diff --git a/common/include/verify_policy.h b/common/include/verify_policy.h index c7625d8..c3c0421 100644 --- a/common/include/verify_policy.h +++ b/common/include/verify_policy.h @@ -11,7 +11,7 @@ #include #include "verify_policy_utils.h" -enum policy_type +enum tsg_policy_type { PXY_TABLE_SECURITY, PXY_TABLE_MANIPULATION, @@ -106,8 +106,9 @@ extern struct verify_proxy * g_verify_proxy; void * pangu_http_ctx_new(unsigned int thread_id); +void pangu_http_ctx_free(void * pme); -void http_scan(const char * value, enum policy_type type, int protocol_field, void *pme, cJSON *data_obj, struct ipaddr *ip_addr); +void http_scan(const char *value, enum tsg_policy_type policy_type, int protocol_field, struct ipaddr *ip_addr, cJSON *data_obj, void *pme); int security_policy_init(struct verify_proxy * verify, const char* profile_path); diff --git a/conf/verify_policy.conf b/conf/verify_policy.conf index 4e7d913..142f0f9 100644 --- a/conf/verify_policy.conf +++ b/conf/verify_policy.conf @@ -12,12 +12,13 @@ thread-nu = 4 # 0:json 1: redis 2: iris maat_input_mode=1 table_info=./resource/table_info.conf +table_info_tsg=./resource/tsg_static_tableinfo.conf json_cfg_file=./resource/pangu_http.json stat_file=logs/verify-policy.status full_cfg_dir=verify-policy/ inc_cfg_dir=verify-policy/ -maat_redis_server=192.168.40.120 +maat_redis_server=192.168.40.131 maat_redis_port_range=7002 maat_redis_db_index=0 effect_interval_s=1 diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index 589b6d7..8b001cf 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -30,31 +30,22 @@ struct verify_proxy * g_verify_proxy = NULL; -struct keyword_obj +struct policy_table_obj { int protocol_field; - char *content_type; - char *content; - char *protocol_field_name; + + char *keyword; + char *keyword_scope; struct ipaddr *ip_addr; - int addr_type; - int protocol; - char *clientIp1; - unsigned int clientPort1; - char *serverIp1; - unsigned int serverPort1; - char *subscriberid; }; -struct verify_policy_query +struct policy_query_list { - int c_num; - enum policy_type type; - char *policy_type_name; - struct keyword_obj keywords[32]; + enum tsg_policy_type type; + struct policy_table_obj table_obj[32]; }; /* VERSION STRING */ @@ -87,7 +78,7 @@ static int verify_policy_init(struct verify_proxy * verify, const char *profile) return xret; } -enum policy_type policy_type_str2idx(const char *action_str) +enum tsg_policy_type tsg_policy_type_str2idx(const char *action_str) { const char * policy_name[__SCAN_POLICY_MAX]; policy_name[PXY_TABLE_SECURITY] = "tsg_security"; @@ -101,10 +92,11 @@ enum policy_type policy_type_str2idx(const char *action_str) if (0 == strcasecmp(action_str, policy_name[i])) break; } - return (enum policy_type)i; + mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] policyType= %s", action_str); + return (enum tsg_policy_type)i; } -int field_type_str2idx(enum policy_type type, const char *action_str) +int protoco_field_type_str2idx(enum tsg_policy_type type, const char *action_str, char *buff, char *p) { const char * table_name[__SECURITY_TABLE_MAX] ={0}; @@ -158,45 +150,11 @@ int field_type_str2idx(enum policy_type type, const char *action_str) if (0 == strcasecmp(action_str, table_name[i])) break; } + p += snprintf(p, sizeof(buff) - (p - buff), "protocolField=%s,%d",action_str, (int)i); return i; } -void verify_policy_query(struct verify_policy_query *policy_query, int thread_id, cJSON *data_obj) -{ - int i = 0; - char buff[VERIFY_STRING_MAX], *p = NULL;; - - void *ctx = pangu_http_ctx_new(thread_id); - - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Query policy table is %s", policy_query->policy_type_name); - for (i = 0; i < policy_query->c_num; i++) - { - p = buff; - if(0 == strcasecmp(policy_query->keywords[i].content_type, "ip")) - { - http_scan(policy_query->keywords[i].content, policy_query->type, PXY_CTRL_IP, ctx, data_obj, policy_query->keywords[i].ip_addr); - } - else if(0 == strcasecmp(policy_query->keywords[i].content_type, "subscriberid")) - { - p += snprintf(p, sizeof(buff) - (p - buff), "contentType=%s, subscriberid=%s", policy_query->keywords[i].content_type, - policy_query->keywords[i].subscriberid); - http_scan(policy_query->keywords[i].content, policy_query->type, PXY_CTRL_SUBSCRIBE_ID, ctx, data_obj, NULL); - }else - { - p += snprintf(p, sizeof(buff) - (p - buff), "contentType=%s, protocolField=%s content=%s", policy_query->keywords[i].content_type, - policy_query->keywords[i].protocol_field_name, policy_query->keywords[i].content); - http_scan(policy_query->keywords[i].content, policy_query->type, policy_query->keywords[i].protocol_field, ctx, data_obj, NULL); - } - *p = '\0'; - mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%s", buff); - } - - FREE(&ctx); - - return; -} - struct ipaddr *ip_to_stream_addr(char *clientIp1, unsigned int clientPort1, char *serverIp1, unsigned int serverPort1, int addr_type) { struct ipaddr *ip_addr = ALLOC(struct ipaddr, 1); @@ -220,12 +178,16 @@ struct ipaddr *ip_to_stream_addr(char *clientIp1, unsigned int clientPort1, char v6_addr->dest=htons(serverPort1); ip_addr->v6=v6_addr; } + mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] contentType = ip, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type = %d", + clientIp1, clientPort1, serverIp1, serverPort1, addr_type); + return ip_addr; } cJSON *get_query_from_request(const char *data, int thread_id) { - int c_num = 0, i = 0; + int i = 0; + char buff[VERIFY_STRING_MAX], *p = NULL;; cJSON* data_json = cJSON_Parse(data); if(data_json == NULL) @@ -233,7 +195,6 @@ cJSON *get_query_from_request(const char *data, int thread_id) mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "invalid policy parameter"); return NULL; } - cJSON *policy_obj=NULL, *data_obj=NULL; policy_obj=cJSON_CreateObject(); @@ -248,97 +209,90 @@ cJSON *get_query_from_request(const char *data, int thread_id) item = cJSON_GetObjectItem(data_json,"verifyList"); if(item && item->type==cJSON_Array) { - c_num=cJSON_GetArraySize(item); for (subitem = item->child; subitem != NULL; subitem = subitem->next) { - struct verify_policy_query *query_ctx = ALLOC(struct verify_policy_query, 1); + struct policy_query_list *query_list = ALLOC(struct policy_query_list, 1); item = cJSON_GetObjectItem(subitem,"policyType"); if(item && item->type==cJSON_String) { - query_ctx->type = policy_type_str2idx(item->valuestring); - query_ctx->policy_type_name = item->valuestring; + query_list->type = tsg_policy_type_str2idx(item->valuestring); } item = cJSON_GetObjectItem(subitem,"verifyConditions"); if(item && item->type==cJSON_Array) { - query_ctx->c_num=c_num=cJSON_GetArraySize(item); + void *ctx = pangu_http_ctx_new(thread_id); + for (subchild = item->child; subchild != NULL; subchild = subchild->next) { + p = buff; item = cJSON_GetObjectItem(subchild, "contentType"); if(item && item->type==cJSON_String) { - query_ctx->keywords[i].content_type = item->valuestring; + query_list->table_obj[i].keyword_scope = item->valuestring; + p += snprintf(p, sizeof(buff) - (p - buff), "contentType = %s",query_list->table_obj[i].keyword_scope); } - if(0 == strcasecmp(query_ctx->keywords[i].content_type, "subscriberid")) + if(0 == strcasecmp(query_list->table_obj[i].keyword_scope, "subscriberid")) { item = cJSON_GetObjectItem(subchild,"subscriberid"); if(item && item->type==cJSON_String) { - query_ctx->keywords[i].subscriberid = item->valuestring; + query_list->table_obj[i].subscriberid = item->valuestring; + p += snprintf(p, sizeof(buff) - (p - buff), "subscriberid = %s",query_list->table_obj[i].subscriberid); } + http_scan(query_list->table_obj[i].keyword, query_list->type, EV_HTTP_SUBSCRIBE_ID, NULL, data_obj, ctx); + i++; continue; } - if(0 == strcasecmp(query_ctx->keywords[i].content_type, "ip")) + if(0 == strcasecmp(query_list->table_obj[i].keyword_scope, "ip")) { int addr_type=0, protocol=0; char *clientIp1=NULL,*serverIp1=NULL; unsigned int clientPort1=0,serverPort1=0; - item = cJSON_GetObjectItem(subchild,"clientIp"); - if(item && item->type==cJSON_String) - { - clientIp1 = item->valuestring; - } - item = cJSON_GetObjectItem(subchild,"serverIp"); - if(item && item->type==cJSON_String) - { - serverIp1 = (item->valuestring); - } - item = cJSON_GetObjectItem(subchild,"clientPort"); - if(item && item->type==cJSON_String) - { - clientPort1 =atoi(item->valuestring); - } - item = cJSON_GetObjectItem(subchild,"serverPort"); - if(item && item->type==cJSON_String) - { - serverPort1 =atoi(item->valuestring); - } - item = cJSON_GetObjectItem(subchild,"protocol"); - if(item && item->type==cJSON_Number) - { - protocol = item->valueint; - } - item=cJSON_GetObjectItem(subchild,"addrType"); - if(item && item->type==cJSON_Number) - { - addr_type = item->valueint; - } - query_ctx->keywords[i].ip_addr = ip_to_stream_addr(clientIp1, clientPort1, serverIp1, serverPort1, addr_type); + item = cJSON_GetObjectItem(subchild,"clientIp"); + if(item && item->type==cJSON_String) clientIp1 = item->valuestring; + item = cJSON_GetObjectItem(subchild,"serverIp"); + if(item && item->type==cJSON_String) serverIp1 = (item->valuestring); + item = cJSON_GetObjectItem(subchild,"clientPort"); + if(item && item->type==cJSON_String) clientPort1 =atoi(item->valuestring); + item = cJSON_GetObjectItem(subchild,"serverPort"); + if(item && item->type==cJSON_String) serverPort1 =atoi(item->valuestring); + item = cJSON_GetObjectItem(subchild,"protocol"); + if(item && item->type==cJSON_Number) protocol = item->valueint; + item=cJSON_GetObjectItem(subchild,"addrType"); + if(item && item->type==cJSON_Number) addr_type = item->valueint; + query_list->table_obj[i].ip_addr = ip_to_stream_addr(clientIp1, clientPort1, serverIp1, serverPort1, addr_type); + + http_scan(NULL, query_list->type, PXY_CTRL_IP, query_list->table_obj[i].ip_addr, data_obj, ctx); + i++; continue; } item = cJSON_GetObjectItem(subchild, "protocolField"); if(item && item->type==cJSON_String) { - query_ctx->keywords[i].protocol_field = field_type_str2idx(query_ctx->type, item->valuestring); - query_ctx->keywords[i].protocol_field_name = item->valuestring; + query_list->table_obj[i].protocol_field = protoco_field_type_str2idx(query_list->type, item->valuestring, buff, p); } item = cJSON_GetObjectItem(subchild, "content"); if(item && item->type==cJSON_String) { - query_ctx->keywords[i].content = item->valuestring; + query_list->table_obj[i].keyword = item->valuestring; + p += snprintf(p, sizeof(buff) - (p - buff), " content = %s",query_list->table_obj[i].keyword); } + mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[I] %s", buff); + + http_scan(query_list->table_obj[i].keyword, query_list->type, query_list->table_obj[i].protocol_field, NULL, data_obj, ctx); + i++; + memset(buff, 0, VERIFY_STRING_MAX); } + pangu_http_ctx_free(ctx); } - verify_policy_query(query_ctx, thread_id, data_obj); - i=0; - FREE(&query_ctx); + FREE(&query_list); } } cJSON_Delete(data_json); @@ -396,27 +350,12 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg) } policy_payload = cJSON_PrintUnformatted(policy_obj); - printf("%s\n", policy_payload); + mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[O] %s", policy_payload); evhttp_socket_send(evh_req, policy_payload); cJSON_Delete(policy_obj); free(policy_payload); - #if 0 - if (policy_query == NULL) - { - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Data parsing failed."); - goto error; - } - - policy_payload = verify_policy_scan(policy_query, thread_ctx->id); - if (policy_payload) - { - mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%s", policy_payload); - evhttp_socket_send(evh_req, policy_payload); - free(policy_payload); - } - #endif goto finish; error: diff --git a/resource/pangu_http.json b/resource/pangu_http.json new file mode 100644 index 0000000..742ab75 --- /dev/null +++ b/resource/pangu_http.json @@ -0,0 +1,323 @@ +{ + "compile_table": "PXY_CTRL_COMPILE", + "group_table": "PXY_CTRL_GROUP", + "rules": [ + { + "compile_id": 1021, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.rbc.ru", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1022, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "bing.com", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1023, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":102}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "pc.wps.cn", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1024, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "edu.csdn.net/course/detail/6998", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1025, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.wireshark.org/download/win32/WiresharkPortable_2.6.8.paf.exe", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1026, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.downcc.com/ajax.asp", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1027, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":202}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "dldir1.qq.com/foxmail/windows/FoxmailSetup_7.2.10.151.exe", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1028, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":302}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "mirror.hoster.kz/centos", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1029, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"after-page-load\"}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "100wa.com/music", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1030, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.youku.com", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1031, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)q=([^&|^#]*)(?=&|$)\",\"replace_with\":\"q=find\"},{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)ei=([^&|^#]*)(?=&|$)\",\"replace_with\":\"ei=chaxun\"}]}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.google.com/search?", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } + ], + "plugin_table": [ + { + "table_name": "PXY_PROFILE_RESPONSE_PAGES", + "table_content": [ + "101\t404\thtml\t./resource/pangu/policy_file/404.html\t1", + "102\tHTTP403\ttemplate\t./resource/pangu/HTTP403.html\t1" + ] + }, + { + "table_name": "PXY_PROFILE_HIJACK_FILES", + "table_content": [ + "201\tchakanqi\tchakanqi-947KB.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/chakanqi-947KB.exe\t1", + "202\tWPS8648\tWPS8648-132M.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/WPS8648-132M.exe\t1" + ] + }, + { + "table_name": "PXY_PROFILE_INSERT_SCRIPTS", + "table_content": [ + "301\ttime\tjs\t./resource/pangu/policy_file/time.js\tbefore_page_load\t1", + "302\tu1\tcss\t./resource/pangu/policy_file/u1.css\tbefore_page_load\t1", + "303\tu1\tjs\t./resource/pangu/policy_file/alert.js\tbefore_page_load\t1" + ] + }, + { + "table_name": "TSG_SECURITY_COMPILE", + "table_content": [ + "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", + "1\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" + ] + } + ] +} diff --git a/resource/table_info.conf b/resource/table_info.conf index 04e70e8..fb5b282 100644 --- a/resource/table_info.conf +++ b/resource/table_info.conf @@ -15,35 +15,18 @@ # #For expr/expr_plus Table #id name type src_charset dst_charset do_merge cross_cache quick_mode -0 PXY_CTRL_COMPILE compile escape -- -1 GROUP_COMPILE_RELATION group -- -2 TSG_OBJ_IP_ADDR ip_plus --- -3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff -4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- -5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff -5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff -6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- -7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff -8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- -9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- -10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff -11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- -12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- -13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon -14 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- -15 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- -16 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- -17 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- -18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 -19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- -20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- -21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- -22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- -23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- -24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- -25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- -26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- -27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- -28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- - - +0 PXY_CTRL_COMPILE compile escape -- +1 GROUP_COMPILE_RELATION group -- +2 TSG_OBJ_IP_ADDR ip_plus --- +3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff +4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- +5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff +5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff +6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- +7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff +8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff +11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- +12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- +13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon diff --git a/resource/tsg_static_tableinfo.conf b/resource/tsg_static_tableinfo.conf new file mode 100644 index 0000000..549f9a0 --- /dev/null +++ b/resource/tsg_static_tableinfo.conf @@ -0,0 +1,42 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 TSG_SECURITY_COMPILE compile escape -- +1 GROUP_COMPILE_RELATION group UTF8 UTF8 no 0 +2 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0 +3 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 +4 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 +5 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0 +6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 +6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0 +7 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK yes 0 +8 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0 +9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 +10 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- +11 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- +12 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +13 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +14 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- +15 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- +16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- +17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- +18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- +19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- +20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- +22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- +23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- +24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- +25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- +26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- +27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- +28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- +29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +30 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} -- diff --git a/scan/src/pangu_http.cpp b/scan/src/pangu_http.cpp index 908aba5..a34e1ab 100644 --- a/scan/src/pangu_http.cpp +++ b/scan/src/pangu_http.cpp @@ -74,6 +74,21 @@ void * pangu_http_ctx_new(unsigned int thread_id) return (void *)ctx; } +void pangu_http_ctx_free(void * pme) +{ + struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme; + + FREE(&ctx->enforce_rules); + Maat_clean_status(&(ctx->scan_mid)); + ctx->scan_mid = NULL; + + if(ctx->sp) + { + Maat_stream_scan_string_end(&(ctx->sp)); + } + FREE(&ctx); +} + static int pangu_action_weight[__PG_ACTION_MAX] = {0}; void __pangu_action_weight_init() __attribute__((constructor, used)); void __pangu_action_weight_init() @@ -218,18 +233,16 @@ char *web_json_table_add(void *pme) return policy_payload; } -void http_scan(const char * value, enum policy_type type, int protocol_field, void *pme, cJSON *data_obj, struct ipaddr *ip_addr) +void http_scan(const char *value, enum tsg_policy_type policy_type, int protocol_field, struct ipaddr *ip_addr, cJSON *data_obj, void *pme) { int scan_ret = 0, table_id = 0; - struct Maat_rule_t result[MAX_SCAN_RESULT]; - char buff[VERIFY_STRING_MAX], * p = NULL; size_t hit_cnt = 0, i = 0; struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme; if (protocol_field == PXY_CTRL_IP) { - scan_ret = Maat_scan_proto_addr(g_pangu_rt->maat[type], g_pangu_rt->scan_table_id[type][protocol_field], ip_addr, 0, + scan_ret = Maat_scan_proto_addr(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_IP], ip_addr, 0, ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), ctx->thread_id); if (scan_ret > 0) { @@ -240,13 +253,13 @@ void http_scan(const char * value, enum policy_type type, int protocol_field, vo if ((protocol_field == PXY_CTRL_HTTP_REQ_HDR) || (protocol_field == PXY_CTRL_HTTP_RES_HDR)) { - table_id = (protocol_field == PXY_CTRL_HTTP_REQ_HDR) ? g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_RES_HDR]; + table_id = (protocol_field == PXY_CTRL_HTTP_REQ_HDR) ? g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_RES_HDR]; const char * str_field_name = NULL; - scan_ret = Maat_set_scan_status(g_pangu_rt->maat[type], &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT, + scan_ret = Maat_set_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT, str_field_name, strlen(str_field_name)); assert(scan_ret == 0); - scan_ret = Maat_full_scan_string(g_pangu_rt->maat[type], table_id, + scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], table_id, CHARSET_UTF8, value, strlen(value), ctx->result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id); if (scan_ret > 0) @@ -259,8 +272,8 @@ void http_scan(const char * value, enum policy_type type, int protocol_field, vo if ((protocol_field == PXY_CTRL_HTTP_REQ_BODY) || protocol_field == PXY_CTRL_HTTP_RES_BODY) { assert(ctx->sp == NULL); - table_id = protocol_field == PXY_CTRL_HTTP_REQ_BODY ? g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_REQ_BODY] : g_pangu_rt->scan_table_id[type][PXY_CTRL_HTTP_RES_BODY]; - ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat[type], table_id, ctx->thread_id); + table_id = protocol_field == PXY_CTRL_HTTP_REQ_BODY ? g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_REQ_BODY] : g_pangu_rt->scan_table_id[policy_type][PXY_CTRL_HTTP_RES_BODY]; + ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat[policy_type], table_id, ctx->thread_id); scan_ret = Maat_stream_scan_string(&(ctx->sp), CHARSET_UTF8, (const char *) value, (int) strlen(value), ctx->result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid)); if (scan_ret > 0) @@ -272,7 +285,7 @@ void http_scan(const char * value, enum policy_type type, int protocol_field, vo goto decide; } - scan_ret = Maat_full_scan_string(g_pangu_rt->maat[type], g_pangu_rt->scan_table_id[type][protocol_field], + scan_ret = Maat_full_scan_string(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][protocol_field], CHARSET_UTF8, value, strlen(value), ctx->result+hit_cnt, NULL, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), ctx->thread_id); @@ -456,6 +469,7 @@ int pangu_policy_init(struct verify_proxy * verify, const char* profile_path) g_pangu_rt->thread_num = verify->nr_work_threads; g_pangu_rt->local_logger = verify->logger; +#if 1 g_pangu_rt->maat[PXY_TABLE_MANIPULATION] = create_maat_feather("static", profile_path, "MAAT", "table_info", g_pangu_rt->thread_num, g_pangu_rt->local_logger); if (!g_pangu_rt->maat[PXY_TABLE_MANIPULATION]) { @@ -502,6 +516,7 @@ int pangu_policy_init(struct verify_proxy * verify, const char* profile_path) mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Pangu HTTP Dynamic Maat TSG_DYN_SUBSCRIBER_IP EX data register failed."); goto error_out; } +#endif ret = 0; error_out: return ret;