1、删除tsg 相关头文件 2、增加cmsg 相关日志
This commit is contained in:
fumingwei
@@ -34,7 +34,7 @@ env | sort
|
||||
: "${COMPILER_IS_GNUCXX:=OFF}"
|
||||
|
||||
# Install dependency from YUM
|
||||
yum install -y mrzcpd numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel libmaatframe-devel
|
||||
yum install -y mrzcpd numactl-devel zlib-devel librdkafka-devel systemd-devel libMESA_handle_logger-devel libMESA_htable-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel libmaatframe-devel tsg_master-devel
|
||||
mkdir build || true
|
||||
cd build
|
||||
|
||||
|
||||
@@ -78,6 +78,8 @@ enum tfe_cmsg_tlv_type
|
||||
KNI_CMSG_TLV_NR_MAX,
|
||||
};
|
||||
|
||||
extern const char * tfe_cmsg_tlv_type_to_string[KNI_CMSG_TLV_NR_MAX];
|
||||
|
||||
struct kni_cmsg* kni_cmsg_init();
|
||||
void kni_cmsg_destroy(struct kni_cmsg *cmsg);
|
||||
int kni_cmsg_get(struct kni_cmsg *cmsg, uint16_t type, uint16_t *size, unsigned char **pvalue);
|
||||
@@ -85,3 +87,5 @@ int kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned char *valu
|
||||
uint16_t kni_cmsg_serialize_size_get(struct kni_cmsg *cmsg);
|
||||
int kni_cmsg_serialize(struct kni_cmsg *cmsg, unsigned char *buff, uint16_t bufflen, uint16_t *serialize_len);
|
||||
int kni_cmsg_deserialize(const unsigned char *data, uint16_t len, struct kni_cmsg** pcmsg);
|
||||
|
||||
void tfe_cmsg_enum_to_string();
|
||||
@@ -1,6 +1,8 @@
|
||||
#include "kni_utils.h"
|
||||
#include "kni_cmsg.h"
|
||||
|
||||
const char * tfe_cmsg_tlv_type_to_string[KNI_CMSG_TLV_NR_MAX];
|
||||
|
||||
struct kni_cmsg_tlv
|
||||
{
|
||||
uint16_t type;
|
||||
@@ -185,3 +187,64 @@ error_out:
|
||||
kni_cmsg_destroy(cmsg);
|
||||
return KNI_CMSG_INVALID_FORMAT;
|
||||
}
|
||||
|
||||
|
||||
|
||||
void tfe_cmsg_enum_to_string()
|
||||
{
|
||||
memset(tfe_cmsg_tlv_type_to_string, 0 ,sizeof(tfe_cmsg_tlv_type_to_string));
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_SEQ] = "TFE_CMSG_TCP_RESTORE_SEQ";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_ACK] = "TFE_CMSG_TCP_RESTORE_ACK";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_MSS_CLIENT] = "TFE_CMSG_TCP_RESTORE_MSS_CLIENT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_MSS_SERVER] = "TFE_CMSG_TCP_RESTORE_MSS_SERVER";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT] = "TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WSACLE_SERVER] = "TFE_CMSG_TCP_RESTORE_WSACLE_SERVER";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_SACK_CLIENT] = "TFE_CMSG_TCP_RESTORE_SACK_CLIENT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_SACK_SERVER] = "TFE_CMSG_TCP_RESTORE_SACK_SERVER";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_TS_CLIENT] = "TFE_CMSG_TCP_RESTORE_TS_CLIENT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_TS_SERVER] = "TFE_CMSG_TCP_RESTORE_TS_SERVER";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_PROTOCOL] = "TFE_CMSG_TCP_RESTORE_PROTOCOL";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT] = "TFE_CMSG_TCP_RESTORE_WINDOW_CLIENT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_WINDOW_SERVER] = "TFE_CMSG_TCP_RESTORE_WINDOW_SERVER";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR] = "TFE_CMSG_TCP_RESTORE_INFO_PACKET_CUR_DIR";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_POLICY_ID] = "TFE_CMSG_POLICY_ID";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_STREAM_TRACE_ID] = "TFE_CMSG_STREAM_TRACE_ID";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_INTERCEPT_STATE] = "TFE_CMSG_SSL_INTERCEPT_STATE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_UPSTREAM_LATENCY] = "TFE_CMSG_SSL_UPSTREAM_LATENCY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_DOWNSTREAM_LATENCY] = "TFE_CMSG_SSL_DOWNSTREAM_LATENCY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_UPSTREAM_VERSION] = "TFE_CMSG_SSL_UPSTREAM_VERSION";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_DOWNSTREAM_VERSION] = "TFE_CMSG_SSL_DOWNSTREAM_VERSION";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_PINNING_STATE] = "TFE_CMSG_SSL_PINNING_STATE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_CERT_VERIFY] = "TFE_CMSG_SSL_CERT_VERIFY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SSL_ERROR] = "TFE_CMSG_SSL_ERROR";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_MAC] = "TFE_CMSG_SRC_MAC";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_MAC] = "TFE_CMSG_DST_MAC";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_NODELAY] = "TFE_CMSG_DOWNSTREAM_TCP_NODELAY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_TTL] = "TFE_CMSG_DOWNSTREAM_TCP_TTL";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPALIVE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPCNT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPIDLE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL] = "TFE_CMSG_DOWNSTREAM_TCP_KEEPINTVL";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT] = "TFE_CMSG_DOWNSTREAM_TCP_USER_TIMEOUT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_NODELAY] = "TFE_CMSG_UPSTREAM_TCP_NODELAY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_TTL] = "TFE_CMSG_UPSTREAM_TCP_TTL";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPALIVE] = "TFE_CMSG_UPSTREAM_TCP_KEEPALIVE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPCNT] = "TFE_CMSG_UPSTREAM_TCP_KEEPCNT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPIDLE] = "TFE_CMSG_UPSTREAM_TCP_KEEPIDLE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_KEEPINTVL] = "TFE_CMSG_UPSTREAM_TCP_KEEPINTVL";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT] = "TFE_CMSG_UPSTREAM_TCP_USER_TIMEOUT";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_TCP_PASSTHROUGH] = "TFE_CMSG_TCP_PASSTHROUGH";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_SUB_ID] = "TFE_CMSG_SRC_SUB_ID";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_SUB_ID] = "TFE_CMSG_DST_SUB_ID";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_ASN] = "TFE_CMSG_SRC_ASN";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_ASN] = "TFE_CMSG_DST_ASN";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_ORGANIZATION] = "TFE_CMSG_SRC_ORGANIZATION";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_ORGANIZATION] = "TFE_CMSG_DST_ORGANIZATION";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_IP_LOCATION_COUNTRY] = "TFE_CMSG_SRC_IP_LOCATION_COUNTRY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_IP_LOCATION_COUNTRY] = "TFE_CMSG_DST_IP_LOCATION_COUNTRY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_IP_LOCATION_PROVINE] = "TFE_CMSG_SRC_IP_LOCATION_PROVINE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_IP_LOCATION_PROVINE] = "TFE_CMSG_DST_IP_LOCATION_PROVINE";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_SRC_IP_LOCATION_CITY] = "TFE_CMSG_SRC_IP_LOCATION_CITY";
|
||||
tfe_cmsg_tlv_type_to_string[TFE_CMSG_DST_IP_LOCATION_CITY] = "TFE_CMSG_DST_IP_LOCATION_CITY";
|
||||
}
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@
|
||||
|
||||
#include "tsg/tsg_rule.h"
|
||||
#include "kni_utils.h"
|
||||
#include "tsg/tsg_statistic.h"
|
||||
#include <tsg/tsg_statistic.h>
|
||||
#include "tfe_mgr.h"
|
||||
#include "tsg/tsg_label.h"
|
||||
#include <tsg/tsg_label.h>
|
||||
|
||||
#define BURST_MAX 1
|
||||
#define CALLER_SAPP 0
|
||||
|
||||
@@ -1,60 +0,0 @@
|
||||
#ifndef __TSG_LABEL_H__
|
||||
#define __TSG_LABEL_H__
|
||||
|
||||
#include "tsg_rule.h"
|
||||
#define MAX_STR_FIELD_LEN 64
|
||||
|
||||
|
||||
struct _asn_info_t
|
||||
{
|
||||
int ref_cnt;
|
||||
int addr_type;
|
||||
int table_id;
|
||||
char start_ip[MAX_STR_FIELD_LEN];
|
||||
char end_ip[MAX_STR_FIELD_LEN];
|
||||
char asn[MAX_STR_FIELD_LEN];
|
||||
char organization[MAX_STR_FIELD_LEN*4];
|
||||
};
|
||||
|
||||
struct _location_info_t
|
||||
{
|
||||
int geoname_id;
|
||||
int table_id;
|
||||
int ref_cnt;
|
||||
int addr_type;
|
||||
double latitude;
|
||||
double longitude;
|
||||
double coords;
|
||||
char start_ip[MAX_STR_FIELD_LEN];
|
||||
char end_ip[MAX_STR_FIELD_LEN];
|
||||
char language[MAX_STR_FIELD_LEN];
|
||||
char continent_abbr[MAX_STR_FIELD_LEN*4];
|
||||
char continent_full[MAX_STR_FIELD_LEN*4];
|
||||
char country_abbr[MAX_STR_FIELD_LEN*4];
|
||||
char country_full[MAX_STR_FIELD_LEN*4];
|
||||
char province_abbr[MAX_STR_FIELD_LEN*4];
|
||||
char province_full[MAX_STR_FIELD_LEN*4];
|
||||
char city_full[MAX_STR_FIELD_LEN*4];
|
||||
char time_zone[MAX_STR_FIELD_LEN*4];
|
||||
};
|
||||
|
||||
struct _subscribe_id_info_t
|
||||
{
|
||||
int ref_cnt;
|
||||
int table_id;
|
||||
char subscribe_id[MAX_STR_FIELD_LEN*4];
|
||||
};
|
||||
|
||||
struct _session_attribute_label_t
|
||||
{
|
||||
tsg_protocol_t proto;
|
||||
long establish_latency_ms;
|
||||
struct _asn_info_t *client_asn;
|
||||
struct _asn_info_t *server_asn;
|
||||
struct _location_info_t *client_location;
|
||||
struct _location_info_t *server_location;
|
||||
struct _subscribe_id_info_t *client_subscribe_id;
|
||||
struct _subscribe_id_info_t *server_subscribe_id;
|
||||
};
|
||||
|
||||
#endif
|
||||
@@ -1,83 +0,0 @@
|
||||
#ifndef __TSG_RULE_H__
|
||||
#define __TSG_RULE_H__
|
||||
|
||||
#include <MESA/Maat_rule.h>
|
||||
|
||||
#define TSG_ACTION_NONE 0x00
|
||||
#define TSG_ACTION_MONITOR 0x01
|
||||
#define TSG_ACTION_INTERCEPT 0x02
|
||||
#define TSG_ACTION_DENY 0x10
|
||||
#define TSG_ACTION_MANIPULATE 0x30
|
||||
#define TSG_ACTION_BYPASS 0x80
|
||||
#define TSG_ACTION_MAX 0x80
|
||||
|
||||
enum TSG_ETHOD_TYPE
|
||||
{
|
||||
TSG_METHOD_TYPE_UNKNOWN=0,
|
||||
TSG_METHOD_TYPE_DROP,
|
||||
TSG_METHOD_TYPE_REDIRECTION,
|
||||
TSG_METHOD_TYPE_BLOCK,
|
||||
TSG_METHOD_TYPE_RESET,
|
||||
TSG_METHOD_TYPE_MAX
|
||||
};
|
||||
|
||||
|
||||
typedef enum _tsg_protocol
|
||||
{
|
||||
PROTO_UNKONWN=0,
|
||||
PROTO_IPv4=1,
|
||||
PROTO_IPv6,
|
||||
PROTO_TCP,
|
||||
PROTO_UDP,
|
||||
PROTO_HTTP,
|
||||
PROTO_MAIL,
|
||||
PROTO_DNS,
|
||||
PROTO_FTP,
|
||||
PROTO_SSL,
|
||||
PROTO_SIP,
|
||||
PROTO_BGP,
|
||||
PROTO_STREAMING_MEDIA,
|
||||
PROTO_SSH,
|
||||
PROTO_MAX
|
||||
}tsg_protocol_t;
|
||||
|
||||
|
||||
#define MAX_RESULT_NUM 8
|
||||
#define MAX_DOAMIN_LEN 2048
|
||||
|
||||
struct _identify_info
|
||||
{
|
||||
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
|
||||
int domain_len;
|
||||
char domain[MAX_DOAMIN_LEN];
|
||||
};
|
||||
|
||||
typedef enum _PULL_RESULT_TYPE
|
||||
{
|
||||
PULL_KNI_RESULT,
|
||||
PULL_FW_RESULT
|
||||
}PULL_RESULT_TYPE;
|
||||
|
||||
#define TSG_DOMAIN_MAX 256
|
||||
|
||||
extern Maat_feather_t g_tsg_maat_feather;
|
||||
|
||||
int tsg_rule_init(const char *conffile, void *logger);
|
||||
|
||||
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
|
||||
|
||||
//return 0 if failed, return >0 on success;
|
||||
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
|
||||
|
||||
//return -1 if failed, return 0 on success;
|
||||
int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
|
||||
|
||||
//return value: -1: failed, 0: not hit, >0: hit count
|
||||
int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
|
||||
|
||||
//return NULL if none exists, otherwise return one deny rule;
|
||||
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
|
||||
|
||||
int tsg_get_method_id(char *method);
|
||||
|
||||
#endif
|
||||
@@ -1,39 +0,0 @@
|
||||
#ifndef __TSG_SEND_LOG_H__
|
||||
#define __TSG_SEND_LOG_H__
|
||||
|
||||
#include <MESA/Maat_rule.h>
|
||||
|
||||
|
||||
typedef struct _tsg_log
|
||||
{
|
||||
int result_num;
|
||||
Maat_rule_t *result;
|
||||
struct streaminfo *a_stream;
|
||||
}tsg_log_t;
|
||||
|
||||
typedef enum _tld_type
|
||||
{
|
||||
TLD_TYPE_UNKNOWN=0,
|
||||
TLD_TYPE_LONG=1,
|
||||
TLD_TYPE_STRING,
|
||||
TLD_TYPE_FILE,
|
||||
TLD_TYPE_MAX
|
||||
}TLD_TYPE;
|
||||
|
||||
|
||||
struct TLD_handle_t;
|
||||
struct tsg_log_instance_t;
|
||||
|
||||
extern struct tsg_log_instance_t *g_tsg_log_instance;
|
||||
|
||||
struct TLD_handle_t *TLD_create(int thread_id);
|
||||
int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type);
|
||||
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream);
|
||||
int TLD_cancel(struct TLD_handle_t *handle);
|
||||
|
||||
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id);
|
||||
|
||||
unsigned long long tsg_get_stream_id(struct streaminfo *a_stream);
|
||||
|
||||
|
||||
#endif
|
||||
@@ -1,27 +0,0 @@
|
||||
#ifndef __TSG_STATISTIC_H__
|
||||
#define __TSG_STATISTIC_H__
|
||||
|
||||
enum _STATISTIC_OPT_TYPE
|
||||
{
|
||||
OPT_TYPE_ALERT_BYTES,
|
||||
OPT_TYPE_BLOCK_BYTES,
|
||||
OPT_TYPE_PINNING_YES,
|
||||
OPT_TYPE_PINNING_MAYBE,
|
||||
OPT_TYPE_PINNING_NOT,
|
||||
_OPT_TYPE_MAX
|
||||
};
|
||||
|
||||
struct _traffic_info
|
||||
{
|
||||
long long con_num;
|
||||
long long in_bytes;
|
||||
long long out_bytes;
|
||||
long long in_packets;
|
||||
long long out_packets;
|
||||
};
|
||||
|
||||
int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq);
|
||||
int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq);
|
||||
int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq);
|
||||
|
||||
#endif
|
||||
@@ -1,83 +0,0 @@
|
||||
#ifndef __TSG_RULE_H__
|
||||
#define __TSG_RULE_H__
|
||||
|
||||
#include <MESA/Maat_rule.h>
|
||||
|
||||
#define TSG_ACTION_NONE 0x00
|
||||
#define TSG_ACTION_MONITOR 0x01
|
||||
#define TSG_ACTION_INTERCEPT 0x02
|
||||
#define TSG_ACTION_DENY 0x10
|
||||
#define TSG_ACTION_MANIPULATE 0x30
|
||||
#define TSG_ACTION_BYPASS 0x80
|
||||
#define TSG_ACTION_MAX 0x80
|
||||
|
||||
enum TSG_ETHOD_TYPE
|
||||
{
|
||||
TSG_METHOD_TYPE_UNKNOWN=0,
|
||||
TSG_METHOD_TYPE_DROP,
|
||||
TSG_METHOD_TYPE_REDIRECTION,
|
||||
TSG_METHOD_TYPE_BLOCK,
|
||||
TSG_METHOD_TYPE_RESET,
|
||||
TSG_METHOD_TYPE_MAX
|
||||
};
|
||||
|
||||
|
||||
typedef enum _tsg_protocol
|
||||
{
|
||||
PROTO_UNKONWN=0,
|
||||
PROTO_IPv4=1,
|
||||
PROTO_IPv6,
|
||||
PROTO_TCP,
|
||||
PROTO_UDP,
|
||||
PROTO_HTTP,
|
||||
PROTO_MAIL,
|
||||
PROTO_DNS,
|
||||
PROTO_FTP,
|
||||
PROTO_SSL,
|
||||
PROTO_SIP,
|
||||
PROTO_BGP,
|
||||
PROTO_STREAMING_MEDIA,
|
||||
PROTO_SSH,
|
||||
PROTO_MAX
|
||||
}tsg_protocol_t;
|
||||
|
||||
|
||||
#define MAX_RESULT_NUM 8
|
||||
#define MAX_DOAMIN_LEN 2048
|
||||
|
||||
struct _identify_info
|
||||
{
|
||||
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
|
||||
int domain_len;
|
||||
char domain[MAX_DOAMIN_LEN];
|
||||
};
|
||||
|
||||
typedef enum _PULL_RESULT_TYPE
|
||||
{
|
||||
PULL_KNI_RESULT,
|
||||
PULL_FW_RESULT
|
||||
}PULL_RESULT_TYPE;
|
||||
|
||||
#define TSG_DOMAIN_MAX 256
|
||||
|
||||
extern Maat_feather_t g_tsg_maat_feather;
|
||||
|
||||
int tsg_rule_init(const char *conffile, void *logger);
|
||||
|
||||
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
|
||||
|
||||
//return 0 if failed, return >0 on success;
|
||||
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
|
||||
|
||||
//return -1 if failed, return 0 on success;
|
||||
int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
|
||||
|
||||
//return value: -1: failed, 0: not hit, >0: hit count
|
||||
int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
|
||||
|
||||
//return NULL if none exists, otherwise return one deny rule;
|
||||
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
|
||||
|
||||
int tsg_get_method_id(char *method);
|
||||
|
||||
#endif
|
||||
@@ -17,8 +17,8 @@ bypass: drome: pme_new_fail: destroy_pme
|
||||
#include <signal.h>
|
||||
#include <inttypes.h>
|
||||
#include "tfe_mgr.h"
|
||||
#include "tsg/tsg_rule.h"
|
||||
#include "tsg/tsg_send_log.h"
|
||||
#include <tsg/tsg_rule.h>
|
||||
#include <tsg/tsg_send_log.h>
|
||||
#include "ssl_utils.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -29,7 +29,7 @@ extern "C" {
|
||||
}
|
||||
#endif
|
||||
#include "kni_tun.h"
|
||||
#include "tsg/tsg_statistic.h"
|
||||
#include <tsg/tsg_statistic.h>
|
||||
#include <MESA/stream_inc/stream_control.h>
|
||||
#include "kni_entry.h"
|
||||
#include "kni_pxy_tcp_option.h"
|
||||
@@ -258,6 +258,11 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed set cmsg, type = %d, stream traceid = %s, stream addr = %s", type, pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
}
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "Successd to set cmsg, type = %d/%s, stream traceid = %s, stream addr = %s", type,tfe_cmsg_tlv_type_to_string[type], pmeinfo->stream_traceid, pmeinfo->stream_addr);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -296,7 +301,7 @@ static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pm
|
||||
|
||||
if(session_attribute_label->server_asn == NULL)
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
@@ -486,6 +491,7 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
if(ret < 0) goto error_out;
|
||||
|
||||
bufflen = kni_cmsg_serialize_size_get(cmsg);
|
||||
KNI_LOG_DEBUG(logger, "Successd set cmsg size:%d, stream traceid = %s", bufflen, pmeinfo->stream_traceid);
|
||||
buff = (unsigned char*)ALLOC(char, bufflen);
|
||||
serialize_len = 0;
|
||||
ret = kni_cmsg_serialize(cmsg, buff, bufflen, &serialize_len);
|
||||
@@ -508,9 +514,11 @@ error_out:
|
||||
|
||||
static char* add_cmsg_to_packet(struct pme_info *pmeinfo, struct streaminfo *stream, struct pkt_info *pktinfo, int *len){
|
||||
//tcp option: kind 88, len 4, control_info_len
|
||||
void * logger = g_kni_handle->local_logger;
|
||||
char *new_pkt = (char*)ALLOC(struct wrapped_packet, 1);
|
||||
int offset = 0;
|
||||
//iphdr
|
||||
KNI_LOG_ERROR(logger, "Kni add cmsg to packet malloc buffer size:%d",sizeof(struct wrapped_packet));
|
||||
if(pmeinfo->addr_type == ADDR_TYPE_IPV6){
|
||||
memcpy(new_pkt, (void*)pktinfo->iphdr.v6, pktinfo->iphdr_len);
|
||||
}
|
||||
@@ -539,10 +547,12 @@ static char* add_cmsg_to_packet(struct pme_info *pmeinfo, struct streaminfo *str
|
||||
uint16_t header_len = 0;
|
||||
unsigned char* header = kni_cmsg_serialize_header_new(pmeinfo, stream, pktinfo, &header_len);
|
||||
if(header == NULL){
|
||||
KNI_LOG_ERROR(logger, "Kni add cmsg to packet: serialize_header failed");
|
||||
goto error_out;
|
||||
}
|
||||
memcpy(new_pkt + offset, (void*)header, header_len);
|
||||
offset += header_len;
|
||||
KNI_LOG_DEBUG(logger, "Kni add cmsg to packet:offset=%d,header_len=%d, tcp_data_len=%d",offset,header_len,pktinfo->data_len);
|
||||
FREE(&header);
|
||||
//ipv6
|
||||
if(pmeinfo->addr_type == ADDR_TYPE_IPV6){
|
||||
@@ -2511,7 +2521,7 @@ extern "C" int kni_init(){
|
||||
MESA_htable_handle sslinfo2bypass_htable = NULL;
|
||||
struct tfe_mgr *_tfe_mgr = NULL;
|
||||
char label_buff[MAX_STRING_LEN*4]={0};
|
||||
|
||||
tfe_cmsg_enum_to_string();
|
||||
int ret = MESA_load_profile_string_nodef(profile, section, "log_path", log_path, sizeof(log_path));
|
||||
if(ret < 0){
|
||||
printf("MESA_prof_load: log_path not set, profile = %s, section = %s", profile, section);
|
||||
|
||||
Reference in New Issue
Block a user