diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index 43cd518..bf266dc 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -30,6 +30,8 @@ enum manipulate_sacn_table PXY_CTRL_HTTP_RES_BODY, PXY_CTRL_SUBSCRIBE_ID, PXY_CTRL_APP_ID, + PXY_CTRL_DOH_QNAME, + PXY_CTRL_DOH_HOST, PXY_CTRL_IP_SRC_ASN, PXY_CTRL_IP_DST_ASN, PXY_CTRL_IP_SRC_LOCATION, diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index 69f5504..c46f313 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -94,6 +94,8 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_ table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT"; table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID"; table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID"; + table_name[PXY_CTRL_DOH_QNAME]="TSG_FIELD_DOH_QNAME"; + table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST"; break; case PXY_TABLE_SECURITY: table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR"; diff --git a/resource/table_info_proxy.conf b/resource/table_info_proxy.conf index 88249fe..3c0f0bc 100644 --- a/resource/table_info_proxy.conf +++ b/resource/table_info_proxy.conf @@ -45,19 +45,21 @@ 26 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0 27 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- 28 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- +29 TSG_FIELD_DOH_QNAME virtual TSG_OBJ_FQDN -- +30 TSG_FIELD_DOH_HOST virtual TSG_OBJ_FQDN -- #eliminate the alarm -29 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 -30 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- -31 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- -32 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- -33 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- -34 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- -35 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- -36 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- -37 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- -38 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- -39 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- -40 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- -41 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- -42 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- -43 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +31 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 +32 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- +33 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- +34 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- +35 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- +36 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +37 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- +38 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- +39 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- +40 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- +41 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- +42 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- +43 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- +44 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- +45 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- diff --git a/scan/src/pangu_http.cpp b/scan/src/pangu_http.cpp index 8bd169e..487aad9 100644 --- a/scan/src/pangu_http.cpp +++ b/scan/src/pangu_http.cpp @@ -826,6 +826,8 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path) table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT"; table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID"; table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID"; + table_name[PXY_CTRL_DOH_QNAME]="TSG_FIELD_DOH_QNAME"; + table_name[PXY_CTRL_DOH_HOST]="TSG_FIELD_DOH_HOST"; table_name[PXY_CTRL_IP_SRC_ASN]="TSG_SECURITY_SOURCE_ASN"; table_name[PXY_CTRL_IP_DST_ASN]="TSG_SECURITY_DESTINATION_ASN"; table_name[PXY_CTRL_IP_SRC_LOCATION]="TSG_SECURITY_SOURCE_LOCATION";