TSG-12336,TSG-12397,TSG-13086: 将L7 protocol字段与app_label字段整合为common_app_full_path字段,L7 protocol ID转字符串时取值策略OBJECT中Application Name

.gitlab-ci.yml

@@ -4,7 +4,7 @@ variables:
   BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
   BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
   INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
-  INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel
+  INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel
 
 stages:
 - build
@@ -38,6 +38,7 @@ stages:
   script:
     - dnf --enablerepo=powertools install -y libmnl-devel
     - dnf --enablerepo=powertools install -y libnfnetlink-devel
+    - dnf --enablerepo=powertools install -y libnsl
     - ./ci/travis.sh
   tags:
     - share

CMakeLists.txt

@@ -36,6 +36,12 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
 
 add_subdirectory(support)
 add_subdirectory(src) 
+add_subdirectory(vendor)
+add_subdirectory(test)
+
+enable_testing()
+add_subdirectory(./ctest)
+
 
 SET(CPACK_RPM_LIBRARIES_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/cmake/PreInstall.sh")
 SET(CPACK_RPM_LIBRARIES_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/cmake/PreUninstall.sh")

bin/tsg_log_field.conf

@@ -119,4 +119,5 @@ LONG		common_vsys_id	106
 STRING		dtls_sni	107
 STRING  		common_tunnel_endpoint_a_desc   108
 STRING  		common_tunnel_endpoint_b_desc   109
-LONG			common_t_vsys_id		110
+LONG			common_t_vsys_id		110
+STRING		common_app_full_path	111

ctest/CMakeLists.txt

@@ -0,0 +1,17 @@
+cmake_minimum_required (VERSION 2.8)
+
+project(sapp_ctest)
+
+add_test(NAME COPY_CREATE_DIR COMMAND sh -c "mkdir -p ${CMAKE_BINARY_DIR}/testing/ ${CMAKE_BINARY_DIR}/testing/plug")
+add_test(NAME COPY_MASTER_GTEST_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/master_gtest ${CMAKE_BINARY_DIR}/testing/")
+add_test(NAME COPY_MASTER_GTEST_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/etc/ ${CMAKE_BINARY_DIR}/testing/")
+add_test(NAME COPY_MASTER_GTEST_CONFLIST COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/conflist.inf ${CMAKE_BINARY_DIR}/testing/plug")
+
+
+add_test(NAME COPY_MASTER_DIR COMMAND sh -c "mkdir -p ${CMAKE_BINARY_DIR}/testing/plug/platform/tsg_master/")
+add_test(NAME COPY_MASTER_INF COMMAND sh -c "cp ${CMAKE_SOURCE_DIR}/bin/tsg_master.inf ${CMAKE_BINARY_DIR}/testing/plug/platform/tsg_master/tsg_master.inf")
+add_test(NAME COPY_MASTER_SO COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/tsg_master_gtest.so ${CMAKE_BINARY_DIR}/testing/plug/platform/tsg_master/tsg_master.so")
+add_test(NAME COPY_MASTER_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/ ${CMAKE_BINARY_DIR}/testing/tsgconf")
+
+add_test(NAME FAKE_TEST COMMAND sh -c "pwd")
+

src/tsg_entry.cpp

@@ -1847,6 +1847,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
 			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1);
 			break;
 		case	ORIGIN_BASIC_PROTOCOL:
+			context->is_app_link=FLAG_TRUE;
 			if(context->proto==PROTO_UNKONWN || context->proto==PROTO_APP)
 			{
 				set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]);

src/tsg_entry.h

@@ -202,8 +202,7 @@ struct gather_app_result
 {
 	int app_num;
 	enum APP_IDENTIFY_ORIGIN origin;
-	struct app_attributes
+	struct app_attributes attributes[MAX_APP_ID_NUM];
- attributes[MAX_APP_ID_NUM];
 };
 
 struct l7_protocol 

src/tsg_send_log.cpp

@@ -684,7 +684,7 @@ static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, c
 }
 
 
-static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result, TLD_TYPE type)
+static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result)
 {
 	if(result==NULL || result->app_num<=0)
 	{
@@ -795,8 +795,7 @@ static int get_app_name_list(struct gather_app_result *result, char *app_name, i
 
 		if(i>0 && offset>0 && (app_name_len-offset)>0)
 		{
-			app_name[offset]='.';
+			app_name[offset++]='.';
-			offset++;
 		}
 		
 		offset+=tsg_app_id2name(result->attributes[i].app_id, app_name+offset, app_name_len-offset, is_joint_parent);
@@ -805,6 +804,170 @@ static int get_app_name_list(struct gather_app_result *result, char *app_name, i
 	return 1;
 }
 
+/*
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.qq_web.wechat) = openvpn.psiphon
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.ssl.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn) = openvpn.ssl.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(null), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(null), appSketch(psiphon), Thrid(wechat) = psiphon
+	L7(null), appSketch(null), Thrid(openvpn.ssl.wechat) = openvpn.ssl.wechat
+	L7(null), appSketch(null), Thrid(null) = unknown
+*/
+
+static int get_QM_app_idx(struct gather_app_result *qm_result)
+{
+	int i=0;
+	for(i=0; i<qm_result->app_num; i++)
+	{
+		if(tsg_l7_protocol_id2name(qm_result->attributes[i].app_id)==NULL)
+		{
+			break;
+		}
+	}
+
+	return i;
+}
+
+/*
+** Engine1 1.2 Engine2 1   -> 1.2
+** Engine1 1.2 Engine2 1.3 -> 1.2
+** Engine1 1   Engine2 1.2 -> 1.2
+** Engine1 2   Engine2 1.2 -> 1.2
+** Engine1 1   Engine2 2.3 -> 1
+** Engine1 1   Engine2 2   -> 1
+*/
+
+static int copy_app_id(struct app_attributes *result, int result_num, unsigned int *combined_array, int combined_array_num)
+{
+	int i=0;
+	for(i=0; i<result_num && i<combined_array_num; i++)
+	{
+		combined_array[i]=result[i].app_id;
+	}
+
+	return i;
+}
+static int engine_result_combine(struct app_attributes *engine1_result, int engine1_result_num, struct app_attributes *engine2_result, int engine2_result_num, unsigned int *combined_array, int combined_array_num)
+{
+	int i=0,j=0,intersection_flag=0;
+
+	for(i=0; i<engine1_result_num; i++)
+	{
+		for(j=i+1; j<engine2_result_num; j++)
+		{
+			if(engine1_result[i].app_id==engine2_result[j].app_id)
+			{
+				intersection_flag=1;
+				break;
+			}
+		}
+	}
+
+
+/* ** Engine1 2   Engine2 1.2 -> 1.2 ** */
+	if(intersection_flag==1 || engine1_result_num==0)
+	{
+		return copy_app_id(engine2_result, engine2_result_num, combined_array, combined_array_num);
+	}
+
+/* 
+** Engine1 1.2 Engine2 1   -> 1.2
+** Engine1 1.2 Engine2 1.3 -> 1.2
+*/
+	if(engine1_result_num>=engine2_result_num || engine2_result_num==0)
+	{	
+		return copy_app_id(engine1_result, engine1_result_num, combined_array, combined_array_num);
+	}
+
+/*
+** Engine1 1   Engine2 1.2 -> 1.2
+*/
+	if(engine2_result_num>engine1_result_num && engine1_result[0].app_id==engine2_result[0].app_id)
+	{
+		return copy_app_id(engine2_result, engine2_result_num, combined_array, combined_array_num);
+	}
+
+/*
+** Engine1 1   Engine2 2   -> 1
+** Engine1 1   Engine2 2.3 -> 1
+*/
+	return copy_app_id(engine1_result, engine1_result_num, combined_array, combined_array_num);
+}
+
+
+int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result)
+{
+	int offset=0;
+	int qm_app_idx=0;
+	int combined_num=0;
+	char app_full_path[256]={0};
+	unsigned int combined_array[MAX_APP_ID_NUM*2]={0};
+
+	qm_app_idx=get_QM_app_idx(&(result[ORIGIN_QM_ENGINE]));
+	combined_num+=engine_result_combine(result[ORIGIN_BASIC_PROTOCOL].attributes,
+										result[ORIGIN_BASIC_PROTOCOL].app_num,
+										result[ORIGIN_QM_ENGINE].attributes,
+										qm_app_idx, 
+										combined_array+combined_num,
+										sizeof(combined_array)-combined_num
+									);
+
+	
+
+	if(result[ORIGIN_USER_DEFINE].app_num==0)
+	{
+		combined_num+=engine_result_combine(result[ORIGIN_BUILT_IN].attributes,
+												result[ORIGIN_BUILT_IN].app_num,
+												(result[ORIGIN_QM_ENGINE].attributes)+qm_app_idx,
+												result[ORIGIN_QM_ENGINE].app_num-qm_app_idx,
+												combined_array+combined_num,
+												sizeof(combined_array)-combined_num
+											);
+	}
+	else
+	{
+		combined_num+=engine_result_combine(result[ORIGIN_USER_DEFINE].attributes,
+												result[ORIGIN_USER_DEFINE].app_num,
+												NULL,
+												0,
+												combined_array+combined_num,
+												sizeof(combined_array)-combined_num
+											);
+	}
+
+	if(combined_num==0)
+	{
+		offset=tsg_app_id2name(result[ORIGIN_UNKNOWN].attributes[0].app_id, app_full_path, sizeof(app_full_path), 0);
+		if(offset>0)
+		{
+			TLD_append(_handle, field_name, (void *)app_full_path, TLD_TYPE_STRING);
+		}
+		
+		return 1;
+	}
+
+	for(int i=0; i<combined_num; i++)
+	{
+		offset+=tsg_app_id2name(combined_array[i], app_full_path+offset, sizeof(app_full_path)-offset, 0);
+		if(offset>0)
+		{
+			app_full_path[offset++]='.';
+		}
+	}
+
+	if(offset>0)
+	{
+		app_full_path[offset-1]='\0';
+		TLD_append(_handle, field_name, (void *)app_full_path, TLD_TYPE_STRING);
+	}
+			
+	return 1;	
+}
+
+
 static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
 	int app_id_flag=0;
@@ -818,7 +981,12 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 	
 	gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
 	if(gather_result==NULL)
-	{		
+	{
+		if(tsg_app_id2name(_instance->unknown_app_id, app_name, sizeof(app_name), 0))
+		{
+			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING);
+		}
+		
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
 		return 0;
 	}
@@ -847,8 +1015,10 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 	}
 	else //string
 	{
-		set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG);
+		set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]));
 
+		set_app_full_path(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, gather_result);
+				
 		get_userdefine_name(&(gather_result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 0);
 		
 		if(app_id_flag!=1)
@@ -893,7 +1063,7 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 	return 1;
 }
 
-static int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id)
+int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id)
 {
 	if(layer_num==0)
 	{
@@ -1861,6 +2031,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "RAPIDJSON_CHUNK_CAPACITY", &(_instance->rapidjson_chunk_capacity), 8096);
 
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "VSYSTEM_ID", &(_instance->vsystem_id), 1);
+	MESA_load_profile_int_def(conffile, "SYSTEM","UNKNOWN_APP_ID", &_instance->unknown_app_id, 4);
 
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "APP_ID_TYPE", &(_instance->app_id_type), 1);	//0: int, 1: string	
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "L7_UNKNOWN_NAME", _instance->l7_unknown_name, sizeof(_instance->l7_unknown_name), "UNCATEGORIZED");

src/tsg_send_log_internal.h

@@ -1,6 +1,8 @@
 #ifndef	__TSG_SEND_LOG_INTERNAL_H__
 #define	__TSG_SEND_LOG_INTERNAL_H__
 
+#include <MESA/field_stat2.h>
+
 #include <librdkafka/rdkafka.h>
 #include <MESA/cJSON.h>
 #include <time.h>
@@ -130,6 +132,7 @@ typedef enum _tsg_log_field_id
 	LOG_COMMON_TUNNELS_ENDPOINT_A_DESC,
 	LOG_COMMON_TUNNELS_ENDPOINT_B_DESC,
 	LOG_COMMON_TRAFFIC_VSYSTEM_ID,
+	LOG_COMMON_APP_FULL_PATH,
 	LOG_COMMON_MAX
 }tsg_log_field_id_t;
 
@@ -197,6 +200,7 @@ struct tsg_log_instance_t
 	int max_service;
 	int app_id_type;
 	int vsystem_id;
+	int unknown_app_id;
 	int send_user_region;
 	int send_data_center;
 	int recovery_interval;

test/CMakeLists.txt

@@ -0,0 +1,25 @@
+cmake_minimum_required(VERSION 2.8)
+
+
+include_directories(${CMAKE_SOURCE_DIR}/inc)
+include_directories(/opt/MESA/include/MESA/)
+include_directories(/opt/MESA/include)
+include_directories(/usr/include/)
+
+set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
+
+add_library(tsg_master_gtest SHARED src/tsg_master_gtest_protocol.cpp src/tsg_master_gtest_entry.cpp)
+set_target_properties(tsg_master_gtest  PROPERTIES PREFIX "")
+
+add_definitions(-std=c++11)
+LINK_DIRECTORIES(/opt/MESA/lib)
+
+add_executable(master_gtest "src/tsg_master_gtest_main.cpp")
+target_compile_options(master_gtest PUBLIC ${MEM_POOL_DEFINITIONS})
+target_link_libraries(master_gtest pthread dl m pcap systemd cjson MESA_prof_load MESA_htable MESA_handle_logger MESA_jump_layer breakpad_mini MESA_field_stat2)
+target_link_libraries(master_gtest /home/mesasoft/sapp_run/lib/libsapp_devel.so)
+target_link_libraries(master_gtest gtest-static ctemplate-static)
+
+install(TARGETS master_gtest DESTINATION ${CMAKE_INSTALL_PREFIX}/ COMPONENT EXECUTABLE)
+
+

test/bin/conflist.inf

@@ -0,0 +1,4 @@
+[platform]
+./plug/platform/tsg_master/tsg_master.inf
+[protocol]
+[business]

test/bin/etc/asymmetric_addr_layer.conf

@@ -0,0 +1,6 @@
+vlan[*]
+mpls[*]
+gre[*]
+gtp[*]
+
+

test/bin/etc/asymmetric_presence_layer.conf

@@ -0,0 +1,2 @@
+#
+

test/bin/etc/entrylist.conf

@@ -0,0 +1,27 @@
+IP
+IPV6
+IPV6_RAW
+TCP_ALL
+TCP
+UDP
+HTTP
+SSL
+MAIL
+FTP
+PHONY
+POLLING
+IPSEC
+L2TP
+PPTP
+RTP
+DNS
+GTP
+STRATUM
+RADIUS
+QUIC
+RDP
+SSH
+SOCKS
+BGP
+DTLS
+SIP

test/bin/etc/gdev.conf

@@ -0,0 +1,5 @@
+[Module]
+pcapdevice=ens1f0
+sendto_gdev_card=ens1f0
+sendto_gdev_ip=10.252.20.1
+gdev_status_switch=1

test/bin/etc/gdev_block.conf

@@ -0,0 +1,14 @@
+[main]
+nfs_proto_stat_path=./log
+nfs_ddos_flow_detail_path=./log
+
+[gdev]
+service_type=1
+rule_scope=1
+durable=0
+auth_data=B9840E2442951834
+#phony server
+c3_list=10.0.6.201:22;
+
+c3_server_ip=10.0.6.201
+c3_server_port=22

test/bin/etc/necessary_plug_list.conf

@@ -0,0 +1,4 @@
+#以下插件如果加载,初始化失败, sapp平台会退出;
+#插件的路径来自配置文件 ./plug/conflist.inf, 不需要加段落标识[platform],[protocol],[business]等.
+#If the following plugins fail to initialize, the sapp platform will exit.
+#The name of the plugin comes from the configuration ./plug/conflist.inf, section identification is not required.

test/bin/etc/plugin.conf

@@ -0,0 +1,5 @@
+[PLUGIN]
+platform_config = ./plug/platform/conflist_platform.inf
+protocol_config = ./plug/protocol/conflist_protocol.inf
+business_config = ./plug/business/conflist_business.inf
+entrylist_config = ./etc/entrylist.conf

test/bin/etc/project_list.conf

@@ -0,0 +1,18 @@
+tcp_flow_stat           struct
+udp_flow_stat           struct
+tcp_deduce_flow_stat    struct
+POLICY_PRIORITY	struct
+ESTABLISH_LATENCY	long
+MAIL_IDENTIFY	int
+TSG_MASTER_INTERNAL_LABEL	struct
+BASIC_PROTO_LABEL	struct
+SKETCH_TRANS_LAYER_CTX_LABEL    struct
+SKETCH_PROTO_CTX_LABEL   struct
+common_link_info_c2s	struct
+common_link_info_s2c	struct
+common_link_info struct
+JA3_FINGERPRINT_LABEL	struct
+DKPT_PRO_V2	struct
+DPKT_PROJECT_V2	struct
+PPROJECT_PRO_V2	struct
+DPKT_BHSTAT_PROJECT	struct

test/bin/etc/sapp.toml

@@ -0,0 +1,266 @@
+###################################################################################################
+# NOTE:                                                                                           #
+#    The format of this file is toml (https://github.com/cktan/tomlc99)                           #
+#    to make vim editor display colorful and human readable,                                      #
+#    you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini       #
+###################################################################################################
+
+[SYSTEM]
+    instance_name = "sapp_v4.2"
+
+[CPU]
+worker_threads=1
+    send_only_threads_max=0
+### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+### there are two different grammars:
+### toml array format: bind_mask=[1,2,3,4,5,11,12,13,14,15]
+### MESA_load_profile range format: bind_mask="1-5,11-15"
+    bind_mask=[]
+
+[MEM]
+    dictator_enable=1
+
+[PACKET_IO]
+    [overlay_tunnel_definition]
+### note, since 2020-10-01, L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) is process and offload by mrtunnat, 	
+### after 2020-10-01, sapp support L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) without mrtunnat.
+l2_l3_tunnel_support=0
+
+### note, optional value is [none, vxlan]
+overlay_mode=none
+
+    [packet_io.feature]
+    destroy_all_plug_enabled=0
+### note, used to represent inbound or outbound direction value,
+### because it comes from Third party device, so it needs to be specified manually,
+### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
+### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
+    inbound_route_dir=1
+
+### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
+    BSD_packet_filter=""
+
+### note, same as tcpdump -Q/-P arg, possible values are `in', `out' and `inout', default is "in"
+    pcap_capture_direction="in"
+
+### note, support two mode: "inner_tuple2", "outer_tuple2"
+    pcap_distmode="inner_tuple2"
+
+### note, depolyment.mode options: [sys_route, vxlan_by_inline_device, raw_ethernet_single_gateway, raw_ethernet_multi_gateway]
+### sys_route: send ip(ipv6) packet by system route table, this is default mode in mirror mode;
+### vxlan_by_inline_device: encapsulation inject packet with vxlan, and then send to inline device by udp socket.
+### raw_ethernet_single_gateway: send layer2 ethernet packet to specific gateway in same broadcast domain. 
+### raw_ethernet_multi_gateway: send layer2 ethernet packet to multiple gateway in same broadcast domain. 
+    inject_pkt_mode=sys_route
+
+### note, this config is valid if inject_pkt_mode==vxlan_by_inline_device, means udp socket src port.
+    inject_mode_inline_device_sport=54789
+
+### note, this config is valid if inject_pkt_mode==raw_ethernet_single_gateway.
+    inject_mode_single_gateway_device="eth1"
+### inject_mode_single_gateway_src_mac has lower priority than get smac from inject_mode_single_gateway_device
+    inject_mode_single_gateway_src_mac="00:11:22:77:88:99"
+    inject_mode_single_gateway_dst_mac="00:11:22:33:44:55"
+
+dumpfile_sleep_time_before_exit=0
+
+### note, for example, dst mac is 01:12:34:56:78:90, src src is 02:AA:BB:CC:DD:EE:FF, 
+### ether[0] is 0x01, dst mac first octet, ether[1] is 0x12, dst mac second octet,
+### ether[6] is 0x02, src mac first octet, ether[11] is 0xFF, src mac sixth octet.
+### the bit field is from 0 to 7, the 0 is least significant bit, the 7 is most significant bit.
+    ##extract_linkdir_from_mac_in_mirror_mode="ether[4]:0"  ## for Xj example
+    extract_linkdir_from_mac_in_mirror_mode=""
+   
+### note, depolyment.mode options: [mirror, inline, transparent]
+    [packet_io.depolyment]
+    mode=mirror
+
+### note, interface.type options: [pag, pcap, marsio, tun]
+### receive from internal interface, route dir is 0,
+### receive from external interface, route dir is 1.
+    [packet_io.internal.interface]
+    type=pcap
+    name="lo"
+
+    [packet_io.external.interface]
+    type=pcap
+    name=lo
+    
+    [packet_io.polling]
+    enabled=1    
+### note, polling_priority = call sapp_recv_pkt every call polling_entry times,     
+    polling_priority=1
+
+    [packet_io.under_ddos]
+### note, to reduce impact of ddos attack,set some stream bypass, all plugins will not process these streams   
+    stream_bypass_enabled=0
+### note, cpu usage value is percent, for example, config value is 85, means 85%, valid range: [1,100]    
+### sapp change to bypass state immediately when realtime cpu usage > bypass_trigger_cpu_usage
+    bypass_trigger_cpu_usage=85    
+### note, unit of get_cpu_usage_interval is milliseconds(ms)     
+    get_cpu_usage_interval=500
+### note, use the average of the last $smooth_avg_window times as current realtime value 
+    smooth_avg_window=2
+
+    decrease_ratio="0.95"
+    increase_ratio="1.005"
+### note, unit of bypass_observe_time is second(s)     
+    recovery_observe_time=30
+
+
+[PROTOCOL_FEATURE]
+    ipv6_decapsulation_enabled=1
+    ipv6_send_packet_enabled=1
+    tcp_drop_pure_ack_pkt=0
+    tcp_syn_option_parse_enabled=1 
+skip_not_ip_layer_over_eth=0
+    skip_gtp_S_PN_E_field_for_inject=0
+
+[DUPLICATE_PKT]
+[dup_pkt.traffic.original]
+    original_ipv4_tcp_enabled=1
+    original_ipv4_udp_enabled=0
+### note, can't distinguish between duplicate traffic and application retransmit traffic for IPv6 packets,
+### so not support IPv6 original duplicate traffic check.
+
+[dup_pkt.traffic.inject]
+    inject_all_enabled=1
+
+[dup_pkt.parameters]
+    bloom_capacity=1000000
+    bloom_error_rate=0.00001
+    bloom_timeout=10
+
+
+[STREAM]
+### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S" 
+    stream_id_base_time="2021-01-01 00:00:00"
+    [stream.tcp]
+max=1000
+timeout=0
+    syn_mandatory=1
+reorder_pkt_max=5
+    analyse_option_enabled=1
+    tuple4_reuse_time_interval=30
+
+    meaningful_statistics_minimum_pkt=3
+    meaningful_statistics_minimum_byte=5
+    special_timeout_ratio=10
+
+        [stream.tcp.inject]
+        link_mss=1460
+
+        [stream.tcp.inject.rst]
+        auto_remedy=1
+        number=1
+        signature_enabled=1
+        signature_seed1=65535
+        signature_seed2=13
+        remedy_kill_tcp_by_inline_device=0
+
+    [stream.udp]
+max=1000
+timeout=0
+    meaningful_statistics_minimum_pkt=3
+    meaningful_statistics_minimum_byte=5
+    special_timeout_ratio=20
+
+[PROFILING]
+[profiling.pkt_latency]
+    enabled=0
+    accurate_enable=0
+### note, threshold unit is microseconds (us)
+    threshold=100000
+
+    [profiling.sanity_check]
+    raw_pkt_broken_enabled=0
+    symbol_conflict_enabled=0
+  
+    [profiling.log]
+    level=20
+    interval=1
+    
+        [profiling.log.local]
+        enabled=1
+### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.	 
+        file_truncate_enabled = 1
+     
+        [profiling.log.remote]
+        enabled=0
+        server_ip="127.0.0.1"
+        server_port=8126
+
+        [profiling.log.remote.field_stat2]
+### note, is valid when "remote_send_out_type=field_stat2"	 
+### note, metric_type option value: [default, json]
+        metric_type = default
+        app_name=sapp
+
+        [profiling.log.prometheus]
+        prometheus_enabled=0
+        prometheus_port=9273
+        prometheus_url_path="/metrics"
+     
+[TOOLS]
+    [tools.pkt_dump]
+    enabled=0
+### note, mode options value:[storage, udp_socket]
+    mode=udp_socket
+    BSD_packet_filter=""
+   
+        [tools.pkt_dump.threads]
+### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=0
+###       if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
+        all_threads_enabled=1
+   
+### note, dump_thread_id start from 0, max is CPU.worker_threads-1
+        dump_thread_id=[0,1,2,3,4]
+   
+        [tools.pkt_dump.udp]
+        command_port=12345
+        pkt_dump_ratio=30
+
+        [tools.pkt_dump.storage]
+### note, file path must be double quotation mark extension, for example,  path="/dev/shm/pkt_dump"
+        path="/dev/shm/pkt_dump"
+### note, file size unit: MB
+        file_size_max_per_thread=10000 
+
+[breakpad]
+    disable_coredump=0
+    enable_breakpad=0
+    breakpad_minidump_dir="/tmp/crashreport"
+    enable_breakpad_upload=0
+    breakpad_upload_url="http://127.0.0.1/"
+    breakpad_upload_tools="/opt/MESA/bin/minidump_upload"
+
+
+### note:
+### These configurations format is complex and difficult to describe with toml grammar,
+### so, create a independent secondary config file to description specific information.
+
+[SECONDARY_CONFIG_LINK]
+cfg_file_sapp_log="etc/sapp_log.conf"
+cfg_file_plug_list="plug/conflist.inf"
+    cfg_file_project_list="etc/project_list.conf"
+    cfg_file_entrylist="etc/entrylist.conf"
+    cfg_file_send_raw_pkt="etc/send_raw_pkt.conf"
+    cfg_file_vxlan_sport_map="etc/vxlan_sport_service_map.conf"
+    cfg_file_inline_device="etc/gdev.conf"
+    cfg_file_necessary_plug_list="etc/necessary_plug_list.conf"
+    cfg_file_stream_compare_layer="etc/stream_compare_layer.conf"
+    cfg_file_vlan_flipping="etc/vlan_flipping_map.conf"
+    cfg_file_asymmetric_addr_layer="etc/asymmetric_addr_layer.conf"
+    cfg_file_well_known_port="etc/well_known_port.conf"
+
+[SECONDARY_DATA_LINK]
+data_file_sysinfo_log="sysinfo.log"
+    data_file_field_stat_log="fs2_sysinfo.log"
+    data_file_inline_keepalive_log="gdev_keeplive_status.log"
+    data_file_load_plugin_stat_log="load_plugin_stat.log"
+    data_file_under_ddos_stat_log="under_ddos_stat.log"
+    data_file_memory_stat_log="memory_used_stat.log"
+
+[LIBRARY_LINK]
+    marsio_library_path="/opt/mrzcpd/lib/libmarsio.so"
+

test/bin/etc/sapp_log.conf

@@ -0,0 +1,16 @@
+[global]
+default format = "%d(%c), %V, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+STOP=40
+[formats]
+other = "%d(%c), %V, %F, %U, %m%n"
+plugin = "%d(%c), %m%n"
+[rules]
+__log_runtimelog.info    "./log/runtimelog.%d(%F)"
+__log_runtimelog_plugin.fatal    >stdout; plugin
+__log_runtimelog_plugin.fatal    "./log/plugin.log"; plugin
+__log_http_runtime.stop	"./log/%c.%d(%F)"; other
+!.*    "./log/%c.%d(%F)"; other

test/bin/etc/send_gdev.conf

@@ -0,0 +1,2 @@
+3	10.3.127.1	
+

test/bin/etc/send_raw_pkt.conf

@@ -0,0 +1,16 @@
+#<23><><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
+#<23><>ƽ̨<C6BD><CCA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ͬ<EFBFBD><CDAC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,  <20>ײ<EFBFBD><D7B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2>ͬ,
+#<23><><EFBFBD><EFBFBD>ͨģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, DPDKģʽ<C4A3><CABD>ʹ<EFBFBD>ö˿ں<CBBF>, PFRINGģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9>index<65><78>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ.
+#target_id<69><64><EFBFBD>ڱ<EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD>ն˷<D5B6><CBB7><EFBFBD>, 
+#<23><><EFBFBD>ڷ<EFBFBD><DAB7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0>ײ<EFBFBD>MAC<41><43>Ŀ<EFBFBD><C4BF>IP<49><50>, <20><><EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ƽֻ̨<CCA8><D6BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC>.
+#target_id<69>൱<EFBFBD><E0B5B1><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+
+#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
+##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
+
+#target_id
+#0 	pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 vxlan_user smith dpdk dpdk pag
+#1 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag
+#2 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag
+#3 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag
+#4 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag

test/bin/etc/send_route.conf

@@ -0,0 +1,3 @@
+#dev_id link_id  mac_addr
+3	2	00:50:56:f3:59:5c
+

test/bin/etc/stream_compare_layer.conf

@@ -0,0 +1,2 @@
+#
+

test/bin/etc/vlan_flipping_map.conf

@@ -0,0 +1,12 @@
+#for inline a device vlan flipping 
+#数据包来自C路由器端, 即C2I(I2E)方向, 
+#数据包来自I路由器端, 即I2C(E2I)方向, 
+#平台会根据vlan_id,设置当前包route_dir的值, 以便上层业务插件做两个方向的流量统计,
+#如果一对vlan_id写反了, 网络是通的, 但是I2E,E2I的流量统计就颠倒了.
+#配置文件格式, pattern:
+#来自C路由器vlan_id	  	来自I路由器vlan_id   	是否开启mac地址翻转
+#C_router_vlan_id  I_router_vlan_id mac_flipping_enable
+
+#1001	1002	1
+#1003	1004	1
+#4000	4001	0

test/bin/etc/vxlan_sport_service_map.conf

@@ -0,0 +1,86 @@
+#service-id  	vpn-id  sport-dport
+1		101	50000-50016
+2		102	50064-50080
+3		103	50128-50144
+4		104	50192-50208
+5		105	50256-50272
+6		106	50320-50336
+7		107	50384-50384
+8		108	50448-50464
+9		109	50512-50512
+10		110	50576-50592
+11		111	50640-50656
+12		112	50704-50720
+13		113	50768-50784
+14		114	50832-50848
+15		115	50896-50912
+16		116	50960-50960
+17		117	51024-51024
+18		118	51088-51088
+19		119	51152-51168
+20		120	51216-51232
+21		121	51280-51296
+22		122	51344-51360
+23		123	51408-51408
+24		124	51472-51472
+25		125	51536-51536
+26		126	51600-51600
+27		127	51664-51664
+28		128	51728-51728
+29		129	51792-51792
+30		130	51856-51856
+31		131	51920-51920
+32		132	51984-51984
+33		133	52048-52064
+34		134	52112-52128
+35		135	52176-52192
+36	136	52240-52256
+37	137	52304-52320
+38	138	52368-52384
+39	139	52432-52448
+40	140	52496-52512
+41	141	52560-52576
+42	142	52624-52640
+43	143	52688-52704
+44	144	52752-52768
+45	145	52816-52832
+46	146	52880-52896
+47	147	52944-52960
+48	148	53008-53024
+49	149	53072-53088
+50	150	53136-53152
+51	151	53200-53216
+52	152	53264-53280
+53	153	53328-53344
+54	154	53392-53408
+55	155	53456-53472
+56	156	53520-53536
+57	157	53584-53600
+58	158	53648-53664
+59	159	53712-53712
+60	160	53776-53776
+61	161	53840-53840
+62	162	53904-53904
+63	163	53968-53968
+64	164	54032-54032
+65	165	54096-54096
+66	166	54160-54176
+67	167	54224-54240
+68	168	54288-54304
+69	169	54352-54368
+70	170	54416-54432
+71	171	54480-54496
+72	172	54544-54560
+73	173	54608-54624
+74	174	54672-54688
+75	175	54736-54736
+76	176	54800-54800
+77	177	54864-54864
+78	178	54928-54928
+79	179	54992-54992
+80	180	55056-55056
+81	181	55120-55120
+82	182	55184-55184
+83	183	55248-55248
+84	184	55312-55312
+85	185	55376-55376

test/bin/etc/well_known_port.conf

@@ -0,0 +1,2 @@
+[TCP]
+[UDP]

test/bin/gtest_maat.json

@@ -0,0 +1,54 @@
+{
+    "compile_table": "TSG_SECURITY_COMPILE",
+    "group2compile_table": "GROUP_COMPILE_RELATION",
+    "group2group_table": "GROUP_GROUP_RELATION",
+    "rules": [
+	    {
+            "compile_id": 2,
+            "service": 0,
+            "action": 1,
+            "do_blacklist": 0,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "Virtual",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "group_name":"OBJ_DST_IP_ADDR",
+                    "virtual_table":"TSG_SECURITY_SOURCE_ADDR",
+                    "not_flag" : 0,
+                    "regions": [
+                        {  
+                            "table_type": "ip_plus",
+                            "table_name": "TSG_OBJ_IP_ADDR",
+                            "table_content": {
+                                "addr_type": "ipv4",
+                                "saddr_format": "range",
+                                "src_ip1": "0.0.0.0",
+                                "src_ip2": "255.255.255.255",
+                                "sport_format": "range",
+                                "src_port1": "0",
+                                "src_port2": "0",
+                                "protocol": 0,
+                                "direction": "double"
+                            }
+                        }
+                    ]
+                }
+            ]
+        }
+    ],
+    "plugin_table": [
+        {
+            "table_name": "APP_ID_DICT",
+            "table_content": [
+                "4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
+                "156\tqq\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
+                "336\tOPENVPN\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
+                "199\tSSL\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
+                "1241\tqq_web\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
+                "3145\tqq_r2\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1"
+            ]
+        }
+    ] 
+}

test/bin/tsg_master_gtest.inf

@@ -0,0 +1,9 @@
+[PLUGINFO]
+PLUGNAME=GTEST_MASTER
+SO_PATH=./plug/platform/tsg_master_gtest/tsg_master_gtest.so
+INIT_FUNC=GTEST_INIT
+DESTROY_FUNC=GTEST_UNLOAD
+
+[TCP_ALL]
+FUNC_FLAG=ALL
+FUNC_NAME=GTEST_APP_FULL_PATH_1_ENTRY

test/src/CMakeLists.txt

@@ -0,0 +1,36 @@
+cmake_minimum_required(VERSION 2.8)
+
+set(SRC ../src/tsg_entry.cpp ../src/tsg_rule.cpp ../src/tsg_ssl_utils.cpp ../src/tsg_send_log.cpp ../src/tsg_statistic.cpp ../src/tsg_ssh_utils.cpp ../src/tsg_gtp_signaling.cpp ../src/tsg_action.cpp ../src/tsg_leaky_bucket.cpp ../src/tsg_dns.cpp ../src/tsg_icmp.cpp ../src/tsg_tamper.cpp tsg_master_gtest_protocol.cpp tsg_master_gtest_entry.cpp)
+
+include_directories(${CMAKE_SOURCE_DIR}/inc)
+include_directories(/opt/MESA/include/MESA/)
+include_directories(/opt/MESA/include)
+include_directories(/usr/include/)
+
+set(TSG_MASTER_DEPEND_DYN_LIB  MESA_handle_logger MESA_prof_load maatframe pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer)
+
+set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
+
+add_library(tsg_master_gtest SHARED ${SRC})
+set_target_properties(tsg_master_gtest PROPERTIES LINK_FLAGS "-Wl,--version-script=${PROJECT_SOURCE_DIR}/src/version.map")
+target_link_libraries(tsg_master_gtest ${TSG_MASTER_DEPEND_DYN_LIB} ctemplate-static)
+set_target_properties(tsg_master_gtest  PROPERTIES PREFIX "")
+
+install(TARGETS tsg_master_gtest LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master_gtest COMPONENT LIBRARIES)
+install(FILES ../bin/tsg_master.inf DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master_gtest COMPONENT PROFILE)
+
+
+add_definitions(-std=c++11)
+LINK_DIRECTORIES(/opt/MESA/lib)
+
+file(GLOB TEST_CASE "tsg_master_gtest_main.cpp")
+
+add_executable(master_gtest ${TEST_CASE})
+target_compile_options(master_gtest PUBLIC ${MEM_POOL_DEFINITIONS})
+target_link_libraries(master_gtest nsl pthread dl m pcap systemd cjson MESA_prof_load MESA_htable MESA_handle_logger MESA_jump_layer breakpad_mini MESA_field_stat2 rdkafka)
+target_link_libraries(master_gtest /home/mesasoft/sapp_run/lib/libsapp_devel.so)
+target_link_libraries(master_gtest gtest-static ctemplate-static)
+
+install(TARGETS master_gtest DESTINATION ${CMAKE_INSTALL_PREFIX}/ COMPONENT EXECUTABLE)
+
+

test/src/tsg_master_gtest_entry.cpp

@@ -0,0 +1,207 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/time.h>
+#include <unistd.h>
+
+#include "app_label.h"
+
+#include <MESA/stream.h>
+#include <MESA/MESA_prof_load.h>
+#include <MESA/MESA_handle_logger.h>
+#include <MESA/MESA_jump_layer.h>
+
+enum GTEST_BRIDGE
+{
+	GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT=0,
+	GTEST_BRIDGE_TYPE_MAX
+};
+
+struct gtest_para
+{
+	int bridge_id[GTEST_BRIDGE_TYPE_MAX];
+	char bridge_name[GTEST_BRIDGE_TYPE_MAX][64];
+};
+
+
+struct gtest_para g_gtest_para;
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_1_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=2;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=336;  //openvpn
+	lpi.app_id[1]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result user_define;
+	memset(&user_define, 0, sizeof(user_define));
+
+	user_define.app_id_num=1;
+	user_define.origin=ORIGIN_USER_DEFINE;
+	user_define.app_id[0]=3145;  //qq_web
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&user_define);
+
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=4;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=199;  //ssl
+	qm.app_id[2]=1241;  //qq_web
+	qm.app_id[3]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_2_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=2;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=336;  //openvpn
+	lpi.app_id[1]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=1;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=3;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=1241;  //qq_web
+	qm.app_id[2]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_3_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=2;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=336;  //openvpn
+	lpi.app_id[1]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=1;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_4_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result lpi;
+	memset(&lpi, 0, sizeof(lpi));
+
+	lpi.app_id_num=1;
+	lpi.origin=ORIGIN_BASIC_PROTOCOL;
+	lpi.app_id[0]=199;  //ssl
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&lpi);
+
+	struct app_identify_result user_define;
+	memset(&user_define, 0, sizeof(user_define));
+	
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=2;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web	
+	built_in.app_id[1]=156;  //qq
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+
+
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=4;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=199;  //ssl
+	qm.app_id[2]=1241;  //qq_web
+	qm.app_id[3]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_APP_FULL_PATH_5_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	struct app_identify_result built_in;
+	memset(&built_in, 0, sizeof(built_in));
+	
+	built_in.app_id_num=2;
+	built_in.origin=ORIGIN_BUILT_IN;
+	built_in.app_id[0]=3145;  //qq_web	
+	built_in.app_id[1]=156;  //qq
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&built_in);
+	
+	struct app_identify_result qm;
+	memset(&qm, 0, sizeof(qm));
+
+	qm.app_id_num=4;
+	qm.origin=ORIGIN_QM_ENGINE;
+	qm.app_id[0]=336;  //openvpn
+	qm.app_id[1]=199;  //ssl
+	qm.app_id[2]=1241;  //qq_web
+	qm.app_id[3]=3145;  //qq_r2
+	stream_bridge_sync_data_put(a_stream, g_gtest_para.bridge_id[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&qm);
+
+	return APP_STATE_DROPME;
+}
+
+extern "C" unsigned char GTEST_UNKNOWN_APP_ENTRY(const struct streaminfo *a_stream, void **pme, int thread_seq, const void *a_packet)
+{
+	return APP_STATE_DROPME;
+}
+
+extern "C" int GTEST_INIT()
+{
+	memset(&g_gtest_para, 0, sizeof(g_gtest_para));
+	
+	MESA_load_profile_string_def("tsgconf/main.conf", "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_gtest_para.bridge_name[GTEST_BRIDGE_TYPE_APP_IDENTIFY_RESULT], 64, "APP_IDENTIFY_RESULT_BRIDGE");
+
+	for(int i=0; i<GTEST_BRIDGE_TYPE_MAX; i++)
+	{
+		g_gtest_para.bridge_id[i]=stream_bridge_build(g_gtest_para.bridge_name[i], "w");
+		if(g_gtest_para.bridge_id[i]<0)
+		{
+			printf("stream_bridge_build is error, bridge_name: %s", g_gtest_para.bridge_name[i]);	
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+extern "C" int GTEST_UNLOAD()
+{
+	return 0;
+}
+

test/src/tsg_master_gtest_function.h

@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/time.h>
+#include <unistd.h>
+
+#include <MESA/stream.h>
+#include <MESA/MESA_prof_load.h>
+#include <MESA/MESA_handle_logger.h>
+#include <MESA/MESA_jump_layer.h>
+
+#include "../inc/app_label.h"
+#include "../inc/tsg_rule.h"
+#include "../inc/tsg_send_log.h"
+#include "../inc/tsg_statistic.h"
+#include "../src/tsg_entry.h"
+#include "../src/tsg_send_log_internal.h"
+#include "../inc/tsg_ssl_utils.h"
+#include "../src/tsg_ssh_utils.h"
+#include "../src/tsg_protocol_common.h"
+
+#include "rapidjson/document.h"     // rapidjson's DOM-style API
+#include "rapidjson/prettywriter.h" // for stringify JSON
+#include "rapidjson/stringbuffer.h"
+
+using namespace rapidjson;
+using namespace std;
+
+extern "C" int TSG_MASTER_INIT();
+int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id);
+int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result);
+

test/src/tsg_master_gtest_main.cpp

@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include "../inc/app_label.h"
+#include "../inc/tsg_rule.h"
+#include "../inc/tsg_send_log.h"
+#include "../inc/tsg_statistic.h"
+//#include "../src/tsg_entry.h"
+#include "../src/tsg_send_log_internal.h"
+#include "../inc/tsg_ssl_utils.h"
+#include "../src/tsg_ssh_utils.h"
+#include "../src/tsg_protocol_common.h"
+
+#include "tsg_master_gtest_function.h"
+
+#include <gtest/gtest.h>
+
+/*
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.qq_web.wechat) = openvpn.psiphon
+	L7(openvpn), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.ssl.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn) = openvpn.ssl.psiphon
+	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(null), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
+	L7(null), appSketch(psiphon), Thrid(wechat) = psiphon
+	L7(null), appSketch(null), Thrid(openvpn.ssl.wechat) = openvpn.ssl.wechat
+	L7(null), appSketch(null), Thrid(null) = unknown
+*/
+
+TEST(MasterTest, AppFullPath)
+{
+
+}
+
+
+TEST(MasterTest, SetVlan)
+{
+	//int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID);
+	//EXPECT_EQ(1, ret);
+}
+
+
+int main(int argc, char *argv[])
+{
+	libsapp_setup_env(argc,argv);
+	testing::InitGoogleTest(&argc, argv);
+	return RUN_ALL_TESTS();
+}
+

test/src/tsg_master_gtest_protocol.cpp

@@ -0,0 +1,75 @@
+#include <MESA/stream.h>
+
+extern "C" void *http_field_parser(const char* buf, unsigned int buflen, int http_dir)
+{
+	return NULL;
+}
+
+extern "C" int http_get_filed_result(void *result, long long field_flag, char **field_value)
+{
+	return 0;
+}
+
+extern "C" void http_free_filed_result(void *result)
+{
+}
+
+extern "C" int ftp_control_identify(struct streaminfo *a_tcp)
+{
+	return 0;
+}
+
+extern "C" int ftp_data_identify(struct streaminfo *a_tcp)
+{
+	return 0;
+}
+
+extern "C" int mail_protocol_identify_by_first_payload(struct streaminfo *a_tcp, char *payload, int payload_len, int thread_seq)
+{
+	return 0;
+}
+
+extern "C" char stratum_identify(struct streaminfo* pstream,void** pme,int thread_seq,const void* a_packet)
+{
+	return 0;
+}
+
+extern "C" int rdp_protocol_identify(const char *payload, unsigned int payload_len, int thread_seq)
+{
+	return 0;
+}
+
+extern "C" int rdpudp_protocol_identify(const char *payload, unsigned int payload_len, int thread_seq)
+{
+	return 0;
+}
+
+int quic_version_int2string(unsigned int version, char *buff, int buff_len)
+{
+	return 0;
+}
+
+unsigned int quic_protocol_identify(struct streaminfo *a_stream, void *a_packet, char *out_sni, int *out_sni_len, char *out_ua, int *out_ua_len)
+{
+	return 0;
+}
+
+extern "C" unsigned char sip_identify_from_to(char* buff,UINT32 buflen,char** from,UINT32* from_len,char** to,UINT32* to_len)
+{
+	return 0;
+}
+
+extern "C" int dtls_parse_sni(const char *udp_payload, int udp_payload_len, char *servername, int servername_len)
+{
+	return 0;
+}
+
+extern "C" bool dtls_identifyStream(struct streaminfo *a_udp)
+{
+	return 0;
+}
+
+extern "C" struct _ssl_ja3_info_t *ssl_get_ja3_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq)
+{
+	return NULL;
+}

vendor/CMakeLists.txt

@@ -0,0 +1,24 @@
+# CMakeFiles for 3rd vendor library
+
+include(ExternalProject)
+# libgtest
+ExternalProject_Add(libgtest PREFIX libgtest
+        URL ${CMAKE_SOURCE_DIR}/vendor/googletest-release-1.10.0.tar.gz
+        URL_MD5 ecd1fa65e7de707cd5c00bdac56022cd
+        CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=<INSTALL_DIR> -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE})
+ExternalProject_Get_Property(libgtest INSTALL_DIR)
+file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
+add_library(gtest-static STATIC IMPORTED GLOBAL)
+add_dependencies(gtest-static libgtest)
+if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+	set_property(TARGET gtest-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib64/libgtestd.a)
+else()
+	set_property(TARGET gtest-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib64/libgtest.a)
+endif()
+set_property(TARGET gtest-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
+set_property(TARGET gtest-static PROPERTY INTERFACE_LINK_LIBRARIES pthread)
+
+
+
+
+