适配fieldstat3新接口(节约10%); 减少strlen的调用(节约2%); 优化栈变量的初始化(节约1%),累计节约13%CPU
This commit is contained in:
liuxueli
@@ -49,10 +49,12 @@ struct asn_info
|
||||
struct location_info
|
||||
{
|
||||
int ref_cnt;
|
||||
int full_location_len;
|
||||
char *country_full;
|
||||
char *province_full;
|
||||
char *city_full;
|
||||
char *subdivision_addr;
|
||||
char *full_location;
|
||||
};
|
||||
|
||||
struct subscribe_id_info
|
||||
|
||||
@@ -53,5 +53,5 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
|
||||
|
||||
unsigned long long tsg_get_stream_trace_id(const struct streaminfo *a_stream);
|
||||
const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id);
|
||||
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name);
|
||||
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name, unsigned int l7_protocol_name_len);
|
||||
|
||||
|
||||
@@ -1015,11 +1015,11 @@ unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_r
|
||||
|
||||
if(protocol==PROTO_MAIL)
|
||||
{
|
||||
app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_SMTP].name);
|
||||
app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_SMTP].name, g_tsg_proto_name2id[PROTO_SMTP].len);
|
||||
}
|
||||
else
|
||||
{
|
||||
app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
|
||||
app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name, g_tsg_proto_name2id[protocol].len);
|
||||
}
|
||||
state=tsg_enforing_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data);
|
||||
}
|
||||
|
||||
@@ -637,7 +637,7 @@ int session_application_full_path_combine(struct gather_app_result *gather_resul
|
||||
int offset=0,combined_num=0;
|
||||
unsigned int combined_array[COMBINED_APP_ID_NUM]={0};
|
||||
|
||||
if(gather_result->l7_protocol_num>=gather_result->l7_qm_engine_num)
|
||||
if(gather_result->l7_protocol_num >= gather_result->l7_qm_engine_num)
|
||||
{
|
||||
combined_num+=copy_app_id(gather_result->l7_protocol, gather_result->l7_protocol_num, combined_array, COMBINED_APP_ID_NUM);
|
||||
}
|
||||
@@ -992,7 +992,7 @@ int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream
|
||||
return 0;
|
||||
}
|
||||
|
||||
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
|
||||
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name, g_tsg_proto_name2id[protocol].len);
|
||||
if(app_id>0)
|
||||
{
|
||||
gather_result->l7_protocol_num=1;
|
||||
@@ -1602,11 +1602,11 @@ size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, str
|
||||
struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)app_attribute[i].app_id);
|
||||
if(dict!=NULL)
|
||||
{
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->risk, (char *)"risk", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->category, (char *)"category", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->technology, (char *)"technology", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->subcategory, (char *)"subcategory", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->characteristics, (char *)"characteristics", (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->risk, (int)dict->risk_len, (char *)"risk", 4, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->category, (int)dict->category_len, (char *)"category", 8, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->technology, (int)dict->technology_len, (char *)"technology", 10, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->subcategory, (int)dict->subcategory_len, (char *)"subcategory", 11, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
matched_cnt+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->characteristics, (int)dict->characteristics_len, (char *)"characteristics", 15, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
|
||||
matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, app_attribute[i].app_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
after_n_packets=dict->deny_app_para.after_n_packets;
|
||||
@@ -1711,7 +1711,7 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre
|
||||
{
|
||||
if(srt_process_context->hited_para.matched_app_id==0)
|
||||
{
|
||||
srt_process_context->hited_para.matched_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name);
|
||||
srt_process_context->hited_para.matched_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name, g_tsg_proto_name2id[srt_process_context->proto].len);
|
||||
}
|
||||
|
||||
srt_action_context_set_hitted_app_id(a_stream, srt_process_context->hited_para.matched_app_id, a_stream->threadnum);
|
||||
@@ -1940,9 +1940,9 @@ int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct maat_rule rules[MAX_TSG_ALL_RESULT_NUM]={0};
|
||||
struct maat_rule rules[MAX_MATCHED_RULES_NUM]={0};
|
||||
srt_process_context->last_scan_time=tsg_get_current_time_ms();
|
||||
size_t matched_cnt=session_app_id_and_properties_scan((struct streaminfo *)a_stream, rules, MAX_TSG_ALL_RESULT_NUM, srt_process_context, scan_app, scan_app_num, identify_result->origin, (int)a_stream->threadnum);
|
||||
size_t matched_cnt=session_app_id_and_properties_scan((struct streaminfo *)a_stream, rules, MAX_MATCHED_RULES_NUM, srt_process_context, scan_app, scan_app_num, identify_result->origin, (int)a_stream->threadnum);
|
||||
|
||||
srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, rules, matched_cnt, NULL);
|
||||
return 0;
|
||||
@@ -1969,8 +1969,8 @@ int session_flags_identify_result_cb(const struct streaminfo *a_stream, int brid
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct maat_rule rules[MAX_TSG_ALL_RESULT_NUM]={0};
|
||||
size_t matched_cnt=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), rules, MAX_TSG_ALL_RESULT_NUM);
|
||||
struct maat_rule rules[MAX_MATCHED_RULES_NUM]={0};
|
||||
size_t matched_cnt=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), rules, MAX_MATCHED_RULES_NUM);
|
||||
srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, rules, matched_cnt, NULL);
|
||||
|
||||
return 0;
|
||||
@@ -2008,7 +2008,7 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
|
||||
matched_cnt+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
if(srt_process_context->is_esni)
|
||||
{
|
||||
unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI");
|
||||
unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
|
||||
matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
}
|
||||
|
||||
@@ -2041,9 +2041,8 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
||||
{
|
||||
size_t matched_cnt=0;
|
||||
unsigned char state=APP_STATE_GIVEME;
|
||||
struct app_identify_result unknown_result;
|
||||
int n_matched_rules=MAX_TSG_ALL_RESULT_NUM;
|
||||
struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM];
|
||||
int n_matched_rules=MAX_MATCHED_RULES_NUM;
|
||||
struct maat_rule matched_rules[MAX_MATCHED_RULES_NUM];
|
||||
struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)*pme;
|
||||
|
||||
if(*pme==NULL)
|
||||
@@ -2086,6 +2085,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
||||
case OP_STATE_DATA:
|
||||
if(srt_process_context->is_app_link==FLAG_FALSE && (srt_process_context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1))
|
||||
{
|
||||
struct app_identify_result unknown_result;
|
||||
unknown_result.app_id_num=1;
|
||||
unknown_result.surrogate_id[0]=0;
|
||||
unknown_result.origin=ORIGIN_UNKNOWN;
|
||||
@@ -2151,13 +2151,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
||||
|
||||
static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet)
|
||||
{
|
||||
int ret=0;
|
||||
int eth_rawpkt_len=0;
|
||||
unsigned char state=APP_STATE_GIVEME;
|
||||
size_t n_matched_rules=MAX_TSG_ALL_RESULT_NUM;
|
||||
struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]={0};
|
||||
struct maat_rule security_rules[MAX_RESULT_NUM]={0};
|
||||
struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
|
||||
struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)(*pme);
|
||||
|
||||
if(stream_state==OP_STATE_PENDING && srt_action_context->method_type!=TSG_METHOD_TYPE_SHUNT && !(srt_action_context->udp_data_dropme))
|
||||
@@ -2169,9 +2163,12 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
}
|
||||
|
||||
struct maat_state *scan_mid=maat_state_new(g_tsg_maat_feather, thread_seq);
|
||||
size_t n_matched_rules=MAX_MATCHED_RULES_NUM;
|
||||
struct maat_rule matched_rules[MAX_MATCHED_RULES_NUM];
|
||||
int matched_cnt=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, PROTO_UNKONWN, scan_mid, matched_rules, n_matched_rules);
|
||||
if(matched_cnt>0)
|
||||
{
|
||||
struct maat_rule security_rules[MAX_RESULT_NUM];
|
||||
int n_security_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
|
||||
if(n_security_rules>0)
|
||||
{
|
||||
@@ -2179,13 +2176,14 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, thread_seq);
|
||||
}
|
||||
|
||||
struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0};
|
||||
struct maat_rule s_chaining_rules[MAX_RESULT_NUM];
|
||||
size_t n_s_chaining_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING);
|
||||
if(state==APP_STATE_GIVEME && n_s_chaining_rules>0)
|
||||
{
|
||||
matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, thread_seq);
|
||||
}
|
||||
|
||||
struct maat_rule shaping_rules[MAX_RESULT_NUM];
|
||||
size_t n_shaping_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
|
||||
if(state==APP_STATE_GIVEME && n_shaping_rules>0)
|
||||
{
|
||||
@@ -2200,17 +2198,18 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
switch(srt_action_context->method_type)
|
||||
{
|
||||
case TSG_METHOD_TYPE_RATE_LIMIT:
|
||||
eth_rawpkt_len=get_raw_packet_len(a_stream);
|
||||
{
|
||||
int eth_rawpkt_len=get_raw_packet_len(a_stream);
|
||||
if(eth_rawpkt_len<=0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
ret=is_permit_pass(eth_rawpkt_len*8, srt_action_context->bucket, thread_seq);
|
||||
if(ret==0)
|
||||
if((is_permit_pass(eth_rawpkt_len*8, srt_action_context->bucket, thread_seq))==0)
|
||||
{
|
||||
state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case TSG_METHOD_TYPE_TAMPER:
|
||||
if(0 == send_tamper_xxx(a_stream, &srt_action_context->tamper_count, a_packet))
|
||||
@@ -2219,19 +2218,23 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
}
|
||||
break;
|
||||
case TSG_METHOD_TYPE_DEFAULT:
|
||||
{
|
||||
if(!is_do_default_policy(a_stream, srt_action_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if(get_default_policy(&security_rules[0]))
|
||||
struct maat_rule default_rules;
|
||||
if(get_default_policy(&default_rules))
|
||||
{
|
||||
state=tsg_enforing_deny(a_stream, &security_rules[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
|
||||
session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, &security_rules[0], 1, thread_seq);
|
||||
state=tsg_enforing_deny(a_stream, &default_rules, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
|
||||
session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, &default_rules, 1, thread_seq);
|
||||
}
|
||||
}
|
||||
break;
|
||||
case TSG_METHOD_TYPE_DROP:
|
||||
case TSG_METHOD_TYPE_APP_DROP:
|
||||
{
|
||||
// contain hited current packet, platform calls tcp first and tcpall secondary.
|
||||
if(((srt_action_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_TCP) ||
|
||||
((srt_action_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_UDP)
|
||||
@@ -2240,20 +2243,23 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
srt_action_context->hited_para.after_n_packets--;
|
||||
break;
|
||||
}
|
||||
ret=session_matched_rules_copy(a_stream, TSG_SERVICE_SECURITY, &(security_rules[0]), 1);
|
||||
|
||||
struct maat_rule matched_rules;
|
||||
int ret=session_matched_rules_copy(a_stream, TSG_SERVICE_SECURITY, &(matched_rules), 1);
|
||||
//ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &security_result[0], 1, &tmp_identify_info);
|
||||
if(ret<=0 || security_rules[0].action!=TSG_ACTION_DENY)
|
||||
if(ret<=0 || matched_rules.action!=TSG_ACTION_DENY)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if(srt_action_context->hited_para.matched_app_id<=0)
|
||||
{
|
||||
state=tsg_enforing_deny(a_stream, &(security_rules[0]), srt_action_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet);
|
||||
state=tsg_enforing_deny(a_stream, &matched_rules, srt_action_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet);
|
||||
}
|
||||
else
|
||||
{
|
||||
state=tsg_enforing_deny_application(a_stream, &(security_rules[0]), srt_action_context->protocol, srt_action_context->hited_para.matched_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet);
|
||||
state=tsg_enforing_deny_application(a_stream, &matched_rules, srt_action_context->protocol, srt_action_context->hited_para.matched_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet);
|
||||
}
|
||||
}
|
||||
break;
|
||||
case TSG_METHOD_TYPE_SHUNT:
|
||||
@@ -2335,7 +2341,7 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo
|
||||
|
||||
if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE)
|
||||
{
|
||||
session_application_metrics_update(a_udp, udp_srt_context->srt_action_context, thread_seq);
|
||||
//session_application_metrics_update(a_udp, udp_srt_context->srt_action_context, thread_seq);
|
||||
dictator_free(thread_seq, *pme);
|
||||
*pme=NULL;
|
||||
|
||||
|
||||
@@ -81,11 +81,19 @@ struct app_id_dict
|
||||
int continue_scanning;
|
||||
unsigned short tcp_timeout;
|
||||
unsigned short udp_timeout;
|
||||
unsigned short app_name_len;
|
||||
unsigned short parent_app_name_len;
|
||||
char risk_len;
|
||||
char category_len;
|
||||
char subcategory_len;
|
||||
char technology_len;
|
||||
char characteristics_len;
|
||||
char padding[3];
|
||||
int tcp_time_wait;
|
||||
int tcp_half_close;
|
||||
char *risk;
|
||||
char *app_name;
|
||||
char *parent_app_name;
|
||||
char *risk;
|
||||
char *category;
|
||||
char *subcategory;
|
||||
char *technology;
|
||||
|
||||
110
src/tsg_rule.cpp
110
src/tsg_rule.cpp
@@ -47,7 +47,7 @@ const struct str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKN
|
||||
};
|
||||
|
||||
extern const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id);
|
||||
extern unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name);
|
||||
extern unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name, unsigned int l7_protocol_name_len);
|
||||
|
||||
static char* tm_strdup(const char* s)
|
||||
{
|
||||
@@ -553,6 +553,7 @@ void ex_data_location_dup(int table_id, void **to, void **from, long argl, void*
|
||||
|
||||
void ex_data_location_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp)
|
||||
{
|
||||
char full_address[1024]={0};
|
||||
struct location_info *location=(struct location_info *)calloc(1, sizeof(struct location_info));
|
||||
|
||||
location->country_full=column_string_get_value(table_line, 13); // country_full
|
||||
@@ -566,6 +567,25 @@ void ex_data_location_new(const char *table_name, int table_id, const char* key,
|
||||
{
|
||||
location->subdivision_addr=column_string_get_value(table_line, 17); // subdivision_addr
|
||||
tsg_str_unescape(location->subdivision_addr);
|
||||
|
||||
location->full_location_len=snprintf(full_address,
|
||||
sizeof(full_address),
|
||||
"%s.%s.%s.%s.",
|
||||
location->country_full,
|
||||
location->province_full,
|
||||
location->city_full,
|
||||
location->subdivision_addr==NULL ? "" : location->subdivision_addr);
|
||||
}
|
||||
else
|
||||
{
|
||||
location->full_location_len=snprintf(full_address, sizeof(full_address), "%s.%s.", location->country_full, location->city_full);
|
||||
}
|
||||
|
||||
if(location->full_location_len>0)
|
||||
{
|
||||
location->full_location=(char *)malloc(location->full_location_len+1);
|
||||
memcpy(location->full_location, full_address, location->full_location_len);
|
||||
location->full_location[location->full_location_len]='\0';
|
||||
}
|
||||
|
||||
atomic_inc(&location->ref_cnt);
|
||||
@@ -586,6 +606,7 @@ void ex_data_location_free(int table_id, void **ad, long argl, void* argp)
|
||||
tsg_free_field(location->province_full);
|
||||
tsg_free_field(location->city_full);
|
||||
tsg_free_field(location->subdivision_addr);
|
||||
tsg_free_field(location->full_location);
|
||||
|
||||
tsg_free_field((char *)(*ad));
|
||||
*ad=NULL;
|
||||
@@ -787,13 +808,40 @@ void ex_data_app_id_dict_new(const char *table_name, int table_id, const char* k
|
||||
tsg_free_field(deny_action_str);
|
||||
deny_action_str=NULL;
|
||||
|
||||
tsg_str_unescape(dict->risk);
|
||||
tsg_str_unescape(dict->app_name);
|
||||
tsg_str_unescape(dict->parent_app_name);
|
||||
tsg_str_unescape(dict->category);
|
||||
tsg_str_unescape(dict->subcategory);
|
||||
tsg_str_unescape(dict->technology);
|
||||
tsg_str_unescape(dict->characteristics);
|
||||
if(tsg_str_unescape(dict->app_name))
|
||||
{
|
||||
dict->app_name_len=(unsigned short)strlen(dict->app_name);
|
||||
}
|
||||
|
||||
if(tsg_str_unescape(dict->parent_app_name))
|
||||
{
|
||||
dict->parent_app_name_len=(unsigned short)strlen(dict->parent_app_name);
|
||||
}
|
||||
|
||||
if(tsg_str_unescape(dict->risk))
|
||||
{
|
||||
dict->risk_len=(char)strlen(dict->risk);
|
||||
}
|
||||
|
||||
if(tsg_str_unescape(dict->category))
|
||||
{
|
||||
dict->category_len=(char)strlen(dict->category);
|
||||
}
|
||||
|
||||
if(tsg_str_unescape(dict->subcategory))
|
||||
{
|
||||
dict->subcategory_len=(char)strlen(dict->subcategory);
|
||||
}
|
||||
|
||||
if(tsg_str_unescape(dict->technology))
|
||||
{
|
||||
dict->technology_len=(char)strlen(dict->technology);
|
||||
}
|
||||
|
||||
if(tsg_str_unescape(dict->characteristics))
|
||||
{
|
||||
dict->characteristics_len=(char)strlen(dict->characteristics);
|
||||
}
|
||||
|
||||
atomic_inc(&dict->ref_cnt);
|
||||
*ad=(void *)dict;
|
||||
@@ -2475,28 +2523,12 @@ size_t tsg_scan_ip_asn(const struct streaminfo *a_stream, struct maat *feather,
|
||||
|
||||
size_t tsg_scan_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info *location, enum MAAT_SCAN_TB idx, struct maat_state *s_mid, struct maat_rule *matched_rules, size_t n_matched_rules)
|
||||
{
|
||||
char full_address[1024]={0};
|
||||
if(location==NULL || matched_rules==NULL || n_matched_rules==0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(g_tsg_maat_rt_para.location_field_num==19)
|
||||
{
|
||||
snprintf(full_address,
|
||||
sizeof(full_address),
|
||||
"%s.%s.%s.%s.",
|
||||
location->country_full,
|
||||
location->province_full,
|
||||
location->city_full,
|
||||
location->subdivision_addr==NULL ? "" : location->subdivision_addr);
|
||||
}
|
||||
else
|
||||
{
|
||||
snprintf(full_address, sizeof(full_address), "%s.%s.", location->country_full, location->city_full);
|
||||
}
|
||||
|
||||
return tsg_scan_string(a_stream, feather, full_address, strlen(full_address), idx, s_mid, matched_rules, n_matched_rules);
|
||||
return tsg_scan_string(a_stream, feather, location->full_location, location->full_location_len, idx, s_mid, matched_rules, n_matched_rules);
|
||||
}
|
||||
|
||||
int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq)
|
||||
@@ -2774,7 +2806,7 @@ size_t tsg_scan_app_id_policy(const struct streaminfo *a_stream, struct maat *fe
|
||||
return tsg_scan_integer(a_stream, feather, (long long)app_id, MAAT_SCAN_APP_ID, s_mid, matched_rules, n_matched_rules);
|
||||
}
|
||||
|
||||
size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, char *district, struct maat_state *s_mid, struct maat_rule *matched_rules, int n_matched_rules)
|
||||
size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, int property_len, char *district, int district_len, struct maat_state *s_mid, struct maat_rule *matched_rules, int n_matched_rules)
|
||||
{
|
||||
if(property==NULL || district==NULL)
|
||||
{
|
||||
@@ -2783,8 +2815,8 @@ size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct
|
||||
|
||||
size_t matched_cnt=0;
|
||||
struct maat_rule property_result[MAX_RESULT_NUM]={0};
|
||||
maat_state_set_scan_district(s_mid, g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SELECTOR_PROPERTIES].id, (const char *)district, strlen(district));
|
||||
size_t ret=tsg_scan_string(a_stream, feather, property, strlen(property), MAAT_SCAN_SELECTOR_PROPERTIES, s_mid, property_result, MAX_RESULT_NUM);
|
||||
maat_state_set_scan_district(s_mid, g_tsg_maat_rt_para.scan_tb[MAAT_SCAN_SELECTOR_PROPERTIES].id, (const char *)district, district_len);
|
||||
size_t ret=tsg_scan_string(a_stream, feather, property, property_len, MAAT_SCAN_SELECTOR_PROPERTIES, s_mid, property_result, MAX_RESULT_NUM);
|
||||
for(size_t i=0; i<ret; i++)
|
||||
{
|
||||
matched_cnt+=tsg_scan_integer(a_stream, feather, property_result[i].rule_id, MAAT_SCAN_SELECTOR_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
@@ -2849,11 +2881,11 @@ size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *fea
|
||||
matched_cnt+=tsg_scan_ipv6_address(cur_stream, feather, p_addr, MAAT_SCAN_DST_IP_ADDR, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
break;
|
||||
case ADDR_TYPE_L2TP:
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_L2TP].name);
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_L2TP].name, g_tsg_proto_name2id[PROTO_L2TP].len);
|
||||
matched_cnt+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
break;
|
||||
case ADDR_TYPE_PPTP:
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_PPTP].name);
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_PPTP].name, g_tsg_proto_name2id[PROTO_PPTP].len);
|
||||
matched_cnt+=tsg_scan_integer(cur_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
break;
|
||||
case ADDR_TYPE_VLAN:
|
||||
@@ -2885,11 +2917,11 @@ size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *fea
|
||||
|
||||
if(matched_cnt<n_matched_rules && proto>PROTO_UNKONWN && proto<PROTO_MAX)
|
||||
{
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[proto].name);
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[proto].name, g_tsg_proto_name2id[proto].len);
|
||||
matched_cnt+=tsg_scan_integer(a_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
if(proto==PROTO_SMTP || proto==PROTO_IMAP || proto==PROTO_POP3)
|
||||
{
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_MAIL].name);
|
||||
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_MAIL].name, g_tsg_proto_name2id[proto].len);
|
||||
matched_cnt+=tsg_scan_integer(a_stream, feather, (long long)proto_id, MAAT_SCAN_APP_ID, s_mid, matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
}
|
||||
}
|
||||
@@ -2939,7 +2971,7 @@ int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int
|
||||
struct app_id_dict *dict=(struct app_id_dict *)maat_plugin_table_get_ex_data(feather, g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (const char *)&(ll_app_id), sizeof(long long));
|
||||
if(dict!=NULL)
|
||||
{
|
||||
if((int)strlen(dict->app_name) > app_name_len)
|
||||
if((int)(dict->app_name_len) > app_name_len)
|
||||
{
|
||||
ex_data_app_id_dict_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (void **)&dict, 0, NULL);
|
||||
return offset;
|
||||
@@ -2947,11 +2979,19 @@ int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int
|
||||
|
||||
if(dict->parent_app_id!=0 && is_joint_parent==1)
|
||||
{
|
||||
offset=snprintf(app_name, app_name_len, "%s.%s", dict->parent_app_name, dict->app_name);
|
||||
offset=(int)dict->parent_app_name_len;
|
||||
memcpy(app_name, dict->parent_app_name, offset);
|
||||
app_name[offset++]='.';
|
||||
|
||||
memcpy(app_name+offset, dict->app_name, dict->app_name_len);
|
||||
offset+=dict->app_name_len;
|
||||
app_name[offset]='\0';
|
||||
}
|
||||
else
|
||||
{
|
||||
offset=snprintf(app_name, app_name_len, "%s", dict->app_name);
|
||||
offset=(int)dict->app_name_len;
|
||||
memcpy(app_name, dict->app_name, offset);
|
||||
app_name[offset]='\0';
|
||||
}
|
||||
|
||||
ex_data_app_id_dict_free(g_tsg_maat_rt_para.plugin_tb[MAAT_PLUGIN_APP_ID_DICT].id, (void **)&dict, 0, NULL);
|
||||
|
||||
@@ -163,9 +163,9 @@ int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int
|
||||
size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
|
||||
size_t tsg_scan_app_id_policy(const struct streaminfo *a_stream, struct maat *feather, unsigned int app_id, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
|
||||
size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
|
||||
size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, char *district, struct maat_state *s_mid, struct maat_rule *results, int n_results);
|
||||
size_t tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *results, size_t n_results, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array);
|
||||
size_t tsg_scan_fqdn_category_id(const struct streaminfo * a_stream, struct maat *feather, unsigned int *category_id, int category_id_num, int table_idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
|
||||
size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, int property_len, char *district, int district_len, struct maat_state *s_mid, struct maat_rule *matched_rules, int n_matched_rules);
|
||||
|
||||
int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq);
|
||||
|
||||
|
||||
@@ -334,26 +334,16 @@ static int set_location(struct TLD_handle_t *_handle, const struct streaminfo *
|
||||
len+=string_cat(buff+len, buff_len-len, location_info->province_full);
|
||||
buff[len++]=',';
|
||||
string_cat(buff+len, buff_len-len, location_info->country_full);
|
||||
|
||||
TLD_append(_handle, field_name, (void *)buff, TLD_TYPE_STRING);
|
||||
break;
|
||||
case 19:
|
||||
len+=string_cat(buff+len, buff_len-len, location_info->country_full);
|
||||
buff[len++]='.';
|
||||
len+=string_cat(buff+len, buff_len-len, location_info->province_full);
|
||||
buff[len++]='.';
|
||||
len+=string_cat(buff+len, buff_len-len, location_info->city_full);
|
||||
|
||||
if(location_info->subdivision_addr!=NULL)
|
||||
{
|
||||
buff[len++]='.';
|
||||
string_cat(buff+len, buff_len-len, location_info->subdivision_addr);
|
||||
}
|
||||
TLD_append(_handle, field_name, (void *)location_info->full_location, TLD_TYPE_STRING);
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
TLD_append(_handle, field_name, (void *)buff, TLD_TYPE_STRING);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -66,12 +66,23 @@ int tsg_set_intercept_flow(struct maat_rule *p_result, struct traffic_info *traf
|
||||
security_tags[SECURITY_TAG_ACTION].value_int = p_result->action;
|
||||
security_tags[SECURITY_TAG_VSYS_ID].value_int = p_result->vsys_id;
|
||||
|
||||
long long column[COLUMN_MAX];
|
||||
size_t n_column_num=COLUMN_MAX;
|
||||
column[COLUMN_HIT_COUNT]=traffic_info->con_num;
|
||||
column[COLUMN_IN_BYTES]=traffic_info->in_bytes;
|
||||
column[COLUMN_OUT_BYTES]=traffic_info->out_bytes;
|
||||
column[COLUMN_IN_PKTS]=traffic_info->in_packets;
|
||||
column[COLUMN_OUT_PKTS]=traffic_info->out_packets;
|
||||
|
||||
fieldstat_dynamic_table_row_metric_values_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, "security_rule_hits", column, n_column_num, security_tags, SECURITY_TAG_MAX, thread_seq);
|
||||
|
||||
#if 0
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_HIT_COUNT], "security_rule_hits", traffic_info->con_num, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_IN_BYTES], "security_rule_hits", traffic_info->in_bytes, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_OUT_BYTES], "security_rule_hits", traffic_info->out_bytes, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_IN_PKTS], "security_rule_hits", traffic_info->in_packets, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_OUT_PKTS], "security_rule_hits", traffic_info->out_packets, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -82,16 +93,28 @@ int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_r
|
||||
return -1;
|
||||
}
|
||||
|
||||
unsigned long long value = 0;
|
||||
int value_len = sizeof(unsigned long long);
|
||||
|
||||
struct fieldstat_tag security_tags[SECURITY_TAG_MAX] = {{"rule_id", 0, -1}, {"action", 0, -1}, {"vsys_id", 0, -1}};
|
||||
security_tags[SECURITY_TAG_RULE_ID].value_int = p_result->rule_id;
|
||||
security_tags[SECURITY_TAG_ACTION].value_int = p_result->action;
|
||||
security_tags[SECURITY_TAG_VSYS_ID].value_int = p_result->vsys_id;
|
||||
|
||||
long long column[COLUMN_MAX];
|
||||
size_t n_column_num=COLUMN_MAX;
|
||||
|
||||
column[COLUMN_HIT_COUNT]=1;
|
||||
|
||||
int value_len = sizeof(unsigned long long);
|
||||
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_BYTE_RAW, (void *)&(column[COLUMN_IN_BYTES]), &value_len);
|
||||
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&(column[COLUMN_IN_PKTS]), &value_len);
|
||||
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_BYTE_RAW, (void *)&(column[COLUMN_OUT_BYTES]), &value_len);
|
||||
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&(column[COLUMN_OUT_PKTS]), &value_len);
|
||||
|
||||
fieldstat_dynamic_table_row_metric_values_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, "security_rule_hits", column, n_column_num, security_tags, SECURITY_TAG_MAX, thread_seq);
|
||||
|
||||
#if 0
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_HIT_COUNT], "security_rule_hits", 1, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
|
||||
unsigned long long value = 0;
|
||||
value=0;
|
||||
MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_BYTE_RAW, (void *)&value, &value_len);
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_IN_BYTES], "security_rule_hits", value, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
@@ -107,7 +130,7 @@ int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_r
|
||||
value=0;
|
||||
MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.security_metric_handle, g_tsg_statis_para.metric_table_id, g_tsg_statis_para.security_column_ids[COLUMN_OUT_PKTS], "security_rule_hits", value, security_tags, (size_t)SECURITY_TAG_MAX, thread_seq);
|
||||
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -202,6 +225,32 @@ int tsg_set_application_metrics(const struct streaminfo *a_stream, const char *l
|
||||
app_tags[APP_TAG_PROTOCOL_LABEL].value_str = l4_protocol;
|
||||
app_tags[APP_TAG_APP_FULL_PATH].value_str = app_full_path;
|
||||
|
||||
long long column[TRAFFIC_APP_MAX];
|
||||
size_t n_column_num=TRAFFIC_APP_MAX;
|
||||
|
||||
column[TRAFFIC_APP_SESSIONS]=app_statis->sessions;
|
||||
column[TRAFFIC_APP_IN_BYTES]=app_statis->in_bytes;
|
||||
column[TRAFFIC_APP_OUT_BYTES]=app_statis->out_bytes;
|
||||
column[TRAFFIC_APP_IN_PKTS]=app_statis->in_pkts;
|
||||
column[TRAFFIC_APP_OUT_PKTS]=app_statis->out_pkts;
|
||||
column[TRAFFIC_APP_C2S_PKTS]=app_statis->c2s_pkts;
|
||||
column[TRAFFIC_APP_S2C_PKTS]=app_statis->s2c_pkts;
|
||||
column[TRAFFIC_APP_C2S_BYTES]=app_statis->c2s_bytes;
|
||||
column[TRAFFIC_APP_S2C_BYTES]=app_statis->s2c_bytes;
|
||||
column[TRAFFIC_APP_C2S_FRAGMENTS]=app_statis->c2s_fragments;
|
||||
column[TRAFFIC_APP_S2C_FRAGMENTS]=app_statis->s2c_fragments;
|
||||
column[TRAFFIC_APP_C2S_LOST_BYTES]=app_statis->c2s_tcp_lost_bytes;
|
||||
column[TRAFFIC_APP_S2C_LOST_BYTES]=app_statis->s2c_tcp_lost_bytes;
|
||||
column[TRAFFIC_APP_C2S_ORDER_PKTS]=app_statis->c2s_tcp_ooorder_pkts;
|
||||
column[TRAFFIC_APP_S2C_ORDER_PKTS]=app_statis->s2c_tcp_ooorder_pkts;
|
||||
column[TRAFFIC_APP_C2S_RETRANSMITTED_PKTS]=app_statis->c2s_tcp_retransmitted_pkts;
|
||||
column[TRAFFIC_APP_S2C_RETRANSMITTED_PKTS]=app_statis->s2c_tcp_retransmitted_pkts;
|
||||
column[TRAFFIC_APP_C2S_RETRANSMITTED_BYTES]=app_statis->c2s_tcp_retransmitted_bytes;
|
||||
column[TRAFFIC_APP_S2C_RETRANSMITTED_BYTES]=app_statis->s2c_tcp_retransmitted_bytes;
|
||||
|
||||
fieldstat_dynamic_table_row_metric_values_incrby(g_tsg_statis_para.app_metric_handle, g_tsg_statis_para.app_metric_table_id, "traffic_application_protocol_stat", column, n_column_num, app_tags, APP_TAG_MAX, thread_seq);
|
||||
|
||||
#if 0
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.app_metric_handle, g_tsg_statis_para.app_metric_table_id, g_tsg_statis_para.app_column_ids[TRAFFIC_APP_SESSIONS], "traffic_application_protocol_stat",
|
||||
app_statis->sessions, app_tags, (size_t)APP_TAG_MAX, thread_seq);
|
||||
|
||||
@@ -258,7 +307,7 @@ int tsg_set_application_metrics(const struct streaminfo *a_stream, const char *l
|
||||
|
||||
fieldstat_dynamic_table_metric_value_incrby(g_tsg_statis_para.app_metric_handle, g_tsg_statis_para.app_metric_table_id, g_tsg_statis_para.app_column_ids[TRAFFIC_APP_S2C_RETRANSMITTED_BYTES], "traffic_application_protocol_stat",
|
||||
app_statis->s2c_tcp_retransmitted_bytes, app_tags, (size_t)APP_TAG_MAX, thread_seq);
|
||||
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -7,31 +7,31 @@
|
||||
|
||||
struct tsg_rt_para g_tsg_para;
|
||||
|
||||
struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
|
||||
{PROTO_IPv4, 0, "IPV4"},
|
||||
{PROTO_IPv6, 0, "IPV6"},
|
||||
{PROTO_TCP, 0, "TCP"},
|
||||
{PROTO_UDP, 0, "UDP"},
|
||||
{PROTO_HTTP, 0, "HTTP"},
|
||||
{PROTO_MAIL, 0, "MAIL"},
|
||||
{PROTO_DNS, 0, "DNS"},
|
||||
{PROTO_FTP, 0, "FTP"},
|
||||
{PROTO_SSL, 0, "SSL"},
|
||||
{PROTO_SIP, 0, "SIP"},
|
||||
{PROTO_BGP, 0, "BGP"},
|
||||
{PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
|
||||
{PROTO_QUIC, 0, "QUIC"},
|
||||
{PROTO_SSH, 0, "SSH"},
|
||||
{PROTO_SMTP, 0, "SMTP"},
|
||||
{PROTO_IMAP, 0, "IMAP"},
|
||||
{PROTO_POP3, 0, "POP3"},
|
||||
{PROTO_RTP, 0, "RTP"},
|
||||
{PROTO_APP, 0, "BASE"},
|
||||
{PROTO_L2TP, 0, "L2TP"},
|
||||
{PROTO_PPTP, 0, "PPTP"},
|
||||
{PROTO_STRATUM, 0, "Stratum"},
|
||||
{PROTO_RDP, 0, "RDP"},
|
||||
{PROTO_DTLS, 0, "DTLS"}
|
||||
struct id2field_tlv g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, 7, "unknown"},
|
||||
{PROTO_IPv4, 0, 4, "IPV4"},
|
||||
{PROTO_IPv6, 0, 4, "IPV6"},
|
||||
{PROTO_TCP, 0, 3, "TCP"},
|
||||
{PROTO_UDP, 0, 3, "UDP"},
|
||||
{PROTO_HTTP, 0, 4, "HTTP"},
|
||||
{PROTO_MAIL, 0, 4, "MAIL"},
|
||||
{PROTO_DNS, 0, 3, "DNS"},
|
||||
{PROTO_FTP, 0, 3, "FTP"},
|
||||
{PROTO_SSL, 0, 3, "SSL"},
|
||||
{PROTO_SIP, 0, 3, "SIP"},
|
||||
{PROTO_BGP, 0, 3, "BGP"},
|
||||
{PROTO_STREAMING_MEDIA, 0, 15, "STREAMING_MEDIA"},
|
||||
{PROTO_QUIC, 0, 4, "QUIC"},
|
||||
{PROTO_SSH, 0, 3, "SSH"},
|
||||
{PROTO_SMTP, 0, 4, "SMTP"},
|
||||
{PROTO_IMAP, 0, 4, "IMAP"},
|
||||
{PROTO_POP3, 0, 3, "POP3"},
|
||||
{PROTO_RTP, 0, 3, "RTP"},
|
||||
{PROTO_APP, 0, 4, "BASE"},
|
||||
{PROTO_L2TP, 0, 4, "L2TP"},
|
||||
{PROTO_PPTP, 0, 4, "PPTP"},
|
||||
{PROTO_STRATUM, 0, 7, "Stratum"},
|
||||
{PROTO_RDP, 0, 3, "RDP"},
|
||||
{PROTO_DTLS, 0, 4, "DTLS"}
|
||||
};
|
||||
|
||||
const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
|
||||
@@ -46,11 +46,11 @@ const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
|
||||
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name, unsigned int l7_protocol_name_len)
|
||||
{
|
||||
struct l7_protocol *l7_proto=NULL;
|
||||
|
||||
HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto);
|
||||
HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, l7_protocol_name_len, l7_proto);
|
||||
if(l7_proto!=NULL)
|
||||
{
|
||||
return l7_proto->id;
|
||||
|
||||
@@ -18,8 +18,8 @@ enum DEPLOY_MODE
|
||||
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
|
||||
#endif
|
||||
|
||||
#ifndef MAX_TSG_ALL_RESULT_NUM
|
||||
#define MAX_TSG_ALL_RESULT_NUM MAX_RESULT_NUM*3
|
||||
#ifndef MAX_MATCHED_RULES_NUM
|
||||
#define MAX_MATCHED_RULES_NUM MAX_RESULT_NUM*4
|
||||
#endif
|
||||
|
||||
#ifndef MAX_STRING_LEN32
|
||||
@@ -47,6 +47,14 @@ struct id2field
|
||||
char name[MAX_STRING_LEN32];
|
||||
};
|
||||
|
||||
struct id2field_tlv
|
||||
{
|
||||
int type;
|
||||
int id;
|
||||
int len;
|
||||
char name[MAX_STRING_LEN32];
|
||||
};
|
||||
|
||||
struct tsg_rt_para
|
||||
{
|
||||
int level;
|
||||
@@ -84,7 +92,7 @@ struct tsg_rt_para
|
||||
};
|
||||
|
||||
extern struct tsg_rt_para g_tsg_para;;
|
||||
extern struct id2field g_tsg_proto_name2id[PROTO_MAX];
|
||||
extern struct id2field_tlv g_tsg_proto_name2id[PROTO_MAX];
|
||||
|
||||
struct l7_protocol
|
||||
{
|
||||
|
||||
@@ -1153,7 +1153,7 @@
|
||||
"table_content": {
|
||||
"format": "uncase plain",
|
||||
"match_method": "complete",
|
||||
"keywords": "country_full_test.city_full_test.",
|
||||
"keywords": "country_full_test..city_full_test.",
|
||||
"expr_type": "none"
|
||||
}
|
||||
}
|
||||
@@ -1184,7 +1184,7 @@
|
||||
"table_content": {
|
||||
"format": "uncase plain",
|
||||
"match_method": "complete",
|
||||
"keywords": "country_full_test.city_full_test.",
|
||||
"keywords": "country_full_test..city_full_test.",
|
||||
"expr_type": "none"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -757,6 +757,8 @@ TEST(TSG_Table, TSG_SECURITY_SOURCE_LOCATION)
|
||||
struct location_info location = {0};
|
||||
location.country_full = (char *)"country_full_test";
|
||||
location.city_full = (char *)"city_full_test";
|
||||
location.full_location=(char *)"country_full_test..city_full_test.";
|
||||
location.full_location_len=strlen(location.full_location);
|
||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||
struct maat_rule results[MAX_RESULT_NUM] = {0};
|
||||
EXPECT_EQ(tsg_scan_ip_location((const struct streaminfo *)&a_stream, g_tsg_maat_feather, &location, MAAT_SCAN_SRC_LOCATION, mid, results, MAX_RESULT_NUM), 1);
|
||||
@@ -772,6 +774,8 @@ TEST(TSG_Table, TSG_SECURITY_DESTINATION_LOCATION)
|
||||
struct location_info location = {0};
|
||||
location.country_full = (char *)"country_full_test";
|
||||
location.city_full = (char *)"city_full_test";
|
||||
location.full_location=(char *)"country_full_test..city_full_test.";
|
||||
location.full_location_len=strlen(location.full_location);
|
||||
struct maat_state *mid = maat_state_new(g_tsg_maat_feather, a_stream.threadnum);
|
||||
struct maat_rule results[MAX_RESULT_NUM] = {0};
|
||||
EXPECT_EQ(tsg_scan_ip_location((const struct streaminfo *)&a_stream, g_tsg_maat_feather, &location, MAAT_SCAN_DST_LOCATION, mid, results, MAX_RESULT_NUM), 1);
|
||||
|
||||
Reference in New Issue
Block a user