gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13584: Firewall的安全日志依赖session record日志,修复TRAFFIC_SHAPING_PROFILE表是否生效字段编号定义错误,使用cppcheck进行代码检查

Browse Source
This commit is contained in:
刘学利
2023-02-09 07:14:55 +00:00
parent 6756fcdf7a
commit 1332eedb94
47 changed files with 1477 additions and 2078 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/CMakeLists.txt
View File

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
add_definitions(-fPIC)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp)
include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/)

26
src/tsg_action.cpp
View File

@@ -125,14 +125,13 @@ static int get_http_header(char *buff, int len, int code, char *user_define)
static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void *out)
{
int i=0,ret=0;
int tcp_opt_num=0;
struct tcp_option *tcp_opt=NULL;
ret=MESA_get_stream_opt(a_stream, MSO_TCP_SYN_OPT, (void *)&tcp_opt, &tcp_opt_num);
int ret=MESA_get_stream_opt(a_stream, MSO_TCP_SYN_OPT, (void *)&tcp_opt, &tcp_opt_num);
if(ret>0)
{
for(i=0; i<tcp_opt_num; i++)
for(int i=0; i<tcp_opt_num; i++)
{
if(tcp_opt[i].type!=type)
{
@@ -156,8 +155,6 @@ static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void
static void template_generate(const struct streaminfo *a_stream, int status_code, int policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq)
{
int used_len=0;
char *tmp_buff=NULL;
std::string page_output, msg_output;
ctemplate::Template *tpl=NULL;
ctemplate::TemplateDictionary dict("pg_page_dict"); //dict is automatically finalized after function returned.
@@ -173,8 +170,8 @@ static void template_generate(const struct streaminfo *a_stream, int status_code
tpl_message->Expand(&msg_output, &dict_msg);
used_len=msg_output.length();
tmp_buff=(char *)dictator_malloc(a_stream->threadnum, (used_len+1)*sizeof(char));
int used_len=msg_output.length();
char *tmp_buff=(char *)dictator_malloc(a_stream->threadnum, (used_len+1)*sizeof(char));
memcpy(tmp_buff, msg_output.c_str(), used_len);
tmp_buff[used_len]='\0';
@@ -537,18 +534,16 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_
static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol)
{
int ret=0,opt_value=0;
struct rst_tcp_para rst_paras={0};
if(a_stream->type==STREAM_TYPE_TCP)
{
struct rst_tcp_para rst_paras={0};
rst_paras.rst_pkt_num=g_tsg_para.reset.pkt_num;
rst_paras.signature_seed1=g_tsg_para.reset.seed1;
rst_paras.signature_seed2=g_tsg_para.reset.seed2;
rst_paras.th_flags=g_tsg_para.reset.th_flags;
rst_paras.__pad_no_use=0;
rst_paras.dir=g_tsg_para.reset.dir;
ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras));
int ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras));
if(ret<0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
@@ -564,7 +559,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
if(g_tsg_para.reset.remedy==1)
{
opt_value=1;
int opt_value=1;
MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value));
}
@@ -597,12 +592,12 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru
return STATE_DROPME|STATE_DROPPKT;
}
struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
struct tcpall_context * _context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id);
if(_context==NULL)
{
_context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
memset(_context, 0, sizeof(struct tcpall_context));
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context);
_context->method_type=TSG_METHOD_TYPE_TAMPER;
_context->tamper_count = 0;
}
@@ -695,7 +690,6 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat
static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
{
char *payload=NULL;
unsigned char raw_route_dir=0;
switch(user_region->deny->code)
{
@@ -711,7 +705,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa
if(payload!=NULL)
{
raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
unsigned char raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload), raw_route_dir);
}

188
src/tsg_bridge.cpp Normal file
View File

@@ -0,0 +1,188 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h>
#include "tsg_bridge.h"
#include "tsg_variable.h"
extern int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data);
extern int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data);
void free_context_label(const struct streaminfo *a_stream, int bridge_id, void *data)
{
struct master_context *context=(struct master_context *)data;
if(context!=NULL)
{
if(context->domain!=NULL)
{
dictator_free(a_stream->threadnum, (void *)context->domain);
context->domain=NULL;
}
if(context->quic_ua!=NULL)
{
dictator_free(a_stream->threadnum, (void *)context->quic_ua);
context->quic_ua=NULL;
}
if(context->mid!=NULL)
{
Maat_clean_status(&context->mid);
context->mid=NULL;
}
dictator_free(a_stream->threadnum, (void *)context);
context=NULL;
}
data=NULL;
return ;
}
void free_tcpall_label(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if(data!=NULL)
{
struct tcpall_context *context=(struct tcpall_context *)data;
if(context->para!=NULL)
{
switch(context->method_type)
{
case TSG_METHOD_TYPE_RATE_LIMIT:
destroy_bucket(&(context->bucket), a_stream->threadnum);
break;
default:
break;
}
}
dictator_free(a_stream->threadnum, data);
data=NULL;
}
return ;
}
void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data)
{
if(data!=NULL)
{
dictator_free(stream->threadnum, data);
data=NULL;
}
}
void free_policy_label(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if(data!=NULL)
{
struct policy_priority_label *priority_label=(struct policy_priority_label *)data;
if(priority_label->para!=NULL)
{
dictator_free(a_stream->threadnum, priority_label->para);
priority_label->para=NULL;
}
dictator_free(a_stream->threadnum, data);
data=NULL;
}
}
void free_gather_app_result(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if(data!=NULL)
{
dictator_free(a_stream->threadnum, data);
data=NULL;
}
}
int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if(a_stream==NULL || bridge_id<0)
{
return 0;
}
int ret=stream_bridge_async_data_put(a_stream, bridge_id, data);
if(ret<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE", "Add project failed, bridge_id: %d addr: %s", bridge_id, PRINTADDR(a_stream, g_tsg_para.level));
return 0;
}
return 1;
}
void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id)
{
if(a_stream!=NULL || bridge_id>=0)
{
return stream_bridge_async_data_get(a_stream, bridge_id);
}
return NULL;
}
int tsg_init_bridge(const char *conffile)
{
MESA_load_profile_string_def(conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE");
g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].sync_cb=app_identify_result_cb;
MESA_load_profile_string_def(conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
MESA_load_profile_string_def(conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
MESA_load_profile_string_def(conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].name, MAX_BRIDGE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA");
g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].sync_cb=session_flags_identify_result_cb;
MESA_load_profile_string_def(conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].name, MAX_BRIDGE_NAME_LEN, "NOTIFY_SHAPING_RESULT");
g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].free_cb=free_shaping_result;
MESA_load_profile_string_def(conffile, "SYSTEM", "DATA_CONTEXT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_DATA_CONTEXT");
g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].free_cb=free_context_label;
MESA_load_profile_string_def(conffile, "SYSTEM", "ALL_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_ALL_CONTEXT");
g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].free_cb=free_tcpall_label;
MESA_load_profile_string_def(conffile, "SYSTEM", "GATHER_APP_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].name, MAX_BRIDGE_NAME_LEN, "GATHER_APP_IDENTIFY_RESULT");
g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].free_cb=free_gather_app_result;
MESA_load_profile_string_def(conffile, "SYSTEM", "POLICY_PRIORITY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].name, MAX_BRIDGE_NAME_LEN, "TSG_POLICY_PRIORITY");
g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].free_cb=free_policy_label;
for(int i=0; i<BRIDGE_TYPE_MAX; i++)
{
g_tsg_para.bridge[i].id=stream_bridge_build(g_tsg_para.bridge[i].name, "w");
if(g_tsg_para.bridge[i].id<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge[i].name);
return -1;
}
if(g_tsg_para.bridge[i].sync_cb)
{
int ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge[i].id, g_tsg_para.bridge[i].sync_cb);
if(ret<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE_SYNC_CB", "Register callback failed, bridge_name: %d", g_tsg_para.bridge[i].name);
return -1;
}
}
if(g_tsg_para.bridge[i].free_cb)
{
int ret=stream_bridge_register_data_free_cb(g_tsg_para.bridge[i].id, g_tsg_para.bridge[i].free_cb);
if(ret<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE_FREE_CB", "Register async free callback failed, bridge_name: %d", g_tsg_para.bridge[i].name);
return -1;
}
}
}
return 0;
}

130
src/tsg_bridge.h Normal file
View File

@@ -0,0 +1,130 @@
#pragma once
#include <MESA/stream.h>
#include <MESA/Maat_rule.h>
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_leaky_bucket.h"
#ifndef MAX_BRIDGE_NAME_LEN
#define MAX_BRIDGE_NAME_LEN 64
#endif
enum BRIDGE_TYPE
{
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_NOTIFY_FLAGS,
BRIDGE_TYPE_NOTIFY_SHAPING_RESULT, //sync and async
BRIDGE_TYPE_DATA_CONTEXT, //async
BRIDGE_TYPE_ALL_CONTEXT, //async
BRIDGE_TYPE_GATHER_APP_RESULT, //async
BRIDGE_TYPE_POLICY_PRIORITY, //async
BRIDGE_TYPE_MAX
};
struct app_attributes
{
unsigned int app_id;
unsigned int surrogate_id;
unsigned int packet_sequence;
};
struct gather_app_result
{
int app_num;
enum APP_IDENTIFY_ORIGIN origin;
struct app_attributes attributes[MAX_APP_ID_NUM];
};
struct policy_priority_label
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
int security_result_num;
union
{
char *http_url;
char *quic_ua;
void *para;
};
char domain[MAX_DOMAIN_LEN];
struct Maat_rule_t security_result[MAX_RESULT_NUM];
};
struct hited_app_para
{
int hited_app_id;
int after_n_packets;
};
struct master_context
{
unsigned char is_esni;
unsigned char is_hited_allow;
unsigned char deal_pkt_num;
unsigned char is_app_link;
unsigned char sync_cb_state;
unsigned short timeout;
tsg_protocol_t proto;
int hited_app_id; // only app
unsigned int quic_version;
unsigned long session_flag;
char *domain;
union
{
char *http_url;
char *quic_ua;
void *para;
};
scan_status_t mid;
struct hited_app_para hited_para; // l7 protocol and app
long long last_scan_time;
};
struct tcpall_context
{
char udp_data_dropme;
char set_latency_flag;
char direction;
char padding[5];
enum TSG_METHOD_TYPE method_type;
tsg_protocol_t protocol;
union
{
struct leaky_bucket *bucket;
long tamper_count;
int default_policy_after_n_packets;
struct hited_app_para hited_para;
void *para;
};
};
struct udp_context
{
struct master_context *data_entry;
struct tcpall_context *all_entry;
};
struct bridge_info
{
int id;
char name[MAX_BRIDGE_NAME_LEN];
stream_bridge_free_cb_t *free_cb;
stream_bridge_sync_cb_t *sync_cb;
};
int tsg_init_bridge(const char *conffile);
void free_context_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_tcpall_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_policy_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data);
void free_gather_app_result(const struct streaminfo *stream, int bridge_id, void *data);
void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id);
int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data);

32
src/tsg_dns.cpp
View File

@@ -34,9 +34,8 @@ static int record_hton_uint32(char *payload, unsigned int value)
return 4;
}
static int compress_domain_record(unsigned char *domain, int domain_len, u_char *result)
static int compress_domain_record(const unsigned char *domain, int domain_len, u_char *result)
{
int section_len = 0;
int result_pos = 1;
int domain_pos = 0;
@@ -45,9 +44,9 @@ static int compress_domain_record(unsigned char *domain, int domain_len, u_char
return -1;
}
while((domain[domain_pos] != '\n')||(domain[domain_pos] != '\0'))
while((domain[domain_pos] != '\n') && (domain[domain_pos] != '\0'))
{
section_len = 0;
int section_len = 0;
while((domain[domain_pos] != '.') &&(domain[domain_pos] != '\n')&&(domain[domain_pos] != '\0'))
{
result[result_pos] = domain[domain_pos];
@@ -122,26 +121,26 @@ int dns_set_response_question(char *payload, int payload_len, dns_query_question
int dns_set_response_records(char *payload, int payload_len, struct dns_record_val *record_val, int record_val_num, int max_ttl, int min_ttl)
{
int i=0,ttl=0,used_len=0;
int used_len=0;
unsigned short compress_len=0;
unsigned char compress_name[DNS_MAX_NAME+1]={0};
for(i=0; i<record_val_num; i++)
for(int i=0; i<record_val_num; i++)
{
used_len+=record_hton_uint16(payload+used_len, (unsigned short)0xc00c);
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].answer_type));//type
used_len+=record_hton_uint16(payload+used_len, (unsigned short)1); //class
ttl=random_integer(max_ttl, min_ttl)+min_ttl;
int ttl=random_integer(max_ttl, min_ttl)+min_ttl;
used_len+=record_hton_uint32(payload+used_len, (unsigned int)ttl);//ttl
switch(record_val[i].answer_type)
{
case DNS_TYPE_A:
case DNS_TYPE_A:
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len
used_len+=record_set_uint32(payload+used_len, (unsigned int)(record_val[i].v4_addr.s_addr)); //IPv4
break;
case DNS_TYPE_AAAA:
case DNS_TYPE_AAAA:
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len
memcpy(payload+used_len, record_val[i].v6_addr.s6_addr, record_val[i].len); //IPv6
used_len+=record_val[i].len;
@@ -191,22 +190,21 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
{
return 0;
}
char profile_id[128]={0};
int idx=0, used_len=0, record_num=0;
struct dns_profile_records *profile_records=NULL;
int used_len=0;
if(answer_records->record_val.selected_flag==1)
{
{
char profile_id[128]={0};
snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id);
profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
struct dns_profile_records *profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
if(profile_records==NULL)
{
return 0;
}
record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num);
idx=random_integer(profile_records->record_num, record_num);
int record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num);
int idx=random_integer(profile_records->record_num, record_num);
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl);
(*answer_record_num)+=record_num;

964
src/tsg_entry.cpp
View File

File diff suppressed because it is too large Load Diff

296
src/tsg_entry.h
View File

@@ -9,12 +9,13 @@
#include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
#include <ctemplate/template.h>
#include "uthash.h"
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_label.h"
#include "tsg_bridge.h"
#include "tsg_variable.h"
#include "tsg_statistic.h"
#include "tsg_leaky_bucket.h"
#include "tsg_protocol_common.h"
@@ -33,14 +34,6 @@ typedef int atomic_t;
#include <alsa/iatomic.h>
#endif
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#ifndef FLAG_FALSE
#define FLAG_FALSE 0
#endif
@@ -52,112 +45,6 @@ typedef int atomic_t;
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum DEPLOY_MODE
{
DEPLOY_MODE_MIRROR,
DEPLOY_MODE_INLINE,
DEPLOY_MODE_TRANSPARENT,
DEPLOY_MODE_MAX
};
enum MASTER_STATIC_TABLE{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN,
TABLE_DST_ASN,
TABLE_SRC_LOCATION,
TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN,
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD,
TABLE_PROFILE_MIRROR,
TABLE_HTTP_URL,
TABLE_DTLS_SNI,
TABLE_TUNNEL_ID,
TABLE_TUNNEL_CATALOG,
TABLE_TUNNEL_ENDPOINT,
TABLE_TUNNEL_LABEL,
TABLE_SESSION_FLAGS,
TABLE_MAX
};
enum MASTER_DYNAMIC_TABLE{
DYN_TABLE_SUBSCRIBER_IP=0,
DYN_TABLE_GTP_SIGNALING,
DYN_TABLE_MAX
};
enum TSG_FS2_TYPE{
TSG_FS2_TCP_LINKS=0,
TSG_FS2_UDP_LINKS,
TSG_FS2_BYPASS,
TSG_FS2_HIT_ADDR,
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_SHAPING,
TSG_FS2_EXCLUSION,
TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT,
TSG_FS2_APP_USER_RESULT,
TSG_FS2_APP_BUILT_IN_RESULT,
TSG_FS2_INJECT_PKT_SUCCESS,
TSG_FS2_INJECT_PKT_FAILED,
TSG_FS2_MIRRORED_PKT_SUCCESS,
TSG_FS2_MIRRORED_BYTE_SUCCESS,
TSG_FS2_MIRRORED_PKT_FAILED,
TSG_FS2_MIRRORED_BYTE_FAILED,
TSG_FS2_SET_TIMOUT_SUCCESS,
TSG_FS2_SET_TIMOUT_FAILED,
TSG_FS2_SUCESS_TAMPER,
TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
TSG_FS2_TAMPER_FAILED_NOSWAP,
TSG_FS2_ASN_ADD,
TSG_FS2_ASN_DEL,
TSG_FS2_GTPC_ADD,
TSG_FS2_GTPC_DEL,
TSG_FS2_LOCATION_ADD,
TSG_FS2_LOCATION_DEL,
TSG_FS2_FQDN_ADD,
TSG_FS2_FQDN_DEL,
TSG_FS2_SUBSCRIBER_ADD,
TSG_FS2_SUBSCRIBER_DEL,
TSG_FS2_SECURIRY_ADD,
TSG_FS2_SECURIRY_DEL,
TSG_FS2_MIRRORED_ADD,
TSG_FS2_MIRRORED_DEL,
TSG_FS2_HTTP_RES_ADD,
TSG_FS2_HTTP_RES_DEL,
TSG_FS2_DNS_RES_ADD,
TSG_FS2_DNS_RES_DEL,
TSG_FS2_APP_ID_ADD,
TSG_FS2_APP_ID_DEL,
TSG_FS2_TUNNEL_CATALOG_ADD,
TSG_FS2_TUNNEL_CATALOG_DEL,
TSG_FS2_TUNNEL_ENDPOINT_ADD,
TSG_FS2_TUNNEL_ENDPOINT_DEL,
TSG_FS2_TUNNEL_LABEL_ADD,
TSG_FS2_TUNNEL_LABEL_DEL,
TSG_FS2_MAX
};
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
@@ -179,37 +66,6 @@ enum HTTP_RESPONSE_FORMAT
HTTP_RESPONSE_FORMAT_HTML
};
enum BRIDGE_TYPE
{
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_NOTIFY_FLAGS,
BRIDGE_TYPE_NOTIFY_SHAPING_RESULT,
BRIDGE_TYPE_MAX
};
struct _str2index
{
int index;
int len;
char *type;
};
struct app_attributes
{
unsigned int app_id;
unsigned int surrogate_id;
unsigned int packet_sequence;
};
struct gather_app_result
{
int app_num;
enum APP_IDENTIFY_ORIGIN origin;
struct app_attributes attributes[MAX_APP_ID_NUM];
};
struct l7_protocol
{
int id; /* first key */
@@ -218,22 +74,6 @@ struct l7_protocol
UT_hash_handle hh2; /* handle for second hash table */
};
struct policy_priority_label
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
int security_result_num;
union
{
char *http_url;
char *quic_ua;
void *para;
};
char domain[MAX_DOMAIN_LEN];
Maat_rule_t security_result[MAX_RESULT_NUM];
};
struct fqdn_category
{
int ref_cnt;
@@ -269,130 +109,6 @@ struct app_id_dict
struct deny_user_region deny_app_para;
};
struct hited_app_para
{
int hited_app_id;
int after_n_packets;
};
struct master_context
{
unsigned char is_esni;
unsigned char is_log;
unsigned char deal_pkt_num;
unsigned char is_app_link;
unsigned char sync_cb_state;
unsigned short timeout;
tsg_protocol_t proto;
int hit_cnt;
int hited_app_id; // only app
unsigned int quic_version;
unsigned long session_flag;
char *domain;
union
{
char *http_url;
char *quic_ua;
void *para;
};
scan_status_t mid;
struct Maat_rule_t *result;
struct hited_app_para hited_para; // l7 protocol and app
long long last_scan_time;
};
struct tcpall_context
{
char udp_data_dropme;
char set_latency_flag;
char direction;
char padding[5];
enum TSG_METHOD_TYPE method_type;
tsg_protocol_t protocol;
union
{
struct leaky_bucket *bucket;
long tamper_count;
int default_policy_after_n_packets;
struct hited_app_para hited_para;
void *para;
};
};
struct udp_context
{
struct master_context *data_entry;
struct tcpall_context *all_entry;
};
struct reset_argv
{
int pkt_num;
int seed1;
int seed2;
int th_flags;
int dir;
int remedy;
};
#define _MAX_TABLE_NAME_LEN 64
typedef struct tsg_para
{
int level;
short mirror_switch;
unsigned short timeout;
int dynamic_maat_switch;
int location_field_num;
int app_dict_field_num;
int device_seq_in_dc;
int datacenter_id;
int scan_signaling_switch;
int hash_timeout;
int hash_slot_size;
int hash_thread_safe;
int feature_tamper;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int identify_app_max_pkt_num;
int unknown_app_id;
int hit_path_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int priority_project_id;
int shaping_project_id;
int session_attribute_project_id;
int context_project_id;
int tcpall_project_id;
int gather_app_project_id;
int bridge_id[BRIDGE_TYPE_MAX];
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOMAIN_LEN/8];
char log_path[MAX_DOMAIN_LEN/8];
char device_id_command[MAX_DOMAIN_LEN/8];
char data_center[_MAX_TABLE_NAME_LEN];
char device_tag[MAX_DOMAIN_LEN/2];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
void *logger;
void *maat_logger;
struct reset_argv reset;
struct mirrored_vlan default_vlan;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
struct traffic_mirror *mirror_handle;
ctemplate::Template *tpl_403,*tpl_404;
ctemplate::Template *tpl_200,*tpl_204;
ctemplate::Template *tpl_303;
}g_tsg_para_t;
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
typedef enum tsg_statis_field_id
{
STATIS_UNKNOWN=0,
@@ -483,9 +199,6 @@ void tsg_statistic_destroy(void);
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
long long get_current_time_ms(void);
//parent_app_name.app_name
@@ -521,7 +234,6 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
void free_policy_label(int thread_seq, void *project_req_value);
int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
@@ -532,4 +244,8 @@ int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned long flag, int thread_seq);
int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
#endif

5
src/tsg_gtp_signaling.cpp
View File

@@ -35,7 +35,7 @@ static int is_gtp_tunnel(const struct streaminfo *a_stream)
static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink, unsigned int *downlink)
{
const struct streaminfo *p=a_stream, *q=a_stream->pfather;
const struct streaminfo *p=a_stream;
while(p)
{
@@ -47,8 +47,7 @@ static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink,
return 1;
}
p=q;
q=q->pfather;
p=p->pfather;
}
return 0;

304
src/tsg_rule.cpp
View File

@@ -30,10 +30,17 @@ enum kni_scan_table{
SCAN_TABLE_MAX
};
struct str2index
{
int index;
int len;
char *type;
};
const char *g_kni_scan_table_name[SCAN_TABLE_MAX];
int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0};
extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"},
extern struct id2field g_tsg_proto_name2id[PROTO_MAX];
const struct str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"},
{TSG_METHOD_TYPE_DROP, 4, (char *)"drop"},
{TSG_METHOD_TYPE_REDIRECTION, 8, (char *)"redirect"},
{TSG_METHOD_TYPE_BLOCK, 5, (char *)"block"},
@@ -63,8 +70,7 @@ static char* tsg_strdup(const char* s)
unsigned short get_redis_port(char *redis_port_range)
{
int i=0,ret=0;
int idx=0,port_num=0;
int port_num=0;
int range_len=0,used_len=0;
char buf[256]={0};
unsigned short s_port=0,e_port=0;
@@ -109,11 +115,11 @@ unsigned short get_redis_port(char *redis_port_range)
}
else
{
ret=sscanf(buf, "%hu-%hu", &s_port, &e_port);
int ret=sscanf(buf, "%hu-%hu", &s_port, &e_port);
assert(ret==2);
}
for(i=s_port; i<=e_port && port_num<32; i++)
for(int i=s_port; i<=e_port && port_num<32; i++)
{
redis_port[port_num++]=i;
}
@@ -125,7 +131,7 @@ unsigned short get_redis_port(char *redis_port_range)
}
srand((unsigned int)time(NULL));
idx=rand()%port_num;
int idx=rand()%port_num;
return redis_port[idx];
}
@@ -253,14 +259,13 @@ static int sort_category_id(const void * a, const void * b)
static int get_data_center(char *accept_tag, char *effective_tag_key, char *data_center, int data_center_len)
{
int i=0,len;
cJSON *object=cJSON_Parse(accept_tag);
if(object!=NULL)
{
cJSON *array=cJSON_GetObjectItem(object, "tags");
if(array!=NULL)
{
for(i=0; i<cJSON_GetArraySize(array); i++)
for(int i=0; i<cJSON_GetArraySize(array); i++)
{
cJSON *item=cJSON_GetArrayItem(array, i);
if(item!=NULL)
@@ -271,7 +276,7 @@ static int get_data_center(char *accept_tag, char *effective_tag_key, char *data
cJSON *v_item=cJSON_GetObjectItem(item, "value");
if(v_item!=NULL && v_item->valuestring!=NULL)
{
len=strlen(v_item->valuestring);
int len=strlen(v_item->valuestring);
memcpy(data_center, v_item->valuestring, (len>data_center_len-1 ? data_center_len-1 : len));
}
@@ -301,7 +306,7 @@ static void _free_field(char *field)
static char *_malloc_field(const char *field_start, size_t field_len)
{
if(field_start==NULL || field_len<=0)
if(field_start==NULL || field_len==0)
{
return NULL;
}
@@ -324,11 +329,10 @@ static int get_string_from_json(cJSON *object, const char *key, char **value)
{
return 0;
}
int len=0;
cJSON *item=cJSON_GetObjectItem(object, key);
if(item!=NULL)
{
len=strlen(item->valuestring);
int len=strlen(item->valuestring);
(*value)=(char *)malloc(len+1);
memcpy((*value), item->valuestring, len);
(*value)[len]='\0';
@@ -485,19 +489,18 @@ void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT
void location_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
{
int country_full=13,province_full=15,city_full=16,subdivision_addr=17;
struct location_info *location=(struct location_info *)calloc(1, sizeof(struct location_info));
location->country_full=tsg_get_column_string_value(table_line, country_full);
location->province_full=tsg_get_column_string_value(table_line, province_full);
location->city_full=tsg_get_column_string_value(table_line, city_full);
location->country_full=tsg_get_column_string_value(table_line, 13); // country_full
location->province_full=tsg_get_column_string_value(table_line, 15); // province_full
location->city_full=tsg_get_column_string_value(table_line, 16); // city_full
str_unescape(location->country_full);
str_unescape(location->province_full);
str_unescape(location->city_full);
if(g_tsg_para.location_field_num==19)
{
location->subdivision_addr=tsg_get_column_string_value(table_line, subdivision_addr);
location->subdivision_addr=tsg_get_column_string_value(table_line, 17); // subdivision_addr
str_unescape(location->subdivision_addr);
}
@@ -1423,29 +1426,27 @@ void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl,
void dns_profile_records_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
{
int i=0;
cJSON *one_record=NULL,*pSub=NULL;
struct dns_profile_records *profile_records=(struct dns_profile_records *)calloc(1, sizeof(struct dns_profile_records));
profile_records->record_id=tsg_get_column_integer_value(table_line, 1);
char *answer_type=tsg_get_column_string_value(table_line, 3);
char *json_record=tsg_get_column_string_value(table_line, 4);
cJSON *records_array=cJSON_Parse(json_record);
cJSON *records_array=cJSON_Parse(json_record);
if(records_array!=NULL)
{
profile_records->record_num=cJSON_GetArraySize(records_array);
profile_records->record_val=(struct dns_record_val *)calloc(1, profile_records->record_num*sizeof(struct dns_record_val));
profile_records->answer_type=get_dns_qtype(answer_type, strlen(answer_type));
for(i=0; i<profile_records->record_num; i++)
for(int i=0; i<profile_records->record_num; i++)
{
one_record=cJSON_GetArrayItem(records_array, i);
cJSON *one_record=cJSON_GetArrayItem(records_array, i);
if(one_record==NULL)
{
continue;
}
pSub=cJSON_GetObjectItem(one_record, "value");
cJSON *pSub=cJSON_GetObjectItem(one_record, "value");
if(NULL==pSub )
{
continue;
@@ -1534,8 +1535,6 @@ void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl,
void mirrored_profile_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
{
int i=0,vlan_id_num=0;
cJSON *one_vlan=NULL;
struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)calloc(1, sizeof(struct traffic_mirror_profile));
mirror_profile->profile_id=tsg_get_column_integer_value(table_line, 1);
@@ -1544,10 +1543,10 @@ void mirrored_profile_new(int table_id, const char* key, const char* table_line,
cJSON *vlan_ids_object=cJSON_Parse(vlan_ids_str);
if(vlan_ids_object!=NULL)
{
vlan_id_num=cJSON_GetArraySize(vlan_ids_object);
for(i=0; i<vlan_id_num; i++)
int vlan_id_num=cJSON_GetArraySize(vlan_ids_object);
for(int i=0; i<vlan_id_num; i++)
{
one_vlan=cJSON_GetArrayItem(vlan_ids_object, i);
cJSON *one_vlan=cJSON_GetArrayItem(vlan_ids_object, i);
if(one_vlan==NULL)
{
continue;
@@ -1677,7 +1676,7 @@ void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void
{
_free_field(t_endpoint->description);
_free_field((char *)(*ad));
*ad=NULL;
*ad=NULL;
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_DEL], 0, FS_OP_ADD, 1);
}
}
@@ -1694,11 +1693,7 @@ void tunnel_label_new(int table_id, const char* key, const char* table_line, MAA
void tunnel_label_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
{
if((*from)!=NULL)
{
(*to)=(*from);
}
(*to)=(*from);
return ;
}
@@ -1709,18 +1704,15 @@ void tunnel_label_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *a
static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *maat_logger)
{
int redis_index=0,deferred_load=0;
unsigned short redis_port=0;
int ret=0,scan_detail=0,effect_interval=60;
int deferred_load=0;
int scan_detail=0,effect_interval=60;
Maat_feather_t _maat_feather=NULL;
char redis_port_range[256]={0};
char effective_tag_key[128]={0};
char effective_range_filename[1024]={0};
char redis_ip[16]={0}, effective_flag[1024]={0};
char effective_flag[1024]={0};
int output_prometheus=0;
int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0;
char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0};
char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
char maat_stat_file[MAX_PATH_LEN]={0};
char table_info[MAX_PATH_LEN]={0};
memset(effective_flag, 0, sizeof(effective_flag));
MESA_load_profile_string_def(conffile, module, "EFFECTIVE_RANGE_FILE", effective_range_filename, sizeof(effective_range_filename),"./tsgconf/maat.conf");
@@ -1737,11 +1729,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
if(strlen(g_tsg_para.device_tag)==0 && strlen(effective_flag)>0)
{
memcpy(g_tsg_para.device_tag, effective_flag, MIN(strlen(effective_flag), sizeof(g_tsg_para.device_tag)-1));
}
if(strlen(g_tsg_para.data_center)==0 && strlen(effective_flag)>0)
{
char effective_tag_key[128]={0};
MESA_load_profile_string_def(conffile, module, "EFFECTIVE_TAG_KEY", effective_tag_key, sizeof(effective_tag_key),"data_center");
get_data_center(effective_flag, effective_tag_key, g_tsg_para.data_center, sizeof(g_tsg_para.data_center));
}
@@ -1762,10 +1756,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
if(maat_mode==2)
{
int redis_index=0;
char redis_ip[16]={0};
char redis_port_range[256]={0};
MESA_load_profile_string_def(conffile,module,"REDIS_IP", redis_ip, sizeof(redis_ip),"");
MESA_load_profile_int_def(conffile, module,"REDIS_INDEX", &redis_index, 0);
MESA_load_profile_string_def(conffile,module,"REDIS_PORT", redis_port_range, sizeof(redis_port_range), "6379;");
redis_port=get_redis_port(redis_port_range);
unsigned short redis_port=get_redis_port(redis_port_range);
if(strlen(effective_flag)!=0)
{
@@ -1791,7 +1788,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
{
if(strlen(effective_flag)!=0)
{
ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
int ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
assert(ret>=0);
}
else
@@ -1802,11 +1799,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
if(maat_mode==1)
{
char json_cfg_file[MAX_PATH_LEN]={0};
MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
}
else
{
char inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
MESA_load_profile_string_def(conffile,module,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),"");
MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),"");
assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0);
@@ -1833,7 +1832,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
}
}
ret=Maat_initiate_feather(_maat_feather);
int ret=Maat_initiate_feather(_maat_feather);
if(ret<0)
{
return NULL;
@@ -1853,52 +1852,52 @@ int tsg_rule_init(const char* conffile, void *logger)
MESA_load_profile_int_def(conffile, "MAAT","LOCATION_TABLE_TYPE", &g_tsg_para.location_field_num, 18);
MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf");
MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE");
MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR");
MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL");
MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE");
MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR");
MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL");
MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN");
MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN");
MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION");
MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION");
MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN");
MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN");
MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION");
MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION");
MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], _MAX_TABLE_NAME_LEN, "APP_ID_DICT");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID");
MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], MAX_TABLE_NAME_LEN, "APP_ID_DICT");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID");
MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES");
MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN");
MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI");
MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER");
MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN");
MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI");
MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER");
MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], _MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES");
MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS");
MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR");
MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES");
MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS");
MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR");
MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT");
MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL");
MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
MESA_load_profile_int_def(conffile, "MAAT","LOG_LEVEL", &log_level, 30);
MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/maat/tsg_maat.log");
@@ -2203,32 +2202,31 @@ int tsg_rule_init(const char* conffile, void *logger)
static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
{
int i=0,j=0,ret=0;
struct fqdn_category *ex_data_array[8]={0};
ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8);
int ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8);
if(ret>0)
{
{
int cnt=0;
qsort(ex_data_array, ret, sizeof(struct fqdn_category *), sort_category_id);
for(i=0; i<ret; i++)
for(int i=0; i<ret; i++)
{
if(j==0)
if(cnt==0)
{
category_id[j++]=ex_data_array[i]->category_id;
category_id[cnt++]=ex_data_array[i]->category_id;
}
else
{
if(j<category_id_num && ex_data_array[i]->category_id!=category_id[j-1])
if(cnt<category_id_num && ex_data_array[i]->category_id!=category_id[cnt-1])
{
category_id[j++]=ex_data_array[i]->category_id;
category_id[cnt++]=ex_data_array[i]->category_id;
}
}
fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger);
}
return j;
return cnt;
}
return 0;
@@ -2238,7 +2236,7 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
{
struct policy_priority_label *priority_label=NULL;
priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
priority_label=(struct policy_priority_label *)stream_bridge_async_data_get((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
if(priority_label==NULL)
{
priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));
@@ -2251,10 +2249,10 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
priority_label->result_type=result_type;
memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t));
int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
if(ret<0)
{
free_policy_label(thread_seq, (void *)priority_label);
free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_FATAL,
"PROJECT_ADD",
@@ -2280,7 +2278,7 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
if(shaping_label!=NULL && result!=NULL && result_num>0)
{
int num=MIN(shaping_label->shaping_result_num, result_num);
@@ -2293,15 +2291,12 @@ int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info)
{
int num=0;
struct policy_priority_label *label=NULL;
label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL)
{
if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT))
{
num=MIN(label->security_result_num, result_num);
int num=MIN(label->security_result_num, result_num);
memcpy(result, label->security_result, num*sizeof(Maat_rule_t));
if(label->domain_len>0)
@@ -2321,7 +2316,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
char *tsg_pull_quic_ua(struct streaminfo *a_stream)
{
struct policy_priority_label *label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
if(label!=NULL)
{
return label->quic_ua;
@@ -2332,7 +2327,7 @@ char *tsg_pull_quic_ua(struct streaminfo *a_stream)
char *tsg_pull_http_url(struct streaminfo *a_stream)
{
struct policy_priority_label *label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
if(label!=NULL)
{
return label->http_url;
@@ -2687,13 +2682,12 @@ int tsg_get_vlan_label_id(struct single_layer_vlan_addr *vlan_array, int vlan_ar
int tsg_scan_tunnel_id(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, scan_status_t *mid, unsigned long long *bool_id_array, int bool_id_array_idx, int thread_seq)
{
int i=0,ret=0;
int maat_ret=0, hit_num=0;
int hit_num=0;
struct tunnel_catalog *t_catalog[TUNNEL_CATALOG_MAX];
ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX);
for(i=0; i<ret; i++)
int ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX);
for(int i=0; i<ret; i++)
{
maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result+hit_num, result_num-hit_num, mid, thread_seq);
int maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result+hit_num, result_num-hit_num, mid, thread_seq);
if(maat_ret>0)
{
hit_num+=maat_ret;
@@ -2880,15 +2874,13 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
//return value: -1: failed, 0: not hit, >0: hit count
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq)
{
int ret=0,fqdn_len=0;
if(table_id<0 || domain==NULL)
{
return 0;
}
fqdn_len=get_fqdn_len(domain);
ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq);
int fqdn_len=get_fqdn_len(domain);
int ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq);
if(ret>0)
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
@@ -2968,9 +2960,7 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num)
int tsg_get_method_id(char *method)
{
int i=0;
for(i=0; i<TSG_METHOD_TYPE_MAX; i++)
for(int i=0; i<TSG_METHOD_TYPE_MAX; i++)
{
if(method2index[i].len==(int)strlen(method) && (strncasecmp(method2index[i].type, method, method2index[i].len))==0)
{
@@ -2983,11 +2973,9 @@ int tsg_get_method_id(char *method)
int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
{
int ret=0;
if(category_id!=NULL && category_id_num>0)
{
ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq);
int ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq);
if(ret>0)
{
return ret;
@@ -3005,16 +2993,16 @@ int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned i
int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq)
{
int i=0,ret=0,hit_num=0;
if(table_id<0 || result_num<=0 || category_id==NULL || category_id_num <=0)
{
return 0;
}
int hit_num=0;
for(i=0; i<category_id_num; i++)
for(int i=0; i<category_id_num; i++)
{
ret=Maat_scan_intval(g_tsg_maat_feather, table_id, (unsigned int)category_id[i], result+hit_num, result_num-hit_num, mid, thread_seq);
int ret=Maat_scan_intval(g_tsg_maat_feather, table_id, (unsigned int)category_id[i], result+hit_num, result_num-hit_num, mid, thread_seq);
if(ret>0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
@@ -3069,14 +3057,13 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq)
{
int i=0,ret=0;
int ret2=0, hit_num=0;
int hit_num=0;
struct Maat_rule_t property_result[MAX_RESULT_NUM]={0};
if(property!=NULL && district!=NULL)
{
Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, strlen(district));
ret=Maat_full_scan_string(g_tsg_maat_feather,
int ret=Maat_full_scan_string(g_tsg_maat_feather,
g_tsg_para.table_id[TABLE_SELECTOR_PROPERTIES],
CHARSET_UTF8,
property,
@@ -3087,9 +3074,9 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct str
mid,
thread_seq
);
for(i=0; i<ret; i++)
for(int i=0; i<ret; i++)
{
ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result+hit_num, result_num-hit_num, mid, thread_seq);
int ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result+hit_num, result_num-hit_num, mid, thread_seq);
if(ret2>0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
@@ -3327,15 +3314,15 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
notify_data.type=NOTIFY_TYPE_MIRRORED;
notify_data.vlan=&(mirror_profile->vlan);
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data));
mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL);
}
else
{
notify_data.compile_id=result[i].config_id;
notify_data.type=NOTIFY_TYPE_MIRRORED;
notify_data.vlan=&(g_tsg_para.default_vlan);
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
notify_data.vlan=&(g_tsg_para.default_vlan);
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data));
}
}
@@ -3344,7 +3331,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
notify_data.compile_id=result[i].config_id;
notify_data.type=NOTIFY_TYPE_CAPTURE;
notify_data.capture_depth=user_region->capture.depth;
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data));
}
tsg_free_compile_user_region(&(result[i]), user_region);
@@ -3402,7 +3389,60 @@ int tsg_get_location_type(void)
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid)
{
char teid_str[32]={0};
snprintf(teid_str, sizeof(teid_str), "%d", teid);
snprintf(teid_str, sizeof(teid_str), "%u", teid);
return (struct umts_user_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_table_id[DYN_TABLE_GTP_SIGNALING], (const char *)teid_str);
}
int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *shaping_result, int shaping_result_num)
{
if(hited_result==NULL || hited_result_num<=0 || shaping_result==NULL || shaping_result_num<=0)
{
return 0;
}
int result_cnt=0;
for(int i=0; i<hited_result_num; i++)
{
if(hited_result[i].action!=TSG_ACTION_SHAPING)
{
continue;
}
if(result_cnt>=shaping_result_num)
{
break;
}
memcpy(&(shaping_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t));
}
return result_cnt;
}
int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num)
{
if(hited_result==NULL || hited_result_num<=0 || security_result==NULL || security_result_num<=0)
{
return 0;
}
int result_cnt=0;
for(int i=0; i<hited_result_num; i++)
{
if(hited_result[i].action==TSG_ACTION_SHAPING)
{
continue;
}
if(result_cnt>=security_result_num)
{
break;
}
memcpy(&(security_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t));
}
return result_cnt;
}

430
src/tsg_send_log.cpp
View File

@@ -117,7 +117,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat
topic_conf=rd_kafka_topic_conf_new();
topic->status=1;
topic->topic_rkt=(rd_kafka_topic_t *)calloc(1, sizeof(rd_kafka_topic_t*));
//topic->topic_rkt=(rd_kafka_topic_t *)calloc(1, sizeof(rd_kafka_topic_t*));
topic->topic_rkt=rd_kafka_topic_new(_instance->kafka_handle, topic->name, topic_conf);
int thread_num=get_thread_count();
@@ -242,12 +242,9 @@ static int is_tunnels(struct streaminfo *a_stream)
static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, enum MESA_stream_opt type)
{
int ret=0;
unsigned int isn=0;
int size=sizeof(unsigned long long);
size=sizeof(unsigned int);
ret=MESA_get_stream_opt(a_stream, type, &isn, &size);
int size=sizeof(isn);
int ret=MESA_get_stream_opt(a_stream, type, &isn, &size);
if(ret==0)
{
TLD_append(_handle, field_name, (void *)(long)isn, TLD_TYPE_LONG);
@@ -282,7 +279,7 @@ static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t
static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
const char *linkinfo=(const char *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]);
const char *linkinfo=(const char *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]);
if(linkinfo==NULL)
{
return 0;
@@ -320,13 +317,13 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_
}
static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info)
{
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
{
if(asn_info!=NULL)
{
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
len+=string_cat(buff+len, buff_len-len, asn_info->asn_id);
buff[len++]='(';
len+=string_cat(buff+len, buff_len-len, asn_info->organization);
@@ -339,24 +336,23 @@ static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch
static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info)
{
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
if(location_info==NULL)
{
return 0;
}
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
int location_type=tsg_get_location_type();
switch(location_type)
{
case 18:
case 18:
len+=string_cat(buff+len, buff_len-len, location_info->city_full);
buff[len++]=',';
len+=string_cat(buff+len, buff_len-len, location_info->province_full);
buff[len++]=',';
len+=string_cat(buff+len, buff_len-len, location_info->country_full);
string_cat(buff+len, buff_len-len, location_info->country_full);
break;
case 19:
len+=string_cat(buff+len, buff_len-len, location_info->country_full);
@@ -368,7 +364,7 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea
if(location_info->subdivision_addr!=NULL)
{
buff[len++]='.';
len+=string_cat(buff+len, buff_len-len, location_info->subdivision_addr);
string_cat(buff+len, buff_len-len, location_info->subdivision_addr);
}
break;
default:
@@ -462,17 +458,16 @@ static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t
static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
int ret=0;
long common_con_duration_ms=0;
unsigned long long create_time=0,last_time=0;
int size=sizeof(unsigned long long);
unsigned long long create_time=0,last_time=0;
if(a_stream->ptcpdetail!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(a_stream->ptcpdetail->createtime), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG);
ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size);
int ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size);
if(ret>=0)
{
ret=MESA_get_stream_opt(a_stream, MSO_STREAM_LASTUPDATE_TIMESTAMP_MS, (void *)&last_time, &size);
@@ -631,19 +626,17 @@ static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name,
static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result)
{
int i=0,ret=0;
char app_name[512]={0};
if(result->app_num==0)
{
return 0;
}
Value array(kArrayType);
for(i=0; i<result->app_num; i++)
{
Value object(kObjectType);
ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
for(int i=0; i<result->app_num; i++)
{
char app_name[512]={0};
Value object(kObjectType);
int ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
if(ret>0)
{
add_str_member(_handle, &object, "app_name", app_name);
@@ -849,13 +842,10 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han
int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
char app_name[512]={0};
struct gather_app_result *gather_result=NULL;
gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
if(gather_result==NULL)
{
{
char app_name[512]={0};
if(tsg_app_id2name(_instance->unknown_app_id, app_name, sizeof(app_name), 0))
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING);
@@ -1137,36 +1127,36 @@ int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE typ
int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, TLD_TYPE type)
{
if(handle==NULL || key==NULL || array_num<=0 || array==NULL || type!=TLD_TYPE_LONG || type!=TLD_TYPE_STRING)
{
return -1;
}
if(handle==NULL || key==NULL || array_num<=0 || array==NULL || (type!=TLD_TYPE_LONG && type!=TLD_TYPE_STRING))
{
return -1;
}
int i=0;
Value obj_array(kArrayType);
int i=0;
Value obj_array(kArrayType);
switch(type)
{
case TLD_TYPE_LONG:
for(i=0; i<array_num; i++)
{
obj_array.PushBack((long)(array[i]), handle->document->GetAllocator());
}
break;
case TLD_TYPE_STRING:
for(i=0; i<array_num; i++)
{
Value str_value(StringRef((char *)(array[i]), strlen((char *)array[i])));
obj_array.PushBack(str_value, handle->document->GetAllocator());
}
break;
default:
return -1;
}
switch(type)
{
case TLD_TYPE_LONG:
for(i=0; i<array_num; i++)
{
obj_array.PushBack((long)(array[i]), handle->document->GetAllocator());
}
break;
case TLD_TYPE_STRING:
for(i=0; i<array_num; i++)
{
Value str_value(StringRef((char *)(array[i]), strlen((char *)array[i])));
obj_array.PushBack(str_value, handle->document->GetAllocator());
}
break;
default:
return -1;
}
add_object_member(handle, handle->document, key, obj_array);
add_object_member(handle, handle->document, key, obj_array);
return 1;
return 1;
}
struct TLD_handle_t *TLD_duplicate(struct TLD_handle_t *handle)
@@ -1221,7 +1211,7 @@ int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff
static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id);
if(notify_mail!=NULL && notify_mail->pdata.mail_eml_filename!=NULL && notify_mail->protocol==PROTO_MAIL)
{
TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
@@ -1235,7 +1225,7 @@ static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_
static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct business_notify_data *bnd_label=(struct business_notify_data *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]);
struct business_notify_data *bnd_label=(struct business_notify_data *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]);
if(bnd_label==NULL || bnd_label->pdata==NULL)
{
return 0;
@@ -1338,7 +1328,7 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
if(shaping_label==NULL)
{
return 0;
@@ -1351,10 +1341,14 @@ int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle
offset+=snprintf(shaping_rule_ids+offset, sizeof(shaping_rule_ids)-offset, "%d,", shaping_label->shaping_result[i].config_id);
}
shaping_rule_ids[offset-1]='\0';
TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING);
return 1;
if(offset>0)
{
shaping_rule_ids[offset-1]='\0';
TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING);
return 1;
}
return 0;
}
static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
@@ -1445,7 +1439,7 @@ static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h
break;
}
ptmp = pfather;;
ptmp=pfather;
tunnel_array.PushBack(tunnel_object, _handle->document->GetAllocator());
}
@@ -1499,7 +1493,6 @@ int is_multi_hit_same_policy(struct Maat_rule_t *result, int *policy_id, int *po
static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct Maat_rule_t *p_result, int thread_seq)
{
int ret=0;
cJSON *item=NULL;
cJSON *object=NULL;
char *user_region=NULL;
@@ -1511,7 +1504,7 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo
if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0)
{
user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1);
ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1);
int ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1);
if(ret==p_result->serv_def_len)
{
user_region[p_result->serv_def_len]='\0';
@@ -1567,7 +1560,7 @@ int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_ha
}
struct application_behavior *behavior_result=NULL;
behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]);
behavior_result=(struct application_behavior *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]);
if(behavior_result==NULL)
{
return 0;
@@ -1587,7 +1580,7 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
int i=0;
struct tsg_notify_execution_result *execution_result=NULL;
execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]);
execution_result=(struct tsg_notify_execution_result *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]);
if(execution_result==NULL)
{
return 0;
@@ -1681,13 +1674,12 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
int i=0;
struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]);
struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]);
if(uda_label!=NULL)
{
Value array(kArrayType);
for(i=0; i<uda_label->attribute_num; i++)
for(int i=0; i<uda_label->attribute_num; i++)
{
Value object(kObjectType);
switch(uda_label->attribute[i].type)
@@ -1715,20 +1707,19 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream)
{
int ret=0;
char *addr_proto=NULL;
char stream_id_buff[128]={0};
unsigned long long stream_id=0;
if(instance==NULL || handle==NULL || a_stream==NULL)
{
if(instance)
{
MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TLD_APPEND_STREAM", "TLD_handle==NULL || addr==NULL");
}
return -1;
}
struct TLD_handle_t *_handle=handle;
struct tsg_log_instance_t *_instance=instance;
if(_instance==NULL || _handle==NULL || a_stream==NULL)
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TLD_APPEND_STREAM", "instance==NULL || TLD_handle==NULL || addr==NULL");
return -1;
}
ret=set_linkinfo(_instance, _handle, a_stream);
int ret=set_linkinfo(_instance, _handle, a_stream);
if(ret==0)
{
set_direction(_instance, _handle, a_stream);
@@ -1748,11 +1739,12 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
set_common_tunnels(_instance, _handle, a_stream);
}
stream_id=tsg_get_stream_id(a_stream);
unsigned long long stream_id=tsg_get_stream_id(a_stream);
char stream_id_buff[128]={0};
snprintf(stream_id_buff, sizeof(stream_id_buff), "%llu", stream_id);
TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)stream_id_buff, TLD_TYPE_STRING);
addr_proto=(char *)layer_addr_prefix_ntop(a_stream);
char *addr_proto=(char *)layer_addr_prefix_ntop(a_stream);
TLD_append(_handle, _instance->id2field[LOG_COMMON_L4_PROTOCOL].name, (void *)addr_proto, TLD_TYPE_STRING);
return 0;
@@ -1784,7 +1776,7 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top
continue;
}
memset(type_name, 0, sizeof(type_name));
ret=sscanf(line, "%s %s %d", type_name, field_name, &id);
ret=sscanf(line, "%31s %63s %d", type_name, field_name, &id);
assert(ret==3);
for(i=0; i<TLD_TYPE_MAX; i++)
@@ -1863,19 +1855,19 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top
struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle)
{
int i=0,ret=0;
char nic_name[32]={0};
char override_sled_ip[32]={0};
char kafka_errstr[1024]={0};
unsigned int local_ip_nr=0;
char bridge_name[LOG_BRIDGE_MAX][128]={0};
rd_kafka_conf_t *rdkafka_conf = NULL;
rd_kafka_conf_t *rdkafka_conf = NULL;
char broker_list[1024]={0};
struct tsg_log_instance_t *_instance=NULL;
char common_field_file[128]={0};
char log_path[128]={0};
_instance=(struct tsg_log_instance_t *)calloc(1, sizeof(struct tsg_log_instance_t));
_instance->fs2_handle=fs2_handle;
for(i=0; i<LOG_FS2_TYPE_MAX; i++)
for(int i=0; i<LOG_FS2_TYPE_MAX; i++)
{
_instance->fs2_field_id[i]=FS_register(_instance->fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_log_fs2_field[i].name);
}
@@ -1891,7 +1883,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
_instance->sum_line_id=FS_register(_instance->fs2_handle, FS_STYLE_LINE, FS_CALC_SPEED, "SUM");
MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30);
MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog");
MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", log_path, sizeof(log_path), "./log/tsglog");
MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_USER_REGION", &(_instance->send_user_region), 0);
MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_DATA_CENTER_SWITCH", &(_instance->send_data_center), 0);
MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_APP_ID_SWITCH", &(_instance->send_app_id), 0);
@@ -1909,7 +1901,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
MESA_load_profile_string_def(conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT]), "TSG_APPLICATION_BEHAVIOR");
MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT], sizeof(bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]), "TSG_NOTIFICATION_EXECUTION_RESULT");
for(i=0; i<LOG_BRIDGE_MAX; i++)
for(int i=0; i<LOG_BRIDGE_MAX; i++)
{
_instance->bridge_id[i]=stream_bridge_build(bridge_name[i], "w");
if(_instance->bridge_id[i]<0)
@@ -1918,10 +1910,10 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
}
}
_instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level);
_instance->logger=MESA_create_runtime_log_handle(log_path, _instance->level);
if(_instance->logger==NULL)
{
printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", _instance->log_path, _instance->level);
printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", log_path, _instance->level);
return NULL;
}
@@ -1934,8 +1926,8 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
MESA_load_profile_int_def(conffile, "TSG_LOG", "RECOVERY_INTERVEL_S", &(_instance->recovery_interval), 30);
MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL);
MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL);
MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", common_field_file, sizeof(common_field_file), NULL);
MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", broker_list, sizeof(broker_list), NULL);
MESA_load_profile_string_def(conffile, "TSG_LOG", "SASL_USERNAME", _instance->sasl_username, sizeof(_instance->sasl_username), ""); //admin
MESA_load_profile_string_def(conffile, "TSG_LOG", "SASL_PASSWD", _instance->sasl_passwd, sizeof(_instance->sasl_passwd), "");
@@ -1963,8 +1955,9 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
char *sled_ip=getenv(override_sled_ip);
if(sled_ip==NULL)
{
char nic_name[32]={0};
MESA_load_profile_string_def(conffile, "SYSTEM", "NIC_NAME", nic_name, sizeof(nic_name), "lo");
ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
int ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
if(ret<0)
{
MESA_handle_runtime_log(_instance->logger,
@@ -1987,7 +1980,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", _instance->refresh_interval_ms, kafka_errstr, sizeof(kafka_errstr));
rd_kafka_conf_set(rdkafka_conf, "request.required.acks", _instance->require_ack, kafka_errstr, sizeof(kafka_errstr));
rd_kafka_conf_set(rdkafka_conf, "socket.keepalive.enable", "true", kafka_errstr, sizeof(kafka_errstr));
rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", _instance->broker_list, kafka_errstr, sizeof(kafka_errstr));
rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", broker_list, kafka_errstr, sizeof(kafka_errstr));
if(strlen(_instance->sasl_username)> 0 && strlen(_instance->sasl_passwd)>0)
{
@@ -2003,11 +1996,11 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
return NULL;
}
load_log_common_field(_instance->common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
load_log_common_field(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
if(_instance->service2topic!=NULL)
{
for(i=0; i<_instance->max_service; i++)
for(int i=0; i<_instance->max_service; i++)
{
if(_instance->service2topic[i].type==TLD_TYPE_MAX && strlen(_instance->service2topic[i].name)>0)
{
@@ -2022,12 +2015,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
}
else
{
MESA_handle_runtime_log(_instance->logger,
RLOG_LV_FATAL,
"KAFKA_INIT",
"load_log_common_field is error, please check %s",
_instance->common_field_file
);
MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "load_log_common_field is error, please check %s", common_field_file);
}
return _instance;
@@ -2096,21 +2084,117 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance)
return ;
}
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id)
int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_id)
{
int fs_id=0,ret=0;
int i=0,repeat_cnt=0;
int fs_id=0,ret=0,repeat_cnt=0;
int policy_id[MAX_RESULT_NUM]={0};
struct TLD_handle_t *_handle=handle;
struct tsg_log_instance_t *_instance=instance;
if(_instance==NULL || _handle==NULL || log_msg==NULL)
for(int i=0;i<p_result_num; i++)
{
if(is_multi_hit_same_policy(&(p_result[i]), policy_id, &repeat_cnt))
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg same log:cfg_id=%d service=%d addr=%s",
p_result[i].config_id,
p_result[i].service_id,
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
continue;
}
switch(p_result[i].do_log)
{
case LOG_ABORT:
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg abort log:cfg_id=%d service=%d addr=%s",
p_result[i].config_id,
p_result[i].service_id,
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
fs_id=action2fs_id((int)p_result[i].action);
FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1);
continue;
break;
case LOG_ALL:
if(p_result[i].action==TSG_ACTION_MONITOR)
{
set_s3_filename(_instance, _handle, a_stream);
set_mail_eml(_instance, _handle, a_stream);
}
break;
case LOG_NOFILE:
if(p_result[i].action==TSG_ACTION_MONITOR)
{
TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name);
}
break;
default:
break;
}
ret=update_percent(_instance, p_result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id);
if(ret==1)
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s",
p_result[i].config_id,
p_result[i].service_id,
_instance->service2topic[p_result[i].service_id].send_log_percent[thread_id],
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
continue;
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(p_result[i].config_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(p_result[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)p_result[i].action), TLD_TYPE_LONG);
set_notify_execution_result(_instance, _handle, a_stream, &(p_result[i]));
if(_instance->send_nat_linkinfo &&p_result[i].config_id==0 && a_stream!=NULL)
{
set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]);
set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]);
}
set_xxxx_from_user_region(_handle, _instance, &(p_result[i]), thread_id);
StringBuffer sb(0, 2048);
Writer<StringBuffer> writer(sb);
_handle->document->Accept(writer);
tsg_send_payload(_instance, p_result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
}
return 0;
}
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id)
{
if(instance==NULL || handle==NULL || log_msg==NULL)
{
TLD_cancel(handle);
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL ");
if(instance!=NULL)
{
MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL ");
}
return -1;
}
struct TLD_handle_t *_handle=handle;
struct tsg_log_instance_t *_instance=instance;
if(_instance->mode==CLOSE)
{
TLD_cancel(handle);
@@ -2140,99 +2224,22 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
set_application_behavior(_instance, _handle, log_msg->a_stream);
if(log_msg->result[i].service_id==2 && log_msg->a_stream!=NULL) // stream of intercept is NULL
if(log_msg->result[0].service_id==2 && log_msg->a_stream!=NULL) // stream of intercept is NULL
{
set_shaping_rule_ids(_instance, _handle, log_msg->a_stream);
}
for(i=0;i<log_msg->result_num; i++)
send_log(_instance, _handle, log_msg->a_stream, log_msg->result, log_msg->result_num, thread_id);
//fetch firewall result
struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
if(priority_label!=NULL && priority_label->security_result_num>0)
{
if(is_multi_hit_same_policy(&(log_msg->result[i]), policy_id, &repeat_cnt))
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg same log:cfg_id=%d service=%d addr=%s",
log_msg->result[i].config_id,
log_msg->result[i].service_id,
(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
);
continue;
}
switch(log_msg->result[i].do_log)
{
case LOG_ABORT:
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg abort log:cfg_id=%d service=%d addr=%s",
log_msg->result[i].config_id,
log_msg->result[i].service_id,
(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
);
fs_id=action2fs_id((int)log_msg->result[i].action);
FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1);
continue;
break;
case LOG_ALL:
if(log_msg->result[i].action==TSG_ACTION_MONITOR)
{
set_s3_filename(_instance, _handle, log_msg->a_stream);
set_mail_eml(_instance, _handle, log_msg->a_stream);
}
break;
case LOG_NOFILE:
if(log_msg->result[i].action==TSG_ACTION_MONITOR)
{
TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name);
}
break;
default:
break;
}
ret=update_percent(_instance, log_msg->result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id);
if(ret==1)
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s",
log_msg->result[i].config_id,
log_msg->result[i].service_id,
_instance->service2topic[log_msg->result[i].service_id].send_log_percent[thread_id],
(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
);
continue;
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(log_msg->result[i].config_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);
set_notify_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
if(_instance->send_nat_linkinfo && log_msg->result[i].config_id==0 && log_msg->a_stream!=NULL)
{
set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]);
set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]);
}
set_xxxx_from_user_region(_handle, _instance, &(log_msg->result[i]), thread_id);
StringBuffer sb(0, 2048);
Writer<StringBuffer> writer(sb);
_handle->document->Accept(writer);
tsg_send_payload(_instance, log_msg->result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
send_log(_instance, _handle, log_msg->a_stream, priority_label->security_result, priority_label->security_result_num, thread_id);
free_policy_label(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
tsg_set_xxx_to_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
}
TLD_cancel(handle);
return 0;
@@ -2248,8 +2255,8 @@ int tsg_register_topic(struct tsg_log_instance_t *instance, char *topic_name)
_instance->service2topic=(struct topic_stat *)realloc(_instance->service2topic, (_instance->max_service+1)*sizeof(struct topic_stat));
_instance->service2topic[_instance->max_service].type=TLD_TYPE_MAX;
memset(_instance->service2topic[_instance->max_service].name, 0, MAX_STRING_LEN);
memcpy(_instance->service2topic[_instance->max_service].name, topic_name, MIN(MAX_STRING_LEN-1, strlen(topic_name)));
memset(_instance->service2topic[_instance->max_service].name, 0, MAX_STRING_LEN32);
memcpy(_instance->service2topic[_instance->max_service].name, topic_name, MIN(MAX_STRING_LEN32-1, strlen(topic_name)));
register_topic(_instance, &(_instance->service2topic[_instance->max_service]));
_instance->max_service++;
@@ -2308,9 +2315,6 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa
);
}
update_percent(_instance, topic_id, LOG_COLUMN_STATUS_MAX, thread_id);
return 0;

27
src/tsg_send_log_internal.h
View File

@@ -11,7 +11,10 @@
#define MAX_L7_PROTO_ID 150
#define MAX_IPV4_LEN 16
#define MAX_STRING_LEN 32
#ifndef MAX_STRING_LEN32
#define MAX_STRING_LEN32 32
#endif
enum _SEND_MODE
{
@@ -181,7 +184,7 @@ typedef struct _id2field
{
int type;
int id;
char name[MAX_STRING_LEN];
char name[MAX_STRING_LEN32];
}id2field_t;
struct topic_stat
@@ -190,7 +193,7 @@ struct topic_stat
int type;
int fs2_line_id;
int *send_log_percent;
char name[MAX_STRING_LEN];
char name[MAX_STRING_LEN32];
long long *drop_start;
rd_kafka_topic_t *topic_rkt;
};
@@ -215,18 +218,14 @@ struct tsg_log_instance_t
int bridge_id[LOG_BRIDGE_MAX];
int fs2_column_id[LOG_COLUMN_STATUS_MAX];
int fs2_field_id[LOG_FS2_TYPE_MAX];
char log_path[MAX_STRING_LEN*2];
char tcp_label[MAX_STRING_LEN];
char udp_label[MAX_STRING_LEN];
char common_field_file[MAX_STRING_LEN*4];
char broker_list[MAX_STRING_LEN*8];
char sasl_username[MAX_STRING_LEN];
char sasl_passwd[MAX_STRING_LEN];
char send_queue_max_msg[MAX_STRING_LEN];
char require_ack[MAX_STRING_LEN];
char refresh_interval_ms[MAX_STRING_LEN];
char tcp_label[MAX_STRING_LEN32];
char udp_label[MAX_STRING_LEN32];
char sasl_username[MAX_STRING_LEN32];
char sasl_passwd[MAX_STRING_LEN32];
char send_queue_max_msg[MAX_STRING_LEN32];
char require_ack[MAX_STRING_LEN32];
char refresh_interval_ms[MAX_STRING_LEN32];
char local_ip_str[MAX_IPV4_LEN];
char l7_proto_id_file[MAX_STRING_LEN*4];
id2field_t id2field[LOG_COMMON_MAX];
rd_kafka_t *kafka_handle;
struct topic_stat *service2topic;

11
src/tsg_ssl_utils.cpp
View File

@@ -174,13 +174,12 @@ static char* parse_alpn_extension(const unsigned char* buff, size_t buff_len, en
static char* parse_server_name_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
{
size_t pos = 2; /* skip server name list length */
size_t len;
size_t pos = 2; /* skip server name list length */
char* sni = NULL;
while (pos + 3 < buff_len)
while (pos + 3 < buff_len)
{
len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2];
if (pos + 3 + len > buff_len)
size_t len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2];
if (pos + 3 + len > buff_len)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
return NULL;
@@ -366,7 +365,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
*result = CHELLO_PARSE_NOT_ENOUGH_BUFF;
return NULL;
}
if(buff[1] != 3 || buff[2] > 4 || buff[2] < 0)
if(buff[1] != 3 || buff[2] > 4)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
return NULL;

16
src/tsg_statistic.cpp
View File

@@ -203,9 +203,6 @@ static int _set_traffic_info(struct _traffic_info *from, struct _traffic_info *t
}
static void *tsg_statistic_thread(void *arg)
{
long long value=0;
long long total_value=0;
int value_len=sizeof(long long);
int thread_num=get_thread_count();
struct _traffic_info policy_traffic_info;
struct _traffic_info total_traffic_info;
@@ -215,6 +212,10 @@ static void *tsg_statistic_thread(void *arg)
while(g_tsg_statis_para.thread_alive)
{
long long value=0;
long long total_value=0;
int value_len=sizeof(long long);
memset(&policy_traffic_info, 0, sizeof(policy_traffic_info));
memset(&total_traffic_info, 0, sizeof(total_traffic_info));
memset(&default_traffic_info, 0, sizeof(default_traffic_info));
@@ -344,9 +345,9 @@ int tsg_statistic_init(const char *conffile, void *logger)
int output_prometheus=0;
int i=0,value=0,thread_num=0;
unsigned short fs_server_port=0;
char app_name[MAX_STRING_LEN]={0};
char app_name[128]={0};
char fs_server_ip[MAX_IPV4_LEN]={0};
char fs_output_path[MAX_STRING_LEN*4]={0};
char fs_output_path[128]={0};
memset(&g_tsg_statis_para, 0, sizeof(g_tsg_statis_para));
@@ -381,7 +382,6 @@ int tsg_statistic_init(const char *conffile, void *logger)
FS_set_para(g_tsg_statis_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
value=1;
FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
@@ -390,8 +390,8 @@ int tsg_statistic_init(const char *conffile, void *logger)
FS_set_para(g_tsg_statis_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
}
value=FS_OUTPUT_INFLUX_LINE;
FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &value, sizeof(value));
int output_influx_line=FS_OUTPUT_INFLUX_LINE;
FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &output_influx_line, sizeof(output_influx_line));
g_tsg_statis_para.fs_field_id[STATIS_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"new_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_ESTABLISHED_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, (char *)"established_conn_num");

6
src/tsg_tamper.cpp
View File

@@ -34,8 +34,6 @@
int swap_payload2byte(char *str, int endlen)
{
int i = 0;
int j = 0;
char temp;
if(endlen<4){ //最少满足2个16bit的长度即最小4字节。
@@ -43,8 +41,8 @@ int swap_payload2byte(char *str, int endlen)
}
//这样交换是别面校验和不对的问题
for(i=1; i<endlen; i=i+2){
for (j=i+2; j<endlen; j=j+2){
for(int i=1; i<endlen; i=i+2){
for (int j=i+2; j<endlen; j=j+2){
if(str[i] != str[j]){
temp = str[i];
str[i] = str[j];

89
src/tsg_variable.cpp
View File

@@ -1,89 +0,0 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <sys/time.h>
#include <unistd.h>
#include "tsg_variable.h"
g_tsg_para_t g_tsg_para;
id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
{0, TSG_FS2_UDP_LINKS, "udp_links"},
{0, TSG_FS2_BYPASS, "bypass"},
{0, TSG_FS2_HIT_ADDR, "hit_addr"},
{0, TSG_FS2_HIT_SHARE, "hit_share"},
{0, TSG_FS2_INTERCEPT, "intercept"},
{0, TSG_FS2_SHAPING, "shaping"},
{0, TSG_FS2_EXCLUSION, "exclusion"},
{0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
{0, TSG_FS2_APP_Q_RESULT, "Q_result"},
{0, TSG_FS2_APP_USER_RESULT, "U_result"},
{0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"},
{0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
{0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
{0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
{0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
{0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
{0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
{0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
{0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"},
{0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"},
{0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"},
{0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"},
{0, TSG_FS2_ASN_ADD, "asn_add"},
{0, TSG_FS2_ASN_DEL, "asn_del"},
{0, TSG_FS2_GTPC_ADD, "gtpc_add"},
{0, TSG_FS2_GTPC_DEL, "gtpc_del"},
{0, TSG_FS2_LOCATION_ADD, "location_add"},
{0, TSG_FS2_LOCATION_DEL, "location_del"},
{0, TSG_FS2_FQDN_ADD, "fqdn_add"},
{0, TSG_FS2_FQDN_DEL, "fqdn_del"},
{0, TSG_FS2_SUBSCRIBER_ADD, "subscriber_add"},
{0, TSG_FS2_SUBSCRIBER_DEL, "subscriber_del"},
{0, TSG_FS2_SECURIRY_ADD, "security_add"},
{0, TSG_FS2_SECURIRY_DEL, "security_del"},
{0, TSG_FS2_MIRRORED_ADD, "mirrored_add"},
{0, TSG_FS2_MIRRORED_DEL, "mirrored_del"},
{0, TSG_FS2_HTTP_RES_ADD, "http_res_add"},
{0, TSG_FS2_HTTP_RES_DEL, "http_res_del"},
{0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"},
{0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"},
{0, TSG_FS2_APP_ID_ADD, "app_id_add"},
{0, TSG_FS2_APP_ID_DEL, "app_id_del"},
{0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"},
{0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"},
{0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"},
{0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"},
{0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"},
{0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"}
};
id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
{PROTO_IPv4, 0, "IPV4"},
{PROTO_IPv6, 0, "IPV6"},
{PROTO_TCP, 0, "TCP"},
{PROTO_UDP, 0, "UDP"},
{PROTO_HTTP, 0, "HTTP"},
{PROTO_MAIL, 0, "MAIL"},
{PROTO_DNS, 0, "DNS"},
{PROTO_FTP, 0, "FTP"},
{PROTO_SSL, 0, "SSL"},
{PROTO_SIP, 0, "SIP"},
{PROTO_BGP, 0, "BGP"},
{PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
{PROTO_QUIC, 0, "QUIC"},
{PROTO_SSH, 0, "SSH"},
{PROTO_SMTP, 0, "SMTP"},
{PROTO_IMAP, 0, "IMAP"},
{PROTO_POP3, 0, "POP3"},
{PROTO_RTP, 0, "RTP"},
{PROTO_APP, 0, "BASE"},
{PROTO_L2TP, 0, "L2TP"},
{PROTO_PPTP, 0, "PPTP"},
{PROTO_STRATUM, 0, "Stratum"},
{PROTO_RDP, 0, "RDP"},
{PROTO_DTLS, 0, "DTLS"}
};

173
src/tsg_variable.h
View File

@@ -1,5 +1,142 @@
#pragma once
#include <MESA/stream.h>
#include <MESA/field_stat2.h>
#include <ctemplate/template.h>
enum TSG_FS2_TYPE
{
TSG_FS2_TCP_LINKS=0,
TSG_FS2_UDP_LINKS,
TSG_FS2_BYPASS,
TSG_FS2_HIT_ADDR,
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_SHAPING,
TSG_FS2_EXCLUSION,
TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT,
TSG_FS2_APP_USER_RESULT,
TSG_FS2_APP_BUILT_IN_RESULT,
TSG_FS2_INJECT_PKT_SUCCESS,
TSG_FS2_INJECT_PKT_FAILED,
TSG_FS2_MIRRORED_PKT_SUCCESS,
TSG_FS2_MIRRORED_BYTE_SUCCESS,
TSG_FS2_MIRRORED_PKT_FAILED,
TSG_FS2_MIRRORED_BYTE_FAILED,
TSG_FS2_SET_TIMOUT_SUCCESS,
TSG_FS2_SET_TIMOUT_FAILED,
TSG_FS2_SUCESS_TAMPER,
TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
TSG_FS2_TAMPER_FAILED_NOSWAP,
TSG_FS2_ASN_ADD,
TSG_FS2_ASN_DEL,
TSG_FS2_GTPC_ADD,
TSG_FS2_GTPC_DEL,
TSG_FS2_LOCATION_ADD,
TSG_FS2_LOCATION_DEL,
TSG_FS2_FQDN_ADD,
TSG_FS2_FQDN_DEL,
TSG_FS2_SUBSCRIBER_ADD,
TSG_FS2_SUBSCRIBER_DEL,
TSG_FS2_SECURIRY_ADD,
TSG_FS2_SECURIRY_DEL,
TSG_FS2_MIRRORED_ADD,
TSG_FS2_MIRRORED_DEL,
TSG_FS2_HTTP_RES_ADD,
TSG_FS2_HTTP_RES_DEL,
TSG_FS2_DNS_RES_ADD,
TSG_FS2_DNS_RES_DEL,
TSG_FS2_APP_ID_ADD,
TSG_FS2_APP_ID_DEL,
TSG_FS2_TUNNEL_CATALOG_ADD,
TSG_FS2_TUNNEL_CATALOG_DEL,
TSG_FS2_TUNNEL_ENDPOINT_ADD,
TSG_FS2_TUNNEL_ENDPOINT_DEL,
TSG_FS2_TUNNEL_LABEL_ADD,
TSG_FS2_TUNNEL_LABEL_DEL,
TSG_FS2_MAX
};
enum DEPLOY_MODE
{
DEPLOY_MODE_MIRROR,
DEPLOY_MODE_INLINE,
DEPLOY_MODE_TRANSPARENT,
DEPLOY_MODE_MAX
};
enum MASTER_STATIC_TABLE
{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN,
TABLE_DST_ASN,
TABLE_SRC_LOCATION,
TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN,
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD,
TABLE_PROFILE_MIRROR,
TABLE_HTTP_URL,
TABLE_DTLS_SNI,
TABLE_TUNNEL_ID,
TABLE_TUNNEL_CATALOG,
TABLE_TUNNEL_ENDPOINT,
TABLE_TUNNEL_LABEL,
TABLE_SESSION_FLAGS,
TABLE_MAX
};
enum MASTER_DYNAMIC_TABLE
{
DYN_TABLE_SUBSCRIBER_IP=0,
DYN_TABLE_GTP_SIGNALING,
DYN_TABLE_MAX
};
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#ifndef MAX_TSG_ALL_RESULT_NUM
#define MAX_TSG_ALL_RESULT_NUM MAX_RESULT_NUM*2
#endif
#ifndef MAX_STRING_LEN32
#define MAX_STRING_LEN32 32
#endif
struct id2field
{
int type;
int id;
char name[MAX_STRING_LEN32];
};
struct reset_argv
{
int pkt_num;
@@ -10,7 +147,14 @@ struct reset_argv
int remedy;
};
#define _MAX_TABLE_NAME_LEN 64
#ifndef MAX_TABLE_NAME_LEN
#define MAX_TABLE_NAME_LEN 64
#endif
#ifndef MAX_STRING_LEN128
#define MAX_STRING_LEN128 128
#endif
typedef struct tsg_para
{
int level;
@@ -32,25 +176,19 @@ typedef struct tsg_para
int unknown_app_id;
int hit_path_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int priority_project_id;
int shaping_project_id;
int session_attribute_project_id;
int context_project_id;
int tcpall_project_id;
int gather_app_project_id;
int bridge_id[BRIDGE_TYPE_MAX];
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOMAIN_LEN/8];
char log_path[MAX_DOMAIN_LEN/8];
char device_id_command[MAX_DOMAIN_LEN/8];
char data_center[_MAX_TABLE_NAME_LEN];
char device_tag[MAX_DOMAIN_LEN/2];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
char device_sn[MAX_STRING_LEN128];
char log_path[MAX_STRING_LEN128];
char device_id_command[MAX_STRING_LEN128];
char data_center[MAX_STRING_LEN128];
char device_tag[MAX_STRING_LEN128];
char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN];
struct bridge_info bridge[BRIDGE_TYPE_MAX];
void *logger;
void *maat_logger;
struct reset_argv reset;
@@ -66,4 +204,5 @@ typedef struct tsg_para
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
extern struct id2field g_tsg_proto_name2id[PROTO_MAX];