|
|
|
|
@@ -162,7 +162,7 @@ static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stre
|
|
|
|
|
pmeinfo->stream = stream;
|
|
|
|
|
pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype;
|
|
|
|
|
pmeinfo->ssl_cert_verify = -1;
|
|
|
|
|
uint64_t traceid = tsg_get_stream_id((struct streaminfo*)stream);
|
|
|
|
|
uint64_t traceid = tsg_get_stream_trace_id((struct streaminfo*)stream);
|
|
|
|
|
snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%" PRIu64 , traceid);
|
|
|
|
|
if(g_kni_handle->log_level < RLOG_LV_FATAL)
|
|
|
|
|
printaddr_r(&(stream->addr), pmeinfo->stream_addr, KNI_ADDR_MAX);
|
|
|
|
|
@@ -236,12 +236,10 @@ static int log_generate(struct pme_info *pmeinfo){
|
|
|
|
|
if(pmeinfo->protocol == PROTO_HTTP){
|
|
|
|
|
TLD_append(tld_handle, (char*)"http_host", (void*)pmeinfo->domain.host, TLD_TYPE_STRING);
|
|
|
|
|
}
|
|
|
|
|
tsg_log_t log_msg;
|
|
|
|
|
memset(&log_msg, 0, sizeof(log_msg));
|
|
|
|
|
log_msg.result_num = pmeinfo->maat_result_num;
|
|
|
|
|
log_msg.result = &(pmeinfo->maat_result);
|
|
|
|
|
log_msg.a_stream = NULL;
|
|
|
|
|
int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, 0);
|
|
|
|
|
//int ret = tsg_send_log(g_tsg_log_instance, tld_handle, NULL, &pmeinfo->maat_rule, (size_t)pmeinfo->n_maat_rule, 0);
|
|
|
|
|
|
|
|
|
|
int ret = tsg_send_log(g_tsg_log_instance, tld_handle, NULL, LOG_TYPE_SECURITY_EVENT, &pmeinfo->maat_rule, 1, 0);
|
|
|
|
|
//int ret = tsg_send_log(g_tsg_log_instance, tld_handle, &log_msg, 0);
|
|
|
|
|
if(ret < 0){
|
|
|
|
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_FAIL], 0, FS_OP_ADD, 1);
|
|
|
|
|
KNI_LOG_ERROR(local_logger, "Failed at sendlog, ret = %d, strem_traceid = %s",
|
|
|
|
|
@@ -264,7 +262,7 @@ static int log_generate(struct pme_info *pmeinfo){
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
tsg_set_intercept_flow(&pmeinfo->maat_result, &pmeinfo->traffic_info,0);
|
|
|
|
|
tsg_set_intercept_flow(&pmeinfo->maat_rule, &pmeinfo->traffic_info, 0);
|
|
|
|
|
FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SENDLOG_SUCC], 0, FS_OP_ADD, 1);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
@@ -324,169 +322,238 @@ int wrapped_kni_cmsg_set(struct kni_cmsg *cmsg, uint16_t type, const unsigned ch
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
|
|
|
|
|
static int session_attr_subscribe_id_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
struct session_attribute_label *session_attribute = pmeinfo->session_attribute;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
char empty_arr[MAX_STR_FIELD_LEN] = {0};
|
|
|
|
|
const char *client_subscribe_id = srt_attribute_get_client_subscriber_id(session_attr);
|
|
|
|
|
const char *server_subscribe_id = srt_attribute_get_server_subscriber_id(session_attr);
|
|
|
|
|
|
|
|
|
|
do{
|
|
|
|
|
if(client_subscribe_id == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_SUB_ID, (const unsigned char*)client_subscribe_id, strlen(client_subscribe_id), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
if(server_subscribe_id == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_SUB_ID, (const unsigned char*)server_subscribe_id, strlen(server_subscribe_id), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}while(0);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int session_attr_asn_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
char empty_arr[MAX_STR_FIELD_LEN] = {0};
|
|
|
|
|
const struct asn_info *client_asn = srt_attribute_get_client_ip_asn(session_attr);
|
|
|
|
|
const struct asn_info *server_asn = srt_attribute_get_server_ip_asn(session_attr);
|
|
|
|
|
|
|
|
|
|
do{
|
|
|
|
|
if(client_asn == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
client_asn->asn_id == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ASN, (const unsigned char*)client_asn->asn_id, strlen(client_asn->asn_id), pmeinfo);
|
|
|
|
|
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
client_asn->organization == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)client_asn->organization, strlen(client_asn->organization), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(server_asn == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
server_asn->asn_id == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ASN, (const unsigned char*)server_asn->asn_id, strlen(server_asn->asn_id), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
server_asn->organization == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)server_asn->organization, strlen(server_asn->organization), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
}while(0);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int session_attr_ip_location_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
char empty_arr[MAX_STR_FIELD_LEN] = {0};
|
|
|
|
|
const struct location_info *client_location = srt_attribute_get_client_ip_location(session_attr);
|
|
|
|
|
const struct location_info *server_location = srt_attribute_get_server_ip_location(session_attr);
|
|
|
|
|
|
|
|
|
|
do{
|
|
|
|
|
if(client_location == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
client_location->country_full == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)client_location->country_full, strlen(client_location->country_full), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
client_location->province_full == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)client_location->province_full, strlen(client_location->province_full), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
client_location->city_full == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)client_location->city_full, strlen(client_location->city_full), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
client_location->subdivision_addr == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)client_location->subdivision_addr, strlen(client_location->subdivision_addr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(server_location == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
server_location->country_full == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)server_location->country_full, strlen(server_location->country_full), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
server_location->province_full == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)server_location->province_full, strlen(server_location->province_full), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
server_location->city_full == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)server_location->city_full, strlen(server_location->city_full), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
server_location->subdivision_addr == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)server_location->subdivision_addr, strlen(server_location->subdivision_addr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
}while(0);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int session_attr_ja3_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
char empty_arr[MAX_STR_FIELD_LEN] = {0};
|
|
|
|
|
|
|
|
|
|
const char *ja3_fingerprint = srt_attribute_get_ja3_fingerprint(session_attr);
|
|
|
|
|
|
|
|
|
|
ja3_fingerprint == NULL
|
|
|
|
|
?ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo)
|
|
|
|
|
:ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)ja3_fingerprint, strlen(ja3_fingerprint), pmeinfo);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int session_attr_fqdn_category_id_cmsg_set(const struct session_runtime_attribute *session_attr, struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
size_t n_category_ids = 0;
|
|
|
|
|
unsigned int category_ids[8] = {0};
|
|
|
|
|
char fqdn_val[sizeof(int) * 8] = {0};
|
|
|
|
|
char empty_arr[MAX_STR_FIELD_LEN] = {0};
|
|
|
|
|
|
|
|
|
|
n_category_ids = srt_attribute_get_category_ids((const struct session_runtime_attribute *)pmeinfo->session_attribute, category_ids, sizeof(category_ids)/sizeof(category_ids[0]));
|
|
|
|
|
|
|
|
|
|
if(n_category_ids <= 0 || n_category_ids > 8)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
for(int i = 0 ; i < (int)n_category_ids; i++)
|
|
|
|
|
{
|
|
|
|
|
memcpy((void *)(fqdn_val + i * (sizeof(unsigned int))), (void *)&(category_ids[i]), sizeof(unsigned int));
|
|
|
|
|
}
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg ,TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)fqdn_val, n_category_ids * sizeof(unsigned int) , pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int session_attribute_cmsg_set(struct kni_cmsg *cmsg, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
struct session_runtime_attribute *session_attr = pmeinfo->session_attribute;
|
|
|
|
|
|
|
|
|
|
if(session_attr == NULL)
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
do {
|
|
|
|
|
if(session_attribute->client_subscribe_id == NULL)
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
else
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_SUB_ID, (const unsigned char*)session_attribute->client_subscribe_id->subscribe_id, strlen(session_attribute->client_subscribe_id->subscribe_id), pmeinfo);
|
|
|
|
|
ret = session_attr_subscribe_id_cmsg_set(session_attr, cmsg, pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
if(session_attribute->server_subscribe_id == NULL)
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_SUB_ID, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
else
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_SUB_ID, (const unsigned char*)session_attribute->server_subscribe_id->subscribe_id, strlen(session_attribute->server_subscribe_id->subscribe_id), pmeinfo);
|
|
|
|
|
ret = session_attr_asn_cmsg_set(session_attr, cmsg, pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
if(session_attribute->client_asn == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->client_asn->asn_id == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ASN, (const unsigned char*)session_attribute->client_asn->asn_id, strlen(session_attribute->client_asn->asn_id), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->client_asn->organization){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_ORGANIZATION, (const unsigned char*)session_attribute->client_asn->organization, strlen(session_attribute->client_asn->organization), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
ret = session_attr_ip_location_cmsg_set(session_attr, cmsg, pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
if(session_attribute->server_asn == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->server_asn->asn_id == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ASN, (const unsigned char*)session_attribute->server_asn->asn_id, strlen(session_attribute->server_asn->asn_id), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->server_asn->organization == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_ORGANIZATION, (const unsigned char*)session_attribute->server_asn->organization, strlen(session_attribute->server_asn->organization), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
ret = session_attr_ja3_cmsg_set(session_attr, cmsg, pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
|
|
|
|
|
if(session_attribute->client_location == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->client_location->country_full == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_COUNTRY, (const unsigned char*)session_attribute->client_location->country_full, strlen(session_attribute->client_location->country_full), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->client_location->province_full == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_PROVINE, (const unsigned char*)session_attribute->client_location->province_full, strlen(session_attribute->client_location->province_full), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->client_location->city_full == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_CITY, (const unsigned char*)session_attribute->client_location->city_full, strlen(session_attribute->client_location->city_full), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->client_location->subdivision_addr == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SRC_IP_LOCATION_SUBDIVISION, (const unsigned char*)session_attribute->client_location->subdivision_addr, strlen(session_attribute->client_location->subdivision_addr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(session_attribute->server_location == NULL)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->server_location->country_full == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_COUNTRY, (const unsigned char*)session_attribute->server_location->country_full, strlen(session_attribute->server_location->country_full), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->server_location->province_full == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_PROVINE, (const unsigned char*)session_attribute->server_location->province_full, strlen(session_attribute->server_location->province_full), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->server_location->city_full == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_CITY, (const unsigned char*)session_attribute->server_location->city_full, strlen(session_attribute->server_location->city_full), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
if(session_attribute->server_location->subdivision_addr == NULL){
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}else{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_DST_IP_LOCATION_SUBDIVISION, (const unsigned char*)session_attribute->server_location->subdivision_addr, strlen(session_attribute->server_location->subdivision_addr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->ja3_fingerprint == NULL)
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
else
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_SSL_CLIENT_JA3_FINGERPRINT, (const unsigned char*)session_attribute->ja3_fingerprint, strlen(session_attribute->ja3_fingerprint), pmeinfo);
|
|
|
|
|
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_CAT_ID_NUM, (const unsigned char*)&(session_attribute->fqdn_category_id_num), sizeof(unsigned int), pmeinfo);
|
|
|
|
|
|
|
|
|
|
if(session_attribute->fqdn_category_id_num <= 0 || session_attribute->fqdn_category_id_num > 8)
|
|
|
|
|
{
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)empty_arr, strlen(empty_arr), pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
char fqdn_val[sizeof(session_attribute->fqdn_category_id)] = {0};
|
|
|
|
|
for(int i = 0 ; i < session_attribute->fqdn_category_id_num; i ++)
|
|
|
|
|
{
|
|
|
|
|
memcpy((void *)(fqdn_val + i * (sizeof(unsigned int))), (void *)&(session_attribute->fqdn_category_id[i]), sizeof(unsigned int));
|
|
|
|
|
}
|
|
|
|
|
ret = wrapped_kni_cmsg_set(cmsg,TFE_CMSG_FQDN_CAT_ID_VAL, (const unsigned char*)fqdn_val,session_attribute->fqdn_category_id_num *sizeof(unsigned int) , pmeinfo);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = session_attr_fqdn_category_id_cmsg_set(session_attr, cmsg, pmeinfo);
|
|
|
|
|
if(ret < 0) break;
|
|
|
|
|
}while(0);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
@@ -1085,124 +1152,133 @@ static int dabloom_add(struct pkt_info *pktinfo, int thread_seq){
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct session_attribute_label * kni_pull_session_attribute_results(struct streaminfo *a_stream,struct pme_info *pmeinfo)
|
|
|
|
|
static struct session_runtime_attribute * kni_pull_session_attribute_results(struct streaminfo *a_stream, struct pme_info *pmeinfo)
|
|
|
|
|
{
|
|
|
|
|
struct session_attribute_label *session_attribute = NULL;
|
|
|
|
|
const struct session_runtime_attribute *session_attr = NULL;
|
|
|
|
|
void *logger = g_kni_handle->local_logger;
|
|
|
|
|
session_attribute = (struct session_attribute_label *)project_req_get_struct(a_stream, g_kni_handle->session_attribute_id);
|
|
|
|
|
if(session_attribute != NULL)
|
|
|
|
|
session_attr = session_runtime_attribute_get(a_stream);
|
|
|
|
|
if(session_attr == NULL)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: Success to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
KNI_LOG_ERROR(logger, "share-session-attribute: Failed to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: Success to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(session_attribute->client_subscribe_id == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is: %s,stream traceid = %s",session_attribute->client_subscribe_id->subscribe_id,pmeinfo->stream_traceid);
|
|
|
|
|
const char *client_subscribe_id = srt_attribute_get_client_subscriber_id(session_attr);
|
|
|
|
|
if(client_subscribe_id == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source subscribe id is: %s,stream traceid = %s", client_subscribe_id, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(session_attribute->server_subscribe_id == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is: %s,stream traceid = %s",session_attribute->server_subscribe_id->subscribe_id,pmeinfo->stream_traceid);
|
|
|
|
|
const char *server_subscribe_id = srt_attribute_get_server_subscriber_id(session_attr);
|
|
|
|
|
if(server_subscribe_id == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination subscribe id is: %s,stream traceid = %s", server_subscribe_id, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(session_attribute->client_asn == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn and organization is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->client_asn->asn_id == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is: %s,stream traceid = %s",session_attribute->client_asn->asn_id, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->client_asn->organization == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: %s,stream traceid = %s",session_attribute->client_asn->organization, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(session_attribute->server_asn == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn and organization is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->server_asn->asn_id == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn: NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn:%s,stream traceid = %s",session_attribute->server_asn->asn_id,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->server_asn->organization == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization:%s,stream traceid = %s",session_attribute->server_asn->organization,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(session_attribute->client_location == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->client_location->country_full == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is: %s,stream traceid = %s",session_attribute->client_location->country_full,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->client_location->province_full == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is: %s,stream traceid = %s",session_attribute->client_location->province_full,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->client_location->city_full == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is: %s,stream traceid = %s",session_attribute->client_location->city_full,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(session_attribute->server_location == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(session_attribute->server_location->country_full == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is: %s,stream traceid = %s",session_attribute->server_location->country_full,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->server_location->province_full == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is: %s,stream traceid = %s",session_attribute->server_location->province_full,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->server_location->city_full == NULL){
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}else{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is: %s,stream traceid = %s",session_attribute->server_location->city_full,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(session_attribute->ja3_fingerprint == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is %s,stream traceid = %s",session_attribute->ja3_fingerprint,pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(session_attribute->fqdn_category_id_num < 0 || session_attribute->fqdn_category_id_num > 8)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id_num out of range( 0 <= value <= 8), value = %d,stream traceid = %s",session_attribute->fqdn_category_id_num,pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
for(int i= 0; i < session_attribute->fqdn_category_id_num; i ++)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id[%d] = %u,stream traceid = %s",i,session_attribute->fqdn_category_id[i],pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct asn_info *client_asn = srt_attribute_get_client_ip_asn(session_attr);
|
|
|
|
|
if(client_asn == NULL)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn and organization is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_ERROR(logger, "share-session-attribute: Failed to get the session attribute results,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
if(client_asn->asn_id == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source asn is: %s,stream traceid = %s", client_asn->asn_id, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(client_asn->organization == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source organization is: %s,stream traceid = %s", client_asn->organization, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return session_attribute;
|
|
|
|
|
const struct asn_info *server_asn = srt_attribute_get_server_ip_asn(session_attr);
|
|
|
|
|
if(server_asn == NULL)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn and organization is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(server_asn->asn_id == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn: NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination asn:%s,stream traceid = %s", server_asn->asn_id, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(server_asn->organization == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination organization:%s,stream traceid = %s", server_asn->organization, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct location_info *client_location = srt_attribute_get_client_ip_location(session_attr);
|
|
|
|
|
if(client_location == NULL)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(client_location->country_full == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location country is: %s,stream traceid = %s",client_location->country_full,pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(client_location->province_full == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location province is: %s,stream traceid = %s", client_location->province_full, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(client_location->city_full == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is NULL,stream traceid = %s", pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: source ip location city is: %s,stream traceid = %s", client_location->city_full, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct location_info *server_location = srt_attribute_get_server_ip_location(session_attr);
|
|
|
|
|
if(server_location == NULL)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(server_location->country_full == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location country is: %s,stream traceid = %s",server_location->country_full, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(server_location->province_full == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location province is: %s,stream traceid = %s", server_location->province_full, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
if(server_location->city_full == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: destination ip location city is: %s,stream traceid = %s", server_location->city_full, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const char *ja3_fingerprint = srt_attribute_get_ja3_fingerprint(session_attr);
|
|
|
|
|
if(ja3_fingerprint == NULL)
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is NULL,stream traceid = %s",pmeinfo->stream_traceid);
|
|
|
|
|
else
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: ja3_fingerprint is %s,stream traceid = %s", ja3_fingerprint, pmeinfo->stream_traceid);
|
|
|
|
|
|
|
|
|
|
unsigned int category_ids[8] = {0};
|
|
|
|
|
int n_category_ids = srt_attribute_set_category_ids(a_stream, category_ids, sizeof(category_ids)/sizeof(category_ids[0]));
|
|
|
|
|
if(n_category_ids < 0 || n_category_ids > 8)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id_num out of range( 0 <= value <= 8), value = %d,stream traceid = %s", n_category_ids, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
for(int i= 0; i < n_category_ids; i ++)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "share-session-attribute: fqdn_category_id[%d] = %u,stream traceid = %s",i, category_ids[i],pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (struct session_runtime_attribute *)session_attr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@@ -1334,7 +1410,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//intercept_error: no tfe
|
|
|
|
|
if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_result.config_id,pmeinfo) == 0) // tsg diagnose shunt
|
|
|
|
|
if(tsg_diagnose_judge_streamshunt(pmeinfo->maat_rule.rule_id, pmeinfo) == 0) // tsg diagnose shunt
|
|
|
|
|
pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
|
|
|
|
|
else
|
|
|
|
|
pmeinfo->tfe_id = tfe_mgr_alive_node_cycle_get(g_kni_handle->_tfe_mgr, (int *)&(g_kni_handle->arr_last_tfe_dispatch_index[thread_seq]));
|
|
|
|
|
@@ -1613,30 +1689,44 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
|
|
|
|
//first data packet, get action
|
|
|
|
|
void *logger = g_kni_handle->local_logger;
|
|
|
|
|
int maat_hit = 0;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
struct identify_info _identify_info;
|
|
|
|
|
ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &(pmeinfo->maat_result), 1, &_identify_info);
|
|
|
|
|
size_t n_hit_rule = 0;
|
|
|
|
|
n_hit_rule = session_matched_rules_copy(stream, TSG_SERVICE_INTERCEPT, &pmeinfo->maat_rule, 1);
|
|
|
|
|
//ret = tsg_pull_policy_result(stream, PULL_KNI_RESULT, &(pmeinfo->maat_result), 1, &_identify_info);
|
|
|
|
|
//ret == 0, bypass and dropme
|
|
|
|
|
if(ret == 0){
|
|
|
|
|
if(n_hit_rule == 0){
|
|
|
|
|
pmeinfo->action = KNI_ACTION_NONE;
|
|
|
|
|
maat_hit = 0;
|
|
|
|
|
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, stream traceid = %s",
|
|
|
|
|
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
else{
|
|
|
|
|
pmeinfo->maat_result_num = 1;
|
|
|
|
|
pmeinfo->protocol = _identify_info.proto;
|
|
|
|
|
pmeinfo->domain_len = MIN(_identify_info.domain_len, (int)sizeof(pmeinfo->domain) - 1);
|
|
|
|
|
strncpy(pmeinfo->domain.sni, _identify_info.domain, pmeinfo->domain_len);
|
|
|
|
|
pmeinfo->action = (enum kni_action)(pmeinfo->maat_result.action);
|
|
|
|
|
pmeinfo->policy_id = pmeinfo->maat_result.config_id;
|
|
|
|
|
pmeinfo->do_log = pmeinfo->maat_result.do_log;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
const struct session_runtime_process_context *session_context = session_runtime_process_context_get((const struct streaminfo *)stream);
|
|
|
|
|
pmeinfo->n_maat_rule = 1;
|
|
|
|
|
pmeinfo->protocol = srt_process_context_get_protocol(session_context);
|
|
|
|
|
|
|
|
|
|
const char *domain = srt_process_context_get_domain(session_context);
|
|
|
|
|
pmeinfo->domain_len = MIN(strlen(domain), (int)sizeof(pmeinfo->domain) - 1);
|
|
|
|
|
|
|
|
|
|
if(pmeinfo->protocol == PROTO_HTTP)
|
|
|
|
|
{
|
|
|
|
|
strncpy(pmeinfo->domain.host, domain, pmeinfo->domain_len);
|
|
|
|
|
}
|
|
|
|
|
if(pmeinfo->protocol == PROTO_SSL)
|
|
|
|
|
{
|
|
|
|
|
strncpy(pmeinfo->domain.sni, domain, pmeinfo->domain_len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pmeinfo->action = KNI_ACTION_INTERCEPT;
|
|
|
|
|
//pmeinfo->action = (enum kni_action)(pmeinfo->maat_result.action);
|
|
|
|
|
pmeinfo->policy_id = pmeinfo->maat_rule.rule_id;
|
|
|
|
|
pmeinfo->do_log = pmeinfo->maat_rule.do_log;
|
|
|
|
|
pmeinfo->thread_seq = thread_seq;
|
|
|
|
|
pmeinfo->is_dynamic_bypass = 0;
|
|
|
|
|
pmeinfo->session_attribute = kni_pull_session_attribute_results(stream,pmeinfo);
|
|
|
|
|
maat_hit = 1;
|
|
|
|
|
char *action_str = kni_maat_action_trans(pmeinfo->action);
|
|
|
|
|
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, policy_id = %d, action = %d(%s), stream traceid = %s",
|
|
|
|
|
KNI_LOG_INFO(logger, "intercept_policy_scan: %s, %s, maat_hit = %d, rule_id = %d, action = %d(%s), stream traceid = %s",
|
|
|
|
|
pmeinfo->stream_addr, (char*)&(pmeinfo->domain), maat_hit, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->stream_traceid);
|
|
|
|
|
}
|
|
|
|
|
switch(pmeinfo->action){
|
|
|
|
|
@@ -1646,12 +1736,15 @@ char first_data_process(struct streaminfo *stream, struct pme_info *pmeinfo, str
|
|
|
|
|
pmeinfo->tld_handle = TLD_create(-1);
|
|
|
|
|
if(g_kni_handle->pxy_tcp_option_enable == 1)
|
|
|
|
|
{
|
|
|
|
|
KNI_LOG_DEBUG(logger, "Proxy-tcp-option: before scan status:%d ( 1 is has been scanned, other value not scan),stream traceid = %s", pmeinfo->pxy_tcp_option_is_scan,pmeinfo->stream_traceid);
|
|
|
|
|
pxy_tcp_option_param_get(pmeinfo, logger);
|
|
|
|
|
/*
|
|
|
|
|
* temp comment in version 23.04
|
|
|
|
|
if(pmeinfo->pxy_tcp_option_is_scan != 1)
|
|
|
|
|
{
|
|
|
|
|
pxy_tcp_option_get_param(g_tsg_maat_feather,(const struct streaminfo *)stream,pmeinfo,logger);
|
|
|
|
|
//pxy_tcp_option_get_param(g_tsg_maat_feather,(const struct streaminfo *)stream,pmeinfo,logger);
|
|
|
|
|
pmeinfo->pxy_tcp_option_is_scan = 1;
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
}
|
|
|
|
|
return first_data_intercept(stream, pmeinfo, pktinfo, thread_seq);
|
|
|
|
|
default:
|
|
|
|
|
@@ -2601,7 +2694,7 @@ extern "C" int kni_init(){
|
|
|
|
|
struct thread_tfe_cmsg_receiver_args *cmsg_receiver_args;
|
|
|
|
|
MESA_htable_handle traceid2pme_htable = NULL;
|
|
|
|
|
struct tfe_mgr *_tfe_mgr = NULL;
|
|
|
|
|
char label_buff[MAX_STRING_LEN*4]={0};
|
|
|
|
|
//char label_buff[MAX_STRING_LEN*4]={0};
|
|
|
|
|
tfe_cmsg_enum_to_string();
|
|
|
|
|
int ret = MESA_load_profile_string_nodef(profile, section, "log_path", log_path, sizeof(log_path));
|
|
|
|
|
if(ret < 0){
|
|
|
|
|
@@ -2893,7 +2986,7 @@ extern "C" int kni_init(){
|
|
|
|
|
KNI_LOG_ERROR(local_logger, "Failed at init pxy_tcp_option_rule");
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
//register customer for share session attribute
|
|
|
|
|
MESA_load_profile_string_def(profile, "share_session_attribute", "SESSION_ATTRIBUTE_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL");
|
|
|
|
|
g_kni_handle->session_attribute_id = project_customer_register(label_buff, PROJECT_VAL_TYPE_STRUCT);
|
|
|
|
|
@@ -2902,7 +2995,7 @@ extern "C" int kni_init(){
|
|
|
|
|
KNI_LOG_ERROR(local_logger,"Register %s failed; please check :%s ",label_buff,profile);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
//init tfe_mgr
|
|
|
|
|
_tfe_mgr = tfe_mgr_init(tfe_node_count, profile, g_kni_handle->deploy_mode, local_logger);
|
|
|
|
|
if(_tfe_mgr == NULL){
|
|
|
|
|
|
fumingwei