gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持识别出SSL协议后,继续识别上层应用协议(HTTPS\POP3\SMTPS\IAMPS等)

Browse Source 
控制调用printaddr,只有FATAL模式下才调用printaddr
This commit is contained in:
liuxueli
2021-04-19 20:37:05 +08:00
parent 117a3dfef1
commit 3cc8f23a5a
4 changed files with 103 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
src/tsg_entry.cpp
View File

@@ -175,6 +175,21 @@ static int is_repetitive_protocol_id(unsigned short proto_id)
return 0;
}
static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt)
{
int i=0;
for(i=0; i<hit_cnt; i++)
{
if(result[i].action==TSG_ACTION_BYPASS || result[i].action==TSG_ACTION_INTERCEPT || result[i].action==TSG_ACTION_DENY)
{
return 0;
}
}
return 1;
}
static int get_default_policy(int compile_id, struct Maat_rule_t *result)
{
struct Maat_rule_t p_result={0};
@@ -219,7 +234,7 @@ static struct app_id_label *get_app_id_label(struct streaminfo *a_stream, struct
"READ_APP_ID_FLAG",
"Get app id label, app_id: %d addr: %s",
app_id_label->app_id,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
context->app_id=app_id_label->app_id;
return app_id_label;
@@ -419,7 +434,7 @@ static void copy_monitor_result(struct streaminfo *a_stream, struct master_conte
p_result[0].config_id,
p_result[0].service_id,
(unsigned char)p_result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -448,7 +463,7 @@ static void copy_intercept_result(struct streaminfo *a_stream, struct master_con
"Add policy_priority_label failed, intercept policy, policy_id: %d action: %d addr: %s",
priority_label->result[0].config_id,
(unsigned char)priority_label->result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -458,7 +473,7 @@ static void copy_intercept_result(struct streaminfo *a_stream, struct master_con
"Hit intercept policy, policy_id: %d action: %d addr: %s",
priority_label->result[0].config_id,
(unsigned char)priority_label->result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
@@ -486,7 +501,7 @@ static void copy_deny_result(struct streaminfo *a_stream, struct master_context
p_result[0].config_id,
p_result[0].service_id,
(unsigned char)p_result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
@@ -525,7 +540,7 @@ static void copy_bypass_result(struct streaminfo *a_stream, struct master_contex
p_result[0].config_id,
p_result[0].service_id,
(unsigned char)p_result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
@@ -569,7 +584,7 @@ int is_intercept_exclusion(struct streaminfo *a_stream, Maat_rule_t *p_result, s
p_result->config_id,
p_result->service_id,
(unsigned char)p_result->action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, thread_seq) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
return 1;
@@ -582,7 +597,7 @@ int is_intercept_exclusion(struct streaminfo *a_stream, Maat_rule_t *p_result, s
"Not hit %s stream_dir: %d addr: %s scan ret: %d",
identify_info->domain,
a_stream->dir,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, thread_seq) : ""),
PRINTADDR(a_stream, g_tsg_para.level),
ret
);
}
@@ -659,7 +674,7 @@ void set_session_attribute_label(struct streaminfo *a_stream, enum TSG_ATTRIBUTE
"Add internal_label failed, establish latency ms: %llu proto: %d addr: %s",
attribute_label->establish_latency_ms,
attribute_label->proto,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1077,12 +1092,15 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)(&identify_info.proto), thread_seq);
context->proto=identify_info.proto;
context->continue_scan_proto_id=APP_SCAN_FLAG_STOP;
if(identify_info.proto==PROTO_SSL)
{
set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, thread_seq);
}
else
{
context->continue_scan_proto_id=APP_SCAN_FLAG_STOP;
}
hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_tcp, &identify_info, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, thread_seq);
}
@@ -1093,17 +1111,21 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
hit_num+=ret;
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
}
if((is_only_monitor(result, hit_num)) && identify_info.proto!=PROTO_UNKONWN) // business deal action of monitor
{
hit_num=0;
}
break;
default:
break;
}
if(context->proto==PROTO_UNKONWN || context->proto>PROTO_APP || context->continue_scan_proto_id==APP_SCAN_FLAG_CONTINUE) /* support block/alert(deny), Do action in fw_http_plug */
if(context->proto==PROTO_UNKONWN || context->proto==PROTO_SSL || context->proto>PROTO_APP || context->continue_scan_proto_id==APP_SCAN_FLAG_CONTINUE) /* support block/alert(deny), Do action in fw_http_plug */
{
proto_id=get_basic_proto_id(a_tcp, context, thread_seq);
if(proto_id>0 && proto_id!=context->basic_proto_id)
{
context->proto=PROTO_APP;
context->proto=((context->proto==PROTO_SSL) ? PROTO_SSL : PROTO_APP);
context->basic_proto_id=proto_id;
l7_protocol=tsg_l7_protocol_id2name(g_tsg_log_instance, proto_id);
if(l7_protocol==NULL && proto_id==g_tsg_para.mail_proto_id)
@@ -1111,7 +1133,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
l7_protocol=(char *)"MAIL";
}
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_tcp, result, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_tcp, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq);
}
}
@@ -1131,11 +1153,6 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
switch((unsigned char)p_result->action)
{
case TSG_ACTION_DENY:
if((context->result!=NULL && context->result[0].action==TSG_ACTION_BYPASS) || ((is_repetitive_protocol_id(context->proto)) && context->is_default_policy==0))
{
break;
}
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region!=NULL)
{
@@ -1146,6 +1163,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
opt_value=1;
MESA_set_stream_opt(a_tcp, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value));
MESA_set_stream_opt(a_tcp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout));
copy_deny_result(a_tcp, context, p_result, thread_seq);
state=APP_STATE_DROPPKT|APP_STATE_DROPME;
break;
case TSG_METHOD_TYPE_RESET:
@@ -1166,15 +1184,19 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
MESA_set_stream_opt(a_tcp, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value));
MESA_set_stream_opt(a_tcp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout));
}
copy_deny_result(a_tcp, context, p_result, thread_seq);
state=APP_STATE_DROPPKT|APP_STATE_DROPME;
break;
case TSG_METHOD_TYPE_BLOCK:
case TSG_METHOD_TYPE_ALERT:
case TSG_METHOD_TYPE_REDIRECTION:
break;
default:
break;
}
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
}
copy_deny_result(a_tcp, context, p_result, thread_seq);
break;
case TSG_ACTION_MONITOR:
copy_monitor_result(a_tcp, context, result, hit_num, thread_seq);
@@ -1241,7 +1263,6 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t
context->proto=identify_info.proto;
context->continue_scan_proto_id=APP_SCAN_FLAG_STOP;
hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_udp, &identify_info, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, thread_seq);
}
@@ -1251,6 +1272,12 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t
hit_num+=ret;
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
}
if((is_only_monitor(result, hit_num)) && identify_info.proto!=PROTO_UNKONWN) // business deal action of deny and monitor
{
hit_num=0;
}
break;
default:
break;
@@ -1281,10 +1308,11 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t
else
{
context->proto=PROTO_APP;
}
context->basic_proto_id=proto_id;
l7_protocol=tsg_l7_protocol_id2name(g_tsg_log_instance, proto_id);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_udp, result, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq);
}
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_udp, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, l7_protocol, proto_id, thread_seq);
}
}
@@ -1304,30 +1332,25 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t
switch((unsigned char)p_result->action)
{
case TSG_ACTION_DENY:
if((context->result!=NULL && context->result[0].action==TSG_ACTION_BYPASS) || ((is_repetitive_protocol_id(context->proto)) && context->is_default_policy==0))
{
break;
}
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region!=NULL)
{
method_type=tsg_get_method_id(user_region->method);
switch(method_type)
{
case TSG_METHOD_TYPE_RESET:
case TSG_METHOD_TYPE_DROP:
opt_value=1;
MESA_set_stream_opt(a_udp, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value));
MESA_set_stream_opt(a_udp, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout));
state=APP_STATE_DROPPKT|APP_STATE_DROPME;
break;
default:
break;
}
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
}
copy_deny_result(a_udp, context, p_result, thread_seq);
state=APP_STATE_DROPPKT|APP_STATE_DROPME;
break;
case TSG_ACTION_MONITOR:
copy_monitor_result(a_udp, context, result, hit_num, thread_seq);

4
src/tsg_entry.h
View File

@@ -24,6 +24,10 @@ typedef int atomic_t;
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#define DNS_PROTO_ID 103
#define FTP_PROTO_ID 104
#define HTTP_PROTO_ID 106

52
src/tsg_rule.cpp
View File

@@ -998,7 +998,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
label->result->config_id,
label->result->service_id,
label->result->action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1009,7 +1009,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
"PULL_RESULT",
"pull policy failed, Not hit, label is %s addr: %s",
(label==NULL) ? "NULL" : label->domain,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -1156,7 +1156,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre
result[0].config_id,
result[0].service_id,
(unsigned char)result[0].action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
else
@@ -1168,7 +1168,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre
asn->asn,
ret,
g_tsg_para.table_name[idx],
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1180,7 +1180,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre
"IP_ASN is NULL scan ret: %d table_name: %s addr: %s",
ret,
g_tsg_para.table_name[idx],
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -1218,7 +1218,7 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a
result[0].config_id,
result[0].service_id,
(unsigned char)result[0].action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
else
@@ -1230,7 +1230,7 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a
buff,
ret,
g_tsg_para.table_name[idx],
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1242,7 +1242,7 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a
"IP_LOCATION is NULL scan ret: %d table_name: %s addr: %s",
ret,
g_tsg_para.table_name[idx],
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -1323,7 +1323,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
RLOG_LV_DEBUG,
"SCAN_IP",
"Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&cur_stream->addr, cur_stream->threadnum) : ""),
PRINTADDR(a_stream, g_tsg_para.level),
maat_ret,
result[hit_num].config_id,
result[hit_num].service_id,
@@ -1338,7 +1338,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
RLOG_LV_DEBUG,
"SCAN_IP",
"No hit addr: %s scan ret: %d",
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&cur_stream->addr, cur_stream->threadnum) : ""),
PRINTADDR(a_stream, g_tsg_para.level),
maat_ret
);
}
@@ -1390,7 +1390,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
hit_num+=maat_ret;
@@ -1404,7 +1404,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
g_tsg_proto_string[proto].type,
proto_str2id(proto),
maat_ret,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1462,7 +1462,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
hit_num+=maat_ret;
@@ -1475,7 +1475,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
"No hit source subscribe id: %s scan ret: %d addr: %s",
attribute_label->client_subscribe_id->subscribe_id,
maat_ret,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1503,7 +1503,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
hit_num+=maat_ret;
@@ -1516,7 +1516,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
"No hit dest subscribe id: %s scan ret: %d addr: %s",
attribute_label->server_subscribe_id->subscribe_id,
maat_ret,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1530,7 +1530,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
"ADD_INTERNAL_LABEL",
"Add internal label failed, ret: %d addr: %s",
ret,
(g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "")
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -1589,7 +1589,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
hit_num+=ret;
@@ -1604,7 +1604,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str
(ret==-1) ? "NULL" : identify_info->domain,
ret,
a_stream->dir,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
}
@@ -1643,7 +1643,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str
result[hit_num].config_id,
result[hit_num].service_id,
(unsigned char)result[hit_num].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
hit_num+=ret;
}
@@ -1658,7 +1658,7 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct streaminfo *a_str
attribute_label->fqdn_category_id[i],
ret,
a_stream->dir,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
}
}
@@ -1777,7 +1777,7 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, struct streaminfo *a_str
result[0].config_id,
result[0].service_id,
result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
return ret;
@@ -1791,7 +1791,7 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, struct streaminfo *a_str
(id>1000) ? "app" : "proto",
id,
ret,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
return 0;
}
@@ -1822,7 +1822,7 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, struct streaminf
result[0].config_id,
result[0].service_id,
result[0].action,
printaddr(&a_stream->addr, thread_seq)
PRINTADDR(a_stream, g_tsg_para.level)
);
hit_num+=ret2;
@@ -1830,11 +1830,11 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, struct streaminf
else
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_ID","Hit %s selector_id: %d ret: %d addr: %s",
property, property_result[i].config_id, ret2, printaddr(&a_stream->addr, thread_seq));
property, property_result[i].config_id, ret2,PRINTADDR(a_stream, g_tsg_para.level));
}
}
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_PROPERTY", "scan %s: %s ret: %d addr: %s", district, property, ret, printaddr(&a_stream->addr, thread_seq));
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_PROPERTY", "scan %s: %s ret: %d addr: %s", district, property, ret, PRINTADDR(a_stream, g_tsg_para.level));
}
return hit_num;

36
src/tsg_send_log.cpp
View File

@@ -274,7 +274,7 @@ static int get_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h
{
case ADDR_TYPE_MAC:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "MAC");
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "ETHERNET");
switch(a_stream->dir)
{
@@ -629,6 +629,20 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_PKT_NUM].name, (void *)(long)tflow_project->C2S_all_pkt, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_BYTE_NUM].name, (void *)(long)tflow_project->C2S_all_byte_raw, TLD_TYPE_LONG);
}
size=sizeof(unsigned int);
ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_C2S, &client_isn, &size);
if(ret==0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, (void *)(long)client_isn, TLD_TYPE_LONG);
}
size=sizeof(unsigned int);
ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_S2C, &server_isn, &size);
if(ret==0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, (void *)(long)server_isn, TLD_TYPE_LONG);
}
break;
case STREAM_TYPE_UDP:
uflow_project=(struct udp_flow_stat *)project_req_get_struct(a_stream, _instance->udp_flow_project_id);
@@ -727,20 +741,6 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
TLD_append(_handle, _instance->id2field[LOG_COMMON_DIRECTION].name, (void *)(long)direction, TLD_TYPE_LONG);
size=sizeof(unsigned int);
ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_C2S, &client_isn, &size);
if(ret==0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, (void *)(long)client_isn, TLD_TYPE_LONG);
}
size=sizeof(unsigned int);
ret=MESA_get_stream_opt(a_stream, MSO_TCP_ISN_S2C, &server_isn, &size);
if(ret==0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, (void *)(long)server_isn, TLD_TYPE_LONG);
}
return 0;
}
@@ -1019,7 +1019,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
"tsg same log:cfg_id=%d service=%d addr=%s",
log_msg->result[i].config_id,
log_msg->result[i].service_id,
(_instance->level<RLOG_LV_FATAL ? (log_msg->a_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "")
(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
);
continue;
}
@@ -1034,7 +1034,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
log_msg->result[i].config_id,
log_msg->result[i].service_id,
_instance->send_log_percent[thread_id],
(_instance->level<RLOG_LV_FATAL ? (log_msg->a_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "")
(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
);
continue;
}
@@ -1047,7 +1047,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
"tsg abort log:cfg_id=%d service=%d addr=%s",
log_msg->result[i].config_id,
log_msg->result[i].service_id,
(_instance->level<RLOG_LV_FATAL ? (log_msg->a_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "")
(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
);
fs_id=action2fs_id((int)log_msg->result[i].action);