fix: Rule-Set中不解析DNS
feat: RULE-SET支持no-resolve
This commit is contained in:
parent
b5623602f5
commit
8b09db5f7f
6 changed files with 18 additions and 21 deletions
|
@ -117,13 +117,13 @@ func (sd *SnifferDispatcher) sniffDomain(conn *CN.BufferedConn, metadata *C.Meta
|
||||||
|
|
||||||
host, err := sniffer.SniffTCP(bytes)
|
host, err := sniffer.SniffTCP(bytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
|
//log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = netip.ParseAddr(host)
|
_, err = netip.ParseAddr(host)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
|
//log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -102,7 +102,8 @@ func parseRule(tp, payload string, params []string) (C.Rule, error) {
|
||||||
case "PROCESS-PATH":
|
case "PROCESS-PATH":
|
||||||
parsed, parseErr = RC.NewProcess(payload, "", false)
|
parsed, parseErr = RC.NewProcess(payload, "", false)
|
||||||
case "RULE-SET":
|
case "RULE-SET":
|
||||||
parsed, parseErr = provider.NewRuleSet(payload, "")
|
noResolve := RC.HasNoResolve(params)
|
||||||
|
parsed, parseErr = provider.NewRuleSet(payload, "", noResolve)
|
||||||
case "NOT":
|
case "NOT":
|
||||||
parsed, parseErr = NewNOT(payload, "")
|
parsed, parseErr = NewNOT(payload, "")
|
||||||
case "AND":
|
case "AND":
|
||||||
|
|
|
@ -50,7 +50,8 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
|
||||||
case "NOT":
|
case "NOT":
|
||||||
parsed, parseErr = logic.NewNOT(payload, target)
|
parsed, parseErr = logic.NewNOT(payload, target)
|
||||||
case "RULE-SET":
|
case "RULE-SET":
|
||||||
parsed, parseErr = RP.NewRuleSet(payload, target)
|
noResolve := RC.HasNoResolve(params)
|
||||||
|
parsed, parseErr = RP.NewRuleSet(payload, target, noResolve)
|
||||||
case "MATCH":
|
case "MATCH":
|
||||||
parsed = RC.NewMatch(target)
|
parsed = RC.NewMatch(target)
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -30,26 +30,20 @@ func (c *classicalStrategy) ShouldResolveIP() bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *classicalStrategy) OnUpdate(rules []string) {
|
func (c *classicalStrategy) OnUpdate(rules []string) {
|
||||||
var classicalRules []C.Rule
|
|
||||||
shouldResolveIP := false
|
|
||||||
count := 0
|
|
||||||
for _, rawRule := range rules {
|
for _, rawRule := range rules {
|
||||||
ruleType, rule, params := ruleParse(rawRule)
|
ruleType, rule, params := ruleParse(rawRule)
|
||||||
r, err := parseRule(ruleType, rule, "", params)
|
r, err := parseRule(ruleType, rule, "", params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warnln("parse rule error:[%s]", err.Error())
|
log.Warnln("parse rule error:[%s]", err.Error())
|
||||||
} else {
|
} else {
|
||||||
if !shouldResolveIP {
|
if !c.shouldResolveIP {
|
||||||
shouldResolveIP = shouldResolveIP || r.ShouldResolveIP()
|
c.shouldResolveIP = r.ShouldResolveIP()
|
||||||
}
|
}
|
||||||
|
|
||||||
classicalRules = append(classicalRules, r)
|
c.rules = append(c.rules, r)
|
||||||
count++
|
c.count++
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
c.rules = classicalRules
|
|
||||||
c.count = count
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClassicalStrategy() *classicalStrategy {
|
func NewClassicalStrategy() *classicalStrategy {
|
||||||
|
|
|
@ -8,9 +8,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type domainStrategy struct {
|
type domainStrategy struct {
|
||||||
shouldResolveIP bool
|
count int
|
||||||
count int
|
domainRules *trie.DomainTrie[bool]
|
||||||
domainRules *trie.DomainTrie[bool]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *domainStrategy) Match(metadata *C.Metadata) bool {
|
func (d *domainStrategy) Match(metadata *C.Metadata) bool {
|
||||||
|
@ -22,7 +21,7 @@ func (d *domainStrategy) Count() int {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *domainStrategy) ShouldResolveIP() bool {
|
func (d *domainStrategy) ShouldResolveIP() bool {
|
||||||
return d.shouldResolveIP
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *domainStrategy) OnUpdate(rules []string) {
|
func (d *domainStrategy) OnUpdate(rules []string) {
|
||||||
|
@ -55,5 +54,5 @@ func ruleParse(ruleRaw string) (string, string, []string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewDomainStrategy() *domainStrategy {
|
func NewDomainStrategy() *domainStrategy {
|
||||||
return &domainStrategy{shouldResolveIP: false}
|
return &domainStrategy{}
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@ type RuleSet struct {
|
||||||
ruleProviderName string
|
ruleProviderName string
|
||||||
adapter string
|
adapter string
|
||||||
ruleProvider P.RuleProvider
|
ruleProvider P.RuleProvider
|
||||||
|
noResolveIP bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (rs *RuleSet) ShouldFindProcess() bool {
|
func (rs *RuleSet) ShouldFindProcess() bool {
|
||||||
|
@ -35,7 +36,7 @@ func (rs *RuleSet) Payload() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (rs *RuleSet) ShouldResolveIP() bool {
|
func (rs *RuleSet) ShouldResolveIP() bool {
|
||||||
return rs.getProviders().ShouldResolveIP()
|
return !rs.noResolveIP && rs.getProviders().ShouldResolveIP()
|
||||||
}
|
}
|
||||||
func (rs *RuleSet) getProviders() P.RuleProvider {
|
func (rs *RuleSet) getProviders() P.RuleProvider {
|
||||||
if rs.ruleProvider == nil {
|
if rs.ruleProvider == nil {
|
||||||
|
@ -46,7 +47,7 @@ func (rs *RuleSet) getProviders() P.RuleProvider {
|
||||||
return rs.ruleProvider
|
return rs.ruleProvider
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewRuleSet(ruleProviderName string, adapter string) (*RuleSet, error) {
|
func NewRuleSet(ruleProviderName string, adapter string, noResolveIP bool) (*RuleSet, error) {
|
||||||
rp, ok := RuleProviders()[ruleProviderName]
|
rp, ok := RuleProviders()[ruleProviderName]
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("rule set %s not found", ruleProviderName)
|
return nil, fmt.Errorf("rule set %s not found", ruleProviderName)
|
||||||
|
@ -56,5 +57,6 @@ func NewRuleSet(ruleProviderName string, adapter string) (*RuleSet, error) {
|
||||||
ruleProviderName: ruleProviderName,
|
ruleProviderName: ruleProviderName,
|
||||||
adapter: adapter,
|
adapter: adapter,
|
||||||
ruleProvider: rp,
|
ruleProvider: rp,
|
||||||
|
noResolveIP: noResolveIP,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue