diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index 51da7d4..819f65b 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -30,6 +30,7 @@ enum compile_table_typle PXY_TABLE_INTERCEPT, TSG_STATISTICS, TSG_MONITOR, + DOS_PROTECTION, PXY_TABLE_DEFENCE, __SCAN_POLICY_MAX }; @@ -71,8 +72,14 @@ enum tsg_obj_table TSG_OBJ_GTP_IMEI, TSG_OBJ_IP_SRC_ASN, TSG_OBJ_IP_DST_ASN, - TSG_OBJ_IP_SRC_LOCATION, - TSG_OBJ_IP_DST_LOCATION, + TSG_OBJ_IP_SRC_GEO_COUNTRY, + TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA, + TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA, + TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA, + TSG_OBJ_IP_DST_GEO_COUNTRY, + TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA, + TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA, + TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA, TSG_OBJ_DST_SERVER_FQDN, TSG_OBJ_DST_SERVER_FQDN_CAT, TSG_OBJ_INTERNAL_ADDR, diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index f3f256b..1321461 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -70,17 +70,19 @@ enum verify_profile_table struct ip_data_table { int profile_id; - int group_id; - int ref_cnt; - + int asn_group_id; + int geoname_group_id; + int country_region_group_id; + int province_group_id; + int city_group_id; + int subdivision_group_id; char *asn; char *organization; - char *country_full; char *province_full; char *city_full; char *subdivision_addr; - + int ref_cnt; pthread_mutex_t lock; }; @@ -92,8 +94,14 @@ struct http_field_name enum nth_scan_type { - NTH_SCAN_IP_SRC_LOCATION = 0, - NTH_SCAN_IP_DST_LOCATION, + NTH_SCAN_IP_SRC_GEO_COUNTRY = 0, + NTH_SCAN_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA, + NTH_SCAN_IP_SRC_GEO_ADMINISTRATIVE_AREA, + NTH_SCAN_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA, + NTH_SCAN_IP_DST_GEO_COUNTRY, + NTH_SCAN_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA, + NTH_SCAN_IP_DST_GEO_ADMINISTRATIVE_AREA, + NTH_SCAN_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA, NTH_SCAN_IP_DST_ASN, NTH_SCAN_IP_SRC_ASN, NTH_SCAN_IP_INTERNAL_ASN, @@ -193,8 +201,6 @@ struct verify_policy_rt int scan_table_id[__TSG_OBJ_MAX]; }; -static int ip_location_column_num =0; - struct verify_policy_rt * g_policy_rt; #define MAAT_INPUT_JSON 0 @@ -315,11 +321,12 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key, { int addr_type, group_id=0; int ret=0,profile_id=0,is_valid=0; + char addr_format[40]={0}; char start_ip[40], end_ip[40],asn[40]={0}; char organization[VERIFY_ARRAY_MAX]; - ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%d", &profile_id, &group_id, &addr_type, start_ip, end_ip, asn, organization, &is_valid); - if(ret!=8) + ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id, &group_id, &addr_type, addr_format, start_ip, end_ip, asn, organization, &is_valid); + if(ret!=9) { mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line); return; @@ -331,7 +338,7 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key, ip_asn->profile_id=profile_id; ip_asn->asn=strdup(asn); ip_asn->organization=strdup(organization); - ip_asn->group_id=group_id; + ip_asn->asn_group_id=group_id; ip_asn->ref_cnt=1; pthread_mutex_init(&(ip_asn->lock), NULL); @@ -339,27 +346,13 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key, *ad = ip_asn; } -static int get_column_num(const char* line) -{ - const char* seps=" \t"; - char* saveptr=NULL, *subtoken=NULL, *str=NULL; - char* dup_line=strdup(line); - int i=0; - for (str = dup_line; ; str = NULL) - { - subtoken = strtok_r(str, seps, &saveptr); - if (subtoken == NULL) - break; - i++; - } - free(dup_line); - return i; -} - void ip_location_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) { int ret=0,profile_id=0,is_valid=0; int geoname_id=0, addr_type=0; + char addr_format[VERIFY_PATH_MAX]; + int country_region_group_id=0; + int province_group_id=0,city_group_id=0,subdivision_group_id=0; double latitude, longitude, coords; char language[40], start_ip[40], end_ip[40]; char continent_abbr[VERIFY_ARRAY_MAX],continent_full[VERIFY_ARRAY_MAX]; @@ -367,61 +360,37 @@ void ip_location_table_new_cb(const char *table_name, int table_id, const char* char country_full[VERIFY_ARRAY_MAX],province_full[VERIFY_ARRAY_MAX], city_full[VERIFY_ARRAY_MAX]; char subdivision_addr[VERIFY_STRING_MAX]; - if(ip_location_column_num == 0) - { - ip_location_column_num = get_column_num(table_line); - } + ret=sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t %s\t%s\t%s\t%lf\t%lf\t%lf\t%s\t %s\t%s\t%s\t%s\t%s\t%s \t%s\t%s\t%s\t%d", &profile_id,&geoname_id, + &country_region_group_id,&province_group_id,&city_group_id,&subdivision_group_id,&addr_type,addr_format,start_ip,end_ip,&latitude,&longitude,&coords,language, + continent_abbr,continent_full,country_abbr,country_full,province_abbr,province_full,city_full,subdivision_addr,time_zone,&is_valid); - if(ip_location_column_num == 20) + if(ret != 24) { - ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id,&geoname_id, - &addr_type, start_ip,end_ip,&latitude,&longitude,&coords,language, - continent_abbr,continent_full, country_abbr,country_full,province_abbr,province_full, - city_full, time_zone,&is_valid); - - if(ret!=18) - { - mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line); - return; - } - } - else - { - ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id,&geoname_id, - &addr_type, start_ip,end_ip,&latitude,&longitude,&coords,language, - continent_abbr,continent_full, country_abbr,country_full,province_abbr,province_full, - city_full, subdivision_addr, time_zone,&is_valid); - - if(ret!=19) - { - mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line); - return; - } + mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line); + return; } verify_unescape(continent_full); verify_unescape(country_full); verify_unescape(province_full); verify_unescape(city_full); - if(ip_location_column_num != 20) - { - verify_unescape(subdivision_addr); - } - struct ip_data_table* ip_asn=ALLOC(struct ip_data_table, 1); - memset(ip_asn, 0, sizeof(struct ip_data_table)); - ip_asn->profile_id=profile_id; - ip_asn->country_full=strdup(country_full); - ip_asn->province_full=strdup(province_full); - ip_asn->city_full=strdup(city_full); - if(ip_location_column_num != 20) - { - ip_asn->subdivision_addr=strdup(subdivision_addr); - } - ip_asn->ref_cnt=1; - pthread_mutex_init(&(ip_asn->lock), NULL); - mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id); + verify_unescape(subdivision_addr); - *ad = ip_asn; + struct ip_data_table* ip_location=ALLOC(struct ip_data_table, 1); + memset(ip_location, 0, sizeof(struct ip_data_table)); + ip_location->profile_id=profile_id; + ip_location->country_region_group_id=country_region_group_id; + ip_location->province_group_id=province_group_id; + ip_location->city_group_id=city_group_id; + ip_location->subdivision_group_id=subdivision_group_id; + ip_location->country_full=strdup(country_full); + ip_location->province_full=strdup(province_full); + ip_location->city_full=strdup(city_full); + ip_location->subdivision_addr=strdup(subdivision_addr); + ip_location->ref_cnt=1; + pthread_mutex_init(&(ip_location->lock), NULL); + mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id); + *ad = ip_location; } void ip_table_dup_cb(int table_id, void **to, void **from, long argl, void* argp) @@ -1200,16 +1169,28 @@ int policy_verify_regex_expression(const char *expression) static int get_ip_location_asn_table_name(struct ip_data_ctx *ip_ctx, int Nth_scan, cJSON *topObject) { /*ip location**/ - int xret = 0; - if(ip_ctx->Nth_scan[NTH_SCAN_IP_SRC_LOCATION] == Nth_scan) + int xret = 0, level=0; + const char *client_table_name[]={"ATTR_SOURCE_GEO_COUNTRY", "ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA", + "ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA", "ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"}; + const char *server_tabel_name[]={"ATTR_DESTINATION_GEO_COUNTRY", "ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA", + "ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA", "ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"}; + + for(level = NTH_SCAN_IP_SRC_GEO_COUNTRY; level <= NTH_SCAN_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA; level++) { - cJSON_AddStringToObject(topObject, "tableName", "ATTR_SOURCE_LOCATION"); - goto finish; + if(ip_ctx->Nth_scan[level] == Nth_scan) + { + cJSON_AddStringToObject(topObject, "tableName", client_table_name[level]); + goto finish; + } } - if(ip_ctx->Nth_scan[NTH_SCAN_IP_DST_LOCATION] == Nth_scan) + + for(level = NTH_SCAN_IP_DST_GEO_COUNTRY; level <= NTH_SCAN_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA; level ++) { - cJSON_AddStringToObject(topObject, "tableName", "ATTR_DESTINATION_LOCATION"); - goto finish; + if(ip_ctx->Nth_scan[level] == Nth_scan) + { + cJSON_AddStringToObject(topObject, "tableName", server_tabel_name[level-NTH_SCAN_IP_DST_GEO_COUNTRY]); + goto finish; + } } if(ip_ctx->Nth_scan[NTH_SCAN_IP_SRC_ASN] == Nth_scan) { @@ -1377,11 +1358,48 @@ int ip_addr_to_address(struct ipaddr *ip_addr, struct ip_addr *dest_ip, struct i return 0; } -int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *sip, struct ip_addr *dip, int hit_cnt) +static int group_scan(struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt, struct maat_hit_group hit_group, int table_id) { size_t n_hit_result=0; + int scan_ret=0, hit_cnt_group=0; + + scan_ret = maat_scan_group(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], &hit_group, 1, + ctx->result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid); + if(scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], ctx->result+hit_cnt+hit_cnt_group, + MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_group+=n_hit_result; + } + return hit_cnt_group; +} + +static int get_group_id_by_location(struct ip_data_table* ip_location, int level) +{ + switch(level) + { + case 0: + return ip_location->country_region_group_id; + case 1: + return ip_location->province_group_id; + case 2: + return ip_location->city_group_id; + case 3: + return ip_location->subdivision_group_id; + default: + return 0; + } +} + +int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *sip, struct ip_addr *dip, int hit_cnt) +{ int scan_ret=0, hit_cnt_ip=0; char buff[VERIFY_STRING_MAX * 2]={0}; + struct maat_hit_group hit_group; struct maat_hit_path hit_path[HIT_PATH_SIZE]; struct ip_data_table* ip_location_client=NULL, *ip_location_server=NULL; @@ -1406,85 +1424,40 @@ int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *s if(ip_location_server!=NULL) { memset(buff,0,sizeof(buff)); - if(ip_location_server->subdivision_addr == NULL || strcasecmp(ip_location_server->subdivision_addr, "null") == 0) - { - snprintf(buff, sizeof(buff), "%s.%s.%s", ip_location_server->country_full, ip_location_server->province_full, ip_location_server->city_full); - } - else - { - snprintf(buff, sizeof(buff), "%s.%s.%s.%s", ip_location_server->country_full, ip_location_server->province_full, ip_location_server->city_full, ip_location_server->subdivision_addr); - } + snprintf(buff, sizeof(buff), "%s.%s.%s.%s", ip_location_server->country_full, ip_location_server->province_full, ip_location_server->city_full, ip_location_server->subdivision_addr); ctx->ip_ctx.location_server=strdup(buff); + + for(int level=0; level < 4; level++) + { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=get_group_id_by_location(ip_location_server, level); - memset(buff,0,sizeof(buff)); - - if(ip_location_server->subdivision_addr == NULL) - { - snprintf(buff, sizeof(buff), "%s.%s.", ip_location_server->country_full, ip_location_server->city_full); - } - else - { - snprintf(buff, sizeof(buff),"%s.%s.%s.%s.", ip_location_server->country_full,ip_location_server->province_full, ip_location_server->city_full, ip_location_server->subdivision_addr); - } - scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_DST_LOCATION], - buff, strlen(buff), ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, - &n_hit_result, ctx->scan_mid); - if(scan_ret>0) - { - hit_cnt_ip+=n_hit_result; - } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_DST_LOCATION], ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, - &n_hit_result, ctx->scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip+=n_hit_result; - } - if(scan_ret >= MAAT_SCAN_OK) - { + scan_ret = group_scan(ctx, vsys_id, hit_cnt, hit_group, TSG_OBJ_IP_DST_GEO_COUNTRY+level); + if(scan_ret > 0) + { + hit_cnt_ip+=scan_ret; + } ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE); - ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_DST_LOCATION] = maat_state_get_scan_count(ctx->scan_mid); + ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_DST_GEO_COUNTRY+level] = maat_state_get_scan_count(ctx->scan_mid); } } if(ip_location_client!=NULL) { memset(buff,0,sizeof(buff)); - if(ip_location_client->subdivision_addr == NULL || strcasecmp(ip_location_client->subdivision_addr, "null") == 0) - { - snprintf(buff, sizeof(buff), "%s.%s.%s", ip_location_client->country_full, ip_location_client->province_full, ip_location_client->city_full); - } - else - { - snprintf(buff, sizeof(buff), "%s.%s.%s.%s", ip_location_client->country_full, ip_location_client->province_full, ip_location_client->city_full, ip_location_client->subdivision_addr); - } - + snprintf(buff, sizeof(buff), "%s.%s.%s.%s", ip_location_client->country_full, ip_location_client->province_full, ip_location_client->city_full, ip_location_client->subdivision_addr); ctx->ip_ctx.location_client=strdup(buff); - memset(buff,0,sizeof(buff)); - if(ip_location_client->subdivision_addr == NULL) - { - snprintf(buff, sizeof(buff), "%s.%s.", ip_location_client->country_full, ip_location_client->city_full); - } - else - { - snprintf(buff, sizeof(buff),"%s.%s.%s.%s.", ip_location_client->country_full,ip_location_client->province_full, ip_location_client->city_full, ip_location_client->subdivision_addr); - } - scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_SRC_LOCATION], - buff, strlen(buff),ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, - &n_hit_result, ctx->scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip+=n_hit_result; - } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_SRC_LOCATION], ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, - &n_hit_result, ctx->scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_ip+=n_hit_result; - } - if(scan_ret >= MAAT_SCAN_OK) + for(int level=0; level < 4; level++) { + memset(&hit_group, 0, sizeof(hit_group)); + hit_group.group_id=get_group_id_by_location(ip_location_client, level); + scan_ret = group_scan(ctx, vsys_id, hit_cnt, hit_group, TSG_OBJ_IP_SRC_GEO_COUNTRY+level); + if(scan_ret > 0) + { + hit_cnt_ip+=scan_ret; + } ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE); - ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_SRC_LOCATION] = maat_state_get_scan_count(ctx->scan_mid); + ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_SRC_GEO_COUNTRY+level] = maat_state_get_scan_count(ctx->scan_mid); } } @@ -1527,7 +1500,7 @@ int ip_asn_scan(struct policy_scan_ctx * ctx, int vsys_id, int table_id, struct ctx->ip_ctx.organization_server=strdup(ip_asn_server->organization); memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=ip_asn_server->group_id; + hit_group.group_id=ip_asn_server->asn_group_id; if(table_id == TSG_OBJ_DESTINATION_ADDR) { @@ -1569,7 +1542,7 @@ int ip_asn_scan(struct policy_scan_ctx * ctx, int vsys_id, int table_id, struct ctx->ip_ctx.organization_client=strdup(ip_asn_client->organization); memset(&hit_group, 0, sizeof(hit_group)); - hit_group.group_id=ip_asn_client->group_id; + hit_group.group_id=ip_asn_client->asn_group_id; if(table_id == TSG_OBJ_SOURCE_ADDR) { @@ -1613,26 +1586,6 @@ int ip_asn_scan(struct policy_scan_ctx * ctx, int vsys_id, int table_id, struct return hit_cnt_ip; } -static int group_scan(struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt, struct maat_hit_group hit_group, int table_id) -{ - size_t n_hit_result=0; - int scan_ret=0, hit_cnt_group=0; - - scan_ret = maat_scan_group(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], &hit_group, 1, - ctx->result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid); - if(scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group+=n_hit_result; - } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], ctx->result+hit_cnt+hit_cnt_group, - MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid); - if (scan_ret == MAAT_SCAN_HIT) - { - hit_cnt_group+=n_hit_result; - } - return hit_cnt_group; -} - int get_fqdn_category_id(struct request_query_obj *request, struct policy_scan_ctx * ctx, int vsys_id, const char *fqdn, int table_id, int hit_cnt) { int j=0, k=0; @@ -1970,7 +1923,6 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct { if(0 == strcasecmp(request->attri_name, "source") || 0 == strcasecmp(request->attri_name, "internal")) { - scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v4->saddr, request->ip_addr->v4->source, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) @@ -2379,8 +2331,14 @@ static void common_table_name_int(const char *table_name[__TSG_OBJ_MAX]) table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI"; table_name[TSG_OBJ_IP_SRC_ASN]="ATTR_SOURCE_ASN"; table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN"; - table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION"; - table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION"; + table_name[TSG_OBJ_IP_SRC_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY"; + table_name[TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_DST_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY"; + table_name[TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"; table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN"; table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_SERVER_FQDN_CAT"; table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP"; @@ -2405,7 +2363,8 @@ int maat_complie_plugin_table_init(int vsys_id, int compile_type_id) const char *table_name=NULL; const char *conjunction_table_name_map[] = {"SECURITY_COMPILE_CONJUNCTION", "PXY_CTRL_COMPILE_CONJUNCTION", "TRAFFIC_SHAPING_COMPILE_CONJUNCTION", - "SERVICE_CHAINING_COMPILE_CONJUNCTION", "PXY_INTERCEPT_COMPILE_CONJUNCTION","STATISTICS_COMPILE_CONJUNCTION", "MONITOR_COMPILE_CONJUNCTION"}; + "SERVICE_CHAINING_COMPILE_CONJUNCTION", "PXY_INTERCEPT_COMPILE_CONJUNCTION","STATISTICS_COMPILE_CONJUNCTION", + "MONITOR_COMPILE_CONJUNCTION", "DOS_PROTECTION_COMPILE_CONJUNCTION"}; table_name = conjunction_table_name_map[compile_type_id]; table_id=g_policy_rt->compile_table_id[compile_type_id]=maat_get_table_id(g_policy_rt->feather[vsys_id], table_name); @@ -2415,7 +2374,8 @@ int maat_complie_plugin_table_init(int vsys_id, int compile_type_id) } const char *plugin_table_name_map[] = {"SECURITY_COMPILE_PLUGIN", "PXY_CTRL_COMPILE_PLUGIN", "TRAFFIC_SHAPING_COMPILE_PLUGIN", - "SERVICE_CHAINING_COMPILE_PLUGIN", "PXY_INTERCEPT_COMPILE_PLUGIN", "STATISTICS_COMPILE_PLUGIN", "MONITOR_COMPILE_PLUGIN"}; + "SERVICE_CHAINING_COMPILE_PLUGIN", "PXY_INTERCEPT_COMPILE_PLUGIN", "STATISTICS_COMPILE_PLUGIN", + "MONITOR_COMPILE_PLUGIN", "DOS_PROTECTION_COMPILE_PLUGIN"}; table_name = plugin_table_name_map[compile_type_id]; table_id = g_policy_rt->plugin_table_id[compile_type_id]=maat_get_table_id(g_policy_rt->feather[vsys_id], table_name); diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index 26837ad..3e1b061 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -76,6 +76,7 @@ int tsg_policy_type_str2idx(const char *action_str) policy_name[PXY_TABLE_INTERCEPT] = "pxy_intercept"; policy_name[TSG_STATISTICS] = "statistics"; policy_name[TSG_MONITOR] = "monitor"; + policy_name[DOS_PROTECTION] = "dos_protection"; policy_name[PXY_TABLE_DEFENCE] = "active_defence"; size_t i = 0; @@ -128,8 +129,14 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p) table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI"; table_name[TSG_OBJ_IP_SRC_ASN]="ATTR_SOURCE_ASN"; table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN"; - table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION"; - table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION"; + table_name[TSG_OBJ_IP_SRC_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY"; + table_name[TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_DST_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY"; + table_name[TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA"; + table_name[TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"; table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN"; table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_SERVER_FQDN_CAT"; table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP"; diff --git a/resource/table_info.conf b/resource/table_info.conf index 4355247..df2aa89 100644 --- a/resource/table_info.conf +++ b/resource/table_info.conf @@ -365,6 +365,58 @@ }, { "table_id":28, + "table_name":"DOS_PROTECTION_COMPILE", + "table_type":"compile", + "user_region_encoded":"escape", + "valid_column":9, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":8 + } + }, + { + "table_id":29, + "table_name":"DOS_PROTECTION_COMPILE_CONJUNCTION", + "db_tables":["DOS_PROTECTION_COMPILE"], + "default_compile_table":1, + "table_type":"compile", + "user_region_encoded":"escape", + "valid_column":9, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":8 + } + }, + { + "table_id":30, + "table_name":"DOS_PROTECTION_COMPILE_PLUGIN", + "db_tables":["DOS_PROTECTION_COMPILE"], + "table_type":"plugin", + "valid_column":9, + "custom": { + "key":1, + "key_type":"integer", + "key_len": 8 + } + }, + { + "table_id":31, + "table_name":"GROUP_DOS_PROTECTION_COMPILE_RELATION", + "table_type":"group2compile", + "associated_compile_table_id":29, + "valid_column":6, + "custom": { + "group_id":1, + "compile_id":2, + "not_flag":3, + "virtual_table_name":4, + "clause_index":5 + } + }, + { + "table_id":32, "table_name":"OBJECT_GROUP", "table_type":"group2group", "valid_column":4, @@ -375,7 +427,7 @@ } }, { - "table_id":29, + "table_id":33, "table_name":"TSG_OBJ_IP", "db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"], "table_type":"ip", @@ -391,7 +443,7 @@ } }, { - "table_id":30, + "table_id":34, "table_name":"TSG_OBJ_SUBSCRIBER_ID", "table_type":"expr", "valid_column":7, @@ -405,7 +457,7 @@ } }, { - "table_id":31, + "table_id":35, "table_name":"TSG_OBJ_ACCOUNT", "table_type":"expr", "valid_column":7, @@ -419,7 +471,7 @@ } }, { - "table_id":32, + "table_id":36, "table_name":"TSG_OBJ_URL", "table_type":"expr", "valid_column":7, @@ -433,7 +485,7 @@ } }, { - "table_id":33, + "table_id":37, "table_name":"TSG_OBJ_FQDN", "table_type":"expr", "valid_column":7, @@ -447,7 +499,7 @@ } }, { - "table_id":34, + "table_id":38, "table_name":"TSG_OBJ_FQDN_CAT", "table_type":"interval", "valid_column":5, @@ -459,7 +511,7 @@ } }, { - "table_id":35, + "table_id":39, "table_name":"TSG_OBJ_KEYWORDS", "table_type":"expr", "valid_column":7, @@ -473,7 +525,7 @@ } }, { - "table_id":36, + "table_id":40, "table_name":"TSG_OBJ_HTTP_SIGNATURE", "table_type":"expr_plus", "valid_column":8, @@ -488,189 +540,193 @@ } }, { - "table_id":37, + "table_id":41, "table_name":"ATTR_HTTP_URL", "table_type":"virtual", "physical_table": "TSG_OBJ_URL" }, { - "table_id":38, + "table_id":42, "table_name":"ATTR_HTTP_REQ_HDR", "table_type":"virtual", "physical_table": "TSG_OBJ_HTTP_SIGNATURE" }, { - "table_id":39, + "table_id":43, "table_name":"ATTR_HTTP_RES_HDR", "table_type":"virtual", "physical_table": "TSG_OBJ_HTTP_SIGNATURE" }, { - "table_id":40, + "table_id":44, "table_name":"ATTR_HTTP_REQ_BODY", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":41, + "table_id":45, "table_name":"ATTR_HTTP_RES_BODY", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":42, + "table_id":46, "table_name":"ATTR_SSL_CN", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":43, + "table_id":47, "table_name":"ATTR_SSL_CN_CAT", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, { - "table_id":44, + "table_id":48, "table_name":"ATTR_SSL_SAN", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":45, + "table_id":49, "table_name":"ATTR_SSL_SAN_CAT", "table_type":"virtual", "physical_table":"TSG_OBJ_FQDN_CAT" }, { - "table_id":46, + "table_id":50, "table_name":"ATTR_DNS_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":47, + "table_id":51, "table_name":"ATTR_MAIL_ACCOUNT", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":48, + "table_id":52, "table_name":"ATTR_MAIL_FROM", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":49, + "table_id":53, "table_name":"ATTR_MAIL_TO", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":50, + "table_id":54, "table_name":"ATTR_MAIL_SUBJECT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":51, + "table_id":55, "table_name":"ATTR_MAIL_CONTENT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":52, + "table_id":56, "table_name":"ATTR_MAIL_ATT_NAME", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":53, + "table_id":57, "table_name":"ATTR_MAIL_ATT_CONTENT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":54, + "table_id":58, "table_name":"ATTR_FTP_URI", "table_type":"virtual", "physical_table": "TSG_OBJ_URL" }, { - "table_id":55, + "table_id":59, "table_name":"ATTR_FTP_CONTENT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":56, + "table_id":60, "table_name":"ATTR_FTP_ACCOUNT", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":57, + "table_id":61, "table_name":"ATTR_SOURCE_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":58, + "table_id":62, "table_name":"ATTR_DESTINATION_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":59, + "table_id":63, "table_name":"TSG_OBJ_IP_ASN_BUILT_IN", "table_type":"ip_plugin", - "valid_column":8, + "valid_column":9, "custom": { "item_id":1, "group_id":2, "ip_type":3, - "start_ip":4, - "end_ip":5 + "addr_format":4, + "start_ip":5, + "end_ip":6 } }, { - "table_id":60, + "table_id":64, "table_name":"TSG_OBJ_IP_ASN_USER_DEFINED", "table_type":"ip_plugin", - "valid_column":8, + "valid_column":9, "custom": { "item_id":1, "group_id":2, "ip_type":3, - "start_ip":4, - "end_ip":5 + "addr_format":4, + "start_ip":5, + "end_ip":6 } }, { - "table_id":61, + "table_id":65, "table_name":"TSG_IP_LOCATION_BUILT_IN", "table_type":"ip_plugin", - "valid_column":19, + "valid_column":24, "custom": { "item_id":1, - "ip_type":3, - "start_ip":4, - "end_ip":5 + "ip_type":7, + "start_ip":9, + "end_ip":10, + "addr_format":8 } }, { - "table_id":62, + "table_id":66, "table_name":"TSG_IP_LOCATION_USER_DEFINED", "table_type":"ip_plugin", - "valid_column":19, + "valid_column":24, "custom": { "item_id":1, - "ip_type":3, - "start_ip":4, - "end_ip":5 + "ip_type":7, + "start_ip":9, + "end_ip":10, + "addr_format":8 } }, { - "table_id":63, + "table_id":67, "table_name":"TSG_OBJ_AS_NUMBER", "table_type":"expr", "valid_column":7, @@ -684,19 +740,19 @@ } }, { - "table_id":64, + "table_id":68, "table_name":"ATTR_SOURCE_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":65, + "table_id":69, "table_name":"ATTR_DESTINATION_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":66, + "table_id":70, "table_name":"TSG_OBJ_GEO_LOCATION", "table_type":"expr", "valid_column":7, @@ -710,19 +766,55 @@ } }, { - "table_id":67, - "table_name":"ATTR_SOURCE_LOCATION", + "table_id":71, + "table_name":"ATTR_SOURCE_GEO_COUNTRY", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":68, - "table_name":"ATTR_DESTINATION_LOCATION", + "table_id":72, + "table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":69, + "table_id":73, + "table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":74, + "table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":75, + "table_name":"ATTR_DESTINATION_GEO_COUNTRY", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":76, + "table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":77, + "table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":78, + "table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":79, "table_name":"TSG_FQDN_CATEGORY_BUILT_IN", "table_type":"fqdn_plugin", "valid_column":6, @@ -733,7 +825,7 @@ } }, { - "table_id":70, + "table_id":80, "table_name":"TSG_FQDN_CATEGORY_USER_DEFINED", "table_type":"fqdn_plugin", "valid_column":6, @@ -744,19 +836,19 @@ } }, { - "table_id":71, + "table_id":81, "table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":72, + "table_id":82, "table_name":"ATTR_SIP_RESPONDER_DESCRIPTION", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":73, + "table_id":83, "table_name":"TSG_OBJ_IMSI", "table_type":"expr", "valid_column":7, @@ -770,7 +862,7 @@ } }, { - "table_id":74, + "table_id":84, "table_name":"TSG_OBJ_PHONE_NUMBER", "table_type":"expr", "valid_column":7, @@ -784,7 +876,7 @@ } }, { - "table_id":75, + "table_id":85, "table_name":"TSG_OBJ_APN", "table_type":"expr", "valid_column":7, @@ -798,25 +890,25 @@ } }, { - "table_id":76, + "table_id":86, "table_name":"ATTR_GTP_IMSI", "table_type":"virtual", "physical_table": "TSG_OBJ_IMSI" }, { - "table_id":77, + "table_id":87, "table_name":"ATTR_GTP_PHONE_NUMBER", "table_type":"virtual", "physical_table": "TSG_OBJ_PHONE_NUMBER" }, { - "table_id":78, + "table_id":88, "table_name":"ATTR_GTP_APN", "table_type":"virtual", "physical_table": "TSG_OBJ_APN" }, { - "table_id":79, + "table_id":89, "table_name":"TSG_TUNNEL_CATALOG", "table_type":"bool_plugin", "valid_column":6, @@ -826,7 +918,7 @@ } }, { - "table_id":80, + "table_id":90, "table_name":"TSG_TUNNEL_ENDPOINT", "table_type":"ip_plugin", "valid_column":6, @@ -838,7 +930,7 @@ } }, { - "table_id":81, + "table_id":91, "table_name":"TSG_TUNNEL_LABEL", "table_type":"plugin", "valid_column":4, @@ -849,13 +941,13 @@ } }, { - "table_id":82, + "table_id":92, "table_name":"ATTR_TUNNEL", "table_type":"virtual", "physical_table": "TSG_TUNNEL_CATALOG" }, { - "table_id":83, + "table_id":93, "table_name":"TSG_OBJ_FLAG", "table_type":"flag", "valid_column":5, @@ -867,19 +959,19 @@ } }, { - "table_id":84, + "table_id":94, "table_name":"ATTR_FLAG", "table_type":"virtual", "physical_table": "TSG_OBJ_FLAG" }, { - "table_id":85, + "table_id":95, "table_name":"ATTR_DOH_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":86, + "table_id":96, "table_name":"TSG_OBJ_IMEI", "table_type":"expr", "valid_column":7, @@ -893,13 +985,13 @@ } }, { - "table_id":87, + "table_id":97, "table_name":"ATTR_GTP_IMEI", "table_type":"virtual", "physical_table": "TSG_OBJ_IMEI" }, { - "table_id":88, + "table_id":98, "table_name": "APP_ID_DICT", "table_type": "plugin", "valid_column": 19, @@ -910,43 +1002,43 @@ } }, { - "table_id":89, + "table_id":99, "table_name":"ATTR_SUBSCRIBER_ID", "table_type":"virtual", "physical_table": "TSG_OBJ_SUBSCRIBER_ID" }, { - "table_id":90, + "table_id":100, "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" }, { - "table_id":91, + "table_id":101, "table_name": "ATTR_SERVER_FQDN", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":92, + "table_id":102, "table_name": "ATTR_SERVER_FQDN_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, { - "table_id":93, + "table_id":103, "table_name":"ATTR_INTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":94, + "table_id":104, "table_name":"ATTR_EXTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":95, + "table_id":105, "table_name": "TSG_IP_PROTOCOL", "table_type": "plugin", "valid_column": 4, @@ -957,7 +1049,7 @@ } }, { - "table_id":96, + "table_id":106, "table_name":"TSG_OBJ_PORT", "table_type":"interval", "valid_column":5, @@ -969,67 +1061,67 @@ } }, { - "table_id":97, + "table_id":107, "table_name": "ATTR_SOURCE_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":98, + "table_id":108, "table_name": "ATTR_DESTINATION_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":99, + "table_id":109, "table_name": "ATTR_INTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":100, + "table_id":110, "table_name": "ATTR_EXTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":101, + "table_id":111, "table_name": "ATTR_IP_PROTOCOL", "table_type": "virtual", "physical_table": "TSG_IP_PROTOCOL" }, { - "table_id":102, + "table_id":112, "table_name": "ATTR_SSL_ECH", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":103, + "table_id":113, "table_name": "ATTR_SSL_ESNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":104, + "table_id":114, "table_name": "ATTR_SSL_NO_SNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":105, + "table_id":115, "table_name":"ATTR_TUNNEL_LEVEL", "table_type":"virtual", "physical_table": "TSG_TUNNEL_CATALOG" }, { - "table_id":106, + "table_id":116, "table_name":"ATTR_INTERNAL_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":107, + "table_id":117, "table_name":"ATTR_EXTERNAL_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" diff --git a/resource/table_info_simple.conf b/resource/table_info_simple.conf index c6468a9..2fb2a49 100644 --- a/resource/table_info_simple.conf +++ b/resource/table_info_simple.conf @@ -33,7 +33,7 @@ "valid_column":9, "custom": { "key":1, - "key_type":"integer", + "key_type":"integer", "key_len":8 } }, @@ -365,6 +365,58 @@ }, { "table_id":28, + "table_name":"DOS_PROTECTION_COMPILE", + "table_type":"compile", + "user_region_encoded":"escape", + "valid_column":9, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":8 + } + }, + { + "table_id":29, + "table_name":"DOS_PROTECTION_COMPILE_CONJUNCTION", + "db_tables":["DOS_PROTECTION_COMPILE"], + "default_compile_table":1, + "table_type":"compile", + "user_region_encoded":"escape", + "valid_column":9, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":8 + } + }, + { + "table_id":30, + "table_name":"DOS_PROTECTION_COMPILE_PLUGIN", + "db_tables":["DOS_PROTECTION_COMPILE"], + "table_type":"plugin", + "valid_column":9, + "custom": { + "key":1, + "key_type":"integer", + "key_len": 8 + } + }, + { + "table_id":31, + "table_name":"GROUP_DOS_PROTECTION_COMPILE_RELATION", + "table_type":"group2compile", + "associated_compile_table_id":29, + "valid_column":6, + "custom": { + "group_id":1, + "compile_id":2, + "not_flag":3, + "virtual_table_name":4, + "clause_index":5 + } + }, + { + "table_id":32, "table_name":"OBJECT_GROUP", "table_type":"group2group", "valid_column":4, @@ -375,7 +427,7 @@ } }, { - "table_id":29, + "table_id":33, "table_name":"TSG_OBJ_IP", "db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"], "table_type":"ip", @@ -391,7 +443,7 @@ } }, { - "table_id":30, + "table_id":34, "table_name":"TSG_OBJ_SUBSCRIBER_ID", "table_type":"expr", "valid_column":7, @@ -405,7 +457,7 @@ } }, { - "table_id":31, + "table_id":35, "table_name":"TSG_OBJ_ACCOUNT", "table_type":"expr", "valid_column":7, @@ -419,7 +471,7 @@ } }, { - "table_id":32, + "table_id":36, "table_name":"TSG_OBJ_URL", "table_type":"expr", "valid_column":7, @@ -433,7 +485,7 @@ } }, { - "table_id":33, + "table_id":37, "table_name":"TSG_OBJ_FQDN", "table_type":"expr", "valid_column":7, @@ -447,7 +499,7 @@ } }, { - "table_id":34, + "table_id":38, "table_name":"TSG_OBJ_FQDN_CAT", "table_type":"interval", "valid_column":5, @@ -459,7 +511,7 @@ } }, { - "table_id":35, + "table_id":39, "table_name":"TSG_OBJ_KEYWORDS", "table_type":"expr", "valid_column":7, @@ -473,7 +525,7 @@ } }, { - "table_id":36, + "table_id":40, "table_name":"TSG_OBJ_HTTP_SIGNATURE", "table_type":"expr_plus", "valid_column":8, @@ -488,139 +540,139 @@ } }, { - "table_id":37, + "table_id":41, "table_name":"ATTR_HTTP_URL", "table_type":"virtual", "physical_table": "TSG_OBJ_URL" }, { - "table_id":38, + "table_id":42, "table_name":"ATTR_HTTP_REQ_HDR", "table_type":"virtual", "physical_table": "TSG_OBJ_HTTP_SIGNATURE" }, { - "table_id":39, + "table_id":43, "table_name":"ATTR_HTTP_RES_HDR", "table_type":"virtual", "physical_table": "TSG_OBJ_HTTP_SIGNATURE" }, { - "table_id":40, + "table_id":44, "table_name":"ATTR_HTTP_REQ_BODY", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":41, + "table_id":45, "table_name":"ATTR_HTTP_RES_BODY", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":42, + "table_id":46, "table_name":"ATTR_SSL_CN", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":43, + "table_id":47, "table_name":"ATTR_SSL_CN_CAT", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, { - "table_id":44, + "table_id":48, "table_name":"ATTR_SSL_SAN", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":45, + "table_id":49, "table_name":"ATTR_SSL_SAN_CAT", "table_type":"virtual", "physical_table":"TSG_OBJ_FQDN_CAT" }, { - "table_id":46, + "table_id":50, "table_name":"ATTR_DNS_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":47, + "table_id":51, "table_name":"ATTR_MAIL_ACCOUNT", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":48, + "table_id":52, "table_name":"ATTR_MAIL_FROM", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":49, + "table_id":53, "table_name":"ATTR_MAIL_TO", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":50, + "table_id":54, "table_name":"ATTR_MAIL_SUBJECT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":51, + "table_id":55, "table_name":"ATTR_MAIL_CONTENT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":52, + "table_id":56, "table_name":"ATTR_MAIL_ATT_NAME", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":53, + "table_id":57, "table_name":"ATTR_MAIL_ATT_CONTENT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":54, + "table_id":58, "table_name":"ATTR_FTP_URI", "table_type":"virtual", "physical_table": "TSG_OBJ_URL" }, { - "table_id":55, + "table_id":59, "table_name":"ATTR_FTP_CONTENT", "table_type":"virtual", "physical_table": "TSG_OBJ_KEYWORDS" }, { - "table_id":56, + "table_id":60, "table_name":"ATTR_FTP_ACCOUNT", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":57, + "table_id":61, "table_name":"ATTR_SOURCE_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":58, + "table_id":62, "table_name":"ATTR_DESTINATION_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":59, + "table_id":67, "table_name":"TSG_OBJ_AS_NUMBER", "table_type":"expr", "valid_column":7, @@ -634,19 +686,19 @@ } }, { - "table_id":64, + "table_id":68, "table_name":"ATTR_SOURCE_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":65, + "table_id":69, "table_name":"ATTR_DESTINATION_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":66, + "table_id":70, "table_name":"TSG_OBJ_GEO_LOCATION", "table_type":"expr", "valid_column":7, @@ -660,31 +712,67 @@ } }, { - "table_id":67, - "table_name":"ATTR_SOURCE_LOCATION", + "table_id":71, + "table_name":"ATTR_SOURCE_GEO_COUNTRY", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":68, - "table_name":"ATTR_DESTINATION_LOCATION", + "table_id":72, + "table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA", "table_type":"virtual", "physical_table": "TSG_OBJ_GEO_LOCATION" }, { - "table_id":69, + "table_id":73, + "table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":74, + "table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":75, + "table_name":"ATTR_DESTINATION_GEO_COUNTRY", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":76, + "table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":77, + "table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":78, + "table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA", + "table_type":"virtual", + "physical_table": "TSG_OBJ_GEO_LOCATION" + }, + { + "table_id":81, "table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":72, + "table_id":82, "table_name":"ATTR_SIP_RESPONDER_DESCRIPTION", "table_type":"virtual", "physical_table": "TSG_OBJ_ACCOUNT" }, { - "table_id":73, + "table_id":83, "table_name":"TSG_OBJ_IMSI", "table_type":"expr", "valid_column":7, @@ -698,7 +786,7 @@ } }, { - "table_id":74, + "table_id":84, "table_name":"TSG_OBJ_PHONE_NUMBER", "table_type":"expr", "valid_column":7, @@ -712,7 +800,7 @@ } }, { - "table_id":75, + "table_id":85, "table_name":"TSG_OBJ_APN", "table_type":"expr", "valid_column":7, @@ -726,25 +814,25 @@ } }, { - "table_id":76, + "table_id":86, "table_name":"ATTR_GTP_IMSI", "table_type":"virtual", "physical_table": "TSG_OBJ_IMSI" }, { - "table_id":77, + "table_id":87, "table_name":"ATTR_GTP_PHONE_NUMBER", "table_type":"virtual", "physical_table": "TSG_OBJ_PHONE_NUMBER" }, { - "table_id":78, + "table_id":88, "table_name":"ATTR_GTP_APN", "table_type":"virtual", "physical_table": "TSG_OBJ_APN" }, { - "table_id":79, + "table_id":89, "table_name":"TSG_TUNNEL_CATALOG", "table_type":"bool_plugin", "valid_column":6, @@ -754,7 +842,7 @@ } }, { - "table_id":80, + "table_id":90, "table_name":"TSG_TUNNEL_ENDPOINT", "table_type":"ip_plugin", "valid_column":6, @@ -762,12 +850,11 @@ "item_id":1, "ip_type":2, "start_ip":3, - "end_ip":4, - "addr_format":7 + "end_ip":4 } }, { - "table_id":81, + "table_id":91, "table_name":"TSG_TUNNEL_LABEL", "table_type":"plugin", "valid_column":4, @@ -778,13 +865,13 @@ } }, { - "table_id":82, + "table_id":92, "table_name":"ATTR_TUNNEL", "table_type":"virtual", "physical_table": "TSG_TUNNEL_CATALOG" }, { - "table_id":83, + "table_id":93, "table_name":"TSG_OBJ_FLAG", "table_type":"flag", "valid_column":5, @@ -796,19 +883,19 @@ } }, { - "table_id":84, + "table_id":94, "table_name":"ATTR_FLAG", "table_type":"virtual", "physical_table": "TSG_OBJ_FLAG" }, { - "table_id":85, + "table_id":95, "table_name":"ATTR_DOH_QNAME", "table_type":"virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":86, + "table_id":96, "table_name":"TSG_OBJ_IMEI", "table_type":"expr", "valid_column":7, @@ -822,13 +909,13 @@ } }, { - "table_id":87, + "table_id":97, "table_name":"ATTR_GTP_IMEI", "table_type":"virtual", "physical_table": "TSG_OBJ_IMEI" }, { - "table_id":88, + "table_id":98, "table_name": "APP_ID_DICT", "table_type": "plugin", "valid_column": 19, @@ -839,43 +926,43 @@ } }, { - "table_id":89, + "table_id":99, "table_name":"ATTR_SUBSCRIBER_ID", "table_type":"virtual", "physical_table": "TSG_OBJ_SUBSCRIBER_ID" }, { - "table_id":90, + "table_id":100, "table_name":"ATTR_APP_ID", "table_type":"virtual", "physical_table": "APP_ID_DICT" }, { - "table_id":91, + "table_id":101, "table_name": "ATTR_SERVER_FQDN", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":92, + "table_id":102, "table_name": "ATTR_SERVER_FQDN_CAT", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN_CAT" }, { - "table_id":93, + "table_id":103, "table_name":"ATTR_INTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":94, + "table_id":104, "table_name":"ATTR_EXTERNAL_IP", "table_type":"virtual", "physical_table": "TSG_OBJ_IP" }, { - "table_id":95, + "table_id":105, "table_name": "TSG_IP_PROTOCOL", "table_type": "plugin", "valid_column": 4, @@ -886,7 +973,7 @@ } }, { - "table_id":96, + "table_id":106, "table_name":"TSG_OBJ_PORT", "table_type":"interval", "valid_column":5, @@ -898,67 +985,67 @@ } }, { - "table_id":97, + "table_id":107, "table_name": "ATTR_SOURCE_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":98, + "table_id":108, "table_name": "ATTR_DESTINATION_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":99, + "table_id":109, "table_name": "ATTR_INTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":100, + "table_id":110, "table_name": "ATTR_EXTERNAL_PORT", "table_type": "virtual", "physical_table": "TSG_OBJ_PORT" }, { - "table_id":101, + "table_id":111, "table_name": "ATTR_IP_PROTOCOL", "table_type": "virtual", "physical_table": "TSG_IP_PROTOCOL" }, { - "table_id":102, + "table_id":112, "table_name": "ATTR_SSL_ECH", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":103, + "table_id":113, "table_name": "ATTR_SSL_ESNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":104, + "table_id":114, "table_name": "ATTR_SSL_NO_SNI", "table_type": "virtual", "physical_table": "TSG_OBJ_FQDN" }, { - "table_id":105, + "table_id":115, "table_name":"ATTR_TUNNEL_LEVEL", "table_type":"virtual", "physical_table": "TSG_TUNNEL_CATALOG" }, { - "table_id":106, + "table_id":116, "table_name":"ATTR_INTERNAL_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER" }, { - "table_id":107, + "table_id":117, "table_name":"ATTR_EXTERNAL_ASN", "table_type":"virtual", "physical_table": "TSG_OBJ_AS_NUMBER"