From 0c181467c297e2b6f872ec65944547ed07794a88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E5=AD=A6=E5=88=A9?= <liuxueli@geedgenetworks.com>
Date: Mon, 16 May 2022 02:15:23 +0000
Subject: [PATCH] =?UTF-8?q?TSG-10110:=20=E6=94=AF=E6=8C=81=E5=9C=A8?=
 =?UTF-8?q?=E7=AD=96=E7=95=A5=E6=97=A5=E5=BF=97=E4=B8=AD=E5=A1=AB=E5=85=85?=
 =?UTF-8?q?RDP=E5=8D=8F=E8=AE=AE=E5=AD=97=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitlab-ci.yml    |  2 +-
 inc/tsg_label.h   |  1 +
 src/tsg_entry.cpp | 35 ++++++++++++++++++++++++++++++-----
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 03ab647..1a08d5f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@ variables:
   BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
   BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
   INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
-  INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel
+  INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel
 
 stages:
 - build
diff --git a/inc/tsg_label.h b/inc/tsg_label.h
index 10cbf57..ea82160 100644
--- a/inc/tsg_label.h
+++ b/inc/tsg_label.h
@@ -34,6 +34,7 @@ typedef enum _tsg_protocol
    PROTO_L2TP,
    PROTO_PPTP,
    PROTO_STRATUM,
+   PROTO_RDP,
    PROTO_MAX
 }tsg_protocol_t;
 
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 106e7a1..c93ea33 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -5,6 +5,7 @@
 #include <sys/time.h>
 #include <unistd.h>
 
+#include <MESA/rdp.h>
 #include <MESA/http.h>
 #include <MESA/ftp.h>
 #include <MESA/ssl.h>
@@ -120,7 +121,8 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
 										 {PROTO_APP, 	0,	"BASE"},
 										 {PROTO_L2TP, 	0,	"L2TP"},
 										 {PROTO_PPTP, 	0,	"PPTP"},
-										 {PROTO_STRATUM, 	0,	"Stratum"}
+										 {PROTO_STRATUM, 	0,	"Stratum"},
+										 {PROTO_RDP, 	0,	"RDP"}
 										};
 
 #define	DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID	1
@@ -561,9 +563,10 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
 		switch(proto)
 		{
 			case	PROTO_SSH:
+			case	PROTO_RDP:
 			case	PROTO_STRATUM:
 					notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
-					if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM))
+					if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM  || notify->protocol== PROTO_RDP))
 					{
 						TLD_handle = TLD_duplicate(notify->pdata.TLD_handle);
 						if (TLD_handle!=NULL)
@@ -1435,6 +1438,16 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
 				}
 			}
 
+			if(g_tsg_para.proto_flag&(1<<PROTO_RDP))  //RDP
+			{
+				ret=rdp_protocol_identify((const char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, (unsigned int)a_stream->threadnum);
+				if(ret==1)
+				{
+					context->proto=PROTO_RDP;
+					return 1;
+				}
+			}
+
 			break;
 		case	STREAM_TYPE_UDP:
 			if(g_tsg_para.proto_flag&(1<<PROTO_DNS))  //dns
@@ -1477,7 +1490,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
 				unsigned char sip_ret=0;
 				char *from=NULL, *to=NULL;
 				unsigned int from_len=0, to_len=0;
-				sip_ret=sip_identify_from_to((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &from, &from_len, &to, &to_len);
+				sip_ret=sip_identify_from_to((char *)a_stream->pudpdetail->pdata, (unsigned int)a_stream->pudpdetail->datalen, &from, &from_len, &to, &to_len);
 				if(sip_ret==SIP_TRUE)
 				{
 					context->proto=PROTO_SIP;
@@ -1485,6 +1498,17 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
 				
 				return 1;
 			}
+
+			if(g_tsg_para.proto_flag&(1<<PROTO_RDP))  //RDP
+			{
+				ret=rdp_protocol_identify((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, (unsigned int)a_stream->threadnum);
+				if(ret==1)
+				{
+					context->proto=PROTO_RDP;
+					return 1;
+				}
+			}
+						
 			break;
 		default:
 			break;
@@ -1807,7 +1831,8 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c
 		context->proto!=PROTO_UNKONWN &&
 		context->proto!=PROTO_APP &&
 		context->proto!=PROTO_SSH &&
-		context->proto!=PROTO_STRATUM)	// business deal action of monitor 
+		context->proto!=PROTO_STRATUM &&
+		context->proto!=PROTO_RDP)	// business deal action of monitor 
 	{
 		hit_num=0;
 	}
@@ -2137,7 +2162,7 @@ extern "C" int TSG_MASTER_INIT()
 	g_tsg_para.default_vlan.num=1;
 	MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2);
 
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;Stratum;");
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;Stratum;RDP;");
 	tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
 
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);