TSG-9908: 支持unknown APP的策略执行及发送日志
This commit is contained in:
liuxueli
@@ -26,6 +26,7 @@ enum APP_IDENTIFY_ORIGIN
|
||||
ORIGIN_QM_ENGINE,
|
||||
ORIGIN_BUILT_IN,
|
||||
ORIGIN_ANALYZE,
|
||||
ORIGIN_UNKNOWN, // unknown app ID=4
|
||||
ORIGIN_MAX
|
||||
};
|
||||
|
||||
|
||||
@@ -1721,20 +1721,25 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
||||
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
|
||||
memset(gather_result, 0, sizeof(struct gather_app_result));
|
||||
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
|
||||
gather_result->origin=ORIGIN_MAX;
|
||||
}
|
||||
|
||||
switch(identify_result->origin)
|
||||
{
|
||||
case ORIGIN_DKPT:
|
||||
context->is_app_link=FLAG_TRUE;
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1);
|
||||
break;
|
||||
case ORIGIN_QM_ENGINE:
|
||||
context->is_app_link=FLAG_TRUE;
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1);
|
||||
break;
|
||||
case ORIGIN_USER_DEFINE:
|
||||
context->is_app_link=FLAG_TRUE;
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1);
|
||||
break;
|
||||
case ORIGIN_BUILT_IN:
|
||||
context->is_app_link=FLAG_TRUE;
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1);
|
||||
break;
|
||||
case ORIGIN_BASIC_PROTOCOL:
|
||||
@@ -1754,11 +1759,16 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
||||
is_parent_ssl=1;
|
||||
}
|
||||
break;
|
||||
case ORIGIN_UNKNOWN:
|
||||
context->is_app_link=FLAG_TRUE;
|
||||
break;
|
||||
default:
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
|
||||
return 0;
|
||||
}
|
||||
|
||||
gather_result->origin=identify_result->origin;
|
||||
|
||||
memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
|
||||
|
||||
if(context->mid==NULL)
|
||||
@@ -1843,6 +1853,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
||||
Maat_rule_t *p_result=NULL;
|
||||
struct gather_app_result *gather_result=NULL;
|
||||
struct master_context *context=(struct master_context *)*pme;
|
||||
struct app_identify_result unknown_result;
|
||||
|
||||
if(*pme==NULL)
|
||||
{
|
||||
@@ -1875,9 +1886,19 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
||||
hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet);
|
||||
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
|
||||
state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
|
||||
context->deal_pkt_num++;
|
||||
break;
|
||||
case OP_STATE_DATA:
|
||||
//case OP_STATE_CLOSE:
|
||||
if(context->is_app_link==FLAG_FALSE && (context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1))
|
||||
{
|
||||
unknown_result.app_id_num=1;
|
||||
unknown_result.surrogate_id[0]=0;
|
||||
unknown_result.origin=ORIGIN_UNKNOWN;
|
||||
unknown_result.app_id[0]=g_tsg_para.unknown_app_id;
|
||||
|
||||
app_identify_result_cb(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&unknown_result);
|
||||
}
|
||||
|
||||
if(is_hited_allow(context->result, context->hit_cnt))
|
||||
{
|
||||
break;
|
||||
@@ -2139,6 +2160,7 @@ extern "C" int TSG_MASTER_INIT()
|
||||
|
||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0);
|
||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0);
|
||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","UNKNOWN_APP_ID", &g_tsg_para.unknown_app_id, 4);
|
||||
|
||||
g_tsg_para.default_vlan.num=1;
|
||||
MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2);
|
||||
@@ -2149,6 +2171,7 @@ extern "C" int TSG_MASTER_INIT()
|
||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);
|
||||
MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
|
||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
|
||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "IENTIFY_APP_MAX_PKT_NUM", &g_tsg_para.identify_app_max_pkt_num, 20);
|
||||
|
||||
ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
|
||||
if(ret<0)
|
||||
|
||||
@@ -41,6 +41,14 @@ typedef int atomic_t;
|
||||
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
|
||||
#endif
|
||||
|
||||
#ifndef FLAG_FALSE
|
||||
#define FLAG_FALSE 0
|
||||
#endif
|
||||
|
||||
#ifndef FLAG_TRUE
|
||||
#define FLAG_TRUE 1
|
||||
#endif
|
||||
|
||||
#define APP_SCAN_FLAG_STOP 0
|
||||
#define APP_SCAN_FLAG_CONTINUE 1
|
||||
|
||||
@@ -163,6 +171,7 @@ struct _str2index
|
||||
|
||||
struct gather_app_result
|
||||
{
|
||||
enum APP_IDENTIFY_ORIGIN origin;
|
||||
struct app_identify_result result[ORIGIN_MAX];
|
||||
};
|
||||
|
||||
@@ -217,14 +226,17 @@ struct hited_app_para
|
||||
|
||||
struct master_context
|
||||
{
|
||||
unsigned char is_esni;
|
||||
unsigned char is_log;
|
||||
unsigned char is_ratelimit;
|
||||
unsigned char deal_pkt_num;
|
||||
unsigned char is_app_link;
|
||||
unsigned char pad;
|
||||
unsigned short timeout;
|
||||
tsg_protocol_t proto;
|
||||
int hit_cnt;
|
||||
int is_esni;
|
||||
int is_log;
|
||||
int is_ratelimit;
|
||||
int hited_app_id;
|
||||
unsigned int quic_version;
|
||||
unsigned short timeout;
|
||||
char *domain;
|
||||
char *quic_ua;
|
||||
scan_status_t mid;
|
||||
@@ -272,6 +284,8 @@ typedef struct tsg_para
|
||||
int hash_slot_size;
|
||||
enum DEPLOY_MODE deploy_mode;
|
||||
int scan_time_interval;
|
||||
int identify_app_max_pkt_num;
|
||||
int unknown_app_id;
|
||||
int hit_path_switch;
|
||||
int default_compile_id;
|
||||
int table_id[TABLE_MAX];
|
||||
|
||||
@@ -699,6 +699,11 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
||||
get_app_name_list(label->result[ORIGIN_QM_ENGINE].app_id, label->result[ORIGIN_QM_ENGINE].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
|
||||
}
|
||||
|
||||
if(app_id_flag!=1)
|
||||
{
|
||||
get_app_name_list(label->result[ORIGIN_UNKNOWN].app_id, label->result[ORIGIN_UNKNOWN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
|
||||
}
|
||||
|
||||
if(app_id_flag==1)
|
||||
{
|
||||
if(!(TLD_search(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name)))
|
||||
@@ -711,6 +716,7 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
||||
get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(label->result[ORIGIN_BUILT_IN]));
|
||||
get_app_id_list(&app_id_object, _handle, "DKPT", &(label->result[ORIGIN_DKPT]));
|
||||
get_app_id_list(&app_id_object, _handle, "THIRD", &(label->result[ORIGIN_QM_ENGINE]));
|
||||
get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(label->result[ORIGIN_UNKNOWN]));
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
|
||||
}
|
||||
}
|
||||
@@ -1667,7 +1673,7 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance)
|
||||
rd_kafka_topic_destroy(instance->topic_rkt[i]);
|
||||
}
|
||||
|
||||
rd_kafka_destroy_flags(instance->kafka_handle, 4);
|
||||
//rd_kafka_destroy_flags(instance->kafka_handle, 4);
|
||||
rd_kafka_destroy(instance->kafka_handle);
|
||||
|
||||
free(instance->topic_rkt);
|
||||
|
||||
Reference in New Issue
Block a user