From 91574444c3950c37b0147ad923f8eef08e029ca8 Mon Sep 17 00:00:00 2001 From: liuxueli Date: Tue, 3 Dec 2019 11:44:16 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=AC=E5=85=B1=E5=AD=97=E6=AE=B5=E4=B8=AD?= =?UTF-8?q?=E7=9A=84=E9=80=9A=E4=BF=A1=E5=B8=82=E6=97=B6=E9=95=BF=E5=8D=95?= =?UTF-8?q?=E4=BD=8D=E6=98=AF=EF=BC=9Ams=EF=BC=9B=E8=BD=AC=E6=8D=A2?= =?UTF-8?q?=E5=8D=95=E4=BD=8D=20KNI=E5=8F=91=E6=97=A5=E5=BF=97=E9=9C=80?= =?UTF-8?q?=E7=AD=89=E5=BE=85TFE=E7=BB=93=E6=9D=9F=EF=BC=8C=E9=9C=80?= =?UTF-8?q?=E6=8F=90=E5=89=8D=E6=9E=84=E9=80=A0streaminfo=E6=97=A5?= =?UTF-8?q?=E5=BF=97=E5=AD=97=E6=AE=B5=EF=BC=8C=E8=B0=83=E6=95=B4=E5=8C=85?= =?UTF-8?q?=E6=95=B0=E5=AD=97=E8=8A=82=E6=95=B0=E7=BB=9F=E8=AE=A1=E4=BD=8D?= =?UTF-8?q?=E7=BD=AE=20=E7=BB=86=E5=8C=96=E8=B0=83=E6=95=B4=E6=97=A5?= =?UTF-8?q?=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/tsg_entry.cpp | 40 +++++++++++++++++++++++++++++++--------- src/tsg_entry.h | 2 ++ src/tsg_rule.cpp | 8 +++++++- src/tsg_send_log.cpp | 39 +++++++++++++++++++-------------------- 4 files changed, 59 insertions(+), 30 deletions(-) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 2972bb5..b5434d2 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -14,7 +14,7 @@ -char TSG_MASTER_VERSION_20191126=0; +char TSG_MASTER_VERSION_20191129=0; const char *tsg_conffile="tsgconf/main.conf"; g_tsg_para_t g_tsg_para; @@ -23,7 +23,8 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "link {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"}, {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"}, {TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"} + {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"} }; static void free_policy_label(int thread_seq, void *project_req_value) { @@ -79,7 +80,7 @@ static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thre return ret; } #endif -static Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) +static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) { int i=0; Maat_rule_t *p_result=NULL; @@ -136,8 +137,22 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t { hit_num+=ret; q_result=tsg_policy_decision_criteria(all_result, hit_num); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IP", + "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", + printaddr(&a_tcp->addr, thread_seq), + ret, + q_result->config_id, + q_result->service_id, + q_result->action); } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d", printaddr(&a_tcp->addr, thread_seq), ret); + } + memset(&identify_info, 0, sizeof(identify_info)); @@ -152,24 +167,28 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t thread_seq); if(ret>0) { - hit_num+=ret; - identify_flag=1; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, - "SCAN_IP_AND_FQDN", - "Hit %s: %s addr: %s", + "SCAN_FQDN", + "Hit %s: %s policy_id: %d service: %d action: %d addr: %s", (identify_info.proto==PROTO_HTTP) ? "host" : "sni", identify_info.domain, + all_result[hit_num].config_id, + all_result[hit_num].service_id, + all_result[hit_num].action, printaddr(&a_tcp->addr, thread_seq) ); + + hit_num+=ret; + identify_flag=1; } else { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, - "SCAN_IP_AND_FQDN", + "SCAN_FQDN", "Not hit %s: %s addr: %s", (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), (ret==-1) ? "NULL" : identify_info.domain, @@ -187,6 +206,9 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t send_log=1; MESA_kill_tcp(a_tcp, a_packet); state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s", + p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq)); break; case TSG_ACTION_MONITOR: if(q_result!=NULL && (p_result==q_result)) diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 5f5b5c1..20d15e8 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -12,6 +12,7 @@ #define TSG_ACTION_MANIPULATE 0x30 #define TSG_ACTION_BYPASS 0x80 + enum TSG_FS2_TYPE{ TSG_FS2_LINKS=0, TSG_FS2_BYPASS, @@ -19,6 +20,7 @@ enum TSG_FS2_TYPE{ TSG_FS2_HIT_SHARE, TSG_FS2_INTERCEPT, TSG_FS2_LOG, + TSG_FS2_DENY, TSG_FS2_MAX }; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 454f70a..78feef4 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -372,7 +372,7 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num) for(i=0; i< result_num; i++) { - if(result[i].action==TSG_ACTION_DENY) + if(result[i].action==TSG_ACTION_DENY || result[i].action==TSG_ACTION_BYPASS) { if(p_result==NULL) { @@ -381,6 +381,12 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num) } if(result[i].action > p_result->action) + { + p_result=&result[i]; + continue; + } + + if((result[i].action==p_result->action) && (result[i].config_id > p_result->config_id)) { p_result=&result[i]; } diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 44b8360..3f03a1d 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -19,7 +19,7 @@ #include "tsg_send_log.h" #include "tsg_send_log_internal.h" -char TSG_SEND_LOG_VERSION_20191121=0; +char TSG_SEND_LOG_VERSION_20191129=0; struct tsg_log_instance_t *g_tsg_log_instance; @@ -135,6 +135,8 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle unsigned short tunnel_type=0; char nest_addr_buf[1024]; char *addr_proto=NULL; + time_t cur_time; + long common_con_duration_ms=0; unsigned long long stream_id=0; unsigned short c_port=0, s_port=0; int tunnel_type_size=sizeof(tunnel_type); @@ -197,6 +199,22 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_PKT_NUM].name, (void *)(long)a_stream->ptcpdetail->serverpktnum, TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_C2S_BYTE_NUM].name, (void *)(long)a_stream->ptcpdetail->serverbytes, TLD_TYPE_LONG); + if(a_stream!=NULL && a_stream->ptcpdetail!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(a_stream->ptcpdetail->createtime), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG); + + common_con_duration_ms=(a_stream->ptcpdetail->lastmtime-a_stream->ptcpdetail->createtime)*1000; + TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG); + } + else + { + cur_time=time(NULL); + TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)cur_time, TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)cur_time, TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG); + } + stream_id=tsg_get_stream_id(a_stream); TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)(long)stream_id, TLD_TYPE_LONG); @@ -361,8 +379,6 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl { int i=0,ret=0,status=0; char *payload=NULL; - time_t cur_time; - long common_con_duration_ms=0; struct TLD_handle_t *_handle=handle; struct tsg_log_instance_t *_instance=instance; @@ -390,25 +406,8 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl //common_stream_error TLD_append_streaminfo(instance, handle, log_msg->a_stream); - TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING); - if(log_msg->a_stream!=NULL && log_msg->a_stream->ptcpdetail!=NULL) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(log_msg->a_stream->ptcpdetail->createtime), TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(log_msg->a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG); - - common_con_duration_ms=log_msg->a_stream->ptcpdetail->lastmtime-log_msg->a_stream->ptcpdetail->createtime; - TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG); - } - else - { - cur_time=time(NULL); - TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)cur_time, TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)cur_time, TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_CON_DURATION_MS].name, (void *)(common_con_duration_ms), TLD_TYPE_LONG); - } - #if 0 struct vxlan_info vinfo; int opt_val_len = sizeof(vinfo);