gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-9150,TSG-9151: 输出语音通话行为日志字段

Browse Source
This commit is contained in:
liuxueli
2021-12-29 21:59:35 +03:00
parent 83d2270c87
commit 4f1045022f
7 changed files with 61 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tsg_log_field.conf
View File

@@ -108,3 +108,4 @@ LONG l2tp_access_concentrator_port 95
LONG l2tp_network_server_port 96 LONG l2tp_network_server_port 96
STRING l2tp_version 97 STRING l2tp_version 97
STRING common_packet_capture_file 98 STRING common_packet_capture_file 98
STRING common_app_behavior 99

5
inc/tsg_label.h
View File

@@ -144,4 +144,9 @@ struct tsg_notify_execution_result
struct mirrored_stat stat_mirrored[MAX_RESULT_NUM]; struct mirrored_stat stat_mirrored[MAX_RESULT_NUM];
}; };
struct application_behavior
{
char *stream_behavior;
};
#endif #endif

50
src/tsg_entry.cpp
View File

@@ -476,9 +476,9 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
log_msg.result=p_result; log_msg.result=p_result;
log_msg.result_num=result_num; log_msg.result_num=result_num;
if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.recv_notification_data_bridge_id>=0) if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0)
{ {
notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.recv_notification_data_bridge_id); notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL) if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL)
{ {
TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); TLD_handle = TLD_duplicate(notify->pdata.TLD_handle);
@@ -1951,40 +1951,32 @@ extern "C" int TSG_MASTER_INIT()
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
} }
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BRIDGE_NAME", label_buff, sizeof(label_buff), "APP_BRIDGE"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE");
g_tsg_para.app_bridge_id=stream_bridge_build(label_buff, "w"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
if(g_tsg_para.app_bridge_id<0) MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR");
for(i=0; i<BRIDGE_TYPE_MAX; i++)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE", "stream_bridge_build is error, app_bridge_name: %s", label_buff); g_tsg_para.bridge_id[i]=stream_bridge_build(g_tsg_para.bridge_name[i], "w");
if(g_tsg_para.bridge_id[i]<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge_name[i]);
}
} }
ret=stream_bridge_register_data_sync_cb(g_tsg_para.app_bridge_id, app_identify_result_cb); ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], app_identify_result_cb);
if(ret<0) if(ret<0)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE", "Register callback failed, app_bridge_id: %d", g_tsg_para.app_bridge_id); MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_FATAL,
"APP_BRIDGE",
"Register callback failed, bridge_name: %d",
g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT]
);
return -1; return -1;
} }
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_CONN_SKETCH_NOTIFY_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_CONN_SKETCH_NOTIFY_DATA");
g_tsg_para.send_notification_data_bridge_id=stream_bridge_build(label_buff, "w");
if(g_tsg_para.send_notification_data_bridge_id<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
}
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_NOTIFY_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_MASTER_NOTIFY_DATA");
g_tsg_para.recv_notification_data_bridge_id=stream_bridge_build(label_buff, "w");
if(g_tsg_para.recv_notification_data_bridge_id<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
}
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_NOTIFICATION_EXECUTION_RESULT_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_NOTIFICATION_EXECUTION_RESULT");
g_tsg_para.notify_execution_result_bridge_id=stream_bridge_build(label_buff, "w");
if(g_tsg_para.notify_execution_result_bridge_id<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
}
g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label); g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label);
if(g_tsg_para.context_project_id<0) if(g_tsg_para.context_project_id<0)

16
src/tsg_entry.h
View File

@@ -142,6 +142,16 @@ enum HTTP_RESPONSE_FORMAT
HTTP_RESPONSE_FORMAT_HTML HTTP_RESPONSE_FORMAT_HTML
}; };
enum BRIDGE_TYPE
{
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
BRIDGE_TYPE_MAX
};
struct _str2index struct _str2index
{ {
int index; int index;
@@ -241,10 +251,7 @@ typedef struct tsg_para
int context_project_id; int context_project_id;
int tcpall_project_id; int tcpall_project_id;
int gather_app_project_id; int gather_app_project_id;
int notify_execution_result_bridge_id; int bridge_id[BRIDGE_TYPE_MAX];
int send_notification_data_bridge_id;
int recv_notification_data_bridge_id;
int app_bridge_id;
int proto_flag; //tsg_protocol_t int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX]; int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOMAIN_LEN/8]; char device_sn[MAX_DOMAIN_LEN/8];
@@ -253,6 +260,7 @@ typedef struct tsg_para
char data_center[_MAX_TABLE_NAME_LEN]; char data_center[_MAX_TABLE_NAME_LEN];
char device_tag[MAX_DOMAIN_LEN/2]; char device_tag[MAX_DOMAIN_LEN/2];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
void *logger; void *logger;
void *maat_logger; void *maat_logger;
struct reset_argv reset; struct reset_argv reset;

4
src/tsg_rule.cpp
View File

@@ -2677,7 +2677,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
notify_data.type=NOTIFY_TYPE_MIRRORED; notify_data.type=NOTIFY_TYPE_MIRRORED;
notify_data.vlan=&(mirror_profile->vlan); notify_data.vlan=&(mirror_profile->vlan);
stream_bridge_sync_data_put(a_stream, g_tsg_para.send_notification_data_bridge_id, (void *)&(notify_data)); stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL); mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL);
} }
} }
@@ -2687,7 +2687,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
notify_data.compile_id=result[i].config_id; notify_data.compile_id=result[i].config_id;
notify_data.type=NOTIFY_TYPE_CAPTURE; notify_data.type=NOTIFY_TYPE_CAPTURE;
notify_data.capture_depth=user_region->capture.depth; notify_data.capture_depth=user_region->capture.depth;
stream_bridge_sync_data_put(a_stream, g_tsg_para.send_notification_data_bridge_id, (void *)&(notify_data)); stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
} }
tsg_free_compile_user_region(&(result[i]), user_region); tsg_free_compile_user_region(&(result[i]), user_region);

22
src/tsg_send_log.cpp
View File

@@ -1240,11 +1240,25 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name,
return 0; return 0;
} }
int set_notification_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result) int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct application_behavior *behavior_result=NULL;
behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_APP_BEHAVIOR_RESULT]);
if(behavior_result==NULL)
{
return 0;
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_APPLICATION_BEHAVIOR].name, (void *)(behavior_result->stream_behavior), TLD_TYPE_STRING);
return 1;
}
int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
{ {
int i=0; int i=0;
struct tsg_notify_execution_result *execution_result=NULL; struct tsg_notify_execution_result *execution_result=NULL;
execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, g_tsg_para.notify_execution_result_bridge_id); execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT]);
if(execution_result==NULL) if(execution_result==NULL)
{ {
return 0; return 0;
@@ -1638,6 +1652,8 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
{ {
TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING);
} }
set_application_behavior(_instance, _handle, log_msg->a_stream);
for(i=0;i<log_msg->result_num; i++) for(i=0;i<log_msg->result_num; i++)
{ {
@@ -1695,7 +1711,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);
set_notification_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i])); set_notify_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
if(_instance->send_user_region==1) if(_instance->send_user_region==1)
{ {

1
src/tsg_send_log_internal.h
View File

@@ -124,6 +124,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_L2TP_NETWORK_SERVER_PORT, LOG_COMMON_L2TP_NETWORK_SERVER_PORT,
LOG_COMMON_L2TP_VERSION, LOG_COMMON_L2TP_VERSION,
LOG_COMMON_PACKET_CAPTURE_FILE, LOG_COMMON_PACKET_CAPTURE_FILE,
LOG_COMMON_APPLICATION_BEHAVIOR,
LOG_COMMON_MAX LOG_COMMON_MAX
}tsg_log_field_id_t; }tsg_log_field_id_t;