diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..0b90ff4 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,119 @@ +image: "docker:stable" + +services: + - docker:dind + +variables: + GIT_STRATEGY: "clone" + IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + + +stages: + - build + - package + - release + - docker + +.build_before_script: + before_script: + - mkdir -p /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_NAMESPACE/ + - ln -s $CI_PROJECT_DIR /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_PATH + - cd /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_PATH + +.build_master: + extends: .build_before_script + image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master + script: + - source /etc/profile.d/MESA.sh + - mkdir -p build + - cd build + - cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE + - make + - make package + +.package_master: + extends: .build_before_script + image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master + script: + - source /etc/profile.d/MESA.sh + - mkdir -p build + - cd build + - cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE + - make package + +build: + stage: build + extends: .build_master + tags: + - share + variables: + BUILD_TYPE: "Debug" + except: + - tags + +tsg-master-release: + stage: package + extends: .package_master + tags: + - share + variables: + BUILD_TYPE: "Release" + artifacts: + name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME" + paths: + - ./build/*.rpm + only: + - tags + +tsg-master-debug: + stage: package + extends: .package_master + tags: + - share + variables: + BUILD_TYPE: "Debug" + artifacts: + name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME" + paths: + - ./build/*.rpm + only: + - tags + +release-tsg-master-debug: + stage: release + image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master + tags: + - share + variables: + ARTIFACTS_JOB: "tsg-master-debug" + PROJECT_NAME: "tsg-master" + USER_DEFINE: "debug" + only: + - tags + script: + - /bin/bash -x ./autorelease.sh $CI_API_V4_URL $CI_PROJECT_URL $CI_PROJECT_ID $CI_TOKEN $CI_COMMIT_TAG $ARTIFACTS_JOB $PROJECT_NAME $USER_DEFINE + +release-tsg-master-release: + stage: release + image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master + tags: + - share + variables: + ARTIFACTS_JOB: "tsg-master-release" + PROJECT_NAME: "tsg-master" + USER_DEFINE: "release" + only: + - tags + script: + - /bin/bash -x ./autorelease.sh $CI_API_V4_URL $CI_PROJECT_URL $CI_PROJECT_ID $CI_TOKEN $CI_COMMIT_TAG $ARTIFACTS_JOB $PROJECT_NAME $USER_DEFINE + +build-docker: + stage: docker + script: + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - docker build -t $IMAGE_TAG . + - docker push $IMAGE_TAG + tags: + - share + only: + - master \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c82af3a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM git.mesalab.cn:7443/mesa_platform/mesa_protocol:master + +ENV kernelversion 3.10.0-693.el7.x86_64 + +COPY build/*.rpm /tmp/ + +RUN cd /tmp \ + && rpm -i *.rpm \ + && rm -rf /tmp/* \ + && yum clean all \ + && rm -rf /var/cache/yum/* \ No newline at end of file diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index b5434d2..af6fa05 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1,368 +1,373 @@ -#include -#include -#include -#include - -#include -#include -#include - -#include "tsg_rule.h" -#include "tsg_entry.h" -#include "tsg_send_log.h" -#include "tsg_send_log_internal.h" - - - -char TSG_MASTER_VERSION_20191129=0; -const char *tsg_conffile="tsgconf/main.conf"; -g_tsg_para_t g_tsg_para; - -id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"} - }; -static void free_policy_label(int thread_seq, void *project_req_value) -{ - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; -} - -#if 0 -static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thread_seq) -{ - int ret=0; - cJSON *item=NULL; - char *service_defined=NULL; - cJSON *user_define_object=NULL; - - if(p_result->serv_def_len>MAX_SERVICE_DEFINE_LEN) - { - service_defined=dictator_malloc(thread_seq, p_result->serv_def_len+1); - ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, service_defined, p_result->serv_def_len+1); - assert(ret==p_result->serv_def_len+1); - - user_define_object=cJSON_Parse(service_defined); - } - else - { - user_define_object=cJSON_Parse(p_result->service_defined); - } - - if(user_define_object!=NULL) - { - item=cJSON_GetObjectItem(user_define_object, "protocol"); - if(item!=NULL && item->valuestring!=NULL) - { - memcpy(protocol, item->valuestring, (len>strlen(item->valuestring)) ? strlen(item->valuestring): len); - } - - item=cJSON_GetObjectItem(user_define_object, "method"); - if((item==NULL) || ((strncasecmp(item->valuestring, "http", strlen(item->valuestring)))!=0 && (strncasecmp(item->valuestring, "ssl", strlen(item->valuestring)))!=0)) - { - ret=1; - } - - cJSON_Delete(user_define_object); - user_define_object=NULL; - } - - if(service_defined!=NULL) - { - dictator_free(thread_seq, service_defined); - service_defined=NULL; - } - - return ret; -} -#endif -static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) -{ - int i=0; - Maat_rule_t *p_result=NULL; - if(result==NULL || result_num<=0) - { - return NULL; - } - - p_result=&result[0]; - - for(i=1; i(unsigned char)p_result->action) - { - p_result=&result[i]; - continue; - } - - if(result[i].action==p_result->action) - { - if(result[i].config_id>p_result->config_id) - { - p_result=&result[i]; - } - } - } - - return p_result; -} - -extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) -{ - int send_log=0,identify_flag=0; - int ret=0,hit_num=0; - int state=APP_STATE_DROPME; - scan_status_t mid=NULL; - char *domain_field_name=NULL; - char *schema_field_name=NULL; - Maat_rule_t *p_result=NULL; - Maat_rule_t *q_result=NULL; - tsg_log_t log_msg; - struct TLD_handle_t *TLD_handle=NULL; - struct _identify_info identify_info; - Maat_rule_t all_result[MAX_RESULT_NUM]; - policy_priority_label_t *priority_label=NULL; - - switch(a_tcp->opstate) - { - case OP_STATE_PENDING: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1); - - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num); - if(ret>0) - { - hit_num+=ret; - q_result=tsg_policy_decision_criteria(all_result, hit_num); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP", - "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", - printaddr(&a_tcp->addr, thread_seq), - ret, - q_result->config_id, - q_result->service_id, - q_result->action); - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d", printaddr(&a_tcp->addr, thread_seq), ret); - } - - - memset(&identify_info, 0, sizeof(identify_info)); - - ret=tsg_scan_shared_policy(g_tsg_maat_feather, - a_tcp->ptcpdetail->pdata, - a_tcp->ptcpdetail->datalen, - all_result+hit_num, - MAX_RESULT_NUM-hit_num, - &identify_info, - &mid, - g_tsg_para.logger, - thread_seq); - if(ret>0) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FQDN", - "Hit %s: %s policy_id: %d service: %d action: %d addr: %s", - (identify_info.proto==PROTO_HTTP) ? "host" : "sni", - identify_info.domain, - all_result[hit_num].config_id, - all_result[hit_num].service_id, - all_result[hit_num].action, - printaddr(&a_tcp->addr, thread_seq) - ); - - hit_num+=ret; - identify_flag=1; - - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FQDN", - "Not hit %s: %s addr: %s", - (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), - (ret==-1) ? "NULL" : identify_info.domain, - printaddr(&a_tcp->addr, thread_seq) - ); - } - - p_result=tsg_policy_decision_criteria(all_result, hit_num); - - if(p_result!=NULL) - { - switch((unsigned char)p_result->action) - { - case TSG_ACTION_DENY: - send_log=1; - MESA_kill_tcp(a_tcp, a_packet); - state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1); - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s", - p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq)); - break; - case TSG_ACTION_MONITOR: - if(q_result!=NULL && (p_result==q_result)) - { - send_log=1; - } - break; - case TSG_ACTION_BYPASS: - send_log=1; - state|=APP_STATE_KILL_OTHER; //TODO - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); - break; - case TSG_ACTION_INTERCEPT: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); - priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); - - priority_label->result_num=1; - priority_label->result_type=PULL_KNI_RESULT; - priority_label->proto=identify_info.proto; - priority_label->domain_len=identify_info.domain_len; - memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len); - memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); - - ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label); - if(ret<0) - { - free_policy_label(thread_seq, (void *)priority_label); - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed ..."); - } - - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "INTERCEPT", "Hit intercept policy, policy_id: %d action: %d addr: %s", - priority_label->result[0].config_id, priority_label->result[0].action, printaddr(&a_tcp->addr, thread_seq)); - break; - case TSG_ACTION_NONE: - default: - assert(0); - break; - } - - if(send_log==1 && p_result->do_log>0) - { - TLD_handle=TLD_create(thread_seq); - if(identify_flag==1) - { - schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); - TLD_append(TLD_handle, schema_field_name, (void *)((identify_info.proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING); - - domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info.proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI)); - TLD_append(TLD_handle, domain_field_name, (void *)identify_info.domain, TLD_TYPE_STRING); - } - - log_msg.a_stream=a_tcp; - log_msg.result=p_result; - log_msg.result_num=1; - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); - } - } - break; - case OP_STATE_DATA: - case OP_STATE_CLOSE: - default: - break; - } - - return state; -} - - - -extern "C" int TSG_MASTER_INIT() -{ - int i=0,ret=0,cycle=0; - int value=0,level=30; - unsigned short fs_server_port=0; - char app_name[MAX_STRING_LEN]={0}; - char log_path[MAX_STRING_LEN*4]={0}; - char label_buff[MAX_STRING_LEN*4]={0}; - char fs_server_ip[MAX_IPV4_LEN]={0}; - char fs_output_path[MAX_STRING_LEN*4]={0}; - - memset(&g_tsg_para, 0, sizeof(g_tsg_para)); - - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), NULL); - - g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level); - if(g_tsg_para.logger==NULL) - { - printf("MESA_create_runtime_log_handle failed ...\n"); - return -1; - } - - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0); - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); - g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); - if(g_tsg_para.priority_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed ...", label_buff); - return -1; - } - - ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ..."); - return -1; - } - - g_tsg_log_instance=tsg_sendlog_init(tsg_conffile); - if(g_tsg_log_instance==NULL) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); - return -1; - } - - MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); - MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); - MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); - MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); - MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); - - g_tsg_para.fs2_handle=FS_create_handle(); - - value=1;//Rewrite - FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); - value=1;//Do not create stat thread - FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); - - FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); - FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); - - if(fs_server_port > 0 && strlen(fs_server_ip) > 0) - { - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); - } - - for(i=0; i +#include +#include +#include + +#include +#include +#include + +#include "tsg_rule.h" +#include "tsg_entry.h" +#include "tsg_send_log.h" +#include "tsg_send_log_internal.h" + + + +char TSG_MASTER_VERSION_20191211=0; +const char *tsg_conffile="tsgconf/main.conf"; +g_tsg_para_t g_tsg_para; + +id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"} + }; +static void free_policy_label(int thread_seq, void *project_req_value) +{ + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; +} + +#if 0 +static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thread_seq) +{ + int ret=0; + cJSON *item=NULL; + char *service_defined=NULL; + cJSON *user_define_object=NULL; + + if(p_result->serv_def_len>MAX_SERVICE_DEFINE_LEN) + { + service_defined=dictator_malloc(thread_seq, p_result->serv_def_len+1); + ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, service_defined, p_result->serv_def_len+1); + assert(ret==p_result->serv_def_len+1); + + user_define_object=cJSON_Parse(service_defined); + } + else + { + user_define_object=cJSON_Parse(p_result->service_defined); + } + + if(user_define_object!=NULL) + { + item=cJSON_GetObjectItem(user_define_object, "protocol"); + if(item!=NULL && item->valuestring!=NULL) + { + memcpy(protocol, item->valuestring, (len>strlen(item->valuestring)) ? strlen(item->valuestring): len); + } + + item=cJSON_GetObjectItem(user_define_object, "method"); + if((item==NULL) || ((strncasecmp(item->valuestring, "http", strlen(item->valuestring)))!=0 && (strncasecmp(item->valuestring, "ssl", strlen(item->valuestring)))!=0)) + { + ret=1; + } + + cJSON_Delete(user_define_object); + user_define_object=NULL; + } + + if(service_defined!=NULL) + { + dictator_free(thread_seq, service_defined); + service_defined=NULL; + } + + return ret; +} +#endif +static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) +{ + int i=0; + Maat_rule_t *p_result=NULL; + if(result==NULL || result_num<=0) + { + return NULL; + } + + p_result=&result[0]; + + for(i=1; i(unsigned char)p_result->action) + { + p_result=&result[i]; + continue; + } + + if(result[i].action==p_result->action) + { + if(result[i].config_id>p_result->config_id) + { + p_result=&result[i]; + } + } + } + + return p_result; +} + +extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) +{ + int send_log=0,identify_flag=0; + int ret=0,hit_num=0; + int state=APP_STATE_DROPME; + scan_status_t mid=NULL; + char *domain_field_name=NULL; + char *schema_field_name=NULL; + Maat_rule_t *p_result=NULL; + Maat_rule_t *q_result=NULL; + tsg_log_t log_msg; + struct TLD_handle_t *TLD_handle=NULL; + struct _identify_info identify_info; + Maat_rule_t all_result[MAX_RESULT_NUM]; + policy_priority_label_t *priority_label=NULL; + + switch(a_tcp->opstate) + { + case OP_STATE_PENDING: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1); + + ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num); + if(ret>0) + { + hit_num+=ret; + q_result=tsg_policy_decision_criteria(all_result, hit_num); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_IP", + "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", + printaddr(&a_tcp->addr, thread_seq), + ret, + q_result->config_id, + q_result->service_id, + q_result->action); + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d", +printaddr(&a_tcp->addr, thread_seq), ret); + } + + + memset(&identify_info, 0, sizeof(identify_info)); + + ret=tsg_scan_shared_policy(g_tsg_maat_feather, + a_tcp->ptcpdetail->pdata, + a_tcp->ptcpdetail->datalen, + all_result+hit_num, + MAX_RESULT_NUM-hit_num, + &identify_info, + &mid, + g_tsg_para.logger, + thread_seq); + if(ret>0) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN", + "Hit %s: %s policy_id: %d service: %d action: %d addr: %s", + + (identify_info.proto==PROTO_HTTP) ? "host" : "sni", + identify_info.domain, + all_result[hit_num].config_id, + all_result[hit_num].service_id, + all_result[hit_num].action, + printaddr(&a_tcp->addr, thread_seq) + ); + + hit_num+=ret; + identify_flag=1; + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN", + "Not hit %s: %s stream_dir: %d addr: %s", + + (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), + (ret==-1) ? "NULL" : identify_info.domain, + a_tcp->dir, + printaddr(&a_tcp->addr, thread_seq) + ); + } + + p_result=tsg_policy_decision_criteria(all_result, hit_num); + + if(p_result!=NULL) + { + switch((unsigned char)p_result->action) + { + case TSG_ACTION_DENY: + send_log=1; + MESA_kill_tcp(a_tcp, a_packet); + state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s", + + p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq)); + break; + case TSG_ACTION_MONITOR: + if(q_result!=NULL && (p_result==q_result)) + { + send_log=1; + } + break; + case TSG_ACTION_BYPASS: + send_log=1; + state|=APP_STATE_KILL_OTHER; //TODO + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); + break; + case TSG_ACTION_INTERCEPT: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); + priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); + + priority_label->result_num=1; + priority_label->result_type=PULL_KNI_RESULT; + priority_label->proto=identify_info.proto; + priority_label->domain_len=identify_info.domain_len; + memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len); + memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); + + ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label); + if(ret<0) + { + free_policy_label(thread_seq, (void *)priority_label); + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed ..."); + } + + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "INTERCEPT", "Hit intercept policy, policy_id: %d action: %d addr: %s", + + priority_label->result[0].config_id, priority_label->result[0].action, printaddr(&a_tcp->addr, thread_seq)); + break; + case TSG_ACTION_NONE: + default: + assert(0); + break; + } + + if(send_log==1 && p_result->do_log>0) + { + TLD_handle=TLD_create(thread_seq); + if(identify_flag==1) + { + schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); + TLD_append(TLD_handle, schema_field_name, (void *)((identify_info.proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING); + + domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info.proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI)); + TLD_append(TLD_handle, domain_field_name, (void *)identify_info.domain, TLD_TYPE_STRING); + } + + log_msg.a_stream=a_tcp; + log_msg.result=p_result; + log_msg.result_num=1; + tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); + } + } + break; + case OP_STATE_DATA: + case OP_STATE_CLOSE: + default: + break; + } + + return state; +} + + + +extern "C" int TSG_MASTER_INIT() +{ + int i=0,ret=0,cycle=0; + int value=0,level=30; + unsigned short fs_server_port=0; + char app_name[MAX_STRING_LEN]={0}; + char log_path[MAX_STRING_LEN*4]={0}; + char label_buff[MAX_STRING_LEN*4]={0}; + char fs_server_ip[MAX_IPV4_LEN]={0}; + char fs_output_path[MAX_STRING_LEN*4]={0}; + + memset(&g_tsg_para, 0, sizeof(g_tsg_para)); + + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), NULL); + + g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level); + if(g_tsg_para.logger==NULL) + { + printf("MESA_create_runtime_log_handle failed ...\n"); + return -1; + } + + MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0); + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); + g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); + if(g_tsg_para.priority_project_id<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed ...", label_buff); + return -1; + } + + ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ..."); + return -1; + } + + g_tsg_log_instance=tsg_sendlog_init(tsg_conffile); + if(g_tsg_log_instance==NULL) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); + return -1; + } + + MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); + MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); + MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); + MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); + MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); + + g_tsg_para.fs2_handle=FS_create_handle(); + + value=1;//Rewrite + FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); + value=1;//Do not create stat thread + FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); + + FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); + FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); + FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); + + if(fs_server_port > 0 && strlen(fs_server_ip) > 0) + { + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); + } + + for(i=0; i #include #include +#include #include #include @@ -15,8 +16,10 @@ #include "tsg_entry.h" Maat_feather_t g_tsg_maat_feather; +Maat_feather_t g_tsg_dynamic_maat_feather; #define MAX_PATH_LEN 1024 +#define MAX_IPV6_ADDR_LEN 128 #ifndef MIN #define MIN(a, b) (((a) < (b)) ? (a) : (b)) @@ -31,15 +34,73 @@ enum kni_scan_table{ const char *g_kni_scan_table_name[SCAN_TABLE_MAX]; int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0}; -int tsg_rule_init(const char* conffile, void *logger) +void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +{ + void *logger=argp; + + *to=calloc(1, strlen((char *)*from)+1); + memcpy(*to, *from, strlen((char *)*from)); + + MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Dup subscribe_id: %s table_id: %d", (char *)*to, table_id); + return; +} + +void subscribe_id_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +{ + void *logger=argp; + int ret=0,id=0,type=0,is_valid=0; + char subscribe_id[256]={0}; + char ip_addr[MAX_IPV6_ADDR_LEN]={0}; + + ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%d", &id, &type, ip_addr, subscribe_id, &is_valid); + if(ret!=5) + { + MESA_handle_runtime_log(logger, + RLOG_LV_FATAL, + "SUBSCRIBE_ID", + "Parse subscribe_id failed, ret: %d table_id: %d key: %s table_line: %s", + ret, + table_id, + key, + table_line + ); + return; + } + + *ad=calloc(1, strlen(subscribe_id)+1); + + memcpy(*ad, subscribe_id, strlen(subscribe_id)); + MESA_handle_runtime_log(logger, + RLOG_LV_INFO, + "SUBSCRIBE_ID", + "Add subscribe_id: %s table_id: %d key: %s table_line: %s", + *ad, + table_id, + key, + table_line + ); + return; +} + +void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +{ + void *logger=argp; + MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Delete subscribe_id: %s table_id: %d", (char *)*ad, table_id); + free(*ad); + *ad=NULL; + + return; +} + + +static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *logger) { unsigned short redis_port = 0; int ret=0,scan_detail=0,effect_interval=60; - const char* instance_name="TSG",*module="MAAT"; + Maat_feather_t _maat_feather=NULL; int factor=0, redis_port_num=0,redis_index=0; char redis_ip[16]={0}, effective_flag[1024]={0}; int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0; - char ip_addr_table[32]={0},subscriber_id_table[32]={0}; char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0}; char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0}; @@ -56,7 +117,7 @@ int tsg_rule_init(const char* conffile, void *logger) effect_interval*=1000;//convert s to ms thread_max=get_thread_count(); - g_tsg_maat_feather=Maat_feather(thread_max, table_info, logger); + _maat_feather=Maat_feather(thread_max, table_info, logger); if(maat_mode==2) { @@ -67,34 +128,34 @@ int tsg_rule_init(const char* conffile, void *logger) if(strlen(effective_flag)!=0) { - Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); + Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); } - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); srand((unsigned int)time(NULL)); factor = rand()%redis_port_num; redis_port = redis_port+factor; - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port)); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index)); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port)); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index)); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); //Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_DEFERRED_LOAD, NULL,0); } else { if(strlen(effective_flag)!=0) { - ret=Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); + ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); assert(ret>=0); } - Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); + Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); if(maat_mode==1) { MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); } else { @@ -102,32 +163,53 @@ int tsg_rule_init(const char* conffile, void *logger) MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); } if(maat_stat_on) { - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); if(maat_perf_on) { - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); } } - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); - Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); + Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); } - ret=Maat_initiate_feather(g_tsg_maat_feather); + ret=Maat_initiate_feather(_maat_feather); if(ret<0) { - return -1; + return NULL; } - MESA_load_profile_string_def(conffile, module, "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR"); - MESA_load_profile_string_def(conffile, module, "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID"); + return _maat_feather; +} +int tsg_rule_init(const char* conffile, void *logger) +{ + int ret=0; + char maat_conffile[256]={0}; + char ip_addr_table[32]={0}; + char subscriber_id_table[32]={0}; + char cb_subscriber_ip_table[32]={0}; + + MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf"); + MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR"); + MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID"); + + + //init dynamic maat feather + g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger); + if(g_tsg_maat_feather==NULL) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_STATIC", "STATIC"); + return -1; + } + g_tsg_para.ip_addr_table_id=Maat_table_register(g_tsg_maat_feather, ip_addr_table); if(g_tsg_para.ip_addr_table_id<0) { @@ -142,6 +224,7 @@ int tsg_rule_init(const char* conffile, void *logger) return -1; } + // init sni or host share table ret=tsg_shared_table_init(conffile, g_tsg_maat_feather, logger); if(ret<0) { @@ -149,6 +232,37 @@ int tsg_rule_init(const char* conffile, void *logger) return -1; } + + //init dynamic maat feather + g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger); + if(g_tsg_maat_feather==NULL) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_DYNAMIC", "DYNAMIC"); + return -1; + } + + MESA_load_profile_string_def(conffile, "MAAT", "CB_SUBSCRIBER_IP_TABLE", cb_subscriber_ip_table, sizeof(cb_subscriber_ip_table), "TSG_DYN_SUBSCRIBER_IP"); + + g_tsg_para.dyn_subscribe_ip_table_id=Maat_table_register(g_tsg_dynamic_maat_feather, cb_subscriber_ip_table); + if(g_tsg_para.dyn_subscribe_ip_table_id<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_table_register %s failed", cb_subscriber_ip_table); + return -1; + } + ret=Maat_plugin_EX_register(g_tsg_dynamic_maat_feather, + g_tsg_para.dyn_subscribe_ip_table_id, + subscribe_id_new_data, + subscribe_id_free_data, + subscribe_id_dup_data, + NULL, + 0, + logger); + if(ret<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_plugin_EX_register failed, table_name: %s table_id: %d", cb_subscriber_ip_table, g_tsg_para.dyn_subscribe_ip_table_id); + return -1; + } + return 0; } @@ -249,15 +363,54 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re return 0; } + +int tsg_get_subscribe_id(const struct streaminfo *a_stream, char **source_subscribe_id, char **dest_subscribe_id) +{ + char source_ip[MAX_IPV6_ADDR_LEN]={0}; + char dest_ip[MAX_IPV6_ADDR_LEN]={0}; + struct stream_tuple4_v4 *v4=NULL; + struct stream_tuple4_v6 *v6=NULL; + + switch(a_stream->addr.addrtype) + { + case ADDR_TYPE_IPV4: + v4=a_stream->addr.tuple4_v4; + inet_ntop(AF_INET, &(v4->saddr), source_ip, MAX_IPV6_ADDR_LEN); + inet_ntop(AF_INET, &(v4->daddr), dest_ip, MAX_IPV6_ADDR_LEN); + break; + case ADDR_TYPE_IPV6: + v6=a_stream->addr.tuple4_v6; + inet_ntop(AF_INET6, v6->saddr, source_ip, MAX_IPV6_ADDR_LEN); + inet_ntop(AF_INET6, v6->daddr, dest_ip, MAX_IPV6_ADDR_LEN); + break; + default: + break; + } + + if(strlen(dest_ip)>0) + { + *dest_subscribe_id = (char*)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip); + } + + if(strlen(source_ip)>0) + { + *source_subscribe_id = (char*)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip); + } + + return 0; +} + int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num) { struct ipaddr t_addr; - struct ipaddr* p_addr = NULL; - char subscribe_id[64]={0}; + struct ipaddr* p_addr=NULL; int hit_num=0,tans_proto=0; + char *source_subscribe_id=NULL; + char *dest_subscribe_id=NULL; int is_scan_addr=1, maat_ret=0,found_pos=0; const struct streaminfo *cur_stream = a_stream; + if(result == NULL || result_num <= 0 || a_stream == NULL || maat_feather == NULL) { return -1; @@ -322,21 +475,48 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * }while(cur_stream != NULL && hit_num < result_num); - if(hit_num0) + if(hit_numthreadnum); - if(maat_ret > 0) + if(maat_ret > 0) + { + hit_num+=maat_ret; + } + + subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&source_subscribe_id, 0, g_tsg_para.logger); + } + + if(dest_subscribe_id!=NULL) { - hit_num+=maat_ret; + maat_ret=Maat_full_scan_string(maat_feather, + g_tsg_para.subscribe_id_table_id, + CHARSET_GBK, + dest_subscribe_id, + strlen(dest_subscribe_id), + result+hit_num, + &found_pos, + result_num-hit_num, + mid, + a_stream->threadnum); + if(maat_ret > 0) + { + hit_num+=maat_ret; + } + + subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&dest_subscribe_id, 0, g_tsg_para.logger); } }