TSG-2846: 增加 kni 对共享tsg_master 扫描maat 结果给tfe的支持
This commit is contained in:
fumingwei
@@ -261,6 +261,96 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
||||
{
|
||||
struct _session_attribute_label_t *session_attribute_label = pmeinfo->session_attribute_label;
|
||||
int ret = 0;
|
||||
char empty_arr[MAX_STR_FIELD_LEN] = {0};
|
||||
do {
|
||||
if(session_attribute_label->client_subscribe_id == NULL)
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
else
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_SUB_ID, (const unsigned char*)session_attribute_label->client_subscribe_id->subscribe_id, strlen(session_attribute_label->client_subscribe_id->subscribe_id), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
if(session_attribute_label->server_subscribe_id == NULL)
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
else
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_SUB_ID, (const unsigned char*)session_attribute_label->server_subscribe_id->subscribe_id, strlen(session_attribute_label->server_subscribe_id->subscribe_id), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
|
||||
if(session_attribute_label->client_asn == NULL)
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)session_attribute_label->client_asn->asn, strlen(session_attribute_label->client_asn->asn), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)session_attribute_label->client_asn->organization, strlen(session_attribute_label->client_asn->organization), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
|
||||
if(session_attribute_label->server_asn == NULL)
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)session_attribute_label->server_asn->asn, strlen(session_attribute_label->server_asn->asn), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)session_attribute_label->server_asn->organization, strlen(session_attribute_label->server_asn->organization), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
|
||||
if(session_attribute_label->client_location == NULL)
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)session_attribute_label->client_location->country_full, strlen(session_attribute_label->client_location->country_full), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)session_attribute_label->client_location->province_full, strlen(session_attribute_label->client_location->province_full), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)session_attribute_label->client_location->city_full, strlen(session_attribute_label->client_location->city_full), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
|
||||
if(session_attribute_label->server_location == NULL)
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)session_attribute_label->server_location->country_full, strlen(session_attribute_label->server_location->country_full), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)session_attribute_label->server_location->province_full, strlen(session_attribute_label->server_location->province_full), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)session_attribute_label->server_location->city_full, strlen(session_attribute_label->server_location->city_full), pmeinfo);
|
||||
if(ret < 0) break;
|
||||
}
|
||||
}while(0);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, struct streaminfo *stream, struct pkt_info *pktinfo, uint16_t *len){
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
uint16_t bufflen = 0, serialize_len = 0;
|
||||
@@ -368,6 +458,14 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
|
||||
}
|
||||
}
|
||||
|
||||
//share session attribute
|
||||
ret = session_attribute_cmsg_set(cmsg, pmeinfo);
|
||||
if(ret < 0)
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "share-session-attribute: Failed at set cmsg");
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
//src mac
|
||||
ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_VXLAN_OUTER_GDEV_MAC, src_mac);
|
||||
if(ret < 0){
|
||||
@@ -1071,6 +1169,68 @@ static int first_data_ssl_dynamic_bypass(struct streaminfo *stream, struct pme_i
|
||||
}
|
||||
|
||||
|
||||
static struct _session_attribute_label_t * kni_pull_session_attribute_results(struct streaminfo *a_stream,struct pme_info *pmeinfo)
|
||||
{
|
||||
struct _session_attribute_label_t *session_attribute_label = NULL;
|
||||
void *logger = g_kni_handle->local_logger;
|
||||
session_attribute_label = (struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_kni_handle->session_attribute_id);
|
||||
if(session_attribute_label != NULL)
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: Success to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
|
||||
|
||||
if(session_attribute_label->client_subscribe_id == NULL)
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
||||
else
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is: %s,stream traceid = %s",session_attribute_label->client_subscribe_id->subscribe_id,pmeinfo->stream_traceid);
|
||||
|
||||
if(session_attribute_label->server_subscribe_id == NULL)
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
||||
else
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is: %s,stream traceid = %s",session_attribute_label->server_subscribe_id->subscribe_id,pmeinfo->stream_traceid);
|
||||
|
||||
if(session_attribute_label->client_asn == NULL)
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn and organization is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is: %s,stream traceid = %s",session_attribute_label->client_asn->asn, pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: %s,stream traceid = %s",session_attribute_label->client_asn->organization, pmeinfo->stream_traceid);
|
||||
}
|
||||
|
||||
if(session_attribute_label->server_asn == NULL)
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn and organization is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn:%s,stream traceid = %s",session_attribute_label->server_asn->asn,pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization:%s,stream traceid = %s",session_attribute_label->server_asn->organization,pmeinfo->stream_traceid);
|
||||
}
|
||||
|
||||
if(session_attribute_label->client_location == NULL)
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is: %s,stream traceid = %s",session_attribute_label->client_location->country_full,pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is: %s,stream traceid = %s",session_attribute_label->client_location->province_full,pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is: %s,stream traceid = %s",session_attribute_label->client_location->city_full,pmeinfo->stream_traceid);
|
||||
}
|
||||
|
||||
if(session_attribute_label->server_location == NULL)
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
||||
else
|
||||
{
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is: %s,stream traceid = %s",session_attribute_label->server_location->country_full,pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is: %s,stream traceid = %s",session_attribute_label->server_location->province_full,pmeinfo->stream_traceid);
|
||||
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is: %s,stream traceid = %s",session_attribute_label->server_location->city_full,pmeinfo->stream_traceid);
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
KNI_LOG_ERROR(logger, "share-session-attribute: Failed to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
|
||||
}
|
||||
|
||||
return session_attribute_label;
|
||||
}
|
||||
|
||||
|
||||
static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){
|
||||
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], 0, FS_OP_ADD, 1);
|
||||
@@ -1153,6 +1313,14 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
||||
return APP_STATE_FAWPKT | APP_STATE_KILL_OTHER | APP_STATE_GIVEME;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
if(pmeinfo->session_attribute_label == NULL)
|
||||
{
|
||||
KNI_LOG_DEBUG(g_kni_handle->local_logger, "Intercept error: Get share session attribute error,stream traceid = %s", pmeinfo->stream_traceid);
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
//dynamic bypass
|
||||
if(first_data_ssl_dynamic_bypass(stream, pmeinfo, pktinfo, thread_seq) == 0)
|
||||
{
|
||||
@@ -1362,6 +1530,7 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
||||
pmeinfo->do_log = pmeinfo->maat_result.do_log;
|
||||
pmeinfo->thread_seq = thread_seq;
|
||||
pmeinfo->is_dynamic_bypass = 0;
|
||||
pmeinfo->session_attribute_label = kni_pull_session_attribute_results(stream,pmeinfo);
|
||||
maat_hit = 1;
|
||||
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
||||
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
||||
@@ -2341,6 +2510,8 @@ extern "C" int kni_init(){
|
||||
MESA_htable_handle traceid2pme_htable = NULL;
|
||||
MESA_htable_handle sslinfo2bypass_htable = NULL;
|
||||
struct tfe_mgr *_tfe_mgr = NULL;
|
||||
char label_buff[MAX_STRING_LEN*4]={0};
|
||||
|
||||
int ret = MESA_load_profile_string_nodef(profile, section, "log_path", log_path, sizeof(log_path));
|
||||
if(ret < 0){
|
||||
printf("MESA_prof_load: log_path not set, profile = %s, section = %s", profile, section);
|
||||
@@ -2527,6 +2698,16 @@ extern "C" int kni_init(){
|
||||
KNI_LOG_ERROR(local_logger, "Failed at init pxy_tcp_option_rule");
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
//register customer for share session attribute
|
||||
MESA_load_profile_string_def(profile, "share_session_attribute", "SESSION_ATTRIBUTE_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY");
|
||||
g_kni_handle->session_attribute_id = project_customer_register(label_buff, PROJECT_VAL_TYPE_STRUCT);
|
||||
if(g_kni_handle->session_attribute_id < 0)
|
||||
{
|
||||
KNI_LOG_ERROR(local_logger,"Register %s failed; please check :%s ",label_buff,profile);
|
||||
return -1;
|
||||
}
|
||||
|
||||
//init tfe_mgr
|
||||
_tfe_mgr = tfe_mgr_init(tfe_node_count, profile, g_kni_handle->deploy_mode, local_logger);
|
||||
if(_tfe_mgr == NULL){
|
||||
|
||||
Reference in New Issue
Block a user