管控策略增加扫描app-id
修改table_info支持ip虚表
This commit is contained in:
fengweihao
@@ -29,6 +29,7 @@ enum manipulate_sacn_table
|
|||||||
PXY_CTRL_HTTP_RES_HDR,
|
PXY_CTRL_HTTP_RES_HDR,
|
||||||
PXY_CTRL_HTTP_RES_BODY,
|
PXY_CTRL_HTTP_RES_BODY,
|
||||||
PXY_CTRL_SUBSCRIBE_ID,
|
PXY_CTRL_SUBSCRIBE_ID,
|
||||||
|
PXY_CTRL_APP_ID,
|
||||||
__SCAN_TABLE_MAX
|
__SCAN_TABLE_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -93,6 +93,7 @@ int protoco_field_type_str2idx(enum verify_policy_type type, const char *action_
|
|||||||
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
|
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
|
||||||
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
|
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
|
||||||
table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
|
table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
|
||||||
|
table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
|
||||||
break;
|
break;
|
||||||
case PXY_TABLE_SECURITY:
|
case PXY_TABLE_SECURITY:
|
||||||
table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR";
|
table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR";
|
||||||
|
|||||||
@@ -30,20 +30,23 @@
|
|||||||
11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
|
11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
|
||||||
12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
|
12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
|
||||||
13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
|
13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
|
||||||
|
14 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0
|
||||||
|
15 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR --
|
||||||
|
16 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR --
|
||||||
|
17 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||||
#eliminate the alarm
|
#eliminate the alarm
|
||||||
14 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
|
18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
|
||||||
16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
|
19 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
|
||||||
17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
|
20 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
|
||||||
18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
|
21 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
|
||||||
19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
|
22 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
|
||||||
20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
|
23 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
|
||||||
21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
|
24 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
|
||||||
22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
|
25 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
|
||||||
23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
|
26 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
|
||||||
24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
|
27 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
|
||||||
25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
|
28 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
|
||||||
26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
|
29 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
|
||||||
27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
|
30 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
|
||||||
28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
|
31 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
|
||||||
29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
|
32 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
|
||||||
|
|
||||||
|
|||||||
@@ -39,3 +39,6 @@
|
|||||||
27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
|
27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
|
||||||
28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
|
28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
|
||||||
29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
|
29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
|
||||||
|
30 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR --
|
||||||
|
31 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR --
|
||||||
|
32 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||||
|
|||||||
@@ -216,10 +216,9 @@ void get_scan_status(struct verify_policy_query_obj *query_obj, cJSON *attribute
|
|||||||
cJSON_AddItemToArray(hitPaths, histObj);
|
cJSON_AddItemToArray(hitPaths, histObj);
|
||||||
cJSON_AddNumberToObject(histObj, "itemId", ctx->hit_path[i].region_id);
|
cJSON_AddNumberToObject(histObj, "itemId", ctx->hit_path[i].region_id);
|
||||||
cJSON_AddNumberToObject(histObj, "objectId", ctx->hit_path[i].sub_group_id);
|
cJSON_AddNumberToObject(histObj, "objectId", ctx->hit_path[i].sub_group_id);
|
||||||
|
cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id);
|
||||||
if(ctx->hit_path[i].compile_id > 0)
|
if(ctx->hit_path[i].compile_id > 0)
|
||||||
{
|
{
|
||||||
cJSON_AddNumberToObject(histObj, "topObjectId", ctx->hit_path[i].top_group_id);
|
|
||||||
//cJSON_AddNumberToObject(histObj, "protocolField", ctx->hit_path[i].virtual_table_id);
|
|
||||||
cJSON_AddNumberToObject(histObj, "policyId", ctx->hit_path[i].compile_id);
|
cJSON_AddNumberToObject(histObj, "policyId", ctx->hit_path[i].compile_id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -474,7 +473,7 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path)
|
|||||||
}
|
}
|
||||||
|
|
||||||
const char * table_name[__SCAN_TABLE_MAX];
|
const char * table_name[__SCAN_TABLE_MAX];
|
||||||
table_name[PXY_CTRL_IP] = "TSG_OBJ_IP_ADDR";
|
table_name[PXY_CTRL_IP] = "TSG_SECURITY_ADDR";
|
||||||
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
||||||
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
||||||
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
||||||
@@ -482,6 +481,7 @@ int pangu_policy_init(struct verify_policy * verify, const char* profile_path)
|
|||||||
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
|
table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
|
||||||
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
|
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
|
||||||
table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
|
table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
|
||||||
|
table_name[PXY_CTRL_APP_ID] = "TSG_OBJ_APP_ID";
|
||||||
for (int i = 0; i < __SCAN_TABLE_MAX; i++)
|
for (int i = 0; i < __SCAN_TABLE_MAX; i++)
|
||||||
{
|
{
|
||||||
g_pangu_rt->scan_table_id[PXY_TABLE_MANIPULATION][i] = Maat_table_register(g_pangu_rt->maat[PXY_TABLE_MANIPULATION], table_name[i]);
|
g_pangu_rt->scan_table_id[PXY_TABLE_MANIPULATION][i] = Maat_table_register(g_pangu_rt->maat[PXY_TABLE_MANIPULATION], table_name[i]);
|
||||||
@@ -527,7 +527,7 @@ int security_policy_init(struct verify_policy * verify, const char* profile_path
|
|||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
const char * table_name[__SECURITY_TABLE_MAX];
|
const char * table_name[__SECURITY_TABLE_MAX];
|
||||||
table_name[PXY_SECURITY_IP] = "TSG_OBJ_IP_ADDR";
|
table_name[PXY_SECURITY_IP] = "TSG_SECURITY_ADDR";
|
||||||
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
table_name[PXY_SECURITY_HTTP_URL] = "TSG_FIELD_HTTP_URL";
|
||||||
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
table_name[PXY_SECURITY_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
|
||||||
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
table_name[PXY_SECURITY_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
|
||||||
|
|||||||
Reference in New Issue
Block a user