From 7912ec54b2669ca7aa84a1885dcca025135c7d0e Mon Sep 17 00:00:00 2001 From: liuxueli Date: Tue, 19 Nov 2019 18:41:31 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG=EF=BC=8C=E5=91=BD?= =?UTF-8?q?=E4=B8=AD=E6=8B=A6=E6=88=AA=E7=AD=96=E7=95=A5=E6=97=B6=E6=9C=AA?= =?UTF-8?q?=E5=AF=B9=E7=B1=BB=E5=9E=8B=E8=BF=9B=E8=A1=8C=E8=B5=8B=E5=80=BC?= =?UTF-8?q?=EF=BC=8C=E5=AF=BC=E8=87=B4KNI=E8=8E=B7=E5=8F=96=E4=B8=8D?= =?UTF-8?q?=E5=88=B0=E5=91=BD=E4=B8=AD=E7=BB=93=E6=9E=9C=20=E6=B7=BB?= =?UTF-8?q?=E5=8A=A0=E6=80=BB=E6=8E=A7=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?= =?UTF-8?q?=20=E6=B7=BB=E5=8A=A0FS2=E7=BB=9F=E8=AE=A1=E6=97=A5=E5=BF=97=20?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=94=99=E8=AF=AF=E6=97=A5=E5=BF=97=20?= =?UTF-8?q?=E6=9E=84=E9=80=A0=E9=80=82=E7=94=A8sapp4.0=E7=9A=84rpm?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CMakeLists.txt | 22 +- src/tsg_entry.cpp | 621 +++++++++++++++++++++++-------------------- src/tsg_entry.h | 13 + src/tsg_rule.cpp | 14 + src/tsg_send_log.cpp | 11 +- src/version.map | 4 +- 6 files changed, 389 insertions(+), 296 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index e7b90cc..3190ebb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,17 +33,23 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) add_subdirectory (src) -set(CONFLIST /plug/platform/conflist_platform.inf) +set(CONFLIST /plug/conflist.inf) +set(MASTER_INF "./plug/platform/tsg_master/tsg_master.inf") +set(PROJECT_LIST /etc/project_list.conf) + file(WRITE ${PROJECT_SOURCE_DIR}/install.sh "#!/bin/sh\r\n") file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "DST=\${RPM_INSTALL_PREFIX}\r\n") file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "mkdir -p \${DST}/plug/platform/\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "mkdir -p \${DST}/etc/\r\n") file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "touch \${DST}${CONFLIST}\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "touch \${DST}${PROJECT_LIST}\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'POLICY_PRIORITY' ${DST}/conf/project_list.conf` ]];then\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo 'POLICY_PRIORITY struct' >> \${DST}/conf/project_list.conf\r\nfi\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'POLICY_PRIORITY' \${DST}${PROJECT_LIST}` ]];then\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo 'POLICY_PRIORITY struct' >> \${DST}${PROJECT_LIST}\r\nfi\r\n") file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'tsg_master.inf' \${DST}${CONFLIST}` ]];then\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo './plug/platform/tsg_master/tsg_master.inf' >> \${DST}/plug/platform/conflist_platform.inf\r\nfi\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "sed -i '/\\[platform\\]/a\\${MASTER_INF}' \${DST}${CONFLIST}\r\nfi\r\n") +#file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo './plug/platform/tsg_master/tsg_master.inf' >> \${DST}\${CONFLIST}\r\nfi\r\n") SET(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/install.sh") @@ -51,15 +57,17 @@ file(WRITE ${PROJECT_SOURCE_DIR}/uninstall.sh "#!/bin/sh\r\n") file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "DST=\${RPM_INSTALL_PREFIX}\r\n") file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "mkdir -p \${DST}/plug/platform/\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/tsg_master/d' \${DST}/plug/platform/conflist_platform.inf\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/POLICY_PRIORITY/d' \${DST}/conf/project_list.conf\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/tsg_master.inf/d' \${DST}${CONFLIST}\r\n") +file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/POLICY_PRIORITY/d' \${DST}${PROJECT_LIST}\r\n") SET(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/uninstall.sh") install(FILES bin/main.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) install(FILES bin/tsg_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) +install(FILES bin/tsg_log_field.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) +install(FILES bin/tsg_maat.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) +install(FILES bin/tsg_maat_ip_deny.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) install(FILES inc/tsg_send_log.h DESTINATION /opt/MESA/include/tsg) -install(FILES inc/tsg_types.h DESTINATION /opt/MESA/include/tsg) install(FILES inc/tsg_rule.h DESTINATION /opt/MESA/include/tsg) include(Package) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 439d246..174693d 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1,284 +1,337 @@ -#include -#include -#include -#include - -#include -#include -#include - -#include "tsg_rule.h" -#include "tsg_entry.h" -#include "tsg_send_log.h" -#include "tsg_send_log_internal.h" - - - -char TSG_MASTER_VERSION_20191119=0; -const char *tsg_conffile="tsgconf/main.conf"; -g_tsg_para_t g_tsg_para; - -static void free_policy_label(int thread_seq, void *project_req_value) -{ - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; -} - -#if 0 -static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thread_seq) -{ - int ret=0; - cJSON *item=NULL; - char *service_defined=NULL; - cJSON *user_define_object=NULL; - - if(p_result->serv_def_len>MAX_SERVICE_DEFINE_LEN) - { - service_defined=dictator_malloc(thread_seq, p_result->serv_def_len+1); - ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, service_defined, p_result->serv_def_len+1); - assert(ret==p_result->serv_def_len+1); - - user_define_object=cJSON_Parse(service_defined); - } - else - { - user_define_object=cJSON_Parse(p_result->service_defined); - } - - if(user_define_object!=NULL) - { - item=cJSON_GetObjectItem(user_define_object, "protocol"); - if(item!=NULL && item->valuestring!=NULL) - { - memcpy(protocol, item->valuestring, (len>strlen(item->valuestring)) ? strlen(item->valuestring): len); - } - - item=cJSON_GetObjectItem(user_define_object, "method"); - if((item==NULL) || ((strncasecmp(item->valuestring, "http", strlen(item->valuestring)))!=0 && (strncasecmp(item->valuestring, "ssl", strlen(item->valuestring)))!=0)) - { - ret=1; - } - - cJSON_Delete(user_define_object); - user_define_object=NULL; - } - - if(service_defined!=NULL) - { - dictator_free(thread_seq, service_defined); - service_defined=NULL; - } - - return ret; -} -#endif -static Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) -{ - int i=0; - Maat_rule_t *p_result=NULL; - if(result==NULL || result_num<=0) - { - return NULL; - } - - p_result=&result[0]; - - for(i=1; i(unsigned char)p_result->action) - { - p_result=&result[i]; - continue; - } - - if(result[i].action==p_result->action) - { - if(result[i].config_idconfig_id) - { - p_result=&result[i]; - } - } - } - - return p_result; -} - -extern "C" char TSG_MASTER_TCPALL_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) -{ - int send_log=0,identify_flag=0; - int ret=0,hit_num=0,ip_policy=0; - int state=APP_STATE_DROPME; - scan_status_t mid=NULL; - char *domain_field_name=NULL; - char *schema_field_name=NULL; - Maat_rule_t *p_result=NULL; - Maat_rule_t *q_result=NULL; - tsg_log_t log_msg; - TLD_handle_t TLD_handle=NULL; - struct _identify_info identify_info; - Maat_rule_t all_result[MAX_RESULT_NUM]; - policy_priority_label_t *priority_label=NULL; - - switch(a_tcp->pktstate) - { - case OP_STATE_PENDING: - case OP_STATE_DATA: - if((a_tcp->ptcpdetail->pdata==NULL) || (a_tcp->ptcpdetail->datalen<=0) || (a_tcp->dir==DIR_DOUBLE && a_tcp->curdir==DIR_S2C)) - { - return APP_STATE_GIVEME; - } - - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num); - if(ret>0) - { - hit_num+=ret; - q_result=tsg_policy_decision_criteria(all_result, hit_num); - } - - - if(a_tcp->curdir==DIR_C2S) - { - memset(&identify_info, 0, sizeof(identify_info)); - - ret=tsg_scan_shared_policy(g_tsg_maat_feather, - a_tcp->ptcpdetail->pdata, - a_tcp->ptcpdetail->datalen, - all_result+hit_num, - MAX_RESULT_NUM-hit_num, - &identify_info, - &mid, - g_tsg_para.logger, - thread_seq); - if(ret>0) - { - hit_num+=ret; - identify_flag=1; - } - } - - p_result=tsg_policy_decision_criteria(all_result, hit_num); - - if(p_result!=NULL) - { - if(q_result!=NULL && (p_result==q_result)) - { - ip_policy=1; - send_log=1; - } - - switch((unsigned char)p_result->action) - { - case TSG_ACTION_DENY: - if(ip_policy==1) - { - MESA_kill_tcp(a_tcp, a_packet); - state|=APP_STATE_DROPPKT; - } - break; - case TSG_ACTION_MONITOR: - break; - case TSG_ACTION_BYPASS: - send_log=1; - state|=APP_STATE_DROPPKT; //TODO - break; - case TSG_ACTION_INTERCEPT: - priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); - - priority_label->result_num=1; - priority_label->domain_len=identify_info.domain_len; - memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len); - memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); - - ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label); - if(ret<0) - { - free_policy_label(thread_seq, (void *)priority_label); - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed ..."); - } - break; - case TSG_ACTION_NONE: - default: - assert(0); - break; - } - - if(send_log==1 && p_result->do_log>0) - { - TLD_handle=TLD_create(thread_seq); - if(identify_flag==1) - { - schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); - TLD_append(TLD_handle, schema_field_name, (void *)((identify_info.proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING); - - domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info.proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI)); - TLD_append(TLD_handle, domain_field_name, (void *)identify_info.domain, TLD_TYPE_STRING); - } - - log_msg.a_stream=a_tcp; - log_msg.result=p_result; - log_msg.result_num=1; - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); - } - } - break; - case OP_STATE_CLOSE: - default: - break; - } - - return state; -} - - - -extern "C" int TSG_MASTER_INIT() -{ - int ret=0,level=30; - char log_path[128]={0}; - char label_buff[128]={0}; - - memset(&g_tsg_para, 0, sizeof(g_tsg_para)); - - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), NULL); - - g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level); - if(g_tsg_para.logger==NULL) - { - printf("MESA_create_runtime_log_handle failed ...\n"); - return -1; - } - - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); - g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); - if(g_tsg_para.priority_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed ...", label_buff); - return -1; - } - - ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ..."); - return -1; - } - - g_tsg_log_instance=tsg_sendlog_init(tsg_conffile); - if(g_tsg_log_instance==NULL) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); - return -1; - } - - return 0; -} - - - -extern "C" int TSG_MASTER_UNLOAD() -{ - return 0; -} - +#include +#include +#include +#include + +#include +#include +#include + +#include "tsg_rule.h" +#include "tsg_entry.h" +#include "tsg_send_log.h" +#include "tsg_send_log_internal.h" + + + +char TSG_MASTER_VERSION_20191119=0; +const char *tsg_conffile="tsgconf/main.conf"; +g_tsg_para_t g_tsg_para; + +id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"} + }; +static void free_policy_label(int thread_seq, void *project_req_value) +{ + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; +} + +#if 0 +static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thread_seq) +{ + int ret=0; + cJSON *item=NULL; + char *service_defined=NULL; + cJSON *user_define_object=NULL; + + if(p_result->serv_def_len>MAX_SERVICE_DEFINE_LEN) + { + service_defined=dictator_malloc(thread_seq, p_result->serv_def_len+1); + ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, service_defined, p_result->serv_def_len+1); + assert(ret==p_result->serv_def_len+1); + + user_define_object=cJSON_Parse(service_defined); + } + else + { + user_define_object=cJSON_Parse(p_result->service_defined); + } + + if(user_define_object!=NULL) + { + item=cJSON_GetObjectItem(user_define_object, "protocol"); + if(item!=NULL && item->valuestring!=NULL) + { + memcpy(protocol, item->valuestring, (len>strlen(item->valuestring)) ? strlen(item->valuestring): len); + } + + item=cJSON_GetObjectItem(user_define_object, "method"); + if((item==NULL) || ((strncasecmp(item->valuestring, "http", strlen(item->valuestring)))!=0 && (strncasecmp(item->valuestring, "ssl", strlen(item->valuestring)))!=0)) + { + ret=1; + } + + cJSON_Delete(user_define_object); + user_define_object=NULL; + } + + if(service_defined!=NULL) + { + dictator_free(thread_seq, service_defined); + service_defined=NULL; + } + + return ret; +} +#endif +static Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) +{ + int i=0; + Maat_rule_t *p_result=NULL; + if(result==NULL || result_num<=0) + { + return NULL; + } + + p_result=&result[0]; + + for(i=1; i(unsigned char)p_result->action) + { + p_result=&result[i]; + continue; + } + + if(result[i].action==p_result->action) + { + if(result[i].config_idconfig_id) + { + p_result=&result[i]; + } + } + } + + return p_result; +} + +extern "C" char TSG_MASTER_TCPALL_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) +{ + int send_log=0,identify_flag=0; + int ret=0,hit_num=0,ip_policy=0; + int state=APP_STATE_DROPME; + scan_status_t mid=NULL; + char *domain_field_name=NULL; + char *schema_field_name=NULL; + Maat_rule_t *p_result=NULL; + Maat_rule_t *q_result=NULL; + tsg_log_t log_msg; + TLD_handle_t TLD_handle=NULL; + struct _identify_info identify_info; + Maat_rule_t all_result[MAX_RESULT_NUM]; + policy_priority_label_t *priority_label=NULL; + + switch(a_tcp->pktstate) + { + case OP_STATE_PENDING: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1); + case OP_STATE_DATA: + if((a_tcp->ptcpdetail->pdata==NULL) || (a_tcp->ptcpdetail->datalen<=0) || (a_tcp->dir==DIR_DOUBLE && a_tcp->curdir==DIR_S2C)) + { + return APP_STATE_GIVEME; + } + + ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num); + if(ret>0) + { + hit_num+=ret; + q_result=tsg_policy_decision_criteria(all_result, hit_num); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); + } + + + if(a_tcp->curdir==DIR_C2S) + { + memset(&identify_info, 0, sizeof(identify_info)); + + ret=tsg_scan_shared_policy(g_tsg_maat_feather, + a_tcp->ptcpdetail->pdata, + a_tcp->ptcpdetail->datalen, + all_result+hit_num, + MAX_RESULT_NUM-hit_num, + &identify_info, + &mid, + g_tsg_para.logger, + thread_seq); + if(ret>0) + { + hit_num+=ret; + identify_flag=1; + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); + } + } + + p_result=tsg_policy_decision_criteria(all_result, hit_num); + + if(p_result!=NULL) + { + if(q_result!=NULL && (p_result==q_result)) + { + ip_policy=1; + send_log=1; + } + + switch((unsigned char)p_result->action) + { + case TSG_ACTION_DENY: + if(ip_policy==1) + { + MESA_kill_tcp(a_tcp, a_packet); + state|=APP_STATE_DROPPKT; + } + break; + case TSG_ACTION_MONITOR: + break; + case TSG_ACTION_BYPASS: + send_log=1; + state|=APP_STATE_DROPPKT; //TODO + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); + break; + case TSG_ACTION_INTERCEPT: + send_log=0; + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); + priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); + + priority_label->result_num=1; + priority_label->result_type=PULL_KNI_RESULT; + priority_label->domain_len=identify_info.domain_len; + memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len); + memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); + + ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label); + if(ret<0) + { + free_policy_label(thread_seq, (void *)priority_label); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed ..."); + } + + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "INTERCEPT", "Hit intercept policy, policy_id: %d action: %d addr: %s", + priority_label->result[0].config_id, priority_label->result[0].action, printaddr(&a_tcp->addr, thread_seq)); + break; + case TSG_ACTION_NONE: + default: + assert(0); + break; + } + + if(send_log==1 && p_result->do_log>0) + { + TLD_handle=TLD_create(thread_seq); + if(identify_flag==1) + { + schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); + TLD_append(TLD_handle, schema_field_name, (void *)((identify_info.proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING); + + domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info.proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI)); + TLD_append(TLD_handle, domain_field_name, (void *)identify_info.domain, TLD_TYPE_STRING); + } + + log_msg.a_stream=a_tcp; + log_msg.result=p_result; + log_msg.result_num=1; + tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); + } + } + break; + case OP_STATE_CLOSE: + default: + break; + } + + return state; +} + + + +extern "C" int TSG_MASTER_INIT() +{ + int i=0,ret=0,cycle=0; + int value=0,level=30; + unsigned short fs_server_port=0; + char app_name[MAX_STRING_LEN]={0}; + char log_path[MAX_STRING_LEN*4]={0}; + char label_buff[MAX_STRING_LEN*4]={0}; + char fs_server_ip[MAX_IPV4_LEN]={0}; + char fs_output_path[MAX_STRING_LEN*4]={0}; + + memset(&g_tsg_para, 0, sizeof(g_tsg_para)); + + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), NULL); + + g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level); + if(g_tsg_para.logger==NULL) + { + printf("MESA_create_runtime_log_handle failed ...\n"); + return -1; + } + + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); + g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); + if(g_tsg_para.priority_project_id<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed ...", label_buff); + return -1; + } + + ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ..."); + return -1; + } + + g_tsg_log_instance=tsg_sendlog_init(tsg_conffile); + if(g_tsg_log_instance==NULL) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); + return -1; + } + + MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); + MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); + MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); + MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); + MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); + + g_tsg_para.fs2_handle=FS_create_handle(); + + value=1;//Rewrite + FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); + value=1;//Do not create stat thread + FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); + + FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); + FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); + FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); + + if(fs_server_port > 0 && strlen(fs_server_ip) > 0) + { + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); + } + + for(i=0; i +#include #include "tsg_rule.h" #define TSG_ACTION_NONE 0x00 @@ -11,6 +12,16 @@ #define TSG_ACTION_MANIPULATE 0x30 #define TSG_ACTION_BYPASS 0x80 +enum TSG_FS2_TYPE{ + TSG_FS2_LINKS=0, + TSG_FS2_BYPASS, + TSG_FS2_HIT_ADDR, + TSG_FS2_HIT_SHARE, + TSG_FS2_INTERCEPT, + TSG_FS2_LOG, + TSG_FS2_MAX +}; + typedef struct _policy_priority_label { tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) @@ -27,7 +38,9 @@ typedef struct _tsg_para int ip_addr_table_id; int subscribe_id_table_id; int priority_project_id; + int fs2_field_id[TSG_FS2_MAX]; void *logger; + screen_stat_handle_t fs2_handle; }g_tsg_para_t; extern g_tsg_para_t g_tsg_para; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 9685c4f..f2dc007 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -213,6 +213,20 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re return num; } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PULL_RESULT", + "pull policy failed, result_type: %s, addr: %s", + (label->result_type==PULL_KNI_RESULT) ? "KNI" : "FW", + printaddr(&a_stream->addr, a_stream->threadnum)); + } + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PULL_RESULT", + "pull policy failed, result_type=%d, addr: %s", + (label==NULL) ? -1 : label->result_type, + printaddr(&a_stream->addr, a_stream->threadnum)); } return 0; diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 08732f0..20744cd 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -15,6 +15,7 @@ #include #include +#include "tsg_entry.h" #include "tsg_send_log.h" #include "tsg_send_log_internal.h" @@ -36,9 +37,11 @@ int TLD_cancel(TLD_handle_t handle) if(handle!=NULL) { _handle=(struct _tld_handle *)handle; - cJSON_Delete(_handle->object); - _handle->object=NULL; - + if(_handle->object!=NULL) + { + cJSON_Delete(_handle->object); + _handle->object=NULL; + } thread_id=_handle->thread_id; dictator_free(thread_id, handle); @@ -426,6 +429,8 @@ int tsg_send_log(tsg_log_instance_t instance, TLD_handle_t handle, tsg_log_t *lo TLD_delete((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name); TLD_delete((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_SERVICE].name); TLD_delete((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_ACTION].name); + + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LOG], 0, FS_OP_ADD, 1); } diff --git a/src/version.map b/src/version.map index 3e1b353..5b10f26 100644 --- a/src/version.map +++ b/src/version.map @@ -5,10 +5,10 @@ global: *TSG_MASTER_INIT*; *TSG_MASTER_TCPALL_ENTRY*; *TSG_MASTER_UNLOAD*; - *tsg_send_log*; *tsg_scan_nesting_addr*; *tsg_pull_policy_result*; - *tsg_send_log*; + *tsg_*; + *TLD_*; }; local: *; };