gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14654: 控制报文格式调整, 增加将cmsg字段发送给TFE, 控制报文采用mpack封装格式

Browse Source
This commit is contained in:
刘学利
2023-05-06 02:23:12 +00:00
parent 5bc9831e03
commit 224f503289
28 changed files with 17186 additions and 396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -4,7 +4,7 @@ variables:
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel libfieldstat3-devel
INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel libfieldstat3-devel
stages:
- analysis
@@ -67,6 +67,7 @@ run_cppcheck_for_centos7:
--suppress=unmatchedSuppression
--suppress=redundantAssignment
--suppress=constParameter
-i/builds/tango/tsg_master/src/mpack.c
tags:
- share
@@ -91,6 +92,7 @@ run_cppcheck_for_centos8:
--suppress=unmatchedSuppression
--suppress=redundantAssignment
--suppress=constParameter
-i/builds/tango/tsg_master/src/mpack.c
tags:
- share

1
CMakeLists.txt
View File

@@ -31,6 +31,7 @@ if (CMAKE_CXX_CPPCHECK)
"--suppress=memleakOnRealloc"
"--suppress=redundantAssignment"
"--suppress=constParameter"
"--suppress=*:${PROJECT_SOURCE_DIR}/src/mpack.c"
)
set(CMAKE_C_CPPCHECK ${CMAKE_CXX_CPPCHECK})
else()

4
bin/tsg_static_tableinfo.json
View File

@@ -2,7 +2,7 @@
{
"table_id": 0,
"table_name": "TSG_COMPILE",
"db_tables":["TSG_SECURITY_COMPILE", "TRAFFIC_SHAPING_COMPILE", "SERVICE_CHAINING_COMPILE", "APP_SIG_COMPILE", "APP_PRE_SIG_COMPILE", "APP_SELECTOR_COMPILE"],
"db_tables":["TSG_SECURITY_COMPILE", "PXY_INTERCEPT_COMPILE", "TRAFFIC_SHAPING_COMPILE", "SERVICE_CHAINING_COMPILE", "APP_SIG_COMPILE", "APP_PRE_SIG_COMPILE", "APP_SELECTOR_COMPILE"],
"table_type": "compile",
"user_region_encoded": "escape",
"valid_column": 8,
@@ -21,7 +21,7 @@
{
"table_id": 1,
"table_name": "TSG_GROUP_COMPILE_RELATION",
"db_tables":["GROUP_SECURITY_COMPILE_RELATION", "GROUP_SHAPING_COMPILE_RELATION", "GROUP_SERVICE_CHAINING_COMPILE_RELATION", "APP_SIG_GROUP_COMPILE_RELATION", "APP_PRE_SIG_GROUP_COMPILE_RELATION", "APP_SELECTOR_GROUP_COMPILE_RELATION"],
"db_tables":["GROUP_SECURITY_COMPILE_RELATION", "GROUP_PXY_INTERCEPT_COMPILE_RELATION", "GROUP_SHAPING_COMPILE_RELATION", "GROUP_SERVICE_CHAINING_COMPILE_RELATION", "APP_SIG_GROUP_COMPILE_RELATION", "APP_PRE_SIG_GROUP_COMPILE_RELATION", "APP_SELECTOR_GROUP_COMPILE_RELATION"],
"table_type": "group2compile",
"associated_compile_table_id": 0,
"valid_column": 3,

7
ctest/CMakeLists.txt
View File

@@ -10,14 +10,16 @@ add_test(NAME COPY_GTEST_PROTO_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin
add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_static_tableinfo.json ${CMAKE_BINARY_DIR}/testing/tsgconf/")
add_test(NAME COPY_GTEST_MAAT_RULE COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/gtest_maat.json ${CMAKE_BINARY_DIR}/testing/tsgconf/tsg_maat.json")
add_test(NAME COPY_GTEST_PROFILE_RESPONSE_PAGES COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/foreign_files ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_PROXY_PCAP COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/pcap ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_BRIDGE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_bridge ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_ACTION_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_action ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_SENDLOG_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sendlog ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_SYNC_SESSION_STATE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sync_session_state ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_SYNC_STATE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sync_state ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_FIELDSTAT3_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_fieldstat3 ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_PROXY_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_proxy ${CMAKE_BINARY_DIR}/testing/")
set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing)
add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR})
@@ -25,5 +27,6 @@ add_test(NAME GTEST_BRIDGE COMMAND gtest_bridge WORKING_DIRECTORY ${GTEST_RUN_DI
add_test(NAME GTEST_ACTION COMMAND gtest_action WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_SENDLOG COMMAND gtest_sendlog WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_SYNC_SESSION_STATE COMMAND gtest_sync_session_state WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_SYNC_STATE COMMAND gtest_sync_state WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_FIELDSTAT3 COMMAND gtest_fieldstat3 WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_PROXY COMMAND gtest_proxy WORKING_DIRECTORY ${GTEST_RUN_DIR})

3
inc/tsg_rule.h
View File

@@ -5,6 +5,7 @@
#define TSG_ACTION_NONE 0x00
#define TSG_ACTION_MONITOR 0x01
#define TSG_ACTION_INTERCEPT 0x02
#define TSG_ACTION_NO_INTERCEPT 0x03
#define TSG_ACTION_DENY 0x10
#define TSG_ACTION_SHAPING 0x20
#define TSG_ACTION_MANIPULATE 0x30
@@ -73,7 +74,7 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE
size_t tsg_matched_rules_select(struct maat *feather, TSG_SERVICE service, long long *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *feather, enum TSG_PROTOCOL proto, struct maat_state *s_mid, struct maat_rule *rules, size_t n_rules);
size_t session_matched_rules_copy(const struct streaminfo *a_stream, enum TSG_SERVICE service, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_rules_by_service_id(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules, enum TSG_SERVICE service_id);
int tsg_get_fqdn_category_ids(struct maat *feather, char *fqdn, unsigned int *category_ids, int n_category_ids);
unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data);

2
src/CMakeLists.txt
View File

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
add_definitions(-fPIC)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_protocol.cpp tsg_sync_state.cpp tsg_variable.cpp)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_protocol.cpp tsg_sync_state.cpp tsg_variable.cpp tsg_proxy.cpp mpack.c)
include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/)

7304
src/mpack.c Normal file
View File

File diff suppressed because it is too large Load Diff

8207
src/mpack.h Normal file
View File

File diff suppressed because it is too large Load Diff

6
src/tsg_bridge.cpp
View File

@@ -141,6 +141,12 @@ void session_runtime_attribute_free(const struct streaminfo *a_stream, int bridg
srt_attribute->ja3_fingerprint=NULL;
}
if(srt_attribute->proxy_tcp_attr != NULL)
{
dictator_free(a_stream->threadnum, (void *)srt_attribute->proxy_tcp_attr);
srt_attribute->proxy_tcp_attr = NULL;
}
dictator_free(a_stream->threadnum, data);
data=NULL;
}

1
src/tsg_bridge.h
View File

@@ -132,6 +132,7 @@ struct session_runtime_attribute
struct tunnel_endpoint *client_endpoint;
struct tunnel_endpoint *server_endpoint;
unsigned long session_flags;
struct tsg_proxy_tcp_attribute *proxy_tcp_attr;
};

125
src/tsg_entry.cpp
View File

@@ -31,6 +31,7 @@
#include "tsg_rule_internal.h"
#include "tsg_protocol_common.h"
#include "tsg_sync_state.h"
#include "tsg_proxy.h"
#ifdef __cplusplus
extern "C"
@@ -787,7 +788,20 @@ int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream,
return 1;
}
size_t matched_rules_increase_in_avtiving(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules)
int session_state_update_policy(struct update_policy *u_policy, struct maat_rule *matched_rules, size_t n_matched_rules, enum policy_type p_type)
{
u_policy->n_ids=n_matched_rules;
u_policy->type=p_type;
for(size_t i=0; i<n_matched_rules; i++)
{
u_policy->ids[i]=matched_rules[i].rule_id;
}
return 0;
}
size_t matched_rules_increase_in_activing(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules)
{
size_t n_inc_rules_offset=0;
size_t num=MIN(MAX_RESULT_NUM-matched_rules->n_rules, n_new_rules);
@@ -826,6 +840,10 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE
p_type=POLICY_UPDATE_SHAPING;
segment_id=(unsigned short)g_tsg_para.shaping_sid;
break;
case TSG_SERVICE_INTERCEPT:
p_type=POLICY_UPDATE_INTERCEPT;
segment_id=(unsigned short)g_tsg_para.intercept_sid;
break;
default:
return 0;
}
@@ -864,16 +882,23 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE
sid_list.sid_list[0]=segment_id;
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));
struct update_policy policy_array;
policy_array.n_ids=n_inc_rules;
policy_array.type=p_type;
for(size_t i=0; i<n_inc_rules; i++)
int policy_array_offset=1;
struct update_policy policy_array[2];
session_state_update_policy(&(policy_array[0]), inc_rules, n_inc_rules, p_type);
if(service==TSG_SERVICE_INTERCEPT)
{
policy_array.ids[i]=inc_rules[i].rule_id;
memset(&policy_array[0].cmsg, 0, sizeof(struct proxy_cmsg));
tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]));
struct matched_policy_rules *s_chaining = (struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_CHAINING);
if(s_chaining!=NULL)
{
policy_array_offset++;
session_state_update_policy(&(policy_array[1]), s_chaining->rules, s_chaining->n_rules, POLICY_UPDATE_SERVICE_CHAINING);
}
}
tsg_sync_policy_update(a_stream, &policy_array, 1);
tsg_sync_policy_update(a_stream, policy_array, policy_array_offset);
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)segment_ids, sizeof(struct segment_id_list));
@@ -896,7 +921,7 @@ int session_state_sync_in_activing(const struct streaminfo *a_stream, TSG_SERVIC
}
struct maat_rule inc_rules[MAX_RESULT_NUM]={0};
size_t n_inc_results=matched_rules_increase_in_avtiving(matched_rules, rules, n_rules, inc_rules, MAX_RESULT_NUM-matched_rules->n_rules);
size_t n_inc_results=matched_rules_increase_in_activing(matched_rules, rules, n_rules, inc_rules, MAX_RESULT_NUM-matched_rules->n_rules);
if(n_inc_results==0)
{
return 0;
@@ -1459,19 +1484,6 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre
srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_ALLOW, a_stream->threadnum);
break;
case TSG_ACTION_INTERCEPT:
if(tsg_scan_intercept_exclusion(a_stream, g_tsg_maat_feather, p_rule, srt_process_context->domain, a_stream->threadnum))
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1);
break;
}
session_matched_rules_notify(a_stream, TSG_SERVICE_INTERCEPT, p_rule, 1, a_stream->threadnum);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
break;
default:
break;
}
@@ -1479,9 +1491,9 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre
return state;
}
int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_results, size_t n_shaping_results, int thread_seq)
int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq)
{
session_state_sync_in_activing(a_stream, TSG_SERVICE_SHAPING, shaping_results, n_shaping_results, thread_seq);
session_state_sync_in_activing(a_stream, TSG_SERVICE_SHAPING, shaping_rules, n_shaping_rules, thread_seq);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1);
srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);
@@ -1489,6 +1501,17 @@ int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_ru
return 0;
}
int matched_intercept_rules_deal(const struct streaminfo *a_stream, struct maat_rule *intercept_rules, size_t n_intercept_rules, int thread_seq)
{
struct maat_rule *p_rule=matched_rules_decision_criteria(intercept_rules, n_intercept_rules);
session_state_sync_in_activing(a_stream, TSG_SERVICE_INTERCEPT, p_rule, 1, thread_seq);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);
return 0;
}
int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *s_chaining_rules, size_t n_s_chaining_rules, int thread_seq)
{
session_state_sync_in_activing(a_stream, TSG_SERVICE_CHAINING, s_chaining_rules, n_s_chaining_rules, thread_seq);
@@ -1500,25 +1523,33 @@ int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struc
unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *rules, size_t n_rules, const void *a_packet)
{
unsigned char state=APP_STATE_GIVEME;
struct maat_rule security_rules[MAX_RESULT_NUM]={0};
size_t n_security_rules=tsg_select_matched_security_rules(rules, n_rules, security_rules, MAX_RESULT_NUM);
if(n_security_rules>0)
struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0};
size_t n_s_chaining_rules=tsg_select_rules_by_service_id(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING);
if(n_s_chaining_rules>0)
{
state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum);
matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum);
}
struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
if(n_intercept_rules>0)
{
matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
}
struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
size_t n_shaping_rules=tsg_select_matched_shaping_rules(rules, n_rules, shaping_rules, MAX_RESULT_NUM);
if(n_shaping_rules>0 && !(state&APP_STATE_KILL_OTHER))
size_t n_shaping_rules=tsg_select_rules_by_service_id(rules, n_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
if(n_shaping_rules>0)
{
matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum);
}
struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0};
size_t n_s_chaining_rules=tsg_select_matched_service_chaining_rules(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM);
if(n_s_chaining_rules>0 && !(state&APP_STATE_KILL_OTHER))
struct maat_rule security_rules[MAX_RESULT_NUM]={0};
size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
if(n_security_rules>0)
{
matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum);
state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum);
}
return state;
@@ -1734,6 +1765,10 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
}
hit_num+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet);
if (a_stream->type == STREAM_TYPE_TCP && a_packet != NULL)
{
tsg_proxy_tcp_options_parse(a_stream, a_packet);
}
state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet);
srt_process_context->deal_pkt_num++;
break;
@@ -1823,6 +1858,11 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
struct maat_rule shaping_results[MAX_RESULT_NUM]={0};
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)(*pme);
if (a_stream->type == STREAM_TYPE_TCP && a_packet != NULL)
{
tsg_proxy_tcp_options_parse(a_stream, a_packet);
}
if(stream_state==OP_STATE_PENDING && srt_action_context->method_type!=TSG_METHOD_TYPE_SHUNT && !(srt_action_context->udp_data_dropme))
{
if(srt_action_context->method_type==TSG_METHOD_TYPE_UNKNOWN)
@@ -1836,7 +1876,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
int hit_num=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, PROTO_UNKONWN, scan_mid, matched_rules, MAX_TSG_ALL_RESULT_NUM);
if(hit_num>0)
{
int security_result_num=tsg_select_matched_security_rules(matched_rules, hit_num, security_results, MAX_RESULT_NUM);
int security_result_num = tsg_select_rules_by_service_id(matched_rules, hit_num, security_results, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
p_result=matched_rules_decision_criteria(security_results, security_result_num);
if(p_result!=NULL)
{
@@ -1855,18 +1895,18 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
}
}
size_t n_shaping_results=tsg_select_matched_shaping_rules(matched_rules, hit_num, shaping_results, MAX_RESULT_NUM);
if(state==APP_STATE_GIVEME && n_shaping_results>0)
{
matched_shaping_rules_deal(a_stream, shaping_results, n_shaping_results, thread_seq);
}
struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0};
size_t n_s_chaining_results=tsg_select_matched_service_chaining_rules(matched_rules, hit_num, s_chaining_result, MAX_RESULT_NUM);
size_t n_s_chaining_results=tsg_select_rules_by_service_id(matched_rules, hit_num, s_chaining_result, MAX_RESULT_NUM, TSG_SERVICE_CHAINING);
if(state==APP_STATE_GIVEME && n_s_chaining_results>0)
{
matched_service_chaining_rules_deal(a_stream, s_chaining_result, n_s_chaining_results, thread_seq);
}
size_t n_shaping_results=tsg_select_rules_by_service_id(matched_rules, hit_num, shaping_results, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
if(state==APP_STATE_GIVEME && n_shaping_results>0)
{
matched_shaping_rules_deal(a_stream, shaping_results, n_shaping_results, thread_seq);
}
}
maat_state_free(scan_mid);
@@ -2078,6 +2118,7 @@ extern "C" int TSG_MASTER_INIT()
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "FEATURE_TAMPER", &g_tsg_para.feature_tamper, 0);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SERVICE_CHAINING_SID", &g_tsg_para.service_chaining_sid, 0);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SHAPING_SID", &g_tsg_para.shaping_sid, 0);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "intercept_sid", &g_tsg_para.intercept_sid, 0);
ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
if(ret<0)

561
src/tsg_proxy.cpp Normal file
View File

@@ -0,0 +1,561 @@
#include <MESA/stream.h>
#include <MESA/MESA_handle_logger.h>
#include "tsg_rule.h"
#include "tsg_variable.h"
#include "tsg_send_log.h"
#include "tsg_sync_state.h"
#include "tsg_proxy.h"
#define DEFAULT_WINSCLE 0
#define DEFAULT_MSS 1460
enum tsg_proxy_ipv4hdr_parse_error{
TSG_PROXY_IPV4HDR_NULL_PACKET = -1,
};
enum tsg_proxy_ipv6hdr_parse_error{
TSG_PROXY_IPV6HDR_NULL_PACKET = -1,
TSG_PROXY_IPV6HDR_NO_TCPHDR = -2,
TSG_PROXY_IPV6HDR_INVALID_TYPE = -3,
};
int tsg_proxy_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo){
if(a_packet == NULL){
return TSG_PROXY_IPV6HDR_NULL_PACKET;
}
pktinfo->addr_type = ADDR_TYPE_IPV6;
pktinfo->iphdr.v6 = (struct ip6_hdr*)a_packet;
pktinfo->ip_totlen = ntohs(pktinfo->iphdr.v6->ip6_ctlun.ip6_un1.ip6_un1_plen) + sizeof(struct ip6_hdr);
uint8_t next_hdr_type = pktinfo->iphdr.v6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
char *next_hdr_ptr = (char*)pktinfo->iphdr.v6 + sizeof(struct ip6_hdr);
int skip_len = 0;
int ret = 0;
while(true){
switch(next_hdr_type)
{
case IPPROTO_TCP:
//parse tcphdr
pktinfo->iphdr_len = next_hdr_ptr - (char*)a_packet;
pktinfo->tcphdr = (struct tcphdr*)next_hdr_ptr;
pktinfo->tcphdr_len = pktinfo->tcphdr->doff * 4;
pktinfo->data = (char*)pktinfo->tcphdr + pktinfo->tcphdr_len;
pktinfo->data_len = pktinfo->ip_totlen - pktinfo->iphdr_len - pktinfo->tcphdr_len;
return 0;
case IPPROTO_HOPOPTS:
case IPPROTO_ROUTING:
case IPPROTO_AH:
case IPPROTO_DSTOPTS:
skip_len = (*(next_hdr_ptr + 1)) * 8 + 8;
next_hdr_type = *next_hdr_ptr;
next_hdr_ptr += skip_len;
break;
case IPPROTO_NONE:
ret = TSG_PROXY_IPV6HDR_NO_TCPHDR;
goto error_out;
default:
ret = TSG_PROXY_IPV6HDR_INVALID_TYPE;
goto error_out;
}
}
error_out:
return ret;
}
int tsg_proxy_ipv4_header_parse(const void *a_packet, struct pkt_info *pktinfo){
if(a_packet == NULL){
return TSG_PROXY_IPV4HDR_NULL_PACKET;
}
pktinfo->addr_type = ADDR_TYPE_IPV4;
pktinfo->iphdr.v4 = (struct iphdr*)a_packet;
pktinfo->iphdr_len = pktinfo->iphdr.v4->ihl * 4;
pktinfo->ip_totlen = ntohs(pktinfo->iphdr.v4->tot_len);
pktinfo->tcphdr = (struct tcphdr*)((char*)pktinfo->iphdr.v4 + pktinfo->iphdr_len);
pktinfo->tcphdr_len = pktinfo->tcphdr->doff * 4;
pktinfo->data = (char*)pktinfo->tcphdr + pktinfo->tcphdr_len;
pktinfo->data_len = pktinfo->ip_totlen - pktinfo->iphdr_len - pktinfo->tcphdr_len;
return 0;
}
static char* tsg_proxy_ipv4_errmsg_get(enum tsg_proxy_ipv4hdr_parse_error _errno){
switch(_errno){
case TSG_PROXY_IPV4HDR_NULL_PACKET:
return (char*)"null packet";
default:
return (char*)"unknown error";
}
}
static char* tsg_proxy_ipv6_errmsg_get(enum tsg_proxy_ipv6hdr_parse_error _errno){
switch(_errno){
case TSG_PROXY_IPV6HDR_NULL_PACKET:
return (char*)"null packet";
case TSG_PROXY_IPV6HDR_NO_TCPHDR:
return (char*)"no tcp header";
case TSG_PROXY_IPV6HDR_INVALID_TYPE:
return (char*)"invalid header type";
default:
return (char*)"unknown error";
}
}
static void tsg_proxy_ip_header_parse(const void *a_packet, enum addr_type_t addr_type, const struct streaminfo *stream, struct pkt_info *pktinfo){
if(addr_type == ADDR_TYPE_IPV6){
int ret = tsg_proxy_ipv6_header_parse(a_packet, pktinfo);
if(ret < 0){
char *errmsg = tsg_proxy_ipv6_errmsg_get((enum tsg_proxy_ipv6hdr_parse_error)ret);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed at parse ipv6 header, errmsg = %s, stream treaceid = %llu", errmsg, tsg_get_stream_trace_id(stream));
pktinfo->parse_failed = 1;
}
}
else{
int ret = tsg_proxy_ipv4_header_parse(a_packet, pktinfo);
if(ret < 0){
char *errmsg = tsg_proxy_ipv4_errmsg_get((enum tsg_proxy_ipv4hdr_parse_error)ret);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed at parse ipv4 header, errmsg = %s, stream treaceid = %llu", errmsg, tsg_get_stream_trace_id(stream));
pktinfo->parse_failed = 1;
}
}
return;
}
static void tsg_proxy_tcpopt_get(struct tsg_proxy_tcp_option *tcp_opt, struct tcphdr* tcphdr,int tcphdr_len)
{
tcp_opt->mss = DEFAULT_MSS;
tcp_opt->wscale = DEFAULT_WINSCLE;
tcp_opt->window = ntohs(tcphdr->window);
const unsigned char *ptr = ((const unsigned char*)tcphdr + 20);
int length = tcphdr_len - 20;
while (length > 0){
int opcode = *ptr++;
int opsize;
switch (opcode){
case TCPOPT_EOL:
return;
case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */
length--;
continue;
default:
opsize = *ptr++;
if (opsize < 2) /* "silly options" */
return;
if (opsize > length)
return; /* don't parse partial options */
switch (opcode){
case TCPOPT_MAXSEG:
if (opsize == TCPOLEN_MAXSEG){
uint16_t in_mss = *(uint16_t *)ptr;
if(in_mss){
tcp_opt->mss = ntohs(in_mss);
}
}
break;
case TCPOPT_WINDOW:
if (opsize == TCPOLEN_WINDOW){
uint8_t snd_wscale = *(uint8_t *)ptr;
// rfc7323 page9: Thus, the shift count MUST be limited to 14 (which allows windows of 2^30 = 1 GiB).
// If a Window Scale option is received with a shift.cnt value larger than 14,
// the TCP SHOULD log the error but MUST use 14 instead of the specified value. */
tcp_opt->wscale = snd_wscale;
if(tcp_opt->wscale > 14){
tcp_opt->wscale = 14;
}
tcp_opt->wscale_set = 1;
//*wscale_perm=1;
}
break;
case TCPOPT_TIMESTAMP:
if (opsize == TCPOLEN_TIMESTAMP){
tcp_opt->ts_set = 1;
tcp_opt->ts_val = *(uint32_t*)ptr;
tcp_opt->ts_ecr = *(uint32_t*)(ptr + 4);
}
break;
case TCPOPT_SACK_PERMITTED:
if (opsize == TCPOLEN_SACK_PERMITTED){
tcp_opt->sack = 1;
}
break;
}
ptr += opsize-2;
length -= opsize;
}
}
return;
}
static int tsg_proxy_rawpkt_info_get(const void *raw_pkt, struct tsg_proxy_tcp_option *tcp_opt, const struct streaminfo *stream)
{
int ret;
struct segment_id_list *sids = NULL;
ret = get_rawpkt_opt_from_streaminfo(stream, RWA_PKT_GET_SID_LIST, &sids);
if (ret != sizeof(struct segment_id_list)) {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get sid list, stream treaceid = %llu, %s", tsg_get_stream_trace_id(stream), printaddr(&stream->addr, stream->threadnum));
return -1;
}
memcpy(&tcp_opt->sid_list, sids, sizeof(struct segment_id_list));
void *route_ctx = NULL;
ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_ROUTE_CTX, &route_ctx);
if (ret < 0) {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get route ctx, stream treaceid = %llu, %s", tsg_get_stream_trace_id(stream), printaddr(&stream->addr, stream->threadnum));
return -1;
}
tcp_opt->route_ctx_len = ret;
memcpy(tcp_opt->route_ctx, route_ctx, ret);
return 0;
}
void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo, const struct streaminfo *stream)
{
const void *raw_pkt = get_rawpkt_from_streaminfo(stream);
if (!raw_pkt) {
return;
}
if (pktinfo->tcphdr->syn && !pktinfo->tcphdr->ack) {
tsg_proxy_rawpkt_info_get(raw_pkt, &tcp_attr->tcp_opt_client, stream);
tsg_proxy_tcpopt_get(&tcp_attr->tcp_opt_client, pktinfo->tcphdr, pktinfo->tcphdr_len);
}
if (pktinfo->tcphdr->syn && pktinfo->tcphdr->ack) {
tsg_proxy_rawpkt_info_get(raw_pkt, &tcp_attr->tcp_opt_server, stream);
tsg_proxy_tcpopt_get(&tcp_attr->tcp_opt_server, pktinfo->tcphdr, pktinfo->tcphdr_len);
}
}
static struct tsg_proxy_tcp_attribute *tsg_proxy_tcp_attribute_get(const struct streaminfo *stream)
{
struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_get(stream);
if (srt_attribute == NULL) {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get session runtime attribute, stream treaceid = %llu", tsg_get_stream_trace_id(stream));
return NULL;
}
if (srt_attribute->proxy_tcp_attr == NULL) {
srt_attribute->proxy_tcp_attr = (struct tsg_proxy_tcp_attribute *)dictator_malloc(stream->threadnum, sizeof(struct tsg_proxy_tcp_attribute));
memset(srt_attribute->proxy_tcp_attr, 0, sizeof(struct tsg_proxy_tcp_attribute));
}
return srt_attribute->proxy_tcp_attr;
}
void tsg_proxy_first_data_process(const struct streaminfo *stream, struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo)
{
struct tsg_proxy_tcp_option tcp_opt;
enum TSG_PROTOCOL tcp_protocol;
const struct session_runtime_process_context *session_context = session_runtime_process_context_get(stream);
memset(&tcp_opt, 0, sizeof(struct tsg_proxy_tcp_option));
tcp_protocol = srt_process_context_get_protocol(session_context);
switch(tcp_protocol)
{
case PROTO_SSL:
tcp_attr->tcp_protocol = 0x1;
break;
case PROTO_SSH:
tcp_attr->tcp_protocol = 0x2;
break;
default:
tcp_attr->tcp_protocol = 0x0;
}
if(tcp_attr->tcp_opt_client.ts_set && tcp_attr->tcp_opt_server.ts_set) {
tsg_proxy_tcpopt_get(&tcp_opt, pktinfo->tcphdr, pktinfo->tcphdr_len);
if(stream->curdir == DIR_C2S){
tcp_attr->tcp_opt_client.ts_val = tcp_opt.ts_val;
tcp_attr->tcp_opt_server.ts_val = tcp_opt.ts_ecr;
} else {
tcp_attr->tcp_opt_client.ts_val = tcp_opt.ts_ecr;
tcp_attr->tcp_opt_server.ts_val = tcp_opt.ts_val;
}
}
tcp_attr->tcp_info_packet_cur_dir = stream->curdir;
if (stream->curdir == DIR_C2S) {
tcp_attr->tcp_seq = pktinfo->tcphdr->seq;
tcp_attr->tcp_ack = pktinfo->tcphdr->ack_seq;
} else {
tcp_attr->tcp_seq = pktinfo->tcphdr->ack_seq;
tcp_attr->tcp_ack = pktinfo->tcphdr->seq;
}
return;
}
void tsg_proxy_tcp_options_parse(const struct streaminfo *stream, const void *a_packet)
{
struct pkt_info pktinfo;
struct tsg_proxy_tcp_attribute *tcp_attr = tsg_proxy_tcp_attribute_get(stream);
if (tcp_attr == NULL) {
return;
}
if (tcp_attr->ignore) {
return;
}
memset(&pktinfo, 0, sizeof(struct pkt_info));
tsg_proxy_ip_header_parse(a_packet, (enum addr_type_t)stream->addr.addrtype, stream, &pktinfo);
if (pktinfo.parse_failed) {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "invalid ip header, bypass pkt");
return;
}
if(stream->ptcpdetail->datalen > 0) {
if (tcp_attr->first_data_pkt_processed) {
struct maat_rule maat_rule;
int rule_num;
rule_num = session_matched_rules_copy(stream, TSG_SERVICE_INTERCEPT, &maat_rule, 1);
if (rule_num == 0) {
tcp_attr->ignore = 1;
}
} else {
tsg_proxy_first_data_process(stream, tcp_attr, &pktinfo);
tcp_attr->first_data_pkt_processed = 1;
}
return;
}
tsg_proxy_tcp_parse(tcp_attr, &pktinfo, stream);
return;
}
static void tsg_proxy_cmsg_subscriber_fill(struct session_runtime_attribute *session_attr, struct proxy_cmsg *cmsg)
{
const char *client_subscribe_id = srt_attribute_get_client_subscriber_id(session_attr);
const char *server_subscribe_id = srt_attribute_get_server_subscriber_id(session_attr);
if (client_subscribe_id) {
cmsg->src_sub_id = (char *)client_subscribe_id;
}
if (server_subscribe_id) {
cmsg->dst_sub_id = (char *)server_subscribe_id;
}
return;
}
static void tsg_proxy_cmsg_asn_fill(struct session_runtime_attribute *session_attr, struct proxy_cmsg *cmsg)
{
const struct asn_info *client_asn = srt_attribute_get_client_ip_asn(session_attr);
const struct asn_info *server_asn = srt_attribute_get_server_ip_asn(session_attr);
if (client_asn) {
if (client_asn->asn_id) {
cmsg->src_asn = client_asn->asn_id;
}
if (client_asn->organization) {
cmsg->src_organization = client_asn->organization;
}
}
if (server_asn) {
if (server_asn->asn_id) {
cmsg->dst_asn = server_asn->asn_id;
}
if (server_asn->organization) {
cmsg->dst_organization = server_asn->organization;
}
}
return;
}
static void tsg_proxy_cmsg_ip_location_fill(struct session_runtime_attribute *session_attr, struct proxy_cmsg *cmsg)
{
const struct location_info *client_location = srt_attribute_get_client_ip_location(session_attr);
const struct location_info *server_location = srt_attribute_get_server_ip_location(session_attr);
if (client_location) {
if (client_location->country_full) {
cmsg->src_ip_location_country = client_location->country_full;
}
if (client_location->province_full) {
cmsg->src_ip_location_provine = client_location->province_full;
}
if (client_location->city_full) {
cmsg->src_ip_location_city = client_location->city_full;
}
if (client_location->subdivision_addr) {
cmsg->src_ip_location_subdivision = client_location->subdivision_addr;
}
}
if (server_location) {
if (server_location->country_full) {
cmsg->dst_ip_location_country = server_location->country_full;
}
if (server_location->province_full) {
cmsg->dst_ip_location_provine = server_location->province_full;
}
if (server_location->city_full) {
cmsg->dst_ip_location_city = server_location->city_full;
}
if (server_location->subdivision_addr) {
cmsg->dst_ip_location_subdivision = server_location->subdivision_addr;
}
}
return;
}
static void tsg_proxy_cmsg_ja3_fingerprint_fill(struct session_runtime_attribute *session_attr, struct proxy_cmsg *cmsg)
{
const char *ja3_fingerprint = srt_attribute_get_ja3_fingerprint(session_attr);
if (ja3_fingerprint) {
cmsg->ssl_client_ja3_fingerprint = (char *)ja3_fingerprint;
}
return;
}
static void tsg_proxy_cmsg_fqdn_category_fill(struct session_runtime_attribute *session_attr, struct proxy_cmsg *cmsg)
{
size_t n_category_ids = 0;
uint32_t category_ids[8] = {0};
struct cmsg_int32_array *fqdn_cat_ids = &cmsg->fqdn_cat_id_val;
n_category_ids = srt_attribute_get_category_ids(session_attr, category_ids, sizeof(category_ids)/sizeof(category_ids[0]));
if (n_category_ids > 0 && n_category_ids <= 8) {
fqdn_cat_ids->num = n_category_ids;
for (unsigned int i = 0; i < n_category_ids; i++) {
fqdn_cat_ids->value[i] = category_ids[i];
}
}
return;
}
static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, struct proxy_cmsg *cmsg, const struct streaminfo *stream)
{
struct tsg_proxy_tcp_option *client = &tcp_attr->tcp_opt_client;
struct tsg_proxy_tcp_option *server = &tcp_attr->tcp_opt_server;
char client_sids_str[128] = {0};
char server_sids_str[128] = {0};
char temp[10] = {0};
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PROXY", "dump tcp attribute for stream %s, session_id %llu",
printaddr(&stream->addr, stream->threadnum), tsg_get_stream_trace_id(stream));
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PROXY", "tcp_seq %u, tcp_ack %u, tcp_protocol %u, tcp_info_packet_cur_dir %u\n"\
"client mss %u, client wscale_set %u, client wscale %u, client sack %u, client ts_set %u, client ts_val %u, client window %u"\
"server mss %u, server wscale_set %u, server wscale %u, server sack %u, server ts_set %u, server ts_val %u, server window %u",
tcp_attr->tcp_seq, tcp_attr->tcp_ack, tcp_attr->tcp_protocol, tcp_attr->tcp_info_packet_cur_dir,
client->mss, client->wscale_set, client->wscale, client->sack, client->ts_set, client->ts_val, client->window,
server->mss, server->wscale_set, server->wscale, server->sack, server->ts_set, server->ts_val, server->window);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PROXY", "tcp_seq_route_ctx len %u, tcp_ack_route_ctx len %u\n", client->route_ctx_len, server->route_ctx_len);
for (unsigned int i = 0; i < client->sid_list.sz_sidlist; i++) {
snprintf(temp, sizeof(temp), "%u", client->sid_list.sid_list[i]);
strcat(client_sids_str, temp);
strcat(client_sids_str, ",");
}
for (unsigned int i = 0; i < server->sid_list.sz_sidlist; i++) {
snprintf(temp, sizeof(temp), "%u", server->sid_list.sid_list[i]);
strcat(server_sids_str, temp);
strcat(server_sids_str, ",");
}
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PROXY", "tcp_seq_sids num %u, tcp_seq_sids value: %s, tcp_ack_sids num %u, tcp_seq_sids value: %s",
client->sid_list.sz_sidlist, client_sids_str, server->sid_list.sz_sidlist, server_sids_str);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "proxy", "client subscribe id: %s\n"\
"server subscribe id: %s\n"\
"client asn: %s\n"\
"server asn: %s\n"\
"client orgnization: %s\n"\
"server orgnization: %s\n"\
"client ip country: %s\n"\
"server ip country: %s\n"\
"client ip province: %s\n"\
"server ip province: %s\n"\
"client ip city: %s\n"\
"server ip city: %s\n"\
"client ip subdevision: %s\n"\
"server ip subdevision: %s\n"\
"ssl ja3 fingerprint:%s\n",
cmsg->src_sub_id,
cmsg->dst_sub_id,
cmsg->src_asn,
cmsg->dst_asn,
cmsg->src_organization,
cmsg->dst_organization,
cmsg->src_ip_location_country,
cmsg->dst_ip_location_country,
cmsg->src_ip_location_provine,
cmsg->dst_ip_location_provine,
cmsg->src_ip_location_city,
cmsg->dst_ip_location_city,
cmsg->src_ip_location_subdivision,
cmsg->dst_ip_location_subdivision,
cmsg->ssl_client_ja3_fingerprint);
return;
}
void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy)
{
struct proxy_cmsg *cmsg = &policy->cmsg;
struct tsg_proxy_tcp_attribute *tcp_attr = tsg_proxy_tcp_attribute_get(stream);
struct session_runtime_attribute *session_attr = (struct session_runtime_attribute *)session_runtime_attribute_get(stream);
if (session_attr == NULL || tcp_attr == NULL) {
return;
}
struct tsg_proxy_tcp_option *client = &tcp_attr->tcp_opt_client;
struct tsg_proxy_tcp_option *server = &tcp_attr->tcp_opt_server;
cmsg->tcp_seq = tcp_attr->tcp_seq;
cmsg->tcp_ack = tcp_attr->tcp_ack;
cmsg->tcp_protocol = tcp_attr->tcp_protocol;
cmsg->tcp_info_packet_cur_dir = tcp_attr->tcp_info_packet_cur_dir;
cmsg->tcp_mss_client = client->mss;
cmsg->tcp_sack_client = client->sack;
cmsg->tcp_ts_client = client->ts_set;
cmsg->tcp_window_client = client->window;
cmsg->tcp_ts_client_val = client->ts_val;
cmsg->tcp_seq_route_ctx.num = client->route_ctx_len;
memcpy(cmsg->tcp_seq_route_ctx.value, client->route_ctx, client->route_ctx_len);
cmsg->tcp_seq_sids.num = client->sid_list.sz_sidlist;
for (unsigned int i = 0; i < client->sid_list.sz_sidlist; i++) {
cmsg->tcp_seq_sids.value[i] = client->sid_list.sid_list[i];
}
cmsg->tcp_mss_server = server->mss;
cmsg->tcp_sack_server = server->sack;
cmsg->tcp_ts_server = server->ts_set;
cmsg->tcp_window_server = server->window;
cmsg->tcp_ts_server_val = server->ts_val;
cmsg->tcp_ack_route_ctx.num = server->route_ctx_len;
memcpy(cmsg->tcp_ack_route_ctx.value, server->route_ctx, server->route_ctx_len);
cmsg->tcp_ack_sids.num = server->sid_list.sz_sidlist;
for (unsigned int i = 0; i < server->sid_list.sz_sidlist; i++) {
cmsg->tcp_ack_sids.value[i] = server->sid_list.sid_list[i];
}
if (client->wscale_set && server->wscale_set) {
cmsg->tcp_wsacle_exist = 1;
cmsg->tcp_wsacle_client = client->wscale;
cmsg->tcp_wsacle_server = server->wscale;
}
tsg_proxy_cmsg_subscriber_fill(session_attr, cmsg);
tsg_proxy_cmsg_asn_fill(session_attr, cmsg);
tsg_proxy_cmsg_ip_location_fill(session_attr, cmsg);
tsg_proxy_cmsg_ja3_fingerprint_fill(session_attr, cmsg);
tsg_proxy_cmsg_fqdn_category_fill(session_attr, cmsg);
tsg_proxy_tcp_attribute_dump(tcp_attr, cmsg, stream);
return;
}

53
src/tsg_proxy.h Normal file
View File

@@ -0,0 +1,53 @@
#pragma once
#include <MESA/stream.h>
struct tsg_proxy_tcp_option
{
uint16_t mss;
uint8_t wscale_set;
uint8_t wscale;
uint8_t sack;
uint8_t ts_set;
uint32_t ts_val;
uint32_t ts_ecr;
uint16_t window;
uint8_t route_ctx_len;
uint8_t route_ctx[64];//route_ctx is contiguous memory
struct segment_id_list sid_list;
};
struct tsg_proxy_tcp_attribute
{
uint8_t first_data_pkt_processed;
uint8_t ignore;
uint32_t tcp_seq;
uint32_t tcp_ack;
uint8_t tcp_protocol;
uint8_t tcp_info_packet_cur_dir;
struct tsg_proxy_tcp_option tcp_opt_client;
struct tsg_proxy_tcp_option tcp_opt_server;
};
struct pkt_info{
addr_type_t addr_type;
union{
struct iphdr *v4;
struct ip6_hdr *v6;
}iphdr;
uint16_t iphdr_len;
uint16_t ip_totlen;
struct tcphdr *tcphdr;
uint16_t tcphdr_len;
char *data;
uint16_t data_len;
int parse_failed;
};
int tsg_proxy_ipv4_header_parse(const void *a_packet, struct pkt_info *pktinfo);
int tsg_proxy_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo);
void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo, const struct streaminfo *pstream);
void tsg_proxy_first_data_process(const struct streaminfo *stream, struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo);
void tsg_proxy_tcp_options_parse(const struct streaminfo *stream, const void *a_packet);
void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy);

17
src/tsg_rule.cpp
View File

@@ -3075,7 +3075,7 @@ size_t tsg_matched_rules_select(struct maat *feather, TSG_SERVICE service, long
return offset;
}
size_t tm_select_result_by_service_id(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules, enum TSG_SERVICE service_id)
size_t tsg_select_rules_by_service_id(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules, enum TSG_SERVICE service_id)
{
size_t offset=0;
for(size_t i=0; i<n_matched_rules; i++)
@@ -3089,21 +3089,6 @@ size_t tm_select_result_by_service_id(struct maat_rule *matched_rules, size_t n_
return offset;
}
size_t tsg_select_matched_security_rules(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules)
{
return tm_select_result_by_service_id(matched_rules, n_matched_rules, rules, n_rules, TSG_SERVICE_SECURITY);
}
size_t tsg_select_matched_shaping_rules(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules)
{
return tm_select_result_by_service_id(matched_rules, n_matched_rules, rules, n_rules, TSG_SERVICE_SHAPING);
}
size_t tsg_select_matched_service_chaining_rules(struct maat_rule *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules)
{
return tm_select_result_by_service_id(matched_rules, n_matched_rules, rules, n_rules, TSG_SERVICE_CHAINING);
}
int tsg_table_idx_get_by_protocol(TSG_PROTOCOL proto)
{
switch(proto)

5
src/tsg_rule_internal.h
View File

@@ -168,8 +168,3 @@ int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat
struct maat_rule *tsg_select_deny_rule(struct maat_rule *rules, size_t n_rules);
struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, long long teid);
size_t tsg_select_matched_security_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_matched_shaping_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_matched_service_chaining_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);

2
src/tsg_send_log.cpp
View File

@@ -2111,8 +2111,8 @@ int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_han
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(rules[i].rule_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(rules[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)rules[i].action), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)rules[i].vsys_id, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)(rules[i].action), TLD_TYPE_LONG);
set_policy_action_para_exec_result(_instance, _handle, a_stream, &(rules[i]));

338
src/tsg_sync_state.cpp
View File

@@ -2,53 +2,50 @@
#include <stdlib.h>
#include <string.h>
#include <MESA/cJSON.h>
#include <MESA/MESA_handle_logger.h>
#include "tsg_variable.h"
#include "tsg_sync_state.h"
#include "tsg_send_log.h"
#include "mpack.h"
// i don't need this
int set_exec_profile_ids(const struct streaminfo *a_stream, struct parse_handle *p);
const char *policy_key[ POLICY_UPDATE_MAX] =
const char *policy_key[POLICY_UPDATE_MAX] = {"sce", "shaper", "proxy"};
char *mpack_data = NULL;
size_t mpack_size = 0;
static int tsg_mpack_init_map(const struct streaminfo *a_stream, mpack_writer_t *writer, const char *state)
{
"service_chaining",
"shaping",
};
mpack_writer_init_growable(writer, &mpack_data, &mpack_size);
mpack_build_map(writer);
static int tsg_send_ctrl_pkt(const struct streaminfo *a_stream, cJSON *object)
// tsync : 2.0
mpack_write_cstr(writer, "tsync");
mpack_write_cstr(writer, "2.0");
// session_id
mpack_write_cstr(writer, "session_id");
mpack_write_u64(writer, tsg_get_stream_trace_id((struct streaminfo *)a_stream));
// state
mpack_write_cstr(writer, "state");
mpack_write_cstr(writer, state);
return 0;
}
static int tsg_mpack_send_pkt(const struct streaminfo *a_stream, mpack_writer_t *writer)
{
if (object == NULL)
mpack_complete_map(writer); // tsg_mpack_init_map
if (mpack_writer_destroy(writer) != mpack_ok)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "MPACK_WRITER", "An error occurred encoding the data!");
return -1;
}
char *payload = NULL;
uint64_t session_id = tsg_get_stream_trace_id((struct streaminfo *)a_stream);
// tsg_get_stream_trace_id maybe return -1
if (session_id && session_id != (uint64_t)-1)
{
char trace_id[128]={0};
snprintf(trace_id, sizeof(trace_id), "%lu", session_id);
cJSON_AddStringToObject(object, "session_id", trace_id);
}
cJSON_AddStringToObject(object, "tsync", "1.0");
payload = cJSON_PrintUnformatted(object);
if (payload == NULL)
{
cJSON_Delete(object);
return -1;
}
// send//
sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, payload, strlen(payload)+1, a_stream->routedir);
cJSON_free(payload);
cJSON_Delete(object);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "MSGPACK_PROXY_BUFF", "send buff_len = %lu", mpack_size);
sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, mpack_data, mpack_size, a_stream->routedir);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
return 0;
}
@@ -59,23 +56,21 @@ int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char stat
return -1;
}
cJSON *object = cJSON_CreateObject();
if (state== OP_STATE_PENDING)
mpack_writer_t writer;
if (state == OP_STATE_PENDING)
{
cJSON_AddStringToObject(object, "state", "opening");
tsg_mpack_init_map(a_stream, &writer, "opening");
}
else if (state == OP_STATE_CLOSE)
else if (state == OP_STATE_CLOSE)
{
cJSON_AddStringToObject(object, "state", "closing");
tsg_mpack_init_map(a_stream, &writer, "closing");
}
else
{
cJSON_Delete(object);
return -1;
}
return tsg_send_ctrl_pkt(a_stream, object);
return tsg_mpack_send_pkt(a_stream, &writer);
}
int tsg_sync_resetall_state(const struct streaminfo *a_stream)
@@ -85,93 +80,211 @@ int tsg_sync_resetall_state(const struct streaminfo *a_stream)
return -1;
}
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "resetall");
mpack_writer_t writer;
tsg_mpack_init_map(a_stream, &writer, "resetall");
return tsg_send_ctrl_pkt(a_stream, object);
return tsg_mpack_send_pkt(a_stream, &writer);
}
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num)
static void tsg_mpack_append_str(mpack_writer_t *writer, char *str)
{
if (a_stream == NULL || policy_array == NULL || policy_array_num > (int) POLICY_UPDATE_MAX || policy_array_num <= 0)
if (str)
{
return -1;
mpack_write_cstr(writer, str);
}
else
{
mpack_write_nil(writer);
}
cJSON *params_object = NULL;
cJSON *policy_arr = NULL;
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "active");
cJSON_AddStringToObject(object, "method", "policy_update");
params_object = cJSON_AddObjectToObject(object, "params");
for (int i = 0; i < policy_array_num; i++)
{
int tmp_ids[8]={0};
int n_tmp_ids=MIN(policy_array[i].n_ids, 8);
for(int j=0; j<n_tmp_ids; j++)
{
tmp_ids[j]=(int)(policy_array[i].ids[j]);
}
policy_arr = cJSON_CreateIntArray(tmp_ids, n_tmp_ids);
if (policy_arr == NULL || policy_array[i].type >= POLICY_UPDATE_MAX)
{
cJSON_Delete(object);
return -1;
}
cJSON_AddItemToObject(params_object, policy_key[policy_array[i].type], policy_arr);
policy_arr = NULL;
}
return tsg_send_ctrl_pkt(a_stream, object);
return;
}
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len)
static void tsg_mpack_append_array_u32(mpack_writer_t *writer, struct cmsg_int32_array *array)
{
if (a_stream == NULL || payload == NULL || payload_len == 0)
if (array->num > 0)
{
mpack_build_array(writer);
for (size_t i = 0; i < array->num; i++)
{
mpack_write_u32(writer, array->value[i]);
}
mpack_complete_array(writer);
}
else
{
mpack_write_nil(writer);
}
return;
}
static void tsg_mpack_append_array_u16(mpack_writer_t *writer, struct cmsg_int16_array *array)
{
if (array->num > 0)
{
mpack_build_array(writer);
for (size_t i = 0; i < array->num; i++)
{
mpack_write_u16(writer, array->value[i]);
}
mpack_complete_array(writer);
}
else
{
mpack_write_nil(writer);
}
return;
}
static void tsg_mpack_append_array_u8(mpack_writer_t *writer, struct cmsg_int8_array *array)
{
if (array->num > 0)
{
mpack_build_array(writer);
for (size_t i = 0; i < array->num; i++)
{
mpack_write_u8(writer, array->value[i]);
}
mpack_complete_array(writer);
}
else
{
mpack_write_nil(writer);
}
return;
}
static void tsg_mpack_append_cmsg_value(mpack_writer_t *writer, struct proxy_cmsg *cmsg)
{
if (cmsg == NULL)
{
mpack_write_nil(writer);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "MSGPACK_PROXY", "No cmsg!");
}
else
{
mpack_build_array(writer); // array
mpack_write_u32(writer, cmsg->tcp_seq);
mpack_write_u32(writer, cmsg->tcp_ack);
mpack_write_u16(writer, cmsg->tcp_mss_client);
mpack_write_u16(writer, cmsg->tcp_mss_server);
if (cmsg->tcp_wsacle_exist == 1)
{
mpack_write_u8(writer, cmsg->tcp_wsacle_client);
mpack_write_u8(writer, cmsg->tcp_wsacle_server);
}
else
{
mpack_write_nil(writer);
mpack_write_nil(writer);
}
mpack_write_u8(writer, cmsg->tcp_sack_client);
mpack_write_u8(writer, cmsg->tcp_sack_server);
mpack_write_u8(writer, cmsg->tcp_ts_client);
mpack_write_u8(writer, cmsg->tcp_ts_server);
mpack_write_u8(writer, cmsg->tcp_protocol);
mpack_write_u16(writer, cmsg->tcp_window_client);
mpack_write_u16(writer, cmsg->tcp_window_server);
mpack_write_u32(writer, cmsg->tcp_ts_client_val);
mpack_write_u32(writer, cmsg->tcp_ts_server_val);
mpack_write_u8(writer, cmsg->tcp_info_packet_cur_dir);
tsg_mpack_append_str(writer, cmsg->src_sub_id);
tsg_mpack_append_str(writer, cmsg->dst_sub_id);
tsg_mpack_append_str(writer, cmsg->src_asn);
tsg_mpack_append_str(writer, cmsg->dst_asn);
tsg_mpack_append_str(writer, cmsg->src_organization);
tsg_mpack_append_str(writer, cmsg->dst_organization);
tsg_mpack_append_str(writer, cmsg->src_ip_location_country);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_country);
tsg_mpack_append_str(writer, cmsg->src_ip_location_provine);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_provine);
tsg_mpack_append_str(writer, cmsg->src_ip_location_city);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_city);
tsg_mpack_append_str(writer, cmsg->src_ip_location_subdivision);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_subdivision);
tsg_mpack_append_str(writer, cmsg->ssl_client_ja3_fingerprint);
// fqdn_cat_id_val
tsg_mpack_append_array_u32(writer, &cmsg->fqdn_cat_id_val);
// tcp_seq_sids
tsg_mpack_append_array_u16(writer, &cmsg->tcp_seq_sids);
// tcp_ack_sids
tsg_mpack_append_array_u16(writer, &cmsg->tcp_ack_sids);
// tcp_seq_route_ctx
tsg_mpack_append_array_u8(writer, &cmsg->tcp_seq_route_ctx);
// tcp_ack_route_ctx
tsg_mpack_append_array_u8(writer, &cmsg->tcp_ack_route_ctx);
mpack_complete_array(writer); // array
}
return;
}
static void tsg_mpack_append_update_policy(mpack_writer_t *writer, struct update_policy *policy_update, enum policy_type type)
{
mpack_write_cstr(writer, policy_key[type]);
mpack_build_map(writer); // update_policy_type
mpack_write_cstr(writer, "rule_ids");
if (policy_update->n_ids > 0)
{
mpack_build_array(writer); // rule_ids
for (int i = 0; i < policy_update->n_ids; i++)
{
mpack_write_i64(writer, policy_update->ids[i]);
}
mpack_complete_array(writer); // rule_ids
}
else
{
mpack_write_nil(writer);
}
if (type == POLICY_UPDATE_INTERCEPT)
{
mpack_write_cstr(writer, "tcp_handshake");
tsg_mpack_append_cmsg_value(writer, &policy_update->cmsg);
}
mpack_complete_map(writer); // update_policy_type
return;
}
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_update, size_t n_policy_update)
{
if (a_stream == NULL || policy_update == NULL || policy_update->type >= POLICY_UPDATE_MAX || n_policy_update == 0)
{
return -1;
}
char *state = NULL;
char *method = NULL;
char *tsync = NULL;
cJSON *params_object = NULL;
cJSON *sf_ids_array = NULL;
struct parse_handle result = {0};
mpack_writer_t writer;
cJSON *object = cJSON_Parse((char *)payload);
if (object == NULL)
tsg_mpack_init_map((struct streaminfo *)a_stream, &writer, "active");
// method: policy_update
mpack_write_cstr(&writer, "method");
mpack_write_cstr(&writer, "policy_update");
// params
mpack_write_cstr(&writer, "params");
mpack_build_map(&writer);
for (int i = 0; i < (int)n_policy_update; i++)
{
return -1;
}
tsync = cJSON_GetObjectItem(object, "tsync")->valuestring;
memcpy(result.tsync, tsync, strlen(tsync));
//result.session_id = (uint64_t)atoll(cJSON_GetObjectItem(object, "session_id")->string);
state = cJSON_GetObjectItem(object, "state")->valuestring;
memcpy(result.state, state, strlen(state));
method = cJSON_GetObjectItem(object, "method")->valuestring;
memcpy(result.method, method, strlen(method));
params_object = cJSON_GetObjectItem(object, "params");
sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids");
result.sf_ids.n_ids = cJSON_GetArraySize(sf_ids_array);
for (int i = 0; i < result.sf_ids.n_ids; i ++)
{
result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint;
tsg_mpack_append_update_policy(&writer, &policy_update[i], policy_update[i].type);
}
mpack_complete_map(&writer); // params
//set_exec_profile_ids(a_stream, &result);
cJSON_Delete(object);
return 0;
return tsg_mpack_send_pkt(a_stream, &writer);
}
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state)
@@ -185,4 +298,3 @@ int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char stat
return 0;
}

84
src/tsg_sync_state.h
View File

@@ -5,33 +5,83 @@
enum policy_type
{
POLICY_UPDATE_SERVICE_CHAINING = 0,
POLICY_UPDATE_SERVICE_CHAINING = 0,
POLICY_UPDATE_SHAPING,
POLICY_UPDATE_INTERCEPT,
POLICY_UPDATE_MAX
};
struct cmsg_int32_array
{
size_t num;
uint32_t value[8];
};
struct cmsg_int16_array
{
size_t num;
uint16_t value[8];
};
struct cmsg_int8_array
{
size_t num;
uint8_t value[64];
};
struct proxy_cmsg
{
uint32_t tcp_seq;
uint32_t tcp_ack;
uint16_t tcp_mss_client;
uint16_t tcp_mss_server;
uint8_t tcp_wsacle_exist;
uint8_t tcp_wsacle_client;
uint8_t tcp_wsacle_server;
uint8_t tcp_sack_client;
uint8_t tcp_sack_server;
uint8_t tcp_ts_client;
uint8_t tcp_ts_server;
uint8_t tcp_protocol;
uint16_t tcp_window_client;
uint16_t tcp_window_server;
uint32_t tcp_ts_client_val;
uint32_t tcp_ts_server_val;
uint8_t tcp_info_packet_cur_dir;
char *src_sub_id;
char *dst_sub_id;
char *src_asn;
char *dst_asn;
char *src_organization;
char *dst_organization;
char *src_ip_location_country;
char *dst_ip_location_country;
char *src_ip_location_provine;
char *dst_ip_location_provine;
char *src_ip_location_city;
char *dst_ip_location_city;
char *src_ip_location_subdivision;
char *dst_ip_location_subdivision;
char *ssl_client_ja3_fingerprint;
struct cmsg_int32_array fqdn_cat_id_val;
struct cmsg_int16_array tcp_seq_sids;
struct cmsg_int16_array tcp_ack_sids;
struct cmsg_int8_array tcp_seq_route_ctx;
struct cmsg_int8_array tcp_ack_route_ctx;
};
struct update_policy
{
enum policy_type type;
int n_ids;
long long ids[8];
};
// i don't need this
struct parse_handle
{
char tsync[8];
uint64_t session_id;
char state[8];
char method[16];
struct update_policy sf_ids;
enum policy_type type;
int n_ids;
long long ids[8];
struct proxy_cmsg cmsg;
};
int tsg_sync_resetall_state(const struct streaminfo *a_stream);
int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num);
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len);
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_update, size_t n_policy_update);
// int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len);

1
src/tsg_variable.h
View File

@@ -127,6 +127,7 @@ struct tsg_rt_para
int feature_tamper;
int service_chaining_sid;
int shaping_sid;
int intercept_sid;
int send_resetall;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;

BIN
test/pcap/ipv4_ssl_handshake.pcapng Normal file
View File

Binary file not shown.

BIN
test/pcap/ipv6_ssl_handshake.pcapng Normal file
View File

Binary file not shown.

12
test/src/CMakeLists.txt
View File

@@ -37,13 +37,19 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp
${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp
${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp
${PROJECT_SOURCE_DIR}/src/tsg_protocol.cpp
${PROJECT_SOURCE_DIR}/src/tsg_proxy.cpp
)
add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp)
add_executable(gtest_master ${TSG_MASTER_SRC} ${PROJECT_SOURCE_DIR}/src/mpack.c gtest_kafka.cpp gtest_common.cpp gtest_master.cpp)
target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable fieldstat3)
add_executable(gtest_sync_session_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp gtest_common.cpp gtest_session_state.cpp)
target_link_libraries(gtest_sync_session_state gtest-static cjson ctemplate-static)
add_executable(gtest_sync_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp ${PROJECT_SOURCE_DIR}/src/mpack.c gtest_common.cpp gtest_sync_state.cpp)
target_link_libraries(gtest_sync_state gtest-static cjson ctemplate-static MESA_handle_logger)
add_executable(gtest_fieldstat3 ${PROJECT_SOURCE_DIR}/src/tsg_statistic.cpp gtest_common.cpp gtest_fieldstat3.cpp)
target_link_libraries(gtest_fieldstat3 gtest-static ctemplate-static MESA_field_stat2 fieldstat3 MESA_prof_load MESA_handle_logger)
add_executable(gtest_proxy ${TSG_MASTER_SRC} ${PROJECT_SOURCE_DIR}/src/mpack.c gtest_common.cpp gtest_proxy.cpp)
target_link_libraries(gtest_proxy gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 rdkafka MESA_htable fieldstat3 pcap)
file(COPY ../pcap/ DESTINATION ./pcap/)

2
test/src/gtest_bridge.cpp
View File

@@ -76,7 +76,7 @@ int session_flags_identify_result_cb(const struct streaminfo * a_stream, int bri
return 0;
}
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num)
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_update)
{
return 0;
}

20
test/src/gtest_common.cpp
View File

@@ -42,11 +42,11 @@ int sapp_inject_pkt(struct streaminfo * stream, enum sapp_inject_opt sio, const
int sapp_inject_ctrl_pkt(struct streaminfo * stream, enum sapp_inject_opt sio, const void * payload, int payload_len, unsigned char snd_routedir)
{
memset(&ctrl_pkt, 0, 1024);
memcpy(ctrl_pkt.buf, payload, payload_len);
ctrl_pkt.len = payload_len;
memset(&ctrl_pkt, 0, 1050);
memcpy(ctrl_pkt.buf, payload, payload_len);
ctrl_pkt.len = payload_len;
return 0;
return 0;
}
int get_ctrl_pkt(char *buf, int len)
@@ -113,6 +113,18 @@ int MESA_get_stream_opt(const struct streaminfo * pstream, enum MESA_stream_opt
return 0;
}
const void *get_rawpkt_from_streaminfo(const struct streaminfo *pstream)
{
return (void*)1;
}
int get_opt_from_rawpkt(const void *rawpkt, int type, void *out_value)
{
if (type > RWA_PKT_GET_SID_LIST) {
return -1;
}
return 0;
}
int sapp_get_platform_opt(enum sapp_platform_opt opt, void * opt_val, int * opt_val_len)
{

140
test/src/gtest_proxy.cpp Normal file
View File

@@ -0,0 +1,140 @@
#include <linux/if_ether.h>
#include <netinet/ip6.h>
#include <pcap.h>
#include <gtest/gtest.h>
#include <pcap/pcap.h>
#include <netinet/ip.h>
#include "tsg_proxy.h"
TEST(IPV4, tcp_opt_parse)
{
struct pkt_info pktinfo;
struct tsg_proxy_tcp_attribute tcp_attr;
pcap_t *pcap_file_fd = NULL;
struct pcap_pkthdr *header; // pcap报文头部结构
const u_char *packet; // 报文数据指针
struct iphdr *ip; // ip头部结构
struct streaminfo stream;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_file_fd = pcap_open_offline("pcap/ipv4_ssl_handshake.pcapng", errbuf);
ASSERT_TRUE(pcap_file_fd != NULL);
//syn
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip = (struct iphdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv4_header_parse((void *)ip, &pktinfo);
tsg_proxy_tcp_parse(&tcp_attr, &pktinfo, &stream);
ASSERT_EQ(tcp_attr.tcp_opt_client.mss, 1460);
ASSERT_EQ(tcp_attr.tcp_opt_client.wscale_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_client.wscale, 8);
ASSERT_EQ(tcp_attr.tcp_opt_client.sack, 1);
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_val, ntohl(619788329));
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_ecr, 0);
ASSERT_EQ(tcp_attr.tcp_opt_client.window, 64240);
//syn&ack
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip = (struct iphdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv4_header_parse((void *)ip, &pktinfo);
tsg_proxy_tcp_parse(&tcp_attr, &pktinfo, &stream);
ASSERT_EQ(tcp_attr.tcp_opt_server.mss, 1460);
ASSERT_EQ(tcp_attr.tcp_opt_server.wscale_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_server.wscale, 8);
ASSERT_EQ(tcp_attr.tcp_opt_server.sack, 1);
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_val, ntohl(201296612));
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_ecr, ntohl(619788329));
ASSERT_EQ(tcp_attr.tcp_opt_server.window, 65535);
//ack
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip = (struct iphdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv4_header_parse((void *)ip, &pktinfo);
tsg_proxy_tcp_parse(&tcp_attr, &pktinfo, &stream);
//first data pkt
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip = (struct iphdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv4_header_parse((void *)ip, &pktinfo);
stream.curdir = DIR_C2S;
tsg_proxy_first_data_process(&stream, &tcp_attr, &pktinfo);
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_val, ntohl(619788360));
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_val, ntohl(201296612));
ASSERT_EQ(tcp_attr.tcp_seq, ntohl(265573753));
ASSERT_EQ(tcp_attr.tcp_ack, ntohl(2286004672));
ASSERT_EQ(tcp_attr.tcp_info_packet_cur_dir, DIR_C2S);
pcap_close(pcap_file_fd);
}
TEST(IPV6, tcp_opt_parse)
{
struct pkt_info pktinfo;
struct tsg_proxy_tcp_attribute tcp_attr;
pcap_t *pcap_file_fd = NULL;
struct pcap_pkthdr *header; // pcap报文头部结构
const u_char *packet; // 报文数据指针
struct ip6_hdr *ip6; // ip头部结构
struct streaminfo stream;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_file_fd = pcap_open_offline("pcap/ipv6_ssl_handshake.pcapng", errbuf);
ASSERT_TRUE(pcap_file_fd != NULL);
//syn
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip6 = (struct ip6_hdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv6_header_parse((void *)ip6, &pktinfo);
tsg_proxy_tcp_parse(&tcp_attr, &pktinfo, &stream);
ASSERT_EQ(tcp_attr.tcp_opt_client.mss, 1440);
ASSERT_EQ(tcp_attr.tcp_opt_client.wscale_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_client.wscale, 8);
ASSERT_EQ(tcp_attr.tcp_opt_client.sack, 1);
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_val, ntohl(619788492));
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_ecr, 0);
ASSERT_EQ(tcp_attr.tcp_opt_client.window, 64800);
//syn&ack
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip6 = (struct ip6_hdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv6_header_parse((void *)ip6, &pktinfo);
tsg_proxy_tcp_parse(&tcp_attr, &pktinfo, &stream);
ASSERT_EQ(tcp_attr.tcp_opt_server.mss, 1440);
ASSERT_EQ(tcp_attr.tcp_opt_server.wscale_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_server.wscale, 8);
ASSERT_EQ(tcp_attr.tcp_opt_server.sack, 1);
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_set, 1);
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_val, ntohl(1014079587));
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_ecr, ntohl(619788492));
ASSERT_EQ(tcp_attr.tcp_opt_server.window, 65535);
//ack
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip6 = (struct ip6_hdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv6_header_parse((void *)ip6, &pktinfo);
tsg_proxy_tcp_parse(&tcp_attr, &pktinfo, &stream);
//first data pkt
ASSERT_TRUE(pcap_next_ex(pcap_file_fd, &header, &packet) >= 0);
ip6 = (struct ip6_hdr*) (packet + sizeof(struct ethhdr));
tsg_proxy_ipv6_header_parse((void *)ip6, &pktinfo);
stream.curdir = DIR_C2S;
tsg_proxy_first_data_process(&stream, &tcp_attr, &pktinfo);
ASSERT_EQ(tcp_attr.tcp_opt_client.ts_val, ntohl(619788540));
ASSERT_EQ(tcp_attr.tcp_opt_server.ts_val, ntohl(1014079587));
ASSERT_EQ(tcp_attr.tcp_seq, ntohl(625826589));
ASSERT_EQ(tcp_attr.tcp_ack, ntohl(64211095));
ASSERT_EQ(tcp_attr.tcp_info_packet_cur_dir, DIR_C2S);
pcap_close(pcap_file_fd);
}
int main(int argc, char *argv[])
{
testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

186
test/src/gtest_session_state.cpp
View File

@@ -1,186 +0,0 @@
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <gtest/gtest.h>
#include <MESA/cJSON.h>
#include "tsg_sync_state.h"
extern int get_ctrl_pkt(char *buf, int len);
struct parse_handle test_handle;
unsigned long long tsg_get_stream_trace_id(const struct streaminfo * a_stream)
{
return 10;
}
int set_exec_profile_ids( struct streaminfo *a_stream, struct parse_handle *p)
{
memcpy(&test_handle, p, sizeof(struct parse_handle));
return 0;
}
TEST(SESSION_STATE, IllegalPara)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array[2];
memset(policy_array, 0, sizeof(struct update_policy) * 2);
EXPECT_EQ(-1, tsg_send_session_state(NULL, 0));
a_stream.opstate = OP_STATE_DATA;
EXPECT_EQ(-1, tsg_send_session_state(&a_stream, OP_STATE_DATA));
EXPECT_EQ(-1, tsg_sync_resetall_state(NULL));
EXPECT_EQ(0, tsg_sync_resetall_state(&a_stream));
EXPECT_EQ(-1, tsg_sync_policy_update(&a_stream, policy_array, 0));
EXPECT_EQ(-1, tsg_sync_policy_update(&a_stream, NULL, 2));
EXPECT_EQ(-1, tsg_sync_policy_update(NULL, policy_array, 2));
policy_array[0].type = POLICY_UPDATE_MAX;
EXPECT_EQ(-1, tsg_sync_policy_update(&a_stream, policy_array, 2));
}
TEST(SESSION_STATE, OpeningState)
{
struct streaminfo a_stream = {0};
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
a_stream.opstate = OP_STATE_PENDING;
EXPECT_EQ(0, tsg_send_session_state(&a_stream, OP_STATE_PENDING));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"opening\",\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(SESSION_STATE, CloseState)
{
struct streaminfo a_stream = {0};
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
a_stream.opstate = OP_STATE_CLOSE;
EXPECT_EQ(0, tsg_send_session_state(&a_stream, OP_STATE_CLOSE));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"closing\",\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(SESSION_STATE, ResetAllState)
{
struct streaminfo a_stream = {0};
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
EXPECT_EQ(0, tsg_sync_resetall_state(&a_stream));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"resetall\",\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(SESSION_STATE, ActiveStateOnlyServiceChaining)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array;
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy));
EXPECT_EQ(0, tsg_sync_policy_update(&a_stream, &policy_array, 1));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"service_chaining\":[]},\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(SESSION_STATE, ActiveStateOnlyShaping)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array;
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy));
policy_array.type = POLICY_UPDATE_SHAPING;
EXPECT_EQ(0, tsg_sync_policy_update(&a_stream, &policy_array, 1));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"shaping\":[]},\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array[2];
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy) * 2);
policy_array[0].type = POLICY_UPDATE_SHAPING;
EXPECT_EQ(0, tsg_sync_policy_update(&a_stream, policy_array, 2));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"shaping\":[],\"service_chaining\":[]},\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping1)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array[2];
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy) * 2);
policy_array[0].type = POLICY_UPDATE_SHAPING;
policy_array[0].n_ids = 3;
policy_array[0].ids[0] = 1;
policy_array[0].ids[1] = 2;
policy_array[0].ids[2] = 3;
policy_array[1].n_ids = 3;
policy_array[1].ids[0] = 4;
policy_array[1].ids[1] = 5;
policy_array[1].ids[2] = 6;
EXPECT_EQ(0, tsg_sync_policy_update(&a_stream, policy_array, 2));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
EXPECT_EQ(ctrl_pkt_len, strlen(ctrl_pkt_buf)+1);
EXPECT_STREQ("{\"state\":\"active\",\"method\":\"policy_update\",\"params\":{\"shaping\":[1,2,3],\"service_chaining\":[4,5,6]},\"session_id\":\"10\",\"tsync\":\"1.0\"}", ctrl_pkt_buf);
}
TEST(RECEIVE, IllegalPara)
{
struct streaminfo a_stream = {0};
const char *payload = "{\"tsync\":\"1.0\",\"session_id\":\"123456789\",\"state\":\"active\",\"method\":\"log_update\",\"params\":{\"sf_profile_ids\":}}";
const char *payload_ = "{\"tsync\":\"1.0\",\"session_id\":\"123456789\",\"state\":\"active\",\"method\":\"log_update\",\"params\":{\"sf_profile_ids\":[2,3,4,5,6,7]}}";
EXPECT_EQ(-1, tsg_recv_control_pkt(&a_stream, payload, strlen(payload)));
EXPECT_EQ(-1, tsg_recv_control_pkt(&a_stream, NULL, strlen(payload)));
EXPECT_EQ(-1, tsg_recv_control_pkt(&a_stream, payload, 0));
EXPECT_EQ(-1, tsg_recv_control_pkt(NULL, payload_, strlen(payload_)));
EXPECT_EQ(0, tsg_recv_control_pkt(&a_stream, payload_, strlen(payload_)));
}
#if 0
TEST(RECEIVE, JsonParse)
{
struct streaminfo a_stream = {0};
const char *payload_ = "{\"tsync\":\"1.0\",\"session_id\":\"123456789\",\"state\":\"active\",\"method\":\"log_update\",\"params\":{\"sf_profile_ids\":[2,3,4,5,6,7]}}";
EXPECT_EQ(0, tsg_recv_control_pkt(&a_stream, payload_, strlen(payload_)));
EXPECT_STREQ("1.0", test_handle.tsync);
EXPECT_EQ(123456789, test_handle.session_id);
EXPECT_STREQ("log_update", test_handle.method);
EXPECT_STREQ("active", test_handle.state);
EXPECT_EQ(6, test_handle.sf_ids.id_num);
for (int i = 0; i < 6; i++)
{
EXPECT_EQ(i+2, test_handle.sf_ids.ids[i]);
}
}
#endif
int main(int argc, char *argv[])
{
testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

483
test/src/gtest_sync_state.cpp Normal file
View File

@@ -0,0 +1,483 @@
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <gtest/gtest.h>
#include <MESA/cJSON.h>
#include <MESA/MESA_handle_logger.h>
#include "tsg_sync_state.h"
#include "tsg_variable.h"
#include "mpack.h"
struct tsg_rt_para g_tsg_para;
extern int get_ctrl_pkt(char *buf, int len);
unsigned long long tsg_get_stream_trace_id(const struct streaminfo *a_stream)
{
return 10;
}
TEST(SESSION_STATE, IllegalPara)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array[2];
memset(policy_array, 0, sizeof(struct update_policy) * 2);
EXPECT_EQ(-1, tsg_send_session_state(NULL, 0));
a_stream.opstate = OP_STATE_DATA;
EXPECT_EQ(-1, tsg_send_session_state(&a_stream, OP_STATE_DATA));
EXPECT_EQ(-1, tsg_sync_resetall_state(NULL));
EXPECT_EQ(0, tsg_sync_resetall_state(&a_stream));
EXPECT_EQ(-1, tsg_sync_policy_update(&a_stream, policy_array, 0));
EXPECT_EQ(-1, tsg_sync_policy_update(&a_stream, NULL, 2));
EXPECT_EQ(-1, tsg_sync_policy_update(NULL, policy_array, 2));
policy_array[0].type = POLICY_UPDATE_MAX;
EXPECT_EQ(-1, tsg_sync_policy_update(&a_stream, policy_array, 2));
}
TEST(SESSION_STATE, OpeningState)
{
struct streaminfo a_stream = {0};
char ctrl_pkt_buf[1024];
char test_str[256] = {0};
int ctrl_pkt_len = 0;
a_stream.opstate = OP_STATE_PENDING;
EXPECT_EQ(0, tsg_send_session_state(&a_stream, OP_STATE_PENDING));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
// tsync:2.0
EXPECT_EQ(mpack_type_str, mpack_node_type(mpack_node_map_cstr(root, "tsync")));
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "tsync")), mpack_node_strlen(mpack_node_map_cstr(root, "tsync")));
EXPECT_STREQ("2.0", test_str);
memset(test_str, 0, 256);
// session_id
EXPECT_EQ(10, mpack_node_u64(mpack_node_map_cstr(root, "session_id")));
// state:opening
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "state")), mpack_node_strlen(mpack_node_map_cstr(root, "state")));
EXPECT_STREQ("opening", test_str);
memset(test_str, 0, 256);
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(SESSION_STATE, CloseState)
{
struct streaminfo a_stream = {0};
char ctrl_pkt_buf[1024];
char test_str[256] = {0};
int ctrl_pkt_len = 0;
a_stream.opstate = OP_STATE_CLOSE;
EXPECT_EQ(0, tsg_send_session_state(&a_stream, OP_STATE_CLOSE));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
// tsync:2.0
EXPECT_EQ(mpack_type_str, mpack_node_type(mpack_node_map_cstr(root, "tsync")));
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "tsync")), mpack_node_strlen(mpack_node_map_cstr(root, "tsync")));
EXPECT_STREQ("2.0", test_str);
memset(test_str, 0, 256);
// session_id
EXPECT_EQ(10, mpack_node_u64(mpack_node_map_cstr(root, "session_id")));
// state:colse
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "state")), mpack_node_strlen(mpack_node_map_cstr(root, "state")));
EXPECT_STREQ("closing", test_str);
memset(test_str, 0, 256);
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(SESSION_STATE, ResetAllState)
{
struct streaminfo a_stream = {0};
char ctrl_pkt_buf[1024];
char test_str[256] = {0};
int ctrl_pkt_len = 0;
EXPECT_EQ(0, tsg_sync_resetall_state(&a_stream));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
// state:resetall
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "state")), mpack_node_strlen(mpack_node_map_cstr(root, "state")));
EXPECT_STREQ("resetall", test_str);
memset(test_str, 0, 256);
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(POLICY_UPDATE, Sce)
{
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
test.type = POLICY_UPDATE_SERVICE_CHAINING;
test.n_ids = 4;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 100 + i;
}
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t sce_map = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "sce");
for (int i = 0; i < 4; i++)
{
EXPECT_EQ(100 + i, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(sce_map, "rule_ids"), i)));
}
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(POLICY_UPDATE, Shaper)
{
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
test.type = POLICY_UPDATE_SHAPING;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 10000 + i;
}
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t shaper_map = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "shaper");
for (int i = 0; i < 6; i++)
{
EXPECT_EQ(10000 + i, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(shaper_map, "rule_ids"), i)));
}
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array[2];
char test_str[256] = {0};
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy) * 2);
policy_array[0].type = POLICY_UPDATE_SHAPING;
EXPECT_EQ(0, tsg_sync_policy_update(&a_stream, policy_array, 2));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
// tsync:2.0
EXPECT_EQ(mpack_type_str, mpack_node_type(mpack_node_map_cstr(root, "tsync")));
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "tsync")), mpack_node_strlen(mpack_node_map_cstr(root, "tsync")));
EXPECT_STREQ("2.0", test_str);
memset(test_str, 0, 256);
// session_id
EXPECT_EQ(10, mpack_node_u64(mpack_node_map_cstr(root, "session_id")));
// state:active
EXPECT_EQ(mpack_type_str, mpack_node_type(mpack_node_map_cstr(root, "state")));
memcpy(test_str, mpack_node_str(mpack_node_map_cstr(root, "state")), mpack_node_strlen(mpack_node_map_cstr(root, "state")));
EXPECT_STREQ("active", test_str);
memset(test_str, 0, 256);
// sce
mpack_node_t policy_sce = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "sce");
EXPECT_EQ(mpack_type_map, mpack_node_type(policy_sce));
EXPECT_EQ(1, mpack_node_map_count(policy_sce));
EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(policy_sce, "rule_ids")));
// shaper
mpack_node_t policy_shaper = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "shaper");
EXPECT_EQ(mpack_type_map, mpack_node_type(policy_shaper));
EXPECT_EQ(1, mpack_node_map_count(policy_shaper));
EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(policy_shaper, "rule_ids")));
// // proxy
// EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "proxy")));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping1)
{
struct streaminfo a_stream = {0};
struct update_policy policy_array[2];
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy) * 2);
policy_array[0].type = POLICY_UPDATE_SHAPING;
policy_array[0].n_ids = 3;
policy_array[0].ids[0] = 1;
policy_array[0].ids[1] = 2;
policy_array[0].ids[2] = 3;
policy_array[1].n_ids = 3;
policy_array[1].ids[0] = 4;
policy_array[1].ids[1] = 5;
policy_array[1].ids[2] = 6;
EXPECT_EQ(0, tsg_sync_policy_update(&a_stream, policy_array, 2));
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
// sce
EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "sce")));
mpack_node_t sce_map = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "sce");
EXPECT_EQ(3, mpack_node_array_length(mpack_node_map_cstr(sce_map, "rule_ids")));
for (int i = 0; i < 3; i++)
{
EXPECT_EQ(4 + i, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(sce_map, "rule_ids"), i)));
}
// shaper
EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "shaper")));
mpack_node_t shaper_map = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "shaper");
EXPECT_EQ(3, mpack_node_array_length(mpack_node_map_cstr(shaper_map, "rule_ids")));
for (int i = 0; i < 3; i++)
{
EXPECT_EQ(1 + i, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(shaper_map, "rule_ids"), i)));
}
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
static void gtest_cmsg_init(struct proxy_cmsg *cmsg)
{
cmsg->tcp_wsacle_exist = 1;
cmsg->tcp_seq = 1;
cmsg->tcp_ack = 2;
cmsg->tcp_mss_client = 3;
cmsg->tcp_mss_server = 4;
cmsg->tcp_wsacle_client = 6;
cmsg->tcp_wsacle_server = 7;
cmsg->tcp_sack_client = 8;
cmsg->tcp_sack_server = 9;
cmsg->tcp_ts_client = 10;
cmsg->tcp_ts_server = 11;
cmsg->tcp_protocol = 12;
cmsg->tcp_window_client = 13;
cmsg->tcp_window_server = 14;
cmsg->tcp_ts_client_val = 15;
cmsg->tcp_ts_server_val = 16;
cmsg->tcp_info_packet_cur_dir = 17;
cmsg->src_sub_id = (char *)calloc(1, 256);
snprintf(cmsg->src_sub_id, 256, "thisistest=%d", 1);
cmsg->dst_sub_id = (char *)calloc(1, 256);
snprintf(cmsg->dst_sub_id, 256, "thisistest=%d", 2);
cmsg->src_asn = (char *)calloc(1, 256);
snprintf(cmsg->src_asn, 256, "thisistest=%d", 3);
cmsg->dst_asn = (char *)calloc(1, 256);
snprintf(cmsg->dst_asn, 256, "thisistest=%d", 4);
cmsg->src_organization = (char *)calloc(1, 256);
snprintf(cmsg->src_organization, 256, "thisistest=%d", 5);
cmsg->dst_organization = (char *)calloc(1, 256);
snprintf(cmsg->dst_organization, 256, "thisistest=%d", 6);
cmsg->src_ip_location_country = (char *)calloc(1, 256);
snprintf(cmsg->src_ip_location_country, 256, "thisistest=%d", 7);
cmsg->dst_ip_location_country = (char *)calloc(1, 256);
snprintf(cmsg->dst_ip_location_country, 256, "thisistest=%d", 8);
cmsg->src_ip_location_provine = (char *)calloc(1, 256);
snprintf(cmsg->src_ip_location_provine, 256, "thisistest=%d", 9);
cmsg->dst_ip_location_provine = (char *)calloc(1, 256);
snprintf(cmsg->dst_ip_location_provine, 256, "thisistest=%d", 10);
cmsg->src_ip_location_city = (char *)calloc(1, 256);
snprintf(cmsg->src_ip_location_city, 256, "thisistest=%d", 11);
cmsg->dst_ip_location_city = (char *)calloc(1, 256);
snprintf(cmsg->dst_ip_location_city, 256, "thisistest=%d", 12);
cmsg->src_ip_location_subdivision = (char *)calloc(1, 256);
snprintf(cmsg->src_ip_location_subdivision, 256, "thisistest=%d", 13);
cmsg->dst_ip_location_subdivision = (char *)calloc(1, 256);
snprintf(cmsg->dst_ip_location_subdivision, 256, "thisistest=%d", 14);
cmsg->ssl_client_ja3_fingerprint = (char *)calloc(1, 256);
snprintf(cmsg->ssl_client_ja3_fingerprint, 256, "thisistest=%d", 15);
cmsg->fqdn_cat_id_val.num = 4;
for (size_t i = 0; i < 4; i++)
{
cmsg->fqdn_cat_id_val.value[i] = i + 1;
}
cmsg->tcp_seq_sids.num = 5;
for (size_t i = 0; i < 5; i++)
{
cmsg->tcp_seq_sids.value[i] = i + 2;
}
cmsg->tcp_ack_sids.num = 6;
for (size_t i = 0; i < 6; i++)
{
cmsg->tcp_ack_sids.value[i] = i + 3;
}
cmsg->tcp_seq_route_ctx.num = 7;
for (size_t i = 0; i < 7; i++)
{
cmsg->tcp_seq_route_ctx.value[i] = i + 4;
}
cmsg->tcp_ack_route_ctx.num = 8;
for (size_t i = 0; i < 8; i++)
{
cmsg->tcp_ack_route_ctx.value[i] = i + 5;
}
return;
}
static void gtest_cmsg_destroy(struct proxy_cmsg *cmsg)
{
free(cmsg->src_sub_id);
free(cmsg->dst_sub_id);
free(cmsg->src_asn);
free(cmsg->dst_asn);
free(cmsg->src_organization);
free(cmsg->dst_organization);
free(cmsg->src_ip_location_country);
free(cmsg->dst_ip_location_country);
free(cmsg->src_ip_location_provine);
free(cmsg->dst_ip_location_provine);
free(cmsg->src_ip_location_city);
free(cmsg->dst_ip_location_city);
free(cmsg->src_ip_location_subdivision);
free(cmsg->dst_ip_location_subdivision);
free(cmsg->ssl_client_ja3_fingerprint);
}
TEST(POLICY_UPDATE, Proxy)
{
char ctrl_pkt_buf[1024] = {0};
char test_str[256] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
struct proxy_cmsg cmsg;
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 10000 + i;
}
gtest_cmsg_init(&cmsg);
memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg));
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, 1024);
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t params = mpack_node_map_cstr(root, "params");
// proxy
EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(params, "proxy")));
mpack_node_t proxy_map = mpack_node_map_cstr(params, "proxy");
EXPECT_EQ(6, mpack_node_array_length(mpack_node_map_cstr(proxy_map, "rule_ids")));
// proxy.rule_ids
for (int i = 0; i < test.n_ids; i++)
{
EXPECT_EQ(10000 + i, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(proxy_map, "rule_ids"), i)));
}
mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake");
EXPECT_EQ(1, mpack_node_u32(mpack_node_array_at(tcp_handshake, 0)));
EXPECT_EQ(16, mpack_node_u32(mpack_node_array_at(tcp_handshake, 14)));
memcpy(test_str, mpack_node_str(mpack_node_array_at(tcp_handshake, 17)), mpack_node_strlen(mpack_node_array_at(tcp_handshake, 17)));
EXPECT_STREQ("thisistest=2", test_str);
memset(test_str, 0, 256);
memcpy(test_str, mpack_node_str(mpack_node_array_at(tcp_handshake, 30)), mpack_node_strlen(mpack_node_array_at(tcp_handshake, 30)));
EXPECT_STREQ("thisistest=15", test_str);
memset(test_str, 0, 256);
mpack_node_t fqdn_cat_id_vals = mpack_node_array_at(tcp_handshake, 31);
EXPECT_EQ(4, mpack_node_array_length(fqdn_cat_id_vals));
for (int i = 0; i < 4; i++)
{
EXPECT_EQ(i + 1, mpack_node_u32(mpack_node_array_at(fqdn_cat_id_vals, i)));
}
mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35);
EXPECT_EQ(8, mpack_node_array_length(tcp_ack_route_ctxs));
for (int i = 0; i < 8; i++)
{
EXPECT_EQ(i + 5, mpack_node_u8(mpack_node_array_at(tcp_ack_route_ctxs, i)));
}
// // sce
// EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(params, "sce")));
// // shaper
// EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(params, "shaper")));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg);
}
int main(int argc, char *argv[])
{
g_tsg_para.logger = MESA_create_runtime_log_handle("log/tsg_sync_state", 10);
testing::InitGoogleTest(&argc, argv);
int ret = RUN_ALL_TESTS();
MESA_destroy_runtime_log_handle(g_tsg_para.logger);
return ret;
}

14
vendor/CMakeLists.txt vendored
View File

@@ -18,7 +18,19 @@ endif()
set_property(TARGET gtest-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
set_property(TARGET gtest-static PROPERTY INTERFACE_LINK_LIBRARIES pthread)
# # libmsgpackc
# ExternalProject_Add(libmsgpackc PREFIX libmsgpackc
# URL ${CMAKE_SOURCE_DIR}/vendor/msgpack-c-6.0.0.tar.gz
# URL_MD5 adc08f48550ce772fe24c0b41166b0de
# CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=<INSTALL_DIR> -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
# -DMSGPACK_BUILD_TESTS=OFF -DMSGPACK_USE_BOOST=OFF)
# ExternalProject_Get_Property(libmsgpackc INSTALL_DIR)
# file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
# add_library(msgpackc-static STATIC IMPORTED GLOBAL)
# add_dependencies(msgpackc-static libmsgpackc)
# set_property(TARGET msgpackc-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libmsgpack-c.a)
# set_property(TARGET msgpackc-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)