diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp index c6bf121..cc53eec 100644 --- a/src/tsg_bridge.cpp +++ b/src/tsg_bridge.cpp @@ -172,11 +172,35 @@ void session_segment_id_free(const struct streaminfo *a_stream, int bridge_id, v void session_gather_app_results_free(const struct streaminfo *a_stream, int bridge_id, void *data) { - if(data!=NULL) + if(data==NULL) { - dictator_free(a_stream->threadnum, data); - data=NULL; + return ; } + + struct gather_app_result *gather_result=(struct gather_app_result *)data; + + if(gather_result->built_in!=NULL) + { + dictator_free(a_stream->threadnum, (void *)gather_result->built_in); + } + + if(gather_result->l7_protocol!=NULL) + { + dictator_free(a_stream->threadnum, (void *)gather_result->l7_protocol); + } + + if(gather_result->qm_engine!=NULL) + { + dictator_free(a_stream->threadnum, (void *)gather_result->qm_engine); + } + + if(gather_result->user_define!=NULL) + { + dictator_free(a_stream->threadnum, (void *)gather_result->user_define); + } + + dictator_free(a_stream->threadnum, data); + data=NULL; } void session_runtime_attribute_free(const struct streaminfo *a_stream, int bridge_id, void *data) @@ -640,7 +664,7 @@ int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int return 1; } -int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int hited_app_id, int thread_seq) +int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int matched_app_id, int thread_seq) { struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream); if(srt_action_context==NULL) @@ -650,7 +674,7 @@ int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int session_runtime_action_context_async(a_stream, (void *)srt_action_context); } - srt_action_context->hited_para.hited_app_id=hited_app_id; + srt_action_context->hited_para.matched_app_id=matched_app_id; return 1; } diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h index 0fcb271..231be3a 100644 --- a/src/tsg_bridge.h +++ b/src/tsg_bridge.h @@ -53,14 +53,25 @@ struct app_attributes struct gather_app_result { - int app_num; - enum APP_IDENTIFY_ORIGIN origin; - struct app_attributes attributes[MAX_APP_ID_NUM]; + char qm_engine_num; + char l7_qm_engine_num; + char l7_protocol_num; + char user_define_num; + char built_in_num; + char unknown_flag; + char matched_app_flag; + char padding; + struct app_attributes unknown; + struct app_attributes matched_app; + struct app_attributes *built_in; + struct app_attributes *l7_protocol; + struct app_attributes *qm_engine; + struct app_attributes *user_define; }; struct hited_app_para { - int hited_app_id; + int matched_app_id; int after_n_packets; }; @@ -74,7 +85,7 @@ struct session_runtime_process_context unsigned char first_origin_pkt; unsigned short timeout; enum TSG_PROTOCOL proto; - int hited_app_id; // only app + int matched_app_id; // only app unsigned int quic_version; unsigned long session_flag; union @@ -197,7 +208,7 @@ int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, stru int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq); int srt_action_context_set_rule_method(const struct streaminfo * a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq); int srt_action_context_set_after_n_packet(const struct streaminfo * a_stream, int after_n_packets, int thread_seq); -int srt_action_context_set_hitted_app_id(const struct streaminfo * a_stream, int hited_app_id, int thread_seq); +int srt_action_context_set_hitted_app_id(const struct streaminfo * a_stream, int matched_app_id, int thread_seq); const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream); char srt_action_context_get_direction(const struct session_runtime_action_context *srt_action_context); diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 5bbd0f0..3c6330e 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -609,21 +609,6 @@ int device_id_set_telegraf(char *device_sn) return -1; } -int app_gather_results_update(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence) -{ - gather_result->app_num=0; - for(int i=0; (i < identify_result->app_id_num) && iapp_num < MAX_APP_ID_NUM); i++) - { - gather_result->origin=identify_result->origin; - gather_result->attributes[i].app_id=identify_result->app_id[i]; - gather_result->attributes[i].surrogate_id=identify_result->surrogate_id[i]; - gather_result->attributes[i].packet_sequence=packet_sequence; - gather_result->app_num++; - } - - return 0; -} - static int l7_protocol_mapper_init(const char *conffile) { FILE *fp=NULL; @@ -650,12 +635,11 @@ static int l7_protocol_mapper_init(const char *conffile) continue; } - protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol)); - int ret=sscanf(line, "%31s %31s %d", type_name, protocol->name, &protocol->id); - assert(ret==3); + protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol)); + sscanf(line, "%31s %31s %d", type_name, protocol->name, &protocol->id); - HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol); - HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol); + HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol); + HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol); memset(line, 0, sizeof(line)); } @@ -699,50 +683,37 @@ static int srt_process_context_set_l7_protocol(struct session_runtime_process_co L7(null), appSketch(null), Thrid(null) = unknown */ -static int session_qm_result_l7_protocol_split(struct gather_app_result *qm_result, struct gather_app_result *qm_l7_result) +static int session_qm_result_l7_protocol_split(struct gather_app_result *gather_result) { int i=0; - for(i=qm_result->app_num; i>0; i--) + for(i=gather_result->qm_engine_num; i>0; i--) { - if(tsg_l7_protocol_id2name(qm_result->attributes[i-1].app_id)) + if(tsg_l7_protocol_id2name(gather_result->qm_engine[i-1].app_id)) { break; } } - qm_l7_result->app_num=i; - qm_l7_result->origin=ORIGIN_QM_ENGINE_L7; - memcpy(qm_l7_result->attributes, qm_result->attributes, sizeof(struct app_attributes)*i); - + gather_result->l7_qm_engine_num=i; return 0; } -static unsigned int get_max_app_id(struct gather_app_result *result) +static unsigned int get_max_app_id(struct app_attributes *result, int result_num) { int i=0; unsigned int max_app_id=0; - for(i=0; i< result->app_num; i++) + for(i=0; i< result_num; i++) { - if(max_app_id < result->attributes[i].app_id) + if(max_app_id < result->app_id) { - max_app_id=result->attributes[i].app_id; + max_app_id=result->app_id; } } return max_app_id; } -static unsigned int get_lastest_app_id(struct gather_app_result *result) -{ - if(result->app_num>0) - { - return result->attributes[result->app_num-1].app_id; - } - - return 0; -} - /* ** Engine1 1.2 Engine2 1 -> 1.2 ** Engine1 1.2 Engine2 1.3 -> 1.2 @@ -764,55 +735,51 @@ static int copy_app_id(struct app_attributes *result, int result_num, unsigned i } #define COMBINED_APP_ID_NUM MAX_APP_ID_NUM*2 -int session_application_full_path_combine(struct gather_app_result *result, char *out_full_path, int out_full_path_len) +int session_application_full_path_combine(struct gather_app_result *gather_result, char *out_full_path, int out_full_path_len) { int offset=0,combined_num=0; unsigned int combined_array[COMBINED_APP_ID_NUM]={0}; - if(result[ORIGIN_BASIC_PROTOCOL].app_num>0) + if(gather_result->l7_protocol_num>0) { - combined_num+=copy_app_id(result[ORIGIN_BASIC_PROTOCOL].attributes, result[ORIGIN_BASIC_PROTOCOL].app_num, combined_array, COMBINED_APP_ID_NUM); + combined_num+=copy_app_id(gather_result->l7_protocol, gather_result->l7_protocol_num, combined_array, COMBINED_APP_ID_NUM); } else { - combined_num+=copy_app_id(result[ORIGIN_QM_ENGINE_L7].attributes, result[ORIGIN_QM_ENGINE_L7].app_num, combined_array, COMBINED_APP_ID_NUM); + combined_num+=copy_app_id(gather_result->qm_engine, gather_result->l7_protocol_num, combined_array, COMBINED_APP_ID_NUM); } - if(result[ORIGIN_HITED_APP].app_num > 0) + if(gather_result->matched_app_flag > 0) { - combined_array[combined_num]=get_lastest_app_id(&(result[ORIGIN_HITED_APP])); - combined_num+=1; + combined_array[combined_num++]=gather_result->matched_app.app_id; } - else if(result[ORIGIN_USER_DEFINE].app_num>0) + else if(gather_result->user_define_num>0) { if(combined_numuser_define, gather_result->user_define_num); combined_num+=1; } } - else if(result[ORIGIN_BUILT_IN].app_num>0) + else if(gather_result->built_in_num>0) { - combined_num+=copy_app_id(result[ORIGIN_BUILT_IN].attributes, result[ORIGIN_BUILT_IN].app_num, combined_array+combined_num, COMBINED_APP_ID_NUM-combined_num); + combined_num+=copy_app_id(gather_result->built_in, gather_result->built_in_num, combined_array+combined_num, COMBINED_APP_ID_NUM-combined_num); } - else if(result[ORIGIN_QM_ENGINE].app_num-result[ORIGIN_QM_ENGINE_L7].app_num > 0) + else if(gather_result->qm_engine_num-gather_result->l7_protocol_num > 0) { - combined_num+=copy_app_id( result[ORIGIN_QM_ENGINE].attributes + result[ORIGIN_QM_ENGINE_L7].app_num, - result[ORIGIN_QM_ENGINE].app_num - result[ORIGIN_QM_ENGINE_L7].app_num, + combined_num+=copy_app_id( gather_result->qm_engine + gather_result->l7_protocol_num, + gather_result->qm_engine_num - gather_result->l7_protocol_num, combined_array+combined_num, COMBINED_APP_ID_NUM-combined_num ); } - - if(combined_num==0) + else if(gather_result->unknown_flag>0) { - offset=tsg_get_app_name_by_id(g_tsg_maat_feather, result[ORIGIN_UNKNOWN].attributes[0].app_id, out_full_path, out_full_path_len, 0); - if(offset>0) - { - return offset; - } - - return 0; + combined_array[combined_num++]=gather_result->unknown.app_id; + } + else + { + // FATAL LOG } for(int i=0; ithreadnum, sizeof(struct gather_app_result)*ORIGIN_MAX); - memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX); + gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); + memset(gather_result, 0, sizeof(struct gather_app_result)); session_gather_app_results_async(a_stream, (void *)gather_result); } - if(gather_result[ORIGIN_BASIC_PROTOCOL].app_num>0) + if(gather_result->l7_protocol_num>0) { return 0; } @@ -1131,17 +1098,17 @@ static int session_app_gather_results_set_l7_protocol(const struct streaminfo *a int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); if(app_id>0) { - gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1; - gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; - gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=app_id; - gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id=0; - gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence=get_packet_sequence(a_stream); + gather_result->l7_protocol_num=1; + gather_result->l7_protocol=(struct app_attributes *)dictator_malloc(a_stream->threadnum, sizeof(struct app_attributes)); + gather_result->l7_protocol->app_id=app_id; + gather_result->l7_protocol->surrogate_id=0; + gather_result->l7_protocol->packet_sequence=get_packet_sequence(a_stream); } return 0; } -int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_stream, unsigned int hited_app_id) +int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_stream, unsigned int matched_app_id) { struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); if(gather_result==NULL) @@ -1149,10 +1116,9 @@ int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_ return 0; } - gather_result[ORIGIN_HITED_APP].app_num=1; - gather_result[ORIGIN_HITED_APP].origin=ORIGIN_HITED_APP; - gather_result[ORIGIN_HITED_APP].attributes[0].app_id=hited_app_id; - gather_result[ORIGIN_HITED_APP].attributes[0].surrogate_id=0; + gather_result->matched_app_flag=1; + gather_result->matched_app.app_id=matched_app_id; + gather_result->matched_app.surrogate_id=0; return 1; } @@ -1720,37 +1686,37 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi } -static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *results, size_t n_result) +static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *matched_rules, size_t n_matched_rules) { struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream); if(srt_attribute!=NULL && domain!=NULL && table_idx>=0) { srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM); - return tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids, table_idx, s_mid, results, n_result); + return tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids, table_idx, s_mid, matched_rules, n_matched_rules); } return 0; } -size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, struct maat_rule *results, size_t n_results, struct session_runtime_process_context *srt_process_context, struct gather_app_result *identify_result, int thread_seq) +size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, struct maat_rule *matched_rules, size_t n_matched_rules, struct session_runtime_process_context *srt_process_context, struct app_attributes *app_attribute, char app_attribute_num, APP_IDENTIFY_ORIGIN origin, int thread_seq) { - size_t hit_num=0; - int hited_app_id=0; + size_t matched_cnt=0; int after_n_packets=0; + unsigned int matched_app_id=0; struct maat_rule *p_result, *d_result=NULL; - for(int i=0; i< identify_result->app_num; i++) + for(int i=0; i< app_attribute_num; i++) { - struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)identify_result->attributes[i].app_id); + struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)app_attribute[i].app_id); if(dict!=NULL) { - hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->risk, (char *)"risk", (srt_process_context->mid), results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->category, (char *)"category", (srt_process_context->mid), results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->technology, (char *)"technology", (srt_process_context->mid), results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->subcategory, (char *)"subcategory", (srt_process_context->mid), results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->characteristics, (char *)"characteristics", (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->risk, (char *)"risk", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->category, (char *)"category", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->technology, (char *)"technology", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->subcategory, (char *)"subcategory", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->characteristics, (char *)"characteristics", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); - hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, identify_result->attributes[i].app_id, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, app_attribute[i].app_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); after_n_packets=dict->deny_app_para.after_n_packets; set_app_timeout(a_stream, dict, &(srt_process_context->timeout)); @@ -1759,48 +1725,70 @@ size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, str } else { - hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, identify_result->attributes[i].app_id, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, app_attribute[i].app_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); } - p_result=tsg_select_deny_rule(results, hit_num); + p_result=tsg_select_deny_rule(matched_rules, matched_cnt); if(d_result==NULL) { d_result=p_result; - hited_app_id=identify_result->attributes[i].app_id; + matched_app_id=app_attribute[i].app_id; continue; } if(d_result->rule_id!=p_result->rule_id) { d_result=p_result; - hited_app_id=identify_result->attributes[i].app_id; + matched_app_id=app_attribute[i].app_id; } } - if(hit_num>0) + if(matched_cnt>0) { - if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL) + if(origin!=ORIGIN_BASIC_PROTOCOL) { - srt_process_context->hited_app_id=hited_app_id; + srt_process_context->matched_app_id=matched_app_id; } - srt_process_context->hited_para.hited_app_id=hited_app_id; + srt_process_context->hited_para.matched_app_id=matched_app_id; srt_process_context->hited_para.after_n_packets=after_n_packets; } else { - if(identify_result->origin==ORIGIN_BASIC_PROTOCOL && after_n_packets>0) //for enum TSG_PROTOCOL + if(origin==ORIGIN_BASIC_PROTOCOL && after_n_packets>0) //for enum TSG_PROTOCOL { srt_process_context->hited_para.after_n_packets=after_n_packets; } } - if(srt_process_context!=NULL && srt_process_context->hited_app_id>0) + if(srt_process_context!=NULL && srt_process_context->matched_app_id>0) { - session_app_gather_results_update_matched_app_id(a_stream, srt_process_context->hited_app_id); + session_app_gather_results_update_matched_app_id(a_stream, srt_process_context->matched_app_id); } - return hit_num; + return matched_cnt; +} + +size_t session_app_gather_results_scan(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, struct session_runtime_process_context *srt_process_context, int thread_seq) +{ + struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); + if(gather_result==NULL) + { + return 0; + } + + int matched_cnt=0; + if(gather_result->unknown_flag==1) + { + matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, &(gather_result->unknown), 1, ORIGIN_UNKNOWN, thread_seq); + } + + matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->built_in, gather_result->built_in_num, ORIGIN_BUILT_IN, thread_seq); + matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->l7_protocol, gather_result->l7_protocol_num, ORIGIN_BASIC_PROTOCOL, thread_seq); + matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->qm_engine, gather_result->qm_engine_num, ORIGIN_QM_ENGINE, thread_seq); + matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->user_define, gather_result->user_define_num, ORIGIN_USER_DEFINE, thread_seq); + + return matched_cnt; } static unsigned char matched_security_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *security_rules, size_t n_security_rules, const void *a_packet, int thread_seq) @@ -1824,13 +1812,13 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre if(is_deny_application(p_rule)) { - if(srt_process_context->hited_para.hited_app_id==0) + if(srt_process_context->hited_para.matched_app_id==0) { - srt_process_context->hited_para.hited_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name); + srt_process_context->hited_para.matched_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name); } - srt_action_context_set_hitted_app_id(a_stream, srt_process_context->hited_para.hited_app_id, a_stream->threadnum); - state=tsg_enforing_deny_application(a_stream, p_rule, srt_process_context->proto, srt_process_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_APP, a_packet); + srt_action_context_set_hitted_app_id(a_stream, srt_process_context->hited_para.matched_app_id, a_stream->threadnum); + state=tsg_enforing_deny_application(a_stream, p_rule, srt_process_context->proto, srt_process_context->hited_para.matched_app_id, ACTION_RETURN_TYPE_APP, a_packet); } else { @@ -1904,12 +1892,12 @@ int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struc return 0; } -unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *rules, size_t n_rules, const void *a_packet) +unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *matched_rules, size_t n_matched_rules, const void *a_packet) { unsigned char state=APP_STATE_GIVEME; struct maat_rule security_rules[MAX_RESULT_NUM]={0}; - size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); + size_t n_security_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); if(n_security_rules>0) { state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum); @@ -1920,21 +1908,21 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru } struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0}; - size_t n_s_chaining_rules=tsg_select_rules_by_service_id(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING); + size_t n_s_chaining_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING); if(n_s_chaining_rules>0) { matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum); } struct maat_rule shaping_rules[MAX_RESULT_NUM]={0}; - size_t n_shaping_rules=tsg_select_rules_by_service_id(rules, n_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING); + size_t n_shaping_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING); if(n_shaping_rules>0) { matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum); } struct maat_rule intercept_rules[MAX_RESULT_NUM]={0}; - size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT); + size_t n_intercept_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT); if(n_intercept_rules>0) { matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum); @@ -1943,6 +1931,38 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru return state; } +int session_app_gather_results_update(struct app_attributes **update_result, char update_result_num, struct app_identify_result *identify_result, int packet_sequence, int thread_seq) +{ + if(identify_result->app_id_num<=0) + { + return 0; + } + + if(*update_result==NULL) + { + (*update_result)=(struct app_attributes *)dictator_malloc(thread_seq, sizeof(struct app_attributes)*identify_result->app_id_num); + } + else + { + if((identify_result->app_id_num) > update_result_num) + { + (*update_result)=(struct app_attributes *)dictator_realloc(thread_seq, *update_result, sizeof(struct app_attributes)*identify_result->app_id_num); + } + } + + int i; + + for(i=0; iapp_id_num; i++) + { + (*update_result)[i].app_id=identify_result->origin; + (*update_result)[i].app_id=identify_result->app_id[i]; + (*update_result)[i].surrogate_id=identify_result->surrogate_id[i]; + (*update_result)[i].packet_sequence=packet_sequence; + } + + return i; +} + int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { if(data==NULL || a_stream->opstate==OP_STATE_CLOSE) @@ -1959,11 +1979,13 @@ int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); if(gather_result==NULL) { - gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX); - memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX); + gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); + memset(gather_result, 0, sizeof(struct gather_app_result)); session_gather_app_results_async(a_stream, (void *)gather_result); } + char scan_app_num=0; + struct app_attributes *scan_app=NULL; struct app_identify_result *identify_result=(struct app_identify_result *)data; switch(identify_result->origin) { @@ -1971,14 +1993,26 @@ int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge case ORIGIN_QM_ENGINE: srt_process_context->is_app_link=FLAG_TRUE; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1); + gather_result->qm_engine_num=session_app_gather_results_update(&(gather_result->qm_engine), gather_result->qm_engine_num, identify_result, get_packet_sequence(a_stream), a_stream->threadnum); + + scan_app=gather_result->qm_engine; + scan_app_num=gather_result->qm_engine_num; break; case ORIGIN_USER_DEFINE: srt_process_context->is_app_link=FLAG_TRUE; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1); + gather_result->user_define_num=session_app_gather_results_update(&(gather_result->user_define), gather_result->user_define_num, identify_result, get_packet_sequence(a_stream), a_stream->threadnum); + + scan_app=gather_result->user_define; + scan_app_num=gather_result->user_define_num; break; case ORIGIN_BUILT_IN: srt_process_context->is_app_link=FLAG_TRUE; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1); + gather_result->built_in_num=session_app_gather_results_update(&(gather_result->built_in), gather_result->built_in_num, identify_result, get_packet_sequence(a_stream), a_stream->threadnum); + + scan_app=gather_result->built_in; + scan_app_num=gather_result->built_in_num; break; case ORIGIN_BASIC_PROTOCOL: srt_process_context->is_app_link=FLAG_TRUE; @@ -1986,27 +2020,37 @@ int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge { srt_process_context_set_l7_protocol(srt_process_context, identify_result->app_id[identify_result->app_id_num-1]); } + gather_result->l7_protocol_num=session_app_gather_results_update(&(gather_result->l7_protocol), gather_result->l7_protocol_num, identify_result, get_packet_sequence(a_stream), a_stream->threadnum); + + scan_app=gather_result->l7_protocol; + scan_app_num=gather_result->l7_protocol_num; break; case ORIGIN_UNKNOWN: srt_process_context->is_app_link=FLAG_TRUE; + + gather_result->unknown_flag=1; + gather_result->unknown.app_id=identify_result->app_id[0]; + gather_result->unknown.surrogate_id=identify_result->surrogate_id[0]; + gather_result->unknown.packet_sequence=get_packet_sequence(a_stream); + + scan_app=&(gather_result->unknown); + scan_app_num=1; break; default: MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level)); return 0; } - app_gather_results_update(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream)); - if(srt_process_context->mid==NULL) { return 0; } - struct maat_rule scan_results[MAX_TSG_ALL_RESULT_NUM]={0}; + struct maat_rule rules[MAX_TSG_ALL_RESULT_NUM]={0}; srt_process_context->last_scan_time=tsg_get_current_time_ms(); - size_t hit_num=session_app_id_and_properties_scan((struct streaminfo *)a_stream, scan_results, MAX_TSG_ALL_RESULT_NUM, srt_process_context, &(gather_result[identify_result->origin]), a_stream->threadnum); + size_t matched_cnt=session_app_id_and_properties_scan((struct streaminfo *)a_stream, rules, MAX_TSG_ALL_RESULT_NUM, srt_process_context, scan_app, scan_app_num, identify_result->origin, (int)a_stream->threadnum); - srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, scan_results, hit_num, NULL); + srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, rules, matched_cnt, NULL); return 0; } @@ -2031,16 +2075,16 @@ int session_flags_identify_result_cb(const struct streaminfo *a_stream, int brid return 0; } - struct maat_rule scan_results[MAX_TSG_ALL_RESULT_NUM]={0}; - size_t hit_num=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), scan_results, MAX_TSG_ALL_RESULT_NUM); - srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, scan_results, hit_num, NULL); + struct maat_rule rules[MAX_TSG_ALL_RESULT_NUM]={0}; + size_t matched_cnt=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), rules, MAX_TSG_ALL_RESULT_NUM); + srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, rules, matched_cnt, NULL); return 0; } -size_t session_pending_state_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *results, int n_results, void *a_packet) +size_t session_pending_state_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *matched_rules, int n_matched_rules, void *a_packet) { - size_t hit_num=0; + size_t matched_cnt=0; int ret=session_l7_protocol_identify(a_stream, srt_process_context, a_packet); if(ret==1) { @@ -2064,60 +2108,51 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess } int table_idx=tsg_domain_table_idx_get(srt_process_context->proto); - hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto); - hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); if(srt_process_context->is_esni) { unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI"); - hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); } if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL) { table_idx=tsg_http_url_table_idx_get(); - hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->http_url, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->http_url, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); } } - ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), results+hit_num, n_results-hit_num); + ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); if(ret>0) { - hit_num+=ret; + matched_cnt+=ret; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } - struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); - for(int i=0; ithreadnum); - } - hit_num+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), results+hit_num, n_results-hit_num); + matched_cnt+=session_app_gather_results_scan(a_stream, matched_rules+matched_cnt, n_matched_rules-matched_cnt, srt_process_context, a_stream->threadnum); + matched_cnt+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); - if((is_only_monitor(results, hit_num)) && srt_process_context->proto==PROTO_DNS) // business deal action of monitor + if((is_only_monitor(matched_rules, matched_cnt)) && srt_process_context->proto==PROTO_DNS) // business deal action of monitor { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "pending_state_deal", "is_only_monitor, clean hit_num to 0, :%s", PRINTADDR(a_stream, g_tsg_para.level)); - hit_num=0; + matched_cnt=0; } - return hit_num; + return matched_cnt; } static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet) { - int i=0,ret=0; - size_t hit_num=0; + size_t matched_cnt=0; unsigned char state=APP_STATE_GIVEME; - struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]; - struct gather_app_result *gather_result=NULL; - struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)*pme; struct app_identify_result unknown_result; + int n_matched_rules=MAX_TSG_ALL_RESULT_NUM; + struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]; + struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)*pme; if(*pme==NULL) { @@ -2152,12 +2187,12 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1); } - hit_num+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet); + matched_cnt+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+matched_cnt, n_matched_rules-matched_cnt, a_packet); if (a_stream->type == STREAM_TYPE_TCP && a_packet != NULL) { tsg_proxy_tcp_options_parse(a_stream, a_packet); } - state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet); + state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, matched_cnt, a_packet); srt_process_context->deal_pkt_num++; srt_attribute_free_proxy_tcp_option(a_stream); @@ -2200,36 +2235,27 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo } srt_process_context->last_scan_time=tsg_get_current_time_ms(); - ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num); + int ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); if(ret>0) { - hit_num+=ret; + matched_cnt+=ret; } - gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream); - for(i=0; isession_flag>0) { - hit_num+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num); + matched_cnt+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt); } - state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet); - break; - default: + state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, matched_cnt, a_packet); break; } if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME) { - session_runtime_process_context_free(a_stream); + // session record sendlog + //session_runtime_process_context_free(a_stream); maat_state_free(srt_process_context->mid); srt_process_context->mid=NULL; @@ -2245,6 +2271,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns int ret=0; int eth_rawpkt_len=0; unsigned char state=APP_STATE_GIVEME; + size_t n_matched_rules=MAX_TSG_ALL_RESULT_NUM; struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]={0}; struct maat_rule security_rules[MAX_RESULT_NUM]={0}; struct maat_rule shaping_rules[MAX_RESULT_NUM]={0}; @@ -2259,10 +2286,10 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns } struct maat_state *scan_mid=maat_state_new(g_tsg_maat_feather, thread_seq); - int hit_num=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, PROTO_UNKONWN, scan_mid, matched_rules, MAX_TSG_ALL_RESULT_NUM); - if(hit_num>0) + int matched_cnt=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, PROTO_UNKONWN, scan_mid, matched_rules, n_matched_rules); + if(matched_cnt>0) { - int n_security_rules=tsg_select_rules_by_service_id(matched_rules, hit_num, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); + int n_security_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); if(n_security_rules>0) { struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_new(a_stream); @@ -2270,13 +2297,13 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns } struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0}; - size_t n_s_chaining_rules=tsg_select_rules_by_service_id(matched_rules, hit_num, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING); + size_t n_s_chaining_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING); if(state==APP_STATE_GIVEME && n_s_chaining_rules>0) { matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, thread_seq); } - size_t n_shaping_rules=tsg_select_rules_by_service_id(matched_rules, hit_num, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING); + size_t n_shaping_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING); if(state==APP_STATE_GIVEME && n_shaping_rules>0) { matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, thread_seq); @@ -2337,13 +2364,13 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns break; } - if(srt_action_context->hited_para.hited_app_id<=0) + if(srt_action_context->hited_para.matched_app_id<=0) { state=tsg_enforing_deny(a_stream, &(security_rules[0]), srt_action_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet); } else { - state=tsg_enforing_deny_application(a_stream, &(security_rules[0]), srt_action_context->protocol, srt_action_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet); + state=tsg_enforing_deny_application(a_stream, &(security_rules[0]), srt_action_context->protocol, srt_action_context->hited_para.matched_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet); } break; case TSG_METHOD_TYPE_SHUNT: diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index c7b352b..e54e29b 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -2231,29 +2231,29 @@ int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct ma return 0; } -size_t matche_rules_convert(struct maat *feather,long long *matched_rules, size_t n_matched_rules, struct maat_rule *results, size_t n_results) +size_t matche_rules_convert(struct maat *feather,long long *rules, size_t n_rules, struct maat_rule *matched_rules, size_t n_matched_rules) { size_t offset=0; - for(size_t i=0; irule; + matched_rules[offset++]=maat_compile->rule; ex_data_security_compile_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_SECURITY_COMPILE].id, (void **)&(maat_compile), 0, NULL); } return offset; } -size_t tsg_scan_integer(const struct streaminfo *a_stream, struct maat *feather, long long s_integer, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_integer(const struct streaminfo *a_stream, struct maat *feather, long long s_integer, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - size_t n_matched_rules=0; - long long matched_rules[MAX_RESULT_NUM]; - int is_hited=maat_scan_integer(feather, g_tsg_maat_rt_para.scan_tb[idx].id, s_integer, matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + size_t n_rules=0; + long long rules[MAX_RESULT_NUM]; + int is_hited=maat_scan_integer(feather, g_tsg_maat_rt_para.scan_tb[idx].id, s_integer, rules, MAX_RESULT_NUM, &n_rules, s_mid); if(is_hited==MAAT_SCAN_HIT) { MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, @@ -2266,7 +2266,7 @@ size_t tsg_scan_integer(const struct streaminfo *a_stream, struct maat *feather, PRINTADDR(a_stream, g_tsg_maat_rt_para.level), s_mid ); - return matche_rules_convert(feather, matched_rules, n_matched_rules, results, n_results); + return matche_rules_convert(feather, rules, n_rules, matched_rules, n_matched_rules); } MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, @@ -2282,11 +2282,11 @@ size_t tsg_scan_integer(const struct streaminfo *a_stream, struct maat *feather, return 0; } -size_t tsg_scan_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long long flags, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long long flags, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - size_t n_matched_rules=0; - long long matched_rules[MAX_RESULT_NUM]; - int is_hited=maat_scan_flag(feather, g_tsg_maat_rt_para.scan_tb[idx].id, flags, matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + size_t n_rules=0; + long long rules[MAX_RESULT_NUM]; + int is_hited=maat_scan_flag(feather, g_tsg_maat_rt_para.scan_tb[idx].id, flags, rules, MAX_RESULT_NUM, &n_rules, s_mid); if(is_hited==MAAT_SCAN_HIT) { MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, @@ -2299,7 +2299,7 @@ size_t tsg_scan_flags(const struct streaminfo *a_stream, struct maat *feather, u PRINTADDR(a_stream, g_tsg_maat_rt_para.level), s_mid ); - return matche_rules_convert(feather, matched_rules, n_matched_rules, results, n_results); + return matche_rules_convert(feather, rules, n_rules, matched_rules, n_matched_rules); } MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, @@ -2315,11 +2315,11 @@ size_t tsg_scan_flags(const struct streaminfo *a_stream, struct maat *feather, u return 0; } -size_t tsg_scan_string(const struct streaminfo *a_stream, struct maat *feather, const char *s_data, size_t s_data_len, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_string(const struct streaminfo *a_stream, struct maat *feather, const char *s_data, size_t s_data_len, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - size_t n_matched_rules=0; - long long matched_rules[MAX_RESULT_NUM]; - int is_hited=maat_scan_string(feather, g_tsg_maat_rt_para.scan_tb[idx].id, s_data, s_data_len, matched_rules, MAX_RESULT_NUM, &n_matched_rules, s_mid); + size_t n_rules=0; + long long rules[MAX_RESULT_NUM]; + int is_hited=maat_scan_string(feather, g_tsg_maat_rt_para.scan_tb[idx].id, s_data, s_data_len, rules, MAX_RESULT_NUM, &n_rules, s_mid); if(is_hited==MAAT_SCAN_HIT) { MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, @@ -2332,7 +2332,7 @@ size_t tsg_scan_string(const struct streaminfo *a_stream, struct maat *feather, g_tsg_maat_rt_para.scan_tb[idx].name, PRINTADDR(a_stream, g_tsg_maat_rt_para.level), s_mid); - return matche_rules_convert(feather, matched_rules, n_matched_rules, results, n_results); + return matche_rules_convert(feather, rules, n_rules, matched_rules, n_matched_rules); } MESA_handle_runtime_log(g_tsg_maat_rt_para.logger, @@ -2481,20 +2481,20 @@ size_t tsg_scan_ipv6_address(const struct streaminfo *a_stream, struct maat *fea return 0; } -size_t tsg_scan_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info *asn, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_result) +size_t tsg_scan_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info *asn, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - if(asn==NULL || asn->asn_id==NULL|| results==NULL || n_result==0) + if(asn==NULL || asn->asn_id==NULL|| matched_rules==NULL || n_matched_rules==0) { return 0; } - return tsg_scan_string(a_stream, feather, asn->asn_id, strlen(asn->asn_id), idx, s_mid, results, n_result); + return tsg_scan_string(a_stream, feather, asn->asn_id, strlen(asn->asn_id), idx, s_mid, matched_rules, n_matched_rules); } -size_t tsg_scan_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info *location, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info *location, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { char full_address[1024]={0}; - if(location==NULL || results==NULL || n_results==0) + if(location==NULL || matched_rules==NULL || n_matched_rules==0) { return 0; } @@ -2514,7 +2514,7 @@ size_t tsg_scan_ip_location(const struct streaminfo *a_stream, struct maat *feat snprintf(full_address, sizeof(full_address), "%s.%s.", location->country_full, location->city_full); } - return tsg_scan_string(a_stream, feather, full_address, strlen(full_address), idx, s_mid, results, n_results); + return tsg_scan_string(a_stream, feather, full_address, strlen(full_address), idx, s_mid, matched_rules, n_matched_rules); } int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq) @@ -2647,62 +2647,62 @@ int tsg_get_vlan_label_id(struct maat *feather, struct single_layer_vlan_addr *v return idx; } -size_t tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *results, size_t n_results, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array) +size_t tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array) { - size_t hit_num=0; + size_t matched_cnt=0; struct tunnel_catalog *t_catalog[TUNNEL_CATALOG_MAX]; int ret=maat_bool_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_CATALOG].id, (unsigned long long *)bool_id_array, n_bool_id_array, (void**)(&t_catalog), TUNNEL_CATALOG_MAX); for(int i=0; iid, MAAT_SCAN_TUNNEL_ID, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_integer(a_stream, feather, (long long)t_catalog[i]->id, MAAT_SCAN_TUNNEL_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); ex_data_tunnel_catalog_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_TUNNEL_CATALOG].id, (void **)&(t_catalog[i]), 0, NULL); } - return hit_num; + return matched_cnt; } -size_t tsg_scan_subscribe_id_policy(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info *user_info, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_subscribe_id_policy(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info *user_info, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - if(user_info==NULL || user_info->subscribe_id==NULL || results==NULL || n_results==0) + if(user_info==NULL || user_info->subscribe_id==NULL || matched_rules==NULL || n_matched_rules==0) { return 0; } - return tsg_scan_string(a_stream, feather, user_info->subscribe_id, strlen(user_info->subscribe_id), MAAT_SCAN_SUBSCRIBER_ID, s_mid, results, n_results); + return tsg_scan_string(a_stream, feather, user_info->subscribe_id, strlen(user_info->subscribe_id), MAAT_SCAN_SUBSCRIBER_ID, s_mid, matched_rules, n_matched_rules); } -size_t tsg_scan_gtp_apn_policy(const struct streaminfo *a_stream, struct maat *feather, char *apn, struct maat_state *s_mid,struct maat_rule *results, size_t n_results) +size_t tsg_scan_gtp_apn_policy(const struct streaminfo *a_stream, struct maat *feather, char *apn, struct maat_state *s_mid,struct maat_rule *matched_rules, size_t n_matched_rules) { - if(apn==NULL || results==NULL || n_results==0) + if(apn==NULL || matched_rules==NULL || n_matched_rules==0) { return 0; } - return tsg_scan_string(a_stream, feather, apn, strlen(apn), MAAT_SCAN_GTP_APN, s_mid, results, n_results); + return tsg_scan_string(a_stream, feather, apn, strlen(apn), MAAT_SCAN_GTP_APN, s_mid, matched_rules, n_matched_rules); } -size_t tsg_scan_gtp_imsi_policy(const struct streaminfo *a_stream, struct maat *feather, char *imsi, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_gtp_imsi_policy(const struct streaminfo *a_stream, struct maat *feather, char *imsi, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - if(imsi==NULL || results==NULL || n_results==0) + if(imsi==NULL || matched_rules==NULL || n_matched_rules==0) { return 0; } - return tsg_scan_string(a_stream, feather, imsi, strlen(imsi), MAAT_SCAN_GTP_IMSI, s_mid, results, n_results); + return tsg_scan_string(a_stream, feather, imsi, strlen(imsi), MAAT_SCAN_GTP_IMSI, s_mid, matched_rules, n_matched_rules); } -size_t tsg_scan_gtp_phone_number_policy(const struct streaminfo *a_stream, struct maat *feather, char *phone_number, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_gtp_phone_number_policy(const struct streaminfo *a_stream, struct maat *feather, char *phone_number, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - if(phone_number==NULL || results==NULL || n_results==0) + if(phone_number==NULL || matched_rules==NULL || n_matched_rules==0) { return 0; } - return tsg_scan_string(a_stream, feather, phone_number, strlen(phone_number), MAAT_SCAN_GTP_PHONE_NUMBER, s_mid, results, n_results); + return tsg_scan_string(a_stream, feather, phone_number, strlen(phone_number), MAAT_SCAN_GTP_PHONE_NUMBER, s_mid, matched_rules, n_matched_rules); } //return value: -1: failed, 0: not hit, >0: hit count -size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { if(domain==NULL) { @@ -2715,12 +2715,12 @@ size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *fe return 0; } - return tsg_scan_string(a_stream, feather, domain, fqdn_len, (enum MAAT_SCAN_TB)idx, s_mid, results, n_results); + return tsg_scan_string(a_stream, feather, domain, fqdn_len, (enum MAAT_SCAN_TB)idx, s_mid, matched_rules, n_matched_rules); } -size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - return tsg_scan_flags(a_stream, feather, flag, MAAT_SCAN_SESSION_FLAGS, s_mid, results, n_results); + return tsg_scan_flags(a_stream, feather, flag, MAAT_SCAN_SESSION_FLAGS, s_mid, matched_rules, n_matched_rules); } struct maat_rule *tsg_select_deny_rule(struct maat_rule *rules, size_t n_rules) @@ -2773,50 +2773,50 @@ int tsg_get_fqdn_category_ids(struct maat *feather, char *fqdn, unsigned int *ca return 0; } -size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, unsigned int *category_ids, int n_category_ids, int table_idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results) +size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, unsigned int *category_ids, int n_category_ids, int table_idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules) { - if(n_results==0 || category_ids==NULL || n_category_ids<=0 || table_idx<0) + if(n_matched_rules==0 || category_ids==NULL || n_category_ids<=0 || table_idx<0) { return 0; } - size_t hit_num=0; + size_t matched_cnt=0; for(int i=0; iaddr; } - hit_num+=tsg_scan_ipv4_address(cur_stream, feather,p_addr, MAAT_SCAN_SRC_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_ipv4_address(cur_stream, feather,p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_ipv4_address(cur_stream, feather,p_addr, MAAT_SCAN_SRC_IP_ADDR, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_ipv4_address(cur_stream, feather,p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); break; case ADDR_TYPE_IPV6: case __ADDR_TYPE_IP_PAIR_V6: @@ -2866,16 +2866,16 @@ size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *fea p_addr=(struct ipaddr *)&cur_stream->addr; } - hit_num+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_SRC_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_SRC_IP_ADDR, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); break; case ADDR_TYPE_L2TP: proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_L2TP].name); - hit_num+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); break; case ADDR_TYPE_PPTP: proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_PPTP].name); - hit_num+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); break; case ADDR_TYPE_VLAN: bool_id_array_idx+=tsg_get_vlan_label_id(feather, cur_stream->addr.vlan->c2s_addr_array, cur_stream->addr.vlan->c2s_layer_num, bool_id_array+bool_id_array_idx, TUNNEL_BOOL_ID_MAX-bool_id_array_idx); @@ -2897,55 +2897,55 @@ size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *fea } cur_stream=cur_stream->pfather; - }while(cur_stream!=NULL && hit_numPROTO_UNKONWN && protoPROTO_UNKONWN && protoclient_location, MAAT_SCAN_SRC_LOCATION, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_ip_location(a_stream, feather, srt_attribute->server_location, MAAT_SCAN_DST_LOCATION, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_ip_location(a_stream, feather,srt_attribute->client_location, MAAT_SCAN_SRC_LOCATION, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_ip_location(a_stream, feather, srt_attribute->server_location, MAAT_SCAN_DST_LOCATION, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); } - if(hit_numclient_asn, MAAT_SCAN_SRC_ASN, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_ip_asn(a_stream, feather, srt_attribute->server_asn, MAAT_SCAN_DST_ASN, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_ip_asn(a_stream, feather, srt_attribute->client_asn, MAAT_SCAN_SRC_ASN, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_ip_asn(a_stream, feather, srt_attribute->server_asn, MAAT_SCAN_DST_ASN, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); } - if(hit_numclient_subscribe_id, &srt_attribute->server_subscribe_id); - hit_num+=tsg_scan_subscribe_id_policy(a_stream, feather, srt_attribute->client_subscribe_id, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_subscribe_id_policy(a_stream, feather, srt_attribute->server_subscribe_id, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_subscribe_id_policy(a_stream, feather, srt_attribute->client_subscribe_id, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_subscribe_id_policy(a_stream, feather, srt_attribute->server_subscribe_id, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); } - if(hit_numuser_info)); if(ret==1 && srt_attribute->user_info!=NULL) { - hit_num+=tsg_scan_gtp_apn_policy(a_stream, feather, srt_attribute->user_info->apn, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_gtp_imsi_policy(a_stream, feather, srt_attribute->user_info->imsi, s_mid, results+hit_num, n_results-hit_num); - hit_num+=tsg_scan_gtp_phone_number_policy(a_stream, feather, srt_attribute->user_info->msisdn, s_mid, results+hit_num, n_results-hit_num); + matched_cnt+=tsg_scan_gtp_apn_policy(a_stream, feather, srt_attribute->user_info->apn, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_gtp_imsi_policy(a_stream, feather, srt_attribute->user_info->imsi, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); + matched_cnt+=tsg_scan_gtp_phone_number_policy(a_stream, feather, srt_attribute->user_info->msisdn, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt); } } - return hit_num; + return matched_cnt; } int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int app_name_len, int is_joint_parent) diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 2938982..0e37f62 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -591,67 +591,69 @@ static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_han return 1; } -static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result) -{ - int i=0,j=0,ret=0; - int add_app_flag=0; - char app_name[512]={0}; - Value array(kArrayType); - - for(i=ORIGIN_USER_DEFINE; i0) { - continue; + add_str_member(_handle, &object, "app_name", app_name); } - - for(j=0; j0) - { - add_str_member(_handle, &object, "app_name", app_name); - } - else - { - object.AddMember("app_name", result[i].attributes[j].app_id, _handle->document->GetAllocator()); - } - object.AddMember("packet_sequence",result[i].attributes[j].packet_sequence, _handle->document->GetAllocator()); - array.PushBack(object, _handle->document->GetAllocator()); - - add_app_flag=1; + object.AddMember("app_name", result[i].app_id, _handle->document->GetAllocator()); } + object.AddMember("packet_sequence",result[i].packet_sequence, _handle->document->GetAllocator()); + array->PushBack(object, _handle->document->GetAllocator()); } - if(add_app_flag==1) - { - TLD_append(_handle, field_name, &array, TLD_TYPE_OBJECT); - } - - return 1; + return result_num; } -static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result) +static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result * gather_result) { - if(result->app_num==0) + if(gather_result->user_define_num<=0 && gather_result->built_in_num<=0 && gather_result->unknown_flag==0) { return 0; } Value array(kArrayType); - for(int i=0; iapp_num; i++) + set_app_identify_info_array(&array, _handle, gather_result->user_define, gather_result->user_define_num); + set_app_identify_info_array(&array, _handle, gather_result->built_in, gather_result->built_in_num); + + if(gather_result->unknown_flag==1) + { + set_app_identify_info_array(&array, _handle, &gather_result->unknown, 1); + } + + TLD_append(_handle, field_name, &array, TLD_TYPE_OBJECT); + + return 1; +} + +static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct app_attributes *result, char result_num) +{ + if(result_num==0) + { + return 0; + } + + Value array(kArrayType); + for(int i=0; iattributes[i].app_id, app_name, sizeof(app_name), 1); + int ret=tsg_get_app_name_by_id(g_tsg_maat_feather, result[i].app_id, app_name, sizeof(app_name), 1); if(ret>0) { add_str_member(_handle, &object, "app_name", app_name); } - object.AddMember("app_id", result->attributes[i].app_id, _handle->document->GetAllocator()); - object.AddMember("surrogate_id", result->attributes[i].surrogate_id, _handle->document->GetAllocator()); - object.AddMember("packet_sequence",result->attributes[i].packet_sequence, _handle->document->GetAllocator()); + object.AddMember("app_id", result[i].app_id, _handle->document->GetAllocator()); + object.AddMember("surrogate_id", result[i].surrogate_id, _handle->document->GetAllocator()); + object.AddMember("packet_sequence",result[i].packet_sequence, _handle->document->GetAllocator()); array.PushBack(object, _handle->document->GetAllocator()); } add_object_member(_handle, app_id_object, field_name, array); @@ -660,9 +662,9 @@ static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, c } -static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result) +static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct app_attributes *result, char result_num) { - if(result==NULL || result->app_num<=0) + if(result==NULL || result_num<=0) { return 0; } @@ -671,10 +673,10 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st char app_name[256]={0}; Value array(kArrayType); - for(i=0; iapp_num; i++) + for(i=0; iattributes[i].app_id, app_name, sizeof(app_name), 1); + tsg_get_app_name_by_id(g_tsg_maat_feather, result[i].app_id, app_name, sizeof(app_name), 1); if(strnlen(app_name, sizeof(app_name)) > 0) { Value app_name_str; @@ -703,7 +705,7 @@ int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handl return 0; } - set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE])); + set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, gather_result->user_define, gather_result->user_define_num); char app_full_path[256]={0}; session_application_full_path_update(a_stream, app_full_path, sizeof(app_full_path)); @@ -724,13 +726,22 @@ int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handl if(_instance->send_app_id) { Value app_id_object(kObjectType); - get_app_id_list(&app_id_object, _handle, "LPI_L7", &(gather_result[ORIGIN_BASIC_PROTOCOL])); - get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(gather_result[ORIGIN_USER_DEFINE])); - get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(gather_result[ORIGIN_BUILT_IN])); - get_app_id_list(&app_id_object, _handle, "HITED_APP", &(gather_result[ORIGIN_HITED_APP])); - get_app_id_list(&app_id_object, _handle, "THIRD", &(gather_result[ORIGIN_QM_ENGINE])); - get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result[ORIGIN_UNKNOWN])); - get_app_id_list(&app_id_object, _handle, "QM_L7", &(gather_result[ORIGIN_QM_ENGINE_L7])); + get_app_id_list(&app_id_object, _handle, "LPI_L7", gather_result->l7_protocol, gather_result->l7_protocol_num); + get_app_id_list(&app_id_object, _handle, "USER_DEFINE", gather_result->user_define, gather_result->user_define_num); + get_app_id_list(&app_id_object, _handle, "BUILT_IN", gather_result->built_in, gather_result->built_in_num); + + get_app_id_list(&app_id_object, _handle, "QM_L7", gather_result->qm_engine, gather_result->l7_qm_engine_num); + get_app_id_list(&app_id_object, _handle, "THIRD", gather_result->qm_engine+gather_result->l7_qm_engine_num, gather_result->qm_engine_num-gather_result->l7_qm_engine_num); + + if(gather_result->matched_app_flag==1) + { + get_app_id_list(&app_id_object, _handle, "HITED_APP", &(gather_result->matched_app), 1); + } + if(gather_result->unknown_flag==1) + { + get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result->unknown), 1); + } + TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT); } diff --git a/test/src/gtest_bridge.cpp b/test/src/gtest_bridge.cpp index 7f36454..2ec91a0 100644 --- a/test/src/gtest_bridge.cpp +++ b/test/src/gtest_bridge.cpp @@ -414,14 +414,38 @@ extern void session_gather_app_results_free(const struct streaminfo *a_stream, i TEST(TSG_Bridge, GatherAppResultAsync) { const struct streaminfo a_stream = {0}; - struct gather_app_result *gather_result = (struct gather_app_result *)dictator_malloc(a_stream.threadnum, sizeof(struct gather_app_result)); - gather_result->app_num = 1003; - session_gather_app_results_async(&a_stream, (void *)gather_result); - struct gather_app_result *test = (struct gather_app_result *)session_gather_app_results_get(&a_stream); - EXPECT_EQ(test, gather_result); - EXPECT_EQ(test->app_num, 1003); - session_gather_app_results_free(&a_stream, g_tm_bridge_para[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)test); + struct gather_app_result *gather_result_in = (struct gather_app_result *)dictator_malloc(a_stream.threadnum, sizeof(struct gather_app_result)); + memset(gather_result_in, 0, sizeof(struct gather_app_result)); + + gather_result_in->unknown_flag = 1; + gather_result_in->unknown.app_id=4; + gather_result_in->unknown.surrogate_id=0; + gather_result_in->unknown.packet_sequence=40; + + session_gather_app_results_async(&a_stream, (void *)gather_result_in); + struct gather_app_result *gather_result_out = (struct gather_app_result *)session_gather_app_results_get(&a_stream); + EXPECT_NE(nullptr, gather_result_out); + EXPECT_EQ(gather_result_out->unknown_flag, 1); + EXPECT_EQ(gather_result_out->unknown.app_id, 4); + EXPECT_EQ(gather_result_out->unknown.surrogate_id, 0); + EXPECT_EQ(gather_result_out->unknown.packet_sequence, 40); + + EXPECT_EQ(gather_result_out->matched_app_flag, 0); + EXPECT_EQ(gather_result_out->l7_protocol_num, 0); + EXPECT_EQ(gather_result_out->l7_qm_engine_num, 0); + EXPECT_EQ(gather_result_out->qm_engine_num, 0); + EXPECT_EQ(gather_result_out->user_define_num, 0); + EXPECT_EQ(gather_result_out->built_in_num, 0); + + EXPECT_EQ(nullptr, gather_result_out->built_in); + EXPECT_EQ(nullptr, gather_result_out->l7_protocol); + EXPECT_EQ(nullptr, gather_result_out->qm_engine); + EXPECT_EQ(nullptr, gather_result_out->user_define); + + session_gather_app_results_free(&a_stream, g_tm_bridge_para[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result_out); session_gather_app_results_async(&a_stream, NULL); + + EXPECT_EQ(nullptr, session_gather_app_results_get(&a_stream)); } static void tsg_bridge_test_init_attribute(const struct streaminfo *a_stream, struct session_runtime_attribute *attribute) diff --git a/test/src/gtest_common.cpp b/test/src/gtest_common.cpp index f3e3718..086ee7e 100644 --- a/test/src/gtest_common.cpp +++ b/test/src/gtest_common.cpp @@ -20,6 +20,11 @@ void *dictator_malloc(int thread_seq,size_t size) return calloc(1, size); } +void *dictator_realloc(int thread_seq, void * pbuf, size_t size) +{ + return realloc(pbuf, size); +} + const char *printaddr (const struct layer_addr *paddrinfo, int threadindex) { return gtest_addrlist; diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp index 0a2b20c..047aa9f 100644 --- a/test/src/gtest_master.cpp +++ b/test/src/gtest_master.cpp @@ -20,31 +20,32 @@ extern void session_segment_id_free(const struct streaminfo * a_stream, int brid TEST(TSGMaster, SetAPPIDHttp) { const struct streaminfo a_stream={0}; - struct gather_app_result async_gather_result[ORIGIN_MAX]={0}; - - async_gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1; - async_gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; - async_gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67; //HTTP + struct gather_app_result *gather_result_in=(struct gather_app_result *)dictator_malloc(0, sizeof(struct gather_app_result)); + memset(gather_result_in, 0, sizeof(struct gather_app_result)); - session_gather_app_results_async(&a_stream, (void *)async_gather_result); - struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream); - EXPECT_NE(nullptr, gather_result); - EXPECT_EQ(1, gather_result[ORIGIN_BASIC_PROTOCOL].app_num); - EXPECT_EQ(67, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id); - EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence); - EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id); - EXPECT_EQ(ORIGIN_BASIC_PROTOCOL, gather_result[ORIGIN_BASIC_PROTOCOL].origin); + gather_result_in->l7_protocol_num=1; + gather_result_in->l7_protocol=(struct app_attributes *)dictator_malloc(0, sizeof(struct app_attributes)); + gather_result_in->l7_protocol[0].app_id=67; //HTTP + gather_result_in->l7_protocol[0].surrogate_id=0; //HTTP + gather_result_in->l7_protocol[0].packet_sequence=1; //HTTP + + session_gather_app_results_async(&a_stream, (void *)gather_result_in); + struct gather_app_result *gather_result_out=(struct gather_app_result *)session_gather_app_results_get(&a_stream); + EXPECT_NE(nullptr, gather_result_out); + EXPECT_EQ(1, gather_result_out->l7_protocol_num); + EXPECT_EQ(67, gather_result_out->l7_protocol[0].app_id); + EXPECT_EQ(0, gather_result_out->l7_protocol[0].surrogate_id); + EXPECT_EQ(1, gather_result_out->l7_protocol[0].packet_sequence); struct TLD_handle_t *handle=TLD_create(0); set_app_id(g_tsg_log_instance, handle, (struct streaminfo *)&a_stream); char app_ids[256]={0}; TLD_convert_json(handle, app_ids, sizeof(app_ids)); - EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\",\"common_app_id\":{\"LPI_L7\":[{\"app_name\":\"http\",\"app_id\":67,\"surrogate_id\":0,\"packet_sequence\":0}]}}", app_ids); + EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\",\"common_app_id\":{\"LPI_L7\":[{\"app_name\":\"http\",\"app_id\":67,\"surrogate_id\":0,\"packet_sequence\":1}]}}", app_ids); - + dictator_free(0, gather_result_out); session_gather_app_results_async(&a_stream, NULL); - gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream); - EXPECT_EQ(nullptr, gather_result); + EXPECT_EQ(nullptr, session_gather_app_results_get(&a_stream)); } TEST(TSGMaster, SetAPPIDUnknown) @@ -989,11 +990,11 @@ TEST(TSGMaster, SessionDealStatePending) struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream); EXPECT_NE(nullptr, gather_result); - EXPECT_EQ(1, gather_result[ORIGIN_BASIC_PROTOCOL].app_num); - EXPECT_EQ(45, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id); - EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id); + EXPECT_EQ(1, gather_result->l7_protocol_num); + EXPECT_EQ(45, gather_result->l7_protocol[0].app_id); + EXPECT_EQ(0, gather_result->l7_protocol[0].surrogate_id); - free(gather_result); + dictator_free(0, gather_result); session_gather_app_results_async(&a_stream, NULL); EXPECT_EQ(nullptr, session_gather_app_results_get(&a_stream));