diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index ab0d046..b48f409 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -81,6 +81,8 @@ enum tsg_obj_table TSG_OBJ_IP_DST_ASN, TSG_OBJ_IP_SRC_LOCATION, TSG_OBJ_IP_DST_LOCATION, + TSG_OBJ_DST_SERVER_FQDN, + TSG_OBJ_DST_SERVER_FQDN_CAT, __TSG_OBJ_MAX }; diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index 606f188..b460522 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -995,10 +995,11 @@ static enum policy_action decide_ctrl_action(int vsys_id, int compile_table_id, return prior_action; } -int http_table_in_fqdn(int table_id) +static inline int request_in_fqdn_cat(int table_id) { - if(table_id == TSG_OBJ_HTTP_HOST || table_id == TSG_OBJ_SSL_SNI || table_id==TSG_OBJ_SSL_CN || table_id==TSG_OBJ_SSL_SAN - || table_id==TSG_OBJ_DNS_QNAME || table_id == TSG_OBJ_QUIC_SNI || table_id == TSG_OBJ_DOH_QNAME || table_id==TSG_OBJ_DOH_HOST) + if(table_id==TSG_OBJ_HTTP_HOST || table_id==TSG_OBJ_SSL_SNI || table_id==TSG_OBJ_SSL_CN || table_id==TSG_OBJ_SSL_SAN + || table_id==TSG_OBJ_DNS_QNAME || table_id==TSG_OBJ_QUIC_SNI || table_id==TSG_OBJ_DOH_QNAME || table_id==TSG_OBJ_DOH_HOST + || table_id==TSG_OBJ_DST_SERVER_FQDN) { return 1; } @@ -1013,13 +1014,20 @@ void http_get_fqdn_cat_id(struct request_query_obj *query_obj, cJSON *attributeO int i=0; cJSON *sniCategory=NULL; - if(!http_table_in_fqdn(query_obj->table_id)) + if(!request_in_fqdn_cat(query_obj->table_id)) { return; } sniCategory=cJSON_CreateArray(); - cJSON_AddItemToObject(attributeObj, "sniCategory", sniCategory); + if(query_obj->table_id == TSG_OBJ_DST_SERVER_FQDN) + { + cJSON_AddItemToObject(attributeObj, "serverCategory", sniCategory); + } + else + { + cJSON_AddItemToObject(attributeObj, "sniCategory", sniCategory); + } cJSON *fqdnObj=NULL; for(i=0; ifqdn_user.fqdn_cat_num; i++) @@ -1643,19 +1651,6 @@ int policy_verify_scan_tunnel_id(long long *result, struct ip_addr *sip, int hit return hit_cnt_tunnel; } -static inline int request_in_fqdn_cat(int table_id) -{ - if(table_id == TSG_OBJ_HTTP_HOST || table_id == TSG_OBJ_SSL_SNI || table_id==TSG_OBJ_SSL_CN || table_id==TSG_OBJ_SSL_SAN - || table_id==TSG_OBJ_DNS_QNAME || table_id == TSG_OBJ_QUIC_SNI || table_id == TSG_OBJ_DOH_QNAME || table_id==TSG_OBJ_DOH_HOST) - { - return 1; - } - else - { - return 0; - } -} - static int policy_verify_scan_app_id(struct request_query_obj *request, struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt) { int n_read=0; @@ -2028,14 +2023,14 @@ error_out: static void http_table_name_init(const char *table_name[__TSG_OBJ_MAX]) { table_name[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL"; - table_name[TSG_OBJ_HTTP_HOST] = "ATTR_HTTP_HOST_VIRTUAL"; - table_name[TSG_OBJ_HTTP_HOST_CAT] = "ATTR_HTTP_HOST_CAT_VIRTUAL"; + table_name[TSG_OBJ_HTTP_HOST] = "ATTR_HTTP_HOST"; + table_name[TSG_OBJ_HTTP_HOST_CAT] = "ATTR_HTTP_HOST_CAT"; table_name[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR"; table_name[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY"; table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR"; table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY"; - table_name[TSG_OBJ_SSL_SNI] = "ATTR_SSL_SNI_VIRTUAL"; - table_name[TSG_OBJ_SSL_SNI_CAT] = "ATTR_SSL_SNI_CAT_VIRTUAL"; + table_name[TSG_OBJ_SSL_SNI] = "ATTR_SSL_SNI"; + table_name[TSG_OBJ_SSL_SNI_CAT] = "ATTR_SSL_SNI_CAT"; table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN"; table_name[TSG_OBJ_SSL_CN_CAT] = "ATTR_SSL_CN_CAT"; table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN"; @@ -2049,8 +2044,8 @@ static void doq_table_name_init(const char *table_name[__TSG_OBJ_MAX]) table_name[TSG_OBJ_DOH_HOST]="ATTR_DOH_HOST"; table_name[TSG_OBJ_DOH_HOST_CAT]="ATTR_DOH_HOST_CAT"; table_name[TSG_OBJ_DNS_QNAME] = "ATTR_DOH_QNAME"; - table_name[TSG_OBJ_QUIC_SNI] = "ATTR_QUIC_SNI_VIRTUAL"; - table_name[TSG_OBJ_QUIC_SNI_CAT] = "ATTR_QUIC_SNI_CAT_VIRTUAL"; + table_name[TSG_OBJ_QUIC_SNI] = "ATTR_QUIC_SNI"; + table_name[TSG_OBJ_QUIC_SNI_CAT] = "ATTR_QUIC_SNI_CAT"; return; } @@ -2083,6 +2078,8 @@ static void common_table_name_int(const char *table_name[__TSG_OBJ_MAX]) table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN"; table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION"; table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION"; + table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_DESTINATION_SERVER_FQDN"; + table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_DESTINATION_SERVER_FQDN_CAT"; return; } diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index e685c8c..a725039 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -138,6 +138,8 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p) table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN"; table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION"; table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION"; + table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_DESTINATION_SERVER_FQDN"; + table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_DESTINATION_SERVER_FQDN_CAT"; size_t i = 0; for (i = 0; i < __TSG_OBJ_MAX; i++) diff --git a/resource/table_info.conf b/resource/table_info.conf index 6e8b26d..b49e25a 100644 --- a/resource/table_info.conf +++ b/resource/table_info.conf @@ -491,16 +491,14 @@ } }, { - "table_id": 37, - "table_name": "ATTR_HTTP_HOST_VIRTUAL", - "db_tables": ["ATTR_HTTP_HOST", "ATTR_DESTINATION_SERVER_FQDN"], + "table_id":37, + "table_name": "ATTR_HTTP_HOST", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id": 38, - "table_name": "ATTR_HTTP_HOST_CAT_VIRTUAL", - "db_tables": ["ATTR_HTTP_HOST_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "table_id":38, + "table_name": "ATTR_HTTP_HOST_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, @@ -535,16 +533,14 @@ "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id": 44, - "table_name": "ATTR_SSL_SNI_VIRTUAL", - "db_tables": ["ATTR_SSL_SNI", "ATTR_DESTINATION_SERVER_FQDN"], + "table_id":44, + "table_name": "ATTR_SSL_SNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id": 45, - "table_name": "ATTR_SSL_SNI_CAT_VIRTUAL", - "db_tables": ["ATTR_SSL_SNI_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "table_id":45, + "table_name": "ATTR_SSL_SNI_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, @@ -580,15 +576,13 @@ }, { "table_id":51, - "table_name": "ATTR_QUIC_SNI_VIRTUAL", - "db_tables": ["ATTR_QUIC_SNI", "ATTR_DESTINATION_SERVER_FQDN"], + "table_name": "ATTR_QUIC_SNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { "table_id":52, - "table_name": "ATTR_QUIC_SNI_CAT_VIRTUAL", - "db_tables": ["ATTR_QUIC_SNI_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "table_name": "ATTR_QUIC_SNI_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, @@ -986,5 +980,17 @@ "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" + }, + { + "table_id": 100, + "table_name": "ATTR_DESTINATION_SERVER_FQDN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 101, + "table_name": "ATTR_DESTINATION_SERVER_FQDN_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" } ] \ No newline at end of file diff --git a/resource/table_info_simple.conf b/resource/table_info_simple.conf index 01dc0a5..f59c9a3 100644 --- a/resource/table_info_simple.conf +++ b/resource/table_info_simple.conf @@ -491,16 +491,14 @@ } }, { - "table_id": 37, - "table_name": "ATTR_HTTP_HOST_VIRTUAL", - "db_tables": ["ATTR_HTTP_HOST", "ATTR_DESTINATION_SERVER_FQDN"], + "table_id":37, + "table_name": "ATTR_HTTP_HOST", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id": 38, - "table_name": "ATTR_HTTP_HOST_CAT_VIRTUAL", - "db_tables": ["ATTR_HTTP_HOST_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "table_id":38, + "table_name": "ATTR_HTTP_HOST_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, @@ -535,16 +533,14 @@ "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id": 44, - "table_name": "ATTR_SSL_SNI_VIRTUAL", - "db_tables": ["ATTR_SSL_SNI", "ATTR_DESTINATION_SERVER_FQDN"], + "table_id":44, + "table_name": "ATTR_SSL_SNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id": 45, - "table_name": "ATTR_SSL_SNI_CAT_VIRTUAL", - "db_tables": ["ATTR_SSL_SNI_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "table_id":45, + "table_name": "ATTR_SSL_SNI_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, @@ -580,15 +576,13 @@ }, { "table_id":51, - "table_name": "ATTR_QUIC_SNI_VIRTUAL", - "db_tables": ["ATTR_QUIC_SNI", "ATTR_DESTINATION_SERVER_FQDN"], + "table_name": "ATTR_QUIC_SNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { "table_id":52, - "table_name": "ATTR_QUIC_SNI_CAT_VIRTUAL", - "db_tables": ["ATTR_QUIC_SNI_CAT", "ATTR_DESTINATION_SERVER_FQDN_CAT"], + "table_name": "ATTR_QUIC_SNI_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, @@ -912,5 +906,17 @@ "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" + }, + { + "table_id": 100, + "table_name": "ATTR_DESTINATION_SERVER_FQDN", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN" + }, + { + "table_id": 101, + "table_name": "ATTR_DESTINATION_SERVER_FQDN_CAT", + "table_type": "virtual", + "physical_table": "TSG_OBJ_FQDN_CAT" } ] \ No newline at end of file