gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持APP的管控

Browse Source
This commit is contained in:
liuxueli
2021-03-02 10:39:33 +08:00
parent 770c508b31
commit 2e123141f9
10 changed files with 1279 additions and 774 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tsg_log_field.conf
View File

@@ -54,3 +54,6 @@ STRING common_data_center 45
STRING common_l7_protocol 46
STRING common_tcp_client_isn 47
STRING common_tcp_server_isn 48
LONG common_app_surrogate_id 49
STRING sip_from 50
STRING sip_to 51

3
bin/tsg_static_tableinfo.conf
View File

@@ -70,3 +70,6 @@
58 APP_SELECTOR_GROUP_GROUP_RELATION group2group --
59 APP_SELECTOR_PROPERTIES expr_plus UTF8 UTF8/GBK yes 0
60 APP_SELECTOR_ID intval UTF8 UTF8 yes 0
61 TSG_FIELD_SIP_FROM virtual TSG_OBJ_ACCOUNT --
62 TSG_FIELD_SIP_TO virtual TSG_OBJ_ACCOUNT --
63 APP_ID_DICT plugin {"key":1,"valid":16}

127
inc/app_label.h
View File

@@ -1,130 +1,13 @@
#ifndef __APP_LABEL_H__
#define __APP_LABEL_H__
#define MAX_APP_ID_PROPERTY_LEN 128
struct _quic_attribute_t
struct app_id_label
{
char *version;
char *sni;
char *user_agent;
};
struct _dns_attribute_t
{
unsigned short id;
unsigned short flag;
unsigned short qdcount;
unsigned short ancount;
unsigned short aucount;//authority count
unsigned short adcount;//additional count
unsigned short qtype;
unsigned short qclass;
char *qname;
};
struct _http_attribute_t
{
char *host;
char *uri;
char *user_agent;
char *content_type;
char *content_encoding;
char *referer;
char *cookie;
char *set_cookie;
};
struct _ssl_attribute_t
{
char *cn;
char *sni;
char *san;
char *version;
char *fingerprint;
char *serial_number;
char *issuer_common_name;
char *issuer_organition_name;
char *issuer_country_name;
char *subject_common_name;
char *subject_organition_name;
char *subject_country_name;
char *not_valid_before;
char *not_valid_after;
char *algotithm_id;
char *ja3_fingerprint;
};
struct _app_id_dict_t
{
int ref_cnt;
int app_id;
int deny_action;
int continue_scanning;
int tcp_timeout;
int udp_timeout;
int tcp_time_wait;
int tcp_half_close;
int is_valid;
char risk[MAX_APP_ID_PROPERTY_LEN*4];
char app_name[MAX_APP_ID_PROPERTY_LEN];
char category[MAX_APP_ID_PROPERTY_LEN*4];
char subcategroy[MAX_APP_ID_PROPERTY_LEN*4];
char technology[MAX_APP_ID_PROPERTY_LEN*4];
char characteristics[MAX_APP_ID_PROPERTY_LEN*4];
char depends_on_app_ids[MAX_APP_ID_PROPERTY_LEN];
char implicitly_uses_app_ids[MAX_APP_ID_PROPERTY_LEN];
};
#define MAX_APP_ID_NUM 8
enum _APP_SESSION_PROTO
{
SESSION_PROTO_HTTP=1,
SESSION_PROTO_SSL,
SESSION_PROTO_QUIC,
SESSION_PROTO_DNS,
_SESSION_PROTO_MAX
};
enum _APP_SESSION_FLAG
{
SESSION_FLAG_TCP_CREATE_WITH_SYN=1,
SESSION_FLAG_SSL_USE_SELFSIGNED_CERT=2,
SESSION_FLAG_SSL_INCOMPLETE_CERT_CHAIN=4
};
typedef struct _app_id_label_add_flag_t
{
volatile char flag;
}APP_ADD_ID_LABEL_T;
struct _app_id_label_t
{
char ref_cnt;
char session_flag; // enum SESSION_FLAG
char session_proto; //enum _APP_SESSION_PROTO
char app_id_num;
APP_ADD_ID_LABEL_T flag; //0: no; 1: yes
char pad[3];
int surrogate_id;
int app_id;
struct _app_id_dict_t *dict;
union
{
struct _ssl_attribute_t *ssl_attribute;
struct _dns_attribute_t *dns_attribute;
struct _http_attribute_t *http_attribute;
struct _quic_attribute_t *quic_attribute;
void *attribute; //quic sni or dns query qname
};
};
struct _basic_proto_label
struct basic_proto_label
{
unsigned char continue_scan_flag; //0: stop; 1: continue
unsigned char pad;
@@ -141,17 +24,17 @@ enum _ATTRIBUTE_TYPE
_ATTRIBUTE_TYPE_MAX
};
struct _attribute_kv_t
struct attribute_kv
{
enum _ATTRIBUTE_TYPE type;
char *name;
void *value;
};
struct _user_defined_attribute_label_t
struct user_defined_attribute_label
{
int attribute_num;
struct _attribute_kv_t *attribute;
struct attribute_kv *attribute;
};
#endif

1
inc/tsg_label.h
View File

@@ -28,6 +28,7 @@ typedef enum _tsg_protocol
PROTO_IMAP,
PROTO_POP3,
PROTO_RTP,
PROTO_APP,
PROTO_MAX
}tsg_protocol_t;

39
inc/tsg_rule.h
View File

@@ -5,6 +5,9 @@
#include "tsg_label.h"
#define TSG_DOMAIN_MAX 256
#define MAX_APP_ID_PROPERTY_LEN 128
#define TSG_ACTION_NONE 0x00
#define TSG_ACTION_MONITOR 0x01
#define TSG_ACTION_INTERCEPT 0x02
@@ -13,7 +16,7 @@
#define TSG_ACTION_BYPASS 0x80
#define TSG_ACTION_MAX 0x80
enum TSG_ETHOD_TYPE
enum TSG_METHOD_TYPE
{
TSG_METHOD_TYPE_UNKNOWN=0,
TSG_METHOD_TYPE_DROP,
@@ -24,13 +27,22 @@ enum TSG_ETHOD_TYPE
TSG_METHOD_TYPE_MAX
};
struct _identify_info
struct identify_info
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
char domain[MAX_DOAMIN_LEN];
};
struct compile_user_region
{
int code;
int ref_cnt;
int html_profile;
char protocol[32];
char method[32];
char *message;
};
typedef enum _PULL_RESULT_TYPE
{
@@ -38,14 +50,33 @@ typedef enum _PULL_RESULT_TYPE
PULL_FW_RESULT
}PULL_RESULT_TYPE;
#define TSG_DOMAIN_MAX 256
struct app_id_dict_table
{
int ref_cnt;
int app_id;
int deny_action;
int continue_scanning;
int tcp_timeout;
int udp_timeout;
int tcp_time_wait;
int tcp_half_close;
int is_valid;
char risk[MAX_APP_ID_PROPERTY_LEN*4];
char app_name[MAX_APP_ID_PROPERTY_LEN];
char category[MAX_APP_ID_PROPERTY_LEN*4];
char subcategroy[MAX_APP_ID_PROPERTY_LEN*4];
char technology[MAX_APP_ID_PROPERTY_LEN*4];
char characteristics[MAX_APP_ID_PROPERTY_LEN*4];
char depends_on_app_ids[MAX_APP_ID_PROPERTY_LEN];
char implicitly_uses_app_ids[MAX_APP_ID_PROPERTY_LEN];
};
extern Maat_feather_t g_tsg_maat_feather;
int tsg_rule_init(const char *conffile, void *logger);
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct _identify_info *identify_info);
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info);
//return NULL if none exists, otherwise return one deny rule;
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);

1233
src/tsg_entry.cpp
View File

File diff suppressed because it is too large Load Diff

46
src/tsg_entry.h
View File

@@ -24,8 +24,21 @@ typedef int atomic_t;
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#define DNS_PROTO_ID 103
#define FTP_PROTO_ID 104
#define HTTP_PROTO_ID 106
#define MAIL_PROTO_ID 110
#define QUIC_PROTO_ID 119
#define SIP_PROTO_ID 120
#define SSL_PROTO_ID 126
#define RTP_PROTO_ID 142
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum MASTER_TABLE{
TABLE_IP_ADDR=0,
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
@@ -43,6 +56,9 @@ enum MASTER_TABLE{
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_MAX
};
@@ -65,6 +81,14 @@ enum TSG_FS2_TYPE{
TSG_FS2_MAX
};
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
TSG_ATTRIBUTE_TYPE_PROTOCOL,
TSG_ATTRIBUTE_TYPE_JA3_HASH,
_MAX_TSG_ATTRIBUTE_TYPE
};
struct _str2index
{
int index;
@@ -80,20 +104,29 @@ struct _fqdn_category_t
char fqdn[MAX_DOAMIN_LEN/8];
};
struct _master_context
struct master_context
{
tsg_protocol_t proto;
int hit_cnt;
int domain_len;
char domain[MAX_DOAMIN_LEN];
struct Maat_rule_t *result;
int app_id;
char continue_scan_app_id;
char continue_scan_proto_id;
unsigned short basic_proto_id;
char uuid_str[32];
scan_status_t mid;
};
#define _MAX_TABLE_NAME_LEN 64
typedef struct _tsg_para
{
int level;
int mail_proto_id;
unsigned short timeout;
unsigned short depolyment_mode;
int app_id_table_type;
int device_id;
int entrance_id;
@@ -101,6 +134,8 @@ typedef struct _tsg_para
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
int priority_project_id;
int internal_project_id;
int l7_proto_project_id;
int app_id_project_id;
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOAMIN_LEN/8];
@@ -199,12 +234,13 @@ typedef struct _tsg_statistic
int tsg_statistic_init(const char *conffile, void *logger);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct _identify_info *identify_info, Maat_rule_t *result, int result_num, scan_status_t *mid, int thread_seq);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
char *tsg_schema_index2string(tsg_protocol_t proto);
struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, int thread_seq);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_stream, struct identify_info *identify_info, Maat_rule_t *result, int result_num, scan_status_t *mid, int thread_seq);
int tsg_scan_app_id_policy(Maat_feather_t maat_feather, struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
#endif

448
src/tsg_rule.cpp
View File

@@ -57,6 +57,7 @@ const struct _str2index g_tsg_proto_string[PROTO_MAX+1]={{PROTO_UNKONWN, 0, (cha
{PROTO_IMAP, 5, (char *)"MAIL."},
{PROTO_POP3, 5, (char *)"MAIL."},
{PROTO_RTP, 4, (char *)"RTP."},
{PROTO_APP, 4, (char *)"APP."},
{PROTO_MAX, 0, (char *)""}
};
@@ -458,6 +459,174 @@ void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, vo
return;
}
static void app_id_dict_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp)
{
struct app_id_dict_table *app_id_dict=(struct app_id_dict_table *)(*from);
if(*from!=NULL)
{
atomic_inc(&app_id_dict->ref_cnt);
*to=*from;
}
return;
}
static void app_id_dict_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
{
void *logger=argp;
int ret=0;
struct app_id_dict_table *app_id_dict=NULL;
app_id_dict=(struct app_id_dict_table *)calloc(1, sizeof(struct app_id_dict_table));
ret=sscanf(table_line,
"%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d",
&app_id_dict->app_id,
app_id_dict->app_name,
app_id_dict->category,
app_id_dict->subcategroy,
app_id_dict->technology,
app_id_dict->risk,
app_id_dict->characteristics,
app_id_dict->depends_on_app_ids,
app_id_dict->implicitly_uses_app_ids,
&app_id_dict->deny_action,
&app_id_dict->continue_scanning,
&app_id_dict->tcp_timeout,
&app_id_dict->udp_timeout,
&app_id_dict->tcp_half_close,
&app_id_dict->tcp_time_wait,
&app_id_dict->is_valid);
if(ret!=16)
{
free(app_id_dict);
app_id_dict=NULL;
MESA_handle_runtime_log(logger,
RLOG_LV_FATAL,
"APP_ID_DICT",
"Parse app_id_dict failed, ret: %d table_id: %d table_line: %s",
ret,
table_id,
table_line
);
return;
}
atomic_inc(&app_id_dict->ref_cnt);
eliminate_default_value(app_id_dict->app_name);
eliminate_default_value(app_id_dict->category);
eliminate_default_value(app_id_dict->subcategroy);
eliminate_default_value(app_id_dict->technology);
eliminate_default_value(app_id_dict->risk);
eliminate_default_value(app_id_dict->characteristics);
eliminate_default_value(app_id_dict->depends_on_app_ids);
eliminate_default_value(app_id_dict->implicitly_uses_app_ids);
*ad=(MAAT_PLUGIN_EX_DATA)app_id_dict;
return;
}
void app_id_dict_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
{
struct app_id_dict_table *app_id_dict=(struct app_id_dict_table *)(*ad);
if(app_id_dict!=NULL)
{
atomic_dec(&app_id_dict->ref_cnt);
if(app_id_dict->ref_cnt<=0)
{
free(*ad);
*ad=NULL;
}
}
return;
}
void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp)
{
int len=0;
cJSON *object=NULL, *item=NULL;
struct compile_user_region *user_region=NULL;
if(rule!=NULL && srv_def_large!=NULL && strlen(srv_def_large)>2)
{
object=cJSON_Parse(srv_def_large);
if(object!=NULL)
{
user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region));
item=cJSON_GetObjectItem(object, "method");
if(item!=NULL)
{
len=MIN(strlen(item->valuestring), sizeof(user_region->method)-1);
memcpy(user_region->method, item->valuestring, len);
}
item=cJSON_GetObjectItem(object, "protocol");
if(item!=NULL)
{
len=MIN(strlen(item->valuestring), sizeof(user_region->protocol)-1);
memcpy(user_region->protocol, item->valuestring, len);
}
item=cJSON_GetObjectItem(object, "message");
if(item!=NULL)
{
len=strlen(item->valuestring)+1;
user_region->message=(char *)calloc(1, len);
memcpy(user_region->message, item->valuestring, len-1);
}
item=cJSON_GetObjectItem(object, "code");
if(item!=NULL)
{
user_region->code=item->valueint;
}
item=cJSON_GetObjectItem(object, "html_profile");
if(item!=NULL)
{
user_region->html_profile=item->valueint;
}
atomic_inc(&user_region->ref_cnt);
*ad=(MAAT_RULE_EX_DATA)user_region;
}
}
return ;
}
void security_compile_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp)
{
struct compile_user_region *user_region=(struct compile_user_region *)(*from);
if(user_region!=NULL)
{
atomic_inc(&user_region->ref_cnt);
*to=*from;
}
}
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp)
{
struct compile_user_region *user_region=(struct compile_user_region *)(*ad);
if(user_region!=NULL)
{
atomic_dec(&user_region->ref_cnt);
if((user_region->ref_cnt-1)<=0)
{
free(user_region->message);
user_region->message=NULL;
free(*ad);
*ad=NULL;
}
}
}
static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *logger)
{
unsigned short redis_port = 0;
@@ -585,6 +754,7 @@ int tsg_rule_init(const char* conffile, void *logger)
MESA_load_profile_int_def(conffile, "MAAT","APP_ID_TABLE_TYPE", &g_tsg_para.app_id_table_type, 1);
MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf");
MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE");
MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR");
MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
@@ -608,6 +778,11 @@ int tsg_rule_init(const char* conffile, void *logger)
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN");
MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], _MAX_TABLE_NAME_LEN, "APP_ID_DICT");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID");
MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES");
//init static maat feather
g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger);
if(g_tsg_maat_feather==NULL)
@@ -616,7 +791,23 @@ int tsg_rule_init(const char* conffile, void *logger)
return -1;
}
for(i=0; i<TABLE_MAX; i++)
g_tsg_para.table_id[TABLE_SECURITY_COMPILE]=Maat_rule_get_ex_new_index(g_tsg_maat_feather,
g_tsg_para.table_name[TABLE_SECURITY_COMPILE],
security_compile_new,
security_compile_free,
security_compile_dup,
0,
logger
);
if(g_tsg_para.table_id[TABLE_SECURITY_COMPILE]<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Register table: %s failed ...", g_tsg_para.table_name[TABLE_SECURITY_COMPILE]);
return -1;
}
for(i=TABLE_IP_ADDR; i<TABLE_MAX; i++)
{
g_tsg_para.table_id[i]=Maat_table_register(g_tsg_maat_feather, g_tsg_para.table_name[i]);
if(g_tsg_para.table_id[i]<0)
@@ -695,6 +886,25 @@ int tsg_rule_init(const char* conffile, void *logger)
}
}
ret=Maat_plugin_EX_register(g_tsg_maat_feather,
g_tsg_para.table_id[TABLE_APP_ID_DICT],
app_id_dict_new_data,
app_id_dict_free_data,
app_id_dict_dup_data,
NULL,
0,
logger);
if(ret<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL,
"RULE_INIT",
"Maat_ip_plugin_EX_register failed, table_name: %s table_id: %d",
g_tsg_para.table_name[TABLE_APP_ID_DICT],
g_tsg_para.table_id[TABLE_APP_ID_DICT]
);
return -1;
}
//init dynamic maat feather
g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger);
if(g_tsg_maat_feather==NULL)
@@ -733,7 +943,7 @@ int tsg_rule_init(const char* conffile, void *logger)
return 0;
}
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct _identify_info *identify_info)
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info)
{
int num=0;
policy_priority_label_t *label=NULL;
@@ -1024,7 +1234,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
int hit_num=0,tans_proto=0;
int is_scan_addr=1, maat_ret=0,found_pos=0;
const struct streaminfo *cur_stream = a_stream;
struct _session_attribute_label_t *internal_label=NULL;
struct _session_attribute_label_t *attribute_label=NULL;
if(result==NULL || result_num<=0 || a_stream==NULL || maat_feather==NULL)
{
@@ -1083,7 +1293,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
result+hit_num,
result_num-hit_num,
mid,
cur_stream->threadnum);
(int)cur_stream->threadnum);
if(maat_ret>0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
@@ -1176,43 +1386,43 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
}
}
internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
if(internal_label==NULL)
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
if(attribute_label==NULL)
{
internal_label=(struct _session_attribute_label_t *)calloc(1, sizeof(struct _session_attribute_label_t));
memset(internal_label, 0, sizeof(struct _session_attribute_label_t));
attribute_label=(struct _session_attribute_label_t *)calloc(1, sizeof(struct _session_attribute_label_t));
memset(attribute_label, 0, sizeof(struct _session_attribute_label_t));
}
if(hit_num<result_num)
{
tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(internal_label->client_location), (void **)&(internal_label->server_location));
tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(internal_label->client_location), (void **)&(internal_label->server_location));
tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
hit_num+=tsg_scan_ip_location(maat_feather, a_stream, internal_label->client_location, TABLE_SRC_LOCATION, mid, result+hit_num, result_num-hit_num);
hit_num+=tsg_scan_ip_location(maat_feather, a_stream, internal_label->server_location, TABLE_DST_LOCATION, mid, result+hit_num, result_num-hit_num);
hit_num+=tsg_scan_ip_location(maat_feather, a_stream, attribute_label->client_location, TABLE_SRC_LOCATION, mid, result+hit_num, result_num-hit_num);
hit_num+=tsg_scan_ip_location(maat_feather, a_stream, attribute_label->server_location, TABLE_DST_LOCATION, mid, result+hit_num, result_num-hit_num);
}
if(hit_num<result_num)
{
tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(internal_label->client_asn), (void **)&(internal_label->server_asn));
tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(internal_label->client_asn), (void **)&(internal_label->server_asn));
tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn));
tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn));
hit_num+=tsg_scan_ip_asn(maat_feather, a_stream, internal_label->client_asn, TABLE_SRC_ASN, mid, result+hit_num, result_num-hit_num);
hit_num+=tsg_scan_ip_asn(maat_feather, a_stream, internal_label->server_asn, TABLE_DST_ASN, mid, result+hit_num, result_num-hit_num);
hit_num+=tsg_scan_ip_asn(maat_feather, a_stream, attribute_label->client_asn, TABLE_SRC_ASN, mid, result+hit_num, result_num-hit_num);
hit_num+=tsg_scan_ip_asn(maat_feather, a_stream, attribute_label->server_asn, TABLE_DST_ASN, mid, result+hit_num, result_num-hit_num);
}
if(hit_num<result_num)
{
tsg_get_subscribe_id(a_stream, &internal_label->client_subscribe_id, &internal_label->server_subscribe_id);
tsg_get_subscribe_id(a_stream, &attribute_label->client_subscribe_id, &attribute_label->server_subscribe_id);
if(internal_label->client_subscribe_id!=NULL)
if(attribute_label->client_subscribe_id!=NULL)
{
maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.table_id[TABLE_SUBSCRIBER_ID],
CHARSET_GBK,
internal_label->client_subscribe_id->subscribe_id,
strlen(internal_label->client_subscribe_id->subscribe_id),
attribute_label->client_subscribe_id->subscribe_id,
strlen(attribute_label->client_subscribe_id->subscribe_id),
result+hit_num,
&found_pos,
result_num-hit_num,
@@ -1224,7 +1434,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
RLOG_LV_DEBUG,
"SCAN_SUBSCRIBER",
"Hit source subscribe id: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
internal_label->client_subscribe_id->subscribe_id,
attribute_label->client_subscribe_id->subscribe_id,
maat_ret,
result[hit_num].config_id,
result[hit_num].service_id,
@@ -1240,20 +1450,20 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
RLOG_LV_DEBUG,
"SCAN_SUBSCRIBER",
"No hit source subscribe id: %s scan ret: %d addr: %s",
internal_label->client_subscribe_id->subscribe_id,
attribute_label->client_subscribe_id->subscribe_id,
maat_ret,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
);
}
}
if(internal_label->server_subscribe_id!=NULL)
if(attribute_label->server_subscribe_id!=NULL)
{
maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.table_id[TABLE_SUBSCRIBER_ID],
CHARSET_GBK,
internal_label->server_subscribe_id->subscribe_id,
strlen(internal_label->server_subscribe_id->subscribe_id),
attribute_label->server_subscribe_id->subscribe_id,
strlen(attribute_label->server_subscribe_id->subscribe_id),
result+hit_num,
&found_pos,
result_num-hit_num,
@@ -1265,7 +1475,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
RLOG_LV_DEBUG,
"SCAN_SUBSCRIBER",
"Hit dest subscribe id: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s",
internal_label->server_subscribe_id->subscribe_id,
attribute_label->server_subscribe_id->subscribe_id,
maat_ret,
result[hit_num].config_id,
result[hit_num].service_id,
@@ -1281,7 +1491,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
RLOG_LV_DEBUG,
"SCAN_SUBSCRIBER",
"No hit dest subscribe id: %s scan ret: %d addr: %s",
internal_label->server_subscribe_id->subscribe_id,
attribute_label->server_subscribe_id->subscribe_id,
maat_ret,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
);
@@ -1289,7 +1499,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
}
}
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (void *)internal_label);
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (void *)attribute_label);
if(ret<0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
@@ -1306,22 +1516,27 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
//return value: -1: failed, 0: not hit, >0: hit count
int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct _identify_info *identify_info, Maat_rule_t *result, int result_num, scan_status_t *mid, int thread_seq)
int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_stream, struct identify_info *identify_info, Maat_rule_t *result, int result_num, scan_status_t *mid, int thread_seq)
{
int ret=0,idx=0;
char *field_name=NULL;
int i=0,ret=0,idx=0,hit_num=0;
struct _session_attribute_label_t *attribute_label=NULL;
if(identify_info->proto!=PROTO_UNKONWN && identify_info->domain_len>0)
if(identify_info->proto!=PROTO_UNKONWN && strlen(identify_info->domain)>0 && identify_info->domain_len>0)
{
switch(identify_info->proto)
{
case PROTO_HTTP:
idx=TABLE_HTTP_HOST;
field_name=(char *)"http_host";
break;
case PROTO_SSL:
idx=TABLE_SSL_SNI;
field_name=(char *)"ssl_sni";
break;
case PROTO_QUIC:
idx=TABLE_QUIC_SNI;
field_name=(char *)"quic_sni";
break;
default:
return 0;
@@ -1339,9 +1554,95 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct _identify_info *i
mid,
thread_seq
);
if(ret>0)
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN",
"Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
field_name,
identify_info->domain,
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
printaddr(&a_stream->addr, thread_seq)
);
hit_num+=ret;
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN",
"Not hit %s: %s ret: %d stream_dir: %d addr: %s",
(ret==-1) ? "NULL" : ((identify_info->proto==PROTO_HTTP) ? "host" : "sni"),
(ret==-1) ? "NULL" : identify_info->domain,
ret,
a_stream->dir,
printaddr(&a_stream->addr, thread_seq)
);
}
return ret;
ret=project_req_add_struct(a_stream, g_tsg_para.internal_project_id, (const void *)attribute_label);
if(ret>0)
{
attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather,
identify_info->domain,
attribute_label->fqdn_category_id,
MAX_CATEGORY_ID_NUM,
g_tsg_para.logger,
thread_seq
);
for(i=0; i<attribute_label->fqdn_category_id_num; i++)
{
int idx=identify_info->proto==PROTO_HTTP ? TABLE_HTTP_HOST : TABLE_SSL_SNI;
ret=Maat_scan_intval(g_tsg_maat_feather,
g_tsg_para.table_id[idx],
(unsigned int)attribute_label->fqdn_category_id[i],
result+hit_num,
result_num-hit_num,
mid,
thread_seq
);
if(ret>0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN_CAT",
"Hit %s: %s category_id: %d policy_id: %d service: %d action: %d addr: %s",
(identify_info->proto==PROTO_HTTP) ? "host" : "sni",
identify_info->domain,
attribute_label->fqdn_category_id[i],
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
printaddr(&a_stream->addr, thread_seq)
);
hit_num+=ret;
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN_CAT",
"Not hit %s: %s category_id: %d ret: %d stream_dir: %d addr: %s",
(ret==-1) ? "NULL" : ((identify_info->proto==PROTO_HTTP) ? "host" : "sni"),
(ret==-1) ? "NULL" : identify_info->domain,
attribute_label->fqdn_category_id[i],
ret,
a_stream->dir,
printaddr(&a_stream->addr, thread_seq)
);
}
}
}
}
return hit_num;
}
@@ -1434,3 +1735,86 @@ int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned i
return 0;
}
int tsg_scan_app_id_policy(Maat_feather_t maat_feather, struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq)
{
int ret=0;
ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_APP_ID], id, result, result_num, mid, thread_seq);
if(ret>0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_ID",
"Hit %s %s_id: %d ret: %d policy_id: %d service: %d action: %d addr: %s",
name,
(id>1000) ? "app" : "proto",
id,
ret,
result[0].config_id,
result[0].service_id,
result[0].action,
printaddr(&a_stream->addr, thread_seq)
);
return ret;
}
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_ID",
"scan %s %s_id: %d ret: %d addr: %s",
name,
(id>1000) ? "app" : "proto",
id,
ret,
printaddr(&a_stream->addr, thread_seq)
);
return 0;
}
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq)
{
int i=0,ret=0;
int ret2=0, hit_num=0;
int district_len=strlen(district);
int property_len=strlen(property);
struct Maat_rule_t property_result[MAX_RESULT_NUM]={0};
if(property!=NULL && property_len>0 && district_len>0)
{
Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, district_len);
ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_PROPERTIES], CHARSET_UTF8, property, property_len, property_result, NULL, MAX_RESULT_NUM,mid,thread_seq);
for(i=0; i<ret; i++)
{
ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result, result_num, mid, thread_seq);
if(ret2>0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_ID",
"Hit selector_id: %d ret: %d policy_id: %d service: %d action: %d addr: %s",
property_result[i].config_id,
ret2,
result[0].config_id,
result[0].service_id,
result[0].action,
printaddr(&a_stream->addr, thread_seq)
);
hit_num+=ret2;
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_ID","Hit %s selector_id: %d ret: %d addr: %s",
property, property_result[i].config_id, ret2, printaddr(&a_stream->addr, thread_seq));
}
}
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_PROPERTY", "scan %s: %s ret: %d addr: %s", district, property, ret, printaddr(&a_stream->addr, thread_seq));
}
return hit_num;
}

57
src/tsg_send_log.cpp
View File

@@ -166,10 +166,10 @@ struct TLD_handle_t *TLD_create(int thread_id)
static int set_l7_protocol(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
char *l7_protocol=NULL;
struct _basic_proto_label *l7_proto_label=NULL;
struct basic_proto_label *l7_proto_label=NULL;
l7_proto_label=(struct _basic_proto_label *)project_req_get_struct(a_stream, _instance->l7_proto_project_id);
if(l7_proto_label!=NULL && l7_proto_label->proto_id!=_instance->mail_proto_id)
l7_proto_label=(struct basic_proto_label *)project_req_get_struct(a_stream, g_tsg_para.l7_proto_project_id);
if(l7_proto_label!=NULL && l7_proto_label->proto_id!=g_tsg_para.mail_proto_id)
{
l7_protocol=tsg_l7_protocol_id2name(_instance, l7_proto_label->proto_id);
if(l7_protocol!=NULL)
@@ -245,17 +245,18 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD
char buff[1024]={0};
int l7_protocol_flag=0;
char *l7_protocol=NULL;
struct app_id_label *app_label=NULL;
struct _location_info_t *location=NULL;
struct _session_attribute_label_t *internal_label=NULL;
struct _session_attribute_label_t *attribute_label=NULL;
l7_protocol_flag=set_l7_protocol(_instance, _handle, a_stream);
internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id);
if(internal_label!=NULL)
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id);
if(attribute_label!=NULL)
{
if(l7_protocol_flag==0)
{
l7_protocol=tsg_schema_index2string(internal_label->proto);
l7_protocol=tsg_schema_index2string(attribute_label->proto);
if(l7_protocol!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)l7_protocol, TLD_TYPE_STRING);
@@ -266,37 +267,37 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD
}
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)internal_label->establish_latency_ms, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)attribute_label->establish_latency_ms, TLD_TYPE_LONG);
if(internal_label->client_asn!=NULL)
if(attribute_label->client_asn!=NULL)
{
snprintf(buff, sizeof(buff), "%s(%s)", internal_label->client_asn->asn, internal_label->client_asn->organization);
snprintf(buff, sizeof(buff), "%s(%s)", attribute_label->client_asn->asn, attribute_label->client_asn->organization);
TLD_append(_handle, _instance->id2field[LOG_COMMON_CLINET_ASN].name, (void *)buff, TLD_TYPE_STRING);
}
if(internal_label->server_asn!=NULL)
if(attribute_label->server_asn!=NULL)
{
snprintf(buff, sizeof(buff), "%s(%s)", internal_label->server_asn->asn, internal_label->server_asn->organization);
snprintf(buff, sizeof(buff), "%s(%s)", attribute_label->server_asn->asn, attribute_label->server_asn->organization);
TLD_append(_handle, _instance->id2field[LOG_COMMON_CLINET_ASN].name, (void *)buff, TLD_TYPE_STRING);
}
if(internal_label->client_location!=NULL)
if(attribute_label->client_location!=NULL)
{
location=internal_label->client_location;
location=attribute_label->client_location;
snprintf(buff, sizeof(buff), "%s,%s,%s", location->city_full, location->province_full, location->country_full);
TLD_append(_handle, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, (void *)buff, TLD_TYPE_STRING);
}
if(internal_label->server_location!=NULL)
if(attribute_label->server_location!=NULL)
{
location=internal_label->server_location;
location=attribute_label->server_location;
snprintf(buff, sizeof(buff), "%s,%s,%s", location->city_full, location->province_full, location->country_full);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, (void *)buff, TLD_TYPE_STRING);
}
if(internal_label->ja3_fingerprint!=NULL)
if(attribute_label->ja3_fingerprint!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)internal_label->ja3_fingerprint, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)attribute_label->ja3_fingerprint, TLD_TYPE_STRING);
}
}
else
@@ -307,6 +308,13 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD
}
}
app_label=(struct app_id_label *)project_req_get_struct(a_stream, g_tsg_para.app_id_project_id);
if(app_label!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, (void *)(long)app_label->app_id, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_SURROGATE_ID].name, (void *)(long)app_label->surrogate_id, TLD_TYPE_LONG);
}
return 0;
}
@@ -619,7 +627,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30);
MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog");
MESA_load_profile_int_def(conffile, "TSG_LOG", "MAIL_PROTOCOL_ID",&(_instance->mail_proto_id), 110);
MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_USER_REGION",&(_instance->send_user_region), 0);
_instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level);
@@ -647,7 +654,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
MESA_load_profile_string_def(conffile, "TSG_LOG", "TCP_LABEL", _instance->tcp_label, sizeof(_instance->tcp_label), "tcp_flow_stat");
MESA_load_profile_string_def(conffile, "TSG_LOG", "UDP_LABEL", _instance->udp_label, sizeof(_instance->udp_label), "udp_flow_stat");
MESA_load_profile_string_def(conffile, "TSG_LOG", "L7_PROTO_LABEL", _instance->l7_proto_label, sizeof(_instance->l7_proto_label), "BASIC_PROTO_LABEL");
_instance->tcp_flow_project_id=project_customer_register(_instance->tcp_label, "struct");
_instance->udp_flow_project_id=project_customer_register(_instance->udp_label, "struct");
@@ -662,17 +668,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
);
}
_instance->l7_proto_project_id=project_customer_register(_instance->l7_proto_label, "struct");
if(_instance->l7_proto_project_id<0)
{
MESA_handle_runtime_log(_instance->logger,
RLOG_LV_FATAL,
"L7_PROTO_LABEL",
"project_customer_register is error, l7_proto_label: %s, please check etc/project.conf",
_instance->l7_proto_label
);
}
MESA_load_profile_string_def(conffile, "TSG_LOG", "NIC_NAME", nic_name, sizeof(nic_name), "eth0");
ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
if(ret<0)

4
src/tsg_send_log_internal.h
View File

@@ -74,6 +74,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_L7_PROTOCOL,
LOG_COMMON_TCP_CLIENT_ISN,
LOG_COMMON_TCP_SERVER_ISN,
LOG_COMMON_APP_SURROGATE_ID,
LOG_COMMON_MAX
}tsg_log_field_id_t;
@@ -94,11 +95,9 @@ struct tsg_log_instance_t
{
int mode;
int level;
int mail_proto_id;
int max_service;
int send_user_region;
int recovery_interval;
int l7_proto_project_id;
int internal_project_id;
int tcp_flow_project_id;
int udp_flow_project_id;
@@ -108,7 +107,6 @@ struct tsg_log_instance_t
char log_path[MAX_STRING_LEN*2];
char tcp_label[MAX_STRING_LEN];
char udp_label[MAX_STRING_LEN];
char l7_proto_label[MAX_STRING_LEN];
char common_field_file[MAX_STRING_LEN*4];
char broker_list[MAX_STRING_LEN*4];
char send_queue_max_msg[MAX_STRING_LEN];