gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature tunnel detail information

Browse Source
This commit is contained in:
刘学利
2021-04-07 02:36:51 +00:00
parent 174ca0236b
commit 8940d49f69
5 changed files with 281 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bin/tsg_log_field.conf
View File

@@ -4,7 +4,7 @@ TOPIC SECURITY-EVENT-LOG 0
TOPIC SECURITY-EVENT-LOG 1
TOPIC CONNECTION-RECORD-LOG 2
TOPIC CONNECTION-SKETCH 3
TOPIC INTERNAL-RTP-LOG 4
TOPIC INTERNAL-RTP-LOG 4
TOPIC VOIP-RECORD-LOG 5
#TYPE FIELD VALUE
@@ -45,17 +45,33 @@ STRING common_schema_type 34
STRING http_host 35
STRING ssl_sni 36
LONG common_establish_latency_ms 37
STRING common_sub_action 38
STRING common_sub_action 38
STRING common_client_asn 39
STRING common_server_asn 40
STRING common_client_location 41
STRING common_server_location 42
STRING quic_sni 43
STRING quic_sni 43
STRING ssl_ja3_hash 44
STRING common_data_center 45
STRING common_l7_protocol 46
STRING common_l7_protocol 46
STRING common_tcp_client_isn 47
STRING common_tcp_server_isn 48
LONG common_app_surrogate_id 49
STRING sip_from 50
STRING sip_to 51
STRING sip_from 50
STRING sip_to 51
STRING common_tunnels 52
STRING tunnels_schema_type 53
STRING gtp_sgw_ip 54
STRING gtp_pgw_ip 55
STRING gtp_sgw_port 56
STRING gtp_pgw_port 57
STRING gtp_uplink_teid 58
STRING gtp_downlink_teid 59
STRING mpls_c2s_direction_label 60
STRING mpls_s2c_direction_label 61
STRING vlan_c2s_direction_id 62
STRING vlan_s2c_direction_id 63
STRING client_mac 64
STRING server_mac 65
STRING client_ip 66
STRING server_ip 67

2
src/tsg_entry.cpp
View File

@@ -647,7 +647,7 @@ void set_session_attribute_label(struct streaminfo *a_stream, enum TSG_ATTRIBUTE
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
if(attribute_label==NULL)
{
attribute_label=(struct _session_attribute_label_t *)calloc(1, sizeof(struct _session_attribute_label_t));
attribute_label=(struct _session_attribute_label_t *)dictator_malloc(thread_seq, sizeof(struct _session_attribute_label_t));
memset(attribute_label, 0, sizeof(struct _session_attribute_label_t));
ret=project_req_add_struct(a_stream, g_tsg_para.internal_project_id, (const void *)attribute_label);

2
src/tsg_rule.cpp
View File

@@ -1412,7 +1412,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id);
if(attribute_label==NULL)
{
attribute_label=(struct _session_attribute_label_t *)calloc(1, sizeof(struct _session_attribute_label_t));
attribute_label=(struct _session_attribute_label_t *)dictator_malloc(a_stream->threadnum, sizeof(struct _session_attribute_label_t));
memset(attribute_label, 0, sizeof(struct _session_attribute_label_t));
}

238
src/tsg_send_log.cpp
View File

@@ -11,6 +11,7 @@
#include <sys/ioctl.h>
#include <unistd.h>
#include <pthread.h>
#include <arpa/inet.h>
#include <MESA/stream.h>
#include <MESA/MESA_prof_load.h>
@@ -34,6 +35,29 @@ const id2field_t tld_type[TLD_TYPE_MAX]={{TLD_TYPE_UNKNOWN, TLD_TYPE_UNKNOWN, "
extern "C" int MESA_get_dev_ipv4(const char *device, int *ip_add);
static int is_tunnels(struct streaminfo *a_stream)
{
if(a_stream!=NULL && a_stream->pfather!=NULL && a_stream->pfather->addr.addrtype!=ADDR_TYPE_MAC)
{
return 1;
}
return 0;
}
static int convert_mac_to_string(unsigned char *mac, char *buff)
{
int i=0,len=0;
for(i=0; i<6; i++)
{
len+=sprintf(buff+len, "%02x:", mac[i]);
}
buff[len-1]='\0';
return 0;
}
static int action2fs_id(int action)
{
switch(action)
@@ -162,6 +186,7 @@ struct TLD_handle_t *TLD_create(int thread_id)
return _handle;
}
static int set_l7_protocol(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
char *l7_protocol=NULL;
@@ -181,6 +206,212 @@ static int set_l7_protocol(struct tsg_log_instance_t *_instance, struct TLD_hand
return 0;
}
static cJSON *get_link_mac(struct tsg_log_instance_t *_instance, struct ethhdr *addr)
{
char buff[128]={0};
cJSON *mac_object=cJSON_CreateObject();
convert_mac_to_string(addr->h_source, buff);
cJSON_AddStringToObject(mac_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_SOURCE].name, buff);
convert_mac_to_string(addr->h_dest, buff);
cJSON_AddStringToObject(mac_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_DEST].name, buff);
return mac_object;
}
static int get_gtp_ipxx_port(struct tsg_log_instance_t *_instance, struct streaminfo *a_stream, cJSON *object)
{
char ip_buff[64]={0};
if(a_stream!=NULL)
{
switch(a_stream->addr.addrtype)
{
case ADDR_TYPE_IPV4:
inet_ntop(AF_INET, (const void *)&(a_stream->addr.ipv4->saddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_SGW_IP].name, ip_buff);
inet_ntop(AF_INET, (const void *)&(a_stream->addr.ipv4->daddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_PGW_IP].name, ip_buff);
cJSON_AddNumberToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_SGW_PORT].name, (unsigned int)(a_stream->addr.ipv4->source));
cJSON_AddNumberToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_PGW_PORT].name, (unsigned int)(a_stream->addr.ipv4->dest));
return 1;
break;
case ADDR_TYPE_IPV6:
inet_ntop(AF_INET6, (const void *)(a_stream->addr.ipv6->saddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_SGW_IP].name, ip_buff);
inet_ntop(AF_INET6, (const void *)(a_stream->addr.ipv6->daddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_PGW_IP].name, ip_buff);
cJSON_AddNumberToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_SGW_PORT].name, (unsigned int)(a_stream->addr.ipv6->source));
cJSON_AddNumberToObject(object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_PGW_PORT].name, (unsigned int)(a_stream->addr.ipv6->dest));
return 1;
break;
default:
break;
}
}
return 0;
}
static int get_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
int i=0,ret=0;
char ip_buff[64]={0};
const struct streaminfo *ptmp = a_stream;
const struct streaminfo *pfather=NULL;
cJSON *tunnel_object=NULL;
cJSON *tunnel_array=cJSON_CreateArray();
cJSON *src_array=NULL, *dst_array=NULL;
cJSON *mac_object=NULL;
while(ptmp)
{
pfather = ptmp->pfather;
switch(ptmp->addr.addrtype)
{
case ADDR_TYPE_MAC:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "MAC");
switch(a_stream->dir)
{
case DIR_C2S:
mac_object=get_link_mac(_instance, &(ptmp->addr.mac->src_addr));
cJSON_AddItemToObject(tunnel_object, "c2s_direction_mac", mac_object);
break;
case DIR_S2C:
mac_object=get_link_mac(_instance, &(ptmp->addr.mac->dst_addr));
cJSON_AddItemToObject(tunnel_object, "s2c_direction_mac", mac_object);
break;
case DIR_DOUBLE:
mac_object=get_link_mac(_instance, &(ptmp->addr.mac->src_addr));
cJSON_AddItemToObject(tunnel_object, "c2s_direction_mac", mac_object);
mac_object=get_link_mac(_instance, &(ptmp->addr.mac->dst_addr));
cJSON_AddItemToObject(tunnel_object, "s2c_direction_mac", mac_object);
break;
}
break;
case ADDR_TYPE_VLAN:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "VLAN");
src_array=cJSON_CreateArray();
for(i=0; i<ptmp->addr.vlan->c2s_layer_num; i++)
{
cJSON_AddNumberToObject(src_array, _instance->id2field[LOG_COMMON_TUNNELS_VLAN_SRC_ID].name, ntohs(ptmp->addr.vlan->c2s_addr_array[i].VID));
}
if(ptmp->addr.vlan->c2s_layer_num>0)
{
cJSON_AddItemToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_VLAN_SRC_ID].name, src_array);
}
dst_array=cJSON_CreateArray();
for(i=0; i<ptmp->addr.vlan->s2c_layer_num; i++)
{
cJSON_AddNumberToObject(dst_array, _instance->id2field[LOG_COMMON_TUNNELS_VLAN_DST_ID].name, ntohs(ptmp->addr.vlan->s2c_addr_array[i].VID));
}
if(ptmp->addr.vlan->s2c_layer_num>0)
{
cJSON_AddItemToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_VLAN_DST_ID].name, dst_array);
}
break;
case ADDR_TYPE_GRE:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "GRE");
break;
case ADDR_TYPE_MPLS:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, (char *)"MPLS");
src_array=cJSON_CreateArray();
for(i=0; i<ptmp->addr.mpls->c2s_layer_num; i++)
{
cJSON_AddNumberToObject(src_array, _instance->id2field[LOG_COMMON_TUNNELS_MPLS_SRC_LABEL].name, ntohl(ptmp->addr.mpls->c2s_addr_array[i].label));
}
if(ptmp->addr.mpls->c2s_layer_num>0)
{
cJSON_AddItemToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_MPLS_SRC_LABEL].name, src_array);
}
dst_array=cJSON_CreateArray();
for(i=0; i<ptmp->addr.mpls->s2c_layer_num; i++)
{
cJSON_AddNumberToObject(dst_array, _instance->id2field[LOG_COMMON_TUNNELS_MPLS_DST_LABEL].name, ntohl(ptmp->addr.mpls->s2c_addr_array[i].label));
}
if(ptmp->addr.mpls->s2c_layer_num>0)
{
cJSON_AddItemToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_MPLS_DST_LABEL].name, dst_array);
}
break;
case ADDR_TYPE_L2TP:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "L2TP");
break;
case __ADDR_TYPE_IP_PAIR_V4:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "IPv4");
inet_ntop(AF_INET, (const void *)&(ptmp->addr.ipv4->saddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_CLIENT_IP].name, ip_buff);
inet_ntop(AF_INET, (const void *)&(ptmp->addr.ipv4->daddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SERVER_IP].name, ip_buff);
break;
case __ADDR_TYPE_IP_PAIR_V6:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "IPv6");
inet_ntop(AF_INET6, (const void *)(ptmp->addr.ipv6->saddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_CLIENT_IP].name, ip_buff);
inet_ntop(AF_INET6, (const void *)(ptmp->addr.ipv6->daddr), ip_buff, sizeof(ip_buff));
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SERVER_IP].name, ip_buff);
break;
case ADDR_TYPE_PPTP:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "PPTP");
cJSON_AddNumberToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_PPTP_C2S_ID].name, ntohl(ptmp->addr.pptp->C2S_call_id));
break;
case ADDR_TYPE_GPRS_TUNNEL:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "GTP");
cJSON_AddNumberToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_UPLINK_TEID].name, ntohl(ptmp->addr.gtp->teid_c2s));
cJSON_AddNumberToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_GTP_DOWNLINK_TEID].name, ntohl(ptmp->addr.gtp->teid_s2c));
ret=get_gtp_ipxx_port(_instance, ptmp->pfather, tunnel_object);
if(ret==1)
{
ptmp=pfather->pfather;
}
break;
case ADDR_TYPE_VXLAN:
tunnel_object=cJSON_CreateObject();
cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "VXLAN");
break;
default:
ptmp = pfather;
continue;
break;
}
ptmp = pfather;
cJSON_AddItemToArray(tunnel_array, tunnel_object);
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS].name, tunnel_array, TLD_TYPE_CJSON);
return 0;
}
char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id)
{
struct tsg_log_instance_t *_instance=instance;
@@ -457,6 +688,11 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
{
stream_addr_list_ntop(a_stream,nest_addr_buf, sizeof(nest_addr_buf));
}
if(is_tunnels(a_stream))
{
get_common_tunnels(_instance, _handle, a_stream);
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_ADDRESS_LIST].name, (void *)nest_addr_buf, TLD_TYPE_STRING);
@@ -887,7 +1123,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
FS_operate(g_tsg_para.fs2_handle, _instance->fs_status_ids[thread_id], 0, FS_OP_SET, _instance->send_log_percent[thread_id]);
}
free(payload);
cJSON_free(payload);
payload=NULL;
TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);

20
src/tsg_send_log_internal.h
View File

@@ -75,6 +75,26 @@ typedef enum _tsg_log_field_id
LOG_COMMON_TCP_CLIENT_ISN,
LOG_COMMON_TCP_SERVER_ISN,
LOG_COMMON_APP_SURROGATE_ID,
LOG_COMMON_SIP_FROM,
LOG_COMMON_SIP_TO,
LOG_COMMON_TUNNELS,
LOG_COMMON_TUNNELS_SCHEMA_TYPE,
LOG_COMMON_TUNNELS_GTP_SGW_IP,
LOG_COMMON_TUNNELS_GTP_PGW_IP,
LOG_COMMON_TUNNELS_GTP_SGW_PORT,
LOG_COMMON_TUNNELS_GTP_PGW_PORT,
LOG_COMMON_TUNNELS_GTP_UPLINK_TEID,
LOG_COMMON_TUNNELS_GTP_DOWNLINK_TEID,
LOG_COMMON_TUNNELS_MPLS_SRC_LABEL,
LOG_COMMON_TUNNELS_MPLS_DST_LABEL,
LOG_COMMON_TUNNELS_VLAN_SRC_ID,
LOG_COMMON_TUNNELS_VLAN_DST_ID,
LOG_COMMON_TUNNELS_MAC_SOURCE,
LOG_COMMON_TUNNELS_MAC_DEST,
LOG_COMMON_TUNNELS_CLIENT_IP,
LOG_COMMON_TUNNELS_SERVER_IP,
LOG_COMMON_TUNNELS_PPTP_C2S_ID,
LOG_COMMON_TUNNELS_PPTP_S2C_ID,
LOG_COMMON_MAX
}tsg_log_field_id_t;