TSG-10533: 增加日志公共字段common_app_identify_info,用于展示APP识别的过程
This commit is contained in:
liuxueli
@@ -109,3 +109,4 @@ STRING l2tp_version 97
|
|||||||
STRING common_packet_capture_file 98
|
STRING common_packet_capture_file 98
|
||||||
STRING common_app_behavior 99
|
STRING common_app_behavior 99
|
||||||
STRING http_url 100
|
STRING http_url 100
|
||||||
|
STRING common_app_identify_info 101
|
||||||
|
|||||||
@@ -494,6 +494,23 @@ static int get_default_policy(int compile_id, struct Maat_rule_t *result)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int get_packet_sequence(const struct streaminfo *a_stream)
|
||||||
|
{
|
||||||
|
unsigned int packet_sequence=0;
|
||||||
|
unsigned long long value=0;
|
||||||
|
int value_len=sizeof(unsigned long long);
|
||||||
|
|
||||||
|
value=0;
|
||||||
|
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len);
|
||||||
|
packet_sequence+=(unsigned int)value;
|
||||||
|
|
||||||
|
value=0;
|
||||||
|
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
|
||||||
|
packet_sequence+=(unsigned int)value;
|
||||||
|
|
||||||
|
return packet_sequence;
|
||||||
|
}
|
||||||
|
|
||||||
static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
|
static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
|
||||||
{
|
{
|
||||||
if(after_n_packets<=0 || a_stream->pdetail==NULL)
|
if(after_n_packets<=0 || a_stream->pdetail==NULL)
|
||||||
@@ -935,6 +952,26 @@ static void copy_bypass_result(const struct streaminfo *a_stream, struct master_
|
|||||||
return ;
|
return ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int copy_app_result(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence)
|
||||||
|
{
|
||||||
|
int i=0;
|
||||||
|
for(i=0; (i < identify_result->app_id_num) && i<MAX_APP_ID_NUM && (gather_result->app_num < MAX_APP_ID_NUM); i++)
|
||||||
|
{
|
||||||
|
if(gather_result->attributes[i].app_id==identify_result->app_id[i] && gather_result->attributes[i].surrogate_id==identify_result->surrogate_id[i])
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
gather_result->origin=identify_result->origin;
|
||||||
|
gather_result->attributes[i].app_id=identify_result->app_id[i];
|
||||||
|
gather_result->attributes[i].surrogate_id=identify_result->surrogate_id[i];
|
||||||
|
gather_result->attributes[i].packet_sequence=packet_sequence;
|
||||||
|
gather_result->app_num++;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int l7_protocol_mapper(const char *filename)
|
static int l7_protocol_mapper(const char *filename)
|
||||||
{
|
{
|
||||||
int ret=0;
|
int ret=0;
|
||||||
@@ -1095,16 +1132,18 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
|
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
|
||||||
memset(gather_result, 0, sizeof(struct gather_app_result));
|
memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
|
||||||
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
|
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
|
||||||
|
|
||||||
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
|
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
|
||||||
if(app_id>0)
|
if(app_id>0)
|
||||||
{
|
{
|
||||||
gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1;
|
gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1;
|
||||||
gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id;
|
gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
|
||||||
gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
|
gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=app_id;
|
||||||
|
gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id=0;
|
||||||
|
gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence=get_packet_sequence(a_stream);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@@ -1509,10 +1548,9 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
|
|||||||
if(sip_ret==SIP_TRUE)
|
if(sip_ret==SIP_TRUE)
|
||||||
{
|
{
|
||||||
context->proto=PROTO_SIP;
|
context->proto=PROTO_SIP;
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP
|
if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP
|
||||||
{
|
{
|
||||||
@@ -1537,7 +1575,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq)
|
int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct gather_app_result *identify_result, int thread_seq)
|
||||||
{
|
{
|
||||||
int i=0,hit_num=0;
|
int i=0,hit_num=0;
|
||||||
int hited_app_id=0;
|
int hited_app_id=0;
|
||||||
@@ -1547,9 +1585,9 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
|
|||||||
struct app_id_dict *dict=NULL;
|
struct app_id_dict *dict=NULL;
|
||||||
struct Maat_rule_t *p_result, *d_result=NULL;
|
struct Maat_rule_t *p_result, *d_result=NULL;
|
||||||
|
|
||||||
for(i=0; i< identify_result->app_id_num; i++)
|
for(i=0; i< identify_result->app_num; i++)
|
||||||
{
|
{
|
||||||
snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]);
|
snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->attributes[i].app_id);
|
||||||
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
|
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
|
||||||
if(dict!=NULL)
|
if(dict!=NULL)
|
||||||
{
|
{
|
||||||
@@ -1559,7 +1597,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
|
|||||||
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq);
|
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq);
|
||||||
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
|
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
|
||||||
|
|
||||||
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq);
|
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->attributes[i].app_id, thread_seq);
|
||||||
after_n_packets=dict->deny_app_para.after_n_packets;
|
after_n_packets=dict->deny_app_para.after_n_packets;
|
||||||
|
|
||||||
set_app_timeout(a_stream, dict, &(context->timeout));
|
set_app_timeout(a_stream, dict, &(context->timeout));
|
||||||
@@ -1567,22 +1605,22 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
name=tsg_l7_protocol_id2name(identify_result->app_id[i]);
|
name=tsg_l7_protocol_id2name(identify_result->attributes[i].app_id);
|
||||||
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq);
|
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->attributes[i].app_id, thread_seq);
|
||||||
}
|
}
|
||||||
|
|
||||||
p_result=tsg_fetch_deny_rule(result, hit_num);
|
p_result=tsg_fetch_deny_rule(result, hit_num);
|
||||||
if(d_result==NULL)
|
if(d_result==NULL)
|
||||||
{
|
{
|
||||||
d_result=p_result;
|
d_result=p_result;
|
||||||
hited_app_id=identify_result->app_id[i];
|
hited_app_id=identify_result->attributes[i].app_id;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(d_result->config_id!=p_result->config_id)
|
if(d_result->config_id!=p_result->config_id)
|
||||||
{
|
{
|
||||||
d_result=p_result;
|
d_result=p_result;
|
||||||
hited_app_id=identify_result->app_id[i];
|
hited_app_id=identify_result->attributes[i].app_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1728,10 +1766,9 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
|||||||
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
||||||
if(gather_result==NULL)
|
if(gather_result==NULL)
|
||||||
{
|
{
|
||||||
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
|
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
|
||||||
memset(gather_result, 0, sizeof(struct gather_app_result));
|
memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
|
||||||
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
|
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
|
||||||
gather_result->origin=ORIGIN_MAX;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
switch(identify_result->origin)
|
switch(identify_result->origin)
|
||||||
@@ -1777,9 +1814,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
gather_result->origin=identify_result->origin;
|
copy_app_result(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream));
|
||||||
|
|
||||||
memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
|
|
||||||
|
|
||||||
if(context->mid==NULL)
|
if(context->mid==NULL)
|
||||||
{
|
{
|
||||||
@@ -1787,7 +1822,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
|||||||
}
|
}
|
||||||
|
|
||||||
record_time_start(&(context->last_scan_time));
|
record_time_start(&(context->last_scan_time));
|
||||||
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum);
|
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, &(gather_result[identify_result->origin]), a_stream->threadnum);
|
||||||
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
|
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
|
||||||
if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
|
if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
|
||||||
{
|
{
|
||||||
@@ -1843,7 +1878,7 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c
|
|||||||
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
||||||
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
|
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
|
||||||
{
|
{
|
||||||
hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result->result[i]), a_stream->threadnum);
|
hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), a_stream->threadnum);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1941,7 +1976,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
|||||||
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
||||||
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
|
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
|
||||||
{
|
{
|
||||||
hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result->result[i]), thread_seq);
|
hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq);
|
||||||
}
|
}
|
||||||
|
|
||||||
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
|
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
|
||||||
|
|||||||
@@ -156,10 +156,18 @@ struct _str2index
|
|||||||
char *type;
|
char *type;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct app_attributes
|
||||||
|
{
|
||||||
|
unsigned int app_id;
|
||||||
|
unsigned int surrogate_id;
|
||||||
|
unsigned int packet_sequence;
|
||||||
|
};
|
||||||
|
|
||||||
struct gather_app_result
|
struct gather_app_result
|
||||||
{
|
{
|
||||||
|
int app_num;
|
||||||
enum APP_IDENTIFY_ORIGIN origin;
|
enum APP_IDENTIFY_ORIGIN origin;
|
||||||
struct app_identify_result result[ORIGIN_MAX];
|
struct app_attributes
|
||||||
attributes[MAX_APP_ID_NUM];
|
attributes[MAX_APP_ID_NUM];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -617,9 +617,75 @@ static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_han
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct app_identify_result *result, TLD_TYPE type)
|
static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result)
|
||||||
{
|
{
|
||||||
if(result==NULL || result->app_id_num<=0)
|
int i=0,j=0,ret=0;
|
||||||
|
char app_name[512]={0};
|
||||||
|
Value array(kArrayType);
|
||||||
|
|
||||||
|
for(i=ORIGIN_USER_DEFINE; i<ORIGIN_MAX; i++)
|
||||||
|
{
|
||||||
|
if(result[i].app_num<=0)
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
Value object(kObjectType);
|
||||||
|
for(j=0; j<result[i].app_num; j++)
|
||||||
|
{
|
||||||
|
ret=tsg_app_id2name(result[i].attributes[j].app_id, app_name, sizeof(app_name), 0);
|
||||||
|
if(ret>0)
|
||||||
|
{
|
||||||
|
add_str_member(_handle, &object, "app_name", app_name);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
object.AddMember("app_name", result[i].attributes[j].app_id, _handle->document->GetAllocator());
|
||||||
|
}
|
||||||
|
object.AddMember("packet_sequence",result[i].attributes[j].packet_sequence, _handle->document->GetAllocator());
|
||||||
|
}
|
||||||
|
|
||||||
|
array.PushBack(object, _handle->document->GetAllocator());
|
||||||
|
}
|
||||||
|
|
||||||
|
TLD_append(_handle, field_name, &array, TLD_TYPE_OBJECT);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result)
|
||||||
|
{
|
||||||
|
int i=0,ret=0;
|
||||||
|
char app_name[512]={0};
|
||||||
|
|
||||||
|
if(result->app_num==0)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
Value array(kArrayType);
|
||||||
|
for(i=0; i<result->app_num; i++)
|
||||||
|
{
|
||||||
|
Value object(kObjectType);
|
||||||
|
ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
|
||||||
|
if(ret>0)
|
||||||
|
{
|
||||||
|
add_str_member(_handle, &object, "app_name", app_name);
|
||||||
|
}
|
||||||
|
object.AddMember("app_id", result->attributes[i].app_id, _handle->document->GetAllocator());
|
||||||
|
object.AddMember("surrogate_id", result->attributes[i].surrogate_id, _handle->document->GetAllocator());
|
||||||
|
object.AddMember("packet_sequence",result->attributes[i].packet_sequence, _handle->document->GetAllocator());
|
||||||
|
array.PushBack(object, _handle->document->GetAllocator());
|
||||||
|
}
|
||||||
|
add_object_member(_handle, app_id_object, field_name, array);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result, TLD_TYPE type)
|
||||||
|
{
|
||||||
|
if(result==NULL || result->app_num<=0)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -628,10 +694,10 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
|
|||||||
char app_name[256]={0};
|
char app_name[256]={0};
|
||||||
|
|
||||||
Value array(kArrayType);
|
Value array(kArrayType);
|
||||||
for(i=0; i<result->app_id_num; i++)
|
for(i=0; i<result->app_num; i++)
|
||||||
{
|
{
|
||||||
memset(app_name, 0, sizeof(app_name));
|
memset(app_name, 0, sizeof(app_name));
|
||||||
tsg_app_id2name(result->app_id[i], app_name, sizeof(app_name), 1);
|
tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
|
||||||
if(strnlen(app_name, sizeof(app_name)) > 0)
|
if(strnlen(app_name, sizeof(app_name)) > 0)
|
||||||
{
|
{
|
||||||
Value app_name_str;
|
Value app_name_str;
|
||||||
@@ -645,7 +711,7 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_l7_protocol(struct app_identify_result *result, char *protocol_list, int protocol_list_len, int *flag)
|
static int get_l7_protocol(struct gather_app_result *result, char *protocol_list, int protocol_list_len, int *flag)
|
||||||
{
|
{
|
||||||
int i=0,offset=0;
|
int i=0,offset=0;
|
||||||
char *name=NULL;
|
char *name=NULL;
|
||||||
@@ -655,10 +721,10 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for(i=0; i<result->app_id_num; i++)
|
for(i=0; i<result->app_num; i++)
|
||||||
{
|
{
|
||||||
(*flag)=1;
|
(*flag)=1;
|
||||||
name=tsg_l7_protocol_id2name(result->app_id[i]);
|
name=tsg_l7_protocol_id2name(result->attributes[i].app_id);
|
||||||
if(name!=NULL)
|
if(name!=NULL)
|
||||||
{
|
{
|
||||||
if(i>0 && offset>0 && (protocol_list_len-offset)>0)
|
if(i>0 && offset>0 && (protocol_list_len-offset)>0)
|
||||||
@@ -673,35 +739,38 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int get_max_app_id(unsigned int *app_id_array, int app_id_num)
|
static unsigned int get_userdefine_name(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
|
||||||
{
|
{
|
||||||
if(app_id_num<=0)
|
if((*flag)==1 || result->app_num<=0)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int i=0;
|
int i=0;
|
||||||
unsigned int max_app_id=app_id_array[0];
|
unsigned int max_app_id=0;
|
||||||
|
|
||||||
for(i=1; i< app_id_num; i++)
|
for(i=0; i< result->app_num; i++)
|
||||||
{
|
{
|
||||||
if(max_app_id<app_id_array[i])
|
if(max_app_id < result->attributes[i].app_id)
|
||||||
{
|
{
|
||||||
max_app_id=app_id_array[i];
|
max_app_id=result->attributes[i].app_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
(*flag)=1;
|
||||||
|
tsg_app_id2name(max_app_id, app_name, app_name_len, is_joint_parent);
|
||||||
|
|
||||||
return max_app_id;
|
return max_app_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_app_id(struct app_identify_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag)
|
static int get_app_id(struct gather_app_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag)
|
||||||
{
|
{
|
||||||
if(result->app_id_num>0 && (*flag)==0)
|
if(result->app_num>0 && (*flag)==0)
|
||||||
{
|
{
|
||||||
(*flag)=1;
|
(*flag)=1;
|
||||||
(*app_id)=result->app_id[result->app_id_num-1];
|
(*app_id)=result->attributes[result->app_num-1].app_id;
|
||||||
(*surrogate_id)=result->surrogate_id[result->app_id_num-1];
|
(*surrogate_id)=result->attributes[result->app_num-1].surrogate_id;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -709,40 +778,17 @@ static int get_app_id(struct app_identify_result *result, unsigned int *app_id,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct app_identify_result *result)
|
static int get_app_name_list(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
|
||||||
{
|
|
||||||
int i=0;
|
|
||||||
|
|
||||||
if(result->app_id_num==0)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
Value array(kArrayType);
|
|
||||||
for(i=0; i<result->app_id_num; i++)
|
|
||||||
{
|
|
||||||
Value object(kObjectType);
|
|
||||||
object.AddMember("app_id", result->app_id[i], _handle->document->GetAllocator());
|
|
||||||
object.AddMember("surrogate_id", result->surrogate_id[i], _handle->document->GetAllocator());
|
|
||||||
array.PushBack(object, _handle->document->GetAllocator());
|
|
||||||
}
|
|
||||||
add_object_member(_handle, app_id_object, field_name, array);
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int get_app_name_list(unsigned int *app_id_array, int app_id_num, char *app_name, int app_name_len, int *flag, int is_joint_parent)
|
|
||||||
{
|
{
|
||||||
int i=0;
|
int i=0;
|
||||||
int offset=0;
|
int offset=0;
|
||||||
|
|
||||||
if((*flag)==1 || app_id_num<=0)
|
if((*flag)==1 || result->app_num<=0)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
//for(i=0; i<app_id_num; i++)
|
for(i=result->app_num-1; i<result->app_num; i++)
|
||||||
for(i=app_id_num-1; i<app_id_num; i++)
|
|
||||||
{
|
{
|
||||||
(*flag)=1;
|
(*flag)=1;
|
||||||
|
|
||||||
@@ -752,7 +798,7 @@ static int get_app_name_list(unsigned int *app_id_array, int app_id_num, char *a
|
|||||||
offset++;
|
offset++;
|
||||||
}
|
}
|
||||||
|
|
||||||
offset+=tsg_app_id2name(app_id_array[i], app_name+offset, app_name_len-offset, is_joint_parent);
|
offset+=tsg_app_id2name(result->attributes[i].app_id, app_name+offset, app_name_len-offset, is_joint_parent);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
@@ -763,21 +809,20 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
|||||||
int app_id_flag=0;
|
int app_id_flag=0;
|
||||||
int l7_protocol_flag=0;
|
int l7_protocol_flag=0;
|
||||||
char app_name[512]={0};
|
char app_name[512]={0};
|
||||||
unsigned int max_app_id=0;
|
|
||||||
char protocol_list[256]={0};
|
char protocol_list[256]={0};
|
||||||
|
|
||||||
unsigned int one_app_id=0;
|
unsigned int one_app_id=0;
|
||||||
unsigned int one_surrogate_id=0;
|
unsigned int one_surrogate_id=0;
|
||||||
struct gather_app_result *label=NULL;
|
struct gather_app_result *gather_result=NULL;
|
||||||
|
|
||||||
label=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
|
gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
|
||||||
if(label==NULL)
|
if(gather_result==NULL)
|
||||||
{
|
{
|
||||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
|
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
|
get_l7_protocol(&(gather_result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
|
||||||
if(l7_protocol_flag==1)
|
if(l7_protocol_flag==1)
|
||||||
{
|
{
|
||||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
|
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
|
||||||
@@ -789,9 +834,9 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
|||||||
|
|
||||||
if(_instance->app_id_type==0) // int
|
if(_instance->app_id_type==0) // int
|
||||||
{
|
{
|
||||||
get_app_id(&(label->result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
|
get_app_id(&(gather_result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
|
||||||
get_app_id(&(label->result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag);
|
get_app_id(&(gather_result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag);
|
||||||
get_app_id(&(label->result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
|
get_app_id(&(gather_result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
|
||||||
|
|
||||||
if(app_id_flag==1)
|
if(app_id_flag==1)
|
||||||
{
|
{
|
||||||
@@ -801,32 +846,28 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
|||||||
}
|
}
|
||||||
else //string
|
else //string
|
||||||
{
|
{
|
||||||
set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(label->result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG);
|
set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG);
|
||||||
|
|
||||||
max_app_id=get_max_app_id(label->result[ORIGIN_USER_DEFINE].app_id, label->result[ORIGIN_USER_DEFINE].app_id_num);
|
get_userdefine_name(&(gather_result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 0);
|
||||||
if(max_app_id>0)
|
|
||||||
|
if(app_id_flag!=1)
|
||||||
{
|
{
|
||||||
get_app_name_list(&max_app_id, 1, app_name, sizeof(app_name), &app_id_flag, 0);
|
get_app_name_list(&(gather_result[ORIGIN_BUILT_IN]), app_name, sizeof(app_name), &app_id_flag, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(app_id_flag!=1)
|
if(app_id_flag!=1)
|
||||||
{
|
{
|
||||||
get_app_name_list(label->result[ORIGIN_BUILT_IN].app_id, label->result[ORIGIN_BUILT_IN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
|
get_app_name_list(&(gather_result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(app_id_flag!=1)
|
if(app_id_flag!=1)
|
||||||
{
|
{
|
||||||
get_app_name_list(label->result[ORIGIN_DKPT].app_id, label->result[ORIGIN_DKPT].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
|
get_app_name_list(&(gather_result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(app_id_flag!=1)
|
if(app_id_flag!=1)
|
||||||
{
|
{
|
||||||
get_app_name_list(label->result[ORIGIN_QM_ENGINE].app_id, label->result[ORIGIN_QM_ENGINE].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
|
get_app_name_list(&(gather_result[ORIGIN_UNKNOWN]), app_name, sizeof(app_name), &app_id_flag, 0);
|
||||||
}
|
|
||||||
|
|
||||||
if(app_id_flag!=1)
|
|
||||||
{
|
|
||||||
get_app_name_list(label->result[ORIGIN_UNKNOWN].app_id, label->result[ORIGIN_UNKNOWN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(app_id_flag==1)
|
if(app_id_flag==1)
|
||||||
@@ -837,12 +878,14 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
|||||||
}
|
}
|
||||||
|
|
||||||
Value app_id_object(kObjectType);
|
Value app_id_object(kObjectType);
|
||||||
get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(label->result[ORIGIN_USER_DEFINE]));
|
get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(gather_result[ORIGIN_USER_DEFINE]));
|
||||||
get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(label->result[ORIGIN_BUILT_IN]));
|
get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(gather_result[ORIGIN_BUILT_IN]));
|
||||||
get_app_id_list(&app_id_object, _handle, "DKPT", &(label->result[ORIGIN_DKPT]));
|
get_app_id_list(&app_id_object, _handle, "DKPT", &(gather_result[ORIGIN_DKPT]));
|
||||||
get_app_id_list(&app_id_object, _handle, "THIRD", &(label->result[ORIGIN_QM_ENGINE]));
|
get_app_id_list(&app_id_object, _handle, "THIRD", &(gather_result[ORIGIN_QM_ENGINE]));
|
||||||
get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(label->result[ORIGIN_UNKNOWN]));
|
get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result[ORIGIN_UNKNOWN]));
|
||||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
|
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
|
||||||
|
|
||||||
|
set_app_identify_info(_handle, _instance->id2field[LOG_COMMON_APP_IDENTIFY_INFO].name, gather_result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -126,6 +126,7 @@ typedef enum _tsg_log_field_id
|
|||||||
LOG_COMMON_PACKET_CAPTURE_FILE,
|
LOG_COMMON_PACKET_CAPTURE_FILE,
|
||||||
LOG_COMMON_APPLICATION_BEHAVIOR,
|
LOG_COMMON_APPLICATION_BEHAVIOR,
|
||||||
LOG_HTTP_URL,
|
LOG_HTTP_URL,
|
||||||
|
LOG_COMMON_APP_IDENTIFY_INFO,
|
||||||
LOG_COMMON_MAX
|
LOG_COMMON_MAX
|
||||||
}tsg_log_field_id_t;
|
}tsg_log_field_id_t;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user