gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-10533: 增加日志公共字段common_app_identify_info,用于展示APP识别的过程

Browse Source
This commit is contained in:
liuxueli
2022-06-02 16:57:11 +08:00
parent 0af47e8a49
commit 0d47ea1fa2
5 changed files with 627 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tsg_log_field.conf
View File

@@ -109,3 +109,4 @@ STRING l2tp_version 97
STRING common_packet_capture_file 98 STRING common_packet_capture_file 98
STRING common_app_behavior 99 STRING common_app_behavior 99
STRING http_url 100 STRING http_url 100
STRING common_app_identify_info 101

87
src/tsg_entry.cpp
View File

@@ -494,6 +494,23 @@ static int get_default_policy(int compile_id, struct Maat_rule_t *result)
return 0; return 0;
} }
static int get_packet_sequence(const struct streaminfo *a_stream)
{
unsigned int packet_sequence=0;
unsigned long long value=0;
int value_len=sizeof(unsigned long long);
value=0;
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len);
packet_sequence+=(unsigned int)value;
value=0;
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
packet_sequence+=(unsigned int)value;
return packet_sequence;
}
static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets) static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
{ {
if(after_n_packets<=0 || a_stream->pdetail==NULL) if(after_n_packets<=0 || a_stream->pdetail==NULL)
@@ -935,6 +952,26 @@ static void copy_bypass_result(const struct streaminfo *a_stream, struct master_
return ; return ;
} }
int copy_app_result(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence)
{
int i=0;
for(i=0; (i < identify_result->app_id_num) && i<MAX_APP_ID_NUM && (gather_result->app_num < MAX_APP_ID_NUM); i++)
{
if(gather_result->attributes[i].app_id==identify_result->app_id[i] && gather_result->attributes[i].surrogate_id==identify_result->surrogate_id[i])
{
continue;
}
gather_result->origin=identify_result->origin;
gather_result->attributes[i].app_id=identify_result->app_id[i];
gather_result->attributes[i].surrogate_id=identify_result->surrogate_id[i];
gather_result->attributes[i].packet_sequence=packet_sequence;
gather_result->app_num++;
}
return 0;
}
static int l7_protocol_mapper(const char *filename) static int l7_protocol_mapper(const char *filename)
{ {
int ret=0; int ret=0;
@@ -1095,16 +1132,18 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol
return 0; return 0;
} }
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
memset(gather_result, 0, sizeof(struct gather_app_result)); memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
if(app_id>0) if(app_id>0)
{ {
gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1; gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1;
gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id; gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=app_id;
gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id=0;
gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence=get_packet_sequence(a_stream);
} }
return 0; return 0;
@@ -1509,9 +1548,8 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
if(sip_ret==SIP_TRUE) if(sip_ret==SIP_TRUE)
{ {
context->proto=PROTO_SIP; context->proto=PROTO_SIP;
} return 1;
}
return 1;
} }
if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP
@@ -1537,7 +1575,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
return ret; return ret;
} }
int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq) int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct gather_app_result *identify_result, int thread_seq)
{ {
int i=0,hit_num=0; int i=0,hit_num=0;
int hited_app_id=0; int hited_app_id=0;
@@ -1547,9 +1585,9 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
struct app_id_dict *dict=NULL; struct app_id_dict *dict=NULL;
struct Maat_rule_t *p_result, *d_result=NULL; struct Maat_rule_t *p_result, *d_result=NULL;
for(i=0; i< identify_result->app_id_num; i++) for(i=0; i< identify_result->app_num; i++)
{ {
snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]); snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->attributes[i].app_id);
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
if(dict!=NULL) if(dict!=NULL)
{ {
@@ -1559,7 +1597,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq); hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq); hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq); hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->attributes[i].app_id, thread_seq);
after_n_packets=dict->deny_app_para.after_n_packets; after_n_packets=dict->deny_app_para.after_n_packets;
set_app_timeout(a_stream, dict, &(context->timeout)); set_app_timeout(a_stream, dict, &(context->timeout));
@@ -1567,22 +1605,22 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
} }
else else
{ {
name=tsg_l7_protocol_id2name(identify_result->app_id[i]); name=tsg_l7_protocol_id2name(identify_result->attributes[i].app_id);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq); hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->attributes[i].app_id, thread_seq);
} }
p_result=tsg_fetch_deny_rule(result, hit_num); p_result=tsg_fetch_deny_rule(result, hit_num);
if(d_result==NULL) if(d_result==NULL)
{ {
d_result=p_result; d_result=p_result;
hited_app_id=identify_result->app_id[i]; hited_app_id=identify_result->attributes[i].app_id;
continue; continue;
} }
if(d_result->config_id!=p_result->config_id) if(d_result->config_id!=p_result->config_id)
{ {
d_result=p_result; d_result=p_result;
hited_app_id=identify_result->app_id[i]; hited_app_id=identify_result->attributes[i].app_id;
} }
} }
@@ -1590,7 +1628,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
{ {
if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL) if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL)
{ {
context->hited_app_id=hited_app_id; context->hited_app_id=hited_app_id;
} }
context->hited_para.hited_app_id=hited_app_id; context->hited_para.hited_app_id=hited_app_id;
@@ -1728,10 +1766,9 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
if(gather_result==NULL) if(gather_result==NULL)
{ {
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
memset(gather_result, 0, sizeof(struct gather_app_result)); memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
gather_result->origin=ORIGIN_MAX;
} }
switch(identify_result->origin) switch(identify_result->origin)
@@ -1777,9 +1814,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
return 0; return 0;
} }
gather_result->origin=identify_result->origin; copy_app_result(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream));
memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
if(context->mid==NULL) if(context->mid==NULL)
{ {
@@ -1787,7 +1822,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
} }
record_time_start(&(context->last_scan_time)); record_time_start(&(context->last_scan_time));
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum); hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, &(gather_result[identify_result->origin]), a_stream->threadnum);
p_result=tsg_policy_decision_criteria(scan_result, hit_num); p_result=tsg_policy_decision_criteria(scan_result, hit_num);
if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1)) if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
{ {
@@ -1843,7 +1878,7 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++) for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
{ {
hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result->result[i]), a_stream->threadnum); hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), a_stream->threadnum);
} }
@@ -1941,7 +1976,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++) for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
{ {
hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result->result[i]), thread_seq); hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq);
} }
p_result=tsg_policy_decision_criteria(scan_result, hit_num); p_result=tsg_policy_decision_criteria(scan_result, hit_num);

892
src/tsg_entry.h
View File

@@ -1,442 +1,450 @@
#ifndef __TSG_ENTRY_H__ #ifndef __TSG_ENTRY_H__
#define __TSG_ENTRY_H__ #define __TSG_ENTRY_H__
#include <sys/socket.h> #include <sys/socket.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/ip6.h> #include <netinet/ip6.h>
#include <MESA/dns.h> #include <MESA/dns.h>
#include <MESA/Maat_rule.h> #include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h> #include <MESA/field_stat2.h>
#include <ctemplate/template.h> #include <ctemplate/template.h>
#include "uthash.h" #include "uthash.h"
#include "tsg_rule.h" #include "tsg_rule.h"
#include "app_label.h" #include "app_label.h"
#include "tsg_label.h" #include "tsg_label.h"
#include "tsg_statistic.h" #include "tsg_statistic.h"
#include "tsg_leaky_bucket.h" #include "tsg_leaky_bucket.h"
#include "tsg_protocol_common.h" #include "tsg_protocol_common.h"
#include "tsg_send_log_internal.h" #include "tsg_send_log_internal.h"
#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411) #if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
#define atomic_inc(x) __sync_add_and_fetch((x),1) #define atomic_inc(x) __sync_add_and_fetch((x),1)
#define atomic_dec(x) __sync_sub_and_fetch((x),1) #define atomic_dec(x) __sync_sub_and_fetch((x),1)
#define atomic_add(x,y) __sync_add_and_fetch((x),(y)) #define atomic_add(x,y) __sync_add_and_fetch((x),(y))
#define atomic_sub(x,y) __sync_sub_and_fetch((x),(y)) #define atomic_sub(x,y) __sync_sub_and_fetch((x),(y))
typedef int atomic_t; typedef int atomic_t;
#define ATOMIC_INIT(i) { (i) } #define ATOMIC_INIT(i) { (i) }
#define atomic_read(x) __sync_add_and_fetch((x),0) #define atomic_read(x) __sync_add_and_fetch((x),0)
#define atomic_set(x,y) __sync_lock_test_and_set((x),y) #define atomic_set(x,y) __sync_lock_test_and_set((x),y)
#else #else
#include <alsa/iatomic.h> #include <alsa/iatomic.h>
#endif #endif
#ifndef MIN #ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b)) #define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif #endif
#ifndef PRINTADDR #ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "") #define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif #endif
#ifndef FLAG_FALSE #ifndef FLAG_FALSE
#define FLAG_FALSE 0 #define FLAG_FALSE 0
#endif #endif
#ifndef FLAG_TRUE #ifndef FLAG_TRUE
#define FLAG_TRUE 1 #define FLAG_TRUE 1
#endif #endif
#define APP_SCAN_FLAG_STOP 0 #define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1 #define APP_SCAN_FLAG_CONTINUE 1
enum DEPLOY_MODE enum DEPLOY_MODE
{ {
DEPLOY_MODE_MIRROR, DEPLOY_MODE_MIRROR,
DEPLOY_MODE_INLINE, DEPLOY_MODE_INLINE,
DEPLOY_MODE_TRANSPARENT, DEPLOY_MODE_TRANSPARENT,
DEPLOY_MODE_MAX DEPLOY_MODE_MAX
}; };
enum MASTER_TABLE{ enum MASTER_TABLE{
TABLE_SECURITY_COMPILE=0, TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR, TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID, TABLE_SUBSCRIBER_ID,
TABLE_APP_ID, TABLE_APP_ID,
TABLE_HTTP_HOST, TABLE_HTTP_HOST,
TABLE_SSL_SNI, TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI, TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN, TABLE_SRC_ASN,
TABLE_DST_ASN, TABLE_DST_ASN,
TABLE_SRC_LOCATION, TABLE_SRC_LOCATION,
TABLE_DST_LOCATION, TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED, TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN, TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED, TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN, TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI, TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID, TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED, TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN, TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT, TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID, TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES, TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN, TABLE_GTP_APN,
TABLE_GTP_IMSI, TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER, TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES, TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD, TABLE_DNS_PROFILE_RECORD,
TABLE_PROFILE_MIRROR, TABLE_PROFILE_MIRROR,
TABLE_HTTP_URL, TABLE_HTTP_URL,
TABLE_MAX TABLE_MAX
}; };
enum TSG_FS2_TYPE{ enum TSG_FS2_TYPE{
TSG_FS2_TCP_LINKS=0, TSG_FS2_TCP_LINKS=0,
TSG_FS2_UDP_LINKS, TSG_FS2_UDP_LINKS,
TSG_FS2_BYPASS, TSG_FS2_BYPASS,
TSG_FS2_HIT_ADDR, TSG_FS2_HIT_ADDR,
TSG_FS2_HIT_SHARE, TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT, TSG_FS2_INTERCEPT,
TSG_FS2_EXCLUSION, TSG_FS2_EXCLUSION,
TSG_FS2_APP_DPKT_RESULT, TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT, TSG_FS2_APP_Q_RESULT,
TSG_FS2_APP_USER_RESULT, TSG_FS2_APP_USER_RESULT,
TSG_FS2_APP_BUILT_IN_RESULT, TSG_FS2_APP_BUILT_IN_RESULT,
TSG_FS2_INJECT_PKT_SUCCESS, TSG_FS2_INJECT_PKT_SUCCESS,
TSG_FS2_INJECT_PKT_FAILED, TSG_FS2_INJECT_PKT_FAILED,
TSG_FS2_MIRRORED_PKT_SUCCESS, TSG_FS2_MIRRORED_PKT_SUCCESS,
TSG_FS2_MIRRORED_BYTE_SUCCESS, TSG_FS2_MIRRORED_BYTE_SUCCESS,
TSG_FS2_MIRRORED_PKT_FAILED, TSG_FS2_MIRRORED_PKT_FAILED,
TSG_FS2_MIRRORED_BYTE_FAILED, TSG_FS2_MIRRORED_BYTE_FAILED,
TSG_FS2_SET_TIMOUT_SUCCESS, TSG_FS2_SET_TIMOUT_SUCCESS,
TSG_FS2_SET_TIMOUT_FAILED, TSG_FS2_SET_TIMOUT_FAILED,
TSG_FS2_SUCESS_TAMPER, TSG_FS2_SUCESS_TAMPER,
TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
TSG_FS2_TAMPER_FAILED_NOSWAP, TSG_FS2_TAMPER_FAILED_NOSWAP,
TSG_FS2_MAX TSG_FS2_MAX
}; };
enum TSG_ATTRIBUTE_TYPE enum TSG_ATTRIBUTE_TYPE
{ {
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0, TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
TSG_ATTRIBUTE_TYPE_PROTOCOL, TSG_ATTRIBUTE_TYPE_PROTOCOL,
TSG_ATTRIBUTE_TYPE_JA3_HASH, TSG_ATTRIBUTE_TYPE_JA3_HASH,
TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO, TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
TSG_ATTRIBUTE_TYPE_LOCATION, TSG_ATTRIBUTE_TYPE_LOCATION,
TSG_ATTRIBUTE_TYPE_ASN, TSG_ATTRIBUTE_TYPE_ASN,
TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID, TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
TSG_ATTRIBUTE_TYPE_CATEGORY_ID, TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
_MAX_TSG_ATTRIBUTE_TYPE _MAX_TSG_ATTRIBUTE_TYPE
}; };
enum HTTP_RESPONSE_FORMAT enum HTTP_RESPONSE_FORMAT
{ {
HTTP_RESPONSE_FORMAT_TEMPLATE=0, HTTP_RESPONSE_FORMAT_TEMPLATE=0,
HTTP_RESPONSE_FORMAT_HTML HTTP_RESPONSE_FORMAT_HTML
}; };
enum BRIDGE_TYPE enum BRIDGE_TYPE
{ {
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0, BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA, BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT, BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT,
BRIDGE_TYPE_APP_IDENTIFY_RESULT, BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_APP_BEHAVIOR_RESULT, BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
BRIDGE_TYPE_MAX BRIDGE_TYPE_MAX
}; };
struct _str2index struct _str2index
{ {
int index; int index;
int len; int len;
char *type; char *type;
}; };
struct gather_app_result struct app_attributes
{ {
enum APP_IDENTIFY_ORIGIN origin; unsigned int app_id;
struct app_identify_result result[ORIGIN_MAX]; unsigned int surrogate_id;
}; unsigned int packet_sequence;
};
struct l7_protocol
{ struct gather_app_result
int id; /* first key */ {
char name[32]; /* second key */ int app_num;
UT_hash_handle hh1; /* handle for first hash table */ enum APP_IDENTIFY_ORIGIN origin;
UT_hash_handle hh2; /* handle for second hash table */ struct app_attributes
}; attributes[MAX_APP_ID_NUM];
};
struct fqdn_category
{ struct l7_protocol
int ref_cnt; {
unsigned int category_id; int id; /* first key */
}; char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
struct http_response_pages UT_hash_handle hh2; /* handle for second hash table */
{ };
int profile_id;
int content_len; struct fqdn_category
int ref_cnt; {
enum HTTP_RESPONSE_FORMAT format; int ref_cnt;
char *content; unsigned int category_id;
}; };
struct app_id_dict struct http_response_pages
{ {
int ref_cnt; int profile_id;
int app_id; int content_len;
int parent_app_id; int ref_cnt;
int continue_scanning; enum HTTP_RESPONSE_FORMAT format;
unsigned short tcp_timeout; char *content;
unsigned short udp_timeout; };
int tcp_time_wait;
int tcp_half_close; struct app_id_dict
char *risk; {
char *app_name; int ref_cnt;
char *parent_app_name; int app_id;
char *category; int parent_app_id;
char *subcategroy; int continue_scanning;
char *technology; unsigned short tcp_timeout;
char *characteristics; unsigned short udp_timeout;
struct deny_user_region deny_app_para; int tcp_time_wait;
}; int tcp_half_close;
char *risk;
struct hited_app_para char *app_name;
{ char *parent_app_name;
int hited_app_id; char *category;
int after_n_packets; char *subcategroy;
}; char *technology;
char *characteristics;
struct master_context struct deny_user_region deny_app_para;
{ };
unsigned char is_esni;
unsigned char is_log; struct hited_app_para
unsigned char is_dropme; {
unsigned char deal_pkt_num; int hited_app_id;
unsigned char is_app_link; int after_n_packets;
unsigned char pad; };
unsigned short timeout;
tsg_protocol_t proto; struct master_context
int hit_cnt; {
int hited_app_id; unsigned char is_esni;
unsigned int quic_version; unsigned char is_log;
char *domain; unsigned char is_dropme;
union unsigned char deal_pkt_num;
{ unsigned char is_app_link;
char *http_url; unsigned char pad;
char *quic_ua; unsigned short timeout;
void *para; tsg_protocol_t proto;
}; int hit_cnt;
scan_status_t mid; int hited_app_id;
struct Maat_rule_t *result; unsigned int quic_version;
struct hited_app_para hited_para; char *domain;
struct timespec last_scan_time; union
}; {
char *http_url;
struct tcpall_context char *quic_ua;
{ void *para;
int set_latency_flag; };
enum TSG_METHOD_TYPE method_type; scan_status_t mid;
union struct Maat_rule_t *result;
{ struct hited_app_para hited_para;
struct leaky_bucket *bucket; struct timespec last_scan_time;
long tamper_count; };
int after_n_packets;
struct hited_app_para hited_para; struct tcpall_context
void *para; {
}; int set_latency_flag;
}; enum TSG_METHOD_TYPE method_type;
union
struct reset_argv {
{ struct leaky_bucket *bucket;
int pkt_num; long tamper_count;
int seed1; int after_n_packets;
int seed2; struct hited_app_para hited_para;
int th_flags; void *para;
int dir; };
int remedy; };
};
struct reset_argv
#define _MAX_TABLE_NAME_LEN 64 {
typedef struct tsg_para int pkt_num;
{ int seed1;
int level; int seed2;
short mirror_switch; int th_flags;
unsigned short timeout; int dir;
int dynamic_maat_switch; int remedy;
int location_field_num; };
int app_dict_field_num;
int device_seq_in_dc; #define _MAX_TABLE_NAME_LEN 64
int datacenter_id; typedef struct tsg_para
int hash_timeout; {
int hash_slot_size; int level;
int feature_tamper; short mirror_switch;
enum DEPLOY_MODE deploy_mode; unsigned short timeout;
int scan_time_interval; int dynamic_maat_switch;
int identify_app_max_pkt_num; int location_field_num;
int unknown_app_id; int app_dict_field_num;
int hit_path_switch; int device_seq_in_dc;
int default_compile_id; int datacenter_id;
int table_id[TABLE_MAX]; int hash_timeout;
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP int hash_slot_size;
int priority_project_id; int feature_tamper;
int session_attribute_project_id; enum DEPLOY_MODE deploy_mode;
int context_project_id; int scan_time_interval;
int tcpall_project_id; int identify_app_max_pkt_num;
int gather_app_project_id; int unknown_app_id;
int bridge_id[BRIDGE_TYPE_MAX]; int hit_path_switch;
int proto_flag; //tsg_protocol_t int default_compile_id;
int fs2_field_id[TSG_FS2_MAX]; int table_id[TABLE_MAX];
char device_sn[MAX_DOMAIN_LEN/8]; int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
char log_path[MAX_DOMAIN_LEN/8]; int priority_project_id;
char device_id_command[MAX_DOMAIN_LEN/8]; int session_attribute_project_id;
char data_center[_MAX_TABLE_NAME_LEN]; int context_project_id;
char device_tag[MAX_DOMAIN_LEN/2]; int tcpall_project_id;
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; int gather_app_project_id;
char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN]; int bridge_id[BRIDGE_TYPE_MAX];
void *logger; int proto_flag; //tsg_protocol_t
void *maat_logger; int fs2_field_id[TSG_FS2_MAX];
struct reset_argv reset; char device_sn[MAX_DOMAIN_LEN/8];
struct mirrored_vlan default_vlan; char log_path[MAX_DOMAIN_LEN/8];
screen_stat_handle_t fs2_handle; char device_id_command[MAX_DOMAIN_LEN/8];
struct l7_protocol *name_by_id; char data_center[_MAX_TABLE_NAME_LEN];
struct l7_protocol *id_by_name; char device_tag[MAX_DOMAIN_LEN/2];
struct traffic_mirror *mirror_handle; char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
ctemplate::Template *tpl_403,*tpl_404; char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
ctemplate::Template *tpl_200,*tpl_204; void *logger;
ctemplate::Template *tpl_303; void *maat_logger;
}g_tsg_para_t; struct reset_argv reset;
struct mirrored_vlan default_vlan;
extern g_tsg_para_t g_tsg_para; screen_stat_handle_t fs2_handle;
extern Maat_feather_t g_tsg_dynamic_maat_feather; struct l7_protocol *name_by_id;
extern id2field_t g_tsg_proto_name2id[PROTO_MAX]; struct l7_protocol *id_by_name;
struct traffic_mirror *mirror_handle;
typedef enum tsg_statis_field_id ctemplate::Template *tpl_403,*tpl_404;
{ ctemplate::Template *tpl_200,*tpl_204;
STATIS_UNKNOWN=0, ctemplate::Template *tpl_303;
STATIS_ENTRANCE_ID=1, }g_tsg_para_t;
STATIS_TOTAL_CON_NUM,
STATIS_NEW_CON_NUM, extern g_tsg_para_t g_tsg_para;
STATIS_ESTABLISHED_CON_NUM, extern Maat_feather_t g_tsg_dynamic_maat_feather;
STATIS_CLOSE_CON_NUM, extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
STATIS_TOTAL_IN_BYTES,
STATIS_TOTAL_OUT_BYTES, typedef enum tsg_statis_field_id
STATIS_TOTAL_IN_PACKETS, {
STATIS_TOTAL_OUT_PACKETS, STATIS_UNKNOWN=0,
STATIS_DEFAULT_CON_NUM, STATIS_ENTRANCE_ID=1,
STATIS_DEFAULT_IN_BYTES, STATIS_TOTAL_CON_NUM,
STATIS_DEFAULT_OUT_BYTES, STATIS_NEW_CON_NUM,
STATIS_DEFAULT_IN_PACKETS, STATIS_ESTABLISHED_CON_NUM,
STATIS_DEFAULT_OUT_PACKETS, STATIS_CLOSE_CON_NUM,
STATIS_ALLOW_CON_NUM, STATIS_TOTAL_IN_BYTES,
STATIS_ALLOW_IN_BYTES, STATIS_TOTAL_OUT_BYTES,
STATIS_ALLOW_OUT_BYTES, STATIS_TOTAL_IN_PACKETS,
STATIS_ALLOW_IN_PACKETS, STATIS_TOTAL_OUT_PACKETS,
STATIS_ALLOW_OUT_PACKETS, STATIS_DEFAULT_CON_NUM,
STATIS_DENY_CON_NUM, STATIS_DEFAULT_IN_BYTES,
STATIS_DENY_IN_BYTES, STATIS_DEFAULT_OUT_BYTES,
STATIS_DENY_OUT_BYTES, STATIS_DEFAULT_IN_PACKETS,
STATIS_DENY_IN_PACKETS, STATIS_DEFAULT_OUT_PACKETS,
STATIS_DENY_OUT_PACKETS, STATIS_ALLOW_CON_NUM,
STATIS_MONITOR_CON_NUM, STATIS_ALLOW_IN_BYTES,
STATIS_MONITOR_IN_BYTES, STATIS_ALLOW_OUT_BYTES,
STATIS_MONITOR_OUT_BYTES, STATIS_ALLOW_IN_PACKETS,
STATIS_MONITOR_IN_PACKETS, STATIS_ALLOW_OUT_PACKETS,
STATIS_MONITOR_OUT_PACKETS, STATIS_DENY_CON_NUM,
STATIS_INTERCEPT_CON_NUM, STATIS_DENY_IN_BYTES,
STATIS_INTERCEPT_IN_BYTES, STATIS_DENY_OUT_BYTES,
STATIS_INTERCEPT_OUT_BYTES, STATIS_DENY_IN_PACKETS,
STATIS_INTERCEPT_IN_PACKETS, STATIS_DENY_OUT_PACKETS,
STATIS_INTERCEPT_OUT_PACKETS, STATIS_MONITOR_CON_NUM,
STATIS_IPV4_IN_BYTES, STATIS_MONITOR_IN_BYTES,
STATIS_IPV4_OUT_BYTES, STATIS_MONITOR_OUT_BYTES,
STATIS_IPV4_IN_PACKETS, STATIS_MONITOR_IN_PACKETS,
STATIS_IPV4_OUT_PACKETS, STATIS_MONITOR_OUT_PACKETS,
STATIS_IPV6_IN_BYTES, STATIS_INTERCEPT_CON_NUM,
STATIS_IPV6_OUT_BYTES, STATIS_INTERCEPT_IN_BYTES,
STATIS_IPV6_IN_PACKETS, STATIS_INTERCEPT_OUT_BYTES,
STATIS_IPV6_OUT_PACKETS, STATIS_INTERCEPT_IN_PACKETS,
STATIS_TCP_NEW_CON_NUM, STATIS_INTERCEPT_OUT_PACKETS,
STATIS_TCP_IN_BYTES, STATIS_IPV4_IN_BYTES,
STATIS_TCP_OUT_BYTES, STATIS_IPV4_OUT_BYTES,
STATIS_TCP_IN_PACKETS, STATIS_IPV4_IN_PACKETS,
STATIS_TCP_OUT_PACKETS, STATIS_IPV4_OUT_PACKETS,
STATIS_UDP_NEW_CON_NUM, STATIS_IPV6_IN_BYTES,
STATIS_UDP_IN_BYTES, STATIS_IPV6_OUT_BYTES,
STATIS_UDP_OUT_BYTES, STATIS_IPV6_IN_PACKETS,
STATIS_UDP_IN_PACKETS, STATIS_IPV6_OUT_PACKETS,
STATIS_UDP_OUT_PACKETS, STATIS_TCP_NEW_CON_NUM,
STATIS_ALERT_BYTES, STATIS_TCP_IN_BYTES,
STATIS_BLOCK_BYTES, STATIS_TCP_OUT_BYTES,
STATIS_PINNING_NUM, STATIS_TCP_IN_PACKETS,
STATIS_MAYBE_PINNING_NUM, STATIS_TCP_OUT_PACKETS,
STATIS_NOT_PINNING_NUM, STATIS_UDP_NEW_CON_NUM,
STATIS_MAX STATIS_UDP_IN_BYTES,
}tsg_statis_field_id_t; STATIS_UDP_OUT_BYTES,
STATIS_UDP_IN_PACKETS,
enum TRAFFIC_INFO_IDX STATIS_UDP_OUT_PACKETS,
{ STATIS_ALERT_BYTES,
TRAFFIC_INFO_ALLOW=0, STATIS_BLOCK_BYTES,
TRAFFIC_INFO_DENY, STATIS_PINNING_NUM,
TRAFFIC_INFO_MONITOR, STATIS_MAYBE_PINNING_NUM,
TRAFFIC_INFO_INTERCEPT, STATIS_NOT_PINNING_NUM,
TRAFFIC_INFO_MAX STATIS_MAX
}; }tsg_statis_field_id_t;
typedef struct tsg_statistic enum TRAFFIC_INFO_IDX
{ {
int cycle; TRAFFIC_INFO_ALLOW=0,
int fs_line_id; TRAFFIC_INFO_DENY,
int thread_alive; TRAFFIC_INFO_MONITOR,
pthread_t stat_thread_id; TRAFFIC_INFO_INTERCEPT,
int fs_field_id[STATIS_MAX]; TRAFFIC_INFO_MAX
long long statistic_opt[_OPT_TYPE_MAX]; };
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info; typedef struct tsg_statistic
screen_stat_handle_t fs2_handle; {
}tsg_statis_para_t; int cycle;
int fs_line_id;
int tsg_statistic_init(const char *conffile, void *logger); int thread_alive;
void tsg_statistic_destroy(void); pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger); long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data); struct _traffic_info default_total_info;
const void *get_struct_project(const struct streaminfo *a_stream, int project_id); screen_stat_handle_t fs2_handle;
}tsg_statis_para_t;
//parent_app_name.app_name int tsg_statistic_init(const char *conffile, void *logger);
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent); void tsg_statistic_destroy(void);
//return 18 or 19: subdivision_addr int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
int tsg_get_location_type(void);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); //parent_app_name.app_name
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp); int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq); //return 18 or 19: subdivision_addr
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq); int tsg_get_location_type(void);
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp); void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq); void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq); void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq); void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq); void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info); int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq); int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq); void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location); struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn); int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id); int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq); int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
#endif int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);

185
src/tsg_send_log.cpp
View File

@@ -617,9 +617,75 @@ static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_han
return 1; return 1;
} }
static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct app_identify_result *result, TLD_TYPE type) static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result)
{
int i=0,j=0,ret=0;
char app_name[512]={0};
Value array(kArrayType);
for(i=ORIGIN_USER_DEFINE; i<ORIGIN_MAX; i++)
{
if(result[i].app_num<=0)
{
continue;
}
Value object(kObjectType);
for(j=0; j<result[i].app_num; j++)
{
ret=tsg_app_id2name(result[i].attributes[j].app_id, app_name, sizeof(app_name), 0);
if(ret>0)
{
add_str_member(_handle, &object, "app_name", app_name);
}
else
{
object.AddMember("app_name", result[i].attributes[j].app_id, _handle->document->GetAllocator());
}
object.AddMember("packet_sequence",result[i].attributes[j].packet_sequence, _handle->document->GetAllocator());
}
array.PushBack(object, _handle->document->GetAllocator());
}
TLD_append(_handle, field_name, &array, TLD_TYPE_OBJECT);
return 1;
}
static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result)
{ {
if(result==NULL || result->app_id_num<=0) int i=0,ret=0;
char app_name[512]={0};
if(result->app_num==0)
{
return 0;
}
Value array(kArrayType);
for(i=0; i<result->app_num; i++)
{
Value object(kObjectType);
ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
if(ret>0)
{
add_str_member(_handle, &object, "app_name", app_name);
}
object.AddMember("app_id", result->attributes[i].app_id, _handle->document->GetAllocator());
object.AddMember("surrogate_id", result->attributes[i].surrogate_id, _handle->document->GetAllocator());
object.AddMember("packet_sequence",result->attributes[i].packet_sequence, _handle->document->GetAllocator());
array.PushBack(object, _handle->document->GetAllocator());
}
add_object_member(_handle, app_id_object, field_name, array);
return 1;
}
static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result, TLD_TYPE type)
{
if(result==NULL || result->app_num<=0)
{ {
return 0; return 0;
} }
@@ -628,10 +694,10 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
char app_name[256]={0}; char app_name[256]={0};
Value array(kArrayType); Value array(kArrayType);
for(i=0; i<result->app_id_num; i++) for(i=0; i<result->app_num; i++)
{ {
memset(app_name, 0, sizeof(app_name)); memset(app_name, 0, sizeof(app_name));
tsg_app_id2name(result->app_id[i], app_name, sizeof(app_name), 1); tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
if(strnlen(app_name, sizeof(app_name)) > 0) if(strnlen(app_name, sizeof(app_name)) > 0)
{ {
Value app_name_str; Value app_name_str;
@@ -645,7 +711,7 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
return 1; return 1;
} }
static int get_l7_protocol(struct app_identify_result *result, char *protocol_list, int protocol_list_len, int *flag) static int get_l7_protocol(struct gather_app_result *result, char *protocol_list, int protocol_list_len, int *flag)
{ {
int i=0,offset=0; int i=0,offset=0;
char *name=NULL; char *name=NULL;
@@ -655,10 +721,10 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
return 0; return 0;
} }
for(i=0; i<result->app_id_num; i++) for(i=0; i<result->app_num; i++)
{ {
(*flag)=1; (*flag)=1;
name=tsg_l7_protocol_id2name(result->app_id[i]); name=tsg_l7_protocol_id2name(result->attributes[i].app_id);
if(name!=NULL) if(name!=NULL)
{ {
if(i>0 && offset>0 && (protocol_list_len-offset)>0) if(i>0 && offset>0 && (protocol_list_len-offset)>0)
@@ -673,35 +739,38 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
return 1; return 1;
} }
static unsigned int get_max_app_id(unsigned int *app_id_array, int app_id_num) static unsigned int get_userdefine_name(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
{ {
if(app_id_num<=0) if((*flag)==1 || result->app_num<=0)
{ {
return 0; return 0;
} }
int i=0; int i=0;
unsigned int max_app_id=app_id_array[0]; unsigned int max_app_id=0;
for(i=1; i< app_id_num; i++) for(i=0; i< result->app_num; i++)
{ {
if(max_app_id<app_id_array[i]) if(max_app_id < result->attributes[i].app_id)
{ {
max_app_id=app_id_array[i]; max_app_id=result->attributes[i].app_id;
} }
} }
(*flag)=1;
tsg_app_id2name(max_app_id, app_name, app_name_len, is_joint_parent);
return max_app_id; return max_app_id;
} }
static int get_app_id(struct app_identify_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag) static int get_app_id(struct gather_app_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag)
{ {
if(result->app_id_num>0 && (*flag)==0) if(result->app_num>0 && (*flag)==0)
{ {
(*flag)=1; (*flag)=1;
(*app_id)=result->app_id[result->app_id_num-1]; (*app_id)=result->attributes[result->app_num-1].app_id;
(*surrogate_id)=result->surrogate_id[result->app_id_num-1]; (*surrogate_id)=result->attributes[result->app_num-1].surrogate_id;
return 1; return 1;
} }
@@ -709,40 +778,17 @@ static int get_app_id(struct app_identify_result *result, unsigned int *app_id,
return 0; return 0;
} }
static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct app_identify_result *result) static int get_app_name_list(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
{
int i=0;
if(result->app_id_num==0)
{
return 0;
}
Value array(kArrayType);
for(i=0; i<result->app_id_num; i++)
{
Value object(kObjectType);
object.AddMember("app_id", result->app_id[i], _handle->document->GetAllocator());
object.AddMember("surrogate_id", result->surrogate_id[i], _handle->document->GetAllocator());
array.PushBack(object, _handle->document->GetAllocator());
}
add_object_member(_handle, app_id_object, field_name, array);
return 1;
}
static int get_app_name_list(unsigned int *app_id_array, int app_id_num, char *app_name, int app_name_len, int *flag, int is_joint_parent)
{ {
int i=0; int i=0;
int offset=0; int offset=0;
if((*flag)==1 || app_id_num<=0) if((*flag)==1 || result->app_num<=0)
{ {
return 0; return 0;
} }
//for(i=0; i<app_id_num; i++) for(i=result->app_num-1; i<result->app_num; i++)
for(i=app_id_num-1; i<app_id_num; i++)
{ {
(*flag)=1; (*flag)=1;
@@ -752,7 +798,7 @@ static int get_app_name_list(unsigned int *app_id_array, int app_id_num, char *a
offset++; offset++;
} }
offset+=tsg_app_id2name(app_id_array[i], app_name+offset, app_name_len-offset, is_joint_parent); offset+=tsg_app_id2name(result->attributes[i].app_id, app_name+offset, app_name_len-offset, is_joint_parent);
} }
return 1; return 1;
@@ -763,21 +809,20 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
int app_id_flag=0; int app_id_flag=0;
int l7_protocol_flag=0; int l7_protocol_flag=0;
char app_name[512]={0}; char app_name[512]={0};
unsigned int max_app_id=0;
char protocol_list[256]={0}; char protocol_list[256]={0};
unsigned int one_app_id=0; unsigned int one_app_id=0;
unsigned int one_surrogate_id=0; unsigned int one_surrogate_id=0;
struct gather_app_result *label=NULL; struct gather_app_result *gather_result=NULL;
label=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id); gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
if(label==NULL) if(gather_result==NULL)
{ {
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
return 0; return 0;
} }
get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag); get_l7_protocol(&(gather_result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
if(l7_protocol_flag==1) if(l7_protocol_flag==1)
{ {
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
@@ -789,9 +834,9 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
if(_instance->app_id_type==0) // int if(_instance->app_id_type==0) // int
{ {
get_app_id(&(label->result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag); get_app_id(&(gather_result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
get_app_id(&(label->result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag); get_app_id(&(gather_result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag);
get_app_id(&(label->result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag); get_app_id(&(gather_result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
if(app_id_flag==1) if(app_id_flag==1)
{ {
@@ -801,32 +846,28 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
} }
else //string else //string
{ {
set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(label->result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG); set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG);
max_app_id=get_max_app_id(label->result[ORIGIN_USER_DEFINE].app_id, label->result[ORIGIN_USER_DEFINE].app_id_num); get_userdefine_name(&(gather_result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 0);
if(max_app_id>0)
{
get_app_name_list(&max_app_id, 1, app_name, sizeof(app_name), &app_id_flag, 0);
}
if(app_id_flag!=1) if(app_id_flag!=1)
{ {
get_app_name_list(label->result[ORIGIN_BUILT_IN].app_id, label->result[ORIGIN_BUILT_IN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0); get_app_name_list(&(gather_result[ORIGIN_BUILT_IN]), app_name, sizeof(app_name), &app_id_flag, 0);
} }
if(app_id_flag!=1) if(app_id_flag!=1)
{ {
get_app_name_list(label->result[ORIGIN_DKPT].app_id, label->result[ORIGIN_DKPT].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0); get_app_name_list(&(gather_result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0);
} }
if(app_id_flag!=1) if(app_id_flag!=1)
{ {
get_app_name_list(label->result[ORIGIN_QM_ENGINE].app_id, label->result[ORIGIN_QM_ENGINE].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0); get_app_name_list(&(gather_result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 0);
} }
if(app_id_flag!=1) if(app_id_flag!=1)
{ {
get_app_name_list(label->result[ORIGIN_UNKNOWN].app_id, label->result[ORIGIN_UNKNOWN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0); get_app_name_list(&(gather_result[ORIGIN_UNKNOWN]), app_name, sizeof(app_name), &app_id_flag, 0);
} }
if(app_id_flag==1) if(app_id_flag==1)
@@ -837,12 +878,14 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
} }
Value app_id_object(kObjectType); Value app_id_object(kObjectType);
get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(label->result[ORIGIN_USER_DEFINE])); get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(gather_result[ORIGIN_USER_DEFINE]));
get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(label->result[ORIGIN_BUILT_IN])); get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(gather_result[ORIGIN_BUILT_IN]));
get_app_id_list(&app_id_object, _handle, "DKPT", &(label->result[ORIGIN_DKPT])); get_app_id_list(&app_id_object, _handle, "DKPT", &(gather_result[ORIGIN_DKPT]));
get_app_id_list(&app_id_object, _handle, "THIRD", &(label->result[ORIGIN_QM_ENGINE])); get_app_id_list(&app_id_object, _handle, "THIRD", &(gather_result[ORIGIN_QM_ENGINE]));
get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(label->result[ORIGIN_UNKNOWN])); get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result[ORIGIN_UNKNOWN]));
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT); TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
set_app_identify_info(_handle, _instance->id2field[LOG_COMMON_APP_IDENTIFY_INFO].name, gather_result);
} }
} }

1
src/tsg_send_log_internal.h
View File

@@ -126,6 +126,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_PACKET_CAPTURE_FILE, LOG_COMMON_PACKET_CAPTURE_FILE,
LOG_COMMON_APPLICATION_BEHAVIOR, LOG_COMMON_APPLICATION_BEHAVIOR,
LOG_HTTP_URL, LOG_HTTP_URL,
LOG_COMMON_APP_IDENTIFY_INFO,
LOG_COMMON_MAX LOG_COMMON_MAX
}tsg_log_field_id_t; }tsg_log_field_id_t;