gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DNS的DENY动作由总控统一处理

Browse Source 
TSG-7250: tsg_master统一设置RST包特征
TSG-7051: 功能端支持按连接执行ratelimit动作
This commit is contained in:
liuxueli
2021-08-07 17:27:55 +08:00
parent 34aee7ab31
commit 4904515a11
14 changed files with 1502 additions and 588 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bin/main.conf
View File

@@ -44,3 +44,11 @@ TRAFFIC_MIRROR_ENABLE=1
NIC_NAME="eth_vf_mirr"
APP_NAME="TSG_MIRROR"
DEFAULT_VLAN_ID=1023
[RESET]
NUM=1
SEED1=65535
SEED2=13
FLAGS=20
DIR=3
REMEDY=0

4
bin/tsg_log_field.conf
View File

@@ -90,3 +90,7 @@ STRING common_imsi 76
STRING common_imei 77
STRING common_phone_number 78
STRING common_userdefine_app_name 79
LONG common_mirrored_pkts 80
LONG common_mirrored_bytes 81
STRING common_subscriber_id 82
LONG http_action_file_size 83

60
inc/tsg_label.h
View File

@@ -5,7 +5,7 @@
#define MAX_STR_FIELD_LEN 64
#define MAX_RESULT_NUM 8
#define MAX_DOAMIN_LEN 2048
#define MAX_DOMAIN_LEN 2048
typedef enum _tsg_protocol
{
@@ -33,44 +33,25 @@ typedef enum _tsg_protocol
}tsg_protocol_t;
struct _asn_info_t
struct asn_info
{
int ref_cnt;
int addr_type;
int table_id;
char start_ip[MAX_STR_FIELD_LEN];
char end_ip[MAX_STR_FIELD_LEN];
char asn[MAX_STR_FIELD_LEN];
char organization[MAX_STR_FIELD_LEN*4];
char *asn_id;
char *organization;
};
struct _location_info_t
struct location_info
{
int geoname_id;
int table_id;
int ref_cnt;
int addr_type;
double latitude;
double longitude;
double coords;
char start_ip[MAX_STR_FIELD_LEN];
char end_ip[MAX_STR_FIELD_LEN];
char language[MAX_STR_FIELD_LEN];
char continent_abbr[MAX_STR_FIELD_LEN*4];
char continent_full[MAX_STR_FIELD_LEN*4];
char country_abbr[MAX_STR_FIELD_LEN*4];
char country_full[MAX_STR_FIELD_LEN*4];
char province_abbr[MAX_STR_FIELD_LEN*4];
char province_full[MAX_STR_FIELD_LEN*4];
char city_full[MAX_STR_FIELD_LEN*4];
char time_zone[MAX_STR_FIELD_LEN*4];
char *country_full;
char *province_full;
char *city_full;
};
struct _subscribe_id_info_t
struct subscribe_id_info
{
int ref_cnt;
int table_id;
char subscribe_id[MAX_STR_FIELD_LEN*4];
char *subscribe_id;
};
struct umts_user_info
@@ -81,30 +62,31 @@ struct umts_user_info
char *msisdn; //MSISDN: phone number
};
struct _session_attribute_label_t
struct session_attribute_label
{
int http_action_file_size;
int fqdn_category_id_num;
tsg_protocol_t proto;
long establish_latency_ms;
struct _asn_info_t *client_asn;
struct _asn_info_t *server_asn;
struct _location_info_t *client_location;
struct _location_info_t *server_location;
struct _subscribe_id_info_t *client_subscribe_id;
struct _subscribe_id_info_t *server_subscribe_id;
struct asn_info *client_asn;
struct asn_info *server_asn;
struct location_info *client_location;
struct location_info *server_location;
struct subscribe_id_info *client_subscribe_id;
struct subscribe_id_info *server_subscribe_id;
char *ja3_fingerprint;
unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM];
struct umts_user_info *user_info;
};
typedef struct _policy_priority_label
struct policy_priority_label
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
int result_num;
char domain[MAX_DOAMIN_LEN];
char domain[MAX_DOMAIN_LEN];
Maat_rule_t result[MAX_RESULT_NUM];
}policy_priority_label_t;
};
#endif

70
inc/tsg_rule.h
View File

@@ -29,51 +29,11 @@ enum TSG_METHOD_TYPE
TSG_METHOD_TYPE_MAX
};
enum TSG_DENY_TYPE
{
TSG_DENY_TYPE_MESSAGE=0,
TSG_DENY_TYPE_PROFILE,
TSG_DENY_TYPE_REDIRECT_TO,
TSG_DENY_TYPE_MAX
};
struct identify_info
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
char domain[MAX_DOAMIN_LEN];
};
struct deny_user_region
{
int code;
enum TSG_DENY_TYPE type;
union
{
char *message;
char *redirect_url_to;
int profile_id;
int bps;
void *para;
};
};
struct monitor_user_region
{
int enabled;
int vlan_id;
};
struct compile_user_region
{
int ref_cnt;
enum TSG_METHOD_TYPE method_type;
union
{
struct deny_user_region *deny;
struct monitor_user_region *mirror;
struct Maat_rule_t *result; //XJ default policy
void *user_region_para;
};
char domain[MAX_DOMAIN_LEN];
};
typedef enum _PULL_RESULT_TYPE
@@ -83,7 +43,7 @@ typedef enum _PULL_RESULT_TYPE
PULL_ALL_RESULT
}PULL_RESULT_TYPE;
struct app_id_dict_table
struct app_id_dict
{
int ref_cnt;
int app_id;
@@ -94,16 +54,13 @@ struct app_id_dict_table
int udp_timeout;
int tcp_time_wait;
int tcp_half_close;
int is_valid;
char risk[MAX_APP_ID_PROPERTY_LEN*4];
char app_name[MAX_APP_ID_PROPERTY_LEN];
char parent_app_name[MAX_APP_ID_PROPERTY_LEN];
char category[MAX_APP_ID_PROPERTY_LEN*4];
char subcategroy[MAX_APP_ID_PROPERTY_LEN*4];
char technology[MAX_APP_ID_PROPERTY_LEN*4];
char characteristics[MAX_APP_ID_PROPERTY_LEN*4];
char depends_on_app_ids[MAX_APP_ID_PROPERTY_LEN];
char implicitly_uses_app_ids[MAX_APP_ID_PROPERTY_LEN];
char *risk;
char *app_name;
char *parent_app_name;
char *category;
char *subcategroy;
char *technology;
char *characteristics;
};
extern Maat_feather_t g_tsg_maat_feather;
@@ -121,13 +78,20 @@ enum ACTION_RETURN_TYPE
ACTION_RETURN_TYPE_PROT=0,
ACTION_RETURN_TYPE_APP
};
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *a_packet);
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data);
int tsg_get_method_id(char *method);
int tsg_free_compile_user_region(const struct Maat_rule_t *rule, struct compile_user_region *user_region);
struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maat_feather, struct Maat_rule_t *result);
////return -1 if none exists otherwise return >=0
int tsg_get_column_integer_value(const char* line, int column_seq);
//return NULL if none exists, otherwise return value;
char *tsg_get_column_string_value(const char* line, int column_seq);
int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq);
int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq);
int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq);

4
inc/tsg_send_log.h
View File

@@ -3,6 +3,10 @@
#include <MESA/Maat_rule.h>
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
typedef struct _tsg_log
{

2
src/CMakeLists.txt
View File

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
add_definitions(-fPIC)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_traffic_mirror.cpp tsg_send_raw_packet.cpp tsg_action.cpp tsg_leaky_bucket.cpp)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_traffic_mirror.cpp tsg_send_raw_packet.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp)
include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/)

122
src/tsg_action.cpp
View File

@@ -21,6 +21,7 @@
#include "tsg_rule.h"
#include "tsg_entry.h"
#include "tsg_statistic.h"
#include "tsg_protocol_common.h"
extern "C" int sendpacket_do_checksum(unsigned char *buf, int protocol, int len);
@@ -301,17 +302,14 @@ static int copy_ip_tcp_header(const struct streaminfo *a_stream, const void *a_p
return 0;
}
static unsigned char send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len)
int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir)
{
int ret=0;
unsigned char raw_route_dir=0;
if(payload==NULL || payload_len<=0)
{
return -1;
}
raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
ret=sapp_inject_pkt((struct streaminfo *)a_stream, sio, payload, payload_len, raw_route_dir);
if(ret<=0)
{
@@ -324,11 +322,12 @@ static unsigned char send_inject_packet(const struct streaminfo *a_stream, enum
return 0;
}
static int send_reponse_packet(const struct streaminfo *a_stream, char *packet, int payload_len, int v4_or_v6, int ip_tcp_hdr_len, int http_hdr_len)
static int http_send_reponse_packet(const struct streaminfo *a_stream, char *packet, int payload_len, int v4_or_v6, int ip_tcp_hdr_len, int http_hdr_len)
{
struct iphdr *ipv4=NULL;
struct ip6_hdr *ipv6=NULL;
struct tcphdr *tcp=NULL;
unsigned char raw_route_dir=0;
tcp=(struct tcphdr *)(packet+(ip_tcp_hdr_len-20)); // tcp header=20 bytes
@@ -346,14 +345,15 @@ static int send_reponse_packet(const struct streaminfo *a_stream, char *packet,
sendpacket_do_checksum((unsigned char *)packet, IPPROTO_TCP, tcp->doff*4 + http_hdr_len+payload_len);
}
send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, packet, ip_tcp_hdr_len+http_hdr_len+payload_len);
raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
tsg_send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, packet, ip_tcp_hdr_len+http_hdr_len+payload_len, raw_route_dir);
tcp->seq=htonl(ntohl(tcp->seq)+http_hdr_len+payload_len);
return ip_tcp_hdr_len+http_hdr_len+payload_len;
}
static int build_response_pages(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
static int http_build_response_packet(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
{
char *payload=NULL;
char message[1024*64]={0};
@@ -378,7 +378,8 @@ static int build_response_pages(const struct streaminfo *a_stream, struct Maat_r
http_hdr_len=get_http_header(message+ip_tcp_hdr_len, sizeof(message)-ip_tcp_hdr_len, user_region->deny->code, NULL);
payload_len=get_response_pages(p_result, user_region, &payload, a_stream->threadnum);
//TLD_append(TLD_handle, (char *)"http_action_file_size", (void *)(long)payload_len, TLD_TYPE_LONG);
set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, (void *)&payload_len, a_stream->threadnum);
get_tcp_mss_option(a_stream, TCP_OPT_MSS, (void *)&max_segment_size);
@@ -387,7 +388,7 @@ static int build_response_pages(const struct streaminfo *a_stream, struct Maat_r
one_payload_len=MIN(payload_len-i, max_segment_size-http_hdr_len);
memcpy((char *)message+ip_tcp_hdr_len+http_hdr_len, payload+i, one_payload_len);
send_pkt_len+=send_reponse_packet(a_stream, message, one_payload_len, v4_or_v6, ip_tcp_hdr_len, http_hdr_len);
send_pkt_len+=http_send_reponse_packet(a_stream, message, one_payload_len, v4_or_v6, ip_tcp_hdr_len, http_hdr_len);
http_hdr_len=0;
}
@@ -398,28 +399,28 @@ static int build_response_pages(const struct streaminfo *a_stream, struct Maat_r
}
set_tcp_flags(message, ip_tcp_hdr_len);
send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin
http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin
reverse_ip_tcp_header(message, ip_tcp_hdr_len, v4_or_v6);
send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin
http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin
return send_pkt_len;
}
static int get_content_303(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, char *http_hdr, int http_hdr_len)
static int http_get_content_303(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, char *http_hdr, int http_hdr_len)
{
int used_len=0;
char *tmp_buff=NULL;
char ip_str[128]={0};
std::string output;
struct _session_attribute_label_t *attr_label=NULL;
struct session_attribute_label *attr_label=NULL;
ctemplate::Template *tpl_303=ctemplate::Template::StringToTemplate(url, strlen(url), ctemplate::DO_NOT_STRIP);
ctemplate::TemplateDictionary dict_303("url_dict"); //dict is automatically finalized after function returned.
dict_303.SetIntValue("tsg_policy_id", p_result->config_id);
attr_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
attr_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
if(attr_label!=NULL && attr_label->client_subscribe_id!=NULL)
{
dict_303.SetFormattedValue("tsg_subscriber_id", "%s", attr_label->client_subscribe_id->subscribe_id);
@@ -460,19 +461,30 @@ static int get_content_303(const struct streaminfo *a_stream, struct Maat_rule_t
return used_len;
}
static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result)
static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol)
{
if(protocol==PROTO_DNS)
{
return STATE_GIVEME|STATE_DROPPKT;
}
set_drop_stream(a_stream);
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol)
{
int ret=0,opt_value=0;
struct rst_tcp_para rst_paras={0};
if(a_stream->type==STREAM_TYPE_TCP)
{
rst_paras.rst_pkt_num=1;
rst_paras.signature_seed1=65535;
rst_paras.signature_seed2=13;
rst_paras.th_flags=4;
rst_paras.rst_pkt_num=g_tsg_para.reset.pkt_num;
rst_paras.signature_seed1=g_tsg_para.reset.seed1;
rst_paras.signature_seed2=g_tsg_para.reset.seed2;
rst_paras.th_flags=g_tsg_para.reset.th_flags;
rst_paras.__pad_no_use=0;
rst_paras.dir=DIR_DOUBLE;
rst_paras.dir=g_tsg_para.reset.dir;
ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras));
if(ret<0)
{
@@ -487,13 +499,14 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
);
}
if(g_tsg_para.reset.remedy==1)
{
opt_value=1;
MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value));
}
}
set_drop_stream(a_stream);
return APP_STATE_DROPPKT|APP_STATE_DROPME;
return STATE_DROPPKT|STATE_DROPME;
}
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
@@ -504,12 +517,13 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat
context=NULL;
return PROT_STATE_DROPME;
return STATE_GIVEME;
}
static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
{
char *payload=NULL;
unsigned char raw_route_dir=0;
switch(user_region->deny->code)
{
@@ -525,10 +539,11 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa
if(payload!=NULL)
{
send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload));
raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload), raw_route_dir);
}
return PROT_STATE_DROPME|PROT_STATE_DROPPKT;
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
@@ -541,21 +556,21 @@ static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maa
case 204:
case 403:
case 404:
send_pkt_len=build_response_pages(a_stream, p_result, user_region, a_packet);
send_pkt_len=http_build_response_packet(a_stream, p_result, user_region, a_packet);
tsg_set_statistic_opt(send_pkt_len, ((user_region->method_type==TSG_METHOD_TYPE_ALERT) ? OPT_TYPE_ALERT_BYTES : OPT_TYPE_BLOCK_BYTES), a_stream->threadnum);
break;
default:
break;
}
return PROT_STATE_DROPME|PROT_STATE_DROPPKT;
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet)
{
if(user_region==NULL || user_region->deny==NULL)
{
return do_action_reset(a_stream, p_result);
return do_action_drop(a_stream, p_result, protocol);
}
switch(protocol)
@@ -575,55 +590,61 @@ static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat
set_drop_stream(a_stream);
return PROT_STATE_DROPME|PROT_STATE_DROPPKT;
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
{
int used_http_hdr_len=0;
char http_hdr[1024]={0};
unsigned char raw_route_dir=0;
switch(user_region->deny->code)
{
case 302:
used_http_hdr_len=get_http_header(http_hdr, sizeof(http_hdr), user_region->deny->code, user_region->deny->redirect_url_to);
send_inject_packet( a_stream, SIO_DEFAULT, http_hdr, used_http_hdr_len);
break;
case 303:
used_http_hdr_len=get_content_303(a_stream, p_result, user_region->deny->redirect_url_to, http_hdr, sizeof(http_hdr));
send_inject_packet( a_stream, SIO_DEFAULT, http_hdr, used_http_hdr_len);
used_http_hdr_len=http_get_content_303(a_stream, p_result, user_region->deny->redirect_url_to, http_hdr, sizeof(http_hdr));
break;
default:
return STATE_DROPME|STATE_DROPPKT;
break;
}
return PROT_STATE_DROPME|PROT_STATE_DROPPKT;
raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
tsg_send_inject_packet( a_stream, SIO_DEFAULT, http_hdr, used_http_hdr_len, raw_route_dir);
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol)
static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
{
if(user_region==NULL || user_region->deny==NULL)
{
return do_action_reset(a_stream, p_result);
return do_action_drop(a_stream, p_result, protocol);
}
switch(protocol)
{
case PROTO_DNS:
return do_action_redirect_dns(a_stream, p_result, user_region, user_data);
break;
case PROTO_HTTP:
do_action_redirect_http(a_stream, p_result, user_region);
set_drop_stream(a_stream);
break;
default:
break;
}
set_drop_stream(a_stream);
return PROT_STATE_DROPME|PROT_STATE_DROPPKT;
return STATE_DROPME|STATE_DROPPKT;
}
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *a_packet)
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char state=APP_STATE_GIVEME;
unsigned char local_state=STATE_GIVEME;
unsigned char state=0;
int method_type=TSG_METHOD_TYPE_RESET;
struct compile_user_region *user_region=NULL;
@@ -636,18 +657,24 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
switch(method_type)
{
case TSG_METHOD_TYPE_DROP:
local_state=do_action_drop(a_stream, p_result, protocol);
if(g_tsg_para.deploy_mode==DEPLOY_MODE_MIRROR)
{
local_state=do_action_reset(a_stream, p_result, protocol);
}
break;
case TSG_METHOD_TYPE_RESET:
state=do_action_reset(a_stream, p_result);
local_state=do_action_reset(a_stream, p_result, protocol);
break;
case TSG_METHOD_TYPE_BLOCK:
case TSG_METHOD_TYPE_ALERT:
state=do_action_block_xxx(a_stream, p_result, user_region, protocol, a_packet);
local_state=do_action_block_xxx(a_stream, p_result, user_region, protocol, user_data);
break;
case TSG_METHOD_TYPE_REDIRECTION:
state=do_action_redirect_xxx( a_stream, p_result, user_region, protocol);
local_state=do_action_redirect_xxx( a_stream, p_result, user_region, protocol, user_data);
break;
case TSG_METHOD_TYPE_RATE_LINIT:
state=do_action_ratelimit(a_stream, p_result, user_region);
local_state=do_action_ratelimit(a_stream, p_result, user_region);
break;
default:
break;
@@ -655,7 +682,10 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
state= ((type==ACTION_RETURN_TYPE_PROT) ? (PROT_STATE_DROPME|PROT_STATE_DROPPKT) : (PROT_STATE_DROPME|PROT_STATE_DROPPKT));
state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME);
state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_DROPME ? PROT_STATE_DROPME : 0) : (local_state&STATE_DROPME ? APP_STATE_DROPME : 0));
state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_GIVEME ? PROT_STATE_GIVEME: 0) : (local_state&STATE_GIVEME ? APP_STATE_GIVEME: 0));
state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_DROPPKT ? PROT_STATE_DROPPKT : 0) : (local_state&STATE_DROPPKT ? APP_STATE_DROPPKT: 0));
return state;
}

273
src/tsg_dns.cpp Normal file
View File

@@ -0,0 +1,273 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <MESA/dns.h>
#include "tsg_entry.h"
#include "tsg_protocol_common.h"
static int random_integer(int max, int min)
{
if(max>min)
{
return (rand()%(max-min+1));
}
return 0;
}
static int record_set_uint32(char *payload, unsigned int value)
{
*(unsigned int *)payload=(unsigned int)(value);
return 4;
}
static int record_hton_uint16(char *payload, unsigned short value)
{
*(unsigned short *)payload=(unsigned short)htons(value);
return 2;
}
static int record_hton_uint32(char *payload, unsigned int value)
{
*(unsigned int *)payload=(unsigned int)htonl(value);
return 4;
}
static int compress_domain_record(unsigned char *domain, int domain_len, u_char *result)
{
int section_len = 0;
int result_pos = 1;
int domain_pos = 0;
if(domain_len < 0 || domain_len > DNS_MAX_NAME+1 || '.' == domain[0] || '.' == domain[domain_len - 1])
{
return -1;
}
while((domain[domain_pos] != '\n')||(domain[domain_pos] != '\0'))
{
section_len = 0;
while((domain[domain_pos] != '.') &&(domain[domain_pos] != '\n')&&(domain[domain_pos] != '\0'))
{
result[result_pos] = domain[domain_pos];
result_pos++;
domain_pos++;
section_len++;
}
result[result_pos - section_len -1] = section_len;
if((domain[domain_pos] == '\n')||(domain[domain_pos] == '\0'))
break;
result_pos++;
domain_pos++;
}
result[result_pos]= '\0';
if(result_pos >= domain_len)
{
return result_pos+1;
}
else
{
return result_pos;
}
return 0;
}
int dns_set_response_header(dns_hdr_t *dns_hdr)
{
dns_hdr->qr = 1; // 1bit: Response
dns_hdr->opcode = 0; // 4bits: Query
dns_hdr->aa = 0; // 1bit: authoritative answer
dns_hdr->tc = 0; // 1bit: Not truncated
dns_hdr->rd = 1; // 1bit: Recursion Desired
dns_hdr->ra = 1; // 1bit: Recursion Available
dns_hdr->z = 0; // 3bits: Reserved for future use: Must be zero in all queries and responses
dns_hdr->rcode = 0; // 4bits: 0: No error condition
dns_hdr->id = htons(dns_hdr->id);
dns_hdr->qdcount = htons(dns_hdr->qdcount); // 16bits: QDCOUNT: number of questions
dns_hdr->ancount = htons(dns_hdr->ancount); // 16bits: ANCOUNT: number of answer resource records
dns_hdr->aucount = htons(dns_hdr->aucount); // 16bits: NSCOUNT: number of authority resource records
dns_hdr->adcount = htons(dns_hdr->adcount); // 16bits: ARCOUNT: number of additional resource records
return 0;
}
int dns_set_response_question(char *payload, int payload_len, dns_query_question_t *query_question)
{
int compress_len=0, used_len=0;
u_char compress_name[DNS_MAX_NAME+1];
/* ֻ<><D6BB><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
memset(compress_name, 0, sizeof(compress_name));
compress_len=compress_domain_record(query_question->qname,strlen((char *)(query_question->qname)), compress_name);
if(compress_len<=0)
{
return -1;
}
memcpy(payload, compress_name, compress_len);
used_len+=compress_len;
used_len+=record_hton_uint16(payload+used_len, query_question->qtype);
used_len+=record_hton_uint16(payload+used_len, query_question->qclass);
return used_len;
}
int dns_set_response_records(char *payload, int payload_len, struct dns_record_val *record_val, int record_val_num, int max_ttl, int min_ttl)
{
int i=0,ttl=0,used_len=0;
unsigned short compress_len=0;
unsigned char compress_name[DNS_MAX_NAME+1]={0};
for(i=0; i<record_val_num; i++)
{
used_len+=record_hton_uint16(payload+used_len, (unsigned short)0xc00c);
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].answer_type));//type
used_len+=record_hton_uint16(payload+used_len, (unsigned short)1); //class
ttl=random_integer(max_ttl, min_ttl)+min_ttl;
used_len+=record_hton_uint32(payload+used_len, (unsigned int)ttl);//ttl
switch(record_val[i].answer_type)
{
case DNS_TYPE_A:
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len
used_len+=record_set_uint32(payload+used_len, (unsigned int)(record_val[i].v4_addr.s_addr)); //IPv4
break;
case DNS_TYPE_AAAA:
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len
memcpy(payload+used_len, record_val[i].v6_addr.s6_addr, record_val[i].len); //IPv6
used_len+=record_val[i].len;
break;
case DNS_TYPE_CNAME:
compress_len=compress_domain_record((unsigned char *)record_val[i].cname, record_val[i].len, compress_name);
used_len+=record_hton_uint16(payload+used_len, (unsigned short)(compress_len)); //len
memcpy(payload+used_len, compress_name, compress_len);
used_len+=compress_len;
break;
default:
break;
}
}
return used_len;
}
static int dns_set_header(struct _dns_info *dns_info, struct _dns_hdr *dns_hdr, int record_num)
{
dns_hdr->id = dns_info->hdr_info.id;
dns_hdr->qdcount = 1;
dns_hdr->ancount = record_num;
dns_set_response_header(dns_hdr);
return 0;
}
static struct dns_user_region *dns_get_user_records(struct dns_user_region *user_region_records, int user_region_records_num, int qtype)
{
int i=0;
for(i=0; i<user_region_records_num; i++)
{
if(user_region_records[i].query_type==qtype)
{
return &(user_region_records[i]);
}
}
return NULL;
}
static int dns_set_answer_records(char *payload, int payload_len, struct dns_answer_records *answer_records, int *answer_record_num)
{
if(answer_records==NULL)
{
return 0;
}
char profile_id[128]={0};
int idx=0, used_len=0, record_num=0;
struct dns_profile_records *profile_records=NULL;
if(answer_records->record_val.selected_flag==1)
{
snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id);
profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
if(profile_records==NULL)
{
return 0;
}
record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num);
idx=random_integer(profile_records->record_num, record_num);
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl);
(*answer_record_num)+=record_num;
dns_profile_records_free(0, (MAAT_PLUGIN_EX_DATA *)&profile_records, 0, NULL);
}
else
{
(*answer_record_num)++;
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, &(answer_records->record_val), 1, answer_records->max_ttl, answer_records->min_ttl);
}
return used_len;
}
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data)
{
int ret=0,used_len=0,record_num=0;
unsigned char raw_route_dir=0;
char payload[1024]={0};
int payload_len=sizeof(payload);
int header_len=sizeof(struct _dns_hdr);
struct dns_user_region *user_region_record=NULL;
struct _dns_info *dns_info=(struct _dns_info *)user_data;
if(dns_info->hdr_info.qr==1 && g_tsg_para.deploy_mode==DEPLOY_MODE_MIRROR) //mirror
{
return STATE_GIVEME;
}
if(dns_info->hdr_info.qr==0 && (g_tsg_para.deploy_mode==DEPLOY_MODE_INLINE || g_tsg_para.deploy_mode==DEPLOY_MODE_TRANSPARENT)) //inline or transparent
{
return STATE_GIVEME;
}
user_region_record=dns_get_user_records(user_region->deny->records, user_region->deny->records_num, dns_info->query_question.qtype);
if(user_region_record==NULL)
{
return STATE_GIVEME;
}
used_len+=header_len;
ret=dns_set_response_question(payload+used_len, payload_len-used_len, &(dns_info->query_question));
if(ret==-1)
{
return STATE_GIVEME|STATE_DROPPKT;
}
used_len+=ret;
used_len+=dns_set_answer_records(payload+used_len, payload_len-used_len, user_region_record->a, &record_num);
used_len+=dns_set_answer_records(payload+used_len, payload_len-used_len, user_region_record->aaaa, &record_num);
used_len+=dns_set_answer_records(payload+used_len, payload_len-used_len, user_region_record->cname, &record_num);
if(record_num<=0)
{
return STATE_GIVEME;
}
dns_set_header(dns_info, (struct _dns_hdr *)payload, record_num);
raw_route_dir=(dns_info->hdr_info.qr==0) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, used_len, raw_route_dir);
return STATE_GIVEME|STATE_DROPPKT;
}

101
src/tsg_entry.cpp
View File

@@ -4,7 +4,6 @@
#include <assert.h>
#include <sys/time.h>
#include <unistd.h>
#include <netinet/ip6.h>
#include <MESA/http.h>
#include <MESA/ftp.h>
@@ -24,6 +23,7 @@
#include "tsg_send_log_internal.h"
#include "tsg_ssl_utils.h"
#include "tsg_ssh_utils.h"
#include "tsg_protocol_common.h"
#ifdef __cplusplus
extern "C"
@@ -73,8 +73,8 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
{0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
{0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
{0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
{0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
{0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
{0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
{0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"}
};
@@ -158,6 +158,34 @@ static int get_device_id(char *command, int entrance_id)
return (entrance_id<<7)+(atoi(buffer)%128);
}
static int get_deploy_mode(void)
{
char s_mode[128]={0};
int len=sizeof(s_mode);
int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len);
if(ret>=0)
{
if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0)
{
g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
}
else if((memcmp(s_mode, "inline", strlen(s_mode)))==0)
{
g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE;
}
else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0)
{
g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT;
}
else
{
g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
}
}
return 0;
}
static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context)
{
if(g_tsg_para.hit_path_switch==0)
@@ -537,12 +565,12 @@ static void copy_monitor_result(const struct streaminfo *a_stream, struct master
static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq)
{
int ret=0;
policy_priority_label_t *priority_label=NULL;
struct policy_priority_label *priority_label=NULL;
priority_label=(policy_priority_label_t *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
if(priority_label==NULL)
{
priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t));
priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));
}
else
{
@@ -557,7 +585,7 @@ static void copy_result_to_project(const struct streaminfo *a_stream, struct mas
);
}
memset(priority_label, 0, sizeof(policy_priority_label_t));
memset(priority_label, 0, sizeof(struct policy_priority_label));
priority_label->proto=proto;
if(domain!=NULL)
@@ -775,9 +803,9 @@ int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_res
static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq)
{
int scan_ret=0;
struct _session_attribute_label_t *attribute_label=NULL;
struct session_attribute_label *attribute_label=NULL;
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
if(attribute_label!=NULL && domain!=NULL && table_id>=0)
{
attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq);
@@ -793,15 +821,15 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT
unsigned long long current_time=0;
int ret=0,size=sizeof(create_time);
struct _ssl_ja3_info_t *ja3_info=NULL;
struct _session_attribute_label_t *attribute_label=NULL;
struct session_attribute_label *attribute_label=NULL;
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
if(attribute_label==NULL)
{
attribute_label=(struct _session_attribute_label_t *)dictator_malloc(thread_seq, sizeof(struct _session_attribute_label_t));
memset(attribute_label, 0, sizeof(struct _session_attribute_label_t));
attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label));
memset(attribute_label, 0, sizeof(struct session_attribute_label));
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (const void *)attribute_label);
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label);
if(ret<0)
{
dictator_free(thread_seq, (void *)attribute_label);
@@ -840,6 +868,9 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT
case TSG_ATTRIBUTE_TYPE_PROTOCOL:
attribute_label->proto=(tsg_protocol_t)(*(int *)value);
break;
case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE:
attribute_label->http_action_file_size=(*(int *)value);
break;
case TSG_ATTRIBUTE_TYPE_JA3_HASH:
ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
if(ja3_info!=NULL)
@@ -896,43 +927,43 @@ int tsg_set_device_id_to_telegraf(char *device_sn)
static void free_session_attribute_label(int thread_seq, void *project_req_value)
{
struct _session_attribute_label_t *label=(struct _session_attribute_label_t *)project_req_value;
struct session_attribute_label *label=(struct session_attribute_label *)project_req_value;
if(label!=NULL)
{
if(label->client_asn!=NULL)
{
ASN_free_data(label->client_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger);
ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger);
label->client_asn=NULL;
}
if(label->server_asn!=NULL)
{
ASN_free_data(label->server_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger);
ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger);
label->server_asn=NULL;
}
if(label->client_location!=NULL)
{
location_free_data(label->client_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger);
location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger);
label->client_location=NULL;
}
if(label->server_location!=NULL)
{
location_free_data(label->server_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger);
location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger);
label->server_location=NULL;
}
if(label->client_subscribe_id!=NULL)
{
subscribe_id_free_data(label->client_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger);
subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger);
label->client_subscribe_id=NULL;
}
if(label->server_subscribe_id!=NULL)
{
subscribe_id_free_data(label->server_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger);
subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger);
label->server_subscribe_id=NULL;
}
@@ -1162,12 +1193,12 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
int i=0,hit_num=0;
char *name=NULL;
char app_id_buff[32]={0};
struct app_id_dict_table *dict=NULL;
struct app_id_dict *dict=NULL;
for(i=0; i< identify_result->app_id_num; i++)
{
snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]);
dict=(struct app_id_dict_table *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
if(dict!=NULL)
{
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->risk, (char *)"risk", thread_seq);
@@ -1179,7 +1210,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->app_name, identify_result->app_id[i], thread_seq);
//hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq);
app_id_dict_free_data(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
}
else
{
@@ -1613,6 +1644,15 @@ extern "C" int TSG_MASTER_INIT()
return -1;
}
srand(time(0));
get_deploy_mode();
MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1);
MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535);
MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13);
MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14);
MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE);
MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 0);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_SWITCH", &g_tsg_para.default_compile_switch, 0);
@@ -1650,8 +1690,8 @@ extern "C" int TSG_MASTER_INIT()
}
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL");
g_tsg_para.internal_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label);
if(g_tsg_para.internal_project_id<0)
g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label);
if(g_tsg_para.session_attribute_project_id<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
}
@@ -1728,7 +1768,7 @@ extern "C" int TSG_MASTER_INIT()
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ...");
return -1;
}
g_tsg_log_instance->internal_project_id=g_tsg_para.internal_project_id;
g_tsg_log_instance->session_attribute_project_id=g_tsg_para.session_attribute_project_id;
MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30);
MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port));
@@ -1801,6 +1841,7 @@ extern "C" int TSG_MASTER_INIT()
{
return -1;
}
return 0;
}
@@ -1808,7 +1849,13 @@ extern "C" int TSG_MASTER_INIT()
extern "C" int TSG_MASTER_UNLOAD()
{
sleep(5);
Maat_burn_feather(g_tsg_maat_feather);
g_tsg_maat_feather=NULL;
Maat_burn_feather(g_tsg_dynamic_maat_feather);
g_tsg_dynamic_maat_feather=NULL;
return 0;
}

62
src/tsg_entry.h
View File

@@ -1,6 +1,12 @@
#ifndef __TSG_ENTRY_H__
#define __TSG_ENTRY_H__
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip6.h>
#include <MESA/dns.h>
#include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
#include <ctemplate/template.h>
@@ -37,6 +43,14 @@ typedef int atomic_t;
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum DEPLOY_MODE
{
DEPLOY_MODE_MIRROR,
DEPLOY_MODE_INLINE,
DEPLOY_MODE_TRANSPARENT,
DEPLOY_MODE_MAX
};
enum MASTER_TABLE{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
@@ -64,6 +78,7 @@ enum MASTER_TABLE{
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD,
TABLE_MAX
};
@@ -91,8 +106,8 @@ enum TSG_FS2_TYPE{
TSG_FS2_INJECT_PKT_SUCCESS,
TSG_FS2_INJECT_PKT_FAILED,
TSG_FS2_MIRRORED_PKT_SUCCESS,
TSG_FS2_MIRRORED_PKT_FAILED,
TSG_FS2_MIRRORED_BYTE_SUCCESS,
TSG_FS2_MIRRORED_PKT_FAILED,
TSG_FS2_MIRRORED_BYTE_FAILED,
TSG_FS2_MAX
};
@@ -106,6 +121,7 @@ enum TSG_ATTRIBUTE_TYPE
TSG_ATTRIBUTE_TYPE_LOCATION,
TSG_ATTRIBUTE_TYPE_ASN,
TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
_MAX_TSG_ATTRIBUTE_TYPE
};
@@ -135,12 +151,10 @@ struct l7_protocol
UT_hash_handle hh2; /* handle for second hash table */
};
struct _fqdn_category_t
struct fqdn_category
{
int ref_cnt;
unsigned int category_id;
int match_method;
char fqdn[MAX_DOAMIN_LEN/8];
};
struct http_response_pages
@@ -186,8 +200,18 @@ struct tcpall_context
};
};
struct reset_argv
{
int pkt_num;
int seed1;
int seed2;
int th_flags;
int dir;
int remedy;
};
#define _MAX_TABLE_NAME_LEN 64
typedef struct _tsg_para
typedef struct tsg_para
{
int level;
short mirror_switch;
@@ -197,6 +221,7 @@ typedef struct _tsg_para
int entrance_id;
int hash_timeout;
int hash_slot_size;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int hit_path_switch;
int default_compile_switch;
@@ -204,7 +229,7 @@ typedef struct _tsg_para
int table_id[TABLE_MAX];
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
int priority_project_id;
int internal_project_id;
int session_attribute_project_id;
int context_project_id;
int tcpall_project_id;
int linkinfo_project_id;
@@ -212,12 +237,13 @@ typedef struct _tsg_para
int app_bridge_id;
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOAMIN_LEN/8];
char log_path[MAX_DOAMIN_LEN/8];
char device_id_command[MAX_DOAMIN_LEN/8];
char device_sn[MAX_DOMAIN_LEN/8];
char log_path[MAX_DOMAIN_LEN/8];
char device_id_command[MAX_DOMAIN_LEN/8];
char data_center[_MAX_TABLE_NAME_LEN];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
void *logger;
struct reset_argv reset;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
@@ -228,8 +254,9 @@ typedef struct _tsg_para
}g_tsg_para_t;
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
typedef enum _tsg_statis_field_id
typedef enum tsg_statis_field_id
{
STATIS_UNKNOWN=0,
STATIS_ENTRANCE_ID=1,
@@ -301,7 +328,7 @@ enum TRAFFIC_INFO_IDX
TRAFFIC_INFO_MAX
};
typedef struct _tsg_statistic
typedef struct tsg_statistic
{
int cycle;
int fs_line_id;
@@ -324,10 +351,13 @@ const void *get_struct_project(const struct streaminfo *a_stream, int project_id
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int thread_seq);
int tsg_set_vlan_id_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct mirrored_vlan *vlan_id, int vlan_num, int thread_seq);
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
@@ -336,14 +366,14 @@ struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Ma
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id_info_t **source_subscribe_id, struct _subscribe_id_info_t **dest_subscribe_id);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
int tsg_get_vlan_id_by_monitor_rule(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, struct mirrored_vlan *vlan, int vlan_num);

114
src/tsg_protocol_common.h Normal file
View File

@@ -0,0 +1,114 @@
#ifndef __TSG_PROTOCOL_COMMON_H__
#define __TSG_PROTOCOL_COMMON_H__
#include <MESA/stream.h>
#include "tsg_rule.h"
#include <sys/socket.h>
#include <netinet/in.h>
#define STATE_GIVEME 1
#define STATE_DROPME 2
#define STATE_DROPPKT 4
#define STATE_KILL_OTHER 8
enum TSG_DENY_TYPE
{
TSG_DENY_TYPE_MESSAGE=0,
TSG_DENY_TYPE_PROFILE,
TSG_DENY_TYPE_REDIRECT_TO,
TSG_DENY_TYPE_REDIRECT_URL,
TSG_DENY_TYPE_REDIRECT_RECORD,
TSG_DENY_TYPE_MAX
};
struct selected_record
{
int profile_id;
int selected_num;
};
struct dns_record_val
{
int answer_type;
int selected_flag;
int len;
union
{
void *value;
char *cname;
struct in_addr v4_addr;
struct in6_addr v6_addr;
struct selected_record selected;
};
};
struct dns_answer_records
{
int max_ttl;
int min_ttl;
struct dns_record_val record_val;
};
struct dns_profile_records
{
int ref_cnt;
int record_id;
int record_num;
int answer_type;
struct dns_record_val *record_val;
};
struct dns_user_region
{
int query_type; //dns.h
struct dns_answer_records *a;
struct dns_answer_records *aaaa;
struct dns_answer_records *cname;
};
struct deny_user_region
{
enum TSG_DENY_TYPE type;
union
{
int code;
int records_num;
};
union
{
char *message;
char *redirect_url_to;
struct dns_user_region *records;
int profile_id;
int bps;
void *para;
};
};
struct monitor_user_region
{
int enabled;
int vlan_id;
};
struct compile_user_region
{
int ref_cnt;
enum TSG_METHOD_TYPE method_type;
union
{
struct deny_user_region *deny;
struct monitor_user_region *mirror;
struct Maat_rule_t *result; //XJ default policy
void *user_region_para;
};
};
int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir);
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data);
#endif

1116
src/tsg_rule.cpp
View File

File diff suppressed because it is too large Load Diff

128
src/tsg_send_log.cpp
View File

@@ -34,6 +34,16 @@ const id2field_t tld_type[TLD_TYPE_MAX]={{TLD_TYPE_UNKNOWN, TLD_TYPE_UNKNOWN, "
extern "C" int MESA_get_dev_ipv4(const char *device, int *ip_add);
static int string_cat(char *dst, int dst_len, char *src)
{
if(dst==NULL || dst_len<=0 || src==NULL)
{
return 0;
}
return snprintf(dst, dst_len, "%s", src);
}
static int is_tunnels(struct streaminfo *a_stream)
{
const struct streaminfo *ptmp = a_stream;
@@ -151,26 +161,39 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_
return 0;
}
static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct _asn_info_t *asn_info)
static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info)
{
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
if(asn_info!=NULL)
{
snprintf(buff, sizeof(buff), "%s(%s)", asn_info->asn, asn_info->organization);
len+=string_cat(buff, buff_len-len, asn_info->asn_id);
buff[len++]='(';
len+=string_cat(buff, buff_len-len, asn_info->organization);
buff[len++]=')';
TLD_append(_handle, field_name, (void *)buff, TLD_TYPE_STRING);
}
return 1;
}
static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct _location_info_t *location_info)
static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info)
{
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
if(location_info!=NULL)
{
snprintf(buff, sizeof(buff), "%s,%s,%s", location_info->city_full, location_info->province_full, location_info->country_full);
len+=string_cat(buff, buff_len-len, location_info->city_full);
buff[len++]=',';
len+=string_cat(buff, buff_len-len, location_info->province_full);
buff[len++]=',';
len+=string_cat(buff, buff_len-len, location_info->country_full);
buff[len++]=',';
TLD_append(_handle, field_name, (void *)buff, TLD_TYPE_STRING);
}
@@ -322,6 +345,17 @@ static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle
return 1;
}
static int set_subscriber_id(struct TLD_handle_t *_handle, char *field_name, struct subscribe_id_info *subscriber)
{
if(subscriber!=NULL && subscriber->subscribe_id!=NULL)
{
TLD_append(_handle, field_name, (void *)subscriber->subscribe_id, TLD_TYPE_STRING);
return 1;
}
return 0;
}
static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, unsigned int *category_id, int category_id_num)
{
int i=0;
@@ -835,6 +869,28 @@ struct TLD_handle_t *TLD_create(int thread_id)
return _handle;
}
static int set_user_region(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct Maat_rule_t *p_result, int thread_seq)
{
int ret=0;
char *user_region=NULL;
if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0)
{
user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1);
ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1);
if(ret==p_result->serv_def_len)
{
user_region[p_result->serv_def_len]='\0';
TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)user_region, TLD_TYPE_STRING);
}
dictator_free(thread_seq, user_region);
user_region=NULL;
}
return 0;
}
static int get_gtp_ipv4v6_port(struct tsg_log_instance_t *_instance, struct streaminfo *a_stream, cJSON *object)
{
char ip_buff[64]={0};
@@ -1051,14 +1107,51 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name,
return 0;
}
int set_mirrored_pkt_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct mirrored_vlan *vlan, int compile_id)
{
int i=0;
for(i=0; i<vlan->compile_id_num; i++)
{
if(vlan->compile_id[i]==compile_id)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(long)(vlan->mirrored_pkts), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name, (void *)(long)(vlan->mirrored_bytes), TLD_TYPE_LONG);
return 1;
}
}
return 0;
}
int set_mirrored_session(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
{
int i=0,ret=0;
struct tcpall_context *context=(struct tcpall_context *)project_req_get_struct(a_stream, g_tsg_para.tcpall_project_id);
if(context!=NULL && context->method_type==TSG_METHOD_TYPE_MIRRORED)
{
for(i=0; i<context->vlan_num; i++)
{
ret=set_mirrored_pkt_bytes(_instance, _handle, &(context->vlan[i]), p_result->config_id);
if(ret==1)
{
return 1;
}
}
}
return 0;
}
int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct _session_attribute_label_t *attribute_label=NULL;
int ret=0;
struct session_attribute_label *attribute_label=NULL;
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id);
attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, _instance->session_attribute_project_id);
if(attribute_label!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)attribute_label->establish_latency_ms, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_ACTION_FILESIZE].name, (void *)(long)attribute_label->http_action_file_size, TLD_TYPE_LONG);
set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_ASN].name, attribute_label->client_asn);
set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_ASN].name, attribute_label->server_asn);
@@ -1066,6 +1159,12 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, attribute_label->client_location);
set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, attribute_label->server_location);
ret=set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->client_subscribe_id);
if(ret==0)
{
set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->server_subscribe_id);
}
set_fqdn_category(_instance, _handle, a_stream, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num);
if(attribute_label->ja3_fingerprint!=NULL)
@@ -1353,10 +1452,9 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id)
{
int ret=0,fs_id=0;
int fs_id=0;
int i=0,status=0;
char *payload=NULL;
char *user_agent=NULL;
int repeat_cnt=0;
struct timespec cur_time;
int policy_id[MAX_RESULT_NUM]={0};
@@ -1446,18 +1544,14 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);
if(_instance->send_user_region==1 && log_msg->result[i].action!=TSG_ACTION_NONE && log_msg->result[i].serv_def_len>0)
if(log_msg->result[i].action==TSG_ACTION_MONITOR)
{
user_agent=(char *)dictator_malloc(thread_id, log_msg->result[i].serv_def_len+1);
ret=Maat_read_rule(g_tsg_maat_feather, &(log_msg->result[i]), MAAT_RULE_SERV_DEFINE, user_agent, log_msg->result[i].serv_def_len+1);
if(ret==log_msg->result[i].serv_def_len)
{
user_agent[log_msg->result[i].serv_def_len]='\0';
TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)user_agent, TLD_TYPE_STRING);
set_mirrored_session(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
}
dictator_free(thread_id, user_agent);
user_agent=NULL;
if(_instance->send_user_region==1)
{
set_user_region(_instance, _handle, &log_msg->result[i], thread_id);
}
if(log_msg->result[i].action==TSG_ACTION_DENY)

4
src/tsg_send_log_internal.h
View File

@@ -107,6 +107,8 @@ typedef enum _tsg_log_field_id
LOG_COMMON_USERDEFINE_APP,
LOG_COMMON_MIRRORED_PKTS,
LOG_COMMON_MIRRORED_BYTES,
LOG_COMMON_SUBSCRIBER_ID,
LOG_COMMON_HTTP_ACTION_FILESIZE,
LOG_COMMON_MAX
}tsg_log_field_id_t;
@@ -131,7 +133,7 @@ struct tsg_log_instance_t
int app_id_type;
int send_user_region;
int recovery_interval;
int internal_project_id;
int session_attribute_project_id;
int tcp_flow_project_id;
int udp_flow_project_id;
int *send_log_percent;