gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'develop'

Browse Source 
# Conflicts:
#	src/tsg_entry.cpp
#	src/tsg_entry.h
#	src/tsg_rule.cpp
This commit is contained in:
liuxueli
2019-12-11 15:26:08 +08:00
parent 64c1dcb159 f7c3d2fcf7
commit 95de95a1e4
5 changed files with 719 additions and 403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
.gitlab-ci.yml Normal file
View File

@@ -0,0 +1,119 @@
image: "docker:stable"
services:
- docker:dind
variables:
GIT_STRATEGY: "clone"
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
stages:
- build
- package
- release
- docker
.build_before_script:
before_script:
- mkdir -p /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_NAMESPACE/
- ln -s $CI_PROJECT_DIR /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_PATH
- cd /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_PATH
.build_master:
extends: .build_before_script
image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
script:
- source /etc/profile.d/MESA.sh
- mkdir -p build
- cd build
- cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE
- make
- make package
.package_master:
extends: .build_before_script
image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
script:
- source /etc/profile.d/MESA.sh
- mkdir -p build
- cd build
- cmake .. -DCMAKE_BUILD_TYPE=$BUILD_TYPE
- make package
build:
stage: build
extends: .build_master
tags:
- share
variables:
BUILD_TYPE: "Debug"
except:
- tags
tsg-master-release:
stage: package
extends: .package_master
tags:
- share
variables:
BUILD_TYPE: "Release"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
paths:
- ./build/*.rpm
only:
- tags
tsg-master-debug:
stage: package
extends: .package_master
tags:
- share
variables:
BUILD_TYPE: "Debug"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
paths:
- ./build/*.rpm
only:
- tags
release-tsg-master-debug:
stage: release
image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
tags:
- share
variables:
ARTIFACTS_JOB: "tsg-master-debug"
PROJECT_NAME: "tsg-master"
USER_DEFINE: "debug"
only:
- tags
script:
- /bin/bash -x ./autorelease.sh $CI_API_V4_URL $CI_PROJECT_URL $CI_PROJECT_ID $CI_TOKEN $CI_COMMIT_TAG $ARTIFACTS_JOB $PROJECT_NAME $USER_DEFINE
release-tsg-master-release:
stage: release
image: git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
tags:
- share
variables:
ARTIFACTS_JOB: "tsg-master-release"
PROJECT_NAME: "tsg-master"
USER_DEFINE: "release"
only:
- tags
script:
- /bin/bash -x ./autorelease.sh $CI_API_V4_URL $CI_PROJECT_URL $CI_PROJECT_ID $CI_TOKEN $CI_COMMIT_TAG $ARTIFACTS_JOB $PROJECT_NAME $USER_DEFINE
build-docker:
stage: docker
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG
tags:
- share
only:
- master

11
Dockerfile Normal file
View File

@@ -0,0 +1,11 @@
FROM git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
ENV kernelversion 3.10.0-693.el7.x86_64
COPY build/*.rpm /tmp/
RUN cd /tmp \
&& rpm -i *.rpm \
&& rm -rf /tmp/* \
&& yum clean all \
&& rm -rf /var/cache/yum/*

741
src/tsg_entry.cpp
View File

@@ -1,368 +1,373 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <assert.h> #include <assert.h>
#include <MESA/stream.h> #include <MESA/stream.h>
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h> #include <MESA/MESA_handle_logger.h>
#include "tsg_rule.h" #include "tsg_rule.h"
#include "tsg_entry.h" #include "tsg_entry.h"
#include "tsg_send_log.h" #include "tsg_send_log.h"
#include "tsg_send_log_internal.h" #include "tsg_send_log_internal.h"
char TSG_MASTER_VERSION_20191129=0; char TSG_MASTER_VERSION_20191211=0;
const char *tsg_conffile="tsgconf/main.conf"; const char *tsg_conffile="tsgconf/main.conf";
g_tsg_para_t g_tsg_para; g_tsg_para_t g_tsg_para;
id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"}, id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"},
{TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"}, {TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"},
{TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"}, {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"},
{TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"}, {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"},
{TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"}, {TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"},
{TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}, {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"},
{TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"} {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"}
}; };
static void free_policy_label(int thread_seq, void *project_req_value) static void free_policy_label(int thread_seq, void *project_req_value)
{ {
dictator_free(thread_seq, project_req_value); dictator_free(thread_seq, project_req_value);
project_req_value=NULL; project_req_value=NULL;
} }
#if 0 #if 0
static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thread_seq) static int is_ip_policy(Maat_rule_t *p_result, char *protocol, int len, int thread_seq)
{ {
int ret=0; int ret=0;
cJSON *item=NULL; cJSON *item=NULL;
char *service_defined=NULL; char *service_defined=NULL;
cJSON *user_define_object=NULL; cJSON *user_define_object=NULL;
if(p_result->serv_def_len>MAX_SERVICE_DEFINE_LEN) if(p_result->serv_def_len>MAX_SERVICE_DEFINE_LEN)
{ {
service_defined=dictator_malloc(thread_seq, p_result->serv_def_len+1); service_defined=dictator_malloc(thread_seq, p_result->serv_def_len+1);
ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, service_defined, p_result->serv_def_len+1); ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, service_defined, p_result->serv_def_len+1);
assert(ret==p_result->serv_def_len+1); assert(ret==p_result->serv_def_len+1);
user_define_object=cJSON_Parse(service_defined); user_define_object=cJSON_Parse(service_defined);
} }
else else
{ {
user_define_object=cJSON_Parse(p_result->service_defined); user_define_object=cJSON_Parse(p_result->service_defined);
} }
if(user_define_object!=NULL) if(user_define_object!=NULL)
{ {
item=cJSON_GetObjectItem(user_define_object, "protocol"); item=cJSON_GetObjectItem(user_define_object, "protocol");
if(item!=NULL && item->valuestring!=NULL) if(item!=NULL && item->valuestring!=NULL)
{ {
memcpy(protocol, item->valuestring, (len>strlen(item->valuestring)) ? strlen(item->valuestring): len); memcpy(protocol, item->valuestring, (len>strlen(item->valuestring)) ? strlen(item->valuestring): len);
} }
item=cJSON_GetObjectItem(user_define_object, "method"); item=cJSON_GetObjectItem(user_define_object, "method");
if((item==NULL) || ((strncasecmp(item->valuestring, "http", strlen(item->valuestring)))!=0 && (strncasecmp(item->valuestring, "ssl", strlen(item->valuestring)))!=0)) if((item==NULL) || ((strncasecmp(item->valuestring, "http", strlen(item->valuestring)))!=0 && (strncasecmp(item->valuestring, "ssl", strlen(item->valuestring)))!=0))
{ {
ret=1; ret=1;
} }
cJSON_Delete(user_define_object); cJSON_Delete(user_define_object);
user_define_object=NULL; user_define_object=NULL;
} }
if(service_defined!=NULL) if(service_defined!=NULL)
{ {
dictator_free(thread_seq, service_defined); dictator_free(thread_seq, service_defined);
service_defined=NULL; service_defined=NULL;
} }
return ret; return ret;
} }
#endif #endif
static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num)
{ {
int i=0; int i=0;
Maat_rule_t *p_result=NULL; Maat_rule_t *p_result=NULL;
if(result==NULL || result_num<=0) if(result==NULL || result_num<=0)
{ {
return NULL; return NULL;
} }
p_result=&result[0]; p_result=&result[0];
for(i=1; i<result_num; i++) for(i=1; i<result_num; i++)
{ {
if((unsigned char)result[i].action>(unsigned char)p_result->action) if((unsigned char)result[i].action>(unsigned char)p_result->action)
{ {
p_result=&result[i]; p_result=&result[i];
continue; continue;
} }
if(result[i].action==p_result->action) if(result[i].action==p_result->action)
{ {
if(result[i].config_id>p_result->config_id) if(result[i].config_id>p_result->config_id)
{ {
p_result=&result[i]; p_result=&result[i];
} }
} }
} }
return p_result; return p_result;
} }
extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
{ {
int send_log=0,identify_flag=0; int send_log=0,identify_flag=0;
int ret=0,hit_num=0; int ret=0,hit_num=0;
int state=APP_STATE_DROPME; int state=APP_STATE_DROPME;
scan_status_t mid=NULL; scan_status_t mid=NULL;
char *domain_field_name=NULL; char *domain_field_name=NULL;
char *schema_field_name=NULL; char *schema_field_name=NULL;
Maat_rule_t *p_result=NULL; Maat_rule_t *p_result=NULL;
Maat_rule_t *q_result=NULL; Maat_rule_t *q_result=NULL;
tsg_log_t log_msg; tsg_log_t log_msg;
struct TLD_handle_t *TLD_handle=NULL; struct TLD_handle_t *TLD_handle=NULL;
struct _identify_info identify_info; struct _identify_info identify_info;
Maat_rule_t all_result[MAX_RESULT_NUM]; Maat_rule_t all_result[MAX_RESULT_NUM];
policy_priority_label_t *priority_label=NULL; policy_priority_label_t *priority_label=NULL;
switch(a_tcp->opstate) switch(a_tcp->opstate)
{ {
case OP_STATE_PENDING: case OP_STATE_PENDING:
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1);
ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num); ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num);
if(ret>0) if(ret>0)
{ {
hit_num+=ret; hit_num+=ret;
q_result=tsg_policy_decision_criteria(all_result, hit_num); q_result=tsg_policy_decision_criteria(all_result, hit_num);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger, MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG, RLOG_LV_DEBUG,
"SCAN_IP", "SCAN_IP",
"Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
printaddr(&a_tcp->addr, thread_seq), printaddr(&a_tcp->addr, thread_seq),
ret, ret,
q_result->config_id, q_result->config_id,
q_result->service_id, q_result->service_id,
q_result->action); q_result->action);
} }
else else
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d", MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d",
printaddr(&a_tcp->addr, thread_seq), ret); printaddr(&a_tcp->addr, thread_seq), ret);
} }
memset(&identify_info, 0, sizeof(identify_info)); memset(&identify_info, 0, sizeof(identify_info));
ret=tsg_scan_shared_policy(g_tsg_maat_feather, ret=tsg_scan_shared_policy(g_tsg_maat_feather,
a_tcp->ptcpdetail->pdata, a_tcp->ptcpdetail->pdata,
a_tcp->ptcpdetail->datalen, a_tcp->ptcpdetail->datalen,
all_result+hit_num, all_result+hit_num,
MAX_RESULT_NUM-hit_num, MAX_RESULT_NUM-hit_num,
&identify_info, &identify_info,
&mid, &mid,
g_tsg_para.logger, g_tsg_para.logger,
thread_seq); thread_seq);
if(ret>0) if(ret>0)
{ {
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger, MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG, RLOG_LV_DEBUG,
"SCAN_FQDN", "SCAN_FQDN",
"Hit %s: %s policy_id: %d service: %d action: %d addr: %s", "Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
(identify_info.proto==PROTO_HTTP) ? "host" : "sni", (identify_info.proto==PROTO_HTTP) ? "host" : "sni",
identify_info.domain, identify_info.domain,
all_result[hit_num].config_id, all_result[hit_num].config_id,
all_result[hit_num].service_id, all_result[hit_num].service_id,
all_result[hit_num].action, all_result[hit_num].action,
printaddr(&a_tcp->addr, thread_seq) printaddr(&a_tcp->addr, thread_seq)
); );
hit_num+=ret; hit_num+=ret;
identify_flag=1; identify_flag=1;
}
} else
else {
{ MESA_handle_runtime_log(g_tsg_para.logger,
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG,
RLOG_LV_DEBUG, "SCAN_FQDN",
"SCAN_FQDN", "Not hit %s: %s stream_dir: %d addr: %s",
"Not hit %s: %s addr: %s",
(ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"),
(ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), (ret==-1) ? "NULL" : identify_info.domain,
(ret==-1) ? "NULL" : identify_info.domain, a_tcp->dir,
printaddr(&a_tcp->addr, thread_seq) printaddr(&a_tcp->addr, thread_seq)
); );
} }
p_result=tsg_policy_decision_criteria(all_result, hit_num); p_result=tsg_policy_decision_criteria(all_result, hit_num);
if(p_result!=NULL) if(p_result!=NULL)
{ {
switch((unsigned char)p_result->action) switch((unsigned char)p_result->action)
{ {
case TSG_ACTION_DENY: case TSG_ACTION_DENY:
send_log=1; send_log=1;
MESA_kill_tcp(a_tcp, a_packet); MESA_kill_tcp(a_tcp, a_packet);
state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER;
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s", MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s",
p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq)); p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq));
break; break;
case TSG_ACTION_MONITOR: case TSG_ACTION_MONITOR:
if(q_result!=NULL && (p_result==q_result)) if(q_result!=NULL && (p_result==q_result))
{ {
send_log=1; send_log=1;
} }
break; break;
case TSG_ACTION_BYPASS: case TSG_ACTION_BYPASS:
send_log=1; send_log=1;
state|=APP_STATE_KILL_OTHER; //TODO state|=APP_STATE_KILL_OTHER; //TODO
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
break; break;
case TSG_ACTION_INTERCEPT: case TSG_ACTION_INTERCEPT:
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t));
priority_label->result_num=1; priority_label->result_num=1;
priority_label->result_type=PULL_KNI_RESULT; priority_label->result_type=PULL_KNI_RESULT;
priority_label->proto=identify_info.proto; priority_label->proto=identify_info.proto;
priority_label->domain_len=identify_info.domain_len; priority_label->domain_len=identify_info.domain_len;
memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len); memcpy(priority_label->domain, identify_info.domain, identify_info.domain_len);
memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label); ret=project_req_add_struct(a_tcp, g_tsg_para.priority_project_id, (void *)priority_label);
if(ret<0) if(ret<0)
{ {
free_policy_label(thread_seq, (void *)priority_label); free_policy_label(thread_seq, (void *)priority_label);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed ..."); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", "Add policy_priority_label failed ...");
} }
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "INTERCEPT", "Hit intercept policy, policy_id: %d action: %d addr: %s", MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "INTERCEPT", "Hit intercept policy, policy_id: %d action: %d addr: %s",
priority_label->result[0].config_id, priority_label->result[0].action, printaddr(&a_tcp->addr, thread_seq)); priority_label->result[0].config_id, priority_label->result[0].action, printaddr(&a_tcp->addr, thread_seq));
break; break;
case TSG_ACTION_NONE: case TSG_ACTION_NONE:
default: default:
assert(0); assert(0);
break; break;
} }
if(send_log==1 && p_result->do_log>0) if(send_log==1 && p_result->do_log>0)
{ {
TLD_handle=TLD_create(thread_seq); TLD_handle=TLD_create(thread_seq);
if(identify_flag==1) if(identify_flag==1)
{ {
schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE);
TLD_append(TLD_handle, schema_field_name, (void *)((identify_info.proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING); TLD_append(TLD_handle, schema_field_name, (void *)((identify_info.proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING);
domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info.proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI)); domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info.proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI));
TLD_append(TLD_handle, domain_field_name, (void *)identify_info.domain, TLD_TYPE_STRING); TLD_append(TLD_handle, domain_field_name, (void *)identify_info.domain, TLD_TYPE_STRING);
} }
log_msg.a_stream=a_tcp; log_msg.a_stream=a_tcp;
log_msg.result=p_result; log_msg.result=p_result;
log_msg.result_num=1; log_msg.result_num=1;
tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
} }
} }
break; break;
case OP_STATE_DATA: case OP_STATE_DATA:
case OP_STATE_CLOSE: case OP_STATE_CLOSE:
default: default:
break; break;
} }
return state; return state;
} }
extern "C" int TSG_MASTER_INIT() extern "C" int TSG_MASTER_INIT()
{ {
int i=0,ret=0,cycle=0; int i=0,ret=0,cycle=0;
int value=0,level=30; int value=0,level=30;
unsigned short fs_server_port=0; unsigned short fs_server_port=0;
char app_name[MAX_STRING_LEN]={0}; char app_name[MAX_STRING_LEN]={0};
char log_path[MAX_STRING_LEN*4]={0}; char log_path[MAX_STRING_LEN*4]={0};
char label_buff[MAX_STRING_LEN*4]={0}; char label_buff[MAX_STRING_LEN*4]={0};
char fs_server_ip[MAX_IPV4_LEN]={0}; char fs_server_ip[MAX_IPV4_LEN]={0};
char fs_output_path[MAX_STRING_LEN*4]={0}; char fs_output_path[MAX_STRING_LEN*4]={0};
memset(&g_tsg_para, 0, sizeof(g_tsg_para)); memset(&g_tsg_para, 0, sizeof(g_tsg_para));
MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30);
MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), NULL); MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), NULL);
g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level); g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level);
if(g_tsg_para.logger==NULL) if(g_tsg_para.logger==NULL)
{ {
printf("MESA_create_runtime_log_handle failed ...\n"); printf("MESA_create_runtime_log_handle failed ...\n");
return -1; return -1;
} }
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0);
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY");
g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label);
if(g_tsg_para.priority_project_id<0) if(g_tsg_para.priority_project_id<0)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed ...", label_buff); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed ...", label_buff);
return -1; return -1;
} }
ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger);
if(ret<0) if(ret<0)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ..."); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ...");
return -1; return -1;
} }
g_tsg_log_instance=tsg_sendlog_init(tsg_conffile); g_tsg_log_instance=tsg_sendlog_init(tsg_conffile);
if(g_tsg_log_instance==NULL) if(g_tsg_log_instance==NULL)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ...");
return -1; return -1;
} }
MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30);
MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port));
MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log");
MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master");
g_tsg_para.fs2_handle=FS_create_handle(); g_tsg_para.fs2_handle=FS_create_handle();
value=1;//Rewrite value=1;//Rewrite
FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value));
value=1;//Do not create stat thread value=1;//Do not create stat thread
FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value));
FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle));
FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
if(fs_server_port > 0 && strlen(fs_server_ip) > 0) if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
{ {
FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1);
FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
} }
for(i=0; i<TSG_FS2_MAX; i++) for(i=0; i<TSG_FS2_MAX; i++)
{ {
g_tsg_para.fs2_field_id[g_tsg_fs2_field[i].id]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_CURRENT, g_tsg_fs2_field[i].name); g_tsg_para.fs2_field_id[g_tsg_fs2_field[i].id]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_CURRENT, g_tsg_fs2_field[i].name);
} }
FS_start(g_tsg_para.fs2_handle); FS_start(g_tsg_para.fs2_handle);
return 0; return 0;
} }
extern "C" int TSG_MASTER_UNLOAD()
{
return 0;
}

1
src/tsg_entry.h
View File

@@ -40,6 +40,7 @@ typedef struct _tsg_para
int device_id; int device_id;
int ip_addr_table_id; int ip_addr_table_id;
int subscribe_id_table_id; int subscribe_id_table_id;
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
int priority_project_id; int priority_project_id;
int fs2_field_id[TSG_FS2_MAX]; int fs2_field_id[TSG_FS2_MAX];
void *logger; void *logger;

250
src/tsg_rule.cpp
View File

@@ -3,6 +3,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <assert.h> #include <assert.h>
#include <time.h> #include <time.h>
#include <arpa/inet.h>
#include <MESA/stream.h> #include <MESA/stream.h>
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
@@ -15,8 +16,10 @@
#include "tsg_entry.h" #include "tsg_entry.h"
Maat_feather_t g_tsg_maat_feather; Maat_feather_t g_tsg_maat_feather;
Maat_feather_t g_tsg_dynamic_maat_feather;
#define MAX_PATH_LEN 1024 #define MAX_PATH_LEN 1024
#define MAX_IPV6_ADDR_LEN 128
#ifndef MIN #ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b)) #define MIN(a, b) (((a) < (b)) ? (a) : (b))
@@ -31,15 +34,73 @@ enum kni_scan_table{
const char *g_kni_scan_table_name[SCAN_TABLE_MAX]; const char *g_kni_scan_table_name[SCAN_TABLE_MAX];
int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0}; int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0};
int tsg_rule_init(const char* conffile, void *logger) void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp)
{
void *logger=argp;
*to=calloc(1, strlen((char *)*from)+1);
memcpy(*to, *from, strlen((char *)*from));
MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Dup subscribe_id: %s table_id: %d", (char *)*to, table_id);
return;
}
void subscribe_id_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
{
void *logger=argp;
int ret=0,id=0,type=0,is_valid=0;
char subscribe_id[256]={0};
char ip_addr[MAX_IPV6_ADDR_LEN]={0};
ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%d", &id, &type, ip_addr, subscribe_id, &is_valid);
if(ret!=5)
{
MESA_handle_runtime_log(logger,
RLOG_LV_FATAL,
"SUBSCRIBE_ID",
"Parse subscribe_id failed, ret: %d table_id: %d key: %s table_line: %s",
ret,
table_id,
key,
table_line
);
return;
}
*ad=calloc(1, strlen(subscribe_id)+1);
memcpy(*ad, subscribe_id, strlen(subscribe_id));
MESA_handle_runtime_log(logger,
RLOG_LV_INFO,
"SUBSCRIBE_ID",
"Add subscribe_id: %s table_id: %d key: %s table_line: %s",
*ad,
table_id,
key,
table_line
);
return;
}
void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
{
void *logger=argp;
MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Delete subscribe_id: %s table_id: %d", (char *)*ad, table_id);
free(*ad);
*ad=NULL;
return;
}
static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *logger)
{ {
unsigned short redis_port = 0; unsigned short redis_port = 0;
int ret=0,scan_detail=0,effect_interval=60; int ret=0,scan_detail=0,effect_interval=60;
const char* instance_name="TSG",*module="MAAT"; Maat_feather_t _maat_feather=NULL;
int factor=0, redis_port_num=0,redis_index=0; int factor=0, redis_port_num=0,redis_index=0;
char redis_ip[16]={0}, effective_flag[1024]={0}; char redis_ip[16]={0}, effective_flag[1024]={0};
int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0; int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0;
char ip_addr_table[32]={0},subscriber_id_table[32]={0};
char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0}; char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0};
char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0}; char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
@@ -56,7 +117,7 @@ int tsg_rule_init(const char* conffile, void *logger)
effect_interval*=1000;//convert s to ms effect_interval*=1000;//convert s to ms
thread_max=get_thread_count(); thread_max=get_thread_count();
g_tsg_maat_feather=Maat_feather(thread_max, table_info, logger); _maat_feather=Maat_feather(thread_max, table_info, logger);
if(maat_mode==2) if(maat_mode==2)
{ {
@@ -67,34 +128,34 @@ int tsg_rule_init(const char* conffile, void *logger)
if(strlen(effective_flag)!=0) if(strlen(effective_flag)!=0)
{ {
Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
} }
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
srand((unsigned int)time(NULL)); srand((unsigned int)time(NULL));
factor = rand()%redis_port_num; factor = rand()%redis_port_num;
redis_port = redis_port+factor; redis_port = redis_port+factor;
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1); Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port));
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index));
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
//Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_DEFERRED_LOAD, NULL,0); //Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_DEFERRED_LOAD, NULL,0);
} }
else else
{ {
if(strlen(effective_flag)!=0) if(strlen(effective_flag)!=0)
{ {
ret=Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
assert(ret>=0); assert(ret>=0);
} }
Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
if(maat_mode==1) if(maat_mode==1)
{ {
MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
} }
else else
{ {
@@ -102,32 +163,53 @@ int tsg_rule_init(const char* conffile, void *logger)
MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),"");
assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0); assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); Maat_set_feather_opt(_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); Maat_set_feather_opt(_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1);
} }
if(maat_stat_on) if(maat_stat_on)
{ {
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1);
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_ON, NULL, 0); Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0);
if(maat_perf_on) if(maat_perf_on)
{ {
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_PERF_ON, NULL, 0); Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
} }
} }
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
} }
ret=Maat_initiate_feather(g_tsg_maat_feather); ret=Maat_initiate_feather(_maat_feather);
if(ret<0) if(ret<0)
{ {
return -1; return NULL;
} }
MESA_load_profile_string_def(conffile, module, "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR"); return _maat_feather;
MESA_load_profile_string_def(conffile, module, "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID"); }
int tsg_rule_init(const char* conffile, void *logger)
{
int ret=0;
char maat_conffile[256]={0};
char ip_addr_table[32]={0};
char subscriber_id_table[32]={0};
char cb_subscriber_ip_table[32]={0};
MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf");
MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR");
MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID");
//init dynamic maat feather
g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger);
if(g_tsg_maat_feather==NULL)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_STATIC", "STATIC");
return -1;
}
g_tsg_para.ip_addr_table_id=Maat_table_register(g_tsg_maat_feather, ip_addr_table); g_tsg_para.ip_addr_table_id=Maat_table_register(g_tsg_maat_feather, ip_addr_table);
if(g_tsg_para.ip_addr_table_id<0) if(g_tsg_para.ip_addr_table_id<0)
{ {
@@ -142,6 +224,7 @@ int tsg_rule_init(const char* conffile, void *logger)
return -1; return -1;
} }
// init sni or host share table
ret=tsg_shared_table_init(conffile, g_tsg_maat_feather, logger); ret=tsg_shared_table_init(conffile, g_tsg_maat_feather, logger);
if(ret<0) if(ret<0)
{ {
@@ -149,6 +232,37 @@ int tsg_rule_init(const char* conffile, void *logger)
return -1; return -1;
} }
//init dynamic maat feather
g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger);
if(g_tsg_maat_feather==NULL)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_DYNAMIC", "DYNAMIC");
return -1;
}
MESA_load_profile_string_def(conffile, "MAAT", "CB_SUBSCRIBER_IP_TABLE", cb_subscriber_ip_table, sizeof(cb_subscriber_ip_table), "TSG_DYN_SUBSCRIBER_IP");
g_tsg_para.dyn_subscribe_ip_table_id=Maat_table_register(g_tsg_dynamic_maat_feather, cb_subscriber_ip_table);
if(g_tsg_para.dyn_subscribe_ip_table_id<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_table_register %s failed", cb_subscriber_ip_table);
return -1;
}
ret=Maat_plugin_EX_register(g_tsg_dynamic_maat_feather,
g_tsg_para.dyn_subscribe_ip_table_id,
subscribe_id_new_data,
subscribe_id_free_data,
subscribe_id_dup_data,
NULL,
0,
logger);
if(ret<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_plugin_EX_register failed, table_name: %s table_id: %d", cb_subscriber_ip_table, g_tsg_para.dyn_subscribe_ip_table_id);
return -1;
}
return 0; return 0;
} }
@@ -249,15 +363,54 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
return 0; return 0;
} }
int tsg_get_subscribe_id(const struct streaminfo *a_stream, char **source_subscribe_id, char **dest_subscribe_id)
{
char source_ip[MAX_IPV6_ADDR_LEN]={0};
char dest_ip[MAX_IPV6_ADDR_LEN]={0};
struct stream_tuple4_v4 *v4=NULL;
struct stream_tuple4_v6 *v6=NULL;
switch(a_stream->addr.addrtype)
{
case ADDR_TYPE_IPV4:
v4=a_stream->addr.tuple4_v4;
inet_ntop(AF_INET, &(v4->saddr), source_ip, MAX_IPV6_ADDR_LEN);
inet_ntop(AF_INET, &(v4->daddr), dest_ip, MAX_IPV6_ADDR_LEN);
break;
case ADDR_TYPE_IPV6:
v6=a_stream->addr.tuple4_v6;
inet_ntop(AF_INET6, v6->saddr, source_ip, MAX_IPV6_ADDR_LEN);
inet_ntop(AF_INET6, v6->daddr, dest_ip, MAX_IPV6_ADDR_LEN);
break;
default:
break;
}
if(strlen(dest_ip)>0)
{
*dest_subscribe_id = (char*)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip);
}
if(strlen(source_ip)>0)
{
*source_subscribe_id = (char*)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip);
}
return 0;
}
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num) int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num)
{ {
struct ipaddr t_addr; struct ipaddr t_addr;
struct ipaddr* p_addr = NULL; struct ipaddr* p_addr=NULL;
char subscribe_id[64]={0};
int hit_num=0,tans_proto=0; int hit_num=0,tans_proto=0;
char *source_subscribe_id=NULL;
char *dest_subscribe_id=NULL;
int is_scan_addr=1, maat_ret=0,found_pos=0; int is_scan_addr=1, maat_ret=0,found_pos=0;
const struct streaminfo *cur_stream = a_stream; const struct streaminfo *cur_stream = a_stream;
if(result == NULL || result_num <= 0 || a_stream == NULL || maat_feather == NULL) if(result == NULL || result_num <= 0 || a_stream == NULL || maat_feather == NULL)
{ {
return -1; return -1;
@@ -322,21 +475,48 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
}while(cur_stream != NULL && hit_num < result_num); }while(cur_stream != NULL && hit_num < result_num);
if(hit_num<result_num && subscribe_id!=NULL && strlen(subscribe_id)>0) if(hit_num<result_num)
{ {
maat_ret=Maat_full_scan_string(maat_feather, tsg_get_subscribe_id(a_stream, &source_subscribe_id, &dest_subscribe_id);
if(source_subscribe_id!=NULL)
{
maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.subscribe_id_table_id, g_tsg_para.subscribe_id_table_id,
CHARSET_GBK, CHARSET_GBK,
subscribe_id, source_subscribe_id,
strlen(subscribe_id), strlen(source_subscribe_id),
result+hit_num, result+hit_num,
&found_pos, &found_pos,
result_num-hit_num, result_num-hit_num,
mid, mid,
a_stream->threadnum); a_stream->threadnum);
if(maat_ret > 0) if(maat_ret > 0)
{
hit_num+=maat_ret;
}
subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&source_subscribe_id, 0, g_tsg_para.logger);
}
if(dest_subscribe_id!=NULL)
{ {
hit_num+=maat_ret; maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.subscribe_id_table_id,
CHARSET_GBK,
dest_subscribe_id,
strlen(dest_subscribe_id),
result+hit_num,
&found_pos,
result_num-hit_num,
mid,
a_stream->threadnum);
if(maat_ret > 0)
{
hit_num+=maat_ret;
}
subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&dest_subscribe_id, 0, g_tsg_para.logger);
} }
} }