共享IP归属地、subscribe_id等信息给KNI

src/tsg_entry.cpp

@@ -56,6 +56,23 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "link
 										 {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"}
 										};
 
+id2field_t g_tsg_proto_name2id[PROTO_MAX]={{TLD_TYPE_UNKNOWN, PROTO_UNKONWN, "unknown"}, 
+										 {TLD_TYPE_UNKNOWN, PROTO_IPv4, "IPV4"},
+										 {TLD_TYPE_UNKNOWN, PROTO_IPv6, "IPV6"},
+										 {TLD_TYPE_UNKNOWN, PROTO_TCP, "TCP"},
+										 {TLD_TYPE_UNKNOWN, PROTO_UDP, "UDP"},
+										 {TLD_TYPE_UNKNOWN, PROTO_HTTP, "HTTP"},
+										 {TLD_TYPE_UNKNOWN, PROTO_MAIL, "MAIL"},
+										 {TLD_TYPE_UNKNOWN, PROTO_DNS, "DNS"},
+										 {TLD_TYPE_UNKNOWN, PROTO_FTP, "FTP"},
+										 {TLD_TYPE_UNKNOWN, PROTO_SSL, "SSL"},
+										 {TLD_TYPE_UNKNOWN, PROTO_SIP, "SIP"},
+										 {TLD_TYPE_UNKNOWN, PROTO_BGP, "BGP"},
+										 {TLD_TYPE_UNKNOWN, PROTO_STREAMING_MEDIA, "STREAMING_MEDIA"},
+										 {TLD_TYPE_UNKNOWN, PROTO_QUIC, "QUIC"},
+										 {TLD_TYPE_UNKNOWN, PROTO_SSH, "SSH"}
+										};
+
 #define	DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID	1
 
 static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
@@ -91,6 +108,35 @@ static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
 	return flags;
 }
 
+static int tsg_proto_name2flag(char *proto_list, int *flag)
+{
+	int i=0;
+	char *s=NULL,*e=NULL;
+
+	s=proto_list;
+	while(s)
+	{
+		e=index(s, ';');
+		if(!e)
+		{
+			break;
+		}
+
+		for(i=0; i< PROTO_MAX; i++)
+		{
+			if((memcmp(s, g_tsg_proto_name2id[i].name, e-s))==0)
+			{
+				*flag|=(1<<g_tsg_proto_name2id[i].id);
+				break;
+			}
+		}
+		
+		s=e+1;	
+	}
+
+	return 0;
+}
+
 int tsg_set_device_id_to_telegraf(char *device_sn)
 {
 	char buff[128]={0};
@@ -427,7 +473,9 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 	int ret=0;
                                       
 	identify_info->proto = PROTO_UNKONWN;
-	//http
+	
+	if(g_tsg_para.proto_flag&(1<<PROTO_HTTP))  //http
+	{
 		char *host=NULL;
 		ret=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host);
 		if(ret>=0)
@@ -444,8 +492,10 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 			}
 			return 1;
 		}
+	}
 	
-	//ssl
+	if(g_tsg_para.proto_flag&(1<<PROTO_SSL))  //ssl
+	{
 		enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
 		struct ssl_chello *chello = NULL;
 
@@ -468,8 +518,10 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 		}
 		
 	    ssl_chello_free(chello);
+	}
 
-	//dns
+	if(g_tsg_para.proto_flag&(1<<PROTO_DNS))  //dns
+	{
 		struct stream_tuple4_v4 *tpl4 = NULL;
 		struct stream_tuple4_v6 *tpl6 = NULL;
 
@@ -494,31 +546,40 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 			default:
 				break;
 		}
+	}
 	
-	//ftp
+	if(g_tsg_para.proto_flag&(1<<PROTO_FTP))  //ftp
+	{
 		ret=ftp_control_identify(a_stream);
 		if(ret>0)
 		{
 			identify_info->proto=PROTO_FTP;
 			return 1;
 		}
+	}
 	
-	//mail
+	if(g_tsg_para.proto_flag&(1<<PROTO_MAIL))  //mail
+	{
 		ret=mail_protocol_identify_by_first_payload(a_stream,(char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum);
 		if(ret>=SMTP_PROTOCOL&& ret<=IMAP_PROTOCOL)
 		{
 			identify_info->proto=PROTO_MAIL;
 			return 1;
 		}
+	}
 
+	if(g_tsg_para.proto_flag&(1<<PROTO_SSH))  //ssh
+	{
 		ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger);
 		if(ret > 0)
 		{
 			identify_info->proto=PROTO_SSH;
 			return 1;
 		}
-	//ssh
+	}
-	//quic
+	
+	if(g_tsg_para.proto_flag&(1<<PROTO_QUIC))  //quic
+	{
 		ret=quic_protocol_identify(a_stream, a_packet, identify_info->domain, sizeof(identify_info->domain));
 		if(ret>0)
 		{
@@ -526,7 +587,7 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 			identify_info->domain_len=ret;
 			return 1;
 		}
-	
+	}
 	return ret;
 }
 
@@ -901,6 +962,7 @@ extern "C" int TSG_MASTER_INIT()
 	char fs_server_ip[MAX_IPV4_LEN]={0};
 	char fs_output_path[MAX_STRING_LEN*4]={0};
 	char device_sn_filename[MAX_STRING_LEN]={0};
+	char identify_proto_name[MAX_STRING_LEN*4]={0};
 	
 	memset(&g_tsg_para, 0, sizeof(g_tsg_para));
 	
@@ -914,6 +976,9 @@ extern "C" int TSG_MASTER_INIT()
 		return -1;
 	}
 	
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;");
+	tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
+
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0);
 	MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
 	

src/tsg_entry.h

@@ -4,6 +4,7 @@
 #include <MESA/Maat_rule.h>
 #include <MESA/field_stat2.h>
 #include "tsg_rule.h"
+#include "tsg_label.h"
 #include "tsg_statistic.h"
 
 #if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
@@ -90,6 +91,7 @@ typedef	struct _tsg_para
 	int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
 	int priority_project_id;
 	int internal_project_id;
+	int proto_flag; //tsg_protocol_t
 	int fs2_field_id[TSG_FS2_MAX];
 	char device_sn[MAX_DOAMIN_LEN/8];
 	char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];

src/tsg_rule.cpp

@@ -93,6 +93,13 @@ static char* str_unescape(char* s)
 	return s;
 }
 
+static void eliminate_default_value(char *value)
+{
+	if(value!=NULL && (memcmp(value, "null", 4))==0)
+	{
+		value[0]='\0';
+	}
+}
 
 void ASN_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp)
 {
@@ -143,6 +150,7 @@ void ASN_new_data(int table_id, const char* key, const char* table_line, MAAT_PL
 	}
 	
 	str_unescape(asn->organization);
+	eliminate_default_value(asn->organization);
 
 	atomic_inc(&asn->ref_cnt);
 	asn->table_id=table_id;
@@ -262,6 +270,15 @@ void location_new_data(int table_id, const char* key, const char* table_line, MA
 	str_unescape(location->country_full);
 	str_unescape(location->province_full);
 	str_unescape(location->city_full);
+	eliminate_default_value(location->language);
+	eliminate_default_value(location->continent_abbr);
+	eliminate_default_value(location->continent_full);
+	eliminate_default_value(location->country_abbr);
+	eliminate_default_value(location->country_full);
+	eliminate_default_value(location->province_abbr);
+	eliminate_default_value(location->province_full);
+	eliminate_default_value(location->city_full);
+	eliminate_default_value(location->time_zone);
 	
 	atomic_inc(&location->ref_cnt);
 	location->table_id=table_id;

src/tsg_send_log.cpp

@@ -209,20 +209,14 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD
 		if(internal_label->client_location!=NULL)
 		{
 			location=internal_label->client_location;
-			snprintf(buff, sizeof(buff), "%s,%s,%s", (!(memcmp(location->city_full, "null", 4)) ? "" : location->city_full),
+			snprintf(buff, sizeof(buff), "%s,%s,%s", location->city_full, location->province_full, location->country_full);
-													  (!(memcmp(location->province_full, "null", 4)) ? "" : location->province_full),
-													  (!(memcmp(location->country_full, "null", 4)) ? "" : location->country_full)
-													  );
 			TLD_append(_handle, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, (void *)buff, TLD_TYPE_STRING);
 		}
 
 		if(internal_label->server_location!=NULL)
 		{
 			location=internal_label->server_location;
-			snprintf(buff, sizeof(buff), "%s,%s,%s", (!(memcmp(location->city_full, "null", 4)) ? "" : location->city_full),
+			snprintf(buff, sizeof(buff), "%s,%s,%s", location->city_full, location->province_full, location->country_full);
-													  (!(memcmp(location->province_full, "null", 4)) ? "" : location->province_full),
-													  (!(memcmp(location->country_full, "null", 4)) ? "" : location->country_full)
-													  );
 			TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, (void *)buff, TLD_TYPE_STRING);
 		}
 	}

src/tsg_ssh_utils.cpp

@@ -9,7 +9,6 @@
 
 int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp)
 {
-	void *logger=argp;
 	if(buff == NULL || buff_len < SSH_PROTOCOL_FIELD_LEN)
 	{
 		return -1;