gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14911: 支持从策略用户自定义中解析vsys id, Secutiry Rule Hits metrics中填写策略指定的vsys id

Browse Source
This commit is contained in:
刘学利
2023-04-28 06:03:16 +00:00
parent 4bafeced19
commit 5bc9831e03
5 changed files with 16 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
inc/tsg_rule.h
View File

@@ -58,7 +58,8 @@ struct maat_rule
unsigned char action; unsigned char action;
unsigned char service_id; unsigned char service_id;
unsigned char do_log; unsigned char do_log;
unsigned char padding[5]; unsigned char padding;
int vsys_id;
}; };
struct matched_policy_rules struct matched_policy_rules

6
src/tsg_rule.cpp
View File

@@ -1234,6 +1234,12 @@ void ex_data_security_compile_new(const char *table_name, int table_id, const ch
break; break;
} }
cJSON *item=cJSON_GetObjectItem(user_region_object, "vsys_id");
if(item!=NULL)
{
compile->rule.vsys_id=item->valueint;
}
cJSON_Delete(user_region_object); cJSON_Delete(user_region_object);
user_region_object=NULL; user_region_object=NULL;
} }

19
src/tsg_send_log.cpp
View File

@@ -1517,7 +1517,6 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo
cJSON *object=NULL; cJSON *object=NULL;
TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name);
if(p_result->action!=TSG_ACTION_NONE) if(p_result->action!=TSG_ACTION_NONE)
@@ -1536,11 +1535,10 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo
} }
if(object==NULL) if(object==NULL)
{ {
TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)(_instance->vsystem_id), TLD_TYPE_LONG);
return 0; return 0;
} }
if(p_result->action==TSG_ACTION_DENY) if(p_result->action==TSG_ACTION_DENY)
{ {
item=cJSON_GetObjectItem(object, "method"); item=cJSON_GetObjectItem(object, "method");
@@ -1550,16 +1548,6 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo
} }
} }
item=cJSON_GetObjectItem(object, "vsys_id");
if(item!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)item->valueint, TLD_TYPE_LONG);
}
else
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG);
}
cJSON_Delete(object); cJSON_Delete(object);
object=NULL; object=NULL;
@@ -2124,6 +2112,7 @@ int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_han
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(rules[i].rule_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(rules[i].rule_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(rules[i].service_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(rules[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)rules[i].action), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)rules[i].action), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)rules[i].vsys_id, TLD_TYPE_LONG);
set_policy_action_para_exec_result(_instance, _handle, a_stream, &(rules[i])); set_policy_action_para_exec_result(_instance, _handle, a_stream, &(rules[i]));
@@ -2135,6 +2124,7 @@ int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_han
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name);
} }
return 0; return 0;
@@ -2173,7 +2163,6 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)tsg_data_center_get(), TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)tsg_data_center_get(), TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)tsg_device_tag_get(), TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)tsg_device_tag_get(), TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG);
set_application_behavior(_instance, _handle, a_stream); set_application_behavior(_instance, _handle, a_stream);

4
src/tsg_statistic.cpp
View File

@@ -28,18 +28,20 @@ enum metric_tags_index
{ {
TAG_RULE_ID = 0, TAG_RULE_ID = 0,
TAG_ACTION, TAG_ACTION,
TAG_VSYS_ID,
TAG_MAX TAG_MAX
}; };
enum field_type metric_column_type[COLUMN_MAX] = {FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER}; enum field_type metric_column_type[COLUMN_MAX] = {FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER, FIELD_TYPE_COUNTER};
const char *metric_column_field[COLUMN_MAX] = {"hit_count", "in_bytes", "out_bytes", "in_pkts", "out_pkts"}; const char *metric_column_field[COLUMN_MAX] = {"hit_count", "in_bytes", "out_bytes", "in_pkts", "out_pkts"};
unsigned int metric_column_array[COLUMN_MAX] = {0}; unsigned int metric_column_array[COLUMN_MAX] = {0};
struct fieldstat_tag g_metric_tags[TAG_MAX] = {{"rule_id", 0, -1}, {"action", 0, -1}}; struct fieldstat_tag g_metric_tags[TAG_MAX] = {{"rule_id", 0, -1}, {"action", 0, -1}, {"vsys_id", 0, -1}};
struct fieldstat_tag *tsg_set_metric_tags(struct maat_rule *p_result, int thread_seq) struct fieldstat_tag *tsg_set_metric_tags(struct maat_rule *p_result, int thread_seq)
{ {
g_tsg_statis_para.metric_tags[thread_seq][TAG_RULE_ID].value_int = p_result->rule_id; g_tsg_statis_para.metric_tags[thread_seq][TAG_RULE_ID].value_int = p_result->rule_id;
g_tsg_statis_para.metric_tags[thread_seq][TAG_ACTION].value_int = p_result->action; g_tsg_statis_para.metric_tags[thread_seq][TAG_ACTION].value_int = p_result->action;
g_tsg_statis_para.metric_tags[thread_seq][TAG_VSYS_ID].value_int = p_result->vsys_id;
return g_tsg_statis_para.metric_tags[thread_seq]; return g_tsg_statis_para.metric_tags[thread_seq];
} }

1
src/version.map
View File

@@ -15,6 +15,7 @@ global:
*srt_process_context_*; *srt_process_context_*;
*session_matched_rules_notify*; *session_matched_rules_notify*;
*session_matched_rules_copy*; *session_matched_rules_copy*;
*session_packet_capture_by_rules_notify*;
*GIT*; *GIT*;
}; };
local: *; local: *;