gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

发送日common_l7_protocol志字段时将MAIL协议进行细分

Browse Source
This commit is contained in:
liuxueli
2020-11-15 11:18:28 +06:00
parent d810e8c206
commit 701eb1c9b6
3 changed files with 41 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/tsg_entry.cpp
View File

@@ -233,13 +233,13 @@ char *tsg_schema_index2string(tsg_protocol_t proto)
schema_field_value=(char *)"SSH"; schema_field_value=(char *)"SSH";
break; break;
case PROTO_IMAP: case PROTO_IMAP:
schema_field_value=(char *)"MAIL"; schema_field_value=(char *)"IMAP";
break; break;
case PROTO_POP3: case PROTO_POP3:
schema_field_value=(char *)"MAIL"; schema_field_value=(char *)"POP3";
break; break;
case PROTO_SMTP: case PROTO_SMTP:
schema_field_value=(char *)"MAIL"; schema_field_value=(char *)"SMTP";
break; break;
default: default:
break; break;
@@ -261,7 +261,15 @@ static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_re
{ {
schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE);
if(identify_info->proto==PROTO_IMAP || identify_info->proto==PROTO_SMTP || identify_info->proto==PROTO_POP3)
{
schema_field_value=tsg_schema_index2string(PROTO_MAIL);
}
else
{
schema_field_value=tsg_schema_index2string(identify_info->proto); schema_field_value=tsg_schema_index2string(identify_info->proto);
}
if(schema_field_value!=NULL) if(schema_field_value!=NULL)
{ {
TLD_append(TLD_handle, schema_field_name, (void *)schema_field_value, TLD_TYPE_STRING); TLD_append(TLD_handle, schema_field_name, (void *)schema_field_value, TLD_TYPE_STRING);

37
src/tsg_send_log.cpp
View File

@@ -139,6 +139,24 @@ struct TLD_handle_t *TLD_create(int thread_id)
return _handle; return _handle;
} }
static int set_l7_protocol(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
char *l7_protocol=NULL;
struct _basic_proto_label *l7_proto_label=NULL;
l7_proto_label=(struct _basic_proto_label *)project_req_get_struct(a_stream, _instance->l7_proto_project_id);
if(l7_proto_label!=NULL && l7_proto_label->proto_id!=_instance->mail_proto_id)
{
l7_protocol=tsg_l7_protocol_id2name(_instance, l7_proto_label->proto_id);
if(l7_protocol!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)l7_protocol, TLD_TYPE_STRING);
return 1;
}
}
return 0;
}
char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id) char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id)
{ {
@@ -201,24 +219,17 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name,
int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{ {
char buff[1024]={0}; char buff[1024]={0};
int l7_protocol_flag=0;
char *l7_protocol=NULL; char *l7_protocol=NULL;
struct _basic_proto_label *l7_proto_label=NULL;
struct _location_info_t *location=NULL; struct _location_info_t *location=NULL;
struct _session_attribute_label_t *internal_label=NULL; struct _session_attribute_label_t *internal_label=NULL;
l7_protocol_flag=set_l7_protocol(_instance, _handle, a_stream);
internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id); internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id);
if(internal_label!=NULL) if(internal_label!=NULL)
{ {
l7_proto_label=(struct _basic_proto_label *)project_req_get_struct(a_stream, _instance->l7_proto_project_id); if(l7_protocol_flag==0)
if(l7_proto_label!=NULL)
{
l7_protocol=tsg_l7_protocol_id2name(_instance, l7_proto_label->proto_id);
if(l7_protocol!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)l7_protocol, TLD_TYPE_STRING);
}
}
else
{ {
l7_protocol=tsg_schema_index2string(internal_label->proto); l7_protocol=tsg_schema_index2string(internal_label->proto);
if(l7_protocol!=NULL) if(l7_protocol!=NULL)
@@ -265,9 +276,12 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD
} }
} }
else else
{
if(l7_protocol_flag==0)
{ {
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)"UNCATEGORIZED", TLD_TYPE_STRING); TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)"UNCATEGORIZED", TLD_TYPE_STRING);
} }
}
return 0; return 0;
} }
@@ -555,6 +569,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30); MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30);
MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog"); MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog");
MESA_load_profile_int_def(conffile, "TSG_LOG", "MAIL_PROTOCOL_ID",&(_instance->mail_proto_id), 110);
_instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level); _instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level);
if(_instance->logger==NULL) if(_instance->logger==NULL)

1
src/tsg_send_log_internal.h
View File

@@ -92,6 +92,7 @@ struct tsg_log_instance_t
{ {
int mode; int mode;
int level; int level;
int mail_proto_id;
int max_service; int max_service;
int recovery_interval; int recovery_interval;
int l7_proto_project_id; int l7_proto_project_id;