TSG-15779: app_full_path中包含ESNI和ECH
This commit is contained in:
liuxueli
@@ -967,7 +967,20 @@ int session_application_metrics_update(const struct streaminfo *a_stream, struct
|
||||
return 1;
|
||||
}
|
||||
|
||||
int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol)
|
||||
static int check_app_id(unsigned int *new_app_id, int n_new_app_id, unsigned int old_app_id)
|
||||
{
|
||||
for(int j=0; j<n_new_app_id; j++)
|
||||
{
|
||||
if(old_app_id==new_app_id[j])
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream, unsigned int *app_id, int n_app_id)
|
||||
{
|
||||
struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
|
||||
if(gather_result==NULL)
|
||||
@@ -977,20 +990,41 @@ int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream
|
||||
session_gather_app_results_async(a_stream, (void *)gather_result);
|
||||
}
|
||||
|
||||
if(gather_result->l7_protocol_num>0)
|
||||
int not_combined_flag=0;
|
||||
for(int i=0; i<gather_result->l7_protocol_num; i++)
|
||||
{
|
||||
return 0;
|
||||
not_combined_flag=check_app_id(app_id, n_app_id, gather_result->l7_protocol[i].app_id);
|
||||
if(not_combined_flag==1)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
struct app_attributes *l7_protocol=(struct app_attributes *)dictator_malloc(a_stream->threadnum, sizeof(struct app_attributes)*n_app_id);
|
||||
for(int i=0; i<n_app_id; i++)
|
||||
{
|
||||
l7_protocol[i].app_id=app_id[i];
|
||||
l7_protocol[i].surrogate_id=0;
|
||||
l7_protocol[i].packet_sequence=get_packet_sequence(a_stream);
|
||||
}
|
||||
|
||||
if(not_combined_flag==0 && gather_result->l7_protocol_num>0)
|
||||
{
|
||||
l7_protocol=(struct app_attributes *)dictator_realloc(a_stream->threadnum, l7_protocol, sizeof(struct app_attributes)*(n_app_id+gather_result->l7_protocol_num));
|
||||
memcpy((void *)(l7_protocol+n_app_id), (void *)gather_result->l7_protocol, sizeof(struct app_attributes)*gather_result->l7_protocol_num);
|
||||
gather_result->l7_protocol_num+=n_app_id;
|
||||
}
|
||||
else
|
||||
{
|
||||
gather_result->l7_protocol_num=n_app_id;
|
||||
}
|
||||
|
||||
if(gather_result->l7_protocol!=NULL)
|
||||
{
|
||||
dictator_free(a_stream->threadnum, gather_result->l7_protocol);
|
||||
}
|
||||
|
||||
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name, g_tsg_proto_name2id[protocol].len);
|
||||
if(app_id>0)
|
||||
{
|
||||
gather_result->l7_protocol_num=1;
|
||||
gather_result->l7_protocol=(struct app_attributes *)dictator_malloc(a_stream->threadnum, sizeof(struct app_attributes));
|
||||
gather_result->l7_protocol->app_id=app_id;
|
||||
gather_result->l7_protocol->surrogate_id=0;
|
||||
gather_result->l7_protocol->packet_sequence=get_packet_sequence(a_stream);
|
||||
}
|
||||
gather_result->l7_protocol=l7_protocol;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -2004,7 +2038,9 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
|
||||
int ret=session_l7_protocol_identify(a_stream, srt_process_context, a_packet);
|
||||
if(ret==1)
|
||||
{
|
||||
session_app_gather_results_set_l7_protocol(a_stream, srt_process_context->proto);
|
||||
int n_offset=0;
|
||||
unsigned int app_id[4]={0,0,0,0};
|
||||
app_id[n_offset++]=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name, g_tsg_proto_name2id[srt_process_context->proto].len);
|
||||
srt_process_context->is_app_link=FLAG_TRUE;
|
||||
srt_attribute_set_protocol(a_stream, srt_process_context->proto);
|
||||
|
||||
@@ -2016,8 +2052,8 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
|
||||
if(ja3_info->fp!=NULL && ja3_info->fp_len>0)
|
||||
{
|
||||
char *ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
|
||||
memset(ja3_fingerprint, 0, ja3_info->fp_len+1);
|
||||
memcpy(ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
|
||||
ja3_fingerprint[ja3_info->fp_len]='\0';
|
||||
srt_attribute_set_ja3_fingprint(a_stream, ja3_fingerprint);
|
||||
}
|
||||
}
|
||||
@@ -2031,12 +2067,14 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
|
||||
if(srt_process_context->is_esni)
|
||||
{
|
||||
unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
|
||||
app_id[n_offset++]=protocol_id;
|
||||
matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
}
|
||||
|
||||
if(srt_process_context->is_ech)
|
||||
{
|
||||
unsigned int protocol_id=tsg_l7_protocol_name2id("ECH", 3);
|
||||
app_id[n_offset++]=protocol_id;
|
||||
matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
}
|
||||
|
||||
@@ -2045,6 +2083,8 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
|
||||
table_idx=tsg_http_url_table_idx_get();
|
||||
matched_cnt+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->http_url, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
}
|
||||
|
||||
session_app_gather_results_set_l7_protocol(a_stream, app_id, n_offset);
|
||||
}
|
||||
|
||||
ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
|
||||
|
||||
@@ -2312,6 +2312,8 @@
|
||||
"68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1",
|
||||
"4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
"199\tssl\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
"8008\tSSL\\bwith\\bESNI\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
"8173\tSSL\\bwith\\bECH\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
"2521\tquic\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
"240\tyoutube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
"15009\tuser_define_youtube\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
|
||||
|
||||
@@ -1010,6 +1010,115 @@ TEST(TSGMaster, SessionApplicationMetrics)
|
||||
|
||||
}
|
||||
|
||||
extern int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream, unsigned int *app_id, int n_app_id);
|
||||
TEST(TSGMaster, SessionApplicationFullPathTSG15779_HTTP)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
char out_full_path[256]={0};
|
||||
int out_full_path_len=sizeof(out_full_path);
|
||||
struct gather_app_result *gather_result=(struct gather_app_result *)calloc(1, sizeof(struct gather_app_result));
|
||||
|
||||
gather_result->l7_protocol_num=1;
|
||||
gather_result->l7_protocol=(struct app_attributes *)calloc(1, sizeof(struct app_attributes));
|
||||
gather_result->l7_protocol->app_id=67;
|
||||
gather_result->l7_protocol->surrogate_id=0;
|
||||
gather_result->l7_protocol->packet_sequence=4;
|
||||
session_gather_app_results_async(&a_stream, (void *)gather_result);
|
||||
|
||||
int n_app_id=1;
|
||||
unsigned int app_id[1]={67};
|
||||
session_app_gather_results_set_l7_protocol(&a_stream, app_id, n_app_id);
|
||||
|
||||
session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
|
||||
EXPECT_STREQ("http", out_full_path);
|
||||
|
||||
free(gather_result->l7_protocol);
|
||||
free(gather_result->qm_engine);
|
||||
free(gather_result);
|
||||
session_gather_app_results_async(&a_stream, NULL);
|
||||
}
|
||||
|
||||
TEST(TSGMaster, SessionApplicationFullPathTSG15779_SSL)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
char out_full_path[256]={0};
|
||||
int out_full_path_len=sizeof(out_full_path);
|
||||
struct gather_app_result *gather_result=(struct gather_app_result *)calloc(1, sizeof(struct gather_app_result));
|
||||
|
||||
gather_result->l7_protocol_num=1;
|
||||
gather_result->l7_protocol=(struct app_attributes *)calloc(1, sizeof(struct app_attributes));
|
||||
gather_result->l7_protocol->app_id=68;
|
||||
gather_result->l7_protocol->surrogate_id=0;
|
||||
gather_result->l7_protocol->packet_sequence=4;
|
||||
session_gather_app_results_async(&a_stream, (void *)gather_result);
|
||||
|
||||
int n_app_id=1;
|
||||
unsigned int app_id[1]={199};
|
||||
session_app_gather_results_set_l7_protocol(&a_stream, app_id, n_app_id);
|
||||
|
||||
session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
|
||||
EXPECT_STREQ("ssl.https", out_full_path);
|
||||
|
||||
free(gather_result->l7_protocol);
|
||||
free(gather_result->qm_engine);
|
||||
free(gather_result);
|
||||
session_gather_app_results_async(&a_stream, NULL);
|
||||
}
|
||||
|
||||
TEST(TSGMaster, SessionApplicationFullPathTSG15779_ECH)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
char out_full_path[256]={0};
|
||||
int out_full_path_len=sizeof(out_full_path);
|
||||
struct gather_app_result *gather_result=(struct gather_app_result *)calloc(1, sizeof(struct gather_app_result));
|
||||
|
||||
gather_result->l7_protocol_num=1;
|
||||
gather_result->l7_protocol=(struct app_attributes *)calloc(1, sizeof(struct app_attributes));
|
||||
gather_result->l7_protocol->app_id=68;
|
||||
gather_result->l7_protocol->surrogate_id=0;
|
||||
gather_result->l7_protocol->packet_sequence=4;
|
||||
session_gather_app_results_async(&a_stream, (void *)gather_result);
|
||||
|
||||
int n_app_id=2;
|
||||
unsigned int app_id[2]={199, 8173};
|
||||
session_app_gather_results_set_l7_protocol(&a_stream, app_id, n_app_id);
|
||||
|
||||
session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
|
||||
EXPECT_STREQ("ssl.SSL with ECH.https", out_full_path);
|
||||
|
||||
free(gather_result->l7_protocol);
|
||||
free(gather_result->qm_engine);
|
||||
free(gather_result);
|
||||
session_gather_app_results_async(&a_stream, NULL);
|
||||
}
|
||||
|
||||
TEST(TSGMaster, SessionApplicationFullPathTSG15779_ESNI)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
char out_full_path[256]={0};
|
||||
int out_full_path_len=sizeof(out_full_path);
|
||||
struct gather_app_result *gather_result=(struct gather_app_result *)calloc(1, sizeof(struct gather_app_result));
|
||||
|
||||
gather_result->l7_protocol_num=1;
|
||||
gather_result->l7_protocol=(struct app_attributes *)calloc(1, sizeof(struct app_attributes));
|
||||
gather_result->l7_protocol->app_id=68;
|
||||
gather_result->l7_protocol->surrogate_id=0;
|
||||
gather_result->l7_protocol->packet_sequence=4;
|
||||
session_gather_app_results_async(&a_stream, (void *)gather_result);
|
||||
|
||||
int n_app_id=2;
|
||||
unsigned int app_id[2]={199, 8008};
|
||||
session_app_gather_results_set_l7_protocol(&a_stream, app_id, n_app_id);
|
||||
|
||||
session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
|
||||
EXPECT_STREQ("ssl.SSL with ESNI.https", out_full_path);
|
||||
|
||||
free(gather_result->l7_protocol);
|
||||
free(gather_result->qm_engine);
|
||||
free(gather_result);
|
||||
session_gather_app_results_async(&a_stream, NULL);
|
||||
}
|
||||
|
||||
extern int session_application_full_path_update(const struct streaminfo *a_stream, char *app_full_path, int app_full_path_len);
|
||||
|
||||
TEST(TSGMaster, SessionApplicationFullPathTSG15999)
|
||||
|
||||
Reference in New Issue
Block a user