From 3cc8f23a5a92fae2cb3c1224f3c536578df8e87b Mon Sep 17 00:00:00 2001 From: liuxueli Date: Mon, 19 Apr 2021 20:37:05 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E8=AF=86=E5=88=AB=E5=87=BASS?= =?UTF-8?q?L=E5=8D=8F=E8=AE=AE=E5=90=8E=EF=BC=8C=E7=BB=A7=E7=BB=AD?= =?UTF-8?q?=E8=AF=86=E5=88=AB=E4=B8=8A=E5=B1=82=E5=BA=94=E7=94=A8=E5=8D=8F?= =?UTF-8?q?=E8=AE=AE(HTTPS\POP3\SMTPS\IAMPS=E7=AD=89)=20=E6=8E=A7=E5=88=B6?= =?UTF-8?q?=E8=B0=83=E7=94=A8printaddr=EF=BC=8C=E5=8F=AA=E6=9C=89FATAL?= =?UTF-8?q?=E6=A8=A1=E5=BC=8F=E4=B8=8B=E6=89=8D=E8=B0=83=E7=94=A8printaddr?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/tsg_entry.cpp | 87 ++++++++++++++++++++++++++++---------------- src/tsg_entry.h | 4 ++ src/tsg_rule.cpp | 52 +++++++++++++------------- src/tsg_send_log.cpp | 36 +++++++++--------- 4 files changed, 103 insertions(+), 76 deletions(-) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 45b58de..3703e82 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -175,6 +175,21 @@ static int is_repetitive_protocol_id(unsigned short proto_id) return 0; } +static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt) +{ + int i=0; + + for(i=0; iapp_id, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); context->app_id=app_id_label->app_id; return app_id_label; @@ -419,7 +434,7 @@ static void copy_monitor_result(struct streaminfo *a_stream, struct master_conte p_result[0].config_id, p_result[0].service_id, (unsigned char)p_result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -448,7 +463,7 @@ static void copy_intercept_result(struct streaminfo *a_stream, struct master_con "Add policy_priority_label failed, intercept policy, policy_id: %d action: %d addr: %s", priority_label->result[0].config_id, (unsigned char)priority_label->result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -458,7 +473,7 @@ static void copy_intercept_result(struct streaminfo *a_stream, struct master_con "Hit intercept policy, policy_id: %d action: %d addr: %s", priority_label->result[0].config_id, (unsigned char)priority_label->result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); return ; @@ -486,7 +501,7 @@ static void copy_deny_result(struct streaminfo *a_stream, struct master_context p_result[0].config_id, p_result[0].service_id, (unsigned char)p_result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); return ; @@ -525,7 +540,7 @@ static void copy_bypass_result(struct streaminfo *a_stream, struct master_contex p_result[0].config_id, p_result[0].service_id, (unsigned char)p_result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); return ; @@ -569,7 +584,7 @@ int is_intercept_exclusion(struct streaminfo *a_stream, Maat_rule_t *p_result, s p_result->config_id, p_result->service_id, (unsigned char)p_result->action, - (g_tsg_para.leveladdr, thread_seq) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); return 1; @@ -582,7 +597,7 @@ int is_intercept_exclusion(struct streaminfo *a_stream, Maat_rule_t *p_result, s "Not hit %s stream_dir: %d addr: %s scan ret: %d", identify_info->domain, a_stream->dir, - (g_tsg_para.leveladdr, thread_seq) : ""), + PRINTADDR(a_stream, g_tsg_para.level), ret ); } @@ -659,7 +674,7 @@ void set_session_attribute_label(struct streaminfo *a_stream, enum TSG_ATTRIBUTE "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s", attribute_label->establish_latency_ms, attribute_label->proto, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1077,12 +1092,15 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)(&identify_info.proto), thread_seq); context->proto=identify_info.proto; - context->continue_scan_proto_id=APP_SCAN_FLAG_STOP; if(identify_info.proto==PROTO_SSL) { set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, thread_seq); } + else + { + context->continue_scan_proto_id=APP_SCAN_FLAG_STOP; + } hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_tcp, &identify_info, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, thread_seq); } @@ -1093,17 +1111,21 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t hit_num+=ret; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } + if((is_only_monitor(result, hit_num)) && identify_info.proto!=PROTO_UNKONWN) // business deal action of monitor + { + hit_num=0; + } break; default: break; } - if(context->proto==PROTO_UNKONWN || context->proto>PROTO_APP || context->continue_scan_proto_id==APP_SCAN_FLAG_CONTINUE) /* support block/alert(deny), Do action in fw_http_plug */ + if(context->proto==PROTO_UNKONWN || context->proto==PROTO_SSL || context->proto>PROTO_APP || context->continue_scan_proto_id==APP_SCAN_FLAG_CONTINUE) /* support block/alert(deny), Do action in fw_http_plug */ { proto_id=get_basic_proto_id(a_tcp, context, thread_seq); if(proto_id>0 && proto_id!=context->basic_proto_id) { - context->proto=PROTO_APP; + context->proto=((context->proto==PROTO_SSL) ? PROTO_SSL : PROTO_APP); context->basic_proto_id=proto_id; l7_protocol=tsg_l7_protocol_id2name(g_tsg_log_instance, proto_id); if(l7_protocol==NULL && proto_id==g_tsg_para.mail_proto_id) @@ -1111,7 +1133,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t l7_protocol=(char *)"MAIL"; } - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_tcp, result, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq); + hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_tcp, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq); } } @@ -1131,11 +1153,6 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t switch((unsigned char)p_result->action) { case TSG_ACTION_DENY: - if((context->result!=NULL && context->result[0].action==TSG_ACTION_BYPASS) || ((is_repetitive_protocol_id(context->proto)) && context->is_default_policy==0)) - { - break; - } - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); if(user_region!=NULL) { @@ -1146,6 +1163,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t opt_value=1; MESA_set_stream_opt(a_tcp, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value)); MESA_set_stream_opt(a_tcp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout)); + copy_deny_result(a_tcp, context, p_result, thread_seq); state=APP_STATE_DROPPKT|APP_STATE_DROPME; break; case TSG_METHOD_TYPE_RESET: @@ -1166,15 +1184,19 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t MESA_set_stream_opt(a_tcp, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value)); MESA_set_stream_opt(a_tcp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout)); } + copy_deny_result(a_tcp, context, p_result, thread_seq); state=APP_STATE_DROPPKT|APP_STATE_DROPME; break; + case TSG_METHOD_TYPE_BLOCK: + case TSG_METHOD_TYPE_ALERT: + case TSG_METHOD_TYPE_REDIRECTION: + break; default: break; } security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); } - copy_deny_result(a_tcp, context, p_result, thread_seq); break; case TSG_ACTION_MONITOR: copy_monitor_result(a_tcp, context, result, hit_num, thread_seq); @@ -1239,9 +1261,8 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t copy_identify_info(context, &identify_info, thread_seq); set_session_attribute_label(a_udp, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(identify_info.proto), thread_seq); - context->proto=identify_info.proto; + context->proto=identify_info.proto; context->continue_scan_proto_id=APP_SCAN_FLAG_STOP; - hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_udp, &identify_info, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, thread_seq); } @@ -1251,6 +1272,12 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t hit_num+=ret; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } + + if((is_only_monitor(result, hit_num)) && identify_info.proto!=PROTO_UNKONWN) // business deal action of deny and monitor + { + hit_num=0; + } + break; default: break; @@ -1281,10 +1308,11 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t else { context->proto=PROTO_APP; - context->basic_proto_id=proto_id; - l7_protocol=tsg_l7_protocol_id2name(g_tsg_log_instance, proto_id); - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_udp, result, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq); } + + context->basic_proto_id=proto_id; + l7_protocol=tsg_l7_protocol_id2name(g_tsg_log_instance, proto_id); + hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_udp, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq); } } @@ -1304,30 +1332,25 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t switch((unsigned char)p_result->action) { case TSG_ACTION_DENY: - if((context->result!=NULL && context->result[0].action==TSG_ACTION_BYPASS) || ((is_repetitive_protocol_id(context->proto)) && context->is_default_policy==0)) - { - break; - } - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); if(user_region!=NULL) { method_type=tsg_get_method_id(user_region->method); switch(method_type) { + case TSG_METHOD_TYPE_RESET: case TSG_METHOD_TYPE_DROP: opt_value=1; MESA_set_stream_opt(a_udp, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value)); - MESA_set_stream_opt(a_udp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout)); - state=APP_STATE_DROPPKT|APP_STATE_DROPME; + MESA_set_stream_opt(a_udp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout)); break; default: break; } - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); } copy_deny_result(a_udp, context, p_result, thread_seq); + state=APP_STATE_DROPPKT|APP_STATE_DROPME; break; case TSG_ACTION_MONITOR: copy_monitor_result(a_udp, context, result, hit_num, thread_seq); diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 97e1c08..fdf3722 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -24,6 +24,10 @@ typedef int atomic_t; #define MIN(a, b) (((a) < (b)) ? (a) : (b)) #endif +#ifndef PRINTADDR +#define PRINTADDR(a, b) ((b)addr), a->threadnum) : "") +#endif + #define DNS_PROTO_ID 103 #define FTP_PROTO_ID 104 #define HTTP_PROTO_ID 106 diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 6cbfe40..bb645b9 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -998,7 +998,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re label->result->config_id, label->result->service_id, label->result->action, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1009,7 +1009,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re "PULL_RESULT", "pull policy failed, Not hit, label is %s addr: %s", (label==NULL) ? "NULL" : label->domain, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -1156,7 +1156,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre result[0].config_id, result[0].service_id, (unsigned char)result[0].action, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } else @@ -1168,7 +1168,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre asn->asn, ret, g_tsg_para.table_name[idx], - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1180,7 +1180,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre "IP_ASN is NULL scan ret: %d table_name: %s addr: %s", ret, g_tsg_para.table_name[idx], - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -1218,7 +1218,7 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a result[0].config_id, result[0].service_id, (unsigned char)result[0].action, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } else @@ -1230,7 +1230,7 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a buff, ret, g_tsg_para.table_name[idx], - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1242,7 +1242,7 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a "IP_LOCATION is NULL scan ret: %d table_name: %s addr: %s", ret, g_tsg_para.table_name[idx], - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -1323,7 +1323,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * RLOG_LV_DEBUG, "SCAN_IP", "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", - (g_tsg_para.leveladdr, cur_stream->threadnum) : ""), + PRINTADDR(a_stream, g_tsg_para.level), maat_ret, result[hit_num].config_id, result[hit_num].service_id, @@ -1338,7 +1338,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", - (g_tsg_para.leveladdr, cur_stream->threadnum) : ""), + PRINTADDR(a_stream, g_tsg_para.level), maat_ret ); } @@ -1390,7 +1390,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); hit_num+=maat_ret; @@ -1404,7 +1404,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * g_tsg_proto_string[proto].type, proto_str2id(proto), maat_ret, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1462,7 +1462,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); hit_num+=maat_ret; @@ -1475,7 +1475,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * "No hit source subscribe id: %s scan ret: %d addr: %s", attribute_label->client_subscribe_id->subscribe_id, maat_ret, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1503,7 +1503,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); hit_num+=maat_ret; @@ -1516,7 +1516,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * "No hit dest subscribe id: %s scan ret: %d addr: %s", attribute_label->server_subscribe_id->subscribe_id, maat_ret, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1530,7 +1530,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * "ADD_INTERNAL_LABEL", "Add internal label failed, ret: %d addr: %s", ret, - (g_tsg_para.leveladdr, a_stream->threadnum) : "") + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -1589,7 +1589,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); hit_num+=ret; @@ -1604,7 +1604,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str (ret==-1) ? "NULL" : identify_info->domain, ret, a_stream->dir, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); } @@ -1643,7 +1643,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); hit_num+=ret; } @@ -1658,7 +1658,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str attribute_label->fqdn_category_id[i], ret, a_stream->dir, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); } } @@ -1777,7 +1777,7 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, struct streaminfo *a_str result[0].config_id, result[0].service_id, result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); return ret; @@ -1791,7 +1791,7 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, struct streaminfo *a_str (id>1000) ? "app" : "proto", id, ret, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); return 0; } @@ -1822,7 +1822,7 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, struct streaminf result[0].config_id, result[0].service_id, result[0].action, - printaddr(&a_stream->addr, thread_seq) + PRINTADDR(a_stream, g_tsg_para.level) ); hit_num+=ret2; @@ -1830,11 +1830,11 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, struct streaminf else { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_ID","Hit %s selector_id: %d ret: %d addr: %s", - property, property_result[i].config_id, ret2, printaddr(&a_stream->addr, thread_seq)); + property, property_result[i].config_id, ret2,PRINTADDR(a_stream, g_tsg_para.level)); } } - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_PROPERTY", "scan %s: %s ret: %d addr: %s", district, property, ret, printaddr(&a_stream->addr, thread_seq)); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_PROPERTY", "scan %s: %s ret: %d addr: %s", district, property, ret, PRINTADDR(a_stream, g_tsg_para.level)); } return hit_num; diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index b72f7c4..ce76eaf 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -274,7 +274,7 @@ static int get_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h { case ADDR_TYPE_MAC: tunnel_object=cJSON_CreateObject(); - cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "MAC"); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "ETHERNET"); switch(a_stream->dir) { @@ -629,6 +629,20 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_PKT_NUM].name, (void *)(long)tflow_project->C2S_all_pkt, TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_BYTE_NUM].name, (void *)(long)tflow_project->C2S_all_byte_raw, TLD_TYPE_LONG); } + + size=sizeof(unsigned int); + ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_C2S, &client_isn, &size); + if(ret==0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, (void *)(long)client_isn, TLD_TYPE_LONG); + } + + size=sizeof(unsigned int); + ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_S2C, &server_isn, &size); + if(ret==0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, (void *)(long)server_isn, TLD_TYPE_LONG); + } break; case STREAM_TYPE_UDP: uflow_project=(struct udp_flow_stat *)project_req_get_struct(a_stream, _instance->udp_flow_project_id); @@ -727,20 +741,6 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle TLD_append(_handle, _instance->id2field[LOG_COMMON_DIRECTION].name, (void *)(long)direction, TLD_TYPE_LONG); - size=sizeof(unsigned int); - ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_C2S, &client_isn, &size); - if(ret==0) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, (void *)(long)client_isn, TLD_TYPE_LONG); - } - - size=sizeof(unsigned int); - ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_S2C, &server_isn, &size); - if(ret==0) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, (void *)(long)server_isn, TLD_TYPE_LONG); - } - return 0; } @@ -1019,7 +1019,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl "tsg same log:cfg_id=%d service=%d addr=%s", log_msg->result[i].config_id, log_msg->result[i].service_id, - (_instance->levela_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "") + (log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level)) ); continue; } @@ -1034,7 +1034,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl log_msg->result[i].config_id, log_msg->result[i].service_id, _instance->send_log_percent[thread_id], - (_instance->levela_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "") + (log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level)) ); continue; } @@ -1047,7 +1047,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl "tsg abort log:cfg_id=%d service=%d addr=%s", log_msg->result[i].config_id, log_msg->result[i].service_id, - (_instance->levela_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "") + (log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level)) ); fs_id=action2fs_id((int)log_msg->result[i].action);