gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-22199 修复tunnel调用no_logic情况下命中路径记录问题,优化Fqdn命中路径构建

Browse Source
This commit is contained in:
fengweihao
2024-08-16 10:32:02 +08:00
parent 6dc39cc922
commit be7368a0cc
9 changed files with 558 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
test/resource/HitPolicyRequest.json
View File

@@ -82,7 +82,7 @@
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointa",
"attribute_value": {
"ip": "192.168.0.1",
"ip": "192.168.0.4",
"tunnel_type":"gtp",
"addr_type": 4
}
@@ -107,7 +107,7 @@
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointb",
"attribute_value": {
"ip": "192.168.0.2",
"ip": "192.168.0.5",
"tunnel_type":"gtp",
"addr_type": 4
}
@@ -132,7 +132,7 @@
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointa",
"attribute_value": {
"ip": "192.168.0.2",
"ip": "192.168.0.5",
"tunnel_type":"gtp",
"addr_type": 4
}
@@ -142,7 +142,7 @@
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointb",
"attribute_value": {
"ip": "192.168.0.3",
"ip": "192.168.0.6",
"tunnel_type":"gtp",
"addr_type": 4
}
@@ -202,6 +202,104 @@
}
],
"verify_type": "policy"
},
{
"__item_id": 6,
"vsys_id": 1,
"verify_list": [
{
"type": "pxy_manipulation",
"vsys_id": 1,
"verify_session": {
"attributes": [
{
"attribute_type": "ip",
"table_name": "ATTR_IP_PROTOCOL",
"attribute_name": "ip_protocol",
"attribute_value": {
"addr_type": 4,
"protocol": 6
}
},
{
"attribute_type": "ip",
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointa",
"attribute_value": {
"ip": "192.168.0.5",
"tunnel_type":"gtp",
"addr_type": 4
}
},
{
"attribute_type": "ip",
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointb",
"attribute_value": {
"ip": "192.168.0.6",
"tunnel_type":"gtp",
"addr_type": 4
}
},
{
"attribute_type": "ip",
"table_name": "ATTR_SOURCE_IP",
"attribute_name": "source",
"attribute_value": {
"ip": "192.168.1.1",
"port":"8080",
"addr_type": 4
}
}
]
}
}
],
"verify_type": "policy"
},
{
"__item_id": 7,
"vsys_id": 1,
"verify_list": [
{
"type": "pxy_manipulation",
"vsys_id": 1,
"verify_session": {
"attributes": [
{
"attribute_type": "ip",
"table_name": "ATTR_IP_PROTOCOL",
"attribute_name": "ip_protocol",
"attribute_value": {
"addr_type": 4,
"protocol": 6
}
},
{
"attribute_type": "ip",
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointa",
"attribute_value": {
"ip": "192.168.0.4",
"tunnel_type":"gtp",
"addr_type": 4
}
},
{
"attribute_type": "ip",
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpointb",
"attribute_value": {
"ip": "192.168.0.6",
"tunnel_type":"gtp",
"addr_type": 4
}
}
]
}
}
],
"verify_type": "policy"
}
]
}

137
test/resource/HitPolicyResult.json
View File

@@ -349,6 +349,143 @@
}
},
"success": true
},
{
"code": 200,
"msg": "Success",
"data": {
"hitPolicyList": [
{
"id": 1026,
"policyName": "",
"is_execute_policy": true,
"top_object_list": [
{
"object_id": 3022,
"table_name": "ATTR_TUNNEL",
"not_flag": 0,
"nth_clause": 0
}
]
},
{
"id": 1025,
"policyName": "",
"is_execute_policy": false,
"top_object_list": [
{
"object_id": 3023,
"table_name": "ATTR_TUNNEL",
"not_flag": 0,
"nth_clause": 0
}
]
}
],
"verify_session": {
"attributes": [
{
"attribute_type": "ip",
"table_name": "ATTR_IP_PROTOCOL",
"attribute_name": "ip_protocol",
"attribute_value": {
"addr_type": 4,
"protocol": 6
},
"hit_paths": [
{
"item_id": 0,
"superior_object_id": 6
}
]
},
{
"attribute_type": "ip",
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpoint_object",
"hit_paths": [
{
"item_id": 0,
"superior_object_id": 3022
},
{
"item_id": 0,
"superior_object_id": 3023
}
]
},
{
"attribute_type": "ip",
"table_name": "ATTR_SOURCE_IP",
"attribute_name": "source",
"attribute_value": {
"ip": "192.168.1.1",
"port": "8080",
"addr_type": 4
},
"hit_paths": [
{
"entry_id": 1,
"tag_id": 11
}
]
}
]
}
},
"success": true
},
{
"code": 200,
"msg": "Success",
"data": {
"hitPolicyList": [
{
"id": 1027,
"policyName": "",
"is_execute_policy": true,
"top_object_list": [
{
"object_id": 3022,
"table_name": "ATTR_TUNNEL",
"not_flag": 1,
"nth_clause": 0
}
]
}
],
"verify_session": {
"attributes": [
{
"attribute_type": "ip",
"table_name": "ATTR_IP_PROTOCOL",
"attribute_name": "ip_protocol",
"attribute_value": {
"addr_type": 4,
"protocol": 6
},
"hit_paths": [
{
"item_id": 0,
"superior_object_id": 6
}
]
},
{
"attribute_type": "ip",
"table_name": "ATTR_TUNNEL",
"attribute_name": "tunnel_endpoint_object",
"hit_paths": [
{
"item_id": 0,
"superior_object_id": 3021
}
]
}
]
}
},
"success": true
}
]
}

175
test/resource/VerifyPolicyManipulation.json
View File

@@ -175,6 +175,181 @@
"virtual_table":"ATTR_SSL_SAN"
}
]
},
{
"compile_id": 3021,
"service": 13,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "anything",
"evaluation_order": "0.0",
"compile_table_name": "TUNNEL_COMPILE",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 248,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy01",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"g2c_table_name": "GROUP_TUNNEL_COMPILE_RELATION",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.4",
"ip2": "192.168.0.4"
}
}
]
}
]
},
{
"compile_id": 3022,
"service": 13,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "anything",
"evaluation_order": "0.0",
"compile_table_name": "TUNNEL_COMPILE",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 2,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy02",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"g2c_table_name": "GROUP_TUNNEL_COMPILE_RELATION",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.5",
"ip2": "192.168.0.5"
}
}
]
}
]
},
{
"compile_id": 3023,
"service": 13,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "anything",
"evaluation_order": "0.0",
"compile_table_name": "TUNNEL_COMPILE",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 3,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy03",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"g2c_table_name": "GROUP_TUNNEL_COMPILE_RELATION",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.5",
"ip2": "192.168.0.5"
}
}
]
},
{
"not_flag": 0,
"group_id": 4,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy04",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"g2c_table_name": "GROUP_TUNNEL_COMPILE_RELATION",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.6",
"ip2": "192.168.0.6"
}
}
]
}
]
},
{
"compile_id": 1025,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"not_flag":0,
"group_id": 3023,
"group_name":"TunnelEndpointVeiryPolicy01",
"virtual_table":"ATTR_TUNNEL"
}
]
},
{
"compile_id": 1026,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"not_flag":0,
"group_id": 3022,
"group_name":"TunnelEndpointVeiryPolicy03",
"virtual_table":"ATTR_TUNNEL"
}
]
},
{
"compile_id": 1027,
"service": 1,
"action": 48,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags":"anything",
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"not_flag":1,
"group_id": 3022,
"group_name":"TunnelEndpointVeiryPolicy03",
"virtual_table":"ATTR_TUNNEL"
}
]
}
],
"plugin_table": [

118
test/resource/VerifyPolicyTunnel.json
View File

@@ -1,118 +0,0 @@
{
"compile_table": "TUNNEL_COMPILE",
"group2compile_table": "GROUP_TUNNEL_COMPILE_RELATION",
"group2group_table": "GROUP_GROUP_RELATION",
"rules": [
{
"compile_id": 3021,
"service": 13,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "anything",
"evaluation_order": "0.0",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 1,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy01",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.1",
"ip2": "192.168.0.1"
}
}
]
}
]
},
{
"compile_id": 3022,
"service": 13,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "anything",
"evaluation_order": "0.0",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 2,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy02",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.2",
"ip2": "192.168.0.2"
}
}
]
}
]
},
{
"compile_id": 3023,
"service": 13,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "anything",
"evaluation_order": "0.0",
"is_valid": "yes",
"groups": [
{
"not_flag": 0,
"group_id": 3,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy03",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.2",
"ip2": "192.168.0.2"
}
}
]
},
{
"not_flag": 0,
"group_id": 4,
"group_name": "TunnelIpv4TCPSoureVeiryPolicy04",
"virtual_table": "ATTR_TUNNEL_GTP_ENDPOINT",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "192.168.0.3",
"ip2": "192.168.0.3"
}
}
]
}
]
}
]
}