TSG-11860 - 支持匹配Tunnel Object作为策略条件，以及输出Tunnel Object信息至安全日志和过渡日志

bin/tsg_log_field.conf

@@ -63,12 +63,12 @@ STRING		sip_from			50
 STRING		sip_to			51
 STRING		common_tunnels		52
 STRING		tunnels_schema_type	53
-STRING		gtp_sgw_ip		54
+STRING		gtp_endpoint_a_ip		54
-STRING		gtp_pgw_ip		55
+STRING		gtp_endpoint_b_ip		55
-STRING		gtp_sgw_port		56
+STRING		gtp_endpoint_a_port		56
-STRING		gtp_pgw_port		57
+STRING		gtp_endpoint_b_port		57
-STRING		gtp_uplink_teid		58
+STRING		gtp_a2b_teid		58
-STRING		gtp_downlink_teid		59
+STRING		gtp_b2a_teid		59
 STRING		mpls_c2s_direction_label	60
 STRING		mpls_s2c_direction_label	61
 STRING		vlan_c2s_direction_id		62
@@ -116,3 +116,6 @@ STRING		http_request_body	103
 STRING		http_response_body	104
 STRING		mail_eml_file	105
 STRING		common_vsys_id	106
+STRING		dtls_sni	107
+STRING  common_tunnel_endpoint_a_desc   108
+STRING  common_tunnel_endpoint_b_desc   109

bin/tsg_static_tableinfo.conf

@@ -83,4 +83,8 @@
 71	TSG_DYN_SUBSCRIBER_IP	plugin	{"key":3,"valid":5}	--
 72	TSG_PROFILE_TRAFFIC_MIRROR	plugin	{"key":1,"valid":4}	--
 73	TSG_DYN_MOBILE_IDENTITY_APN_TEID	plugin	{"key":2,"valid":7}	--
-74	TSG_FIELD_DTLS_SNI	virtual	["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]	--
+74	TSG_FIELD_DTLS_SNI	virtual	["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]	--
+75	TSG_OBJ_TUNNEL_ID	intval	UTF8	UTF8	yes	0
+76	TSG_TUNNEL_CATALOG	bool_plugin	{"row_id":1,"bool_expr":4,"valid":5}    --
+77	TSG_TUNNEL_ENDPOINT	plugin	{"key":2,"valid":4}	--
+78	TSG_TUNNEL_LABEL	plugin	{"key":2,"valid":3}	--

inc/tsg_label.h

@@ -71,6 +71,22 @@ struct umts_user_info
 	char *msisdn; //MSISDN: phone number
 };
 
+struct tunnel_catalog
+{
+	int id;
+	int ref_cnt;
+	char *name;
+	char *type;
+	char *composition;
+};
+
+struct tunnel_endpoint
+{
+	int id;
+	int ref_cnt;
+	char *description;
+};
+
 struct session_attribute_label
 {
 	int http_action_file_size;
@@ -85,7 +101,9 @@ struct session_attribute_label
 	struct subscribe_id_info *server_subscribe_id;
 	char *ja3_fingerprint;
 	unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM];
-	struct umts_user_info *user_info;
+	struct umts_user_info *user_info;	
+	struct tunnel_endpoint *client_endpoint;	
+	struct tunnel_endpoint *server_endpoint;
 };
 
 struct policy_priority_label

src/tsg_entry.cpp

@@ -101,7 +101,13 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
 										 {0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"},
 										 {0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"},
 										 {0, TSG_FS2_APP_ID_ADD, "app_id_add"},
-										 {0, TSG_FS2_APP_ID_DEL, "app_id_del"}
+										 {0, TSG_FS2_APP_ID_DEL, "app_id_del"},
+										 {0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"},
+										 {0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"},
+										 {0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"},
+										 {0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"},
+										 {0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"},
+										 {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"}
 										};
 
 id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, 
@@ -1379,7 +1385,18 @@ static void free_session_attribute_label(int thread_seq, void *project_req_value
 			gtp_c_free_data(0, (MAAT_PLUGIN_EX_DATA *)&label->user_info, 0, g_tsg_para.logger);
 			label->user_info=NULL;
 		}
-		
+
+		if(label->client_endpoint!=NULL)
+		{
+			tunnel_endpoint_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_endpoint, 0, g_tsg_para.logger);
+			label->client_endpoint=NULL;
+		}
+
+		if(label->server_endpoint!=NULL)
+		{
+			tunnel_endpoint_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_endpoint, 0, g_tsg_para.logger);
+			label->server_endpoint=NULL;
+		}
 		dictator_free(thread_seq, project_req_value);
 		project_req_value=NULL;
 	}
@@ -2167,6 +2184,14 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo
 
 	if(*pme==NULL)
 	{
+		unsigned short tunnel_type=0;
+		int tunnel_type_len=sizeof(tunnel_type);
+		int ret=MESA_get_stream_opt(a_udp, MSO_STREAM_UP_LAYER_TUNNEL_TYPE, (void *)&tunnel_type, &tunnel_type_len);
+		if(ret==0 && tunnel_type&STREAM_TUNNEL_GPRS_TUNNEL)
+		{
+			return APP_STATE_DROPME;
+		}
+		
 		*pme=dictator_malloc(thread_seq, sizeof(struct udp_context));
 		memset(*pme, 0, sizeof(struct udp_context));
 		context=(struct udp_context *)(*pme);

src/tsg_entry.h

@@ -91,6 +91,10 @@ enum MASTER_STATIC_TABLE{
 	TABLE_PROFILE_MIRROR,
 	TABLE_HTTP_URL,
 	TABLE_DTLS_SNI,
+	TABLE_TUNNEL_ID,
+	TABLE_TUNNEL_CATALOG,
+	TABLE_TUNNEL_ENDPOINT,
+	TABLE_TUNNEL_LABEL,
 	TABLE_MAX
 };
 
@@ -143,6 +147,12 @@ enum TSG_FS2_TYPE{
 	TSG_FS2_DNS_RES_DEL,
 	TSG_FS2_APP_ID_ADD,
 	TSG_FS2_APP_ID_DEL,
+	TSG_FS2_TUNNEL_CATALOG_ADD,
+	TSG_FS2_TUNNEL_CATALOG_DEL,
+	TSG_FS2_TUNNEL_ENDPOINT_ADD,
+	TSG_FS2_TUNNEL_ENDPOINT_DEL,
+	TSG_FS2_TUNNEL_LABEL_ADD,
+	TSG_FS2_TUNNEL_LABEL_DEL,
 	TSG_FS2_MAX
 };
 
@@ -457,6 +467,7 @@ void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* arg
 void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
 void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
 void gtp_c_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
+void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
 
 void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
 void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);

src/tsg_rule.cpp

@@ -1614,37 +1614,113 @@ void mirrored_profile_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, voi
 	}
 }
 
-static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
+void tunnel_catalog_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
 {
-	int i=0,j=0,ret=0;	
+	struct tunnel_catalog *t_catalog=(struct tunnel_catalog *)calloc(sizeof(struct tunnel_catalog), 1);
-	struct fqdn_category *ex_data_array[8]={0};
 
-	ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8);
+	t_catalog->id=tsg_get_column_integer_value(table_line, 1);
-	if(ret>0)
+	t_catalog->name=tsg_get_column_string_value(table_line, 2);	
+	t_catalog->type=tsg_get_column_string_value(table_line, 3);
+	t_catalog->composition=tsg_get_column_string_value(table_line, 4);
+
+	atomic_inc(&t_catalog->ref_cnt);
+	*ad=(MAAT_PLUGIN_EX_DATA)t_catalog;
+	
+	FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_CATALOG_ADD], 0, FS_OP_ADD, 1);
+	return;
+}
+void tunnel_catalog_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	if(*ad==NULL)
 	{
-		qsort(ex_data_array, ret, sizeof(struct fqdn_category *), sort_category_id);
+		return ;
-		
+	}
-		for(i=0; i<ret; i++)
+	
-		{
+	struct tunnel_catalog *t_catalog=(struct tunnel_catalog *)(*ad);
-			if(j==0)
+	if ((__sync_sub_and_fetch(&t_catalog->ref_cnt, 1) == 0))
-			{
+	{
-				category_id[j++]=ex_data_array[i]->category_id;
+		_free_field(t_catalog->name);
-			}
+		_free_field(t_catalog->type);		
-			else
+		_free_field(t_catalog->composition);
-			{
+		_free_field((char *)(*ad));
-				if(j<category_id_num && ex_data_array[i]->category_id!=category_id[j-1])
+		*ad=NULL;
-				{
+		FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_CATALOG_DEL], 0, FS_OP_ADD, 1);
-					category_id[j++]=ex_data_array[i]->category_id;
+	}
-				}
+}
-			}
+void tunnel_catalog_dup(int table_id,	MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
-			
+{
-			fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger);
+	if((*from)!=NULL)
-		}
+	{
+		struct tunnel_catalog *t_catalog=(struct tunnel_catalog *)(*from);
+		__sync_add_and_fetch(&(t_catalog->ref_cnt), 1);
+		*to=*from;
+	}
+}
 
-		return j;
+void tunnel_endpoint_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	struct tunnel_endpoint *t_endpoint=(struct tunnel_endpoint *)calloc(1, sizeof(struct tunnel_endpoint));
+	
+	t_endpoint->id=tsg_get_column_integer_value(table_line, 1);
+	t_endpoint->description=tsg_get_column_string_value(table_line, 3);
+	
+	atomic_inc(&t_endpoint->ref_cnt);
+	*ad=(MAAT_PLUGIN_EX_DATA)t_endpoint;
+	
+	FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_ADD], 0, FS_OP_ADD, 1);
+
+	return ;
+}
+
+void tunnel_endpoint_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+{
+	if((*from)!=NULL)
+	{
+		struct tunnel_endpoint *t_endpoint=(struct tunnel_endpoint *)(*from);
+		atomic_inc(&t_endpoint->ref_cnt);
+		(*to)=(*from);
 	}
 
-	return 0;
+	return ;
+}
+
+void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	if((*ad)!=NULL)
+	{
+		struct tunnel_endpoint *t_endpoint=(struct tunnel_endpoint *)*ad;
+		if((__sync_sub_and_fetch(&t_endpoint->ref_cnt, 1) == 0))
+		{
+			_free_field(t_endpoint->description);
+			_free_field((char *)(*ad));
+			*ad=NULL;		
+			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_DEL], 0, FS_OP_ADD, 1);
+		}
+	}
+}
+
+void tunnel_label_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{	
+	int label_id=tsg_get_column_integer_value(table_line, 1);
+	*ad=(MAAT_PLUGIN_EX_DATA)(long)label_id;
+	FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_LABEL_ADD], 0, FS_OP_ADD, 1);
+
+	return ;
+}
+
+void tunnel_label_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+{
+	if((*from)!=NULL)
+	{
+		(*to)=(*from);
+	}
+
+	return ;
+}
+
+void tunnel_label_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_LABEL_DEL], 0, FS_OP_ADD, 1);
 }
 
 static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *maat_logger)
@@ -1822,6 +1898,11 @@ int tsg_rule_init(const char* conffile, void *logger)
 	MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR");
 
 	MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI");
+	
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_TUNNEL_ID");
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG");
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT");	
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL");
 
 	MESA_load_profile_int_def(conffile, "MAAT","LOG_LEVEL", &log_level, 30);
 	MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/maat/tsg_maat.log");
@@ -2003,6 +2084,49 @@ int tsg_rule_init(const char* conffile, void *logger)
 		return -1;
 	}
 
+	ret=Maat_bool_plugin_EX_register(g_tsg_maat_feather,
+										g_tsg_para.table_id[TABLE_TUNNEL_CATALOG],
+										tunnel_catalog_new,
+										tunnel_catalog_free,
+										tunnel_catalog_dup,
+										0, 
+										NULL);
+	if(ret<0)
+	{
+		MESA_handle_runtime_log(g_tsg_para.maat_logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Maat_bool_plugin_EX_register failed, table_name: %s", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG]);
+		return -1;
+	}
+
+	ret=Maat_plugin_EX_register(g_tsg_maat_feather,
+								g_tsg_para.table_id[TABLE_TUNNEL_ENDPOINT],
+								tunnel_endpoint_new,
+								tunnel_endpoint_free,
+								tunnel_endpoint_dup,
+								NULL,
+								0, 
+								NULL);
+
+	if(ret<0)
+	{
+		MESA_handle_runtime_log(g_tsg_para.maat_logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Maat_plugin_EX_register failed, table_name: %s", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT]);
+		return -1;
+	}
+
+	ret=Maat_plugin_EX_register(g_tsg_maat_feather,
+								g_tsg_para.table_id[TABLE_TUNNEL_LABEL],
+								tunnel_label_new,
+								tunnel_label_free,
+								tunnel_label_dup,
+								NULL,
+								0, 
+								NULL);
+
+	if(ret<0)
+	{
+		MESA_handle_runtime_log(g_tsg_para.maat_logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Maat_plugin_EX_register failed, table_name: %s", g_tsg_para.table_name[TABLE_TUNNEL_LABEL]);
+		return -1;
+	}
+
 	//init dynamic maat feather	
 	MESA_load_profile_int_def(conffile, "MAAT", "DYNAMIC_MAAT_SWITCH", &g_tsg_para.dynamic_maat_switch, 0);
 	if(g_tsg_para.dynamic_maat_switch==1)
@@ -2081,6 +2205,39 @@ int tsg_rule_init(const char* conffile, void *logger)
 	return 0;
 }
 
+static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
+{
+	int i=0,j=0,ret=0;	
+	struct fqdn_category *ex_data_array[8]={0};
+
+	ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8);
+	if(ret>0)
+	{
+		qsort(ex_data_array, ret, sizeof(struct fqdn_category *), sort_category_id);
+		
+		for(i=0; i<ret; i++)
+		{
+			if(j==0)
+			{
+				category_id[j++]=ex_data_array[i]->category_id;
+			}
+			else
+			{
+				if(j<category_id_num && ex_data_array[i]->category_id!=category_id[j-1])
+				{
+					category_id[j++]=ex_data_array[i]->category_id;
+				}
+			}
+			
+			fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger);
+		}
+
+		return j;
+	}
+
+	return 0;
+}
+
 int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info)
 {
 	int num=0;
@@ -2363,15 +2520,115 @@ static unsigned short get_trans_protocol(const struct streaminfo *a_stream)
 	return 255;
 }
 
-
+int tsg_get_endpoint_id(const struct streaminfo *a_stream, int table_id, struct tunnel_endpoint **client_endpoint, struct tunnel_endpoint **server_endpoint)
-int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num)
 {
-	int hit_num=0,maat_ret=0;
+	char dest_ip[128]={0}, source_ip[128]={0};
-	unsigned short tans_proto=0;
+	
+	switch(a_stream->addr.addrtype)
+	{
+		case	ADDR_TYPE_IPV4:
+			inet_ntop(AF_INET, &(a_stream->addr.tuple4_v4->saddr), source_ip, sizeof(source_ip));
+			inet_ntop(AF_INET, &(a_stream->addr.tuple4_v4->daddr), dest_ip, sizeof(dest_ip));
+			break;
+		case	ADDR_TYPE_IPV6:
+			inet_ntop(AF_INET6, (a_stream->addr.tuple4_v6->saddr), source_ip, sizeof(source_ip));
+			inet_ntop(AF_INET6, (a_stream->addr.tuple4_v6->daddr), dest_ip, sizeof(dest_ip));
+			break;
+		default:
+			return 0;
+			break;
+	}
+
+	if(*client_endpoint==NULL)
+	{
+		*client_endpoint=(struct tunnel_endpoint *)Maat_plugin_get_EX_data(g_tsg_maat_feather, table_id, source_ip);
+	}
+	
+	if(*server_endpoint==NULL)
+	{
+		*server_endpoint=(struct tunnel_endpoint *)Maat_plugin_get_EX_data(g_tsg_maat_feather, table_id, dest_ip);
+	}
+	
+	return 0;
+}
+
+int tsg_get_vlan_label_id(struct single_layer_vlan_addr *vlan_array, int vlan_array_num, unsigned long long *label_id_array, int label_id_array_num)
+{
+	int i=0,idx=0;
+	char label[32]={0}; 
+	MAAT_PLUGIN_EX_DATA label_id=NULL;
+
+	if(vlan_array_num<=0 || label_id_array_num<=0 || vlan_array==NULL || label_id_array==NULL)
+	{
+		return 0;
+	}
+	
+	for(i=0; i<vlan_array_num; i++)
+	{
+		snprintf(label, sizeof(label), "%d", vlan_array[i].VID);
+		label_id=Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_LABEL], label);
+		if(label_id==NULL)
+		{
+			continue;
+		}
+
+		if(idx>=label_id_array_num)
+		{
+			break;
+		}
+
+		label_id_array[idx++]=(long long)(label_id);
+	}
+
+	return idx;
+}
+
+#define	TUNNEL_BOOL_ID_MAX	16
+#define	TUNNEL_CATALOG_MAX	16
+int tsg_scan_tunnel_id(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, scan_status_t *mid, unsigned long long *bool_id_array, int bool_id_array_idx, int thread_seq)
+{
+	int i=0,ret=0;
+	int maat_ret=0, hit_num=0;
+	struct tunnel_catalog *t_catalog[TUNNEL_CATALOG_MAX];
+	ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX);
+	for(i=0; i<ret; i++)
+	{
+		maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result, result_num-hit_num, mid, thread_seq);
+		if(maat_ret>0)
+		{
+			hit_num+=maat_ret;
+		}
+		
+		tunnel_catalog_free(g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], (MAAT_PLUGIN_EX_DATA *)&(t_catalog[i]), 0, NULL);
+	}
+
+	return hit_num;
+}
+
+int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, struct Maat_rule_t *result, int result_num)
+{
+	int ret=0,hit_num=0;
 	unsigned int proto_id=0;
 	struct ipaddr t_addr;
 	struct ipaddr* p_addr=NULL;	
 	const struct streaminfo *cur_stream = a_stream;
+	unsigned short tans_proto=0;
+	int bool_id_array_idx=0;
+	unsigned long long bool_id_array[TUNNEL_BOOL_ID_MAX]={0};
+	struct session_attribute_label *attribute_label=NULL;
+
+	if(result==NULL || result_num<=0 || a_stream==NULL || maat_feather==NULL)
+	{
+		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_NESTING_ADDR", "result==NULL || result_num<=0 || maat_feather==NULL || a_stream==NULL");
+		return -1;
+	}
+
+	attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
+	if(attribute_label==NULL)
+	{
+		attribute_label=(struct session_attribute_label *)dictator_malloc(a_stream->threadnum, sizeof(struct session_attribute_label));
+		memset(attribute_label, 0, sizeof(struct session_attribute_label));
+	}
 
 	do
 	{
@@ -2393,11 +2650,11 @@ int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream
 					{
 						t_addr.addrtype = ADDR_TYPE_IPV6;
 					}
-					p_addr = &t_addr;
+					p_addr=&t_addr;
 				}
 				else
 				{
-					p_addr = (struct ipaddr *)&cur_stream->addr;
+					p_addr=(struct ipaddr *)&cur_stream->addr;
 				}
 
 				if(p_addr==NULL)
@@ -2406,25 +2663,25 @@ int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream
 				}
 
 				tans_proto=get_trans_protocol(cur_stream);
-	 			maat_ret=Maat_scan_proto_addr(maat_feather, g_tsg_para.table_id[TABLE_IP_ADDR], p_addr, tans_proto, result+hit_num, result_num-hit_num, mid, (int)cur_stream->threadnum);
+	 			ret=Maat_scan_proto_addr(maat_feather, g_tsg_para.table_id[TABLE_IP_ADDR], p_addr, tans_proto, result+hit_num, result_num-hit_num, mid, (int)cur_stream->threadnum);
-				if(maat_ret>0)
+				if(ret>0)
 				{
 					MESA_handle_runtime_log(g_tsg_para.logger,
 												RLOG_LV_DEBUG,
 												"SCAN_IP",
 												"Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
 												PRINTADDR(a_stream, g_tsg_para.level),
-												maat_ret,
+												ret,
 												result[hit_num].config_id,
 												result[hit_num].service_id,
 												(unsigned char)result[hit_num].action
 											);
 
-					hit_num+=maat_ret;
+					hit_num+=ret;
 				}
 				else
 				{
-					MESA_handle_runtime_log(g_tsg_para.logger,RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", PRINTADDR(a_stream, g_tsg_para.level), maat_ret);	
+					MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", PRINTADDR(a_stream, g_tsg_para.level), ret);	
 				}
 				break;
 			case	ADDR_TYPE_L2TP:
@@ -2435,32 +2692,35 @@ int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream
 				proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_PPTP].name);
 				hit_num+=tsg_scan_app_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, g_tsg_proto_name2id[PROTO_PPTP].name, proto_id, (int)a_stream->threadnum);
 				break;
+			case	ADDR_TYPE_VLAN:
+				bool_id_array_idx+=tsg_get_vlan_label_id(cur_stream->addr.vlan->c2s_addr_array, cur_stream->addr.vlan->c2s_layer_num, bool_id_array, TUNNEL_BOOL_ID_MAX-bool_id_array_idx);
+				bool_id_array_idx+=tsg_get_vlan_label_id(cur_stream->addr.vlan->s2c_addr_array, cur_stream->addr.vlan->s2c_layer_num, bool_id_array, TUNNEL_BOOL_ID_MAX-bool_id_array_idx);				
+				break;
+			case	ADDR_TYPE_GPRS_TUNNEL:
+				tsg_get_endpoint_id(cur_stream->pfather, g_tsg_para.table_id[TABLE_TUNNEL_ENDPOINT], &(attribute_label->client_endpoint), &(attribute_label->server_endpoint));
+				if(attribute_label->client_endpoint!=NULL && bool_id_array_idx<TUNNEL_BOOL_ID_MAX)
+				{
+					bool_id_array[bool_id_array_idx++]=(long long)attribute_label->client_endpoint->id;
+				}
+				
+				if(attribute_label->server_endpoint!=NULL && bool_id_array_idx<TUNNEL_BOOL_ID_MAX)
+				{
+					bool_id_array[bool_id_array_idx++]=(long long)attribute_label->server_endpoint->id;
+				}
+				cur_stream=cur_stream->pfather;  // skip gtp tuple4
+				break;
 			default:
 				break;
 		}
 		
-		cur_stream = cur_stream->pfather;
+		cur_stream=cur_stream->pfather;
-		
+	}while(cur_stream!=NULL && hit_num<result_num);
-	}while(cur_stream != NULL && hit_num < result_num);
 
-	return hit_num;
+	if(hit_num<result_num)
-}
-
-int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num)
-{
-	int ret=0;
-	unsigned int proto_id=0;
-	int hit_num=0;
-	struct session_attribute_label *attribute_label=NULL;
-
-	if(result==NULL || result_num<=0 || a_stream==NULL || maat_feather==NULL)
 	{
-		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_NESTING_ADDR", "result==NULL || result_num<=0 || maat_feather==NULL || a_stream==NULL");
+		tsg_scan_tunnel_id(maat_feather, result+hit_num, result_num-hit_num, mid, bool_id_array, bool_id_array_idx, (int)a_stream->threadnum);
-		return -1;
 	}
 
-	hit_num+=tsg_scan_addr(maat_feather, a_stream, proto, mid, result+hit_num, result_num-hit_num);
-
 	if(hit_num<result_num && proto>PROTO_UNKONWN && proto<PROTO_MAX)
 	{
 		proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[proto].name);
@@ -2472,13 +2732,6 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
 		}
 	}
 
-	attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
-	if(attribute_label==NULL)
-	{
-		attribute_label=(struct session_attribute_label *)dictator_malloc(a_stream->threadnum, sizeof(struct session_attribute_label));
-		memset(attribute_label, 0, sizeof(struct session_attribute_label));
-	}
-
 	if(hit_num<result_num)
 	{
 		tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
@@ -2514,7 +2767,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
 			hit_num+=tsg_scan_gtp_phone_number_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->msisdn, (int)a_stream->threadnum);
 		}
 	}
-	
+
 	ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (void *)attribute_label);
 	if(ret<0)
 	{

src/tsg_send_log.cpp

@@ -1611,6 +1611,16 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
 
 	set_umts_user_info(_instance, _handle, a_stream, attribute_label->user_info);
 
+	if(attribute_label->client_endpoint!=NULL)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_A_DESC].name, (void *)attribute_label->client_endpoint->description, TLD_TYPE_STRING);
+	}
+
+	if(attribute_label->server_endpoint!=NULL)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_B_DESC].name, (void *)attribute_label->server_endpoint->description, TLD_TYPE_STRING);
+	}
+
 	return 1;
 }
 

src/tsg_send_log_internal.h

@@ -127,6 +127,8 @@ typedef enum _tsg_log_field_id
 	LOG_COMMON_MAIL_EML_FILE,
 	LOG_COMMON_VSYSTEM_ID,
 	LOG_DTLS_SNI,
+	LOG_COMMON_TUNNELS_ENDPOINT_A_DESC,
+	LOG_COMMON_TUNNELS_ENDPOINT_B_DESC,
 	LOG_COMMON_MAX
 }tsg_log_field_id_t;