gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OMPUB-509: 使用bridge模式通知LUA的抽取结果,变更app_extra_info日志字段格式,用JSON数组表示

Browse Source
This commit is contained in:
liuxueli
2022-06-28 15:01:14 +08:00
parent 81e1428745
commit 89966c851a
5 changed files with 71 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tsg_log_field.conf
View File

@@ -110,3 +110,4 @@ STRING common_packet_capture_file 98
STRING common_app_behavior 99 STRING common_app_behavior 99
STRING http_url 100 STRING http_url 100
STRING common_app_identify_info 101 STRING common_app_identify_info 101
STRING app_extra_info 102

6
inc/app_label.h
View File

@@ -53,8 +53,14 @@ struct attribute_kv
{ {
enum _ATTRIBUTE_TYPE type; enum _ATTRIBUTE_TYPE type;
char *name; char *name;
union
{
unsigned int number;
char *ip;
char *string;
void *value; void *value;
}; };
};
struct user_defined_attribute_label struct user_defined_attribute_label
{ {

2
src/tsg_entry.cpp
View File

@@ -2266,7 +2266,7 @@ extern "C" int TSG_MASTER_INIT()
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
} }
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT");

69
src/tsg_send_log.cpp
View File

@@ -282,7 +282,7 @@ static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t
static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{ {
const char *linkinfo=(const char *)stream_bridge_async_data_get(a_stream, _instance->mac_linkinfo_project_id); const char *linkinfo=(const char *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]);
if(linkinfo==NULL) if(linkinfo==NULL)
{ {
return 0; return 0;
@@ -1585,6 +1585,41 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
return 1; return 1;
} }
int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
int i=0;
struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]);
if(uda_label!=NULL)
{
Value array(kArrayType);
for(i=0; i<uda_label->attribute_num; i++)
{
Value object(kObjectType);
switch(uda_label->attribute[i].type)
{
case ATTRIBUTE_TYPE_BOOL:
case ATTRIBUTE_TYPE_NUMERIC:
add_number_member(_handle, &object, uda_label->attribute[i].name, uda_label->attribute[i].number);
break;
case ATTRIBUTE_TYPE_IP:
case ATTRIBUTE_TYPE_STRING:
add_str_member(_handle, &object, uda_label->attribute[i].name, uda_label->attribute[i].string);
break;
default:
continue;
}
array.PushBack(object, _handle->document->GetAllocator());
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_EXTRACT_INFO].name, &array, TLD_TYPE_OBJECT);
}
return 0;
}
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream) int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream)
{ {
int ret=0; int ret=0;
@@ -1613,6 +1648,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
set_duraction(_instance, _handle, a_stream); set_duraction(_instance, _handle, a_stream);
set_packet_bytes(_instance, _handle, a_stream); set_packet_bytes(_instance, _handle, a_stream);
set_session_attributes(_instance, _handle, a_stream); set_session_attributes(_instance, _handle, a_stream);
set_lua_scripts_result(_instance, _handle, a_stream);
if(is_tunnels(a_stream)) if(is_tunnels(a_stream))
{ {
@@ -1732,10 +1768,10 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top
struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle) struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle)
{ {
int i=0,ret=0; int i=0,ret=0;
char label_buff[128]={0};
char nic_name[32]={0}; char nic_name[32]={0};
char kafka_errstr[1024]={0}; char kafka_errstr[1024]={0};
unsigned int local_ip_nr=0; unsigned int local_ip_nr=0;
char bridge_name[LOG_BRIDGE_MAX][128]={0};
rd_kafka_conf_t *rdkafka_conf = NULL; rd_kafka_conf_t *rdkafka_conf = NULL;
struct tsg_log_instance_t *_instance=NULL; struct tsg_log_instance_t *_instance=NULL;
@@ -1766,25 +1802,18 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
MESA_load_profile_int_def(conffile, "TSG_LOG", "APP_ID_TYPE", &(_instance->app_id_type), 1); //0: int, 1: string MESA_load_profile_int_def(conffile, "TSG_LOG", "APP_ID_TYPE", &(_instance->app_id_type), 1); //0: int, 1: string
MESA_load_profile_string_def(conffile, "TSG_LOG", "L7_UNKNOWN_NAME", _instance->l7_unknown_name, sizeof(_instance->l7_unknown_name), "UNCATEGORIZED"); MESA_load_profile_string_def(conffile, "TSG_LOG", "L7_UNKNOWN_NAME", _instance->l7_unknown_name, sizeof(_instance->l7_unknown_name), "UNCATEGORIZED");
MESA_load_profile_string_def(conffile, "TSG_LOG", "LINKINFO_FROM_MAC", label_buff, sizeof(label_buff), "mirror_linkinfo_from_mac"); MESA_load_profile_string_def(conffile, "TSG_LOG", "LINKINFO_FROM_MAC", bridge_name[LOG_BRIDGE_MAC_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_MAC_LINKINFO]), "mirror_linkinfo_from_mac");
_instance->mac_linkinfo_project_id=stream_bridge_build(label_buff, "w"); MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_C2S_LINKINFO", bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO]), "common_link_info_c2s");
if(_instance->mac_linkinfo_project_id<0) MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_S2C_LINKINFO", bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO]), "common_link_info_s2c");
{ MESA_load_profile_string_def(conffile, "TSG_LOG", "APP_LUA_SCRIPTS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_LUA_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_LUA_RESULT]), "LUA_USER_DEFINED_ATTRIBUTE");
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "LINKINFO_FROM_MAC", "stream_bridge_build is error, app_bridge_name: %s", label_buff);
}
MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_C2S_LINKINFO", label_buff, sizeof(label_buff), "common_link_info_c2s"); for(i=0; i<LOG_BRIDGE_MAX; i++)
_instance->nat_c2s_linkinfo_project_id=stream_bridge_build(label_buff, "w");
if(_instance->nat_c2s_linkinfo_project_id<0)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "NAT_C2S_LINKINFO", "stream_bridge_build is error, app_bridge_name: %s", label_buff); _instance->bridge_id[i]=stream_bridge_build(bridge_name[i], "w");
if(_instance->bridge_id[i]<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "LINKINFO_FROM_MAC", "stream_bridge_build is error, bridge_name: %s", bridge_name[i]);
} }
MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_S2C_LINKINFO", label_buff, sizeof(label_buff), "common_link_info_s2c");
_instance->nat_s2c_linkinfo_project_id=stream_bridge_build(label_buff, "w");
if(_instance->nat_s2c_linkinfo_project_id<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "NAT_S2C_LINKINFO", "stream_bridge_build is error, app_bridge_name: %s", label_buff);
} }
_instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level); _instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level);
@@ -2062,8 +2091,8 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
if(log_msg->result[i].config_id==0 && log_msg->a_stream!=NULL) if(log_msg->result[i].config_id==0 && log_msg->a_stream!=NULL)
{ {
set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->nat_c2s_linkinfo_project_id); set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]);
set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->nat_s2c_linkinfo_project_id); set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]);
} }
if(log_msg->result[i].action==TSG_ACTION_DENY) if(log_msg->result[i].action==TSG_ACTION_DENY)

14
src/tsg_send_log_internal.h
View File

@@ -127,6 +127,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_APPLICATION_BEHAVIOR, LOG_COMMON_APPLICATION_BEHAVIOR,
LOG_HTTP_URL, LOG_HTTP_URL,
LOG_COMMON_APP_IDENTIFY_INFO, LOG_COMMON_APP_IDENTIFY_INFO,
LOG_COMMON_APP_EXTRACT_INFO,
LOG_COMMON_MAX LOG_COMMON_MAX
}tsg_log_field_id_t; }tsg_log_field_id_t;
@@ -156,6 +157,15 @@ enum LOG_FS2_TYPE{
LOG_FS2_TYPE_MAX LOG_FS2_TYPE_MAX
}; };
enum LOG_BRIDGE
{
LOG_BRIDGE_MAC_LINKINFO=0,
LOG_BRIDGE_NAT_C2S_LINKINFO,
LOG_BRIDGE_NAT_S2C_LINKINFO,
LOG_BRIDGE_APP_LUA_RESULT,
LOG_BRIDGE_MAX
};
typedef struct _id2field typedef struct _id2field
{ {
@@ -188,10 +198,8 @@ struct tsg_log_instance_t
int session_attribute_project_id; int session_attribute_project_id;
int tcp_flow_project_id; int tcp_flow_project_id;
int udp_flow_project_id; int udp_flow_project_id;
int mac_linkinfo_project_id;
int nat_c2s_linkinfo_project_id;
int nat_s2c_linkinfo_project_id;
int sum_line_id; int sum_line_id;
int bridge_id[LOG_BRIDGE_MAX];
int fs2_column_id[LOG_COLUMN_STATUS_MAX]; int fs2_column_id[LOG_COLUMN_STATUS_MAX];
int fs2_field_id[LOG_FS2_TYPE_MAX]; int fs2_field_id[LOG_FS2_TYPE_MAX];
char l7_unknown_name[MAX_STRING_LEN]; char l7_unknown_name[MAX_STRING_LEN];