From 145786c2da0939fdf12f85fab44667c8eba54305 Mon Sep 17 00:00:00 2001 From: liuxueli Date: Sat, 14 Aug 2021 17:39:09 +0800 Subject: [PATCH] =?UTF-8?q?TSG-7422:=20firewall=20=E6=8F=92=E4=BB=B6HTTP?= =?UTF-8?q?=E5=86=85=E5=AE=B9=E5=85=B3=E9=94=AE=E5=AD=97=E9=80=82=E9=85=8D?= =?UTF-8?q?=E8=99=9A=E6=8B=9F=E8=A1=A8=E5=90=8D=E5=8F=98=E6=9B=B4=20TSG-73?= =?UTF-8?q?90:=20=E5=BC=80=E5=90=AFstatic=E7=AD=96=E7=95=A5=E5=92=8Cdynami?= =?UTF-8?q?c=E7=AD=96=E7=95=A5Maat=E5=8F=A5=E6=9F=84=E7=9A=84Prometheus?= =?UTF-8?q?=E8=BE=93=E5=87=BA=20TSG-7388:=20=E8=B0=83=E6=95=B4tsgconf/main?= =?UTF-8?q?.conf=E4=B8=AD=E7=9A=84=E9=85=8D=E7=BD=AE=E9=A1=B9entrance=5Fid?= =?UTF-8?q?=E5=88=B0data=5Fcenter=5Fid=20TSG-7387:=20=E5=9C=A8Provision?= =?UTF-8?q?=E4=B8=AD=E5=A2=9E=E5=8A=A0=E8=AE=A1=E7=AE=97=E6=9D=BF=E5=8D=A1?= =?UTF-8?q?=EF=BC=88=E5=8D=95=E5=85=83=EF=BC=89=E5=9C=A8=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E4=B8=AD=E5=BF=83=E4=B8=AD=E7=9A=84=E9=A1=BA=E5=BA=8F=E5=8F=B7?= =?UTF-8?q?=E7=9A=84=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/tsg_static_tableinfo.conf | 4 ++-- src/tsg_entry.cpp | 29 ++++++++++++++++------------- src/tsg_entry.h | 4 ++-- src/tsg_rule.cpp | 9 +++++++-- src/tsg_send_log.cpp | 2 +- 5 files changed, 28 insertions(+), 20 deletions(-) diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index 114c77e..bd63ecd 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -26,8 +26,8 @@ 14 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- 15 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- 16 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- -17 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- -18 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- +17 TSG_FIELD_HTTP_REQ_BODY virtual TSG_OBJ_KEYWORDS -- +18 TSG_FIELD_HTTP_RES_BODY virtual TSG_OBJ_KEYWORDS -- 19 TSG_FIELD_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- 20 TSG_FIELD_SSL_CN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- 21 TSG_FIELD_SSL_SAN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 9fb167c..40a95ef 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -143,7 +143,7 @@ static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len) return flags; } -static int get_device_id(char *command, int entrance_id) +static int get_device_id(char *command, int datacenter_id) { FILE *fp=NULL; char buffer[128]={0}; @@ -155,7 +155,7 @@ static int get_device_id(char *command, int entrance_id) pclose(fp); } - return (entrance_id<<7)+(atoi(buffer)%128); + return (datacenter_id<<7)+(atoi(buffer)%128); } static int get_deploy_mode(void) @@ -1532,14 +1532,12 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns break; case TSG_ACTION_MONITOR: vlan_num=tsg_get_vlan_id_by_monitor_rule(g_tsg_maat_feather, result, hit_num, vlan, MAX_RESULT_NUM); - ret=tsg_set_vlan_id_to_tcpall(a_stream, &context, vlan, vlan_num, thread_seq); + ret=tsg_set_vlan_id_to_tcpall(a_stream, (struct tcpall_context**)pme, vlan, vlan_num, thread_seq); if(ret<=0) { return state; } - - *pme=(void *)(context); - tsg_send_raw_packet(a_stream, context->vlan, context->vlan_num, thread_seq); + context=(struct tcpall_context*)(*pme); break; default: break; @@ -1548,9 +1546,6 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns Maat_clean_status(&scan_mid); scan_mid=NULL; - case OP_STATE_DATA: - case OP_STATE_CLOSE: - break; default: break; @@ -1677,13 +1672,21 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;"); tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "ENTRANCE_ID", &g_tsg_para.entrance_id, 0); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0); MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL); - g_tsg_para.device_id=get_device_id(g_tsg_para.device_id_command, g_tsg_para.entrance_id); - + ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0); + if(ret<0) + { + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL); + g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id); + } + else + { + g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128); + } + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json"); ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn)); if(ret==0) diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 525e910..1384f7b 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -219,8 +219,8 @@ typedef struct tsg_para short mirror_switch; unsigned short timeout; int app_dict_field_num; - int device_id; - int entrance_id; + int device_seq_in_dc; + int datacenter_id; int hash_timeout; int hash_slot_size; enum DEPLOY_MODE deploy_mode; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index b51e96c..ca88986 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -1303,6 +1303,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam char effective_tag_key[128]={0}; char effective_range_filename[1024]={0}; char redis_ip[16]={0}, effective_flag[1024]={0}; + int output_prometheus=0; int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0; char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0}; char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0}; @@ -1329,6 +1330,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam MESA_load_profile_int_def(conffile, module,"MAAT_MODE", &(maat_mode),0); MESA_load_profile_int_def(conffile, module,"STAT_SWITCH", &(maat_stat_on),1); MESA_load_profile_int_def(conffile, module,"PERF_SWITCH", &(maat_perf_on),1); + MESA_load_profile_int_def(conffile, module,"OUTPUT_PROMETHEUS", &(output_prometheus), 1); MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), ""); MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), ""); @@ -1361,7 +1363,9 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); - Maat_set_feather_opt(_maat_feather, MAAT_OPT_FOREIGN_CONT_DIR, "./alerts_files", strlen("./alerts_files")+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_FOREIGN_CONT_DIR, "./alerts_files", strlen("./alerts_files")+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); } else { @@ -1374,7 +1378,8 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam { MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "EFFECTIVE_RANGE", "Effective range is empty, please check %s", effective_range_filename); } - Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); + Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); if(maat_mode==1) { MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 31c5bf5..de11e48 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -1081,7 +1081,7 @@ unsigned long long tsg_get_stream_id(struct streaminfo * a_stream) { int ret=0; int device_id_size=sizeof(unsigned long long); - unsigned long long device_id=(unsigned long long)g_tsg_para.device_id; + unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc; ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size); if(ret==0)