2019-12-11 15:26:08 +08:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <assert.h>
|
2020-03-23 11:41:04 +08:00
|
|
|
#include <sys/time.h>
|
2020-01-17 18:48:23 +08:00
|
|
|
#include <unistd.h>
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2020-01-10 17:26:33 +08:00
|
|
|
#include <MESA/http.h>
|
2020-01-16 16:20:35 +08:00
|
|
|
#include <MESA/ftp.h>
|
2020-03-23 11:41:04 +08:00
|
|
|
#include <MESA/mail.h>
|
2020-06-01 18:20:47 +08:00
|
|
|
#include "MESA/gquic.h"
|
2019-12-11 15:26:08 +08:00
|
|
|
#include <MESA/stream.h>
|
|
|
|
|
#include <MESA/MESA_prof_load.h>
|
|
|
|
|
#include <MESA/MESA_handle_logger.h>
|
|
|
|
|
|
|
|
|
|
#include "tsg_rule.h"
|
|
|
|
|
#include "tsg_entry.h"
|
|
|
|
|
#include "tsg_send_log.h"
|
2020-01-07 13:04:00 +08:00
|
|
|
#include "tsg_statistic.h"
|
2019-12-11 15:26:08 +08:00
|
|
|
#include "tsg_send_log_internal.h"
|
2020-01-10 17:26:33 +08:00
|
|
|
#include "tsg_ssl_utils.h"
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2019-12-25 15:23:40 +08:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C"
|
|
|
|
|
{
|
|
|
|
|
#endif
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2019-12-25 15:23:40 +08:00
|
|
|
#define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL
|
|
|
|
|
#define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v)
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2019-12-25 15:23:40 +08:00
|
|
|
/* VERSION TAG */
|
|
|
|
|
#ifdef GIT_VERSION
|
|
|
|
|
GIT_VERSION_EXPEND(GIT_VERSION);
|
|
|
|
|
#else
|
|
|
|
|
static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
#undef GIT_VERSION_CATTER
|
|
|
|
|
#undef GIT_VERSION_EXPEND
|
|
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
2020-06-12 11:52:35 +08:00
|
|
|
char TSG_MASTER_VERSION_20200612=0;
|
2019-12-11 15:26:08 +08:00
|
|
|
const char *tsg_conffile="tsgconf/main.conf";
|
|
|
|
|
g_tsg_para_t g_tsg_para;
|
|
|
|
|
|
|
|
|
|
id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"},
|
|
|
|
|
{TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"},
|
|
|
|
|
{TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"},
|
|
|
|
|
{TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"},
|
|
|
|
|
{TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"},
|
|
|
|
|
{TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"},
|
|
|
|
|
{TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"}
|
|
|
|
|
};
|
2020-01-10 17:26:33 +08:00
|
|
|
|
2020-05-25 15:10:01 +08:00
|
|
|
#define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1
|
2020-05-22 09:51:28 +08:00
|
|
|
|
|
|
|
|
static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
|
|
|
|
|
{
|
|
|
|
|
int ret=0,flags=0;
|
|
|
|
|
char buff[4096]={0};
|
|
|
|
|
cJSON *object=NULL;
|
|
|
|
|
|
|
|
|
|
FILE *fp=fopen(filename, "rb");
|
|
|
|
|
if(fp)
|
|
|
|
|
{
|
|
|
|
|
ret=fread(buff, sizeof(buff), 1, fp);
|
|
|
|
|
if(ret<(int)sizeof(buff))
|
|
|
|
|
{
|
|
|
|
|
object=cJSON_Parse(buff);
|
|
|
|
|
if(object)
|
|
|
|
|
{
|
|
|
|
|
cJSON *item=cJSON_GetObjectItem(object, "sn");
|
|
|
|
|
if(item && device_sn_len>(int)strlen(item->valuestring))
|
|
|
|
|
{
|
|
|
|
|
flags=1;
|
|
|
|
|
memcpy(device_sn, item->valuestring, strlen(item->valuestring));
|
|
|
|
|
}
|
|
|
|
|
cJSON_Delete(object);
|
|
|
|
|
object=NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(fp);
|
|
|
|
|
fp=NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return flags;
|
|
|
|
|
}
|
2020-05-14 18:08:43 +08:00
|
|
|
|
2020-06-03 17:45:11 +08:00
|
|
|
int tsg_set_device_id_to_telegraf(char *device_sn)
|
|
|
|
|
{
|
|
|
|
|
char buff[128]={0};
|
|
|
|
|
FILE *fp=NULL;
|
|
|
|
|
|
|
|
|
|
if(device_sn)
|
|
|
|
|
{
|
|
|
|
|
fp=fopen("/etc/default/telegraf", "wb");
|
|
|
|
|
if(fp)
|
|
|
|
|
{
|
|
|
|
|
snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn);
|
|
|
|
|
fwrite(buff, strlen(buff), 1, fp);
|
|
|
|
|
fclose(fp);
|
|
|
|
|
fp=NULL;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
static void free_policy_label(int thread_seq, void *project_req_value)
|
|
|
|
|
{
|
|
|
|
|
dictator_free(thread_seq, project_req_value);
|
|
|
|
|
project_req_value=NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-14 15:52:54 +08:00
|
|
|
static void free_internal_label(int thread_seq, void *project_req_value)
|
|
|
|
|
{
|
|
|
|
|
struct _internal_label *label=(struct _internal_label *)project_req_value;
|
|
|
|
|
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label!=NULL)
|
2020-05-14 15:52:54 +08:00
|
|
|
{
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label->client_asn!=NULL)
|
|
|
|
|
{
|
|
|
|
|
ASN_free_data(label->client_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger);
|
|
|
|
|
label->client_asn=NULL;
|
|
|
|
|
}
|
2020-05-14 15:52:54 +08:00
|
|
|
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label->server_asn!=NULL)
|
|
|
|
|
{
|
|
|
|
|
ASN_free_data(label->server_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger);
|
|
|
|
|
label->server_asn=NULL;
|
|
|
|
|
}
|
2020-05-14 15:52:54 +08:00
|
|
|
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label->client_location!=NULL)
|
|
|
|
|
{
|
|
|
|
|
location_free_data(label->client_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger);
|
|
|
|
|
label->client_location=NULL;
|
|
|
|
|
}
|
2020-05-14 15:52:54 +08:00
|
|
|
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label->server_location!=NULL)
|
|
|
|
|
{
|
|
|
|
|
location_free_data(label->server_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger);
|
|
|
|
|
label->server_location=NULL;
|
|
|
|
|
}
|
2020-05-14 15:52:54 +08:00
|
|
|
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label->client_subscribe_id!=NULL)
|
|
|
|
|
{
|
|
|
|
|
subscribe_id_free_data(label->client_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger);
|
|
|
|
|
label->client_subscribe_id=NULL;
|
|
|
|
|
}
|
2020-05-14 15:52:54 +08:00
|
|
|
|
2020-05-19 10:02:31 +08:00
|
|
|
if(label->server_subscribe_id!=NULL)
|
|
|
|
|
{
|
|
|
|
|
subscribe_id_free_data(label->server_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger);
|
|
|
|
|
label->server_subscribe_id=NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dictator_free(thread_seq, project_req_value);
|
|
|
|
|
project_req_value=NULL;
|
2020-05-14 15:52:54 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
static void free_context(void **pme, int thread_seq)
|
|
|
|
|
{
|
|
|
|
|
struct _master_context *_context=(struct _master_context *)*pme;
|
|
|
|
|
|
|
|
|
|
if(_context!=NULL)
|
|
|
|
|
{
|
|
|
|
|
if(_context->result!=NULL)
|
|
|
|
|
{
|
|
|
|
|
dictator_free(thread_seq, (void *)_context->result);
|
|
|
|
|
_context->result=NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dictator_free(thread_seq, (void *)_context);
|
|
|
|
|
_context=NULL;
|
|
|
|
|
*pme=NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int init_context(void **pme, tsg_protocol_t proto, struct Maat_rule_t *p_result, int thread_seq)
|
|
|
|
|
{
|
|
|
|
|
struct _master_context *_context=(struct _master_context *)*pme;
|
|
|
|
|
|
|
|
|
|
*pme=dictator_malloc(thread_seq, sizeof(struct _master_context));
|
|
|
|
|
_context=(struct _master_context *)*pme;
|
|
|
|
|
_context->proto=proto;
|
|
|
|
|
_context->hit_cnt=1;
|
|
|
|
|
_context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t));
|
|
|
|
|
memcpy(_context->result, p_result, sizeof(struct Maat_rule_t));
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-10 17:26:33 +08:00
|
|
|
static char *schema_index2string(tsg_protocol_t proto)
|
|
|
|
|
{
|
|
|
|
|
char *schema_field_value=NULL;
|
|
|
|
|
|
|
|
|
|
switch(proto)
|
|
|
|
|
{
|
|
|
|
|
case PROTO_HTTP:
|
|
|
|
|
schema_field_value=(char *)"HTTP";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_SSL:
|
|
|
|
|
schema_field_value=(char *)"SSL";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_DNS:
|
|
|
|
|
schema_field_value=(char *)"DNS";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_FTP:
|
|
|
|
|
schema_field_value=(char *)"FTP";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_BGP:
|
|
|
|
|
schema_field_value=(char *)"BGP";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_SIP:
|
|
|
|
|
schema_field_value=(char *)"SIP";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_MAIL:
|
|
|
|
|
schema_field_value=(char *)"MAIL";
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_STREAMING_MEDIA:
|
|
|
|
|
schema_field_value=(char *)"STREAMING_MEDIA";
|
|
|
|
|
break;
|
2020-06-02 09:57:26 +08:00
|
|
|
case PROTO_QUIC:
|
|
|
|
|
schema_field_value=(char *)"QUIC";
|
|
|
|
|
break;
|
2020-01-10 17:26:33 +08:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return schema_field_value;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-07 13:04:00 +08:00
|
|
|
static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct _identify_info *identify_info, int thread_seq)
|
2019-12-11 15:26:08 +08:00
|
|
|
{
|
2020-01-07 13:04:00 +08:00
|
|
|
tsg_log_t log_msg;
|
|
|
|
|
char *domain_field_name=NULL;
|
|
|
|
|
char *schema_field_name=NULL;
|
2020-01-10 17:26:33 +08:00
|
|
|
char *schema_field_value=NULL;
|
2020-01-07 13:04:00 +08:00
|
|
|
struct TLD_handle_t *TLD_handle=NULL;
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2020-01-07 13:04:00 +08:00
|
|
|
TLD_handle=TLD_create(thread_seq);
|
2020-01-10 17:26:33 +08:00
|
|
|
if(identify_info!=NULL && (identify_info->proto>PROTO_UNKONWN) && (identify_info->proto<PROTO_MAX))
|
2019-12-11 15:26:08 +08:00
|
|
|
{
|
2020-01-07 13:04:00 +08:00
|
|
|
schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE);
|
2020-01-10 17:26:33 +08:00
|
|
|
|
|
|
|
|
schema_field_value=schema_index2string(identify_info->proto);
|
|
|
|
|
if(schema_field_value!=NULL)
|
|
|
|
|
{
|
|
|
|
|
TLD_append(TLD_handle, schema_field_name, (void *)schema_field_value, TLD_TYPE_STRING);
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-02 09:57:26 +08:00
|
|
|
switch(identify_info->proto)
|
2020-01-10 17:26:33 +08:00
|
|
|
{
|
2020-06-02 09:57:26 +08:00
|
|
|
case PROTO_HTTP:
|
|
|
|
|
domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST);
|
|
|
|
|
TLD_append(TLD_handle, domain_field_name, (void *)identify_info->domain, TLD_TYPE_STRING);
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_SSL:
|
|
|
|
|
domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI);
|
|
|
|
|
TLD_append(TLD_handle, domain_field_name, (void *)identify_info->domain, TLD_TYPE_STRING);
|
|
|
|
|
break;
|
|
|
|
|
case PROTO_QUIC:
|
|
|
|
|
domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI);
|
|
|
|
|
TLD_append(TLD_handle, domain_field_name, (void *)identify_info->domain, TLD_TYPE_STRING);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
2020-01-10 17:26:33 +08:00
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
}
|
|
|
|
|
|
2020-01-07 13:04:00 +08:00
|
|
|
log_msg.a_stream=a_stream;
|
|
|
|
|
log_msg.result=p_result;
|
|
|
|
|
log_msg.result_num=result_num;
|
|
|
|
|
tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
|
2020-05-14 18:08:43 +08:00
|
|
|
|
|
|
|
|
if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID)
|
|
|
|
|
{
|
|
|
|
|
tsg_set_policy_flow(a_stream, p_result, thread_seq);
|
|
|
|
|
}
|
2020-01-07 13:04:00 +08:00
|
|
|
|
|
|
|
|
return 1;
|
2019-12-11 15:26:08 +08:00
|
|
|
}
|
2020-01-07 13:04:00 +08:00
|
|
|
|
2020-04-30 16:15:53 +08:00
|
|
|
static struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, int thread_seq)
|
2019-12-11 15:26:08 +08:00
|
|
|
{
|
2020-04-16 17:12:30 +08:00
|
|
|
int i=0,ret=0;
|
2020-04-27 17:49:59 +08:00
|
|
|
Maat_rule_t tmp_result;
|
2019-12-11 15:26:08 +08:00
|
|
|
Maat_rule_t *p_result=NULL;
|
2020-04-27 17:49:59 +08:00
|
|
|
Maat_rule_t *q_result=NULL;
|
2020-04-16 17:12:30 +08:00
|
|
|
scan_status_t mid=NULL;
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
if(result==NULL || result_num<=0)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2020-04-27 17:49:59 +08:00
|
|
|
#if 0
|
2020-04-16 17:12:30 +08:00
|
|
|
ret=Maat_rule_sort_by_evaluation_order(g_tsg_maat_feather, result, result_num);
|
|
|
|
|
if(ret!=result_num)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
p_result=&result[0];
|
|
|
|
|
|
2020-04-16 17:12:30 +08:00
|
|
|
if(p_result->action==TSG_ACTION_INTERCEPT && domain!=NULL && domain_len>0)
|
|
|
|
|
{
|
|
|
|
|
ret=Maat_full_scan_string(g_tsg_maat_feather,
|
|
|
|
|
g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI],
|
|
|
|
|
CHARSET_UTF8,
|
|
|
|
|
domain,
|
|
|
|
|
domain_len,
|
2020-04-27 17:49:59 +08:00
|
|
|
&tmp_result,
|
2020-04-16 17:12:30 +08:00
|
|
|
NULL,
|
|
|
|
|
1,
|
|
|
|
|
&mid,
|
|
|
|
|
thread_seq);
|
|
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
p_result=NULL;
|
|
|
|
|
for(i=1; i<result_num; i++)
|
|
|
|
|
{
|
|
|
|
|
if(p_result->action==TSG_ACTION_INTERCEPT)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
p_result=&result[i];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return p_result;
|
2020-04-27 17:49:59 +08:00
|
|
|
#endif
|
2020-04-16 17:12:30 +08:00
|
|
|
|
2020-05-14 18:08:43 +08:00
|
|
|
for(i=0; i<result_num; i++)
|
2019-12-11 15:26:08 +08:00
|
|
|
{
|
2020-05-14 18:08:43 +08:00
|
|
|
if(p_result==NULL)
|
|
|
|
|
{
|
|
|
|
|
p_result=&result[i];
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
if((unsigned char)result[i].action>(unsigned char)p_result->action)
|
|
|
|
|
{
|
2020-05-14 18:08:43 +08:00
|
|
|
if(p_result->action!=TSG_ACTION_INTERCEPT)
|
|
|
|
|
{
|
|
|
|
|
q_result=p_result;
|
|
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
p_result=&result[i];
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2020-04-27 17:49:59 +08:00
|
|
|
|
2020-05-14 18:08:43 +08:00
|
|
|
if((unsigned char)result[i].action<(unsigned char)p_result->action && (unsigned char)result[i].action!=TSG_ACTION_INTERCEPT)
|
|
|
|
|
{
|
2020-04-27 17:49:59 +08:00
|
|
|
q_result=&result[i];
|
|
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
|
|
|
|
|
if(result[i].action==p_result->action)
|
|
|
|
|
{
|
|
|
|
|
if(result[i].config_id>p_result->config_id)
|
|
|
|
|
{
|
|
|
|
|
p_result=&result[i];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-30 16:15:53 +08:00
|
|
|
if(p_result->action==TSG_ACTION_INTERCEPT && identify_info!=NULL && identify_info->domain_len>0)
|
2020-04-27 17:49:59 +08:00
|
|
|
{
|
|
|
|
|
ret=Maat_full_scan_string(g_tsg_maat_feather,
|
|
|
|
|
g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI],
|
|
|
|
|
CHARSET_UTF8,
|
2020-04-30 16:15:53 +08:00
|
|
|
identify_info->domain,
|
|
|
|
|
identify_info->domain_len,
|
2020-04-27 17:49:59 +08:00
|
|
|
&tmp_result,
|
|
|
|
|
NULL,
|
|
|
|
|
1,
|
|
|
|
|
&mid,
|
|
|
|
|
thread_seq);
|
|
|
|
|
|
|
|
|
|
if(ret>0)
|
2020-05-14 18:08:43 +08:00
|
|
|
{
|
2020-04-27 17:49:59 +08:00
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"EXCLUSION_SSL_SNI",
|
2020-05-14 18:08:43 +08:00
|
|
|
"Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s",
|
2020-04-30 16:15:53 +08:00
|
|
|
identify_info->domain,
|
2020-04-27 17:49:59 +08:00
|
|
|
tmp_result.config_id,
|
|
|
|
|
tmp_result.service_id,
|
|
|
|
|
(unsigned char)tmp_result.action,
|
2020-05-14 18:08:43 +08:00
|
|
|
p_result->config_id,
|
|
|
|
|
p_result->service_id,
|
|
|
|
|
(unsigned char)p_result->action,
|
2020-04-27 17:49:59 +08:00
|
|
|
printaddr(&a_stream->addr, thread_seq)
|
|
|
|
|
);
|
2020-04-30 16:15:53 +08:00
|
|
|
|
2020-05-14 18:08:43 +08:00
|
|
|
p_result=q_result;
|
2020-04-30 16:15:53 +08:00
|
|
|
master_send_log(a_stream, &tmp_result, 1, identify_info, thread_seq);
|
2020-04-27 17:49:59 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"EXCLUSION_SSL_SNI",
|
|
|
|
|
"Not hit %s stream_dir: %d addr: %s scan ret: %d",
|
2020-04-30 16:15:53 +08:00
|
|
|
identify_info->domain,
|
2020-04-27 17:49:59 +08:00
|
|
|
a_stream->dir,
|
|
|
|
|
printaddr(&a_stream->addr, thread_seq),
|
|
|
|
|
ret
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
return p_result;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-01 18:20:47 +08:00
|
|
|
static int identify_application_protocol(struct streaminfo *a_stream, struct _identify_info *identify_info, void *a_packet)
|
2020-01-10 17:26:33 +08:00
|
|
|
{
|
|
|
|
|
int ret=0;
|
|
|
|
|
|
|
|
|
|
identify_info->proto = PROTO_UNKONWN;
|
|
|
|
|
//http
|
2020-06-02 10:40:40 +08:00
|
|
|
char *host=NULL;
|
2020-01-10 17:26:33 +08:00
|
|
|
ret=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, DIR_C2S, &host);
|
|
|
|
|
if(ret>=0)
|
|
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_HTTP;
|
|
|
|
|
if(ret==0)
|
|
|
|
|
{
|
|
|
|
|
identify_info->domain_len=0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
identify_info->domain_len=MIN(ret, (int)sizeof(identify_info->domain) - 1);
|
|
|
|
|
strncpy(identify_info->domain, host, identify_info->domain_len);
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//ssl
|
|
|
|
|
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
|
|
|
|
|
struct ssl_chello *chello = NULL;
|
|
|
|
|
|
|
|
|
|
chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
|
|
|
|
|
if(chello_status==CHELLO_PARSE_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_SSL;
|
|
|
|
|
if(chello->sni==NULL)
|
|
|
|
|
{
|
|
|
|
|
identify_info->domain_len = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
identify_info->domain_len = strnlen(chello->sni, sizeof(identify_info->domain) - 1);
|
|
|
|
|
strncpy(identify_info->domain, chello->sni, identify_info->domain_len);
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-16 16:20:35 +08:00
|
|
|
ssl_chello_free(chello);
|
|
|
|
|
return 1;
|
2020-01-10 17:26:33 +08:00
|
|
|
}
|
2020-01-16 16:20:35 +08:00
|
|
|
|
2020-01-10 17:26:33 +08:00
|
|
|
ssl_chello_free(chello);
|
|
|
|
|
|
|
|
|
|
//dns
|
|
|
|
|
struct stream_tuple4_v4 *tpl4 = NULL;
|
|
|
|
|
struct stream_tuple4_v6 *tpl6 = NULL;
|
|
|
|
|
|
|
|
|
|
switch(a_stream->addr.addrtype)
|
|
|
|
|
{
|
|
|
|
|
case ADDR_TYPE_IPV4:
|
|
|
|
|
tpl4=a_stream->addr.tuple4_v4;
|
|
|
|
|
if((ntohs(tpl4->source)==53) || (ntohs(tpl4->dest)==53))
|
|
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_DNS;
|
2020-01-16 16:20:35 +08:00
|
|
|
return 1;
|
2020-01-10 17:26:33 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ADDR_TYPE_IPV6:
|
|
|
|
|
tpl6=a_stream->addr.tuple4_v6;
|
|
|
|
|
if((ntohs(tpl6->source)==53) || (ntohs(tpl6->dest)==53))
|
|
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_DNS;
|
2020-01-16 16:20:35 +08:00
|
|
|
return 1;
|
2020-01-10 17:26:33 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-01-16 16:20:35 +08:00
|
|
|
|
|
|
|
|
//ftp
|
|
|
|
|
ret=ftp_control_identify(a_stream);
|
|
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_FTP;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//mail
|
2020-03-23 11:41:04 +08:00
|
|
|
|
|
|
|
|
ret=mail_protocol_identify(a_stream);
|
|
|
|
|
if(ret>=SMTP_PROTOCOL&& ret<=IMAP_PROTOCOL)
|
|
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_MAIL;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2020-06-01 18:20:47 +08:00
|
|
|
|
|
|
|
|
//quic
|
2020-06-03 15:56:03 +08:00
|
|
|
ret=quic_protocol_identify(a_stream, a_packet, identify_info->domain, sizeof(identify_info->domain));
|
|
|
|
|
if(ret>0)
|
2020-06-01 18:20:47 +08:00
|
|
|
{
|
|
|
|
|
identify_info->proto=PROTO_QUIC;
|
2020-06-03 15:56:03 +08:00
|
|
|
identify_info->domain_len=ret;
|
|
|
|
|
return 1;
|
2020-06-01 18:20:47 +08:00
|
|
|
}
|
|
|
|
|
|
2020-01-10 17:26:33 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
|
|
|
|
|
{
|
|
|
|
|
int ret=0,hit_num=0;
|
2020-03-30 16:20:02 +08:00
|
|
|
struct timespec tv;
|
2020-01-19 16:38:10 +08:00
|
|
|
int state=APP_STATE_GIVEME;
|
2019-12-11 15:26:08 +08:00
|
|
|
scan_status_t mid=NULL;
|
|
|
|
|
Maat_rule_t *p_result=NULL;
|
2020-05-14 18:08:43 +08:00
|
|
|
//Maat_rule_t *q_result=NULL;
|
2019-12-11 15:26:08 +08:00
|
|
|
struct _identify_info identify_info;
|
|
|
|
|
Maat_rule_t all_result[MAX_RESULT_NUM];
|
2020-01-19 15:53:02 +08:00
|
|
|
policy_priority_label_t *priority_label=NULL;
|
2020-01-07 13:04:00 +08:00
|
|
|
struct _master_context *_context=(struct _master_context *)*pme;
|
2020-05-14 15:52:54 +08:00
|
|
|
struct _internal_label *internal_label=NULL;
|
2019-12-11 15:26:08 +08:00
|
|
|
switch(a_tcp->opstate)
|
|
|
|
|
{
|
|
|
|
|
case OP_STATE_PENDING:
|
|
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1);
|
|
|
|
|
|
2020-01-10 17:26:33 +08:00
|
|
|
memset(&identify_info, 0, sizeof(identify_info));
|
2020-06-01 18:20:47 +08:00
|
|
|
identify_application_protocol(a_tcp, &identify_info, a_packet);
|
2020-06-09 10:20:47 +08:00
|
|
|
|
|
|
|
|
internal_label=(struct _internal_label *)dictator_malloc(1, sizeof(struct _internal_label));
|
|
|
|
|
memset(internal_label, 0, sizeof(struct _internal_label));
|
|
|
|
|
internal_label->proto=identify_info.proto;
|
|
|
|
|
|
2020-03-23 11:41:04 +08:00
|
|
|
if(identify_info.proto==PROTO_HTTP)
|
|
|
|
|
{
|
2020-03-30 16:20:02 +08:00
|
|
|
clock_gettime(CLOCK_REALTIME, &tv);
|
2020-05-14 15:52:54 +08:00
|
|
|
internal_label->establish_latency_ms=(tv.tv_sec-a_tcp->ptcpdetail->createtime)*1000+tv.tv_nsec/1000/1000;
|
2020-06-09 10:20:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret=project_req_add_struct(a_tcp, g_tsg_para.internal_project_id, (const void *)internal_label);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_FATAL,
|
|
|
|
|
"PROJECT_ADD",
|
|
|
|
|
"Add internal_label failed, establish latency ms: %llu proto: %d addr: %s",
|
|
|
|
|
internal_label->establish_latency_ms,
|
|
|
|
|
internal_label->proto,
|
|
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"PROJECT_ADD",
|
|
|
|
|
"Add internal_label successfully, establish latency ms: %llu proto: %d addr: %s",
|
|
|
|
|
internal_label->establish_latency_ms,
|
|
|
|
|
internal_label->proto,
|
|
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
2020-03-23 11:41:04 +08:00
|
|
|
}
|
2020-01-10 17:26:33 +08:00
|
|
|
|
|
|
|
|
ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, identify_info.proto, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num);
|
2019-12-11 15:26:08 +08:00
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
hit_num+=ret;
|
2020-05-14 18:08:43 +08:00
|
|
|
//q_result=tsg_policy_decision_criteria(a_tcp, all_result, hit_num, NULL, thread_seq);
|
2020-01-16 16:20:35 +08:00
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
|
2019-12-11 15:26:08 +08:00
|
|
|
}
|
|
|
|
|
|
2020-01-10 17:26:33 +08:00
|
|
|
ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq);
|
2019-12-11 15:26:08 +08:00
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"SCAN_FQDN",
|
|
|
|
|
"Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
|
|
|
|
|
(identify_info.proto==PROTO_HTTP) ? "host" : "sni",
|
|
|
|
|
identify_info.domain,
|
|
|
|
|
all_result[hit_num].config_id,
|
|
|
|
|
all_result[hit_num].service_id,
|
2020-01-19 15:53:02 +08:00
|
|
|
(unsigned char)all_result[hit_num].action,
|
2019-12-11 15:26:08 +08:00
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
hit_num+=ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"SCAN_FQDN",
|
|
|
|
|
"Not hit %s: %s stream_dir: %d addr: %s",
|
|
|
|
|
(ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"),
|
|
|
|
|
(ret==-1) ? "NULL" : identify_info.domain,
|
|
|
|
|
a_tcp->dir,
|
|
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
}
|
2020-01-19 17:06:02 +08:00
|
|
|
|
|
|
|
|
if(mid!=NULL)
|
|
|
|
|
{
|
|
|
|
|
Maat_clean_status(&mid);
|
|
|
|
|
mid=NULL;
|
|
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2020-04-30 16:15:53 +08:00
|
|
|
p_result=tsg_policy_decision_criteria(a_tcp, all_result, hit_num, &identify_info, thread_seq);
|
2019-12-11 15:26:08 +08:00
|
|
|
|
|
|
|
|
if(p_result!=NULL)
|
2020-01-17 16:06:21 +08:00
|
|
|
{
|
2019-12-11 15:26:08 +08:00
|
|
|
switch((unsigned char)p_result->action)
|
|
|
|
|
{
|
|
|
|
|
case TSG_ACTION_DENY:
|
2020-06-05 16:53:25 +08:00
|
|
|
/* support block/alert(deny), Do action in fw_http_plug */
|
2019-12-11 15:26:08 +08:00
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_MONITOR:
|
|
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_BYPASS:
|
2020-01-19 15:53:02 +08:00
|
|
|
init_context(pme, identify_info.proto, p_result, thread_seq);
|
2020-03-23 11:41:04 +08:00
|
|
|
if(identify_info.proto>PROTO_UNKONWN && identify_info.proto<PROTO_MAX)
|
|
|
|
|
{
|
|
|
|
|
_context=(struct _master_context *)*pme;
|
|
|
|
|
memcpy(_context->domain, identify_info.domain, identify_info.domain_len);
|
|
|
|
|
_context->domain_len=identify_info.domain_len;
|
|
|
|
|
}
|
2020-04-27 17:49:59 +08:00
|
|
|
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"ALLOW",
|
|
|
|
|
"Hit allow policy, policy_id: %d service: %d action: %d addr: %s",
|
|
|
|
|
p_result[0].config_id,
|
|
|
|
|
p_result[0].service_id,
|
|
|
|
|
(unsigned char)p_result[0].action,
|
|
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
|
2020-01-07 13:04:00 +08:00
|
|
|
state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
|
2019-12-11 15:26:08 +08:00
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
|
|
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_INTERCEPT:
|
|
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
|
2020-01-07 13:04:00 +08:00
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t));
|
|
|
|
|
|
|
|
|
|
priority_label->result_num=1;
|
|
|
|
|
priority_label->result_type=PULL_KNI_RESULT;
|
|
|
|
|
priority_label->proto=identify_info.proto;
|
|
|
|
|
priority_label->domain_len=identify_info.domain_len;
|
|
|
|
|
memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len);
|
|
|
|
|
memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
|
|
|
|
|
|
|
|
|
|
ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
free_policy_label(thread_seq, (void *)priority_label);
|
2020-01-19 15:53:02 +08:00
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_FATAL,
|
|
|
|
|
"PROJECT_ADD",
|
|
|
|
|
"Add policy_priority_label failed, intercept policy, policy_id: %d action: %d addr: %s",
|
|
|
|
|
priority_label->result[0].config_id,
|
|
|
|
|
(unsigned char)priority_label->result[0].action,
|
|
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
2019-12-11 15:26:08 +08:00
|
|
|
}
|
|
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"INTERCEPT",
|
|
|
|
|
"Hit intercept policy, policy_id: %d action: %d addr: %s",
|
|
|
|
|
priority_label->result[0].config_id,
|
|
|
|
|
(unsigned char)priority_label->result[0].action,
|
|
|
|
|
printaddr(&a_tcp->addr, thread_seq)
|
|
|
|
|
);
|
2020-04-27 17:49:59 +08:00
|
|
|
return APP_STATE_DROPME|APP_STATE_KILL_OTHER;
|
2019-12-11 15:26:08 +08:00
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_NONE:
|
|
|
|
|
default:
|
2020-01-19 17:06:02 +08:00
|
|
|
return APP_STATE_DROPME;
|
2019-12-11 15:26:08 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-01-16 16:20:35 +08:00
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
break;
|
2019-12-11 15:26:08 +08:00
|
|
|
case OP_STATE_DATA:
|
2020-01-19 15:53:02 +08:00
|
|
|
break;
|
2019-12-11 15:26:08 +08:00
|
|
|
case OP_STATE_CLOSE:
|
2020-01-07 13:04:00 +08:00
|
|
|
if(_context!=NULL)
|
|
|
|
|
{
|
|
|
|
|
if(_context->hit_cnt>0 && _context->result!=NULL)
|
|
|
|
|
{
|
2020-01-17 16:06:21 +08:00
|
|
|
memset(&identify_info, 0, sizeof(identify_info));
|
|
|
|
|
identify_info.proto=_context->proto;
|
2020-03-23 11:41:04 +08:00
|
|
|
if(_context->domain_len>0)
|
|
|
|
|
{
|
|
|
|
|
memcpy(identify_info.domain, _context->domain, _context->domain_len);
|
|
|
|
|
identify_info.domain_len=_context->domain_len;
|
|
|
|
|
}
|
2020-01-17 16:06:21 +08:00
|
|
|
master_send_log(a_tcp, _context->result, _context->hit_cnt, &identify_info, thread_seq);
|
2020-01-19 15:53:02 +08:00
|
|
|
free_context(pme, thread_seq);
|
2020-01-07 13:04:00 +08:00
|
|
|
}
|
|
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return state;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet)
|
|
|
|
|
{
|
2020-06-02 09:57:26 +08:00
|
|
|
int ret=0;
|
2020-06-01 18:20:47 +08:00
|
|
|
int hit_num=0;
|
2020-01-19 15:53:02 +08:00
|
|
|
scan_status_t mid=NULL;
|
2020-01-19 17:06:02 +08:00
|
|
|
int state=APP_STATE_GIVEME;
|
2020-01-19 15:53:02 +08:00
|
|
|
Maat_rule_t *p_result=NULL;
|
2020-06-01 18:20:47 +08:00
|
|
|
Maat_rule_t result[MAX_RESULT_NUM]={0};
|
2020-01-19 15:53:02 +08:00
|
|
|
struct _identify_info identify_info;
|
|
|
|
|
struct _master_context *_context=(struct _master_context *)*pme;
|
2020-06-09 10:20:47 +08:00
|
|
|
struct _internal_label *internal_label=NULL;
|
2019-12-11 15:26:08 +08:00
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
switch(a_udp->opstate)
|
|
|
|
|
{
|
|
|
|
|
case OP_STATE_PENDING:
|
|
|
|
|
memset(&identify_info, 0, sizeof(identify_info));
|
2020-06-01 18:20:47 +08:00
|
|
|
identify_application_protocol(a_udp, &identify_info, a_packet);
|
2020-01-19 15:53:02 +08:00
|
|
|
|
2020-06-09 10:20:47 +08:00
|
|
|
internal_label=(struct _internal_label *)dictator_malloc(1, sizeof(struct _internal_label));
|
|
|
|
|
memset(internal_label, 0, sizeof(struct _internal_label));
|
|
|
|
|
internal_label->proto=identify_info.proto;
|
|
|
|
|
|
|
|
|
|
ret=project_req_add_struct(a_udp, g_tsg_para.internal_project_id, (const void *)internal_label);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_FATAL,
|
|
|
|
|
"PROJECT_ADD",
|
|
|
|
|
"Add internal_label failed, proto: %d addr: %s",
|
|
|
|
|
internal_label->proto,
|
|
|
|
|
printaddr(&a_udp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"PROJECT_ADD",
|
|
|
|
|
"Add internal_label successfully, proto: %d addr: %s",
|
|
|
|
|
internal_label->proto,
|
|
|
|
|
printaddr(&a_udp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_udp, identify_info.proto, &mid, result, MAX_RESULT_NUM);
|
2020-06-01 18:20:47 +08:00
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
hit_num+=ret;
|
|
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
|
|
|
|
|
}
|
2020-01-19 17:06:02 +08:00
|
|
|
|
2020-06-01 19:25:10 +08:00
|
|
|
if(PROTO_QUIC==identify_info.proto)
|
2020-06-01 18:20:47 +08:00
|
|
|
{
|
2020-06-01 19:25:10 +08:00
|
|
|
ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq);
|
|
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
2020-06-03 15:56:03 +08:00
|
|
|
"SCAN_QUIC_SNI",
|
2020-06-01 19:25:10 +08:00
|
|
|
"Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
|
|
|
|
|
"QUIC SNI",
|
|
|
|
|
identify_info.domain,
|
|
|
|
|
result[hit_num].config_id,
|
|
|
|
|
result[hit_num].service_id,
|
|
|
|
|
(unsigned char)result[hit_num].action,
|
|
|
|
|
printaddr(&a_udp->addr, thread_seq)
|
|
|
|
|
);
|
2020-06-01 18:20:47 +08:00
|
|
|
|
2020-06-01 19:25:10 +08:00
|
|
|
hit_num+=ret;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
2020-06-03 15:56:03 +08:00
|
|
|
"SCAN_QUIC_SNI",
|
2020-06-01 19:25:10 +08:00
|
|
|
"Not hit %s: %s stream_dir: %d addr: %s",
|
2020-06-03 15:56:03 +08:00
|
|
|
"QUIC SNI",
|
|
|
|
|
identify_info.domain,
|
2020-06-01 19:25:10 +08:00
|
|
|
a_udp->dir,
|
|
|
|
|
printaddr(&a_udp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
}
|
2020-06-01 18:20:47 +08:00
|
|
|
}
|
|
|
|
|
|
2020-01-19 17:06:02 +08:00
|
|
|
if(mid!=NULL)
|
|
|
|
|
{
|
|
|
|
|
Maat_clean_status(&mid);
|
|
|
|
|
mid=NULL;
|
|
|
|
|
}
|
2020-06-01 18:20:47 +08:00
|
|
|
|
2020-06-01 19:25:10 +08:00
|
|
|
p_result=tsg_policy_decision_criteria(a_udp, result, hit_num, NULL, thread_seq);
|
2020-01-19 15:53:02 +08:00
|
|
|
if(p_result!=NULL)
|
|
|
|
|
{
|
|
|
|
|
switch((unsigned char)p_result->action)
|
|
|
|
|
{
|
|
|
|
|
case TSG_ACTION_DENY:
|
|
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_BYPASS:
|
|
|
|
|
init_context(pme, identify_info.proto, p_result, thread_seq);
|
2020-06-02 09:57:26 +08:00
|
|
|
if(identify_info.proto>PROTO_UNKONWN && identify_info.proto<PROTO_MAX)
|
|
|
|
|
{
|
|
|
|
|
_context=(struct _master_context *)*pme;
|
|
|
|
|
memcpy(_context->domain, identify_info.domain, identify_info.domain_len);
|
|
|
|
|
_context->domain_len=identify_info.domain_len;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-19 15:53:02 +08:00
|
|
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
|
2020-06-02 09:57:26 +08:00
|
|
|
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_DEBUG,
|
|
|
|
|
"ALLOW",
|
|
|
|
|
"Hit allow policy, policy_id: %d service: %d action: %d addr: %s",
|
|
|
|
|
p_result[0].config_id,
|
|
|
|
|
p_result[0].service_id,
|
|
|
|
|
(unsigned char)p_result[0].action,
|
|
|
|
|
printaddr(&a_udp->addr, thread_seq)
|
|
|
|
|
);
|
|
|
|
|
|
2020-01-19 17:06:02 +08:00
|
|
|
state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
|
2020-01-19 15:53:02 +08:00
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_MONITOR:
|
|
|
|
|
break;
|
|
|
|
|
case TSG_ACTION_INTERCEPT:
|
|
|
|
|
case TSG_ACTION_MANIPULATE:
|
|
|
|
|
default:
|
2020-01-19 17:06:02 +08:00
|
|
|
return APP_STATE_DROPME;
|
2020-01-19 15:53:02 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case OP_STATE_DATA:
|
|
|
|
|
break;
|
|
|
|
|
case OP_STATE_CLOSE:
|
|
|
|
|
if(_context!=NULL)
|
|
|
|
|
{
|
|
|
|
|
if(_context->hit_cnt>0 && _context->result!=NULL)
|
|
|
|
|
{
|
|
|
|
|
memset(&identify_info, 0, sizeof(identify_info));
|
|
|
|
|
identify_info.proto=_context->proto;
|
2020-06-02 09:57:26 +08:00
|
|
|
if(_context->domain_len>0)
|
|
|
|
|
{
|
|
|
|
|
memcpy(identify_info.domain, _context->domain, _context->domain_len);
|
|
|
|
|
identify_info.domain_len=_context->domain_len;
|
|
|
|
|
}
|
2020-01-19 15:53:02 +08:00
|
|
|
|
|
|
|
|
master_send_log(a_udp, _context->result, _context->hit_cnt, &identify_info, thread_seq);
|
|
|
|
|
free_context(pme, thread_seq);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return state;
|
|
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
|
|
|
|
|
extern "C" int TSG_MASTER_INIT()
|
|
|
|
|
{
|
|
|
|
|
int i=0,ret=0,cycle=0;
|
|
|
|
|
int value=0,level=30;
|
|
|
|
|
unsigned short fs_server_port=0;
|
|
|
|
|
char app_name[MAX_STRING_LEN]={0};
|
|
|
|
|
char log_path[MAX_STRING_LEN*4]={0};
|
|
|
|
|
char label_buff[MAX_STRING_LEN*4]={0};
|
|
|
|
|
char fs_server_ip[MAX_IPV4_LEN]={0};
|
|
|
|
|
char fs_output_path[MAX_STRING_LEN*4]={0};
|
2020-05-22 09:51:28 +08:00
|
|
|
char device_sn_filename[MAX_STRING_LEN]={0};
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
memset(&g_tsg_para, 0, sizeof(g_tsg_para));
|
|
|
|
|
|
|
|
|
|
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30);
|
2020-01-17 16:06:21 +08:00
|
|
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), "tsglog/tsg_master");
|
2019-12-11 15:26:08 +08:00
|
|
|
|
|
|
|
|
g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level);
|
|
|
|
|
if(g_tsg_para.logger==NULL)
|
|
|
|
|
{
|
|
|
|
|
printf("MESA_create_runtime_log_handle failed ...\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0);
|
2020-01-19 15:53:02 +08:00
|
|
|
MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
|
2020-05-22 09:51:28 +08:00
|
|
|
|
|
|
|
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json");
|
|
|
|
|
ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn));
|
|
|
|
|
if(ret==0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename);
|
|
|
|
|
}
|
2020-06-03 17:45:11 +08:00
|
|
|
|
|
|
|
|
ret=tsg_set_device_id_to_telegraf(g_tsg_para.device_sn);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf");
|
|
|
|
|
}
|
2020-05-22 09:51:28 +08:00
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY");
|
|
|
|
|
g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label);
|
|
|
|
|
if(g_tsg_para.priority_project_id<0)
|
|
|
|
|
{
|
2020-04-27 17:49:59 +08:00
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_FATAL,
|
|
|
|
|
"PROJECT_REGISTER",
|
|
|
|
|
"Register %s failed; please check :%s and add <POLICY_PRIORITY struct>",
|
|
|
|
|
label_buff,
|
|
|
|
|
"etc/project_list.conf"
|
|
|
|
|
);
|
2019-12-11 15:26:08 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-14 15:52:54 +08:00
|
|
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL");
|
|
|
|
|
g_tsg_para.internal_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_internal_label);
|
|
|
|
|
if(g_tsg_para.internal_project_id<0)
|
2020-03-23 11:41:04 +08:00
|
|
|
{
|
2020-04-27 17:49:59 +08:00
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger,
|
|
|
|
|
RLOG_LV_FATAL,
|
|
|
|
|
"PROJECT_REGISTER",
|
2020-05-14 15:52:54 +08:00
|
|
|
"Register %s failed; please check :%s and add <TSG_MASTER_INTERNAL_LABEL struct>",
|
2020-04-27 17:49:59 +08:00
|
|
|
label_buff,
|
|
|
|
|
"etc/project_list.conf"
|
|
|
|
|
);
|
2020-03-23 11:41:04 +08:00
|
|
|
}
|
|
|
|
|
|
2019-12-11 15:26:08 +08:00
|
|
|
ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ...");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
g_tsg_log_instance=tsg_sendlog_init(tsg_conffile);
|
|
|
|
|
if(g_tsg_log_instance==NULL)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ...");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2020-05-14 15:52:54 +08:00
|
|
|
g_tsg_log_instance->internal_project_id=g_tsg_para.internal_project_id;
|
2019-12-11 15:26:08 +08:00
|
|
|
|
|
|
|
|
MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30);
|
|
|
|
|
MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port));
|
|
|
|
|
MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
|
|
|
|
|
MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log");
|
|
|
|
|
MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master");
|
|
|
|
|
|
|
|
|
|
g_tsg_para.fs2_handle=FS_create_handle();
|
|
|
|
|
|
|
|
|
|
value=1;//Rewrite
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value));
|
|
|
|
|
value=1;//Do not create stat thread
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value));
|
|
|
|
|
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle));
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
|
|
|
|
|
|
|
|
|
|
if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
|
|
|
|
|
{
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1);
|
|
|
|
|
FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for(i=0; i<TSG_FS2_MAX; i++)
|
|
|
|
|
{
|
|
|
|
|
g_tsg_para.fs2_field_id[g_tsg_fs2_field[i].id]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_CURRENT, g_tsg_fs2_field[i].name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FS_start(g_tsg_para.fs2_handle);
|
2019-12-20 11:15:29 +08:00
|
|
|
|
|
|
|
|
ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ...");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2019-12-11 15:26:08 +08:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
extern "C" int TSG_MASTER_UNLOAD()
|
|
|
|
|
{
|
2020-01-17 18:48:23 +08:00
|
|
|
sleep(5);
|
2019-12-11 15:26:08 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
