TSG-9908: 支持unknown APP的策略执行及发送日志

inc/app_label.h

@@ -26,6 +26,7 @@ enum APP_IDENTIFY_ORIGIN
 	ORIGIN_QM_ENGINE,
 	ORIGIN_BUILT_IN,
 	ORIGIN_ANALYZE,
+	ORIGIN_UNKNOWN,		// unknown app ID=4
 	ORIGIN_MAX
 };
 

src/tsg_entry.cpp

@@ -1721,20 +1721,25 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
 		gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
 		memset(gather_result, 0, sizeof(struct gather_app_result));
 		set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
+		gather_result->origin=ORIGIN_MAX;
 	}
 	
 	switch(identify_result->origin)
 	{
 		case	ORIGIN_DKPT:
+			context->is_app_link=FLAG_TRUE;
 			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1);
 			break;
 		case	ORIGIN_QM_ENGINE:
+			context->is_app_link=FLAG_TRUE;
 			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1);
 			break;
 		case	ORIGIN_USER_DEFINE:
+			context->is_app_link=FLAG_TRUE;
 			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1);
 			break;
 		case	ORIGIN_BUILT_IN:
+			context->is_app_link=FLAG_TRUE;
 			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1);
 			break;
 		case	ORIGIN_BASIC_PROTOCOL:
@@ -1754,11 +1759,16 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
 				is_parent_ssl=1;
 			}			
 			break;
+		case	ORIGIN_UNKNOWN:
+			context->is_app_link=FLAG_TRUE;
+			break;
 		default:
 			MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
 			return 0;
 	}
 
+	gather_result->origin=identify_result->origin;
+	
 	memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
 
 	if(context->mid==NULL)
@@ -1843,6 +1853,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 	Maat_rule_t *p_result=NULL;
 	struct gather_app_result *gather_result=NULL;
 	struct master_context *context=(struct master_context *)*pme;
+	struct app_identify_result unknown_result;
 
 	if(*pme==NULL)
 	{
@@ -1875,9 +1886,19 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 			hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet);
 			p_result=tsg_policy_decision_criteria(scan_result, hit_num);
 			state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
+			context->deal_pkt_num++;
 			break;
 		case	OP_STATE_DATA:
-		//case	OP_STATE_CLOSE:
+			if(context->is_app_link==FLAG_FALSE && (context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1))
+			{
+				unknown_result.app_id_num=1;
+				unknown_result.surrogate_id[0]=0;
+				unknown_result.origin=ORIGIN_UNKNOWN;
+				unknown_result.app_id[0]=g_tsg_para.unknown_app_id;				
+
+				app_identify_result_cb(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&unknown_result);
+			}
+		
 			if(is_hited_allow(context->result, context->hit_cnt))
 			{
 				break;
@@ -2139,6 +2160,7 @@ extern "C" int TSG_MASTER_INIT()
 
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0);
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0);
+	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","UNKNOWN_APP_ID", &g_tsg_para.unknown_app_id, 4);
 
 	g_tsg_para.default_vlan.num=1;
 	MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2);
@@ -2149,6 +2171,7 @@ extern "C" int TSG_MASTER_INIT()
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);
 	MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
+	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "IENTIFY_APP_MAX_PKT_NUM", &g_tsg_para.identify_app_max_pkt_num, 20);
 
 	ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
 	if(ret<0)

src/tsg_entry.h

@@ -41,6 +41,14 @@ typedef int atomic_t;
 #define	PRINTADDR(a, b)	((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
 #endif
 
+#ifndef	FLAG_FALSE
+#define	FLAG_FALSE	0
+#endif
+
+#ifndef	FLAG_TRUE
+#define FLAG_TRUE	1
+#endif
+
 #define	APP_SCAN_FLAG_STOP	0
 #define	APP_SCAN_FLAG_CONTINUE	1
 
@@ -163,6 +171,7 @@ struct _str2index
 
 struct gather_app_result
 {
+	enum APP_IDENTIFY_ORIGIN origin;	
 	struct app_identify_result result[ORIGIN_MAX];
 };
 
@@ -217,14 +226,17 @@ struct hited_app_para
 
 struct master_context
 {
+	unsigned char is_esni;
+	unsigned char is_log;
+	unsigned char is_ratelimit;
+	unsigned char deal_pkt_num;
+	unsigned char is_app_link;
+	unsigned char pad;
+	unsigned short timeout;
 	tsg_protocol_t proto;
 	int hit_cnt;
-	int is_esni;
-	int is_log;
-	int is_ratelimit;
 	int hited_app_id;
 	unsigned int quic_version;
-	unsigned short timeout;
 	char *domain;
 	char *quic_ua;
 	scan_status_t mid;	
@@ -272,6 +284,8 @@ typedef	struct tsg_para
 	int hash_slot_size;
 	enum DEPLOY_MODE deploy_mode;
 	int scan_time_interval;
+	int identify_app_max_pkt_num;
+	int unknown_app_id;
 	int hit_path_switch;
 	int default_compile_id;
 	int table_id[TABLE_MAX];

src/tsg_send_log.cpp

@@ -699,6 +699,11 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 			get_app_name_list(label->result[ORIGIN_QM_ENGINE].app_id, label->result[ORIGIN_QM_ENGINE].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
 		}
 
+		if(app_id_flag!=1)
+		{
+			get_app_name_list(label->result[ORIGIN_UNKNOWN].app_id, label->result[ORIGIN_UNKNOWN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
+		}
+				
 		if(app_id_flag==1)
 		{
 			if(!(TLD_search(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name)))
@@ -711,6 +716,7 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 			get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(label->result[ORIGIN_BUILT_IN]));
 			get_app_id_list(&app_id_object, _handle, "DKPT", &(label->result[ORIGIN_DKPT]));
 			get_app_id_list(&app_id_object, _handle, "THIRD", &(label->result[ORIGIN_QM_ENGINE]));
+			get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(label->result[ORIGIN_UNKNOWN]));
 			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
 		}
 	}
@@ -1667,7 +1673,7 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance)
 			rd_kafka_topic_destroy(instance->topic_rkt[i]);
 		}
 		
-		rd_kafka_destroy_flags(instance->kafka_handle, 4);
+		//rd_kafka_destroy_flags(instance->kafka_handle, 4);
 		rd_kafka_destroy(instance->kafka_handle);
 
 		free(instance->topic_rkt);