diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 8dcbd2d..5accc0a 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -64,6 +64,7 @@ extern Maat_feather_t g_tsg_maat_feather; int tsg_rule_init(const char *conffile, void *logger); int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); +int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct _identify_info *identify_info); //return NULL if none exists, otherwise return one deny rule; struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 38d51e5..7612d89 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -4,6 +4,7 @@ #include #include +#include #include #include #include @@ -37,7 +38,7 @@ static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; #endif -char TSG_MASTER_VERSION_20200110=0; +char TSG_MASTER_VERSION_20200113=0; const char *tsg_conffile="tsgconf/main.conf"; g_tsg_para_t g_tsg_para; @@ -200,8 +201,10 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id strncpy(identify_info->domain, chello->sni, identify_info->domain_len); } - ret=1; + ssl_chello_free(chello); + return 1; } + ssl_chello_free(chello); //dns @@ -215,6 +218,7 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id if((ntohs(tpl4->source)==53) || (ntohs(tpl4->dest)==53)) { identify_info->proto=PROTO_DNS; + return 1; } break; case ADDR_TYPE_IPV6: @@ -222,11 +226,22 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id if((ntohs(tpl6->source)==53) || (ntohs(tpl6->dest)==53)) { identify_info->proto=PROTO_DNS; + return 1; } break; default: break; } + + //ftp + ret=ftp_control_identify(a_stream); + if(ret>0) + { + identify_info->proto=PROTO_FTP; + return 1; + } + + //mail return ret; } @@ -256,24 +271,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t { hit_num+=ret; q_result=tsg_policy_decision_criteria(all_result, hit_num); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP", - "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", - printaddr(&a_tcp->addr, thread_seq), - ret, - q_result->config_id, - q_result->service_id, - q_result->action); - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP", - "Not hit %s scan ret: %d", - printaddr(&a_tcp->addr, thread_seq), ret); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq); @@ -385,6 +383,12 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t break; } } + + if(mid!=NULL) + { + Maat_clean_status(&mid); + mid=NULL; + } break; case OP_STATE_DATA: case OP_STATE_CLOSE: diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index b569fcf..2e62ff2 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -60,7 +60,7 @@ void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX *to=calloc(1, strlen((char *)*from)+1); memcpy(*to, *from, strlen((char *)*from)); - MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Dup subscribe_id: %s table_id: %d", (char *)*to, table_id); + MESA_handle_runtime_log(logger, RLOG_LV_DEBUG, "SUBSCRIBE_ID", "Dup subscribe_id: %s table_id: %d", (char *)*to, table_id); return; } @@ -90,7 +90,7 @@ void subscribe_id_new_data(int table_id, const char* key, const char* table_line memcpy(*ad, subscribe_id, strlen(subscribe_id)); MESA_handle_runtime_log(logger, - RLOG_LV_INFO, + RLOG_LV_DEBUG, "SUBSCRIBE_ID", "Add subscribe_id: %s table_id: %d key: %s table_line: %s", *ad, @@ -104,7 +104,7 @@ void subscribe_id_new_data(int table_id, const char* key, const char* table_line void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { void *logger=argp; - MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Delete subscribe_id: %s table_id: %d", (char *)*ad, table_id); + MESA_handle_runtime_log(logger, RLOG_LV_DEBUG, "SUBSCRIBE_ID", "Delete subscribe_id: %s table_id: %d", (char *)*ad, table_id); free(*ad); *ad=NULL; @@ -364,8 +364,13 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * const struct streaminfo *cur_stream = a_stream; - if(result == NULL || result_num <= 0 || a_stream == NULL || maat_feather == NULL) + if(result==NULL || result_num<=0 || a_stream==NULL || maat_feather==NULL) { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_FATAL, + "SCAN_NESTING_ADDR", + "result==NULL || result_num<=0 || maat_feather==NULL || a_stream==%s", + (a_stream!=NULL) ? printaddr(&a_stream->addr, a_stream->threadnum) : "NULL"); return -1; } @@ -417,16 +422,38 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * result_num-hit_num, mid, cur_stream->threadnum); - if(maat_ret > 0) + if(maat_ret>0) { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IP", + "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", + printaddr(&cur_stream->addr, cur_stream->threadnum), + maat_ret, + result[hit_num].config_id, + result[hit_num].service_id, + result[hit_num].action + ); + hit_num+=maat_ret; } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IP", + "No hit addr: %s scan ret: %d", + printaddr(&cur_stream->addr, cur_stream->threadnum), + maat_ret + ); + } } cur_stream = cur_stream->pfather; }while(cur_stream != NULL && hit_num < result_num); + if(hit_numPROTO_UNKONWN && protothreadnum); if(maat_ret > 0) { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_PROTO", + "Hit PROTO: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + g_tsg_proto_string[proto].type, + maat_ret, + result[hit_num].config_id, + result[hit_num].service_id, + result[hit_num].action, + printaddr(&a_stream->addr, a_stream->threadnum) + ); + hit_num+=maat_ret; } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_PROTO", + "No hit PROTO: %s scan ret: %d addr: %s", + g_tsg_proto_string[proto].type, + maat_ret, + printaddr(&a_stream->addr, a_stream->threadnum) + ); + } } @@ -463,9 +513,32 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * mid, a_stream->threadnum); if(maat_ret > 0) - { + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_SUBSCRIBER", + "Hit source subscribe id: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + source_subscribe_id, + maat_ret, + result[hit_num].config_id, + result[hit_num].service_id, + result[hit_num].action, + printaddr(&a_stream->addr, a_stream->threadnum) + ); + hit_num+=maat_ret; } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_SUBSCRIBER", + "No hit source subscribe id: %s scan ret: %d addr: %s", + source_subscribe_id, + maat_ret, + printaddr(&a_stream->addr, a_stream->threadnum) + ); + } subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&source_subscribe_id, 0, g_tsg_para.logger); } @@ -484,8 +557,31 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * a_stream->threadnum); if(maat_ret > 0) { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_SUBSCRIBER", + "Hit dest subscribe id: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + dest_subscribe_id, + maat_ret, + result[hit_num].config_id, + result[hit_num].service_id, + result[hit_num].action, + printaddr(&a_stream->addr, a_stream->threadnum) + ); + hit_num+=maat_ret; } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_SUBSCRIBER", + "No hit dest subscribe id: %s scan ret: %d addr: %s", + dest_subscribe_id, + maat_ret, + printaddr(&a_stream->addr, a_stream->threadnum) + ); + } subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&dest_subscribe_id, 0, g_tsg_para.logger); } diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 246cdb8..e21a822 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -360,8 +360,8 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) } MESA_load_profile_int_def(conffile, "TSG_LOG", "MAX_SERVICE",&(_instance->max_service), 0); - (_instance->topic_rkt)=(rd_kafka_topic_t **)calloc(1, sizeof(rd_kafka_topic_t*)); - *(_instance->topic_rkt)=(rd_kafka_topic_t *)calloc(1, (1+_instance->max_service)*sizeof(rd_kafka_topic_t*)); + //(_instance->topic_rkt)=(rd_kafka_topic_t **)calloc(1, sizeof(void *)); + (_instance->topic_rkt)=(rd_kafka_topic_t **)calloc(1, (1+_instance->max_service)*sizeof(rd_kafka_topic_t*)); _instance->service2topic=(id2field_t *)calloc(1, (1+_instance->max_service)*sizeof(id2field_t));