TSG-12336,TSG-12397,TSG-13086: 将L7 protocol字段与app_label字段整合为common_app_full_path字段,L7 protocol ID转字符串时取值策略OBJECT中Application Name

test/src/CMakeLists.txt

@@ -0,0 +1,36 @@
+cmake_minimum_required(VERSION 2.8)
+
+set(SRC ../src/tsg_entry.cpp ../src/tsg_rule.cpp ../src/tsg_ssl_utils.cpp ../src/tsg_send_log.cpp ../src/tsg_statistic.cpp ../src/tsg_ssh_utils.cpp ../src/tsg_gtp_signaling.cpp ../src/tsg_action.cpp ../src/tsg_leaky_bucket.cpp ../src/tsg_dns.cpp ../src/tsg_icmp.cpp ../src/tsg_tamper.cpp tsg_master_gtest_protocol.cpp tsg_master_gtest_entry.cpp)
+
+include_directories(${CMAKE_SOURCE_DIR}/inc)
+include_directories(/opt/MESA/include/MESA/)
+include_directories(/opt/MESA/include)
+include_directories(/usr/include/)
+
+set(TSG_MASTER_DEPEND_DYN_LIB  MESA_handle_logger MESA_prof_load maatframe pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer)
+
+set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
+
+add_library(tsg_master_gtest SHARED ${SRC})
+set_target_properties(tsg_master_gtest PROPERTIES LINK_FLAGS "-Wl,--version-script=${PROJECT_SOURCE_DIR}/src/version.map")
+target_link_libraries(tsg_master_gtest ${TSG_MASTER_DEPEND_DYN_LIB} ctemplate-static)
+set_target_properties(tsg_master_gtest  PROPERTIES PREFIX "")
+
+install(TARGETS tsg_master_gtest LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master_gtest COMPONENT LIBRARIES)
+install(FILES ../bin/tsg_master.inf DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master_gtest COMPONENT PROFILE)
+
+
+add_definitions(-std=c++11)
+LINK_DIRECTORIES(/opt/MESA/lib)
+
+file(GLOB TEST_CASE "tsg_master_gtest_main.cpp")
+
+add_executable(master_gtest ${TEST_CASE})
+target_compile_options(master_gtest PUBLIC ${MEM_POOL_DEFINITIONS})
+target_link_libraries(master_gtest nsl pthread dl m pcap systemd cjson MESA_prof_load MESA_htable MESA_handle_logger MESA_jump_layer breakpad_mini MESA_field_stat2 rdkafka)
+target_link_libraries(master_gtest /home/mesasoft/sapp_run/lib/libsapp_devel.so)
+target_link_libraries(master_gtest gtest-static ctemplate-static)
+
+install(TARGETS master_gtest DESTINATION ${CMAKE_INSTALL_PREFIX}/ COMPONENT EXECUTABLE)
+
+

test/src/tsg_master_gtest_entry.cpp

@@ -0,0 +1,207 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/time.h>
+#include <unistd.h>
+
+#include "app_label.h"
+
+#include <MESA/stream.h>
+#include <MESA/MESA_prof_load.h>
+#include <MESA/MESA_handle_logger.h>
+#include <MESA/MESA_jump_layer.h>
+
+enum GTEST_BRIDGE
+{
+	GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT=0,
+	GTEST_BRIDGE_TYPE_MAX
+};
+
+struct gtest_para
+{
+	int bridge_id[GTEST_BRIDGE_TYPE_MAX];
+	char bridge_name[GTEST_BRIDGE_TYPE_MAX][64];
+};
+
+
+struct gtest_para g_gtest_para;
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_1_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=2;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=336;  //openvpn
+	lpi.app_id[1]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result user_define;
+	memset(&user_define, 0, sizeof(user_define));
+
+	user_define.app_id_num=1;
+	user_define.origin=ORIGIN_USER_DEFINE;
+	user_define.app_id[0]=3145;  //qq_web
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&user_define);
+
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=4;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=199;  //ssl
+	qm.app_id[2]=1241;  //qq_web
+	qm.app_id[3]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_2_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=2;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=336;  //openvpn
+	lpi.app_id[1]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=1;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=3;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=1241;  //qq_web
+	qm.app_id[2]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_3_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=2;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=336;  //openvpn
+	lpi.app_id[1]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=1;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_4_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=1;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result user_define;
+	memset(&user_define, 0, sizeof(user_define));
+	
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=2;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web	
+	built_in.app_id[1]=156;  //qq
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+
+
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=4;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=199;  //ssl
+	qm.app_id[2]=1241;  //qq_web
+	qm.app_id[3]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_5_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=2;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web	
+	built_in.app_id[1]=156;  //qq
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+	
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=4;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=199;  //ssl
+	qm.app_id[2]=1241;  //qq_web
+	qm.app_id[3]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_UNKNOWN_APP_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	return APP_STATE_DROPME;
+}
+
+extern "C" int GTEST_INIT()
+{
+	memset(&g_gtest_para, 0, sizeof(g_gtest_para));
+	
+	MESA_load_profile_string_def("tsgconf/main.conf", "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_gtest_para.bridge_name[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], 64, "APP_IDENTIFY_RESULT_BRIDGE");
+
+	for(int i=0; i<GTEST_BRIDGE_TYPE_MAX; i++)
+	{
+		g_gtest_para.bridge_id[i]=stream_bridge_build(g_gtest_para.bridge_name[i], "w");
+		if(g_gtest_para.bridge_id[i]<0)
+		{
+			printf("stream_bridge_build is error, bridge_name: %s", g_gtest_para.bridge_name[i]);	
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+extern "C" int GTEST_UNLOAD()
+{
+	return 0;
+}
+

test/src/tsg_master_gtest_function.h

@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/time.h>
+#include <unistd.h>
+
+#include <MESA/stream.h>
+#include <MESA/MESA_prof_load.h>
+#include <MESA/MESA_handle_logger.h>
+#include <MESA/MESA_jump_layer.h>
+
+#include "../inc/app_label.h"
+#include "../inc/tsg_rule.h"
+#include "../inc/tsg_send_log.h"
+#include "../inc/tsg_statistic.h"
+#include "../src/tsg_entry.h"
+#include "../src/tsg_send_log_internal.h"
+#include "../inc/tsg_ssl_utils.h"
+#include "../src/tsg_ssh_utils.h"
+#include "../src/tsg_protocol_common.h"
+
+#include "rapidjson/document.h"     // rapidjson's DOM-style API
+#include "rapidjson/prettywriter.h" // for stringify JSON
+#include "rapidjson/stringbuffer.h"
+
+using namespace rapidjson;
+using namespace std;
+
+extern "C" int TSG_MASTER_INIT();
+int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id);
+int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result);
+

test/src/tsg_master_gtest_main.cpp

@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include "../inc/app_label.h"
+#include "../inc/tsg_rule.h"
+#include "../inc/tsg_send_log.h"
+#include "../inc/tsg_statistic.h"
+//#include "../src/tsg_entry.h"
+#include "../src/tsg_send_log_internal.h"
+#include "../inc/tsg_ssl_utils.h"
+#include "../src/tsg_ssh_utils.h"
+#include "../src/tsg_protocol_common.h"
+
+#include "tsg_master_gtest_function.h"
+
+#include <gtest/gtest.h>
+
+/*
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.qq_web.wechat) = openvpn.psiphon
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.ssl.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn) = openvpn.ssl.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(null), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(null), appSketch(psiphon), Thrid(wechat) = psiphon
+	L7(null), appSketch(null), Thrid(openvpn.ssl.wechat) = openvpn.ssl.wechat
+	L7(null), appSketch(null), Thrid(null) = unknown
+*/
+
+TEST(MasterTest, AppFullPath)
+{
+
+}
+
+
+TEST(MasterTest, SetVlan)
+{
+	//int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID);
+	//EXPECT_EQ(1, ret);
+}
+
+
+int main(int argc, char *argv[])
+{
+	libsapp_setup_env(argc,argv);
+	testing::InitGoogleTest(&argc, argv);
+	return RUN_ALL_TESTS();
+}
+

test/src/tsg_master_gtest_protocol.cpp

@@ -0,0 +1,75 @@
+#include <MESA/stream.h>
+
+extern "C" void *http_field_parser(const char* buf, unsigned int buflen, int http_dir)
+{
+	return NULL;
+}
+
+extern "C" int http_get_filed_result(void *result, long long field_flag, char **field_value)
+{
+	return 0;
+}
+
+extern "C" void http_free_filed_result(void *result)
+{
+}
+
+extern "C" int ftp_control_identify(struct streaminfo *a_tcp)
+{
+	return 0;
+}
+
+extern "C" int ftp_data_identify(struct streaminfo *a_tcp)
+{
+	return 0;
+}
+
+extern "C" int mail_protocol_identify_by_first_payload(struct streaminfo *a_tcp, char *payload, int payload_len, int thread_seq)
+{
+	return 0;
+}
+
+extern "C" char stratum_identify(struct streaminfo* pstream,void** pme,int thread_seq,const void* a_packet)
+{
+	return 0;
+}
+
+extern "C" int rdp_protocol_identify(const char *payload, unsigned int payload_len, int thread_seq)
+{
+	return 0;
+}
+
+extern "C" int rdpudp_protocol_identify(const char *payload, unsigned int payload_len, int thread_seq)
+{
+	return 0;
+}
+
+int quic_version_int2string(unsigned int version, char *buff, int buff_len)
+{
+	return 0;
+}
+
+unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len)
+{
+	return 0;
+}
+
+extern "C" unsigned char sip_identify_from_to(char* buff,UINT32 buflen,char** from,UINT32* from_len,char** to,UINT32* to_len)
+{
+	return 0;
+}
+
+extern "C" int dtls_parse_sni(const char *udp_payload, int udp_payload_len, char *servername, int servername_len)
+{
+	return 0;
+}
+
+extern "C" bool dtls_identifyStream(struct streaminfo *a_udp)
+{
+	return 0;
+}
+
+extern "C" struct _ssl_ja3_info_t *ssl_get_ja3_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq)
+{
+	return NULL;
+}