From 8821b5327a699f470aa8f3466490ddae0da368d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B4=94=E4=B8=80=E9=B8=A3?= <cuiyiming@iie.ac.cn>
Date: Tue, 7 Jan 2020 22:27:49 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0tsg=E6=80=BB=E6=8E=A7?=
 =?UTF-8?q?=E4=B8=AD=E5=A4=B4=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ci/travis.sh                     | 14 +++---
 entry/CMakeLists.txt             |  2 +-
 entry/include/tsg/tsg_rule.h     | 82 ++++++++++++++++++++++++++++++++
 entry/include/tsg/tsg_send_log.h | 39 +++++++++++++++
 entry/include/tsg_rule.h         | 82 ++++++++++++++++++++++++++++++++
 vendor/CMakeLists.txt            |  9 +++-
 6 files changed, 219 insertions(+), 9 deletions(-)
 create mode 100644 entry/include/tsg/tsg_rule.h
 create mode 100644 entry/include/tsg/tsg_send_log.h
 create mode 100644 entry/include/tsg_rule.h

diff --git a/ci/travis.sh b/ci/travis.sh
index 214f69c..bb97f52 100644
--- a/ci/travis.sh
+++ b/ci/travis.sh
@@ -46,12 +46,12 @@ make
 
 if [ -n "${PACKAGE}" ]; then
 	make package
-	cp ~/rpm_upload_tools.py ./
-	python3 rpm_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.rpm
+	#cp ~/rpm_upload_tools.py ./
+	#python3 rpm_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.rpm
 fi
 
-if [ -n "${UPLOAD_SYMBOL_FILES}" ]; then
-  rpm -i kni*debuginfo*.rpm
-  cp /usr/lib/debug/opt/tsg/kni/bin/kni.debug /tmp/kni.debuginfo.${CI_COMMIT_SHORT_SHA}
-  sentry-cli upload-dif -t elf /tmp/kni.debuginfo.${CI_COMMIT_SHORT_SHA}
-fi
+#if [ -n "${UPLOAD_SYMBOL_FILES}" ]; then
+  #rpm -i kni*debuginfo*.rpm
+  #cp /usr/lib/debug/opt/tsg/kni/bin/kni.debug /tmp/kni.debuginfo.${CI_COMMIT_SHORT_SHA}
+  #sentry-cli upload-dif -t elf /tmp/kni.debuginfo.${CI_COMMIT_SHORT_SHA}
+#fi
diff --git a/entry/CMakeLists.txt b/entry/CMakeLists.txt
index 25b75be..0d1790a 100644
--- a/entry/CMakeLists.txt
+++ b/entry/CMakeLists.txt
@@ -1,3 +1,3 @@
 add_library(kni SHARED src/kni_entry.cpp src/tfe_mgr.cpp src/kni_tun.cpp)
 target_include_directories(kni PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
-target_link_libraries(kni common MESA_prof_load MESA_htable MESA_field_stat maatframe marsio dabloom)
\ No newline at end of file
+target_link_libraries(kni common MESA_prof_load MESA_htable MESA_field_stat maatframe mrzcpd dabloom)
\ No newline at end of file
diff --git a/entry/include/tsg/tsg_rule.h b/entry/include/tsg/tsg_rule.h
new file mode 100644
index 0000000..37a6cbf
--- /dev/null
+++ b/entry/include/tsg/tsg_rule.h
@@ -0,0 +1,82 @@
+#ifndef	__TSG_RULE_H__
+#define	__TSG_RULE_H__
+
+#include <MESA/Maat_rule.h>
+
+#define	TSG_ACTION_NONE			0x00
+#define	TSG_ACTION_MONITOR		0x01
+#define	TSG_ACTION_INTERCEPT	0x02
+#define	TSG_ACTION_DENY			0x10
+#define	TSG_ACTION_MANIPULATE	0x30
+#define	TSG_ACTION_BYPASS		0x80
+#define	TSG_ACTION_MAX			0x80
+
+enum TSG_ETHOD_TYPE
+{
+	TSG_METHOD_TYPE_UNKNOWN=0,
+	TSG_METHOD_TYPE_DROP,
+	TSG_METHOD_TYPE_REDIRECTION,
+	TSG_METHOD_TYPE_BLOCK,
+	TSG_METHOD_TYPE_RESET,
+	TSG_METHOD_TYPE_MAX
+};
+
+
+typedef enum _tsg_protocol
+{
+   PROTO_UNKONWN=0,
+   PROTO_IPv4=1,
+   PROTO_IPv6,
+   PROTO_TCP,
+   PROTO_UDP,
+   PROTO_HTTP,
+   PROTO_MAIL,
+   PROTO_DNS,
+   PROTO_FTP,
+   PROTO_SSL,
+   PROTO_SIP,
+   PROTO_BGP,
+   PROTO_STREAMING_MEDIA,
+   PROTO_MAX
+}tsg_protocol_t;
+
+
+#define	MAX_RESULT_NUM	8
+#define	MAX_DOAMIN_LEN	2048
+
+struct _identify_info
+{
+	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
+	int domain_len;
+	char domain[MAX_DOAMIN_LEN];
+};
+
+typedef	enum _PULL_RESULT_TYPE
+{
+	PULL_KNI_RESULT,
+	PULL_FW_RESULT
+}PULL_RESULT_TYPE;
+
+#define TSG_DOMAIN_MAX 	256
+
+extern Maat_feather_t g_tsg_maat_feather;
+
+int tsg_rule_init(const char *conffile, void *logger);
+
+int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
+
+//return 0 if failed, return >0 on success;
+int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
+
+//return -1 if failed, return 0 on success;
+int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
+
+//return value: -1: failed, 0: not hit, >0: hit count 
+int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
+
+//return NULL if none exists, otherwise return one deny rule;
+struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
+
+int tsg_get_method_id(char *method);
+
+#endif
diff --git a/entry/include/tsg/tsg_send_log.h b/entry/include/tsg/tsg_send_log.h
new file mode 100644
index 0000000..3223f36
--- /dev/null
+++ b/entry/include/tsg/tsg_send_log.h
@@ -0,0 +1,39 @@
+#ifndef	__TSG_SEND_LOG_H__
+#define	__TSG_SEND_LOG_H__
+
+#include <MESA/Maat_rule.h>
+
+
+typedef	struct _tsg_log
+{
+	int result_num;
+	Maat_rule_t *result;
+	struct streaminfo *a_stream;
+}tsg_log_t;
+
+typedef enum _tld_type
+{
+	TLD_TYPE_UNKNOWN=0,
+	TLD_TYPE_LONG=1,
+	TLD_TYPE_STRING,
+	TLD_TYPE_FILE,
+	TLD_TYPE_MAX
+}TLD_TYPE;
+
+
+struct TLD_handle_t;
+struct tsg_log_instance_t;
+
+extern struct tsg_log_instance_t *g_tsg_log_instance;
+
+struct TLD_handle_t *TLD_create(int thread_id);
+int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type);
+int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream);
+int TLD_cancel(struct TLD_handle_t *handle);
+
+int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id);
+
+unsigned long long tsg_get_stream_id(struct streaminfo *a_stream);
+
+
+#endif
diff --git a/entry/include/tsg_rule.h b/entry/include/tsg_rule.h
new file mode 100644
index 0000000..37a6cbf
--- /dev/null
+++ b/entry/include/tsg_rule.h
@@ -0,0 +1,82 @@
+#ifndef	__TSG_RULE_H__
+#define	__TSG_RULE_H__
+
+#include <MESA/Maat_rule.h>
+
+#define	TSG_ACTION_NONE			0x00
+#define	TSG_ACTION_MONITOR		0x01
+#define	TSG_ACTION_INTERCEPT	0x02
+#define	TSG_ACTION_DENY			0x10
+#define	TSG_ACTION_MANIPULATE	0x30
+#define	TSG_ACTION_BYPASS		0x80
+#define	TSG_ACTION_MAX			0x80
+
+enum TSG_ETHOD_TYPE
+{
+	TSG_METHOD_TYPE_UNKNOWN=0,
+	TSG_METHOD_TYPE_DROP,
+	TSG_METHOD_TYPE_REDIRECTION,
+	TSG_METHOD_TYPE_BLOCK,
+	TSG_METHOD_TYPE_RESET,
+	TSG_METHOD_TYPE_MAX
+};
+
+
+typedef enum _tsg_protocol
+{
+   PROTO_UNKONWN=0,
+   PROTO_IPv4=1,
+   PROTO_IPv6,
+   PROTO_TCP,
+   PROTO_UDP,
+   PROTO_HTTP,
+   PROTO_MAIL,
+   PROTO_DNS,
+   PROTO_FTP,
+   PROTO_SSL,
+   PROTO_SIP,
+   PROTO_BGP,
+   PROTO_STREAMING_MEDIA,
+   PROTO_MAX
+}tsg_protocol_t;
+
+
+#define	MAX_RESULT_NUM	8
+#define	MAX_DOAMIN_LEN	2048
+
+struct _identify_info
+{
+	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
+	int domain_len;
+	char domain[MAX_DOAMIN_LEN];
+};
+
+typedef	enum _PULL_RESULT_TYPE
+{
+	PULL_KNI_RESULT,
+	PULL_FW_RESULT
+}PULL_RESULT_TYPE;
+
+#define TSG_DOMAIN_MAX 	256
+
+extern Maat_feather_t g_tsg_maat_feather;
+
+int tsg_rule_init(const char *conffile, void *logger);
+
+int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
+
+//return 0 if failed, return >0 on success;
+int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
+
+//return -1 if failed, return 0 on success;
+int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
+
+//return value: -1: failed, 0: not hit, >0: hit count 
+int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
+
+//return NULL if none exists, otherwise return one deny rule;
+struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
+
+int tsg_get_method_id(char *method);
+
+#endif
diff --git a/vendor/CMakeLists.txt b/vendor/CMakeLists.txt
index 589d25c..13d52cd 100644
--- a/vendor/CMakeLists.txt
+++ b/vendor/CMakeLists.txt
@@ -57,6 +57,8 @@ set_property(TARGET dabloom PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR
 ### MESA Framework
 set(MESA_FRAMEWORK_LIB_DIR /opt/MESA/lib)
 set(MESA_FRAMEWORK_INCLUDE_DIR /opt/MESA/include)
+set(MRZCPD_LIB_DIR /opt/mrzcpd/lib)
+set(MRZCPD_INCLUDE_DIR /opt/mrzcpd/include)
 
 add_library(MESA_handle_logger SHARED IMPORTED GLOBAL)
 set_property(TARGET MESA_handle_logger PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_handle_logger.so)
@@ -84,4 +86,9 @@ set_property(TARGET MESA_field_stat PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MES
 
 add_library(rdkafka SHARED IMPORTED GLOBAL)
 set_property(TARGET rdkafka PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/librdkafka.so)
-set_property(TARGET rdkafka PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
\ No newline at end of file
+set_property(TARGET rdkafka PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
+
+add_library(mrzcpd SHARED IMPORTED GLOBAL)
+set_property(TARGET mrzcpd PROPERTY IMPORTED_LOCATION ${MRZCPD_LIB_DIR}/libmarsio.so)
+set_property(TARGET mrzcpd PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MRZCPD_INCLUDE_DIR})
+