gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正识别结果,quic.ssl修正为quic

Browse Source
This commit is contained in:
liuxueli
2023-07-10 14:58:10 +08:00
parent 94c07e1f08
commit 2665555f06
3 changed files with 52 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/tsg_entry.cpp
View File

@@ -1854,17 +1854,28 @@ int session_app_gather_results_update(struct app_attributes **update_result, cha
}
}
int i;
for(i=0; i<identify_result->app_id_num; i++)
{
(*update_result)[i].app_id=identify_result->origin;
(*update_result)[i].app_id=identify_result->app_id[i];
(*update_result)[i].surrogate_id=identify_result->surrogate_id[i];
(*update_result)[i].packet_sequence=packet_sequence;
int idx=0;
unsigned int quic_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_QUIC].name, g_tsg_proto_name2id[PROTO_QUIC].len);
for(int i=0; i<identify_result->app_id_num; i++)
{
(*update_result)[idx].app_id=identify_result->origin;
(*update_result)[idx].app_id=identify_result->app_id[i];
(*update_result)[idx].surrogate_id=identify_result->surrogate_id[i];
(*update_result)[idx].packet_sequence=packet_sequence;
idx++;
if(identify_result->app_id[i]==quic_id && (i+1 < identify_result->app_id_num))
{
unsigned int ssl_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_SSL].name, g_tsg_proto_name2id[PROTO_SSL].len);
if(identify_result->app_id[i+1]==ssl_id)
{
i++;
continue;
}
}
}
return i;
return idx;
}
int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)

1
test/bin/gtest_maat.json
View File

@@ -2312,6 +2312,7 @@
"68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1",
"4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
"199\tssl\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
"2521\tquic\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
"240\tyoutube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
"15009\tuser_define_youtube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
"1500\tbuilt_in_youtube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",

65
test/src/gtest_master.cpp
View File

@@ -1035,7 +1035,6 @@ TEST(TSGMaster, SessionApplicationFullPathTSG15999)
gather_result->qm_engine[1].packet_sequence=4;
session_gather_app_results_async(&a_stream, (void *)gather_result);
session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
EXPECT_STREQ("ssl.https", out_full_path);
@@ -1045,6 +1044,37 @@ TEST(TSGMaster, SessionApplicationFullPathTSG15999)
session_gather_app_results_async(&a_stream, NULL);
}
int session_app_gather_results_update(struct app_attributes **update_result, char update_result_num, struct app_identify_result *identify_result, int packet_sequence, int thread_seq);
TEST(TSGMaster, SessionApplicationFullPathTSG13811)
{
const struct streaminfo a_stream={0};
char out_full_path[256]={0};
int out_full_path_len=sizeof(out_full_path);
struct gather_app_result *gather_result=(struct gather_app_result *)calloc(1, sizeof(struct gather_app_result));
gather_result->l7_protocol_num=1;
gather_result->l7_protocol=(struct app_attributes *)calloc(1, sizeof(struct app_attributes));
gather_result->l7_protocol->app_id=2521;
gather_result->l7_protocol->surrogate_id=0;
gather_result->l7_protocol->packet_sequence=1;
struct app_identify_result identify_result={ORIGIN_QM_ENGINE, 3, {2521, 199, 240}, {0, 0, 0}};
gather_result->qm_engine_num=session_app_gather_results_update(&(gather_result->qm_engine), gather_result->qm_engine_num, &identify_result, 1, 0);
EXPECT_EQ(2, gather_result->qm_engine_num);
EXPECT_EQ(2521, gather_result->qm_engine[0].app_id);
EXPECT_EQ(240, gather_result->qm_engine[1].app_id);
session_gather_app_results_async(&a_stream, (void *)gather_result);
session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
EXPECT_STREQ("quic.youtube", out_full_path);
free(gather_result->l7_protocol);
free(gather_result->qm_engine);
free(gather_result);
session_gather_app_results_async(&a_stream, NULL);
}
extern int session_application_full_path_combine(struct gather_app_result * gather_result, char * out_full_path, int out_full_path_len);
TEST(TSGMaster, SessionApplicationFullPath)
@@ -1198,39 +1228,6 @@ TEST(TSGMaster, SessionQuicIdentify)
g_test_quic_info=NULL;
}
TEST(TSGMaster, SessionApplicationFullPathTSG13811)
{
char out_full_path[256]={0};
int out_full_path_len=sizeof(out_full_path);
struct gather_app_result gather_result={0};
gather_result.l7_protocol_num=1;
struct app_attributes l7_protocol={68, 0, 4};
gather_result.l7_protocol=&l7_protocol;
gather_result.qm_engine_num=3;
gather_result.l7_qm_engine_num=2;
struct app_attributes qm_engine[3]={{199, 0, 6}, {68, 0, 4}, {240, 0, 6}};
gather_result.qm_engine=qm_engine;
int offset=session_application_full_path_combine(&gather_result, out_full_path, out_full_path_len);
EXPECT_NE(0, offset);
EXPECT_STREQ("ssl.https.youtube", out_full_path);
// l7 protocol is empty
gather_result.l7_protocol_num=0;
gather_result.l7_protocol=NULL;
gather_result.qm_engine_num=3;
gather_result.l7_qm_engine_num=0;
struct app_attributes qm_engine2[3]={{199, 0, 6}, {68, 0, 4}, {240, 0, 6}};
gather_result.qm_engine=qm_engine2;
offset=session_application_full_path_combine(&gather_result, out_full_path, out_full_path_len);
EXPECT_NE(0, offset);
EXPECT_STREQ("ssl.https.youtube", out_full_path);
}
int main(int argc, char *argv[])
{
TSG_MASTER_INIT();