gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-20208 PolicyVerify适配新增的DOS_PROTECTION_COMPILE编译表 TSG-20138 PolicyVerify支持Geolication Object

Browse Source
This commit is contained in:
fengweihao
2024-04-02 17:49:53 +08:00
parent 1f1940ee20
commit cf10a4b48b
5 changed files with 507 additions and 354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
common/include/verify_policy.h
View File

@@ -30,6 +30,7 @@ enum compile_table_typle
PXY_TABLE_INTERCEPT,
TSG_STATISTICS,
TSG_MONITOR,
DOS_PROTECTION,
PXY_TABLE_DEFENCE,
__SCAN_POLICY_MAX
};
@@ -71,8 +72,14 @@ enum tsg_obj_table
TSG_OBJ_GTP_IMEI,
TSG_OBJ_IP_SRC_ASN,
TSG_OBJ_IP_DST_ASN,
TSG_OBJ_IP_SRC_LOCATION,
TSG_OBJ_IP_DST_LOCATION,
TSG_OBJ_IP_SRC_GEO_COUNTRY,
TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_DST_GEO_COUNTRY,
TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA,
TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA,
TSG_OBJ_DST_SERVER_FQDN,
TSG_OBJ_DST_SERVER_FQDN_CAT,
TSG_OBJ_INTERNAL_ADDR,

292
platform/src/verify_matcher.cpp
View File

@@ -70,17 +70,19 @@ enum verify_profile_table
struct ip_data_table
{
int profile_id;
int group_id;
int ref_cnt;
int asn_group_id;
int geoname_group_id;
int country_region_group_id;
int province_group_id;
int city_group_id;
int subdivision_group_id;
char *asn;
char *organization;
char *country_full;
char *province_full;
char *city_full;
char *subdivision_addr;
int ref_cnt;
pthread_mutex_t lock;
};
@@ -92,8 +94,14 @@ struct http_field_name
enum nth_scan_type
{
NTH_SCAN_IP_SRC_LOCATION = 0,
NTH_SCAN_IP_DST_LOCATION,
NTH_SCAN_IP_SRC_GEO_COUNTRY = 0,
NTH_SCAN_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA,
NTH_SCAN_IP_SRC_GEO_ADMINISTRATIVE_AREA,
NTH_SCAN_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA,
NTH_SCAN_IP_DST_GEO_COUNTRY,
NTH_SCAN_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA,
NTH_SCAN_IP_DST_GEO_ADMINISTRATIVE_AREA,
NTH_SCAN_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA,
NTH_SCAN_IP_DST_ASN,
NTH_SCAN_IP_SRC_ASN,
NTH_SCAN_IP_INTERNAL_ASN,
@@ -193,8 +201,6 @@ struct verify_policy_rt
int scan_table_id[__TSG_OBJ_MAX];
};
static int ip_location_column_num =0;
struct verify_policy_rt * g_policy_rt;
#define MAAT_INPUT_JSON 0
@@ -315,11 +321,12 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key,
{
int addr_type, group_id=0;
int ret=0,profile_id=0,is_valid=0;
char addr_format[40]={0};
char start_ip[40], end_ip[40],asn[40]={0};
char organization[VERIFY_ARRAY_MAX];
ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%d", &profile_id, &group_id, &addr_type, start_ip, end_ip, asn, organization, &is_valid);
if(ret!=8)
ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id, &group_id, &addr_type, addr_format, start_ip, end_ip, asn, organization, &is_valid);
if(ret!=9)
{
mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line);
return;
@@ -331,7 +338,7 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key,
ip_asn->profile_id=profile_id;
ip_asn->asn=strdup(asn);
ip_asn->organization=strdup(organization);
ip_asn->group_id=group_id;
ip_asn->asn_group_id=group_id;
ip_asn->ref_cnt=1;
pthread_mutex_init(&(ip_asn->lock), NULL);
@@ -339,27 +346,13 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key,
*ad = ip_asn;
}
static int get_column_num(const char* line)
{
const char* seps=" \t";
char* saveptr=NULL, *subtoken=NULL, *str=NULL;
char* dup_line=strdup(line);
int i=0;
for (str = dup_line; ; str = NULL)
{
subtoken = strtok_r(str, seps, &saveptr);
if (subtoken == NULL)
break;
i++;
}
free(dup_line);
return i;
}
void ip_location_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp)
{
int ret=0,profile_id=0,is_valid=0;
int geoname_id=0, addr_type=0;
char addr_format[VERIFY_PATH_MAX];
int country_region_group_id=0;
int province_group_id=0,city_group_id=0,subdivision_group_id=0;
double latitude, longitude, coords;
char language[40], start_ip[40], end_ip[40];
char continent_abbr[VERIFY_ARRAY_MAX],continent_full[VERIFY_ARRAY_MAX];
@@ -367,61 +360,37 @@ void ip_location_table_new_cb(const char *table_name, int table_id, const char*
char country_full[VERIFY_ARRAY_MAX],province_full[VERIFY_ARRAY_MAX], city_full[VERIFY_ARRAY_MAX];
char subdivision_addr[VERIFY_STRING_MAX];
if(ip_location_column_num == 0)
{
ip_location_column_num = get_column_num(table_line);
}
ret=sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t %s\t%s\t%s\t%lf\t%lf\t%lf\t%s\t %s\t%s\t%s\t%s\t%s\t%s \t%s\t%s\t%s\t%d", &profile_id,&geoname_id,
&country_region_group_id,&province_group_id,&city_group_id,&subdivision_group_id,&addr_type,addr_format,start_ip,end_ip,&latitude,&longitude,&coords,language,
continent_abbr,continent_full,country_abbr,country_full,province_abbr,province_full,city_full,subdivision_addr,time_zone,&is_valid);
if(ip_location_column_num == 20)
{
ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id,&geoname_id,
&addr_type, start_ip,end_ip,&latitude,&longitude,&coords,language,
continent_abbr,continent_full, country_abbr,country_full,province_abbr,province_full,
city_full, time_zone,&is_valid);
if(ret!=18)
if(ret != 24)
{
mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line);
return;
}
}
else
{
ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id,&geoname_id,
&addr_type, start_ip,end_ip,&latitude,&longitude,&coords,language,
continent_abbr,continent_full, country_abbr,country_full,province_abbr,province_full,
city_full, subdivision_addr, time_zone,&is_valid);
if(ret!=19)
{
mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line);
return;
}
}
verify_unescape(continent_full);
verify_unescape(country_full);
verify_unescape(province_full);
verify_unescape(city_full);
if(ip_location_column_num != 20)
{
verify_unescape(subdivision_addr);
}
struct ip_data_table* ip_asn=ALLOC(struct ip_data_table, 1);
memset(ip_asn, 0, sizeof(struct ip_data_table));
ip_asn->profile_id=profile_id;
ip_asn->country_full=strdup(country_full);
ip_asn->province_full=strdup(province_full);
ip_asn->city_full=strdup(city_full);
if(ip_location_column_num != 20)
{
ip_asn->subdivision_addr=strdup(subdivision_addr);
}
ip_asn->ref_cnt=1;
pthread_mutex_init(&(ip_asn->lock), NULL);
mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id);
*ad = ip_asn;
struct ip_data_table* ip_location=ALLOC(struct ip_data_table, 1);
memset(ip_location, 0, sizeof(struct ip_data_table));
ip_location->profile_id=profile_id;
ip_location->country_region_group_id=country_region_group_id;
ip_location->province_group_id=province_group_id;
ip_location->city_group_id=city_group_id;
ip_location->subdivision_group_id=subdivision_group_id;
ip_location->country_full=strdup(country_full);
ip_location->province_full=strdup(province_full);
ip_location->city_full=strdup(city_full);
ip_location->subdivision_addr=strdup(subdivision_addr);
ip_location->ref_cnt=1;
pthread_mutex_init(&(ip_location->lock), NULL);
mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id);
*ad = ip_location;
}
void ip_table_dup_cb(int table_id, void **to, void **from, long argl, void* argp)
@@ -1200,17 +1169,29 @@ int policy_verify_regex_expression(const char *expression)
static int get_ip_location_asn_table_name(struct ip_data_ctx *ip_ctx, int Nth_scan, cJSON *topObject)
{
/*ip location**/
int xret = 0;
if(ip_ctx->Nth_scan[NTH_SCAN_IP_SRC_LOCATION] == Nth_scan)
int xret = 0, level=0;
const char *client_table_name[]={"ATTR_SOURCE_GEO_COUNTRY", "ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA",
"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA", "ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA"};
const char *server_tabel_name[]={"ATTR_DESTINATION_GEO_COUNTRY", "ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA",
"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA", "ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA"};
for(level = NTH_SCAN_IP_SRC_GEO_COUNTRY; level <= NTH_SCAN_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA; level++)
{
cJSON_AddStringToObject(topObject, "tableName", "ATTR_SOURCE_LOCATION");
if(ip_ctx->Nth_scan[level] == Nth_scan)
{
cJSON_AddStringToObject(topObject, "tableName", client_table_name[level]);
goto finish;
}
if(ip_ctx->Nth_scan[NTH_SCAN_IP_DST_LOCATION] == Nth_scan)
}
for(level = NTH_SCAN_IP_DST_GEO_COUNTRY; level <= NTH_SCAN_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA; level ++)
{
cJSON_AddStringToObject(topObject, "tableName", "ATTR_DESTINATION_LOCATION");
if(ip_ctx->Nth_scan[level] == Nth_scan)
{
cJSON_AddStringToObject(topObject, "tableName", server_tabel_name[level-NTH_SCAN_IP_DST_GEO_COUNTRY]);
goto finish;
}
}
if(ip_ctx->Nth_scan[NTH_SCAN_IP_SRC_ASN] == Nth_scan)
{
cJSON_AddStringToObject(topObject, "tableName", "ATTR_SOURCE_ASN");
@@ -1377,11 +1358,48 @@ int ip_addr_to_address(struct ipaddr *ip_addr, struct ip_addr *dest_ip, struct i
return 0;
}
int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *sip, struct ip_addr *dip, int hit_cnt)
static int group_scan(struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt, struct maat_hit_group hit_group, int table_id)
{
size_t n_hit_result=0;
int scan_ret=0, hit_cnt_group=0;
scan_ret = maat_scan_group(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], &hit_group, 1,
ctx->result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_group+=n_hit_result;
}
scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], ctx->result+hit_cnt+hit_cnt_group,
MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_group+=n_hit_result;
}
return hit_cnt_group;
}
static int get_group_id_by_location(struct ip_data_table* ip_location, int level)
{
switch(level)
{
case 0:
return ip_location->country_region_group_id;
case 1:
return ip_location->province_group_id;
case 2:
return ip_location->city_group_id;
case 3:
return ip_location->subdivision_group_id;
default:
return 0;
}
}
int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *sip, struct ip_addr *dip, int hit_cnt)
{
int scan_ret=0, hit_cnt_ip=0;
char buff[VERIFY_STRING_MAX * 2]={0};
struct maat_hit_group hit_group;
struct maat_hit_path hit_path[HIT_PATH_SIZE];
struct ip_data_table* ip_location_client=NULL, *ip_location_server=NULL;
@@ -1406,85 +1424,40 @@ int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *s
if(ip_location_server!=NULL)
{
memset(buff,0,sizeof(buff));
if(ip_location_server->subdivision_addr == NULL || strcasecmp(ip_location_server->subdivision_addr, "null") == 0)
{
snprintf(buff, sizeof(buff), "%s.%s.%s", ip_location_server->country_full, ip_location_server->province_full, ip_location_server->city_full);
}
else
{
snprintf(buff, sizeof(buff), "%s.%s.%s.%s", ip_location_server->country_full, ip_location_server->province_full, ip_location_server->city_full, ip_location_server->subdivision_addr);
}
ctx->ip_ctx.location_server=strdup(buff);
memset(buff,0,sizeof(buff));
for(int level=0; level < 4; level++)
{
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=get_group_id_by_location(ip_location_server, level);
if(ip_location_server->subdivision_addr == NULL)
scan_ret = group_scan(ctx, vsys_id, hit_cnt, hit_group, TSG_OBJ_IP_DST_GEO_COUNTRY+level);
if(scan_ret > 0)
{
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_server->country_full, ip_location_server->city_full);
hit_cnt_ip+=scan_ret;
}
else
{
snprintf(buff, sizeof(buff),"%s.%s.%s.%s.", ip_location_server->country_full,ip_location_server->province_full, ip_location_server->city_full, ip_location_server->subdivision_addr);
}
scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_DST_LOCATION],
buff, strlen(buff), ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip,
&n_hit_result, ctx->scan_mid);
if(scan_ret>0)
{
hit_cnt_ip+=n_hit_result;
}
scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_DST_LOCATION], ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip+=n_hit_result;
}
if(scan_ret >= MAAT_SCAN_OK)
{
ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE);
ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_DST_LOCATION] = maat_state_get_scan_count(ctx->scan_mid);
ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_DST_GEO_COUNTRY+level] = maat_state_get_scan_count(ctx->scan_mid);
}
}
if(ip_location_client!=NULL)
{
memset(buff,0,sizeof(buff));
if(ip_location_client->subdivision_addr == NULL || strcasecmp(ip_location_client->subdivision_addr, "null") == 0)
{
snprintf(buff, sizeof(buff), "%s.%s.%s", ip_location_client->country_full, ip_location_client->province_full, ip_location_client->city_full);
}
else
{
snprintf(buff, sizeof(buff), "%s.%s.%s.%s", ip_location_client->country_full, ip_location_client->province_full, ip_location_client->city_full, ip_location_client->subdivision_addr);
}
ctx->ip_ctx.location_client=strdup(buff);
memset(buff,0,sizeof(buff));
if(ip_location_client->subdivision_addr == NULL)
for(int level=0; level < 4; level++)
{
snprintf(buff, sizeof(buff), "%s.%s.", ip_location_client->country_full, ip_location_client->city_full);
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=get_group_id_by_location(ip_location_client, level);
scan_ret = group_scan(ctx, vsys_id, hit_cnt, hit_group, TSG_OBJ_IP_SRC_GEO_COUNTRY+level);
if(scan_ret > 0)
{
hit_cnt_ip+=scan_ret;
}
else
{
snprintf(buff, sizeof(buff),"%s.%s.%s.%s.", ip_location_client->country_full,ip_location_client->province_full, ip_location_client->city_full, ip_location_client->subdivision_addr);
}
scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_SRC_LOCATION],
buff, strlen(buff),ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip,
&n_hit_result, ctx->scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip+=n_hit_result;
}
scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_IP_SRC_LOCATION], ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip,
&n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_ip+=n_hit_result;
}
if(scan_ret >= MAAT_SCAN_OK)
{
ctx->n_read=maat_state_get_hit_paths(ctx->scan_mid, hit_path, HIT_PATH_SIZE);
ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_SRC_LOCATION] = maat_state_get_scan_count(ctx->scan_mid);
ctx->ip_ctx.Nth_scan[NTH_SCAN_IP_SRC_GEO_COUNTRY+level] = maat_state_get_scan_count(ctx->scan_mid);
}
}
@@ -1527,7 +1500,7 @@ int ip_asn_scan(struct policy_scan_ctx * ctx, int vsys_id, int table_id, struct
ctx->ip_ctx.organization_server=strdup(ip_asn_server->organization);
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=ip_asn_server->group_id;
hit_group.group_id=ip_asn_server->asn_group_id;
if(table_id == TSG_OBJ_DESTINATION_ADDR)
{
@@ -1569,7 +1542,7 @@ int ip_asn_scan(struct policy_scan_ctx * ctx, int vsys_id, int table_id, struct
ctx->ip_ctx.organization_client=strdup(ip_asn_client->organization);
memset(&hit_group, 0, sizeof(hit_group));
hit_group.group_id=ip_asn_client->group_id;
hit_group.group_id=ip_asn_client->asn_group_id;
if(table_id == TSG_OBJ_SOURCE_ADDR)
{
@@ -1613,26 +1586,6 @@ int ip_asn_scan(struct policy_scan_ctx * ctx, int vsys_id, int table_id, struct
return hit_cnt_ip;
}
static int group_scan(struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt, struct maat_hit_group hit_group, int table_id)
{
size_t n_hit_result=0;
int scan_ret=0, hit_cnt_group=0;
scan_ret = maat_scan_group(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], &hit_group, 1,
ctx->result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_group+=n_hit_result;
}
scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], ctx->result+hit_cnt+hit_cnt_group,
MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid);
if (scan_ret == MAAT_SCAN_HIT)
{
hit_cnt_group+=n_hit_result;
}
return hit_cnt_group;
}
int get_fqdn_category_id(struct request_query_obj *request, struct policy_scan_ctx * ctx, int vsys_id, const char *fqdn, int table_id, int hit_cnt)
{
int j=0, k=0;
@@ -1970,7 +1923,6 @@ static int ip_addr_scan(struct request_query_obj *request, struct policy_scan_ct
{
if(0 == strcasecmp(request->attri_name, "source") || 0 == strcasecmp(request->attri_name, "internal"))
{
scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[table_id], request->ip_addr->v4->saddr, request->ip_addr->v4->source,
ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid);
if(scan_ret == MAAT_SCAN_HIT)
@@ -2379,8 +2331,14 @@ static void common_table_name_int(const char *table_name[__TSG_OBJ_MAX])
table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI";
table_name[TSG_OBJ_IP_SRC_ASN]="ATTR_SOURCE_ASN";
table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN";
table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION";
table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION";
table_name[TSG_OBJ_IP_SRC_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY";
table_name[TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY";
table_name[TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN";
table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_SERVER_FQDN_CAT";
table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP";
@@ -2405,7 +2363,8 @@ int maat_complie_plugin_table_init(int vsys_id, int compile_type_id)
const char *table_name=NULL;
const char *conjunction_table_name_map[] = {"SECURITY_COMPILE_CONJUNCTION", "PXY_CTRL_COMPILE_CONJUNCTION", "TRAFFIC_SHAPING_COMPILE_CONJUNCTION",
"SERVICE_CHAINING_COMPILE_CONJUNCTION", "PXY_INTERCEPT_COMPILE_CONJUNCTION","STATISTICS_COMPILE_CONJUNCTION", "MONITOR_COMPILE_CONJUNCTION"};
"SERVICE_CHAINING_COMPILE_CONJUNCTION", "PXY_INTERCEPT_COMPILE_CONJUNCTION","STATISTICS_COMPILE_CONJUNCTION",
"MONITOR_COMPILE_CONJUNCTION", "DOS_PROTECTION_COMPILE_CONJUNCTION"};
table_name = conjunction_table_name_map[compile_type_id];
table_id=g_policy_rt->compile_table_id[compile_type_id]=maat_get_table_id(g_policy_rt->feather[vsys_id], table_name);
@@ -2415,7 +2374,8 @@ int maat_complie_plugin_table_init(int vsys_id, int compile_type_id)
}
const char *plugin_table_name_map[] = {"SECURITY_COMPILE_PLUGIN", "PXY_CTRL_COMPILE_PLUGIN", "TRAFFIC_SHAPING_COMPILE_PLUGIN",
"SERVICE_CHAINING_COMPILE_PLUGIN", "PXY_INTERCEPT_COMPILE_PLUGIN", "STATISTICS_COMPILE_PLUGIN", "MONITOR_COMPILE_PLUGIN"};
"SERVICE_CHAINING_COMPILE_PLUGIN", "PXY_INTERCEPT_COMPILE_PLUGIN", "STATISTICS_COMPILE_PLUGIN",
"MONITOR_COMPILE_PLUGIN", "DOS_PROTECTION_COMPILE_PLUGIN"};
table_name = plugin_table_name_map[compile_type_id];
table_id = g_policy_rt->plugin_table_id[compile_type_id]=maat_get_table_id(g_policy_rt->feather[vsys_id], table_name);

11
platform/src/verify_policy.cpp
View File

@@ -76,6 +76,7 @@ int tsg_policy_type_str2idx(const char *action_str)
policy_name[PXY_TABLE_INTERCEPT] = "pxy_intercept";
policy_name[TSG_STATISTICS] = "statistics";
policy_name[TSG_MONITOR] = "monitor";
policy_name[DOS_PROTECTION] = "dos_protection";
policy_name[PXY_TABLE_DEFENCE] = "active_defence";
size_t i = 0;
@@ -128,8 +129,14 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p)
table_name[TSG_OBJ_GTP_IMEI]="ATTR_GTP_IMEI";
table_name[TSG_OBJ_IP_SRC_ASN]="ATTR_SOURCE_ASN";
table_name[TSG_OBJ_IP_DST_ASN]="ATTR_DESTINATION_ASN";
table_name[TSG_OBJ_IP_SRC_LOCATION]="ATTR_SOURCE_LOCATION";
table_name[TSG_OBJ_IP_DST_LOCATION]="ATTR_DESTINATION_LOCATION";
table_name[TSG_OBJ_IP_SRC_GEO_COUNTRY]="ATTR_SOURCE_GEO_COUNTRY";
table_name[TSG_OBJ_IP_SRC_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_SRC_GEO_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_SRC_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_COUNTRY]="ATTR_DESTINATION_GEO_COUNTRY";
table_name[TSG_OBJ_IP_DST_GEO_SUPER_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_IP_DST_GEO_SUB_ADMINISTRATIVE_AREA]="ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA";
table_name[TSG_OBJ_DST_SERVER_FQDN]="ATTR_SERVER_FQDN";
table_name[TSG_OBJ_DST_SERVER_FQDN_CAT]="ATTR_SERVER_FQDN_CAT";
table_name[TSG_OBJ_INTERNAL_ADDR]="ATTR_INTERNAL_IP";

282
resource/table_info.conf
View File

@@ -365,6 +365,58 @@
},
{
"table_id":28,
"table_name":"DOS_PROTECTION_COMPILE",
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":9,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":29,
"table_name":"DOS_PROTECTION_COMPILE_CONJUNCTION",
"db_tables":["DOS_PROTECTION_COMPILE"],
"default_compile_table":1,
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":9,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":30,
"table_name":"DOS_PROTECTION_COMPILE_PLUGIN",
"db_tables":["DOS_PROTECTION_COMPILE"],
"table_type":"plugin",
"valid_column":9,
"custom": {
"key":1,
"key_type":"integer",
"key_len": 8
}
},
{
"table_id":31,
"table_name":"GROUP_DOS_PROTECTION_COMPILE_RELATION",
"table_type":"group2compile",
"associated_compile_table_id":29,
"valid_column":6,
"custom": {
"group_id":1,
"compile_id":2,
"not_flag":3,
"virtual_table_name":4,
"clause_index":5
}
},
{
"table_id":32,
"table_name":"OBJECT_GROUP",
"table_type":"group2group",
"valid_column":4,
@@ -375,7 +427,7 @@
}
},
{
"table_id":29,
"table_id":33,
"table_name":"TSG_OBJ_IP",
"db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"],
"table_type":"ip",
@@ -391,7 +443,7 @@
}
},
{
"table_id":30,
"table_id":34,
"table_name":"TSG_OBJ_SUBSCRIBER_ID",
"table_type":"expr",
"valid_column":7,
@@ -405,7 +457,7 @@
}
},
{
"table_id":31,
"table_id":35,
"table_name":"TSG_OBJ_ACCOUNT",
"table_type":"expr",
"valid_column":7,
@@ -419,7 +471,7 @@
}
},
{
"table_id":32,
"table_id":36,
"table_name":"TSG_OBJ_URL",
"table_type":"expr",
"valid_column":7,
@@ -433,7 +485,7 @@
}
},
{
"table_id":33,
"table_id":37,
"table_name":"TSG_OBJ_FQDN",
"table_type":"expr",
"valid_column":7,
@@ -447,7 +499,7 @@
}
},
{
"table_id":34,
"table_id":38,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"interval",
"valid_column":5,
@@ -459,7 +511,7 @@
}
},
{
"table_id":35,
"table_id":39,
"table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr",
"valid_column":7,
@@ -473,7 +525,7 @@
}
},
{
"table_id":36,
"table_id":40,
"table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
@@ -488,189 +540,193 @@
}
},
{
"table_id":37,
"table_id":41,
"table_name":"ATTR_HTTP_URL",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":38,
"table_id":42,
"table_name":"ATTR_HTTP_REQ_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":39,
"table_id":43,
"table_name":"ATTR_HTTP_RES_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":40,
"table_id":44,
"table_name":"ATTR_HTTP_REQ_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":41,
"table_id":45,
"table_name":"ATTR_HTTP_RES_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":42,
"table_id":46,
"table_name":"ATTR_SSL_CN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":43,
"table_id":47,
"table_name":"ATTR_SSL_CN_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":44,
"table_id":48,
"table_name":"ATTR_SSL_SAN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":45,
"table_id":49,
"table_name":"ATTR_SSL_SAN_CAT",
"table_type":"virtual",
"physical_table":"TSG_OBJ_FQDN_CAT"
},
{
"table_id":46,
"table_id":50,
"table_name":"ATTR_DNS_QNAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":47,
"table_id":51,
"table_name":"ATTR_MAIL_ACCOUNT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":48,
"table_id":52,
"table_name":"ATTR_MAIL_FROM",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":49,
"table_id":53,
"table_name":"ATTR_MAIL_TO",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":50,
"table_id":54,
"table_name":"ATTR_MAIL_SUBJECT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":51,
"table_id":55,
"table_name":"ATTR_MAIL_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":52,
"table_id":56,
"table_name":"ATTR_MAIL_ATT_NAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":53,
"table_id":57,
"table_name":"ATTR_MAIL_ATT_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":54,
"table_id":58,
"table_name":"ATTR_FTP_URI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":55,
"table_id":59,
"table_name":"ATTR_FTP_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":56,
"table_id":60,
"table_name":"ATTR_FTP_ACCOUNT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":57,
"table_id":61,
"table_name":"ATTR_SOURCE_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":58,
"table_id":62,
"table_name":"ATTR_DESTINATION_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":59,
"table_id":63,
"table_name":"TSG_OBJ_IP_ASN_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":8,
"valid_column":9,
"custom": {
"item_id":1,
"group_id":2,
"ip_type":3,
"start_ip":4,
"end_ip":5
"addr_format":4,
"start_ip":5,
"end_ip":6
}
},
{
"table_id":60,
"table_id":64,
"table_name":"TSG_OBJ_IP_ASN_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":8,
"valid_column":9,
"custom": {
"item_id":1,
"group_id":2,
"ip_type":3,
"start_ip":4,
"end_ip":5
"addr_format":4,
"start_ip":5,
"end_ip":6
}
},
{
"table_id":61,
"table_id":65,
"table_name":"TSG_IP_LOCATION_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"valid_column":24,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5
"ip_type":7,
"start_ip":9,
"end_ip":10,
"addr_format":8
}
},
{
"table_id":62,
"table_id":66,
"table_name":"TSG_IP_LOCATION_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"valid_column":24,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5
"ip_type":7,
"start_ip":9,
"end_ip":10,
"addr_format":8
}
},
{
"table_id":63,
"table_id":67,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
@@ -684,19 +740,19 @@
}
},
{
"table_id":64,
"table_id":68,
"table_name":"ATTR_SOURCE_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":65,
"table_id":69,
"table_name":"ATTR_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":66,
"table_id":70,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
@@ -710,19 +766,55 @@
}
},
{
"table_id":67,
"table_name":"ATTR_SOURCE_LOCATION",
"table_id":71,
"table_name":"ATTR_SOURCE_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":68,
"table_name":"ATTR_DESTINATION_LOCATION",
"table_id":72,
"table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":69,
"table_id":73,
"table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":74,
"table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":75,
"table_name":"ATTR_DESTINATION_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":76,
"table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":77,
"table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":78,
"table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":79,
"table_name":"TSG_FQDN_CATEGORY_BUILT_IN",
"table_type":"fqdn_plugin",
"valid_column":6,
@@ -733,7 +825,7 @@
}
},
{
"table_id":70,
"table_id":80,
"table_name":"TSG_FQDN_CATEGORY_USER_DEFINED",
"table_type":"fqdn_plugin",
"valid_column":6,
@@ -744,19 +836,19 @@
}
},
{
"table_id":71,
"table_id":81,
"table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":72,
"table_id":82,
"table_name":"ATTR_SIP_RESPONDER_DESCRIPTION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":73,
"table_id":83,
"table_name":"TSG_OBJ_IMSI",
"table_type":"expr",
"valid_column":7,
@@ -770,7 +862,7 @@
}
},
{
"table_id":74,
"table_id":84,
"table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr",
"valid_column":7,
@@ -784,7 +876,7 @@
}
},
{
"table_id":75,
"table_id":85,
"table_name":"TSG_OBJ_APN",
"table_type":"expr",
"valid_column":7,
@@ -798,25 +890,25 @@
}
},
{
"table_id":76,
"table_id":86,
"table_name":"ATTR_GTP_IMSI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IMSI"
},
{
"table_id":77,
"table_id":87,
"table_name":"ATTR_GTP_PHONE_NUMBER",
"table_type":"virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER"
},
{
"table_id":78,
"table_id":88,
"table_name":"ATTR_GTP_APN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_APN"
},
{
"table_id":79,
"table_id":89,
"table_name":"TSG_TUNNEL_CATALOG",
"table_type":"bool_plugin",
"valid_column":6,
@@ -826,7 +918,7 @@
}
},
{
"table_id":80,
"table_id":90,
"table_name":"TSG_TUNNEL_ENDPOINT",
"table_type":"ip_plugin",
"valid_column":6,
@@ -838,7 +930,7 @@
}
},
{
"table_id":81,
"table_id":91,
"table_name":"TSG_TUNNEL_LABEL",
"table_type":"plugin",
"valid_column":4,
@@ -849,13 +941,13 @@
}
},
{
"table_id":82,
"table_id":92,
"table_name":"ATTR_TUNNEL",
"table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG"
},
{
"table_id":83,
"table_id":93,
"table_name":"TSG_OBJ_FLAG",
"table_type":"flag",
"valid_column":5,
@@ -867,19 +959,19 @@
}
},
{
"table_id":84,
"table_id":94,
"table_name":"ATTR_FLAG",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FLAG"
},
{
"table_id":85,
"table_id":95,
"table_name":"ATTR_DOH_QNAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":86,
"table_id":96,
"table_name":"TSG_OBJ_IMEI",
"table_type":"expr",
"valid_column":7,
@@ -893,13 +985,13 @@
}
},
{
"table_id":87,
"table_id":97,
"table_name":"ATTR_GTP_IMEI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IMEI"
},
{
"table_id":88,
"table_id":98,
"table_name": "APP_ID_DICT",
"table_type": "plugin",
"valid_column": 19,
@@ -910,43 +1002,43 @@
}
},
{
"table_id":89,
"table_id":99,
"table_name":"ATTR_SUBSCRIBER_ID",
"table_type":"virtual",
"physical_table": "TSG_OBJ_SUBSCRIBER_ID"
},
{
"table_id":90,
"table_id":100,
"table_name":"ATTR_APP_ID",
"table_type":"virtual",
"physical_table": "APP_ID_DICT"
},
{
"table_id":91,
"table_id":101,
"table_name": "ATTR_SERVER_FQDN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":92,
"table_id":102,
"table_name": "ATTR_SERVER_FQDN_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":93,
"table_id":103,
"table_name":"ATTR_INTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":94,
"table_id":104,
"table_name":"ATTR_EXTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":95,
"table_id":105,
"table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin",
"valid_column": 4,
@@ -957,7 +1049,7 @@
}
},
{
"table_id":96,
"table_id":106,
"table_name":"TSG_OBJ_PORT",
"table_type":"interval",
"valid_column":5,
@@ -969,67 +1061,67 @@
}
},
{
"table_id":97,
"table_id":107,
"table_name": "ATTR_SOURCE_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":98,
"table_id":108,
"table_name": "ATTR_DESTINATION_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":99,
"table_id":109,
"table_name": "ATTR_INTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":100,
"table_id":110,
"table_name": "ATTR_EXTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":101,
"table_id":111,
"table_name": "ATTR_IP_PROTOCOL",
"table_type": "virtual",
"physical_table": "TSG_IP_PROTOCOL"
},
{
"table_id":102,
"table_id":112,
"table_name": "ATTR_SSL_ECH",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":103,
"table_id":113,
"table_name": "ATTR_SSL_ESNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":104,
"table_id":114,
"table_name": "ATTR_SSL_NO_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":105,
"table_id":115,
"table_name":"ATTR_TUNNEL_LEVEL",
"table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG"
},
{
"table_id":106,
"table_id":116,
"table_name":"ATTR_INTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":107,
"table_id":117,
"table_name":"ATTR_EXTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"

241
resource/table_info_simple.conf
View File

@@ -365,6 +365,58 @@
},
{
"table_id":28,
"table_name":"DOS_PROTECTION_COMPILE",
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":9,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":29,
"table_name":"DOS_PROTECTION_COMPILE_CONJUNCTION",
"db_tables":["DOS_PROTECTION_COMPILE"],
"default_compile_table":1,
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":9,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":30,
"table_name":"DOS_PROTECTION_COMPILE_PLUGIN",
"db_tables":["DOS_PROTECTION_COMPILE"],
"table_type":"plugin",
"valid_column":9,
"custom": {
"key":1,
"key_type":"integer",
"key_len": 8
}
},
{
"table_id":31,
"table_name":"GROUP_DOS_PROTECTION_COMPILE_RELATION",
"table_type":"group2compile",
"associated_compile_table_id":29,
"valid_column":6,
"custom": {
"group_id":1,
"compile_id":2,
"not_flag":3,
"virtual_table_name":4,
"clause_index":5
}
},
{
"table_id":32,
"table_name":"OBJECT_GROUP",
"table_type":"group2group",
"valid_column":4,
@@ -375,7 +427,7 @@
}
},
{
"table_id":29,
"table_id":33,
"table_name":"TSG_OBJ_IP",
"db_tables":["TSG_OBJ_IP_ADDR","TSG_OBJ_IP_LEARNING_ADDR"],
"table_type":"ip",
@@ -391,7 +443,7 @@
}
},
{
"table_id":30,
"table_id":34,
"table_name":"TSG_OBJ_SUBSCRIBER_ID",
"table_type":"expr",
"valid_column":7,
@@ -405,7 +457,7 @@
}
},
{
"table_id":31,
"table_id":35,
"table_name":"TSG_OBJ_ACCOUNT",
"table_type":"expr",
"valid_column":7,
@@ -419,7 +471,7 @@
}
},
{
"table_id":32,
"table_id":36,
"table_name":"TSG_OBJ_URL",
"table_type":"expr",
"valid_column":7,
@@ -433,7 +485,7 @@
}
},
{
"table_id":33,
"table_id":37,
"table_name":"TSG_OBJ_FQDN",
"table_type":"expr",
"valid_column":7,
@@ -447,7 +499,7 @@
}
},
{
"table_id":34,
"table_id":38,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"interval",
"valid_column":5,
@@ -459,7 +511,7 @@
}
},
{
"table_id":35,
"table_id":39,
"table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr",
"valid_column":7,
@@ -473,7 +525,7 @@
}
},
{
"table_id":36,
"table_id":40,
"table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
@@ -488,139 +540,139 @@
}
},
{
"table_id":37,
"table_id":41,
"table_name":"ATTR_HTTP_URL",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":38,
"table_id":42,
"table_name":"ATTR_HTTP_REQ_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":39,
"table_id":43,
"table_name":"ATTR_HTTP_RES_HDR",
"table_type":"virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id":40,
"table_id":44,
"table_name":"ATTR_HTTP_REQ_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":41,
"table_id":45,
"table_name":"ATTR_HTTP_RES_BODY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":42,
"table_id":46,
"table_name":"ATTR_SSL_CN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":43,
"table_id":47,
"table_name":"ATTR_SSL_CN_CAT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":44,
"table_id":48,
"table_name":"ATTR_SSL_SAN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":45,
"table_id":49,
"table_name":"ATTR_SSL_SAN_CAT",
"table_type":"virtual",
"physical_table":"TSG_OBJ_FQDN_CAT"
},
{
"table_id":46,
"table_id":50,
"table_name":"ATTR_DNS_QNAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":47,
"table_id":51,
"table_name":"ATTR_MAIL_ACCOUNT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":48,
"table_id":52,
"table_name":"ATTR_MAIL_FROM",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":49,
"table_id":53,
"table_name":"ATTR_MAIL_TO",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":50,
"table_id":54,
"table_name":"ATTR_MAIL_SUBJECT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":51,
"table_id":55,
"table_name":"ATTR_MAIL_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":52,
"table_id":56,
"table_name":"ATTR_MAIL_ATT_NAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":53,
"table_id":57,
"table_name":"ATTR_MAIL_ATT_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":54,
"table_id":58,
"table_name":"ATTR_FTP_URI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id":55,
"table_id":59,
"table_name":"ATTR_FTP_CONTENT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id":56,
"table_id":60,
"table_name":"ATTR_FTP_ACCOUNT",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":57,
"table_id":61,
"table_name":"ATTR_SOURCE_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":58,
"table_id":62,
"table_name":"ATTR_DESTINATION_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":59,
"table_id":67,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
@@ -634,19 +686,19 @@
}
},
{
"table_id":64,
"table_id":68,
"table_name":"ATTR_SOURCE_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":65,
"table_id":69,
"table_name":"ATTR_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":66,
"table_id":70,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
@@ -660,31 +712,67 @@
}
},
{
"table_id":67,
"table_name":"ATTR_SOURCE_LOCATION",
"table_id":71,
"table_name":"ATTR_SOURCE_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":68,
"table_name":"ATTR_DESTINATION_LOCATION",
"table_id":72,
"table_name":"ATTR_SOURCE_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":69,
"table_id":73,
"table_name":"ATTR_SOURCE_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":74,
"table_name":"ATTR_SOURCE_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":75,
"table_name":"ATTR_DESTINATION_GEO_COUNTRY",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":76,
"table_name":"ATTR_DESTINATION_GEO_SUPER_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":77,
"table_name":"ATTR_DESTINATION_GEO_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":78,
"table_name":"ATTR_DESTINATION_GEO_SUB_ADMINISTRATIVE_AREA",
"table_type":"virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id":81,
"table_name":"ATTR_SIP_ORIGINATOR_DESCRIPTION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":72,
"table_id":82,
"table_name":"ATTR_SIP_RESPONDER_DESCRIPTION",
"table_type":"virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id":73,
"table_id":83,
"table_name":"TSG_OBJ_IMSI",
"table_type":"expr",
"valid_column":7,
@@ -698,7 +786,7 @@
}
},
{
"table_id":74,
"table_id":84,
"table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr",
"valid_column":7,
@@ -712,7 +800,7 @@
}
},
{
"table_id":75,
"table_id":85,
"table_name":"TSG_OBJ_APN",
"table_type":"expr",
"valid_column":7,
@@ -726,25 +814,25 @@
}
},
{
"table_id":76,
"table_id":86,
"table_name":"ATTR_GTP_IMSI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IMSI"
},
{
"table_id":77,
"table_id":87,
"table_name":"ATTR_GTP_PHONE_NUMBER",
"table_type":"virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER"
},
{
"table_id":78,
"table_id":88,
"table_name":"ATTR_GTP_APN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_APN"
},
{
"table_id":79,
"table_id":89,
"table_name":"TSG_TUNNEL_CATALOG",
"table_type":"bool_plugin",
"valid_column":6,
@@ -754,7 +842,7 @@
}
},
{
"table_id":80,
"table_id":90,
"table_name":"TSG_TUNNEL_ENDPOINT",
"table_type":"ip_plugin",
"valid_column":6,
@@ -762,12 +850,11 @@
"item_id":1,
"ip_type":2,
"start_ip":3,
"end_ip":4,
"addr_format":7
"end_ip":4
}
},
{
"table_id":81,
"table_id":91,
"table_name":"TSG_TUNNEL_LABEL",
"table_type":"plugin",
"valid_column":4,
@@ -778,13 +865,13 @@
}
},
{
"table_id":82,
"table_id":92,
"table_name":"ATTR_TUNNEL",
"table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG"
},
{
"table_id":83,
"table_id":93,
"table_name":"TSG_OBJ_FLAG",
"table_type":"flag",
"valid_column":5,
@@ -796,19 +883,19 @@
}
},
{
"table_id":84,
"table_id":94,
"table_name":"ATTR_FLAG",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FLAG"
},
{
"table_id":85,
"table_id":95,
"table_name":"ATTR_DOH_QNAME",
"table_type":"virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":86,
"table_id":96,
"table_name":"TSG_OBJ_IMEI",
"table_type":"expr",
"valid_column":7,
@@ -822,13 +909,13 @@
}
},
{
"table_id":87,
"table_id":97,
"table_name":"ATTR_GTP_IMEI",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IMEI"
},
{
"table_id":88,
"table_id":98,
"table_name": "APP_ID_DICT",
"table_type": "plugin",
"valid_column": 19,
@@ -839,43 +926,43 @@
}
},
{
"table_id":89,
"table_id":99,
"table_name":"ATTR_SUBSCRIBER_ID",
"table_type":"virtual",
"physical_table": "TSG_OBJ_SUBSCRIBER_ID"
},
{
"table_id":90,
"table_id":100,
"table_name":"ATTR_APP_ID",
"table_type":"virtual",
"physical_table": "APP_ID_DICT"
},
{
"table_id":91,
"table_id":101,
"table_name": "ATTR_SERVER_FQDN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":92,
"table_id":102,
"table_name": "ATTR_SERVER_FQDN_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id":93,
"table_id":103,
"table_name":"ATTR_INTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":94,
"table_id":104,
"table_name":"ATTR_EXTERNAL_IP",
"table_type":"virtual",
"physical_table": "TSG_OBJ_IP"
},
{
"table_id":95,
"table_id":105,
"table_name": "TSG_IP_PROTOCOL",
"table_type": "plugin",
"valid_column": 4,
@@ -886,7 +973,7 @@
}
},
{
"table_id":96,
"table_id":106,
"table_name":"TSG_OBJ_PORT",
"table_type":"interval",
"valid_column":5,
@@ -898,67 +985,67 @@
}
},
{
"table_id":97,
"table_id":107,
"table_name": "ATTR_SOURCE_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":98,
"table_id":108,
"table_name": "ATTR_DESTINATION_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":99,
"table_id":109,
"table_name": "ATTR_INTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":100,
"table_id":110,
"table_name": "ATTR_EXTERNAL_PORT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PORT"
},
{
"table_id":101,
"table_id":111,
"table_name": "ATTR_IP_PROTOCOL",
"table_type": "virtual",
"physical_table": "TSG_IP_PROTOCOL"
},
{
"table_id":102,
"table_id":112,
"table_name": "ATTR_SSL_ECH",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":103,
"table_id":113,
"table_name": "ATTR_SSL_ESNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":104,
"table_id":114,
"table_name": "ATTR_SSL_NO_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id":105,
"table_id":115,
"table_name":"ATTR_TUNNEL_LEVEL",
"table_type":"virtual",
"physical_table": "TSG_TUNNEL_CATALOG"
},
{
"table_id":106,
"table_id":116,
"table_name":"ATTR_INTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id":107,
"table_id":117,
"table_name":"ATTR_EXTERNAL_ASN",
"table_type":"virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"