gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

公共字段中的通信市时长单位是:ms;转换单位

Browse Source 
KNI发日志需等待TFE结束,需提前构造streaminfo日志字段,调整包数字节数统计位置
细化调整日志
This commit is contained in:
liuxueli
2019-12-03 11:44:16 +08:00
parent ff053e3e2c
commit 91574444c3
4 changed files with 59 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/tsg_entry.cpp
View File

@@ -14,7 +14,7 @@
char TSG_MASTER_VERSION_20191126=0;
char TSG_MASTER_VERSION_20191129=0;
const char *tsg_conffile="tsgconf/main.conf";
g_tsg_para_t g_tsg_para;
@@ -23,7 +23,8 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "link
{TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"},
{TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"},
{TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"},
{TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}
{TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"},
{TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"}
};
static void free_policy_label(int thread_seq, void *project_req_value)
{
@@ -79,7 +80,7 @@ static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thre
return ret;
}
#endif
static Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num)
static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num)
{
int i=0;
Maat_rule_t *p_result=NULL;
@@ -136,8 +137,22 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
{
hit_num+=ret;
q_result=tsg_policy_decision_criteria(all_result, hit_num);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_IP",
"Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
printaddr(&a_tcp->addr, thread_seq),
ret,
q_result->config_id,
q_result->service_id,
q_result->action);
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d",
printaddr(&a_tcp->addr, thread_seq), ret);
}
memset(&identify_info, 0, sizeof(identify_info));
@@ -152,24 +167,28 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
g_tsg_para.logger,
thread_seq);
if(ret>0)
hit_num+=ret;
identify_flag=1;
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger,
"SCAN_IP_AND_FQDN",
"Hit %s: %s addr: %s",
RLOG_LV_DEBUG,
"SCAN_FQDN",
"Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
(identify_info.proto==PROTO_HTTP) ? "host" : "sni",
identify_info.domain,
all_result[hit_num].config_id,
all_result[hit_num].service_id,
all_result[hit_num].action,
printaddr(&a_tcp->addr, thread_seq)
);
hit_num+=ret;
identify_flag=1;
}
else
{
RLOG_LV_DEBUG,
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"SCAN_FQDN",
"Not hit %s: %s addr: %s",
@@ -187,6 +206,9 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
switch((unsigned char)p_result->action)
{
case TSG_ACTION_DENY:
send_log=1;
MESA_kill_tcp(a_tcp, a_packet);
state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER;
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s",

2
src/tsg_entry.h
View File

@@ -12,6 +12,7 @@
#define TSG_ACTION_MANIPULATE 0x30
#define TSG_ACTION_BYPASS 0x80
enum TSG_FS2_TYPE{
TSG_FS2_LINKS=0,
TSG_FS2_BYPASS,
@@ -19,6 +20,7 @@ enum TSG_FS2_TYPE{
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_LOG,
TSG_FS2_DENY,
TSG_FS2_MAX
};

8
src/tsg_rule.cpp
View File

@@ -372,7 +372,7 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num)
for(i=0; i< result_num; i++)
{
if(result[i].action==TSG_ACTION_DENY)
if(result[i].action==TSG_ACTION_DENY || result[i].action==TSG_ACTION_BYPASS)
{
if(p_result==NULL)
{
@@ -381,6 +381,12 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num)
}
if(result[i].action > p_result->action)
{
p_result=&result[i];
continue;
}
if((result[i].action==p_result->action) && (result[i].config_id > p_result->config_id))
{
p_result=&result[i];
}

39
src/tsg_send_log.cpp
View File

@@ -19,7 +19,7 @@
#include "tsg_send_log.h"
#include "tsg_send_log_internal.h"
char TSG_SEND_LOG_VERSION_20191121=0;
char TSG_SEND_LOG_VERSION_20191129=0;
struct tsg_log_instance_t *g_tsg_log_instance;
@@ -135,6 +135,8 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
unsigned short tunnel_type=0;
char nest_addr_buf[1024];
char *addr_proto=NULL;
time_t cur_time;
long common_con_duration_ms=0;
unsigned long long stream_id=0;
unsigned short c_port=0, s_port=0;
int tunnel_type_size=sizeof(tunnel_type);
@@ -197,6 +199,22 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_PKT_NUM].name, (void *)(long)a_stream->ptcpdetail->serverpktnum, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_BYTE_NUM].name, (void *)(long)a_stream->ptcpdetail->serverbytes, TLD_TYPE_LONG);
if(a_stream!=NULL && a_stream->ptcpdetail!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(a_stream->ptcpdetail->createtime), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG);
common_con_duration_ms=(a_stream->ptcpdetail->lastmtime-a_stream->ptcpdetail->createtime)*1000;
TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG);
}
else
{
cur_time=time(NULL);
TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)cur_time, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)cur_time, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG);
}
stream_id=tsg_get_stream_id(a_stream);
TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)(long)stream_id, TLD_TYPE_LONG);
@@ -361,8 +379,6 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
{
int i=0,ret=0,status=0;
char *payload=NULL;
time_t cur_time;
long common_con_duration_ms=0;
struct TLD_handle_t *_handle=handle;
struct tsg_log_instance_t *_instance=instance;
@@ -390,25 +406,8 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
//common_stream_error
TLD_append_streaminfo(instance, handle, log_msg->a_stream);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING);
if(log_msg->a_stream!=NULL && log_msg->a_stream->ptcpdetail!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(log_msg->a_stream->ptcpdetail->createtime), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(log_msg->a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG);
common_con_duration_ms=log_msg->a_stream->ptcpdetail->lastmtime-log_msg->a_stream->ptcpdetail->createtime;
TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG);
}
else
{
cur_time=time(NULL);
TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)cur_time, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)cur_time, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG);
}
#if 0
struct vxlan_info vinfo;
int opt_val_len = sizeof(vinfo);