gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SERVER_FQDN virtual table initialization and scanning

Browse Source
This commit is contained in:
fengweihao
2023-12-08 18:34:17 +08:00
parent 7ce3d87440
commit b533519567
5 changed files with 69 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
platform/src/verify_matcher.cpp
View File

@@ -995,10 +995,11 @@ static enum policy_action decide_ctrl_action(int vsys_id, int compile_table_id,
return prior_action;
}
int http_table_in_fqdn(int table_id)
static inline int request_in_fqdn_cat(int table_id)
{
if(table_id == TSG_OBJ_HTTP_HOST || table_id == TSG_OBJ_SSL_SNI || table_id==TSG_OBJ_SSL_CN || table_id==TSG_OBJ_SSL_SAN
|| table_id==TSG_OBJ_DNS_QNAME || table_id == TSG_OBJ_QUIC_SNI || table_id == TSG_OBJ_DOH_QNAME || table_id==TSG_OBJ_DOH_HOST)
if(table_id==TSG_OBJ_HTTP_HOST || table_id==TSG_OBJ_SSL_SNI || table_id==TSG_OBJ_SSL_CN || table_id==TSG_OBJ_SSL_SAN
|| table_id==TSG_OBJ_DNS_QNAME || table_id==TSG_OBJ_QUIC_SNI || table_id==TSG_OBJ_DOH_QNAME || table_id==TSG_OBJ_DOH_HOST
|| table_id==TSG_OBJ_DST_SERVER_FQDN)
{
return 1;
}
@@ -1013,13 +1014,20 @@ void http_get_fqdn_cat_id(struct request_query_obj *query_obj, cJSON *attributeO
int i=0;
cJSON *sniCategory=NULL;
if(!http_table_in_fqdn(query_obj->table_id))
if(!request_in_fqdn_cat(query_obj->table_id))
{
return;
}
sniCategory=cJSON_CreateArray();
cJSON_AddItemToObject(attributeObj, "sniCategory", sniCategory);
if(query_obj->table_id == TSG_OBJ_DST_SERVER_FQDN)
{
cJSON_AddItemToObject(attributeObj, "serverCategory", sniCategory);
}
else
{
cJSON_AddItemToObject(attributeObj, "sniCategory", sniCategory);
}
cJSON *fqdnObj=NULL;
for(i=0; i<query_obj->fqdn_user.fqdn_cat_num; i++)
@@ -1643,19 +1651,6 @@ int policy_verify_scan_tunnel_id(long long *result, struct ip_addr *sip, int hit
return hit_cnt_tunnel;
}
static inline int request_in_fqdn_cat(int table_id)
{
if(table_id == TSG_OBJ_HTTP_HOST || table_id == TSG_OBJ_SSL_SNI || table_id==TSG_OBJ_SSL_CN || table_id==TSG_OBJ_SSL_SAN
|| table_id==TSG_OBJ_DNS_QNAME || table_id == TSG_OBJ_QUIC_SNI || table_id == TSG_OBJ_DOH_QNAME || table_id==TSG_OBJ_DOH_HOST)
{
return 1;
}
else
{
return 0;
}
}
static int policy_verify_scan_app_id(struct request_query_obj *request, struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt)
{
int n_read=0;
@@ -2028,14 +2023,14 @@ error_out:
static void http_table_name_init(const char *table_name[__TSG_OBJ_MAX])
{
table_name[TSG_OBJ_HTTP_URL] = "ATTR_HTTP_URL";
table_name[TSG_OBJ_HTTP_HOST] = "ATTR_HTTP_HOST_VIRTUAL";
table_name[TSG_OBJ_HTTP_HOST_CAT] = "ATTR_HTTP_HOST_CAT_VIRTUAL";
table_name[TSG_OBJ_HTTP_HOST] = "ATTR_HTTP_HOST";
table_name[TSG_OBJ_HTTP_HOST_CAT] = "ATTR_HTTP_HOST_CAT";
table_name[TSG_OBJ_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR";
table_name[TSG_OBJ_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY";
table_name[TSG_OBJ_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR";
table_name[TSG_OBJ_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY";
table_name[TSG_OBJ_SSL_SNI] = "ATTR_SSL_SNI_VIRTUAL";
table_name[TSG_OBJ_SSL_SNI_CAT] = "ATTR_SSL_SNI_CAT_VIRTUAL";
table_name[TSG_OBJ_SSL_SNI] = "ATTR_SSL_SNI";
table_name[TSG_OBJ_SSL_SNI_CAT] = "ATTR_SSL_SNI_CAT";
table_name[TSG_OBJ_SSL_CN] = "ATTR_SSL_CN";
table_name[TSG_OBJ_SSL_CN_CAT] = "ATTR_SSL_CN_CAT";
table_name[TSG_OBJ_SSL_SAN] = "ATTR_SSL_SAN";
@@ -2049,8 +2044,8 @@ static void doq_table_name_init(const char *table_name[__TSG_OBJ_MAX])
table_name[TSG_OBJ_DOH_HOST]="ATTR_DOH_HOST";
table_name[TSG_OBJ_DOH_HOST_CAT]="ATTR_DOH_HOST_CAT";
table_name[TSG_OBJ_DNS_QNAME] = "ATTR_DOH_QNAME";
table_name[TSG_OBJ_QUIC_SNI] = "ATTR_QUIC_SNI_VIRTUAL";
table_name[TSG_OBJ_QUIC_SNI_CAT] = "ATTR_QUIC_SNI_CAT_VIRTUAL";
table_name[TSG_OBJ_QUIC_SNI] = "ATTR_QUIC_SNI";
table_name[TSG_OBJ_QUIC_SNI_CAT] = "ATTR_QUIC_SNI_CAT";
return;
}
@@ -2083,6 +2078,8 @@ static void common_table_name_int(const char *table_name[__TSG_OBJ_MAX])
table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN";
table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION";
table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION";
table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_DESTINATION_SERVER_FQDN";
table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_DESTINATION_SERVER_FQDN_CAT";
return;
}