diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 36a9342..c05af4e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,7 +3,7 @@ variables: GIT_STRATEGY: "clone" BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ INSTALL_PREFIX: "/home/mesasoft/sapp_run/" - INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel libasan + INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan stages: - build diff --git a/CMakeLists.txt b/CMakeLists.txt index 9cea789..f0d2652 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -57,5 +57,6 @@ install(FILES inc/tsg_rule.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) install(FILES inc/tsg_statistic.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) install(FILES inc/tsg_label.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) install(FILES inc/app_label.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) +install(FILES inc/tsg_gtp_signaling.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) include(Package) diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 25a0593..dce8498 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -85,3 +85,7 @@ STRING server_ip 71 STRING c2s_id 72 STRING s2c_id 73 STRING common_service_category 74 +STRING common_apn 75 +STRING common_imsi 76 +STRING common_imei 77 +STRING common_phone_number 78 diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index ca3861b..f95747e 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -72,4 +72,10 @@ 60 APP_SELECTOR_ID intval UTF8 UTF8 yes 0 61 TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION virtual TSG_OBJ_ACCOUNT -- 62 TSG_FIELD_SIP_RESPONDER_DESCRIPTION virtual TSG_OBJ_ACCOUNT -- -63 APP_ID_DICT plugin {"key":1,"valid":18} \ No newline at end of file +63 APP_ID_DICT plugin {"key":1,"valid":18} +64 TSG_OBJ_IMSI expr UTF8 UTF8 yes 0 +65 TSG_OBJ_APN expr UTF8 UTF8 yes 0 +66 TSG_OBJ_PHONE_NUMBER expr UTF8 UTF8 yes 0 +67 TSG_FILED_GTP_IMSI virtual TSG_OBJ_IMSI -- +68 TSG_FILED_GTP_APN virtual TSG_OBJ_APN -- +69 TSG_FILED_GTP_PHONE_NUMBER virtual TSG_OBJ_PHONE_NUMBER -- diff --git a/inc/tsg_gtp_signaling.h b/inc/tsg_gtp_signaling.h new file mode 100644 index 0000000..8af53bb --- /dev/null +++ b/inc/tsg_gtp_signaling.h @@ -0,0 +1,33 @@ +#ifndef __TSG_GTP_SIGNALING_H__ +#define __TSG_GTP_SIGNALING_H__ + +#include +#include + +enum GTP_FIELD_IDX +{ + GTP_FIELD_APN, + GTP_FIELD_IMEI, + GTP_FIELD_IMSI, + GTP_FIELD_MSISDN, //phone number + GTP_FIELD_END_USER_IP, + GTP_FIELD_PAA, + GTP_FIELD_TEID_CP, + GTP_FIELD_TEID_II, + GTP_FIELD_MAX +}; + +struct gtp_signaling_field +{ + char type; + char version; + unsigned int uplink_teid; + unsigned int downlink_teid; + struct IE_unit ie_unit[GTP_FIELD_MAX]; +}; + +extern MESA_htable_handle g_gtp_signaling_hash_handle; + +void tsg_free_gtp_signaling_field(void *data); + +#endif diff --git a/inc/tsg_label.h b/inc/tsg_label.h index 2d1987f..de84e0f 100644 --- a/inc/tsg_label.h +++ b/inc/tsg_label.h @@ -73,6 +73,14 @@ struct _subscribe_id_info_t char subscribe_id[MAX_STR_FIELD_LEN*4]; }; +struct umts_user_info +{ + char *apn; + char *imsi; + char *imei; + char *msisdn; //MSISDN: phone number +}; + struct _session_attribute_label_t { int fqdn_category_id_num; @@ -86,6 +94,7 @@ struct _session_attribute_label_t struct _subscribe_id_info_t *server_subscribe_id; char *ja3_fingerprint; unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM]; + struct umts_user_info *user_info; }; typedef struct _policy_priority_label diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 514c958..837f221 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8) add_definitions(-fPIC) -set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp) +set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp) include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 26736f8..a0fd392 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -91,7 +91,6 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, #define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 - static int init_context(void **pme, int thread_seq) { *pme=dictator_malloc(thread_seq, sizeof(struct master_context)); @@ -148,6 +147,15 @@ static int get_device_id(char *command, int entrance_id) return (entrance_id<<7)+(atoi(buffer)%128); } +static void free_user_item(char *item) +{ + if(item!=NULL) + { + free(item); + item=NULL; + } +} + static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt) { int i=0; @@ -909,6 +917,17 @@ static void free_session_attribute_label(int thread_seq, void *project_req_value dictator_free(thread_seq, (void *)label->ja3_fingerprint); label->ja3_fingerprint=NULL; } + + if(label->user_info!=NULL) + { + free_user_item(label->user_info->apn); + free_user_item(label->user_info->imsi); + free_user_item(label->user_info->imei); + free_user_item(label->user_info->msisdn); + + dictator_free(thread_seq, (void *)label->user_info); + label->user_info=NULL; + } dictator_free(thread_seq, project_req_value); project_req_value=NULL; @@ -1334,7 +1353,7 @@ static unsigned char tsg_master_entry(const struct streaminfo *a_stream, void ** state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); break; case OP_STATE_DATA: - case OP_STATE_CLOSE: + //case OP_STATE_CLOSE: if(is_hited_allow(context->result, context->hit_cnt)) { break; @@ -1563,6 +1582,13 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf"); l7_protocol_mapper(buff); + + ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ..."); + return -1; + } return 0; } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 3f0ee07..9835b2c 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -57,6 +57,9 @@ enum MASTER_TABLE{ TABLE_APP_ID_DICT, TABLE_SELECTOR_ID, TABLE_SELECTOR_PROPERTIES, + TABLE_GTP_APN, + TABLE_GTP_IMSI, + TABLE_GTP_PHONE_NUMBER, TABLE_MAX }; @@ -135,6 +138,8 @@ typedef struct _tsg_para int app_id_table_type; int device_id; int entrance_id; + int hash_timeout; + int hash_slot_size; int scan_time_interval; int default_compile_switch; int default_compile_id; @@ -244,6 +249,7 @@ typedef struct _tsg_statistic }tsg_statis_para_t; int tsg_statistic_init(const char *conffile, void *logger); +int tsg_gtp_signaling_hash_init(const char* conffile, void *logger); //parent_app_name.app_name int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent); @@ -258,5 +264,9 @@ int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq); int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq); int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq); +int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info); +int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq); +int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq); +int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq); #endif diff --git a/src/tsg_gtp_signaling.cpp b/src/tsg_gtp_signaling.cpp new file mode 100644 index 0000000..c721e29 --- /dev/null +++ b/src/tsg_gtp_signaling.cpp @@ -0,0 +1,193 @@ +#include +#include + +#include +#include +#include + +#include "tsg_entry.h" +#include "tsg_gtp_signaling.h" + +MESA_htable_handle g_gtp_signaling_hash_handle; + + +static int is_gtp_tunnel(const struct streaminfo *a_stream) +{ + int ret=0; + unsigned short is_tunnel=0; + int size=sizeof(unsigned short); + + ret=MESA_get_stream_opt(a_stream, MSO_STREAM_TUNNEL_TYPE, (void *)&is_tunnel, &size); + if(ret>=0 && is_tunnel==STREAM_TUNNEL_GPRS_TUNNEL) + { + return 1; + } + + return 0; +} + +static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink, unsigned int *downlink) +{ + const struct streaminfo *p=a_stream, *q=a_stream->pfather; + + while(p) + { + if(p->addr.addrtype==ADDR_TYPE_GPRS_TUNNEL) + { + *uplink=ntohl(p->addr.gtp->teid_c2s); + *downlink=ntohl(p->addr.gtp->teid_s2c); + + return 1; + } + + p=q; + q=q->pfather; + } + + return 0; +} + +static int copy_one_field(char **dst, char *src, int src_len) +{ + if(src!=NULL && src_len>0) + { + *dst=(char *)calloc(1, src_len+1); + memcpy(*dst, src, src_len); + + return 1; + } + + return 0; +} + + +static long copy_user_info(void *data, const uchar *key, uint size, void *user_arg) +{ + int num=0; + struct gtp_signaling_field *signal=(struct gtp_signaling_field *)data; + struct umts_user_info *user_info=(struct umts_user_info *)user_arg; + + if(signal!=NULL) + { + num+=copy_one_field(&(user_info->apn), (char *)(signal->ie_unit[GTP_FIELD_APN].value), signal->ie_unit[GTP_FIELD_APN].len); + num+=copy_one_field(&(user_info->imsi), (char *)(signal->ie_unit[GTP_FIELD_IMSI].value), signal->ie_unit[GTP_FIELD_IMSI].len); + num+=copy_one_field(&(user_info->imei), (char *)(signal->ie_unit[GTP_FIELD_IMEI].value), signal->ie_unit[GTP_FIELD_IMEI].len); + num+=copy_one_field(&(user_info->msisdn), (char *)(signal->ie_unit[GTP_FIELD_MSISDN].value), signal->ie_unit[GTP_FIELD_MSISDN].len); + } + + return num; +} + +void free_gtp_signaling_field(void *data) +{ + int i=0; + struct gtp_signaling_field *signal=(struct gtp_signaling_field *)data; + + if(data==NULL) + { + return ; + } + + for(i=0; iie_unit[i].value!=NULL) + { + free(signal->ie_unit[i].value); + signal->ie_unit[i].value=NULL; + } + } + + return ; +} + + +void tsg_free_gtp_signaling_field(void *data) +{ + if(data!=NULL) + { + free_gtp_signaling_field(data); + data=NULL; + } +} + + +static int get_umts_user_info(struct umts_user_info **user_info, unsigned int teid, int thread_seq) +{ + long cb_ret=0; + struct umts_user_info tmp_user_info={0}; + + MESA_htable_search_cb(g_gtp_signaling_hash_handle, (unsigned char *)&(teid), sizeof(unsigned int), copy_user_info, (void *)&tmp_user_info, &cb_ret); + if(cb_ret>0) + { + *user_info=(struct umts_user_info *)dictator_malloc(thread_seq, sizeof(struct umts_user_info)); + memcpy(*user_info, &tmp_user_info, sizeof(struct umts_user_info)); + + return 1; + } + + return 0; +} + +int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info) +{ + int ret=0; + unsigned int uplink=0,downlink=0; + + if(*user_info!=NULL) + { + return 1; + } + + ret=is_gtp_tunnel(a_stream); + if(ret==0) + { + return 0; + } + + ret=get_gtp_teid(a_stream, &uplink, &downlink); + if(ret==0) + { + return 0; + } + + ret=get_umts_user_info(user_info, uplink, a_stream->threadnum); + if(ret==1) + { + return 1; + } + + ret=get_umts_user_info(user_info, downlink, a_stream->threadnum); + if(ret==1) + { + return 1; + } + + return 0; +} + +int tsg_gtp_signaling_hash_init(const char* conffile, void *logger) +{ + MESA_htable_create_args_t args; + + MESA_load_profile_int_def(conffile, "GTP_SIGNALING", "HASH_TIMEOUT", &g_tsg_para.hash_timeout, 300); + MESA_load_profile_int_def(conffile, "GTP_SIGNALING", "HASH_SLOT_SIZE", &g_tsg_para.hash_slot_size, 1024*1024*32); + + memset(&args, 0, sizeof(args)); + args.thread_safe=128; + args.recursive=1; + args.max_elem_num=0; + args.data_free=free_gtp_signaling_field; + args.eliminate_type=HASH_ELIMINATE_ALGO_LRU; + args.expire_time=g_tsg_para.hash_timeout; + args.hash_slot_size=g_tsg_para.hash_slot_size; + + g_gtp_signaling_hash_handle=MESA_htable_create(&args, sizeof(MESA_htable_create_args_t)); + if(g_gtp_signaling_hash_handle==NULL) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "GTP_SIGNALING", "MESA_htable_create failed"); + return -1; + } + + return 0; +} + diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 4b1e053..c7fc069 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -822,6 +822,10 @@ int tsg_rule_init(const char* conffile, void *logger) MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID"); MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); + //init static maat feather g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger); if(g_tsg_maat_feather==NULL) @@ -1353,16 +1357,21 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * hit_num+=tsg_scan_subscribe_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->server_subscribe_id, (int)a_stream->threadnum); } + if(hit_numuser_info)); + if(ret==1 && attribute_label->user_info!=NULL) + { + hit_num+=tsg_scan_gtp_apn_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->apn, (int)a_stream->threadnum); + hit_num+=tsg_scan_gtp_imsi_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->imsi, (int)a_stream->threadnum); + hit_num+=tsg_scan_gtp_phone_number_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->msisdn, (int)a_stream->threadnum); + } + } + ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (void *)attribute_label); if(ret<0) { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "ADD_INTERNAL_LABEL", - "Add internal label failed, ret: %d addr: %s", - ret, - PRINTADDR(a_stream, g_tsg_para.level) - ); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "ADD_INTERNAL_LABEL", "Add internal label failed, ret: %d addr: %s", ret, PRINTADDR(a_stream, g_tsg_para.level)); } return hit_num; @@ -1599,17 +1608,8 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea return 0; } - maat_ret=Maat_full_scan_string(maat_feather, - g_tsg_para.table_id[TABLE_SUBSCRIBER_ID], - CHARSET_GBK, - user_info->subscribe_id, - strlen(user_info->subscribe_id), - result, - NULL, - result_num, - mid, - thread_seq); - if(maat_ret > 0) + maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_SUBSCRIBER_ID], CHARSET_GBK, user_info->subscribe_id, strlen(user_info->subscribe_id), result, NULL, result_num, mid, thread_seq); + if(maat_ret>0) { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, @@ -1626,18 +1626,106 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea return maat_ret; } - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_SUBSCRIBER", - "No hit source subscribe id: %s scan ret: %d addr: %s", - user_info->subscribe_id, - maat_ret, - PRINTADDR(a_stream, g_tsg_para.level) - ); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_SUBSCRIBER", "No hit source subscribe id: %s scan ret: %d addr: %s", user_info->subscribe_id, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); return 0; } +int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq) +{ + int maat_ret=0; + + if(apn==NULL || result==NULL || result_num==0) + { + return 0; + } + + maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_APN], CHARSET_GBK, apn, strlen(apn), result, NULL, result_num, mid, thread_seq); + if(maat_ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_APN", + "Hit APN: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + apn, + maat_ret, + result[0].config_id, + result[0].service_id, + (unsigned char)result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return maat_ret; + } + + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_APN", "No hit APN: %s scan ret: %d addr: %s", apn, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); + + return 0; +} + +int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq) +{ + int maat_ret=0; + + if(imsi==NULL || result==NULL || result_num==0) + { + return 0; + } + + maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_IMSI], CHARSET_GBK, imsi, strlen(imsi), result, NULL, result_num, mid, thread_seq); + if(maat_ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IMSI", + "Hit IMSI: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + imsi, + maat_ret, + result[0].config_id, + result[0].service_id, + (unsigned char)result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return maat_ret; + } + + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IMSI", "No hit IMSI: %s scan ret: %d addr: %s", imsi, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); + + return 0; +} + +int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq) +{ + int maat_ret=0; + + if(phone_number==NULL || result==NULL || result_num==0) + { + return 0; + } + + maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_PHONE_NUMBER], CHARSET_GBK, phone_number, strlen(phone_number), result, NULL, result_num, mid, thread_seq); + if(maat_ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "PHONE_NUMBER", + "Hit PHONE_NUMBER: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + phone_number, + maat_ret, + result[0].config_id, + result[0].service_id, + (unsigned char)result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return maat_ret; + } + + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PHONE_NUMBER", "No hit PHONE_NUMBER: %s scan ret: %d addr: %s", phone_number, maat_ret, PRINTADDR(a_stream, g_tsg_para.level)); + + return 0; +} int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent) { diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index bfdb01e..b124695 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -302,6 +302,35 @@ static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_ha return 1; } +static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct umts_user_info *user_info) +{ + if(user_info==NULL) + { + return 0; + } + + if(user_info->apn!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_APN].name, (void *)user_info->apn, TLD_TYPE_STRING); + } + + if(user_info->imsi!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_IMSI].name, (void *)user_info->imsi, TLD_TYPE_STRING); + } + + if(user_info->imei!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_IMEI].name, (void *)user_info->imei, TLD_TYPE_STRING); + } + + if(user_info->msisdn!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_MSISDN].name, (void *)user_info->msisdn, TLD_TYPE_STRING); //phone number + } + + return 1; +} static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { @@ -907,6 +936,8 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand { TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)attribute_label->ja3_fingerprint, TLD_TYPE_STRING); } + + set_umts_user_info(_instance, _handle, a_stream, attribute_label->user_info); } return 0; diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index 2eca41b..9e18dd4 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -100,6 +100,10 @@ typedef enum _tsg_log_field_id LOG_COMMON_TUNNELS_PPTP_C2S_ID, LOG_COMMON_TUNNELS_PPTP_S2C_ID, LOG_COMMON_FQDN_CATEGORY, + LOG_COMMON_GTP_APN, + LOG_COMMON_GTP_IMSI, + LOG_COMMON_GTP_IMEI, + LOG_COMMON_GTP_MSISDN, //PHONE_NUMBER LOG_COMMON_MAX }tsg_log_field_id_t; diff --git a/src/version.map b/src/version.map index f569c5f..78b3c99 100644 --- a/src/version.map +++ b/src/version.map @@ -5,6 +5,7 @@ global: *TSG_MASTER*; *tsg_scan_nesting_addr*; *tsg_pull_policy_result*; + *tsg_free_gtp_signaling_field; *tsg_*; *TLD_*; *GIT*;