功能端安全策略，支持使用GTP信息作为条件

.gitlab-ci.yml

@@ -3,7 +3,7 @@ variables:
   GIT_STRATEGY: "clone"
   BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
   INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
-  INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel libasan
+  INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel gtp-devel libMESA_htable-devel libasan
 
 stages:
 - build

CMakeLists.txt

@@ -57,5 +57,6 @@ install(FILES inc/tsg_rule.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER)
 install(FILES inc/tsg_statistic.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER)
 install(FILES inc/tsg_label.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER)
 install(FILES inc/app_label.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER)
+install(FILES inc/tsg_gtp_signaling.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER)
 
 include(Package)

bin/tsg_log_field.conf

@@ -85,3 +85,7 @@ STRING		server_ip			71
 STRING		c2s_id			72
 STRING		s2c_id			73
 STRING		common_service_category	74
+STRING		common_apn		75
+STRING		common_imsi		76
+STRING		common_imei		77
+STRING		common_phone_number	78

bin/tsg_static_tableinfo.conf

@@ -73,3 +73,9 @@
 61	TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION	virtual	TSG_OBJ_ACCOUNT	--
 62	TSG_FIELD_SIP_RESPONDER_DESCRIPTION	virtual	TSG_OBJ_ACCOUNT	--
 63	APP_ID_DICT	plugin	{"key":1,"valid":18}
+64	TSG_OBJ_IMSI	expr	UTF8	UTF8	yes	0
+65	TSG_OBJ_APN	expr	UTF8	UTF8	yes	0
+66	TSG_OBJ_PHONE_NUMBER	expr	UTF8	UTF8	yes	0
+67	TSG_FILED_GTP_IMSI	virtual	TSG_OBJ_IMSI	--
+68	TSG_FILED_GTP_APN		virtual	TSG_OBJ_APN	--
+69	TSG_FILED_GTP_PHONE_NUMBER	virtual	TSG_OBJ_PHONE_NUMBER	--

inc/tsg_gtp_signaling.h

@@ -0,0 +1,33 @@
+#ifndef	__TSG_GTP_SIGNALING_H__
+#define	__TSG_GTP_SIGNALING_H__
+
+#include <MESA/gtp.h>
+#include <MESA/MESA_htable.h>
+
+enum GTP_FIELD_IDX
+{
+	GTP_FIELD_APN,
+	GTP_FIELD_IMEI,
+	GTP_FIELD_IMSI,
+	GTP_FIELD_MSISDN,	//phone number
+	GTP_FIELD_END_USER_IP,
+	GTP_FIELD_PAA,
+	GTP_FIELD_TEID_CP,
+	GTP_FIELD_TEID_II,
+	GTP_FIELD_MAX
+};
+
+struct gtp_signaling_field
+{
+	char type;
+	char version;
+	unsigned int uplink_teid;
+	unsigned int downlink_teid;
+	struct IE_unit ie_unit[GTP_FIELD_MAX];
+};
+
+extern MESA_htable_handle g_gtp_signaling_hash_handle;
+
+void tsg_free_gtp_signaling_field(void *data);
+
+#endif

inc/tsg_label.h

@@ -73,6 +73,14 @@ struct _subscribe_id_info_t
 	char subscribe_id[MAX_STR_FIELD_LEN*4];
 };
 
+struct umts_user_info
+{
+	char *apn;
+	char *imsi;
+	char *imei;
+	char *msisdn; //MSISDN: phone number
+};
+
 struct _session_attribute_label_t
 {
 	int fqdn_category_id_num;
@@ -86,6 +94,7 @@ struct _session_attribute_label_t
 	struct _subscribe_id_info_t *server_subscribe_id;
 	char *ja3_fingerprint;
 	unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM];
+	struct umts_user_info *user_info;
 };
 
 typedef	struct _policy_priority_label

src/CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 
 add_definitions(-fPIC)
 
-set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp) 
+set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp) 
 
 include_directories(${CMAKE_SOURCE_DIR}/inc)
 include_directories(/opt/MESA/include/MESA/)

src/tsg_entry.cpp

@@ -91,7 +91,6 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
 
 #define	DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID	1
 
-
 static int init_context(void **pme, int thread_seq)
 {
 	*pme=dictator_malloc(thread_seq, sizeof(struct master_context));
@@ -148,6 +147,15 @@ static int get_device_id(char *command, int entrance_id)
 	return (entrance_id<<7)+(atoi(buffer)%128);
 }
 
+static void free_user_item(char *item)
+{
+	if(item!=NULL)
+	{
+		free(item);
+		item=NULL;
+	}
+}
+
 static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt)
 {
 	int i=0;
@@ -910,6 +918,17 @@ static void free_session_attribute_label(int thread_seq, void *project_req_value
 			label->ja3_fingerprint=NULL;
 		}
 
+		if(label->user_info!=NULL)
+		{
+			free_user_item(label->user_info->apn);
+			free_user_item(label->user_info->imsi);
+			free_user_item(label->user_info->imei);
+			free_user_item(label->user_info->msisdn);
+
+			dictator_free(thread_seq, (void *)label->user_info);
+			label->user_info=NULL;
+		}
+		
 		dictator_free(thread_seq, project_req_value);
 		project_req_value=NULL;
 	}
@@ -1334,7 +1353,7 @@ static unsigned char tsg_master_entry(const struct streaminfo *a_stream, void **
 			state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
 			break;
 		case	OP_STATE_DATA:
-		case	OP_STATE_CLOSE:
+		//case	OP_STATE_CLOSE:
 			if(is_hited_allow(context->result, context->hit_cnt))
 			{
 				break;
@@ -1564,6 +1583,13 @@ extern "C" int TSG_MASTER_INIT()
 	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf");
 	l7_protocol_mapper(buff);
 
+	ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger);
+	if(ret<0)
+	{
+		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ...");
+		return -1;
+	}
+	
 	return 0;
 }
 

src/tsg_entry.h

@@ -57,6 +57,9 @@ enum MASTER_TABLE{
 	TABLE_APP_ID_DICT,
 	TABLE_SELECTOR_ID,
 	TABLE_SELECTOR_PROPERTIES,
+	TABLE_GTP_APN,
+	TABLE_GTP_IMSI,
+	TABLE_GTP_PHONE_NUMBER,
 	TABLE_MAX
 };
 
@@ -135,6 +138,8 @@ typedef	struct _tsg_para
 	int app_id_table_type;
 	int device_id;
 	int entrance_id;
+	int hash_timeout;
+	int hash_slot_size;
 	int scan_time_interval;
 	int default_compile_switch;
 	int default_compile_id;
@@ -244,6 +249,7 @@ typedef	struct _tsg_statistic
 }tsg_statis_para_t;
 
 int tsg_statistic_init(const char *conffile, void *logger);
+int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
 
 //parent_app_name.app_name
 int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
@@ -258,5 +264,9 @@ int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream
 int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num,  scan_status_t *mid, int table_id, int thread_seq);
 int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
 int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq);
+int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
+int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
+int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
+int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
 
 #endif

src/tsg_gtp_signaling.cpp

@@ -0,0 +1,193 @@
+#include <stdio.h>
+#include <string.h>
+
+#include <MESA/stream.h>
+#include <MESA/MESA_prof_load.h>
+#include <MESA/MESA_handle_logger.h>
+
+#include "tsg_entry.h"
+#include "tsg_gtp_signaling.h"
+
+MESA_htable_handle g_gtp_signaling_hash_handle;
+
+
+static int is_gtp_tunnel(const struct streaminfo *a_stream)
+{
+	int ret=0;
+	unsigned short is_tunnel=0;
+	int size=sizeof(unsigned short);
+	
+	ret=MESA_get_stream_opt(a_stream, MSO_STREAM_TUNNEL_TYPE, (void *)&is_tunnel, &size);
+	if(ret>=0 && is_tunnel==STREAM_TUNNEL_GPRS_TUNNEL)
+	{
+		return 1;
+	}
+
+	return 0;
+}
+
+static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink, unsigned int *downlink)
+{
+	const struct streaminfo *p=a_stream, *q=a_stream->pfather;
+
+	while(p)
+	{
+		if(p->addr.addrtype==ADDR_TYPE_GPRS_TUNNEL)
+		{
+			*uplink=ntohl(p->addr.gtp->teid_c2s);
+			*downlink=ntohl(p->addr.gtp->teid_s2c);
+			
+			return 1;
+		}
+
+		p=q;
+		q=q->pfather;
+	}
+
+	return 0;
+}
+
+static int copy_one_field(char **dst, char *src, int src_len)
+{
+	if(src!=NULL && src_len>0)
+	{
+		*dst=(char *)calloc(1, src_len+1);
+		memcpy(*dst, src, src_len);
+		
+		return 1;
+	}
+
+	return 0;
+}
+
+
+static long copy_user_info(void *data, const uchar *key, uint size, void *user_arg)
+{
+	int num=0;
+	struct gtp_signaling_field *signal=(struct gtp_signaling_field *)data;
+	struct umts_user_info *user_info=(struct umts_user_info *)user_arg;
+
+	if(signal!=NULL)
+	{
+		num+=copy_one_field(&(user_info->apn), (char *)(signal->ie_unit[GTP_FIELD_APN].value), signal->ie_unit[GTP_FIELD_APN].len);
+		num+=copy_one_field(&(user_info->imsi), (char *)(signal->ie_unit[GTP_FIELD_IMSI].value), signal->ie_unit[GTP_FIELD_IMSI].len);		
+		num+=copy_one_field(&(user_info->imei), (char *)(signal->ie_unit[GTP_FIELD_IMEI].value), signal->ie_unit[GTP_FIELD_IMEI].len);		
+		num+=copy_one_field(&(user_info->msisdn), (char *)(signal->ie_unit[GTP_FIELD_MSISDN].value), signal->ie_unit[GTP_FIELD_MSISDN].len);
+	}
+
+	return num;
+}
+
+void free_gtp_signaling_field(void *data)
+{
+	int i=0;
+	struct gtp_signaling_field *signal=(struct gtp_signaling_field *)data;
+
+	if(data==NULL)
+	{
+		return ;
+	}
+	
+	for(i=0; i<GTP_FIELD_MAX; i++)
+	{
+		if(signal->ie_unit[i].value!=NULL)
+		{
+			free(signal->ie_unit[i].value);
+			signal->ie_unit[i].value=NULL;
+		}
+	}
+
+	return ;
+}
+
+
+void tsg_free_gtp_signaling_field(void *data)
+{
+	if(data!=NULL)
+	{
+		free_gtp_signaling_field(data);
+		data=NULL;
+	}
+}
+
+
+static int get_umts_user_info(struct umts_user_info **user_info, unsigned int teid, int thread_seq)
+{
+	long cb_ret=0;
+	struct umts_user_info tmp_user_info={0};
+	
+	MESA_htable_search_cb(g_gtp_signaling_hash_handle, (unsigned char *)&(teid), sizeof(unsigned int), copy_user_info, (void *)&tmp_user_info, &cb_ret);
+	if(cb_ret>0)
+	{
+		*user_info=(struct umts_user_info *)dictator_malloc(thread_seq, sizeof(struct umts_user_info));
+		memcpy(*user_info, &tmp_user_info, sizeof(struct umts_user_info));
+		
+		return 1;
+	}
+	
+	return 0;
+}
+
+int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info)
+{
+	int ret=0;
+	unsigned int uplink=0,downlink=0;
+
+	if(*user_info!=NULL)
+	{
+		return 1;
+	}
+	
+	ret=is_gtp_tunnel(a_stream);
+	if(ret==0)
+	{		
+		return 0;
+	}
+
+	ret=get_gtp_teid(a_stream, &uplink, &downlink);
+	if(ret==0)
+	{
+		return 0;
+	}
+
+	ret=get_umts_user_info(user_info, uplink, a_stream->threadnum);
+	if(ret==1)
+	{
+		return 1;
+	}
+
+	ret=get_umts_user_info(user_info, downlink, a_stream->threadnum);
+	if(ret==1)
+	{
+		return 1;
+	}
+		
+	return 0;
+}
+
+int tsg_gtp_signaling_hash_init(const char* conffile, void *logger)
+{
+	MESA_htable_create_args_t args;
+
+	MESA_load_profile_int_def(conffile, "GTP_SIGNALING", "HASH_TIMEOUT", &g_tsg_para.hash_timeout, 300);
+	MESA_load_profile_int_def(conffile, "GTP_SIGNALING", "HASH_SLOT_SIZE", &g_tsg_para.hash_slot_size, 1024*1024*32);
+
+	memset(&args, 0, sizeof(args));
+	args.thread_safe=128;
+	args.recursive=1;
+	args.max_elem_num=0;		
+	args.data_free=free_gtp_signaling_field;
+	args.eliminate_type=HASH_ELIMINATE_ALGO_LRU;
+	args.expire_time=g_tsg_para.hash_timeout;
+	args.hash_slot_size=g_tsg_para.hash_slot_size;
+	
+	g_gtp_signaling_hash_handle=MESA_htable_create(&args, sizeof(MESA_htable_create_args_t));
+	if(g_gtp_signaling_hash_handle==NULL)
+	{
+		MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "GTP_SIGNALING", "MESA_htable_create failed");
+		return -1;
+	}
+
+	return 0;
+}
+

src/tsg_rule.cpp

@@ -822,6 +822,10 @@ int tsg_rule_init(const char* conffile, void *logger)
 	MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID");
 	MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES");
 
+	MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN");
+	MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI");
+	MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER");
+
 	//init static maat feather
 	g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger);
 	if(g_tsg_maat_feather==NULL)
@@ -1353,16 +1357,21 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
 		hit_num+=tsg_scan_subscribe_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->server_subscribe_id, (int)a_stream->threadnum);
 	}
 
+	if(hit_num<result_num)
+	{
+		ret=tsg_get_umts_user_info(a_stream, &(attribute_label->user_info));
+		if(ret==1 && attribute_label->user_info!=NULL)
+		{
+			hit_num+=tsg_scan_gtp_apn_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->apn, (int)a_stream->threadnum);
+			hit_num+=tsg_scan_gtp_imsi_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->imsi, (int)a_stream->threadnum);
+			hit_num+=tsg_scan_gtp_phone_number_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid,attribute_label->user_info->msisdn, (int)a_stream->threadnum);
+		}
+	}
+	
 	ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (void *)attribute_label);
 	if(ret<0)
 	{
-		MESA_handle_runtime_log(g_tsg_para.logger,
+		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "ADD_INTERNAL_LABEL", "Add internal label failed, ret: %d addr: %s", ret, PRINTADDR(a_stream, g_tsg_para.level));
-											RLOG_LV_FATAL,
-											"ADD_INTERNAL_LABEL",
-											"Add internal label failed, ret: %d addr: %s",
-											ret,
-											PRINTADDR(a_stream, g_tsg_para.level)
-										);
 	}
 
 	return hit_num;
@@ -1599,16 +1608,7 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea
 		return 0;
 	}
 	
-	maat_ret=Maat_full_scan_string(maat_feather,
+	maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_SUBSCRIBER_ID], CHARSET_GBK, user_info->subscribe_id, strlen(user_info->subscribe_id), result, NULL,	result_num, mid, thread_seq);
-								g_tsg_para.table_id[TABLE_SUBSCRIBER_ID],
-								CHARSET_GBK,
-								user_info->subscribe_id,
-								strlen(user_info->subscribe_id),
-								result,
-								NULL,
-								result_num,
-								mid,
-								thread_seq);
 	if(maat_ret>0)
 	{				
 		MESA_handle_runtime_log(g_tsg_para.logger,
@@ -1626,18 +1626,106 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea
 		return maat_ret;
 	}
 	
-	MESA_handle_runtime_log(g_tsg_para.logger,
+	MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_SUBSCRIBER", "No hit source subscribe id: %s scan ret: %d addr: %s", user_info->subscribe_id, maat_ret, PRINTADDR(a_stream, g_tsg_para.level));
-								RLOG_LV_DEBUG,
-								"SCAN_SUBSCRIBER",
-								"No hit source subscribe id: %s scan ret: %d addr: %s",
-								user_info->subscribe_id,
-								maat_ret,
-								PRINTADDR(a_stream, g_tsg_para.level)
-							);
 
 	return 0;
 }
 
+int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq)
+{
+	int maat_ret=0;
+
+	if(apn==NULL || result==NULL || result_num==0)
+	{
+		return 0;
+	}
+	
+	maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_APN], CHARSET_GBK, apn, strlen(apn), result, NULL, result_num, mid, thread_seq);
+	if(maat_ret>0)
+	{				
+		MESA_handle_runtime_log(g_tsg_para.logger,
+									RLOG_LV_DEBUG,
+									"SCAN_APN",
+									"Hit APN: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+									apn,
+									maat_ret,
+									result[0].config_id,
+									result[0].service_id,
+									(unsigned char)result[0].action,
+									PRINTADDR(a_stream, g_tsg_para.level)
+								);
+
+		return maat_ret;
+	}
+	
+	MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_APN", "No hit APN: %s scan ret: %d addr: %s", apn, maat_ret, PRINTADDR(a_stream, g_tsg_para.level));
+
+	return 0;
+}
+
+int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq)
+{
+	int maat_ret=0;
+
+	if(imsi==NULL || result==NULL || result_num==0)
+	{
+		return 0;
+	}
+	
+	maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_IMSI], CHARSET_GBK, imsi, strlen(imsi), result, NULL, result_num, mid, thread_seq);
+	if(maat_ret>0)
+	{				
+		MESA_handle_runtime_log(g_tsg_para.logger,
+									RLOG_LV_DEBUG,
+									"SCAN_IMSI",
+									"Hit IMSI: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+									imsi,
+									maat_ret,
+									result[0].config_id,
+									result[0].service_id,
+									(unsigned char)result[0].action,
+									PRINTADDR(a_stream, g_tsg_para.level)
+								);
+
+		return maat_ret;
+	}
+	
+	MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IMSI", "No hit IMSI: %s scan ret: %d addr: %s", imsi, maat_ret, PRINTADDR(a_stream, g_tsg_para.level));
+
+	return 0;
+}
+
+int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq)
+{
+	int maat_ret=0;
+
+	if(phone_number==NULL || result==NULL || result_num==0)
+	{
+		return 0;
+	}
+	
+	maat_ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[TABLE_GTP_PHONE_NUMBER], CHARSET_GBK, phone_number, strlen(phone_number), result, NULL, result_num, mid, thread_seq);
+	if(maat_ret>0)
+	{				
+		MESA_handle_runtime_log(g_tsg_para.logger,
+									RLOG_LV_DEBUG,
+									"PHONE_NUMBER",
+									"Hit PHONE_NUMBER: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
+									phone_number,
+									maat_ret,
+									result[0].config_id,
+									result[0].service_id,
+									(unsigned char)result[0].action,
+									PRINTADDR(a_stream, g_tsg_para.level)
+								);
+
+		return maat_ret;
+	}
+	
+	MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PHONE_NUMBER", "No hit PHONE_NUMBER: %s scan ret: %d addr: %s", phone_number, maat_ret, PRINTADDR(a_stream, g_tsg_para.level));
+
+	return 0;
+}
 
 int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent)
 {

src/tsg_send_log.cpp

@@ -302,6 +302,35 @@ static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_ha
 	return 1;
 }
 
+static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct umts_user_info *user_info)
+{
+	if(user_info==NULL)
+	{
+		return 0;
+	}
+
+	if(user_info->apn!=NULL)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_APN].name, (void *)user_info->apn, TLD_TYPE_STRING);
+	}
+
+	if(user_info->imsi!=NULL)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_IMSI].name, (void *)user_info->imsi, TLD_TYPE_STRING);
+	}
+
+	if(user_info->imei!=NULL)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_IMEI].name, (void *)user_info->imei, TLD_TYPE_STRING);
+	}
+
+	if(user_info->msisdn!=NULL)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_GTP_MSISDN].name, (void *)user_info->msisdn, TLD_TYPE_STRING);	//phone number
+	}
+
+	return 1;
+}
 
 static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
@@ -907,6 +936,8 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
 		{
 			TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)attribute_label->ja3_fingerprint, TLD_TYPE_STRING);
 		}
+
+		set_umts_user_info(_instance, _handle, a_stream, attribute_label->user_info);
 	}
 	
 	return 0;

src/tsg_send_log_internal.h

@@ -100,6 +100,10 @@ typedef enum _tsg_log_field_id
 	LOG_COMMON_TUNNELS_PPTP_C2S_ID,
 	LOG_COMMON_TUNNELS_PPTP_S2C_ID,
 	LOG_COMMON_FQDN_CATEGORY,
+	LOG_COMMON_GTP_APN,
+	LOG_COMMON_GTP_IMSI,
+	LOG_COMMON_GTP_IMEI,
+	LOG_COMMON_GTP_MSISDN,	//PHONE_NUMBER
 	LOG_COMMON_MAX
 }tsg_log_field_id_t;
 

src/version.map

@@ -5,6 +5,7 @@ global:
 		*TSG_MASTER*;
   		*tsg_scan_nesting_addr*;
 		*tsg_pull_policy_result*;
+		*tsg_free_gtp_signaling_field;
 		*tsg_*;
 		*TLD_*;
 		*GIT*;