gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

日志接口支持按文件大小存储日志,并对 table_name 表的结构体进行了优化

Browse Source
This commit is contained in:
fengweihao
2024-08-14 17:57:30 +08:00
parent 1b76ae68fb
commit 6dc39cc922
10 changed files with 523 additions and 292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/include/log.h
View File

@@ -34,6 +34,7 @@ enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARN, LOG_ERROR, LOG_FATAL};
void log_print(struct log_handle *, int level, const char *module, const char *fmt, ...);
void log_options_set_enable(struct log_handle *, int enable);
void log_options_set_level(struct log_handle *, int level);
void log_handle_set_file_max_size(struct log_handle *handle, size_t max_file_size_mb);
struct log_handle * log_handle_create(const char *file_path, int level);
void log_handle_destroy(struct log_handle *);

2
common/include/utils.h
View File

@@ -5,7 +5,7 @@
#define EVAL_TM_STYLE "%Y-%m-%d"
#define VERIFY_SYMBOL_MAX 64
#define VERIFY_PATH_MAX 258
#define VERIFY_PATH_MAX 256
#define VERIFY_STRING_MAX 2048
#define VERIFY_ARRAY_MAX 512
#define MAX_TAG_ID_NUM 128

142
common/src/log.c
View File

@@ -41,6 +41,9 @@ struct log_handle
{
int level;
int enable;
int split_file_by_size;
size_t max_file_size_mb;
int file_index;
FILE *fp;
va_list ap;
char defined_log_fn[1024];
@@ -53,29 +56,6 @@ static unsigned char weekday_str[7][4] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fr
static unsigned char month_str[12][4] = {"Jan", "Feb", "Mar", "Apr","May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
static int log_create_dir(const char *dir_path, int path_len)
{
if(dir_path == NULL)
return -1;
char *buf = (char *)calloc(path_len+1, 1);
int ret = -1;
memcpy(buf, dir_path, path_len);
if(access(buf, R_OK) != 0)
{
if(mkdir(buf, 0755)!= 0)
ret = -1;
else
ret = 0;
}
else
ret = 1;
free(buf);
buf = NULL;
return ret;
}
static void log_close_file(struct log_handle *handle)
{
pthread_mutex_lock(&handle->mutex);
@@ -101,38 +81,65 @@ int log_open_file(char *file_name, struct log_handle *handle)
return 0;
}
static int log_create_dir(const char *dir_path, int path_len)
{
if (dir_path == NULL)
{
return -1;
}
char buf[path_len + 1];
strncpy(buf, dir_path, path_len);
buf[path_len] = '\0';
if (access(buf, R_OK) != 0)
{
if (mkdir(buf, 0755) != 0)
{
return -1;
}
}
return 0;
}
static int log_create_path(const char *file_path)
{
FILE *fp = NULL;
if(file_path == NULL)
{
return 0;
}
char *p_path = rindex(file_path, '/');
if(p_path==0)
if(p_path == 0)
{
return 0;
}
const char *p_cur = file_path;
int path_len = p_path - file_path;
int i = 0;
if(log_create_dir(file_path, path_len) >= 0)
if(log_create_dir(file_path, path_len) == 0)
{
return 0;
}
for(;i<=path_len;i++,p_cur++)
for(int i = 0; i <= path_len; i++, p_cur++)
{
if(*p_cur == '/')
{
if(log_create_dir(file_path, i+1) < 0)
{
return -1;
}
}
if(NULL == (fp = fopen(file_path, "w")))
{
return 0;
}
FILE *fp = fopen(file_path, "w");
if (NULL == fp) {
return -1;
}
fclose(fp);
return 1;
}
@@ -141,24 +148,52 @@ int log_create_log_file(struct log_handle *handle)
{
time_t t;
struct tm local_time;
char tmp_log_file_name[1024+128];
char tmp_log_file_name[1024 + 128];
time(&t);
if(NULL == (localtime_r(&t, &local_time)))
if (NULL == (localtime_r(&t, &local_time)))
{
return 0;
}
snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday);
if(handle->fp == NULL)
if(handle->split_file_by_size == 0)
{
if(0 != log_open_file(tmp_log_file_name, handle)) return 0;
snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday);
}
else
{
struct stat file_stat;
snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d-%03d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday, handle->file_index);
if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name)))
{
handle->file_index = 0;
snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d-%03d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday, handle->file_index);
}
if (stat(tmp_log_file_name, &file_stat) == 0)
{
if (file_stat.st_size >= (handle->max_file_size_mb * 1024 * 1024))
{
handle->file_index++;
snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d-%03d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday, handle->file_index);
}
}
}
if (handle->fp == NULL)
{
if (0 != log_open_file(tmp_log_file_name, handle))
{
return 0;
}
}
else
{
if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name)))
{
if(0 != log_open_file(tmp_log_file_name, handle))return 0;
if (0 != log_open_file(tmp_log_file_name, handle))
{
return 0;
}
}
}
@@ -219,24 +254,43 @@ void log_options_set_enable(struct log_handle * handle, int enable)
}
}
void log_handle_set_file_max_size(struct log_handle *handle, size_t max_file_size_mb)
{
if (handle != NULL)
{
handle->split_file_by_size = 1;
handle->max_file_size_mb = max_file_size_mb;
}
}
struct log_handle *log_handle_create(const char *file_path, int level)
{
struct log_handle *handle = ALLOC(struct log_handle, 1);
if(!handle)
if(!handle || strlen(file_path) == 0)
{
return NULL;
goto finish;
}
handle->enable=1;
handle->level = level;
strncpy(handle->defined_log_fn, file_path, 1023);
pthread_mutex_init(&handle->mutex,NULL);
if(handle->enable)
int ret = log_create_path(handle->defined_log_fn);
if (ret < 0)
{
log_create_path(handle->defined_log_fn);
free(handle);
return NULL;
}
pthread_mutex_init(&handle->mutex, NULL);
return handle;
finish:
if(handle)
{
free(handle);
handle=NULL;
}
return NULL;
}
void log_handle_destroy(struct log_handle * handle)

203
platform/src/verify_matcher.cpp
View File

@@ -32,6 +32,56 @@
#define MODULE_VERIFY_MATCHER "verify-policy.matcher"
const char * table_name[__TSG_OBJ_MAX] =
{
[TSG_OBJ_SOURCE_ADDR] = "ATTR_SOURCE_IP",
[TSG_OBJ_DESTINATION_ADDR]="ATTR_DESTINATION_IP",
[TSG_OBJ_SUBSCRIBE_ID] = "ATTR_SUBSCRIBER_ID",
[TSG_OBJ_APP_ID] = "ATTR_APP_ID",
[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL",
[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR",
[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY",
[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR",
[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY",
[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN",
[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN",
[TSG_OBJ_DOH_QNAME]="ATTR_DOH_QNAME",
[TSG_OBJ_DNS_QNAME] = "ATTR_DNS_QNAME",
[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT",
[TSG_OBJ_MAIL_FROM] = "ATTR_MAIL_FROM",
[TSG_OBJ_MAIL_TO] = "ATTR_MAIL_TO",
[TSG_OBJ_MAIL_SUBJECT] = "ATTR_MAIL_SUBJECT",
[TSG_OBJ_MAIL_CONTENT] = "ATTR_MAIL_CONTENT",
[TSG_OBJ_MAIL_ATT_NAME] = "ATTR_MAIL_ATT_NAME",
[TSG_OBJ_MAIL_ATT_CONTENT] = "ATTR_MAIL_ATT_CONTENT",
[TSG_OBJ_FTP_URI] = "ATTR_FTP_URI",
[TSG_OBJ_FTP_CONTENT] = "ATTR_FTP_CONTENT",
[TSG_OBJ_FTP_ACCOUNT] = "ATTR_FTP_ACCOUNT",
[TSG_OBJ_SIP_FROM]="ATTR_SIP_ORIGINATOR_DESCRIPTION",
[TSG_OBJ_SIP_TO]="ATTR_SIP_RESPONDER_DESCRIPTION",
[TSG_OBJ_IMSI]="ATTR_GTP_IMSI",
[TSG_OBJ_PHONE_NUMBER]="ATTR_GTP_PHONE_NUMBER",
[TSG_OBJ_APN]="ATTR_GTP_APN",
[TSG_OBJ_TUNNEL]="ATTR_TUNNEL",
[TSG_OBJ_FLAG]="ATTR_FLAG",
[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI",
[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN",
[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP",
[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP",
[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT",
[TSG_OBJ_DESTINATION_PORT]="ATTR_DESTINATION_PORT",
[TSG_OBJ_INTERNAL_PORT]="ATTR_INTERNAL_PORT",
[TSG_OBJ_EXTERNAL_PORT]="ATTR_EXTERNAL_PORT",
[TSG_OBJ_IP_PROTOCOL]="ATTR_IP_PROTOCOL",
[TSG_OBJ_SSL_ECH]="ATTR_SSL_ECH",
[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI",
[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI",
[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL",
[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT",
[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT",
[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT"
};
enum policy_action
{
PG_ACTION_NONE = 0,
@@ -200,7 +250,6 @@ struct request_object_list
int numeric;
int merge_nth_scan_num;
int merge_nth_scan[MERGE_SCAN_NTH];
int exclude_nth_scan[MERGE_SCAN_NTH];
char *string;
char *tunnel_type;
char *district_value;
@@ -414,13 +463,16 @@ void tunnel_label_table_new_cb(const char *table_name, int table_id, const char*
*ad = tunnel;
}
const char *table_name_map[] = {"TSG_TUNNEL_CATALOG",
"TSG_TUNNEL_ENDPOINT",
"TSG_TUNNEL_LABEL",
"APP_ID_DICT",
"FQDN_ENTRY",
"IP_ADDR_ENTRY",
"LIBRARY_TAG"};
const char *table_name_map[PROFILE_TABLE_MAX] =
{
[PROFILE_TUNNEL_CATALOG]="TSG_TUNNEL_CATALOG",
[PROFILE_TUNNEL_ENDPOINT]="TSG_TUNNEL_ENDPOINT",
[PROFILE_TUNNEL_LABEL]="TSG_TUNNEL_LABEL",
[PROFILE_APP_DI_DICT]="APP_ID_DICT",
[PROFILE_FQDN_ENTRY]="FQDN_ENTRY",
[PROFILE_IP_ADDR_ENTRY]="IP_ADDR_ENTRY",
[PROFILE_LIBRARY_TAG]="LIBRARY_TAG"
};
int maat_tunnel_table_init(int profile_idx,int vsys_id,
maat_ex_free_func_t* free_func,
@@ -1091,6 +1143,7 @@ int hit_object_exists_by_ids(cJSON* hitPaths, int item_id, int superior_object_i
{
cJSON *hitsObj=NULL;
/*In cases of multiple hits, although the compile_id is inconsistent, the item_id and superior_object_id remain consistent.**/
for(hitsObj = hitPaths->child; hitsObj != NULL; hitsObj = hitsObj->next)
{
cJSON *itemId = cJSON_GetObjectItem(hitsObj, "item_id");
@@ -1144,7 +1197,7 @@ void http_get_scan_status(struct request_object_list *request_object, int compil
{
for(j=0; j<=request_object->merge_nth_scan_num; j++)
{
if (request_object->merge_nth_scan[j] == ctx->hit_path[i].Nth_scan && request_object->exclude_nth_scan[j] != 1)
if (request_object->merge_nth_scan[j] == ctx->hit_path[i].Nth_scan)
{
if (ctx->hit_path[i].top_group_id < 0)
{
@@ -1409,6 +1462,7 @@ int get_fqdn_entry_tag_ids(cJSON *hit_library, int vsys_id, const char *fqdn)
for(int i=0; i < ret && i < MAX_EX_DATA_LEN; i++)
{
fqdn_entry_item=cJSON_CreateObject();
cJSON_AddNumberToObject(fqdn_entry_item, "entry_id", entry_ctx[i]->entry_id);
cJSON_AddStringToObject(fqdn_entry_item, "tag_ids", entry_ctx[i]->tag_ids);
cJSON_AddItemToArray(hit_library, fqdn_entry_item);
hit_fqdn_entry++;
@@ -1570,7 +1624,6 @@ int ip_entry_scan(struct request_object_list *request, struct policy_scan_ctx *c
int get_fqdn_category_id(struct request_object_list *request, struct policy_scan_ctx * ctx, int vsys_id, const char *fqdn, int table_id, int hit_cnt)
{
size_t n_read=0, n_hit_result=0;
int hit_path_cnt=0;
int ret=0, hit_cnt_fqdn=0;
struct library_entry_ctx *fqdn_entry_ctx[MAX_EX_DATA_LEN]={0};
@@ -1621,11 +1674,8 @@ int get_fqdn_category_id(struct request_object_list *request, struct policy_scan
n_read=maat_state_get_hit_paths(ctx->scan_mid, ctx->hit_path, HIT_PATH_SIZE);
if(ret >= MAAT_SCAN_OK)
{
request->merge_nth_scan[hit_path_cnt] = maat_state_get_scan_count(ctx->scan_mid);
fqdn_entry.Nth_scan[fqdn_entry.Nth_scan_num++] = request->merge_nth_scan[hit_path_cnt];
request->exclude_nth_scan[hit_path_cnt] = 1;
fqdn_entry.Nth_scan[fqdn_entry.Nth_scan_num++]=maat_state_get_scan_count(ctx->scan_mid);
ctx->n_read=n_read;
hit_path_cnt++;
}
}
@@ -1633,7 +1683,6 @@ int get_fqdn_category_id(struct request_object_list *request, struct policy_scan
{
utarray_push_back(ctx->scan_path.ut_array_by_context, &fqdn_entry);
}
request->merge_nth_scan_num = hit_path_cnt;
return hit_cnt_fqdn;
}
@@ -2366,55 +2415,6 @@ int tsg_policy_type_str2idx(const char *action_str)
int protoco_field_type_str2idx(const char *action_str, char *buff, char **p)
{
const char * table_name[__TSG_OBJ_MAX] ={0};
table_name[TSG_OBJ_SOURCE_ADDR] = "ATTR_SOURCE_IP";
table_name[TSG_OBJ_DESTINATION_ADDR]="ATTR_DESTINATION_IP";
table_name[TSG_OBJ_SUBSCRIBE_ID] = "ATTR_SUBSCRIBER_ID";
table_name[TSG_OBJ_APP_ID] = "ATTR_APP_ID";
table_name[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL";
table_name[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR";
table_name[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY";
table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR";
table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY";
table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN";
table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN";
table_name[TSG_OBJ_DOH_QNAME]="ATTR_DOH_QNAME";
table_name[TSG_OBJ_DNS_QNAME] = "ATTR_DNS_QNAME";
table_name[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT";
table_name[TSG_OBJ_MAIL_FROM] = "ATTR_MAIL_FROM";
table_name[TSG_OBJ_MAIL_TO] = "ATTR_MAIL_TO";
table_name[TSG_OBJ_MAIL_SUBJECT] = "ATTR_MAIL_SUBJECT";
table_name[TSG_OBJ_MAIL_CONTENT] = "ATTR_MAIL_CONTENT";
table_name[TSG_OBJ_MAIL_ATT_NAME] = "ATTR_MAIL_ATT_NAME";
table_name[TSG_OBJ_MAIL_ATT_CONTENT] = "ATTR_MAIL_ATT_CONTENT";
table_name[TSG_OBJ_FTP_URI] = "ATTR_FTP_URI";
table_name[TSG_OBJ_FTP_CONTENT] = "ATTR_FTP_CONTENT";
table_name[TSG_OBJ_FTP_ACCOUNT] = "ATTR_FTP_ACCOUNT";
table_name[TSG_OBJ_SIP_FROM]="ATTR_SIP_ORIGINATOR_DESCRIPTION";
table_name[TSG_OBJ_SIP_TO]="ATTR_SIP_RESPONDER_DESCRIPTION";
table_name[TSG_OBJ_IMSI]="ATTR_GTP_IMSI";
table_name[TSG_OBJ_PHONE_NUMBER]="ATTR_GTP_PHONE_NUMBER";
table_name[TSG_OBJ_APN]="ATTR_GTP_APN";
table_name[TSG_OBJ_TUNNEL]="ATTR_TUNNEL",
table_name[TSG_OBJ_FLAG]="ATTR_FLAG";
table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI";
table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN";
table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP";
table_name[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP";
table_name[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT";
table_name[TSG_OBJ_DESTINATION_PORT]="ATTR_DESTINATION_PORT";
table_name[TSG_OBJ_INTERNAL_PORT]="ATTR_INTERNAL_PORT";
table_name[TSG_OBJ_EXTERNAL_PORT]="ATTR_EXTERNAL_PORT";
table_name[TSG_OBJ_IP_PROTOCOL]="ATTR_IP_PROTOCOL";
table_name[TSG_OBJ_SSL_ECH]="ATTR_SSL_ECH";
table_name[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI";
table_name[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI";
table_name[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL";
table_name[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT";
table_name[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT";
table_name[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT";
size_t i = 0;
for (i = 0; i < __TSG_OBJ_MAX; i++)
{
@@ -2865,7 +2865,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char *
char table_info[VERIFY_STRING_MAX] = {0}, inc_cfg_dir[VERIFY_STRING_MAX] = {0}, ful_cfg_dir[VERIFY_STRING_MAX] = {0};
char json_cfg_file[VERIFY_STRING_MAX] = {0}, maat_stat_file[VERIFY_PATH_MAX] = {0};
char redis_ip[VERIFY_STRING_MAX] = {0}, redis_port_range[VERIFY_STRING_MAX] = {0};
char accept_tags[VERIFY_STRING_MAX] = {0}, maat_stat_db_file[VERIFY_PATH_MAX] = {0};
char accept_tags[VERIFY_STRING_MAX] = {0}, maat_stat_db_file[VERIFY_PATH_MAX + 12] = {0};
int redis_port_begin=0, redis_port_end=0;
int redis_port_select=0;
@@ -2932,7 +2932,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char *
if (strlen(maat_stat_file) > 0 && maat_stat_on)
{
maat_options_set_stat_on(opts);
snprintf(maat_stat_db_file, VERIFY_PATH_MAX, "%s.%d", maat_stat_file, db_index);
snprintf(maat_stat_db_file, VERIFY_PATH_MAX+12, "%s.%d", maat_stat_file, db_index);
maat_options_set_stat_file(opts, maat_stat_db_file);
}
@@ -2955,68 +2955,6 @@ error_out:
return NULL;
}
static void http_table_name_init(const char *table_name[__TSG_OBJ_MAX])
{
table_name[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL";
table_name[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR";
table_name[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY";
table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR";
table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY";
table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN";
table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN";
return;
}
static void doq_table_name_init(const char *table_name[__TSG_OBJ_MAX])
{
table_name[TSG_OBJ_DNS_QNAME]="ATTR_DNS_QNAME";
table_name[TSG_OBJ_DOH_QNAME] = "ATTR_DOH_QNAME";
return;
}
static void mail_table_name_int(const char *table_name[__TSG_OBJ_MAX])
{
table_name[TSG_OBJ_MAIL_ACCOUNT] = "ATTR_MAIL_ACCOUNT";
table_name[TSG_OBJ_MAIL_FROM] = "ATTR_MAIL_FROM";
table_name[TSG_OBJ_MAIL_TO] = "ATTR_MAIL_TO";
table_name[TSG_OBJ_MAIL_SUBJECT] = "ATTR_MAIL_SUBJECT";
table_name[TSG_OBJ_MAIL_CONTENT] = "ATTR_MAIL_CONTENT";
table_name[TSG_OBJ_MAIL_ATT_NAME] = "ATTR_MAIL_ATT_NAME";
table_name[TSG_OBJ_MAIL_ATT_CONTENT] = "ATTR_MAIL_ATT_CONTENT";
table_name[TSG_OBJ_FTP_URI] = "ATTR_FTP_URI";
table_name[TSG_OBJ_FTP_CONTENT] = "ATTR_FTP_CONTENT";
table_name[TSG_OBJ_FTP_ACCOUNT] = "ATTR_FTP_ACCOUNT";
return;
}
static void common_table_name_int(const char *table_name[__TSG_OBJ_MAX])
{
table_name[TSG_OBJ_SIP_FROM]="ATTR_SIP_ORIGINATOR_DESCRIPTION";
table_name[TSG_OBJ_SIP_TO]="ATTR_SIP_RESPONDER_DESCRIPTION";
table_name[TSG_OBJ_IMSI]="ATTR_GTP_IMSI";
table_name[TSG_OBJ_PHONE_NUMBER]="ATTR_GTP_PHONE_NUMBER";
table_name[TSG_OBJ_APN]="ATTR_GTP_APN";
table_name[TSG_OBJ_TUNNEL]="ATTR_TUNNEL",
table_name[TSG_OBJ_FLAG]="ATTR_FLAG";
table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI";
table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN";
table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP";
table_name[TSG_OBJ_EXTERNAL_ADDR]="ATTR_EXTERNAL_IP";
table_name[TSG_OBJ_SOURCE_PORT]="ATTR_SOURCE_PORT";
table_name[TSG_OBJ_DESTINATION_PORT]="ATTR_DESTINATION_PORT";
table_name[TSG_OBJ_INTERNAL_PORT]="ATTR_INTERNAL_PORT";
table_name[TSG_OBJ_EXTERNAL_PORT]="ATTR_EXTERNAL_PORT";
table_name[TSG_OBJ_IP_PROTOCOL]="ATTR_IP_PROTOCOL";
table_name[TSG_OBJ_SSL_ECH]="ATTR_SSL_ECH";
table_name[TSG_OBJ_SSL_ESNI]="ATTR_SSL_ESNI";
table_name[TSG_OBJ_SSL_NO_SNI]="ATTR_SSL_NO_SNI";
table_name[TSG_OBJ_TUNNEL_LEVEL]="ATTR_TUNNEL_LEVEL";
table_name[TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT";
table_name[TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT";
table_name[TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT";
return;
}
int maat_complie_plugin_table_init(int vsys_id, int compile_type_id)
{
int table_id=0;
@@ -3092,15 +3030,6 @@ int verify_policy_table_init(struct verify_policy * verify, const char* profile_
{
goto error_out;
}
const char * table_name[__TSG_OBJ_MAX];
table_name[TSG_OBJ_SOURCE_ADDR] = "ATTR_SOURCE_IP";
table_name[TSG_OBJ_DESTINATION_ADDR]="ATTR_DESTINATION_IP";
table_name[TSG_OBJ_SUBSCRIBE_ID] = "ATTR_SUBSCRIBER_ID";
table_name[TSG_OBJ_APP_ID] = "ATTR_APP_ID";
http_table_name_init(table_name);
doq_table_name_init(table_name);
mail_table_name_int(table_name);
common_table_name_int(table_name);
for (int i = 0; i < __TSG_OBJ_MAX; i++)
{

6
platform/src/verify_policy.cpp
View File

@@ -530,9 +530,15 @@ int main(int argc, char * argv[])
assert(g_verify_proxy);
strcpy(g_verify_proxy->name, "verify_policy");
int max_file_size_mb=0;
const char *log_path="./logs/verify_policy.log";
MESA_load_profile_int_def(main_profile, "SYSTEM", "log_level", &log_level, LOG_FATAL);
MESA_load_profile_int_def(main_profile, "SYSTEM", "log_file_size_mb", &max_file_size_mb, 0);
g_verify_proxy->logger = log_handle_create(log_path, log_level);
if(max_file_size_mb > 0)
{
log_handle_set_file_max_size(g_verify_proxy->logger, max_file_size_mb);
}
CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit.");
ret = load_system_conf(g_verify_proxy, main_profile);

50
test/resource/HitPolicyRequest.json
View File

@@ -152,6 +152,56 @@
}
],
"verify_type": "policy"
},
{
"__item_id": 5,
"vsys_id": 1,
"verify_list": [
{
"type": "pxy_manipulation",
"vsys_id": 1,
"verify_session": {
"attributes": [
{
"attribute_type": "ip",
"table_name": "ATTR_SOURCE_IP",
"attribute_name": "source",
"attribute_value": {
"ip": "192.168.0.2",
"port":"8080",
"addr_type": 4
}
},
{
"attribute_type": "ip",
"table_name": "ATTR_DESTINATION_IP",
"attribute_name": "destination",
"attribute_value": {
"ip": "192.168.0.3",
"addr_type": 4
}
},
{
"attribute_type": "string",
"table_name": "ATTR_SERVER_FQDN",
"attribute_name": "server_fqdn",
"attribute_value": {
"string": "www.baidu.com"
}
},
{
"attribute_type": "string",
"table_name": "ATTR_SSL_SAN",
"attribute_name": "ssl_san",
"attribute_value": {
"string": "www.baidu.com"
}
}
]
}
}
],
"verify_type": "policy"
}
]
}

158
test/resource/HitPolicyResult.json
View File

@@ -191,6 +191,164 @@
}
},
"success": true
},
{
"code": 200,
"msg": "Success",
"data": {
"hitPolicyList": [
{
"id": 1024,
"policyName": "",
"is_execute_policy": true,
"top_object_list": [
{
"object_id": 10231,
"table_name": "ATTR_SOURCE_IP",
"not_flag": 0,
"nth_clause": 0
},
{
"object_id": 10232,
"table_name": "ATTR_DESTINATION_IP",
"not_flag": 0,
"nth_clause": 1
},
{
"object_id": 10234,
"table_name": "ATTR_SERVER_FQDN",
"not_flag": 0,
"nth_clause": 2
},
{
"object_id": 10235,
"table_name": "ATTR_SSL_SAN",
"not_flag": 0,
"nth_clause": 3
}
]
},
{
"id": 1023,
"policyName": "",
"is_execute_policy": false,
"top_object_list": [
{
"object_id": 10231,
"table_name": "ATTR_SOURCE_IP",
"not_flag": 0,
"nth_clause": 0
},
{
"object_id": 10232,
"table_name": "ATTR_DESTINATION_IP",
"not_flag": 0,
"nth_clause": 1
},
{
"object_id": 10234,
"table_name": "ATTR_SERVER_FQDN",
"not_flag": 0,
"nth_clause": 2
},
{
"object_id": 10235,
"table_name": "ATTR_SSL_SAN",
"not_flag": 0,
"nth_clause": 3
}
]
}
],
"verify_session": {
"attributes": [
{
"attribute_type": "ip",
"table_name": "ATTR_SOURCE_IP",
"attribute_name": "source",
"attribute_value": {
"ip": "192.168.0.2",
"port": "8080",
"addr_type": 4
},
"hit_paths": [
{
"item_id": 2,
"superior_object_id": 10231
}
]
},
{
"attribute_type": "ip",
"table_name": "ATTR_DESTINATION_IP",
"attribute_name": "destination",
"attribute_value": {
"ip": "192.168.0.3",
"addr_type": 4
},
"hit_paths": [
{
"item_id": 3,
"superior_object_id": 10232
}
]
},
{
"attribute_type": "string",
"table_name": "ATTR_SERVER_FQDN",
"attribute_name": "server_fqdn",
"attribute_value": {
"string": "www.baidu.com"
},
"hit_paths": [
{
"entry_id": 2,
"tag_id": 2
},
{
"entry_id": 2,
"tag_id": 3
},
{
"item_id": 5,
"superior_object_id": 10235
},
{
"item_id": 4,
"superior_object_id": 10234
}
]
},
{
"attribute_type": "string",
"table_name": "ATTR_SSL_SAN",
"attribute_name": "ssl_san",
"attribute_value": {
"string": "www.baidu.com"
},
"hit_paths": [
{
"entry_id": 2,
"tag_id": 2
},
{
"entry_id": 2,
"tag_id": 3
},
{
"item_id": 5,
"superior_object_id": 10235
},
{
"item_id": 4,
"superior_object_id": 10234
}
]
}
]
}
},
"success": true
}
]
}

101
test/resource/VerifyPolicyHit.json
View File

@@ -1,101 +0,0 @@
{
"compile_table": "PXY_CTRL_COMPILE",
"group2compile_table": "GROUP_PXY_CTRL_COMPILE_RELATION",
"group2group_table": "GROUP_GROUP_RELATION",
"rules": [
{
"compile_id": 1021,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 101,
"group_name":"IPv4TCPSoureVeiryPolicy01",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.1",
"ip2": "192.168.0.1"
}
}
]
}
]
},
{
"compile_id": 1022,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_id": 11,
"group_name": "IPv4TCPSoureEntry.11",
"virtual_table": "ATTR_SOURCE_IP"
},
{
"group_id": 12,
"group_name": "IPv4TCPSoureEntry.12",
"virtual_table": "ATTR_INTERNAL_IP"
},
{
"group_id": 1,
"group_name": "FQDNEntry.1",
"virtual_table": "ATTR_SERVER_FQDN"
}
]
}
],
"plugin_table": [
{
"table_name": "FQDN_ENTRY",
"table_content": [
"1\t1\twww.126.com\t1\t1",
"2\t2,3\twww.baidu.com\t1\t1",
"4\t4,5,6\twww.qq.com\t1\t1"
]
},
{
"table_name": "IP_ADDR_ENTRY",
"table_content": [
"1\t11\t4\tsingle\t192.168.1.1\t192.168.1.1\t1",
"2\t12,13\t4\tsingle\t192.168.1.2\t192.168.1.2\t1",
"4\t14,15,16\t4\trange\t192.168.1.3\t192.168.1.3\t1"
]
},
{
"table_name": "LIBRARY_TAG",
"table_content": [
"1\tnone\twebsite_category\tfqdn1\tsearch\\bengines\t1",
"2\tnone\twebsite_category\tfqdn2\tRecreation\band\bHobbies\t1",
"3\tnone\twebsite_category\tfqdn3\tbusiness\t1",
"4\tnone\twebsite_category\tfqdn4\tsearch bengines\t1",
"5\tnone\twebsite_category\tfqdn5\tsearch\\bengines\t1",
"6\tnone\twebsite_category\tfqdn6\tsearch\\bengines\t1",
"11\tnone\tgeoip\tadministrative_area\tColombia.Departamento\bdel\bVaupes\t1",
"12\tnone\tgeoip\tadministrative_area\tColombia.Departamento\bdel\bVaupes.Mitú\t1",
"13\tnone\tgeoip\tadministrative_area\tColombia.Antioquia.Marinilla\t1",
"14\tnone\tgeoip\tsuper_administrative_area\tColombia.Departamento\bdel\bVaupes\t1",
"15\tnone\tgeoip\tadministrative_area\tGermany.Bavaria.Mauern\t1",
"16\tnone\tgeoip\tadministrative_area\tGermany.Bavaria.Mellrichstadt\t1"
]
}
]
}

114
test/resource/VerifyPolicyManipulation.json
View File

@@ -61,6 +61,120 @@
"virtual_table": "ATTR_SERVER_FQDN"
}
]
},
{
"compile_id": 1023,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 10231,
"group_name":"IPv4TCPSoureVeiryPolicy02",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.2",
"ip2": "192.168.0.2"
}
}
]
},
{
"not_flag": 0,
"group_id": 10232,
"group_name":"IPv4TCPDestinationVeiryPolicy01",
"virtual_table": "ATTR_DESTINATION_IP",
"regions": [
{
"table_type": "ip",
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.3",
"ip2": "192.168.0.3"
}
}
]
},
{
"virtual_table":"ATTR_SERVER_FQDN",
"group_name":"ServerFqdnVeiryPolicy01",
"group_id":10234,
"not_flag":0,
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"virtual_table":"ATTR_SSL_SAN",
"group_name":"SslSanVeiryPolicy01",
"group_id":10235,
"not_flag":0,
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 1024,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name":"IPv4TCPSoureVeiryPolicy02",
"virtual_table":"ATTR_SOURCE_IP"
},
{
"group_name":"IPv4TCPDestinationVeiryPolicy01",
"virtual_table":"ATTR_DESTINATION_IP"
},
{
"group_name":"ServerFqdnVeiryPolicy01",
"virtual_table":"ATTR_SERVER_FQDN"
},
{
"group_name":"SslSanVeiryPolicy01",
"virtual_table":"ATTR_SSL_SAN"
}
]
}
],
"plugin_table": [

30
test/verify_policy_test.cpp
View File

@@ -90,7 +90,7 @@ static char *select_hit_policy_request_item(int gtest_id)
TEST(LibrarySearch, HitFqdnEntry)
{
const char *hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.126.com\",\"vsys_id\":1}";
const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_ids\":\"1\"}]},\"success\":true}";
const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"entry_id\":1,\"tag_ids\":\"1\"}]},\"success\":true}";
cJSON *result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request));
ASSERT_TRUE(result_json != NULL);
@@ -105,7 +105,7 @@ TEST(LibrarySearch, HitFqdnEntry)
FREE(&hit_policy_list);
hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.baidu.com\",\"vsys_id\":1}";
hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_ids\":\"2,3\"}]},\"success\":true}";
hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"entry_id\":2,\"tag_ids\":\"2,3\"}]},\"success\":true}";
result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request));
ASSERT_TRUE(result_json != NULL);
@@ -120,7 +120,7 @@ TEST(LibrarySearch, HitFqdnEntry)
FREE(&hit_policy_list);
hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.qq.com\",\"vsys_id\":1}";
hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_ids\":\"4,5,6\"}]},\"success\":true}";
hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"entry_id\":4,\"tag_ids\":\"4,5,6\"}]},\"success\":true}";
result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request));
ASSERT_TRUE(result_json != NULL);
@@ -231,7 +231,6 @@ TEST(VerifyPolicy, CheckRegexExpression)
cJSON_Delete(result_json);
FREE(&hit_policy_query);
}
TEST(VerifyPolicy, HitIpPolicy)
@@ -278,6 +277,28 @@ TEST(VerifyPolicy, HitLibraryPolicy)
FREE(&hit_policy_result);
}
TEST(VerifyPolicy, HitMultiplePolicy)
{
char *hit_policy_request = select_hit_policy_request_item(5);
ASSERT_TRUE(hit_policy_request != NULL);
char *hit_policy_result = select_hit_policy_result_item(5);
ASSERT_TRUE(hit_policy_result != NULL);
cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1);
ASSERT_TRUE(result_json != NULL);
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
cJSON_Delete(result_json);
FREE(&hit_policy_query);
FREE(&hit_policy_request);
FREE(&hit_policy_result);
}
static void reload_maat_config(const char * main_profile)
{
verify_policy_table_free(main_profile);
@@ -343,7 +364,6 @@ TEST(VerifyPolicy, HitTunnelEndpointPolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
printf("hit_policy_query =%s\n", hit_policy_query);
int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);