gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13548 PolicyVerify支持port object匹配

Browse Source 
TSG-18950 PolicyVerify支持将Tunnel Level作为条件匹配策略
TSG-18943 PolicyVerify支持ssl.no_sni,ssl.ech,ssl.esni的Boolean Object作为策略匹配输入条件
This commit is contained in:
fengweihao
2024-01-31 15:25:30 +08:00
parent 45a42c6d43
commit 873f02cff2
6 changed files with 626 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
resource/table_info.conf
View File

@@ -1,7 +1,7 @@
[
{
"table_id":0,
"table_name":"TSG_SECURITY_COMPILE",
"table_name":"SECURITY_COMPILE",
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":9,
@@ -13,8 +13,8 @@
},
{
"table_id":1,
"table_name":"TSG_SECURITY_COMPILE_CONJUNCTION",
"db_tables":["TSG_SECURITY_COMPILE"],
"table_name":"SECURITY_COMPILE_CONJUNCTION",
"db_tables":["SECURITY_COMPILE"],
"default_compile_table":1,
"table_type":"compile",
"user_region_encoded":"escape",
@@ -27,8 +27,8 @@
},
{
"table_id":2,
"table_name":"TSG_SECURITY_COMPILE_PLUGIN",
"db_tables":["TSG_SECURITY_COMPILE"],
"table_name":"SECURITY_COMPILE_PLUGIN",
"db_tables":["SECURITY_COMPILE"],
"table_type":"plugin",
"valid_column":9,
"custom": {
@@ -379,18 +379,14 @@
"table_name":"TSG_OBJ_IP",
"db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"],
"table_type":"ip_plus",
"valid_column":11,
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
"ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
"ip2":6
}
},
{
@@ -457,8 +453,8 @@
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
"low_boundary":3,
"up_boundary":4
}
},
{
@@ -612,13 +608,13 @@
},
{
"table_id":57,
"table_name":"ATTR_SOURCE_ADDR",
"table_name":"ATTR_SOURCE_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":58,
"table_name":"ATTR_DESTINATION_ADDR",
"table_name":"ATTR_DESTINATION_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
@@ -941,14 +937,91 @@
},
{
"table_id":93,
"table_name":"ATTR_INTERNAL_ADDR",
"table_name":"ATTR_INTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":94,
"table_name":"ATTR_EXTERNAL_ADDR",
"table_name":"ATTR_EXTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":95,
"table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin",
"valid_column": 4,
"custom": {
"key": 1,
"key_type": "integer",
"key_len": 8
}
},
{
"table_id":96,
"table_name":"TSG_OBJ_PORT",
"table_type":"interval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_boundary":3,
"up_boundary":4
}
},
{
"table_id":97,
"table_name": "ATTR_SOURCE_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":98,
"table_name": "ATTR_DESTINATION_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":99,
"table_name": "ATTR_INTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":100,
"table_name": "ATTR_EXTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":101,
"table_name": "ATTR_IP_PROTOCOL",
"table_type": "virtual",
"physical_table": "TSG_IP_PROTOCOL"
},
{
"table_id":102,
"table_name": "ATTR_SSL_ECH",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":103,
"table_name": "ATTR_SSL_ESNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":104,
"table_name": "ATTR_SSL_NO_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":105,
"table_name":"ATTR_TUNNEL_LEVEL",
"table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG"
}
]

107
resource/table_info_simple.conf
View File

@@ -1,7 +1,7 @@
[
{
"table_id":0,
"table_name":"TSG_SECURITY_COMPILE",
"table_name":"SECURITY_COMPILE",
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":9,
@@ -13,8 +13,8 @@
},
{
"table_id":1,
"table_name":"TSG_SECURITY_COMPILE_CONJUNCTION",
"db_tables":["TSG_SECURITY_COMPILE"],
"table_name":"SECURITY_COMPILE_CONJUNCTION",
"db_tables":["SECURITY_COMPILE"],
"default_compile_table":1,
"table_type":"compile",
"user_region_encoded":"escape",
@@ -27,8 +27,8 @@
},
{
"table_id":2,
"table_name":"TSG_SECURITY_COMPILE_PLUGIN",
"db_tables":["TSG_SECURITY_COMPILE"],
"table_name":"SECURITY_COMPILE_PLUGIN",
"db_tables":["SECURITY_COMPILE"],
"table_type":"plugin",
"valid_column":9,
"custom": {
@@ -379,18 +379,14 @@
"table_name":"TSG_OBJ_IP",
"db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"],
"table_type":"ip_plus",
"valid_column":11,
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
"ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
"ip2":6
}
},
{
@@ -457,8 +453,8 @@
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
"low_boundary":3,
"up_boundary":4
}
},
{
@@ -612,13 +608,13 @@
},
{
"table_id":57,
"table_name":"ATTR_SOURCE_ADDR",
"table_name":"ATTR_SOURCE_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":58,
"table_name":"ATTR_DESTINATION_ADDR",
"table_name":"ATTR_DESTINATION_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
@@ -867,14 +863,91 @@
},
{
"table_id":93,
"table_name":"ATTR_INTERNAL_ADDR",
"table_name":"ATTR_INTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":94,
"table_name":"ATTR_EXTERNAL_ADDR",
"table_name":"ATTR_EXTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":95,
"table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin",
"valid_column": 4,
"custom": {
"key": 1,
"key_type": "integer",
"key_len": 8
}
},
{
"table_id":96,
"table_name":"TSG_OBJ_PORT",
"table_type":"interval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_boundary":3,
"up_boundary":4
}
},
{
"table_id":97,
"table_name": "ATTR_SOURCE_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":98,
"table_name": "ATTR_DESTINATION_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":99,
"table_name": "ATTR_INTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":100,
"table_name": "ATTR_EXTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":101,
"table_name": "ATTR_IP_PROTOCOL",
"table_type": "virtual",
"physical_table": "TSG_IP_PROTOCOL"
},
{
"table_id":102,
"table_name": "ATTR_SSL_ECH",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":103,
"table_name": "ATTR_SSL_ESNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":104,
"table_name": "ATTR_SSL_NO_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":105,
"table_name":"ATTR_TUNNEL_LEVEL",
"table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG"
}
]

2
resource/verify-policy.json
View File

@@ -42,7 +42,7 @@
"not_flag": 0,
"group_id": 301,
"group_name":"ipv4_addr",
"virtual_table": "ATTR_SOURCE_ADDR",
"virtual_table": "ATTR_SOURCE_IP",
"regions": [
{
"table_type": "ip_plus",