gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14177: 命中Security Policy后根据策略ID发送相应的Metric

Browse Source
This commit is contained in:
刘学利
2023-04-03 09:43:17 +00:00
parent b696e82879
commit 39cdb03b56
9 changed files with 495 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab-ci.yml
View File

@@ -4,7 +4,7 @@ variables:
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux" BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
INSTALL_PREFIX: "/home/mesasoft/sapp_run/" INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel libfieldstat3-devel
stages: stages:
- analysis - analysis

12
bin/main.conf
View File

@@ -18,12 +18,18 @@ SEND_APP_ID_SWITCH=1
SEND_NAT_LINKINFO_SWITCH=0 SEND_NAT_LINKINFO_SWITCH=0
RAPIDJSON_CHUNK_CAPACITY=8192 RAPIDJSON_CHUNK_CAPACITY=8192
[SECURITY_HITS]
CYCLE=1000
TELEGRAF_PORT=8092
TELEGRAF_IP="127.0.0.1"
APP_NAME="security_rule_hits"
[STATISTIC] [STATISTIC]
CYCLE=30 CYCLE=1
TELEGRAF_PORT=8100 TELEGRAF_PORT=8092
TELEGRAF_IP="127.0.0.1" TELEGRAF_IP="127.0.0.1"
OUTPUT_PATH="./tsg_statistic.log" OUTPUT_PATH="./tsg_statistic.log"
APP_NAME="statistic" APP_NAME="network_activity"
[FIELD_STAT] [FIELD_STAT]
CYCLE=30 CYCLE=30

3
ctest/CMakeLists.txt
View File

@@ -17,6 +17,7 @@ add_test(NAME COPY_GTEST_ACTION_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/s
add_test(NAME COPY_GTEST_SENDLOG_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sendlog ${CMAKE_BINARY_DIR}/testing/") add_test(NAME COPY_GTEST_SENDLOG_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sendlog ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/") add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_SYNC_SESSION_STATE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sync_session_state ${CMAKE_BINARY_DIR}/testing/") add_test(NAME COPY_GTEST_SYNC_SESSION_STATE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sync_session_state ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_FIELDSTAT3_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_fieldstat3 ${CMAKE_BINARY_DIR}/testing/")
set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing) set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing)
add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR}) add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR})
@@ -25,4 +26,4 @@ add_test(NAME GTEST_ACTION COMMAND gtest_action WORKING_DIRECTORY ${GTEST_RUN_DI
add_test(NAME GTEST_SENDLOG COMMAND gtest_sendlog WORKING_DIRECTORY ${GTEST_RUN_DIR}) add_test(NAME GTEST_SENDLOG COMMAND gtest_sendlog WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR}) add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_SYNC_SESSION_STATE COMMAND gtest_sync_session_state WORKING_DIRECTORY ${GTEST_RUN_DIR}) add_test(NAME GTEST_SYNC_SESSION_STATE COMMAND gtest_sync_session_state WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_FIELDSTAT3 COMMAND gtest_fieldstat3 WORKING_DIRECTORY ${GTEST_RUN_DIR})

2
src/CMakeLists.txt
View File

@@ -8,7 +8,7 @@ include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/) include_directories(/opt/MESA/include/MESA/)
include_directories(/usr/include/) include_directories(/usr/include/)
set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maat4 pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer) set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maat4 pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer fieldstat3)
set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)

28
src/tsg_entry.h
View File

@@ -156,6 +156,34 @@ typedef enum tsg_statis_field_id
STATIS_MAX STATIS_MAX
}tsg_statis_field_id_t; }tsg_statis_field_id_t;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
struct tsg_statistic
{
int cycle;
int thread_alive;
pthread_t stat_thread_id;
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
int static_table_id;
int static_column_id[STATIS_MAX];
struct fieldstat_instance *statistic_handle;
int metric_cycle;
int metric_table_id;
struct fieldstat_dynamic_instance *metric_handle;
struct fieldstat_tag **metric_tags;
};
int tsg_statistic_init(const char *conffile, void *logger); int tsg_statistic_init(const char *conffile, void *logger);
void tsg_statistic_destroy(void); void tsg_statistic_destroy(void);

405
src/tsg_statistic.cpp
View File

@@ -3,6 +3,7 @@
#include <pthread.h> #include <pthread.h>
#include <MESA/field_stat2.h> #include <MESA/field_stat2.h>
#include <MESA/fieldstat.h>
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h> #include <MESA/MESA_handle_logger.h>
@@ -11,30 +12,67 @@
#include "tsg_statistic.h" #include "tsg_statistic.h"
#include "tsg_send_log_internal.h" #include "tsg_send_log_internal.h"
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
struct tsg_statistic
{
int cycle;
int fs_line_id;
int thread_alive;
pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
};
struct tsg_statistic g_tsg_statis_para; struct tsg_statistic g_tsg_statis_para;
enum metric_columns_index
{
COLUMN_HIT_COUNT = 0,
COLUMN_IN_BYTES,
COLUMN_OUT_BYTES,
COLUMN_IN_PKTS,
COLUMN_OUT_PKTS,
COLUMN_MAX
};
enum metric_tags_index
{
TAG_RULE_ID = 0,
TAG_ACTION,
TAG_MAX
};
enum field_type metric_column_type[COLUMN_MAX] = {FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER};
const char *metric_column_field[COLUMN_MAX] = {"hit_count", "in_bytes", "out_bytes", "in_pkts", "out_pkts"};
unsigned int metric_column_array[COLUMN_MAX] = {0};
struct fieldstat_tag g_metric_tags[TAG_MAX] = {{"rule_id", 0, -1}, {"action", 0, -1}};
struct fieldstat_tag *tsg_set_metric_tags(struct maat_rule *p_result, int thread_seq)
{
g_tsg_statis_para.metric_tags[thread_seq][TAG_RULE_ID].value_int = p_result->rule_id;
g_tsg_statis_para.metric_tags[thread_seq][TAG_ACTION].value_int = p_result->action;
return g_tsg_statis_para.metric_tags[thread_seq];
}
int tsg_metric_tsgs_init(int thread_num)
{
g_tsg_statis_para.metric_tags = (struct fieldstat_tag **)calloc(thread_num, sizeof(struct fieldstat_tag *));
for (int i = 0; i < thread_num; i++)
{
g_tsg_statis_para.metric_tags[i] = (struct fieldstat_tag *)calloc((size_t)TAG_MAX, sizeof(struct fieldstat_tag));
memcpy(g_tsg_statis_para.metric_tags[i], g_metric_tags, sizeof(struct fieldstat_tag) * (size_t)TAG_MAX);
}
return 0;
}
int tsg_metric_tsgs_free(int thread_num)
{
for (int i = 0; i < thread_num; i++)
{
if (g_tsg_statis_para.metric_tags[i])
{
free(g_tsg_statis_para.metric_tags[i]);
g_tsg_statis_para.metric_tags[i] = NULL;
}
}
free(g_tsg_statis_para.metric_tags);
g_tsg_statis_para.metric_tags = NULL;
return 0;
}
int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq) int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq)
{ {
switch(type) switch(type)
@@ -55,57 +93,76 @@ int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_s
int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq) int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq)
{ {
struct _traffic_info *_info=NULL; if (p_result == NULL || traffic_info == NULL || thread_seq < 0 || thread_seq >= get_thread_count() || p_result->action != TSG_ACTION_INTERCEPT)
if(p_result!=NULL && traffic_info!=NULL && thread_seq>=0)
{ {
_info=&(g_tsg_statis_para.traffic_info[(unsigned char)p_result->action][thread_seq]); return -1;
_info->con_num+=traffic_info->con_num;
_info->in_bytes+=traffic_info->in_bytes;
_info->in_packets+=traffic_info->in_packets;
_info->out_bytes+=traffic_info->out_bytes;
_info->out_packets+=traffic_info->out_packets;
} }
struct _traffic_info *_info = NULL;
struct fieldstat_tag *metric_tags = tsg_set_metric_tags(p_result, thread_seq);
if (metric_tags == NULL)
{
return -1;
}
_info = &(g_tsg_statis_para.traffic_info[(unsigned char)p_result->action][thread_seq]);
_info->con_num += traffic_info->con_num;
_info->in_bytes += traffic_info->in_bytes;
_info->in_packets += traffic_info->in_packets;
_info->out_bytes += traffic_info->out_bytes;
_info->out_packets += traffic_info->out_packets;
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_HIT_COUNT], "security_rule_hits", traffic_info->con_num, metric_tags, (size_t)TAG_MAX, thread_seq);
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_IN_BYTES], "security_rule_hits", traffic_info->in_bytes, metric_tags, (size_t)TAG_MAX, thread_seq);
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_OUT_BYTES], "security_rule_hits", traffic_info->out_bytes, metric_tags, (size_t)TAG_MAX, thread_seq);
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_IN_PKTS], "security_rule_hits", traffic_info->in_packets, metric_tags, (size_t)TAG_MAX, thread_seq);
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_OUT_PKTS], "security_rule_hits", traffic_info->out_packets, metric_tags, (size_t)TAG_MAX, thread_seq);
return 0; return 0;
} }
int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq) int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq)
{ {
unsigned long long value=0; if (a_stream == NULL || p_result == NULL || thread_seq < 0 || thread_seq >= get_thread_count())
int value_len=sizeof(unsigned long long);
struct _traffic_info *traffic_info=NULL;
if(g_tsg_statis_para.cycle<=0)
{
return 0;
}
if(a_stream==NULL || p_result==NULL)
{ {
return -1; return -1;
} }
unsigned long long value = 0;
int value_len = sizeof(unsigned long long);
struct _traffic_info *traffic_info = NULL;
traffic_info=&(g_tsg_statis_para.traffic_info[(unsigned char)p_result->action][thread_seq]); traffic_info=&(g_tsg_statis_para.traffic_info[(unsigned char)p_result->action][thread_seq]);
struct fieldstat_tag *metric_tags = tsg_set_metric_tags(p_result, thread_seq);
if (metric_tags == NULL)
{
return -1;
}
traffic_info->con_num++; traffic_info->con_num++;
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_HIT_COUNT], "security_rule_hits", 1, metric_tags, (size_t)TAG_MAX, thread_seq);
value=0; value=0;
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_BYTE_RAW, (void *)&value, &value_len); MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_BYTE_RAW, (void *)&value, &value_len);
traffic_info->in_bytes+=value; traffic_info->in_bytes+=value;
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_IN_BYTES], "security_rule_hits", value, metric_tags, (size_t)TAG_MAX, thread_seq);
value=0; value=0;
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len); MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len);
traffic_info->in_packets+=value; traffic_info->in_packets+=value;
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_IN_PKTS], "security_rule_hits", value, metric_tags, (size_t)TAG_MAX, thread_seq);
value=0; value=0;
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_BYTE_RAW, (void *)&value, &value_len); MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_BYTE_RAW, (void *)&value, &value_len);
traffic_info->out_bytes+=value; traffic_info->out_bytes+=value;
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_OUT_BYTES], "security_rule_hits", value, metric_tags, (size_t)TAG_MAX, thread_seq);
value=0; value=0;
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len); MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
traffic_info->out_packets+=value; traffic_info->out_packets+=value;
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_table_id, metric_column_array[COLUMN_OUT_PKTS], "security_rule_hits", value, metric_tags, (size_t)TAG_MAX, thread_seq);
return 0; return 0;
} }
@@ -215,11 +272,11 @@ static int _set_traffic_info(struct _traffic_info *from, struct _traffic_info *t
break; break;
} }
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[con_num_id], FS_OP_SET, con_num_sum); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[con_num_id], con_num_sum);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[in_bytes_id], FS_OP_SET, in_bytes_sum); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[in_bytes_id], in_bytes_sum);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[in_packets_id], FS_OP_SET, in_packets_sum); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[in_packets_id], in_packets_sum);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[out_bytes_id], FS_OP_SET, out_bytes_sum); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[out_bytes_id], out_bytes_sum);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[out_packets_id], FS_OP_SET, out_packets_sum); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[out_packets_id], out_packets_sum);
return 0; return 0;
} }
@@ -230,7 +287,7 @@ static void *tsg_statistic_thread(void *arg)
struct _traffic_info total_traffic_info; struct _traffic_info total_traffic_info;
struct _traffic_info default_traffic_info; struct _traffic_info default_traffic_info;
FS_start(g_tsg_statis_para.fs2_handle); fieldstat_instance_start(g_tsg_statis_para.statistic_handle);
while(g_tsg_statis_para.thread_alive) while(g_tsg_statis_para.thread_alive)
{ {
@@ -254,7 +311,7 @@ static void *tsg_statistic_thread(void *arg)
value=0; value=0;
sapp_get_platform_opt(SPO_UDP_STREAM_CONCURRENT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_UDP_STREAM_CONCURRENT, (void *)&value, &value_len);
total_value+=value; total_value+=value;
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_ESTABLISHED_CON_NUM], FS_OP_SET, total_value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_ESTABLISHED_CON_NUM], total_value);
value=0; value=0;
total_value=0; total_value=0;
@@ -263,48 +320,54 @@ static void *tsg_statistic_thread(void *arg)
value=0; value=0;
sapp_get_platform_opt(SPO_UDP_STREAM_CLOSE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_UDP_STREAM_CLOSE, (void *)&value, &value_len);
total_value+=value; total_value+=value;
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_CLOSE_CON_NUM], FS_OP_SET, total_value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_CLOSE_CON_NUM], total_value);
value=0; value=0;
total_value=0; total_value=0;
sapp_get_platform_opt(SPO_TCP_STREAM_NEW, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TCP_STREAM_NEW, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_NEW_CON_NUM], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_TCP_NEW_CON_NUM], total_value);
total_value+=value; total_value+=value;
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_TCP_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_TCP_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_TCP_IN_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_TCP_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_TCP_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_TCP_IN_BYTES], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_TCP_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_TCP_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_TCP_OUT_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_TCP_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_TCP_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_TCP_OUT_BYTES], value);
value=0; value=0;
sapp_get_platform_opt(SPO_UDP_STREAM_NEW, (void *)&value, &value_len); sapp_get_platform_opt(SPO_UDP_STREAM_NEW, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_NEW_CON_NUM], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_UDP_NEW_CON_NUM], value);
total_value+=value; total_value+=value;
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_NEW_CON_NUM], FS_OP_SET, total_value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_NEW_CON_NUM], total_value);
total_traffic_info.con_num+=total_value; total_traffic_info.con_num+=total_value;
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_UDP_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_UDP_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_UDP_IN_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_UDP_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_UDP_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_UDP_IN_BYTES], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_UDP_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_UDP_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_UDP_OUT_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_UDP_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_UDP_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_UDP_OUT_BYTES], value);
value_len=sizeof(total_traffic_info.in_bytes); value_len=sizeof(total_traffic_info.in_bytes);
sapp_get_platform_opt(SPO_TOTAL_INBOUND_BYTE, (void *)&total_traffic_info.in_bytes, &value_len); sapp_get_platform_opt(SPO_TOTAL_INBOUND_BYTE, (void *)&total_traffic_info.in_bytes, &value_len);
@@ -321,39 +384,45 @@ static void *tsg_statistic_thread(void *arg)
_get_traffic_info(&total_traffic_info, &policy_traffic_info, &default_traffic_info); _get_traffic_info(&total_traffic_info, &policy_traffic_info, &default_traffic_info);
_set_traffic_info(&default_traffic_info, NULL, TSG_ACTION_NONE, 1); _set_traffic_info(&default_traffic_info, NULL, TSG_ACTION_NONE, 1);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_ALERT_BYTES], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_ALERT_BYTES]); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_ALERT_BYTES], g_tsg_statis_para.statistic_opt[OPT_TYPE_ALERT_BYTES]);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_BLOCK_BYTES], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_BLOCK_BYTES]); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_BLOCK_BYTES], g_tsg_statis_para.statistic_opt[OPT_TYPE_BLOCK_BYTES]);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_PINNING_NUM], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_YES]); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_PINNING_NUM], g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_YES]);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_MAYBE_PINNING_NUM], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_MAYBE]); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_MAYBE_PINNING_NUM], g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_MAYBE]);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_NOT_PINNING_NUM], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_NOT]); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_NOT_PINNING_NUM], g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_NOT]);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV4_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV4_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV4_IN_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV4_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV4_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV4_IN_BYTES], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV4_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV4_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV4_OUT_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV4_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV4_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV4_OUT_BYTES], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV6_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV6_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV6_IN_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV6_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV6_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV6_IN_BYTES], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV6_PKT, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV6_PKT, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_PACKETS], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV6_OUT_PACKETS], value);
value=0; value=0;
sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV6_BYTE, (void *)&value, &value_len); sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV6_BYTE, (void *)&value, &value_len);
FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_BYTES], FS_OP_SET, value); fieldstat_value_set(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_column_id[STATIS_IPV6_OUT_BYTES], value);
FS_passive_output(g_tsg_statis_para.fs2_handle); fieldstat_passive_output(g_tsg_statis_para.statistic_handle);
sleep(g_tsg_statis_para.cycle); sleep(g_tsg_statis_para.cycle);
} }
@@ -361,12 +430,61 @@ static void *tsg_statistic_thread(void *arg)
return NULL; return NULL;
} }
int tsg_statistic_metric_init(const char *conffile, void *logger)
{
if (conffile == NULL || logger == NULL)
{
return -1;
}
unsigned short fs_server_port=0;
char fs_server_ip[MAX_IPV4_LEN]={0};
char app_name[128]={0};
int thread_num = get_thread_count();
MESA_load_profile_short_nodef(conffile, "SECURITY_HITS", "TELEGRAF_PORT", (short *)&(fs_server_port));
MESA_load_profile_string_nodef(conffile,"SECURITY_HITS", "TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
MESA_load_profile_string_def(conffile,"SECURITY_HITS", "APP_NAME", app_name, sizeof(app_name), "metric");
MESA_load_profile_int_def(conffile, "SECURITY_HITS", "CYCLE", &g_tsg_statis_para.metric_cycle, 1000);
if(g_tsg_statis_para.metric_cycle<=0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "SECURITY_HITS", "g_tsg_statis_para.metric_cycle error");
return -1;
}
g_tsg_statis_para.metric_handle = fieldstat_dynamic_instance_new(app_name, thread_num);
if(g_tsg_statis_para.metric_handle==NULL)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "SECURITY_HITS", "g_tsg_statis_para.metric_handle error");
return -1;
}
fieldstat_dynamic_set_output_interval(g_tsg_statis_para.metric_handle, g_tsg_statis_para.metric_cycle);
if (fs_server_port > 0 && strlen(fs_server_ip) > 0)
{
fieldstat_dynamic_set_line_protocol_server(g_tsg_statis_para.metric_handle, fs_server_ip, fs_server_port);
}
g_tsg_statis_para.metric_table_id = fieldstat_register_dynamic_table(g_tsg_statis_para.metric_handle, "security_rule_hits", metric_column_field, metric_column_type, (size_t)COLUMN_MAX, metric_column_array);
if(g_tsg_statis_para.metric_table_id<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "SECURITY_HITS", "g_tsg_statis_para.metric_table_id error");
return -1;
}
tsg_metric_tsgs_init(thread_num);
fieldstat_dynamic_instance_start(g_tsg_statis_para.metric_handle);
return 0;
}
int tsg_statistic_init(const char *conffile, void *logger) int tsg_statistic_init(const char *conffile, void *logger)
{ {
int output_prometheus=0; // int output_prometheus=0;
int i=0,value=0,thread_num=0; // unsigned short prometheus_port = 8093;
unsigned short fs_server_port=0; int i = 0, thread_num = 0;
unsigned short fs_server_port = 0;
char app_name[128]={0}; char app_name[128]={0};
char fs_server_ip[MAX_IPV4_LEN]={0}; char fs_server_ip[MAX_IPV4_LEN]={0};
char fs_output_path[128]={0}; char fs_output_path[128]={0};
@@ -379,7 +497,7 @@ int tsg_statistic_init(const char *conffile, void *logger)
g_tsg_statis_para.traffic_info[i]=(struct _traffic_info *)calloc(1, sizeof(struct _traffic_info)*thread_num); g_tsg_statis_para.traffic_info[i]=(struct _traffic_info *)calloc(1, sizeof(struct _traffic_info)*thread_num);
} }
MESA_load_profile_int_def(conffile, "STATISTIC", "CYCLE", &g_tsg_statis_para.cycle, 30); MESA_load_profile_int_def(conffile, "STATISTIC", "CYCLE", &g_tsg_statis_para.cycle, 1);
if(g_tsg_statis_para.cycle<=0) if(g_tsg_statis_para.cycle<=0)
{ {
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "STATISTIC", "Disabale traffic statistic"); MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "STATISTIC", "Disabale traffic statistic");
@@ -389,112 +507,73 @@ int tsg_statistic_init(const char *conffile, void *logger)
MESA_load_profile_short_nodef(conffile, "STATISTIC", "TELEGRAF_PORT", (short *)&(fs_server_port)); MESA_load_profile_short_nodef(conffile, "STATISTIC", "TELEGRAF_PORT", (short *)&(fs_server_port));
MESA_load_profile_string_nodef(conffile,"STATISTIC", "TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); MESA_load_profile_string_nodef(conffile,"STATISTIC", "TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
MESA_load_profile_string_def(conffile,"STATISTIC", "OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "statistic.log"); MESA_load_profile_string_def(conffile,"STATISTIC", "OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "statistic.log");
MESA_load_profile_string_def(conffile,"STATISTIC", "APP_NAME", app_name, sizeof(app_name), "statistic"); MESA_load_profile_string_def(conffile, "STATISTIC", "APP_NAME", app_name, sizeof(app_name), "network_activity");
MESA_load_profile_int_def(conffile, "STATISTIC", "PROMETHEUS", &output_prometheus, 1); // MESA_load_profile_int_def(conffile, "STATISTIC", "PROMETHEUS", &output_prometheus, 1);
// MESA_load_profile_short_nodef(conffile, "STATISTIC", "PROMETHEUS_PORT", (short *)&(prometheus_port));
g_tsg_statis_para.fs2_handle=FS_create_handle(); g_tsg_statis_para.statistic_handle = fieldstat_instance_new(app_name);
g_tsg_statis_para.thread_alive=1; g_tsg_statis_para.thread_alive=1;
value=1;//Rewrite fieldstat_disable_background_thread(g_tsg_statis_para.statistic_handle);
FS_set_para(g_tsg_statis_para.fs2_handle, PRINT_MODE, &value, sizeof(value));
value=0;//Do not create stat thread
FS_set_para(g_tsg_statis_para.fs2_handle, CREATE_THREAD, &value, sizeof(value));
FS_set_para(g_tsg_statis_para.fs2_handle, STAT_CYCLE, &g_tsg_statis_para.cycle, sizeof(g_tsg_statis_para.cycle)); fieldstat_set_output_interval(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.cycle * 1000);
FS_set_para(g_tsg_statis_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); fieldstat_set_local_output(g_tsg_statis_para.statistic_handle, fs_output_path, "default");
FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); // if (output_prometheus == 1)
// {
// fieldstat_enable_prometheus_output(g_tsg_statis_para.statistic_handle);
// fieldstat_global_enable_prometheus_endpoint(prometheus_port, "/metrics");
// }
if(fs_server_port > 0 && strlen(fs_server_ip) > 0) if (fs_server_port > 0 && strlen(fs_server_ip) > 0)
{ {
FS_set_para(g_tsg_statis_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); fieldstat_set_line_protocol_server(g_tsg_statis_para.statistic_handle, fs_server_ip, fs_server_port);
FS_set_para(g_tsg_statis_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); }
}
int output_influx_line=FS_OUTPUT_INFLUX_LINE; const char *static_column_name[STATIS_MAX] = {"", "", "", "new_conn_num", "established_conn_num", "close_conn_num", "total_in_bytes", "total_out_bytes", "total_in_packets", "total_out_packets",
FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &output_influx_line, sizeof(output_influx_line)); "default_conn_num", "default_in_bytes", "default_out_bytes", "default_in_packets", "default_out_packets",
"allow_conn_num", "allow_in_bytes", "allow_out_bytes", "allow_in_packets", "allow_out_packets",
"deny_conn_num", "deny_in_bytes", "deny_out_bytes", "deny_in_packets", "deny_out_packets",
"monitor_conn_num", "monitor_in_bytes", "monitor_out_bytes", "monitor_in_packets", "monitor_out_packets",
"intercept_conn_num", "intercept_in_bytes", "intercept_out_bytes", "intercept_in_packets", "intercept_out_packets",
"ipv4_in_packets", "ipv4_in_bytes", "ipv4_out_packets", "ipv4_out_bytes",
"ipv6_in_packets", "ipv6_in_bytes", "ipv6_out_packets", "ipv6_out_bytes",
"tcp_conn_num", "tcp_in_packets", "tcp_in_bytes", "tcp_out_packets", "tcp_out_bytes",
"udp_conn_num", "udp_in_packets", "udp_in_bytes", "udp_out_packets", "udp_out_bytes",
"alert_bytes", "block_bytes", "pinning_num", "maybe_pinning_num", "not_pinning_num"};
g_tsg_statis_para.fs_field_id[STATIS_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"new_conn_num"); enum field_type static_column_type[STATIS_MAX] = {FIELD_TYPE_COUNTER};
g_tsg_statis_para.fs_field_id[STATIS_ESTABLISHED_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, (char *)"established_conn_num"); static_column_type[STATIS_ESTABLISHED_CON_NUM] = FIELD_TYPE_GAUGE;
g_tsg_statis_para.fs_field_id[STATIS_CLOSE_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"close_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_TOTAL_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"total_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_TOTAL_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"total_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_TOTAL_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"total_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_TOTAL_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"total_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_DEFAULT_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"default_conn_num"); g_tsg_statis_para.static_table_id = fieldstat_register_table(g_tsg_statis_para.statistic_handle, app_name, static_column_name + STATIS_NEW_CON_NUM, static_column_type + STATIS_NEW_CON_NUM, (size_t)(STATIS_MAX - STATIS_NEW_CON_NUM));
g_tsg_statis_para.fs_field_id[STATIS_DEFAULT_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"default_in_bytes"); fieldstat_register_table_row(g_tsg_statis_para.statistic_handle, g_tsg_statis_para.static_table_id, (const char *)"TRAFFIC", NULL, 0, g_tsg_statis_para.static_column_id + STATIS_NEW_CON_NUM);
g_tsg_statis_para.fs_field_id[STATIS_DEFAULT_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"default_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_DEFAULT_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"default_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_DEFAULT_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"default_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_ALLOW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"allow_conn_num"); int ret=tsg_statistic_metric_init(conffile, logger);
g_tsg_statis_para.fs_field_id[STATIS_ALLOW_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"allow_in_bytes"); if(ret<0)
g_tsg_statis_para.fs_field_id[STATIS_ALLOW_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"allow_out_bytes"); {
g_tsg_statis_para.fs_field_id[STATIS_ALLOW_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"allow_in_packets"); MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "INIT_METRIC", "tsg_statistic_metric_init failed ...");
g_tsg_statis_para.fs_field_id[STATIS_ALLOW_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"allow_out_packets"); return -1;
}
g_tsg_statis_para.fs_field_id[STATIS_DENY_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"deny_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_DENY_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"deny_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_DENY_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"deny_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_DENY_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"deny_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_DENY_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"deny_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_MONITOR_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"monitor_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_MONITOR_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"monitor_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_MONITOR_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"monitor_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_MONITOR_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"monitor_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_MONITOR_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"monitor_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_TCP_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_UDP_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_conn_num");
g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_in_packets");
g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_in_bytes");
g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_out_packets");
g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_out_bytes");
g_tsg_statis_para.fs_field_id[STATIS_ALERT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"alert_bytes");
g_tsg_statis_para.fs_field_id[STATIS_BLOCK_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"block_bytes");
g_tsg_statis_para.fs_field_id[STATIS_PINNING_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"pinning_num");
g_tsg_statis_para.fs_field_id[STATIS_MAYBE_PINNING_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"maybe_pinning_num");
g_tsg_statis_para.fs_field_id[STATIS_NOT_PINNING_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"not_pinning_num");
g_tsg_statis_para.fs_line_id=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_LINE, FS_CALC_CURRENT, (const char *)"TRAFFIC");
pthread_create(&g_tsg_statis_para.stat_thread_id, NULL, tsg_statistic_thread, NULL); pthread_create(&g_tsg_statis_para.stat_thread_id, NULL, tsg_statistic_thread, NULL);
return 0; return 0;
} }
void tsg_statistic_metric_destroy(void)
{
tsg_metric_tsgs_free(get_thread_count());
return;
}
void tsg_statistic_destroy(void) void tsg_statistic_destroy(void)
{ {
pthread_cancel(g_tsg_statis_para.stat_thread_id); pthread_cancel(g_tsg_statis_para.stat_thread_id);
g_tsg_statis_para.thread_alive=0; g_tsg_statis_para.thread_alive=0;
sleep(g_tsg_statis_para.cycle); sleep(g_tsg_statis_para.cycle);
FS_stop(&(g_tsg_statis_para.fs2_handle)); fieldstat_instance_free(g_tsg_statis_para.statistic_handle);
tsg_statistic_metric_destroy();
return ; return ;
} }

5
test/src/CMakeLists.txt
View File

@@ -40,7 +40,10 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp
) )
add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp) add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp)
target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable) target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable fieldstat3)
add_executable(gtest_sync_session_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp gtest_common.cpp gtest_session_state.cpp) add_executable(gtest_sync_session_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp gtest_common.cpp gtest_session_state.cpp)
target_link_libraries(gtest_sync_session_state gtest-static cjson ctemplate-static) target_link_libraries(gtest_sync_session_state gtest-static cjson ctemplate-static)
add_executable(gtest_fieldstat3 ${PROJECT_SOURCE_DIR}/src/tsg_statistic.cpp gtest_common.cpp gtest_fieldstat3.cpp)
target_link_libraries(gtest_fieldstat3 gtest-static ctemplate-static MESA_field_stat2 fieldstat3 MESA_prof_load MESA_handle_logger)

12
test/src/gtest_common.cpp
View File

@@ -27,7 +27,7 @@ const char *printaddr (const struct layer_addr *paddrinfo, int threadindex)
int get_thread_count(void) int get_thread_count(void)
{ {
return 1; return 8;
} }
int MESA_rst_tcp(struct streaminfo * stream, struct rst_tcp_para * paras, int para_len) int MESA_rst_tcp(struct streaminfo * stream, struct rst_tcp_para * paras, int para_len)
@@ -100,6 +100,16 @@ int MESA_set_stream_opt(const struct streaminfo * pstream, enum MESA_stream_opt
int MESA_get_stream_opt(const struct streaminfo * pstream, enum MESA_stream_opt opt, void * opt_val, int * opt_val_len) int MESA_get_stream_opt(const struct streaminfo * pstream, enum MESA_stream_opt opt, void * opt_val, int * opt_val_len)
{ {
if (*opt_val_len == 2)
{
*(u_short *)opt_val = 2;
}
if (*opt_val_len == 8)
{
*(long long *)opt_val = 5;
}
return 0; return 0;
} }

169
test/src/gtest_fieldstat3.cpp Normal file
View File

@@ -0,0 +1,169 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <MESA/fieldstat.h>
#include "tsg_entry.h"
#include "gtest_common.h"
#include "tsg_variable.h"
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h>
#include <gtest/gtest.h>
const char *tsg_gtest_conffile = "tsgconf/main.conf";
extern struct tsg_statistic g_tsg_statis_para;
pthread_t g_pid[8];
TEST(FIELDSATA3, InterceptIllegalParameter)
{
struct _traffic_info _info;
struct maat_rule p_result;
int ret = tsg_set_intercept_flow(NULL, &_info, 0);
EXPECT_EQ(ret, -1);
ret = tsg_set_intercept_flow(&p_result, NULL, 0);
EXPECT_EQ(ret, -1);
ret = tsg_set_intercept_flow(&p_result, &_info, -1);
EXPECT_EQ(ret, -1);
}
TEST(FIELDSATA3, PolicyIllegalParameter)
{
struct maat_rule p_result;
struct streaminfo a_stream;
int ret = tsg_set_policy_flow(NULL, &p_result, 0);
EXPECT_EQ(ret, -1);
ret = tsg_set_policy_flow(&a_stream, NULL, 0);
EXPECT_EQ(ret, -1);
ret = tsg_set_policy_flow(&a_stream, &p_result, -1);
EXPECT_EQ(ret, -1);
}
TEST(FIELDSATA3, Intercept)
{
struct _traffic_info _info;
struct maat_rule p_result;
_info.con_num = 10;
_info.in_bytes = 1000;
_info.in_packets = 25;
_info.out_bytes = 1001;
_info.out_packets = 24;
p_result.action = TSG_ACTION_INTERCEPT;
p_result.rule_id = 95536;
p_result.do_log = 1;
p_result.service_id = 10;
for (int i = 0; i < 50000; i++)
{
// p_result.rule_id += i;
// _info.in_bytes += i;
int ret = tsg_set_intercept_flow(&p_result, &_info, 0);
EXPECT_EQ(ret, 0);
// usleep(500);
}
}
TEST(FIELDSATA3, PolicyFlow)
{
struct maat_rule p_result;
struct streaminfo a_stream;
p_result.action = TSG_ACTION_MONITOR;
p_result.rule_id = 95500;
for (int i = 0; i < 50000; i++)
{
// p_result.rule_id += i;
// _info.in_bytes += i;
int ret = tsg_set_policy_flow(&a_stream, &p_result, 0);
EXPECT_EQ(ret, 0);
// usleep(500);
}
}
#if 0
void *run_time_funtion(void *arg)
{
uint8_t pid = *(uint8_t *)arg;
struct maat_rule p_result;
struct streaminfo a_stream;
struct _traffic_info _info;
while (1)
{
srand(time(NULL));
p_result.action = TSG_ACTION_MONITOR;
p_result.rule_id = rand() % 95500;
usleep(rand() % 500);
int ret = tsg_set_policy_flow(&a_stream, &p_result, pid);
EXPECT_EQ(ret, 0);
srand(time(NULL));
usleep(rand() % 500);
p_result.action = TSG_ACTION_DENY;
p_result.rule_id = rand() % 95500;
ret = tsg_set_policy_flow(&a_stream, &p_result, pid);
EXPECT_EQ(ret, 0);
srand(time(NULL));
usleep(rand() % 500);
p_result.action = TSG_ACTION_BYPASS;
p_result.rule_id = rand() % 95500;
ret = tsg_set_policy_flow(&a_stream, &p_result, pid);
EXPECT_EQ(ret, 0);
_info.con_num = rand() % 10;
_info.in_bytes = rand() % 1000;
_info.in_packets = rand() % 25;
_info.out_bytes = rand() % 1001;
_info.out_packets = rand() % 24;
p_result.action = TSG_ACTION_INTERCEPT;
p_result.rule_id = rand() % 95536;
ret = tsg_set_intercept_flow(&p_result, &_info, pid);
EXPECT_EQ(ret, 0);
}
return NULL;
}
TEST(FIELDSATA3, MultiThreading)
{
for (uint8_t i = 0; i < 8; i++)
{
uint8_t i_pid = i;
pthread_create(g_pid + i, NULL, run_time_funtion, (void *)&i_pid);
EXPECT_NE(g_pid[i], 0);
}
}
#endif
int main(int argc, char *argv[])
{
void *logger = MESA_create_runtime_log_handle("log/gtest_fieldstat3.log", RLOG_LV_FATAL);
tsg_statistic_init(tsg_gtest_conffile, logger);
testing::InitGoogleTest(&argc, argv);
int ret = RUN_ALL_TESTS();
// sleep(30);
// for (int i = 0; i < 8; i++)
// {
// pthread_cancel(g_pid[i]);
// }
tsg_statistic_destroy();
return ret;
}