git a/common/include/log.h b/common/include/log.h index 1ca0a4f..6bc1eb9 100644 --- a/common/include/log.h +++ b/common/include/log.h @@ -34,6 +34,7 @@ enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARN, LOG_ERROR, LOG_FATAL}; void log_print(struct log_handle *, int level, const char *module, const char *fmt, ...); void log_options_set_enable(struct log_handle *, int enable); void log_options_set_level(struct log_handle *, int level); +void log_handle_set_file_max_size(struct log_handle *handle, size_t max_file_size_mb); struct log_handle * log_handle_create(const char *file_path, int level); void log_handle_destroy(struct log_handle *); diff --git a/common/include/utils.h b/common/include/utils.h index ece1b36..415f353 100644 --- a/common/include/utils.h +++ b/common/include/utils.h @@ -5,7 +5,7 @@ #define EVAL_TM_STYLE "%Y-%m-%d" #define VERIFY_SYMBOL_MAX 64 -#define VERIFY_PATH_MAX 258 +#define VERIFY_PATH_MAX 256 #define VERIFY_STRING_MAX 2048 #define VERIFY_ARRAY_MAX 512 #define MAX_TAG_ID_NUM 128 diff --git a/common/src/log.c b/common/src/log.c index 5459dd4..07b266e 100644 --- a/common/src/log.c +++ b/common/src/log.c @@ -41,6 +41,9 @@ struct log_handle { int level; int enable; + int split_file_by_size; + size_t max_file_size_mb; + int file_index; FILE *fp; va_list ap; char defined_log_fn[1024]; @@ -53,29 +56,6 @@ static unsigned char weekday_str[7][4] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fr static unsigned char month_str[12][4] = {"Jan", "Feb", "Mar", "Apr","May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; -static int log_create_dir(const char *dir_path, int path_len) -{ - if(dir_path == NULL) - return -1; - - char *buf = (char *)calloc(path_len+1, 1); - int ret = -1; - - memcpy(buf, dir_path, path_len); - if(access(buf, R_OK) != 0) - { - if(mkdir(buf, 0755)!= 0) - ret = -1; - else - ret = 0; - } - else - ret = 1; - free(buf); - buf = NULL; - return ret; -} - static void log_close_file(struct log_handle *handle) { pthread_mutex_lock(&handle->mutex); @@ -101,38 +81,65 @@ int log_open_file(char *file_name, struct log_handle *handle) return 0; } +static int log_create_dir(const char *dir_path, int path_len) +{ + if (dir_path == NULL) + { + return -1; + } + + char buf[path_len + 1]; + strncpy(buf, dir_path, path_len); + buf[path_len] = '\0'; + + if (access(buf, R_OK) != 0) + { + if (mkdir(buf, 0755) != 0) + { + return -1; + } + } + + return 0; +} + static int log_create_path(const char *file_path) { - FILE *fp = NULL; - if(file_path == NULL) - return 0; + { + return 0; + } char *p_path = rindex(file_path, '/'); - if(p_path==0) + if(p_path == 0) { return 0; } const char *p_cur = file_path; int path_len = p_path - file_path; - int i = 0; - if(log_create_dir(file_path, path_len) >= 0) + if(log_create_dir(file_path, path_len) == 0) + { return 0; + } - for(;i<=path_len;i++,p_cur++) + for(int i = 0; i <= path_len; i++, p_cur++) { if(*p_cur == '/') { if(log_create_dir(file_path, i+1) < 0) + { return -1; + } } } - if(NULL == (fp = fopen(file_path, "w"))) - { - return 0; + + FILE *fp = fopen(file_path, "w"); + if (NULL == fp) { + return -1; } + fclose(fp); return 1; } @@ -141,25 +148,53 @@ int log_create_log_file(struct log_handle *handle) { time_t t; struct tm local_time; - char tmp_log_file_name[1024+128]; + char tmp_log_file_name[1024 + 128]; time(&t); - if(NULL == (localtime_r(&t, &local_time))) + if (NULL == (localtime_r(&t, &local_time))) { return 0; } - snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday); - if(handle->fp == NULL) + if(handle->split_file_by_size == 0) { - if(0 != log_open_file(tmp_log_file_name, handle)) return 0; + snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday); } else { - if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name))) - { - if(0 != log_open_file(tmp_log_file_name, handle))return 0; - } + struct stat file_stat; + snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d-%03d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday, handle->file_index); + if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name))) + { + handle->file_index = 0; + snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d-%03d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday, handle->file_index); + } + if (stat(tmp_log_file_name, &file_stat) == 0) + { + if (file_stat.st_size >= (handle->max_file_size_mb * 1024 * 1024)) + { + handle->file_index++; + snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d-%03d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday, handle->file_index); + } + } + } + + if (handle->fp == NULL) + { + if (0 != log_open_file(tmp_log_file_name, handle)) + { + return 0; + } + } + else + { + if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name))) + { + if (0 != log_open_file(tmp_log_file_name, handle)) + { + return 0; + } + } } return 1; @@ -219,24 +254,43 @@ void log_options_set_enable(struct log_handle * handle, int enable) } } +void log_handle_set_file_max_size(struct log_handle *handle, size_t max_file_size_mb) +{ + if (handle != NULL) + { + handle->split_file_by_size = 1; + handle->max_file_size_mb = max_file_size_mb; + } +} + struct log_handle *log_handle_create(const char *file_path, int level) { struct log_handle *handle = ALLOC(struct log_handle, 1); - if(!handle) + if(!handle || strlen(file_path) == 0) { - return NULL; + goto finish; } + handle->enable=1; handle->level = level; strncpy(handle->defined_log_fn, file_path, 1023); - pthread_mutex_init(&handle->mutex,NULL); - if(handle->enable) + int ret = log_create_path(handle->defined_log_fn); + if (ret < 0) { - log_create_path(handle->defined_log_fn); + free(handle); + return NULL; } - + pthread_mutex_init(&handle->mutex, NULL); return handle; + +finish: + if(handle) + { + free(handle); + handle=NULL; + } + return NULL; } void log_handle_destroy(struct log_handle * handle) diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index 6452d92..c9434d6 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -32,6 +32,56 @@ #define MODULE_VERIFY_MATCHER "verify-policy.matcher" +const char * table_name[__TSG_OBJ_MAX] = +{ + [TSG_OBJ_SOURCE_ADDR] = "ATTR_SOURCE_IP", + [TSG_OBJ_DESTINATION_ADDR]="ATTR_DESTINATION_IP", + [TSG_OBJ_SUBSCRIBE_ID] = "ATTR_SUBSCRIBER_ID", + [TSG_OBJ_APP_ID] = "ATTR_APP_ID", + [TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL", + [TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR", + [TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY", + [TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR", + [TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY", + [TSG_OBJ_SSL_CN] = "ATTR_SSL_CN", + [TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN", + [TSG_OBJ_DOH_QNAME]="ATTR_DOH_QNAME", + [TSG_OBJ_DNS_QNAME] = "ATTR_DNS_QNAME", + [TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT", + [TSG_OBJ_MAIL_FROM] = "ATTR_MAIL_FROM", + [TSG_OBJ_MAIL_TO] = "ATTR_MAIL_TO", + [TSG_OBJ_MAIL_SUBJECT] = "ATTR_MAIL_SUBJECT", + [TSG_OBJ_MAIL_CONTENT] = "ATTR_MAIL_CONTENT", + [TSG_OBJ_MAIL_ATT_NAME] = "ATTR_MAIL_ATT_NAME", + [TSG_OBJ_MAIL_ATT_CONTENT] = "ATTR_MAIL_ATT_CONTENT", + [TSG_OBJ_FTP_URI] = "ATTR_FTP_URI", + [TSG_OBJ_FTP_CONTENT] = "ATTR_FTP_CONTENT", + [TSG_OBJ_FTP_ACCOUNT] = "ATTR_FTP_ACCOUNT", + [TSG_OBJ_SIP_FROM]="ATTR_SIP_ORIGINATOR_DESCRIPTION", + [TSG_OBJ_SIP_TO]="ATTR_SIP_RESPONDER_DESCRIPTION", + [TSG_OBJ_IMSI]="ATTR_GTP_IMSI", + [TSG_OBJ_PHONE_NUMBER]="ATTR_GTP_PHONE_NUMBER", + [TSG_OBJ_APN]="ATTR_GTP_APN", + [TSG_OBJ_TUNNEL]="ATTR_TUNNEL", + [TSG_OBJ_FLAG]="ATTR_FLAG", + [TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI", + [TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN", + [TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP", + [TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP", + [TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT", + [TSG_OBJ_DESTINATION_PORT]="ATTR_DESTINATION_PORT", + [TSG_OBJ_INTERNAL_PORT]="ATTR_INTERNAL_PORT", + [TSG_OBJ_EXTERNAL_PORT]="ATTR_EXTERNAL_PORT", + [TSG_OBJ_IP_PROTOCOL]="ATTR_IP_PROTOCOL", + [TSG_OBJ_SSL_ECH]="ATTR_SSL_ECH", + [TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI", + [TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI", + [TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL", + [TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT", + [TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT", + [TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT" +}; + enum policy_action { PG_ACTION_NONE = 0, @@ -200,7 +250,6 @@ struct request_object_list int numeric; int merge_nth_scan_num; int merge_nth_scan[MERGE_SCAN_NTH]; - int exclude_nth_scan[MERGE_SCAN_NTH]; char *string; char *tunnel_type; char *district_value; @@ -414,13 +463,16 @@ void tunnel_label_table_new_cb(const char *table_name, int table_id, const char* *ad = tunnel; } -const char *table_name_map[] = {"TSG_TUNNEL_CATALOG", - "TSG_TUNNEL_ENDPOINT", - "TSG_TUNNEL_LABEL", - "APP_ID_DICT", - "FQDN_ENTRY", - "IP_ADDR_ENTRY", - "LIBRARY_TAG"}; +const char *table_name_map[PROFILE_TABLE_MAX] = +{ + [PROFILE_TUNNEL_CATALOG]="TSG_TUNNEL_CATALOG", + [PROFILE_TUNNEL_ENDPOINT]="TSG_TUNNEL_ENDPOINT", + [PROFILE_TUNNEL_LABEL]="TSG_TUNNEL_LABEL", + [PROFILE_APP_DI_DICT]="APP_ID_DICT", + [PROFILE_FQDN_ENTRY]="FQDN_ENTRY", + [PROFILE_IP_ADDR_ENTRY]="IP_ADDR_ENTRY", + [PROFILE_LIBRARY_TAG]="LIBRARY_TAG" +}; int maat_tunnel_table_init(int profile_idx,int vsys_id, maat_ex_free_func_t* free_func, @@ -1091,6 +1143,7 @@ int hit_object_exists_by_ids(cJSON* hitPaths, int item_id, int superior_object_i { cJSON *hitsObj=NULL; + /*In cases of multiple hits, although the compile_id is inconsistent, the item_id and superior_object_id remain consistent.**/ for(hitsObj = hitPaths->child; hitsObj != NULL; hitsObj = hitsObj->next) { cJSON *itemId = cJSON_GetObjectItem(hitsObj, "item_id"); @@ -1144,7 +1197,7 @@ void http_get_scan_status(struct request_object_list *request_object, int compil { for(j=0; j<=request_object->merge_nth_scan_num; j++) { - if (request_object->merge_nth_scan[j] == ctx->hit_path[i].Nth_scan && request_object->exclude_nth_scan[j] != 1) + if (request_object->merge_nth_scan[j] == ctx->hit_path[i].Nth_scan) { if (ctx->hit_path[i].top_group_id < 0) { @@ -1409,6 +1462,7 @@ int get_fqdn_entry_tag_ids(cJSON *hit_library, int vsys_id, const char *fqdn) for(int i=0; i < ret && i < MAX_EX_DATA_LEN; i++) { fqdn_entry_item=cJSON_CreateObject(); + cJSON_AddNumberToObject(fqdn_entry_item, "entry_id", entry_ctx[i]->entry_id); cJSON_AddStringToObject(fqdn_entry_item, "tag_ids", entry_ctx[i]->tag_ids); cJSON_AddItemToArray(hit_library, fqdn_entry_item); hit_fqdn_entry++; @@ -1570,7 +1624,6 @@ int ip_entry_scan(struct request_object_list *request, struct policy_scan_ctx *c int get_fqdn_category_id(struct request_object_list *request, struct policy_scan_ctx * ctx, int vsys_id, const char *fqdn, int table_id, int hit_cnt) { size_t n_read=0, n_hit_result=0; - int hit_path_cnt=0; int ret=0, hit_cnt_fqdn=0; struct library_entry_ctx *fqdn_entry_ctx[MAX_EX_DATA_LEN]={0}; @@ -1621,11 +1674,8 @@ int get_fqdn_category_id(struct request_object_list *request, struct policy_scan n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE); if(ret >= MAAT_SCAN_OK) { - request->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid); - fqdn_entry.Nth_scan[fqdn_entry.Nth_scan_num++] = request->merge_nth_scan[hit_path_cnt]; - request->exclude_nth_scan[hit_path_cnt] = 1; + fqdn_entry.Nth_scan[fqdn_entry.Nth_scan_num++]=maat_state_get_scan_count(ctx->scan_mid); ctx->n_read=n_read; - hit_path_cnt++; } } @@ -1633,7 +1683,6 @@ int get_fqdn_category_id(struct request_object_list *request, struct policy_scan { utarray_push_back(ctx->scan_path.ut_array_by_context, &fqdn_entry); } - request->merge_nth_scan_num = hit_path_cnt; return hit_cnt_fqdn; } @@ -2366,55 +2415,6 @@ int tsg_policy_type_str2idx(const char *action_str) int protoco_field_type_str2idx(const char *action_str, char *buff, char **p) { - const char * table_name[__TSG_OBJ_MAX] ={0}; - - table_name[TSG_OBJ_SOURCE_ADDR] = "ATTR_SOURCE_IP"; - table_name[TSG_OBJ_DESTINATION_ADDR]="ATTR_DESTINATION_IP"; - table_name[TSG_OBJ_SUBSCRIBE_ID] = "ATTR_SUBSCRIBER_ID"; - table_name[TSG_OBJ_APP_ID] = "ATTR_APP_ID"; - table_name[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL"; - table_name[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR"; - table_name[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY"; - table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR"; - table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY"; - table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN"; - table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN"; - table_name[TSG_OBJ_DOH_QNAME]="ATTR_DOH_QNAME"; - table_name[TSG_OBJ_DNS_QNAME] = "ATTR_DNS_QNAME"; - table_name[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT"; - table_name[TSG_OBJ_MAIL_FROM] = "ATTR_MAIL_FROM"; - table_name[TSG_OBJ_MAIL_TO] = "ATTR_MAIL_TO"; - table_name[TSG_OBJ_MAIL_SUBJECT] = "ATTR_MAIL_SUBJECT"; - table_name[TSG_OBJ_MAIL_CONTENT] = "ATTR_MAIL_CONTENT"; - table_name[TSG_OBJ_MAIL_ATT_NAME] = "ATTR_MAIL_ATT_NAME"; - table_name[TSG_OBJ_MAIL_ATT_CONTENT] = "ATTR_MAIL_ATT_CONTENT"; - table_name[TSG_OBJ_FTP_URI] = "ATTR_FTP_URI"; - table_name[TSG_OBJ_FTP_CONTENT] = "ATTR_FTP_CONTENT"; - table_name[TSG_OBJ_FTP_ACCOUNT] = "ATTR_FTP_ACCOUNT"; - table_name[TSG_OBJ_SIP_FROM]="ATTR_SIP_ORIGINATOR_DESCRIPTION"; - table_name[TSG_OBJ_SIP_TO]="ATTR_SIP_RESPONDER_DESCRIPTION"; - table_name[TSG_OBJ_IMSI]="ATTR_GTP_IMSI"; - table_name[TSG_OBJ_PHONE_NUMBER]="ATTR_GTP_PHONE_NUMBER"; - table_name[TSG_OBJ_APN]="ATTR_GTP_APN"; - table_name[TSG_OBJ_TUNNEL]="ATTR_TUNNEL", - table_name[TSG_OBJ_FLAG]="ATTR_FLAG"; - table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI"; - table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN"; - table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP"; - table_name[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP"; - table_name[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT"; - table_name[TSG_OBJ_DESTINATION_PORT]="ATTR_DESTINATION_PORT"; - table_name[TSG_OBJ_INTERNAL_PORT]="ATTR_INTERNAL_PORT"; - table_name[TSG_OBJ_EXTERNAL_PORT]="ATTR_EXTERNAL_PORT"; - table_name[TSG_OBJ_IP_PROTOCOL]="ATTR_IP_PROTOCOL"; - table_name[TSG_OBJ_SSL_ECH]="ATTR_SSL_ECH"; - table_name[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI"; - table_name[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI"; - table_name[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL"; - table_name[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT"; - table_name[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT"; - table_name[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT"; - size_t i = 0; for (i = 0; i < __TSG_OBJ_MAX; i++) { @@ -2865,7 +2865,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char * char table_info[VERIFY_STRING_MAX] = {0}, inc_cfg_dir[VERIFY_STRING_MAX] = {0}, ful_cfg_dir[VERIFY_STRING_MAX] = {0}; char json_cfg_file[VERIFY_STRING_MAX] = {0}, maat_stat_file[VERIFY_PATH_MAX] = {0}; char redis_ip[VERIFY_STRING_MAX] = {0}, redis_port_range[VERIFY_STRING_MAX] = {0}; - char accept_tags[VERIFY_STRING_MAX] = {0}, maat_stat_db_file[VERIFY_PATH_MAX] = {0}; + char accept_tags[VERIFY_STRING_MAX] = {0}, maat_stat_db_file[VERIFY_PATH_MAX + 12] = {0}; int redis_port_begin=0, redis_port_end=0; int redis_port_select=0; @@ -2932,7 +2932,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char * if (strlen(maat_stat_file) > 0 && maat_stat_on) { maat_options_set_stat_on(opts); - snprintf(maat_stat_db_file, VERIFY_PATH_MAX, "%s.%d", maat_stat_file, db_index); + snprintf(maat_stat_db_file, VERIFY_PATH_MAX+12, "%s.%d", maat_stat_file, db_index); maat_options_set_stat_file(opts, maat_stat_db_file); } @@ -2955,68 +2955,6 @@ error_out: return NULL; } -static void http_table_name_init(const char *table_name[__TSG_OBJ_MAX]) -{ - table_name[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL"; - table_name[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR"; - table_name[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY"; - table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR"; - table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY"; - table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN"; - table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN"; - return; -} - -static void doq_table_name_init(const char *table_name[__TSG_OBJ_MAX]) -{ - table_name[TSG_OBJ_DNS_QNAME]="ATTR_DNS_QNAME"; - table_name[TSG_OBJ_DOH_QNAME] = "ATTR_DOH_QNAME"; - return; -} - -static void mail_table_name_int(const char *table_name[__TSG_OBJ_MAX]) -{ - table_name[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT"; - table_name[TSG_OBJ_MAIL_FROM] = "ATTR_MAIL_FROM"; - table_name[TSG_OBJ_MAIL_TO] = "ATTR_MAIL_TO"; - table_name[TSG_OBJ_MAIL_SUBJECT] = "ATTR_MAIL_SUBJECT"; - table_name[TSG_OBJ_MAIL_CONTENT] = "ATTR_MAIL_CONTENT"; - table_name[TSG_OBJ_MAIL_ATT_NAME] = "ATTR_MAIL_ATT_NAME"; - table_name[TSG_OBJ_MAIL_ATT_CONTENT] = "ATTR_MAIL_ATT_CONTENT"; - table_name[TSG_OBJ_FTP_URI] = "ATTR_FTP_URI"; - table_name[TSG_OBJ_FTP_CONTENT] = "ATTR_FTP_CONTENT"; - table_name[TSG_OBJ_FTP_ACCOUNT] = "ATTR_FTP_ACCOUNT"; - return; -} - -static void common_table_name_int(const char *table_name[__TSG_OBJ_MAX]) -{ - table_name[TSG_OBJ_SIP_FROM]="ATTR_SIP_ORIGINATOR_DESCRIPTION"; - table_name[TSG_OBJ_SIP_TO]="ATTR_SIP_RESPONDER_DESCRIPTION"; - table_name[TSG_OBJ_IMSI]="ATTR_GTP_IMSI"; - table_name[TSG_OBJ_PHONE_NUMBER]="ATTR_GTP_PHONE_NUMBER"; - table_name[TSG_OBJ_APN]="ATTR_GTP_APN"; - table_name[TSG_OBJ_TUNNEL]="ATTR_TUNNEL", - table_name[TSG_OBJ_FLAG]="ATTR_FLAG"; - table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI"; - table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN"; - table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP"; - table_name[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP"; - table_name[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT"; - table_name[TSG_OBJ_DESTINATION_PORT]="ATTR_DESTINATION_PORT"; - table_name[TSG_OBJ_INTERNAL_PORT]="ATTR_INTERNAL_PORT"; - table_name[TSG_OBJ_EXTERNAL_PORT]="ATTR_EXTERNAL_PORT"; - table_name[TSG_OBJ_IP_PROTOCOL]="ATTR_IP_PROTOCOL"; - table_name[TSG_OBJ_SSL_ECH]="ATTR_SSL_ECH"; - table_name[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI"; - table_name[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI"; - table_name[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL"; - table_name[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT"; - table_name[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT"; - table_name[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT"; - return; -} - int maat_complie_plugin_table_init(int vsys_id, int compile_type_id) { int table_id=0; @@ -3092,15 +3030,6 @@ int verify_policy_table_init(struct verify_policy * verify, const char* profile_ { goto error_out; } - const char * table_name[__TSG_OBJ_MAX]; - table_name[TSG_OBJ_SOURCE_ADDR] = "ATTR_SOURCE_IP"; - table_name[TSG_OBJ_DESTINATION_ADDR]="ATTR_DESTINATION_IP"; - table_name[TSG_OBJ_SUBSCRIBE_ID] = "ATTR_SUBSCRIBER_ID"; - table_name[TSG_OBJ_APP_ID] = "ATTR_APP_ID"; - http_table_name_init(table_name); - doq_table_name_init(table_name); - mail_table_name_int(table_name); - common_table_name_int(table_name); for (int i = 0; i < __TSG_OBJ_MAX; i++) { diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index 4d34cfa..fad532d 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -530,9 +530,15 @@ int main(int argc, char * argv[]) assert(g_verify_proxy); strcpy(g_verify_proxy->name, "verify_policy"); + int max_file_size_mb=0; const char *log_path="./logs/verify_policy.log"; MESA_load_profile_int_def(main_profile, "SYSTEM", "log_level", &log_level, LOG_FATAL); + MESA_load_profile_int_def(main_profile, "SYSTEM", "log_file_size_mb", &max_file_size_mb, 0); g_verify_proxy->logger = log_handle_create(log_path, log_level); + if(max_file_size_mb > 0) + { + log_handle_set_file_max_size(g_verify_proxy->logger, max_file_size_mb); + } CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit."); ret = load_system_conf(g_verify_proxy, main_profile); diff --git a/test/resource/HitPolicyRequest.json b/test/resource/HitPolicyRequest.json index e9996c3..b58607e 100644 --- a/test/resource/HitPolicyRequest.json +++ b/test/resource/HitPolicyRequest.json @@ -152,6 +152,56 @@ } ], "verify_type": "policy" + }, + { + "__item_id": 5, + "vsys_id": 1, + "verify_list": [ + { + "type": "pxy_manipulation", + "vsys_id": 1, + "verify_session": { + "attributes": [ + { + "attribute_type": "ip", + "table_name": "ATTR_SOURCE_IP", + "attribute_name": "source", + "attribute_value": { + "ip": "192.168.0.2", + "port":"8080", + "addr_type": 4 + } + }, + { + "attribute_type": "ip", + "table_name": "ATTR_DESTINATION_IP", + "attribute_name": "destination", + "attribute_value": { + "ip": "192.168.0.3", + "addr_type": 4 + } + }, + { + "attribute_type": "string", + "table_name": "ATTR_SERVER_FQDN", + "attribute_name": "server_fqdn", + "attribute_value": { + "string": "www.baidu.com" + } + }, + { + "attribute_type": "string", + "table_name": "ATTR_SSL_SAN", + "attribute_name": "ssl_san", + "attribute_value": { + "string": "www.baidu.com" + } + } + ] + } + } + ], + "verify_type": "policy" } ] } \ No newline at end of file diff --git a/test/resource/HitPolicyResult.json b/test/resource/HitPolicyResult.json index db4da0c..a617203 100644 --- a/test/resource/HitPolicyResult.json +++ b/test/resource/HitPolicyResult.json @@ -191,6 +191,164 @@ } }, "success": true + }, + { + "code": 200, + "msg": "Success", + "data": { + "hitPolicyList": [ + { + "id": 1024, + "policyName": "", + "is_execute_policy": true, + "top_object_list": [ + { + "object_id": 10231, + "table_name": "ATTR_SOURCE_IP", + "not_flag": 0, + "nth_clause": 0 + }, + { + "object_id": 10232, + "table_name": "ATTR_DESTINATION_IP", + "not_flag": 0, + "nth_clause": 1 + }, + { + "object_id": 10234, + "table_name": "ATTR_SERVER_FQDN", + "not_flag": 0, + "nth_clause": 2 + }, + { + "object_id": 10235, + "table_name": "ATTR_SSL_SAN", + "not_flag": 0, + "nth_clause": 3 + } + ] + }, + { + "id": 1023, + "policyName": "", + "is_execute_policy": false, + "top_object_list": [ + { + "object_id": 10231, + "table_name": "ATTR_SOURCE_IP", + "not_flag": 0, + "nth_clause": 0 + }, + { + "object_id": 10232, + "table_name": "ATTR_DESTINATION_IP", + "not_flag": 0, + "nth_clause": 1 + }, + { + "object_id": 10234, + "table_name": "ATTR_SERVER_FQDN", + "not_flag": 0, + "nth_clause": 2 + }, + { + "object_id": 10235, + "table_name": "ATTR_SSL_SAN", + "not_flag": 0, + "nth_clause": 3 + } + ] + } + ], + "verify_session": { + "attributes": [ + { + "attribute_type": "ip", + "table_name": "ATTR_SOURCE_IP", + "attribute_name": "source", + "attribute_value": { + "ip": "192.168.0.2", + "port": "8080", + "addr_type": 4 + }, + "hit_paths": [ + { + "item_id": 2, + "superior_object_id": 10231 + } + ] + }, + { + "attribute_type": "ip", + "table_name": "ATTR_DESTINATION_IP", + "attribute_name": "destination", + "attribute_value": { + "ip": "192.168.0.3", + "addr_type": 4 + }, + "hit_paths": [ + { + "item_id": 3, + "superior_object_id": 10232 + } + ] + }, + { + "attribute_type": "string", + "table_name": "ATTR_SERVER_FQDN", + "attribute_name": "server_fqdn", + "attribute_value": { + "string": "www.baidu.com" + }, + "hit_paths": [ + { + "entry_id": 2, + "tag_id": 2 + }, + { + "entry_id": 2, + "tag_id": 3 + }, + { + "item_id": 5, + "superior_object_id": 10235 + }, + { + "item_id": 4, + "superior_object_id": 10234 + } + ] + }, + { + "attribute_type": "string", + "table_name": "ATTR_SSL_SAN", + "attribute_name": "ssl_san", + "attribute_value": { + "string": "www.baidu.com" + }, + "hit_paths": [ + { + "entry_id": 2, + "tag_id": 2 + }, + { + "entry_id": 2, + "tag_id": 3 + }, + { + "item_id": 5, + "superior_object_id": 10235 + }, + { + "item_id": 4, + "superior_object_id": 10234 + } + ] + } + ] + } + }, + "success": true } ] } \ No newline at end of file diff --git a/test/resource/VerifyPolicyHit.json b/test/resource/VerifyPolicyHit.json deleted file mode 100644 index 81487b4..0000000 --- a/test/resource/VerifyPolicyHit.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "compile_table": "PXY_CTRL_COMPILE", - "group2compile_table": "GROUP_PXY_CTRL_COMPILE_RELATION", - "group2group_table": "GROUP_GROUP_RELATION", - "rules": [ - { - "compile_id": 1021, - "service": 1, - "action": 48, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "tags":"anything", - "user_region": "anything", - "is_valid": "yes", - "groups": [ - { - "not_flag": 0, - "group_id": 101, - "group_name":"IPv4TCPSoureVeiryPolicy01", - "virtual_table": "ATTR_SOURCE_IP", - "regions": [ - { - "table_type": "ip", - "table_name": "TSG_OBJ_IP_ADDR", - "table_content": { - "addr_type": "ipv4", - "addr_format": "range", - "ip1": "192.168.0.1", - "ip2": "192.168.0.1" - } - } - ] - } - ] - }, - { - "compile_id": 1022, - "service": 1, - "action": 48, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "tags":"anything", - "user_region": "anything", - "is_valid": "yes", - "groups": [ - { - "group_id": 11, - "group_name": "IPv4TCPSoureEntry.11", - "virtual_table": "ATTR_SOURCE_IP" - }, - { - "group_id": 12, - "group_name": "IPv4TCPSoureEntry.12", - "virtual_table": "ATTR_INTERNAL_IP" - }, - { - "group_id": 1, - "group_name": "FQDNEntry.1", - "virtual_table": "ATTR_SERVER_FQDN" - } - ] - } - ], - "plugin_table": [ - { - "table_name": "FQDN_ENTRY", - "table_content": [ - "1\t1\twww.126.com\t1\t1", - "2\t2,3\twww.baidu.com\t1\t1", - "4\t4,5,6\twww.qq.com\t1\t1" - ] - }, - { - "table_name": "IP_ADDR_ENTRY", - "table_content": [ - "1\t11\t4\tsingle\t192.168.1.1\t192.168.1.1\t1", - "2\t12,13\t4\tsingle\t192.168.1.2\t192.168.1.2\t1", - "4\t14,15,16\t4\trange\t192.168.1.3\t192.168.1.3\t1" - ] - }, - { - "table_name": "LIBRARY_TAG", - "table_content": [ - "1\tnone\twebsite_category\tfqdn1\tsearch\\bengines\t1", - "2\tnone\twebsite_category\tfqdn2\tRecreation\band\bHobbies\t1", - "3\tnone\twebsite_category\tfqdn3\tbusiness\t1", - "4\tnone\twebsite_category\tfqdn4\tsearch bengines\t1", - "5\tnone\twebsite_category\tfqdn5\tsearch\\bengines\t1", - "6\tnone\twebsite_category\tfqdn6\tsearch\\bengines\t1", - "11\tnone\tgeoip\tadministrative_area\tColombia.Departamento\bdel\bVaupes\t1", - "12\tnone\tgeoip\tadministrative_area\tColombia.Departamento\bdel\bVaupes.MitĂș\t1", - "13\tnone\tgeoip\tadministrative_area\tColombia.Antioquia.Marinilla\t1", - "14\tnone\tgeoip\tsuper_administrative_area\tColombia.Departamento\bdel\bVaupes\t1", - "15\tnone\tgeoip\tadministrative_area\tGermany.Bavaria.Mauern\t1", - "16\tnone\tgeoip\tadministrative_area\tGermany.Bavaria.Mellrichstadt\t1" - ] - } - ] -} diff --git a/test/resource/VerifyPolicyManipulation.json b/test/resource/VerifyPolicyManipulation.json index 81487b4..fa7dd51 100644 --- a/test/resource/VerifyPolicyManipulation.json +++ b/test/resource/VerifyPolicyManipulation.json @@ -61,6 +61,120 @@ "virtual_table": "ATTR_SERVER_FQDN" } ] + }, + { + "compile_id": 1023, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "tags":"anything", + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "not_flag": 0, + "group_id": 10231, + "group_name":"IPv4TCPSoureVeiryPolicy02", + "virtual_table": "ATTR_SOURCE_IP", + "regions": [ + { + "table_type": "ip", + "table_name": "TSG_OBJ_IP_ADDR", + "table_content": { + "addr_type": "ipv4", + "addr_format": "range", + "ip1": "192.168.0.2", + "ip2": "192.168.0.2" + } + } + ] + }, + { + "not_flag": 0, + "group_id": 10232, + "group_name":"IPv4TCPDestinationVeiryPolicy01", + "virtual_table": "ATTR_DESTINATION_IP", + "regions": [ + { + "table_type": "ip", + "table_name": "TSG_OBJ_IP_ADDR", + "table_content": { + "addr_type": "ipv4", + "addr_format": "range", + "ip1": "192.168.0.3", + "ip2": "192.168.0.3" + } + } + ] + }, + { + "virtual_table":"ATTR_SERVER_FQDN", + "group_name":"ServerFqdnVeiryPolicy01", + "group_id":10234, + "not_flag":0, + "regions": [ + { + "table_name": "TSG_OBJ_FQDN", + "table_type": "expr", + "table_content": { + "keywords": "baidu.com", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + }, + { + "virtual_table":"ATTR_SSL_SAN", + "group_name":"SslSanVeiryPolicy01", + "group_id":10235, + "not_flag":0, + "regions": [ + { + "table_name": "TSG_OBJ_FQDN", + "table_type": "expr", + "table_content": { + "keywords": "baidu.com", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1024, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "tags":"anything", + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name":"IPv4TCPSoureVeiryPolicy02", + "virtual_table":"ATTR_SOURCE_IP" + }, + { + "group_name":"IPv4TCPDestinationVeiryPolicy01", + "virtual_table":"ATTR_DESTINATION_IP" + }, + { + "group_name":"ServerFqdnVeiryPolicy01", + "virtual_table":"ATTR_SERVER_FQDN" + }, + { + "group_name":"SslSanVeiryPolicy01", + "virtual_table":"ATTR_SSL_SAN" + } + ] } ], "plugin_table": [ diff --git a/test/verify_policy_test.cpp b/test/verify_policy_test.cpp index c7f07eb..e109183 100644 --- a/test/verify_policy_test.cpp +++ b/test/verify_policy_test.cpp @@ -90,7 +90,7 @@ static char *select_hit_policy_request_item(int gtest_id) TEST(LibrarySearch, HitFqdnEntry) { const char *hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.126.com\",\"vsys_id\":1}"; - const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_ids\":\"1\"}]},\"success\":true}"; + const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"entry_id\":1,\"tag_ids\":\"1\"}]},\"success\":true}"; cJSON *result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); ASSERT_TRUE(result_json != NULL); @@ -105,7 +105,7 @@ TEST(LibrarySearch, HitFqdnEntry) FREE(&hit_policy_list); hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.baidu.com\",\"vsys_id\":1}"; - hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_ids\":\"2,3\"}]},\"success\":true}"; + hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"entry_id\":2,\"tag_ids\":\"2,3\"}]},\"success\":true}"; result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); ASSERT_TRUE(result_json != NULL); @@ -120,7 +120,7 @@ TEST(LibrarySearch, HitFqdnEntry) FREE(&hit_policy_list); hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.qq.com\",\"vsys_id\":1}"; - hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_ids\":\"4,5,6\"}]},\"success\":true}"; + hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"entry_id\":4,\"tag_ids\":\"4,5,6\"}]},\"success\":true}"; result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); ASSERT_TRUE(result_json != NULL); @@ -231,7 +231,6 @@ TEST(VerifyPolicy, CheckRegexExpression) cJSON_Delete(result_json); FREE(&hit_policy_query); - } TEST(VerifyPolicy, HitIpPolicy) @@ -278,6 +277,28 @@ TEST(VerifyPolicy, HitLibraryPolicy) FREE(&hit_policy_result); } +TEST(VerifyPolicy, HitMultiplePolicy) +{ + char *hit_policy_request = select_hit_policy_request_item(5); + ASSERT_TRUE(hit_policy_request != NULL); + char *hit_policy_result = select_hit_policy_result_item(5); + ASSERT_TRUE(hit_policy_result != NULL); + + cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + + char *hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + FREE(&hit_policy_request); + FREE(&hit_policy_result); +} + static void reload_maat_config(const char * main_profile) { verify_policy_table_free(main_profile); @@ -343,7 +364,6 @@ TEST(VerifyPolicy, HitTunnelEndpointPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_query =%s\n", hit_policy_query); int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); EXPECT_EQ(equal, 0);