gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13778 TSG master支持MAAT4

Browse Source
This commit is contained in:
刘学利
2023-04-03 08:30:49 +00:00
parent 8819217948
commit b696e82879
48 changed files with 7416 additions and 4501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/CMakeLists.txt
View File

@@ -2,14 +2,13 @@ cmake_minimum_required(VERSION 2.8)
add_definitions(-fPIC)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp
tsg_sync_state.cpp)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_protocol.cpp tsg_sync_state.cpp tsg_variable.cpp)
include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/)
include_directories(/usr/include/)
set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maatframe pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer)
set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maat4 pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer)
set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)

207
src/tsg_action.cpp
View File

@@ -17,26 +17,27 @@
#include <MESA/stream.h>
#include <MESA/MESA_handle_logger.h>
#include "app_label.h"
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_entry.h"
#include "tsg_bridge.h"
#include "tsg_statistic.h"
#include "tsg_send_log.h"
#include "tsg_protocol_common.h"
#include "tsg_rule_internal.h"
extern "C" int sendpacket_do_checksum(unsigned char *buf, int protocol, int len);
static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate::TemplateDictionary *tpl_dict, int policy_id)
static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate::TemplateDictionary *tpl_dict, long long policy_id)
{
char ip_str[128]={0};
struct session_attribute_label *attr_label=NULL;
tpl_dict->SetIntValue("tsg_policy_id", policy_id);
tpl_dict->SetIntValue("tsg_policy_id", policy_id); //TODO
attr_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
if(attr_label!=NULL && attr_label->client_subscribe_id!=NULL)
const struct session_runtime_attribute *srt_attribute=(const struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
if(srt_attribute!=NULL && srt_attribute->client_subscribe_id!=NULL)
{
tpl_dict->SetFormattedValue("tsg_subscriber_id", "%s", attr_label->client_subscribe_id->subscribe_id);
tpl_dict->SetFormattedValue("tsg_subscriber_id", "%s", srt_attribute->client_subscribe_id->subscribe_id);
}
else
{
@@ -46,11 +47,11 @@ static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate:
switch(a_stream->addr.addrtype)
{
case ADDR_TYPE_IPV4:
case ADDR_TYPE_IPV4:
inet_ntop(AF_INET, (const void *)&(a_stream->addr.ipv4->saddr), ip_str, sizeof(ip_str));
tpl_dict->SetFormattedValue("tsg_client_ip", "%s", ip_str);
break;
case ADDR_TYPE_IPV6:
case ADDR_TYPE_IPV6:
inet_ntop(AF_INET6, (const void *)(a_stream->addr.ipv6->saddr), ip_str, sizeof(ip_str));
tpl_dict->SetFormattedValue("tsg_client_ip", "%s", ip_str);
break;
@@ -62,7 +63,7 @@ static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate:
return 0;
}
static int set_drop_stream(const struct streaminfo *a_stream, tsg_protocol_t protocol)
static int set_drop_stream(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol)
{
int ret=0, opt_value=1;
MESA_set_stream_opt(a_stream, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value));
@@ -89,7 +90,7 @@ static int set_drop_stream(const struct streaminfo *a_stream, tsg_protocol_t pro
break;
}
return STATE_DROPME|STATE_DROPPKT;
return STATE_DROPME|STATE_DROPPKT;
}
static int get_http_header(char *buff, int len, int code, char *user_define)
@@ -153,7 +154,7 @@ static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void
return 0;
}
static void template_generate(const struct streaminfo *a_stream, int status_code, int policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq)
static void template_generate(const struct streaminfo *a_stream, int status_code, long long policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq)
{
std::string page_output, msg_output;
ctemplate::Template *tpl=NULL;
@@ -223,16 +224,14 @@ static void template_generate(const struct streaminfo *a_stream, int status_code
return ;
}
static int get_response_pages(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, char **payload, int thread_seq)
static int get_response_pages(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, char **payload, int thread_seq)
{
char key[16]={0};
int payload_len=0;
struct http_response_pages *res_pages=NULL;
switch(user_region->deny->type)
{
case TSG_DENY_TYPE_MESSAGE:
template_generate(a_stream, user_region->deny->code, p_result->config_id, user_region->deny->message, payload, (size_t *)&payload_len, thread_seq);
template_generate(a_stream, user_region->deny->code, p_result->rule_id, user_region->deny->message, payload, (size_t *)&payload_len, thread_seq);
return payload_len;
break;
case TSG_DENY_TYPE_PROFILE:
@@ -241,25 +240,24 @@ static int get_response_pages(const struct streaminfo *a_stream, struct Maat_rul
break;
}
snprintf(key, sizeof(key), "%d", user_region->deny->profile_id);
res_pages=(struct http_response_pages *)Maat_plugin_get_EX_data(g_tsg_maat_feather,g_tsg_para.table_id[TABLE_RESPONSE_PAGES], key);
if(res_pages!=NULL)
struct http_response_pages *response_pages=(struct http_response_pages *)matched_rule_cites_http_response_pages(g_tsg_maat_feather, (long long)user_region->deny->profile_id);
if(response_pages!=NULL)
{
switch(res_pages->format)
switch(response_pages->format)
{
case HTTP_RESPONSE_FORMAT_HTML:
*payload=(char *)dictator_malloc(thread_seq, res_pages->content_len);
memcpy(*payload, res_pages->content, res_pages->content_len);
payload_len=res_pages->content_len;
*payload=(char *)dictator_malloc(thread_seq, response_pages->content_len);
memcpy(*payload, response_pages->content, response_pages->content_len);
payload_len=response_pages->content_len;
break;
case HTTP_RESPONSE_FORMAT_TEMPLATE:
template_generate(a_stream, user_region->deny->code, p_result->config_id, res_pages->content, payload, (size_t *)&payload_len, thread_seq);
template_generate(a_stream, user_region->deny->code, p_result->rule_id, response_pages->content, payload, (size_t *)&payload_len, thread_seq);
break;
default:
break;
}
http_response_pages_free(g_tsg_para.table_id[TABLE_RESPONSE_PAGES], (MAAT_PLUGIN_EX_DATA *)&res_pages, 0, NULL);
plugin_ex_data_http_response_pages_free(response_pages);
}
return payload_len;
@@ -439,7 +437,7 @@ static int http_send_reponse_packet(const struct streaminfo *a_stream, char *pac
return ip_tcp_hdr_len+http_hdr_len+payload_len;
}
static int http_build_response_packet(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
static int http_build_response_packet(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *a_packet)
{
char *payload=NULL;
char message[1024*64]={0};
@@ -465,7 +463,7 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct
http_hdr_len=get_http_header(message+ip_tcp_hdr_len, sizeof(message)-ip_tcp_hdr_len, user_region->deny->code, NULL);
payload_len=get_response_pages(a_stream, p_result, user_region, &payload, a_stream->threadnum);
set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, (void *)&payload_len, sizeof(int), a_stream->threadnum);
srt_attribute_set_reponse_size(a_stream, payload_len);
get_tcp_mss_option(a_stream, TCP_OPT_MSS, (void *)&max_segment_size);
@@ -499,7 +497,7 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct
return send_pkt_len;
}
static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, int code, char *http_hdr, int http_hdr_len)
static int http_get_redirect_url(const struct streaminfo *a_stream, struct maat_rule *p_result, char *url, int code, char *http_hdr, int http_hdr_len)
{
int used_len=0;
char *tmp_buff=NULL;
@@ -510,7 +508,7 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_
{
ctemplate::TemplateDictionary dict_303("url_dict"); //dict is automatically finalized after function returned.
replace_policy_variable(a_stream, &dict_303, p_result->config_id);
replace_policy_variable(a_stream, &dict_303, p_result->rule_id);
tpl_303->Expand(&output, &dict_303);
@@ -532,7 +530,7 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_
return used_len;
}
static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol)
static unsigned char do_action_reset(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol)
{
if(a_stream->type==STREAM_TYPE_TCP)
{
@@ -550,7 +548,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
RLOG_LV_FATAL,
"RST_TCP",
"Send RST failed policy_id: %d service: %d action: %d addr: %s",
p_result->config_id,
p_result->rule_id,
p_result->service_id,
(unsigned char)p_result->action,
PRINTADDR(a_stream, g_tsg_para.level)
@@ -569,14 +567,13 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
return STATE_DROPPKT|STATE_DROPME;
}
static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet)
static unsigned char do_action_drop(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *a_packet)
{
switch(protocol)
{
case PROTO_DNS:
return STATE_GIVEME|STATE_DROPPKT;
default:
default:
set_drop_stream(a_stream, protocol);
break;
}
@@ -584,7 +581,7 @@ static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data, enum ACTION_RETURN_TYPE type)
static unsigned char do_action_tamper(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data, enum ACTION_RETURN_TYPE type)
{
if(g_tsg_para.feature_tamper==0)
{
@@ -592,36 +589,35 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru
return STATE_DROPME|STATE_DROPPKT;
}
struct tcpall_context * _context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id);
if(_context==NULL)
{
_context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
memset(_context, 0, sizeof(struct tcpall_context));
tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context);
_context->method_type=TSG_METHOD_TYPE_TAMPER;
_context->tamper_count = 0;
}
else
{
_context->method_type = TSG_METHOD_TYPE_TAMPER;
_context->tamper_count = 0;
}
struct session_runtime_action_context * _context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
if(_context==NULL)
{
_context=(struct session_runtime_action_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_action_context));
memset(_context, 0, sizeof(struct session_runtime_action_context));
session_runtime_action_context_async(a_stream, (void *)_context);
_context->method_type=TSG_METHOD_TYPE_TAMPER;
_context->tamper_count = 0;
}
else
{
_context->method_type = TSG_METHOD_TYPE_TAMPER;
_context->tamper_count = 0;
}
//当前为tsg_master_plug暂时不处理在tsg_master_all_entry处理,防止命中发两次
if(ACTION_RETURN_TYPE_APP == type)
{
return STATE_GIVEME|STATE_DROPPKT|STATE_KILL_OTHER;
}
if(ACTION_RETURN_TYPE_APP == type)
{
return STATE_GIVEME|STATE_DROPPKT|STATE_KILL_OTHER;
}
//TCP这里发送的话tsg_master_all_entry仍会处理发送,UDP没有这个情况,所以加该判断
if(a_stream->type == STREAM_TYPE_UDP)
{
send_tamper_xxx(a_stream, &_context->tamper_count, user_data);
}
return STATE_DROPME|STATE_DROPPKT;
if(a_stream->type == STREAM_TYPE_UDP)
{
send_tamper_xxx(a_stream, &_context->tamper_count, user_data);
}
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data)
{
struct deny_user_region *deny_region=NULL;
@@ -651,7 +647,7 @@ static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Ma
case TSG_DENY_TYPE_DROP:
struct compile_user_region tmp_user_region;
tmp_user_region.deny=deny_region;
tmp_user_region.capture.enabled=0;
tmp_user_region.capture.enabled=0;
tmp_user_region.capture.depth=0;
tmp_user_region.method_type=TSG_METHOD_TYPE_DROP;
do_action_drop(a_stream, p_result, &tmp_user_region, protocol, user_data);
@@ -663,11 +659,11 @@ static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Ma
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type)
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type)
{
struct leaky_bucket *bucket=create_bucket(user_region->deny->bps, a_stream->threadnum);
int ret=set_bucket_to_tcpall(a_stream, bucket, a_stream->threadnum);
int ret=srt_action_context_set_leaky_bucket(a_stream, bucket, a_stream->threadnum);
if(ret==0)
{
destroy_bucket(&bucket, a_stream->threadnum);
@@ -687,7 +683,7 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat
return STATE_GIVEME|STATE_KILL_OTHER;
}
static unsigned char do_action_block_sip(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data)
static unsigned char do_action_block_sip(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data)
{
int offset=0;
char payload[1024]={0};
@@ -714,7 +710,7 @@ static unsigned char do_action_block_sip(const struct streaminfo *a_stream, Maat
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
static unsigned char do_action_block_mail(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region)
{
char *payload=NULL;
@@ -739,7 +735,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
static unsigned char do_action_block_http(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *a_packet)
{
int opt_value=0;
int send_pkt_len=0;
@@ -766,7 +762,7 @@ static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maa
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data)
{
if(user_region==NULL || user_region->deny==NULL)
{
@@ -796,7 +792,7 @@ static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region)
{
int used_http_hdr_len=0;
char http_hdr[1024]={0};
@@ -805,7 +801,7 @@ static unsigned char do_action_redirect_http(const struct streaminfo *a_stream,
switch(user_region->deny->code)
{
case 302:
case 303:
case 303:
used_http_hdr_len=http_get_redirect_url(a_stream, p_result, user_region->deny->redirect_url_to, user_region->deny->code, http_hdr, sizeof(http_hdr));
break;
default:
@@ -819,16 +815,16 @@ static unsigned char do_action_redirect_http(const struct streaminfo *a_stream,
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data)
{
if(user_region==NULL || user_region->deny==NULL)
{
return do_action_drop(a_stream, p_result, user_region, protocol, user_data);
}
return do_action_drop(a_stream, p_result, user_region, protocol, user_data);
}
switch(protocol)
{
case PROTO_DNS:
case PROTO_DNS:
return do_action_redirect_dns(a_stream, p_result, user_region, user_data);
break;
case PROTO_HTTP:
@@ -842,7 +838,7 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char local_state=STATE_GIVEME;
unsigned char state=0;
@@ -868,9 +864,9 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
case TSG_METHOD_TYPE_RATE_LIMIT:
local_state=do_action_ratelimit(a_stream, p_result, user_region, type);
break;
case TSG_METHOD_TYPE_TAMPER:
local_state = do_action_tamper(a_stream, p_result, user_region, protocol, user_data, type);
break;
case TSG_METHOD_TYPE_TAMPER:
local_state = do_action_tamper(a_stream, p_result, user_region, protocol, user_data, type);
break;
case TSG_METHOD_TYPE_DEFAULT:
local_state=do_action_default_xxx(a_stream, p_result, user_region, protocol, user_data);
break;
@@ -883,19 +879,18 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
if(type!=ACTION_RETURN_TYPE_TCPALL && user_region->deny->after_n_packets>0)
{
set_protocol_to_tcpall(a_stream, protocol, a_stream->threadnum);
set_method_to_tcpall(a_stream, user_region->method_type, a_stream->threadnum);
srt_action_context_set_l7_protocol(a_stream, protocol, a_stream->threadnum);
srt_action_context_set_rule_method(a_stream, user_region->method_type, a_stream->threadnum);
if(a_stream->type==STREAM_TYPE_UDP && type!=ACTION_RETURN_TYPE_PROT)
{
set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum);
srt_action_context_set_after_n_packet(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum);
}
else
{
set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets, a_stream->threadnum);
srt_action_context_set_after_n_packet(a_stream, user_region->deny->after_n_packets, a_stream->threadnum);
}
//tsg_set_policy_result(a_stream, PULL_FW_RESULT, p_result, protocol, a_stream->threadnum);
local_state=((type==ACTION_RETURN_TYPE_PROT) ? (STATE_DROPME) : (STATE_DROPME|STATE_KILL_OTHER));
break;
}
@@ -920,11 +915,11 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
break;
}
tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum);
session_packet_capture_notify(a_stream, p_result, 1, a_stream->threadnum);
if(method_type!=TSG_METHOD_TYPE_DEFAULT && method_type!=TSG_METHOD_TYPE_APP_DROP)
{
set_method_to_tcpall(a_stream, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum);
srt_action_context_set_rule_method(a_stream, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum);
}
state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME);
@@ -937,26 +932,23 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
return state;
}
unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data)
unsigned char tsg_enforing_deny_application(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char state=0;
char app_id_buff[32]={0};
struct app_id_dict *dict=NULL;
struct compile_user_region app_user_region={0}, *user_region=NULL;
snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id);
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)app_id);
if(dict==NULL)
{
set_drop_stream(a_stream, protocol);
return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT);
}
unsigned char state=0;
struct compile_user_region app_user_region;
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region!=NULL)
struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
if(maat_compile!=NULL && maat_compile->user_region!=NULL)
{
app_user_region.capture=user_region->capture;
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
app_user_region.capture=maat_compile->user_region->capture;
plugin_ex_data_security_compile_free(maat_compile);
}
switch(dict->deny_app_para.type)
@@ -974,29 +966,28 @@ unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_
}
state=tsg_do_deny_action(a_stream, &app_user_region, p_result, protocol, type, user_data);
app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
plugin_ex_data_app_id_dict_free(dict);
return state;
}
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char state=0;
struct compile_user_region *user_region=NULL;
if(p_result->action==TSG_ACTION_BYPASS)
{
return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPME : APP_STATE_GIVEME);
}
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region==NULL)
struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
if(maat_compile==NULL || maat_compile->user_region==NULL)
{
set_drop_stream(a_stream, protocol);
return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT);
}
if(user_region->method_type==TSG_METHOD_TYPE_APP_DROP)
unsigned char state=0;
if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_APP_DROP)
{
unsigned int app_id=0;
@@ -1008,14 +999,14 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
{
app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
}
state=tsg_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data);
state=tsg_enforing_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data);
}
else
{
state=tsg_do_deny_action(a_stream, user_region, p_result, protocol, type, user_data);
state=tsg_do_deny_action(a_stream, maat_compile->user_region, p_result, protocol, type, user_data);
}
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
plugin_ex_data_security_compile_free(maat_compile);
return state;
}

913
src/tsg_bridge.cpp
View File

File diff suppressed because it is too large Load Diff

158
src/tsg_bridge.h
View File

@@ -1,10 +1,10 @@
#pragma once
#include <MESA/stream.h>
#include <MESA/Maat_rule.h>
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_label.h"
#include "tsg_rule.h"
#include "tsg_leaky_bucket.h"
#ifndef MAX_BRIDGE_NAME_LEN
@@ -15,24 +15,29 @@ enum BRIDGE_TYPE
{
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_NOTIFY_FLAGS,
BRIDGE_TYPE_NOTIFY_SHAPING_RESULT, //sync and async
BRIDGE_TYPE_DATA_CONTEXT, //async
BRIDGE_TYPE_ALL_CONTEXT, //async
BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_SYNC_SESSION_FLAGS,
BRIDGE_TYPE_SHAPING_RESULT, //sync and async
BRIDGE_TYPE_SESSION_PROCESS_CONTEXT, //async
BRIDGE_TYPE_SESSION_ACTION_CONTEXT, //async
BRIDGE_TYPE_GATHER_APP_RESULT, //async
BRIDGE_TYPE_POLICY_PRIORITY, //async
BRIDGE_TYPE_SERVICE_CHAINING, //async
BRIDGE_TYPE_SERVICE_CHAINING_RESULT, //async
BRIDGE_TYPE_SECURITY_RESULT, //async
BRIDGE_TYPE_SESSION_ATTRIBUTE, //async
BRIDGE_TYPE_MAC_LINKINFO, //async
BRIDGE_TYPE_NAT_C2S_LINKINFO,
BRIDGE_TYPE_NAT_S2C_LINKINFO,
BRIDGE_TYPE_APP_LUA_RESULT,
BRIDGE_TYPE_BUSINESS_S3_FILENAME,
BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT,
BRIDGE_TYPE_ASYNC_SESSION_FLAGS,
BRIDGE_TYPE_APP_SIGNATURE_RESULT,
BRIDGE_TYPE_INTERCEPT_RESULT, //sync and async
BRIDGE_TYPE_SEGMENT_IDS, //async service_chaining or shping SID
BRIDGE_TYPE_MAX
};
struct tm_hited_result
{
int sid;
int result_num;
struct Maat_rule_t result[MAX_RESULT_NUM];
};
struct app_attributes
{
unsigned int app_id;
@@ -47,29 +52,13 @@ struct gather_app_result
struct app_attributes attributes[MAX_APP_ID_NUM];
};
struct policy_priority_label
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
int security_result_num;
union
{
char *http_url;
char *quic_ua;
void *para;
};
char domain[MAX_DOMAIN_LEN];
struct Maat_rule_t security_result[MAX_RESULT_NUM];
};
struct hited_app_para
{
int hited_app_id;
int after_n_packets;
};
struct master_context
struct session_runtime_process_context
{
unsigned char is_esni;
unsigned char is_hited_allow;
@@ -77,63 +66,120 @@ struct master_context
unsigned char is_app_link;
unsigned char sync_cb_state;
unsigned short timeout;
tsg_protocol_t proto;
enum TSG_PROTOCOL proto;
int hited_app_id; // only app
unsigned int quic_version;
unsigned long session_flag;
char *domain;
union
{
char *ssl_sni;
char *quic_sni;
char *dtls_sni;
char *http_host;
char *domain;
};
union
{
char *http_url;
char *quic_ua;
void *para;
};
scan_status_t mid;
struct maat_state *mid;
struct hited_app_para hited_para; // l7 protocol and app
long long last_scan_time;
struct Maat_rule_t *hited_result;
struct maat_rule *hited_result;
};
struct tcpall_context
struct session_runtime_action_context
{
char udp_data_dropme;
char set_latency_flag;
char direction;
char padding[5];
enum TSG_METHOD_TYPE method_type;
tsg_protocol_t protocol;
enum TSG_PROTOCOL protocol;
union
{
struct leaky_bucket *bucket;
long tamper_count;
long tamper_count;
int default_policy_after_n_packets;
struct hited_app_para hited_para;
void *para;
};
};
struct udp_context
struct udp_session_runtime_context
{
struct master_context *data_entry;
struct tcpall_context *all_entry;
struct session_runtime_process_context *srt_process_context;
struct session_runtime_action_context *srt_action_context;
};
struct bridge_info
struct session_runtime_attribute
{
int id;
char name[MAX_BRIDGE_NAME_LEN];
stream_bridge_free_cb_t *free_cb;
stream_bridge_sync_cb_t *sync_cb;
int http_action_file_size;
size_t n_fqdn_category_ids;
enum TSG_PROTOCOL proto;
long establish_latency_ms;
struct asn_info *client_asn;
struct asn_info *server_asn;
struct location_info *client_location;
struct location_info *server_location;
struct subscribe_id_info *client_subscribe_id;
struct subscribe_id_info *server_subscribe_id;
const char *ja3_fingerprint;
unsigned int fqdn_category_ids[MAX_CATEGORY_ID_NUM];
struct umts_user_info *user_info;
struct tunnel_endpoint *client_endpoint;
struct tunnel_endpoint *server_endpoint;
unsigned long session_flags;
};
int tsg_init_bridge(const char *conffile);
void free_context_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_tcpall_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_policy_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data);
void free_gather_app_result(const struct streaminfo *stream, int bridge_id, void *data);
// init
int tsg_bridge_init(const char *conffile);
void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id);
int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data);
//send log
void *session_mac_linkinfo_get(const struct streaminfo * a_stream);
void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream);
void *session_business_data_get(const struct streaminfo * a_stream);
void *session_session_flags_get(const struct streaminfo * a_stream);
void *session_application_behavior_get(const struct streaminfo * a_stream);
void *session_mirrored_and_capture_packets_exec_result_get(const struct streaminfo * a_stream);
void *session_lua_user_defined_attribute_get(const struct streaminfo * a_stream);
void *session_nat_c2s_linkinfo_get(const struct streaminfo * a_stream);
void *session_nat_s2c_linkinfo_get(const struct streaminfo * a_stream);
void *session_control_segment_ids_get(const struct streaminfo *a_stream);
int session_control_segment_ids_async(const struct streaminfo *a_stream, void *data);
void session_matched_rules_free(const struct streaminfo * a_stream, TSG_SERVICE service, void * data);
int session_matched_rules_async(const struct streaminfo * a_stream, TSG_SERVICE service, void * data);
const struct matched_policy_rules *session_matched_rules_get(const struct streaminfo *a_stream, enum TSG_SERVICE service);
int session_capture_packets_sync(const struct streaminfo *a_stream, struct maat_rule *results, int depth);
int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_rule *results, struct mirrored_vlan *vlan);
// security
void session_matched_rules_notify(const struct streaminfo * a_stream, TSG_SERVICE service, struct maat_rule *results, size_t n_results, int thread_seq);
// session runtime attribute
int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol);
int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags);
int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream);
int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint);
int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size);
//gather app identify result
int session_gather_app_results_async(const struct streaminfo * a_stream, void * data);
void *session_gather_app_results_get(const struct streaminfo * a_stream);
// session runtime do action context
int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data);
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream);
int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq);
int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq);
int srt_action_context_set_rule_method(const struct streaminfo * a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq);
int srt_action_context_set_after_n_packet(const struct streaminfo * a_stream, int after_n_packets, int thread_seq);
int srt_action_context_set_hitted_app_id(const struct streaminfo * a_stream, int hited_app_id, int thread_seq);
char srt_action_context_get_direction(const struct streaminfo * a_stream);

11
src/tsg_dns.cpp
View File

@@ -4,6 +4,7 @@
#include <MESA/dns.h>
#include "tsg_entry.h"
#include "tsg_rule_internal.h"
#include "tsg_protocol_common.h"
static int random_integer(int max, int min)
@@ -192,12 +193,9 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
}
int used_len=0;
if(answer_records->record_val.selected_flag==1)
{
char profile_id[128]={0};
snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id);
struct dns_profile_records *profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
struct dns_profile_records *profile_records=(struct dns_profile_records *)matched_rule_cites_dns_profile_record(g_tsg_maat_feather, answer_records->record_val.selected.profile_id);
if(profile_records==NULL)
{
return 0;
@@ -208,19 +206,18 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl);
(*answer_record_num)+=record_num;
dns_profile_records_free(0, (MAAT_PLUGIN_EX_DATA *)&profile_records, 0, NULL);
plugin_ex_data_dns_profile_record_free(profile_records);
}
else
{
(*answer_record_num)++;
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, &(answer_records->record_val), 1, answer_records->max_ttl, answer_records->min_ttl);
}
return used_len;
}
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data)
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data)
{
int ret=0,used_len=0,record_num=0;
unsigned char raw_route_dir=0;

2051
src/tsg_entry.cpp
View File

File diff suppressed because it is too large Load Diff

101
src/tsg_entry.h
View File

@@ -1,5 +1,4 @@
#ifndef __TSG_ENTRY_H__
#define __TSG_ENTRY_H__
#pragma once
#include <sys/socket.h>
#include <netinet/in.h>
@@ -7,7 +6,6 @@
#include <MESA/dns.h>
#include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
#include "uthash.h"
@@ -54,35 +52,12 @@ typedef int atomic_t;
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
TSG_ATTRIBUTE_TYPE_PROTOCOL,
TSG_ATTRIBUTE_TYPE_JA3_HASH,
TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
TSG_ATTRIBUTE_TYPE_LOCATION,
TSG_ATTRIBUTE_TYPE_ASN,
TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
TSG_ATTRIBUTE_TYPE_SESSION_FLAGS,
_MAX_TSG_ATTRIBUTE_TYPE
};
enum HTTP_RESPONSE_FORMAT
{
HTTP_RESPONSE_FORMAT_TEMPLATE=0,
HTTP_RESPONSE_FORMAT_HTML
};
struct l7_protocol
{
int id; /* first key */
char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
};
struct fqdn_category
{
int ref_cnt;
@@ -112,7 +87,7 @@ struct app_id_dict
char *app_name;
char *parent_app_name;
char *category;
char *subcategroy;
char *subcategory;
char *technology;
char *characteristics;
struct deny_user_region deny_app_para;
@@ -181,80 +156,8 @@ typedef enum tsg_statis_field_id
STATIS_MAX
}tsg_statis_field_id_t;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
typedef struct tsg_statistic
{
int cycle;
int fs_line_id;
int thread_alive;
pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
}tsg_statis_para_t;
int tsg_statistic_init(const char *conffile, void *logger);
void tsg_statistic_destroy(void);
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
long long get_current_time_ms(void);
//parent_app_name.app_name
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
//return 18 or 19: subdivision_addr
int tsg_get_location_type(void);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void gtp_c_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
int set_method_to_tcpall(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq);
int set_protocol_to_tcpall(const struct streaminfo *a_stream, tsg_protocol_t protocol, int thread_seq);
int set_bucket_to_tcpall(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq);
int set_after_n_packet_to_tcpall(const struct streaminfo *a_stream, int after_n_packets, int thread_seq);
char get_direction_from_tcpall(const struct streaminfo *a_stream);
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned long flag, int thread_seq);
int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_s_chaining_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num);
#endif

7
src/tsg_gtp_signaling.cpp
View File

@@ -5,7 +5,7 @@
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h>
#include "tsg_entry.h"
#include "tsg_rule_internal.h"
#include "tsg_gtp_signaling.h"
MESA_htable_handle g_gtp_signaling_hash_handle=NULL;
@@ -150,7 +150,7 @@ static int get_umts_user_info_form_hash(struct umts_user_info **user_info, unsig
static int get_umts_user_info_form_redis(struct umts_user_info **user_info, unsigned int teid, int thread_seq)
{
(*user_info)=tsg_get_umts_user_info_form_redis(teid);
(*user_info) = tsg_get_umts_user_info_form_redis(g_tsg_maat_feather, (long long)teid);
if((*user_info)!=NULL)
{
return 1;
@@ -159,8 +159,7 @@ static int get_umts_user_info_form_redis(struct umts_user_info **user_info, unsi
return 0;
}
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info)
int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info)
{
int ret=0;
unsigned int uplink=0,downlink=0;

12
src/tsg_icmp.cpp
View File

@@ -171,8 +171,7 @@ static void format_icmpv4(const char *raw_pkt, char *ret_icmpv4, int *ret_len){
}
/*
* icmpv6数据包组
* [ICMPV6] = [ipv6_headr]+[icmp]
* icmpv6数据包组<EFBFBD><EFBFBD>? * [ICMPV6] = [ipv6_headr]+[icmp]
*
* icmpv6的最大MTU应是ipv6的最小MTU(1280)
* <本端内容来自RFC443>
@@ -183,9 +182,8 @@ static void format_icmpv4(const char *raw_pkt, char *ret_icmpv4, int *ret_len){
*
* [ICMPV6] = [ipv6_headr]+[icmp]
*
* 计算ICMPV6的校验和 (ICMP + 伪首部) 作为计算数据部分
* 注意 ICMPV6数据要补充成四字节对
* ipv6伪首部数据: 长度
* 计算ICMPV6的校验和<EFBFBD><EFBFBD>?(ICMP + 伪首<EFBFBD><EFBFBD>? 作为计算数据部分
* 注意<EFBFBD><EFBFBD>?ICMPV6数据要补充成四字节对<EFBFBD><EFBFBD>? * ipv6伪首部数<E983A8><E695B0>? 长度
* {
* Soucre Address : 16
* Destination Address: 16
@@ -267,7 +265,7 @@ static void format_icmpv6(const char *raw_pkt, char *ret_icmpv6, int *ret_len){
memcpy(icmp.origin_data, raw_pkt, icmp_original_data_len);
upper_layer_packet_len = htonl((int)icmp_len);
four_byte_alignment(&icmp_len, &icmp_checksum_len); //icmp_len和icmp_checksum_len 补充为4字节对齐
four_byte_alignment(&icmp_len, &icmp_checksum_len); //icmp_len和icmp_checksum_len 补充<EFBFBD><EFBFBD>?字节对齐
//calc icmp checksum
memcpy(icmp_checksum_buf, &icmp, icmp_len);
@@ -350,6 +348,6 @@ unsigned char send_icmp_unreachable(const struct streaminfo *a_stream)
__FUNCTION__,
debug_buf);
return STATE_DROPME|STATE_DROPPKT;;
return STATE_DROPME|STATE_DROPPKT;
}

25
src/tsg_protocol.cpp Normal file
View File

@@ -0,0 +1,25 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <MESA/ssl.h>
#include <MESA/stream.h>
int tm_get_ssl_ja3_fingerprint(const struct streaminfo *a_stream, char **ja3_fingerprint)
{
struct _ssl_ja3_info_t *ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
if(ja3_info!=NULL)
{
if(ja3_info->fp!=NULL && ja3_info->fp_len>0)
{
*ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
memset(*ja3_fingerprint, 0, ja3_info->fp_len+1);
memcpy(*ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
return 1;
}
}
return 0;
}

20
src/tsg_protocol_common.h
View File

@@ -1,5 +1,4 @@
#ifndef __TSG_PROTOCOL_COMMON_H__
#define __TSG_PROTOCOL_COMMON_H__
#pragma once
#include <MESA/stream.h>
#include "tsg_rule.h"
@@ -120,30 +119,29 @@ struct monitor_user_region
struct default_session_para
{
struct Maat_rule_t result; //XJ default policy
struct maat_rule result; //XJ default policy
struct deny_user_region tcp;
struct deny_user_region udp;
};
struct compile_user_region
{
int ref_cnt;
enum TSG_METHOD_TYPE method_type;
union
{
struct deny_user_region *deny;
struct monitor_user_region *mirror;
struct default_session_para *session_para;
void *user_region_para;
struct deny_user_region *deny;
struct monitor_user_region *mirror;
struct default_session_para *session_para;
void *user_region_para;
};
struct packet_capture capture;
struct maat_rule compile_rule;
};
int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir);
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data);
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data);
unsigned char send_icmp_unreachable(const struct streaminfo *a_stream);
int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt);
unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data);
unsigned char tsg_enforing_deny_application(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data);
#endif

3001
src/tsg_rule.cpp
View File

File diff suppressed because it is too large Load Diff

177
src/tsg_rule_internal.h Normal file
View File

@@ -0,0 +1,177 @@
#pragma once
#include <MESA/maat.h>
#include "tsg_rule.h"
#include "tsg_variable.h"
#ifndef MAX_FILEPATH_LEN
#define MAX_FILEPATH_LEN 128
#endif
#ifndef MAX_IPV6_ADDR_LEN
#define MAX_IPV6_ADDR_LEN 128
#endif
#ifndef TUNNEL_BOOL_ID_MAX
#define TUNNEL_BOOL_ID_MAX 128
#endif
#ifndef TUNNEL_CATALOG_MAX
#define TUNNEL_CATALOG_MAX 128
#endif
#ifndef MAX_TABLE_NAME_LEN
#define MAX_TABLE_NAME_LEN 64
#endif
enum MAAT_MODE
{
MAAT_MODE_FILE=0,
MAAT_MODE_JSON,
MAAT_MODE_REDIS,
MAAT_MODE_MAX
};
enum MAAT_PLUGIN_TB
{
MAAT_PLUGIN_SECURITY_COMPILE=0,
MAAT_PLUGIN_ASN_USER_DEFINED,
MAAT_PLUGIN_ASN_BUILT_IN,
MAAT_PLUGIN_LOCATION_USER_DEFINED,
MAAT_PLUGIN_LOCATION_BUILT_IN,
MAAT_PLUGIN_FQDN_CAT_USER_DEFINED,
MAAT_PLUGIN_FQDN_CAT_BUILT_IN,
MAAT_PLUGIN_APP_ID_DICT,
MAAT_PLUGIN_RESPONSE_PAGES,
MAAT_PLUGIN_DNS_PROFILE_RECORD,
MAAT_PLUGIN_PROFILE_MIRROR,
MAAT_PLUGIN_TUNNEL_CATALOG,
MAAT_PLUGIN_TUNNEL_ENDPOINT,
MAAT_PLUGIN_TUNNEL_LABEL,
MAAT_PLUGIN_SESSION_LOG, //T_VSYS_INFO,
MAAT_PLUGIN_SUBSCRIBER_IP2ID,
MAAT_PLUGIN_GTP_IP2SIGNALING,
MAAT_PLUGIN_MAX
};
struct maat_plugin_table
{
int id;
char name[MAX_TABLE_NAME_LEN];
maat_ex_new_func_t *ex_new;
maat_ex_free_func_t *ex_free;
maat_ex_dup_func_t *ex_dup;
};
enum MAAT_SCAN_TB
{
MAAT_SCAN_SRC_IP_ADDR=0,
MAAT_SCAN_DST_IP_ADDR,
MAAT_SCAN_SUBSCRIBER_ID,
MAAT_SCAN_APP_ID,
MAAT_SCAN_HTTP_HOST,
MAAT_SCAN_HTTP_URL,
MAAT_SCAN_SSL_SNI,
MAAT_SCAN_EXCLUSION_SSL_SNI,
MAAT_SCAN_SRC_ASN,
MAAT_SCAN_DST_ASN,
MAAT_SCAN_SRC_LOCATION,
MAAT_SCAN_DST_LOCATION,
MAAT_SCAN_QUIC_SNI,
//MAAT_SCAN_FQDN_CAT_ID,
MAAT_SCAN_SELECTOR_ID,
MAAT_SCAN_SELECTOR_PROPERTIES,
MAAT_SCAN_GTP_APN,
MAAT_SCAN_GTP_IMSI,
MAAT_SCAN_GTP_PHONE_NUMBER,
MAAT_SCAN_DTLS_SNI,
MAAT_SCAN_TUNNEL_ID,
MAAT_SCAN_SESSION_FLAGS,
MAAT_SCAN_MAX
};
struct maat_scan_table
{
int id;
char name[MAX_TABLE_NAME_LEN];
};
struct maat_runtime_para
{
int level;
int default_compile_id;
int location_field_num;
int session_record_switch;
char data_center[MAX_STRING_LEN128];
char device_tag[MAX_STRING_LEN128];
struct mirrored_vlan default_vlan;
struct maat_scan_table scan_tb[MAAT_SCAN_MAX];
struct maat_plugin_table plugin_tb[MAAT_PLUGIN_MAX];
void *logger;
};
struct maat_compile
{
int ref_cnt;
struct maat_rule rule;
char *p_user_region;
struct compile_user_region *user_region;
};
int tsg_maat_rule_init(const char *conffile);
void plugin_ex_data_gtp_c_free(struct umts_user_info *user_info);
void plugin_ex_data_asn_number_free(struct asn_info *asn);
void plugin_ex_data_location_free(struct location_info *location);
void plugin_ex_data_subscriber_id_free(struct subscribe_id_info *subscriber);
void plugin_ex_data_tunnel_endpoint_free(struct tunnel_endpoint *t_enpoint);
void plugin_ex_data_http_response_pages_free(struct http_response_pages *response_pages);
void plugin_ex_data_app_id_dict_free(struct app_id_dict * dict);
void plugin_ex_data_security_compile_free(struct maat_compile *maat_compile);
void plugin_ex_data_dns_profile_record_free(struct dns_profile_records * records);
void tsg_maat_state_free(struct maat_state *state);
int srt_attribute_set_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info **client_asn, struct asn_info **server_asn);
int srt_attribute_set_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info **client_location, struct location_info **server_location);
int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info **client_subscriber_id, struct subscribe_id_info **server_subscriber_id);
int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id);
void *matched_rule_cites_app_id_dict(struct maat *feather, long long app_id);
void *matched_rule_cites_security_compile(struct maat *feather, long long compile_id);
void *matched_rule_cites_dns_profile_record(struct maat *feather, long long profile_id);
char *tsg_data_center_get(void);
char *tsg_device_tag_get(void);
int tsg_location_type_get(void);
int tsg_session_record_switch_get(void);
int tsg_table_idx_get_by_protocol(enum TSG_PROTOCOL proto);
int tsg_http_url_table_idx_get(void);
long long tsg_default_compile_id_get(void);
//parent_app_name.app_name
int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int app_name_len, int is_joint_parent);
size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
size_t tsg_scan_app_id_policy(const struct streaminfo *a_stream, struct maat *feather, unsigned int app_id, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, char *district, struct maat_state *s_mid, struct maat_rule *results, int n_results);
size_t tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *results, size_t n_results, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array);
size_t tsg_scan_fqdn_category_id(const struct streaminfo * a_stream, struct maat *feather, unsigned int *category_id, int category_id_num, int table_idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq);
struct maat_rule *tsg_select_deny_rule(struct maat_rule *rules, size_t n_rules);
struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, long long teid);
size_t tsg_select_matched_security_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_matched_shaping_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_matched_service_chaining_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq);

513
src/tsg_send_log.cpp
View File

File diff suppressed because it is too large Load Diff

31
src/tsg_send_log_internal.h
View File

@@ -1,5 +1,4 @@
#ifndef __TSG_SEND_LOG_INTERNAL_H__
#define __TSG_SEND_LOG_INTERNAL_H__
#pragma once
#include <MESA/field_stat2.h>
@@ -16,14 +15,14 @@
#define MAX_STRING_LEN32 32
#endif
enum _SEND_MODE
enum SEND_MODE
{
CLOSE=0,
KAFKA=1,
};
typedef enum _tsg_log_field_id
enum LOG_FIELD_ID
{
LOG_COMMON_POLICY_ID=1,
LOG_COMMON_SERVICE,
@@ -140,11 +139,11 @@ typedef enum _tsg_log_field_id
LOG_COMMON_SHAPING_RULE_IDS,
LOG_COMMON_FLAGS_IDENTIFY_INFO,
LOG_COMMON_MAX
}tsg_log_field_id_t;
};
enum LOG_COLUMN_STATUS
{
LOG_COLUMN_STATUS_SUCCESS=0,
LOG_COLUMN_STATUS_SUCCESS=0,
LOG_COLUMN_STATUS_SUCCESS_S,
LOG_COLUMN_STATUS_FAIL,
LOG_COLUMN_STATUS_FAIL_S,
@@ -167,20 +166,6 @@ enum LOG_FS2_TYPE{
LOG_FS2_FREE_RAPID_CAPACITY,
LOG_FS2_TYPE_MAX
};
enum LOG_BRIDGE
{
LOG_BRIDGE_MAC_LINKINFO=0,
LOG_BRIDGE_NAT_C2S_LINKINFO,
LOG_BRIDGE_NAT_S2C_LINKINFO,
LOG_BRIDGE_APP_LUA_RESULT,
LOG_BRIDGE_BUSINESS_S3_FILENAME,
LOG_BRIDGE_APP_BEHAVIOR_RESULT,
LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT,
LOG_BRIDGE_ASYNC_SESSION_FLAGS,
LOG_BRIDGE_MAX
};
typedef struct _id2field
{
@@ -213,11 +198,9 @@ struct tsg_log_instance_t
int send_data_center;
int recovery_interval;
int rapidjson_chunk_capacity;
int session_attribute_project_id;
int tcp_flow_project_id;
int udp_flow_project_id;
int sum_line_id;
int bridge_id[LOG_BRIDGE_MAX];
int fs2_column_id[LOG_COLUMN_STATUS_MAX];
int fs2_field_id[LOG_FS2_TYPE_MAX];
char tcp_label[MAX_STRING_LEN32];
@@ -235,9 +218,7 @@ struct tsg_log_instance_t
void *logger;
};
char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id);
char *log_field_id2name(struct tsg_log_instance_t *instance, enum LOG_FIELD_ID id);
struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle);
void tsg_sendlog_destroy(struct tsg_log_instance_t * instance);
#endif

28
src/tsg_statistic.cpp
View File

@@ -11,7 +11,29 @@
#include "tsg_statistic.h"
#include "tsg_send_log_internal.h"
tsg_statis_para_t g_tsg_statis_para;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
struct tsg_statistic
{
int cycle;
int fs_line_id;
int thread_alive;
pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
};
struct tsg_statistic g_tsg_statis_para;
int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq)
{
@@ -31,7 +53,7 @@ int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_s
return 0;
}
int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq)
int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq)
{
struct _traffic_info *_info=NULL;
@@ -49,7 +71,7 @@ int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_
return 0;
}
int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq)
int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq)
{
unsigned long long value=0;
int value_len=sizeof(unsigned long long);

228
src/tsg_sync_state.cpp
View File

@@ -3,6 +3,7 @@
#include <string.h>
#include <MESA/cJSON.h>
#include "tsg_variable.h"
#include "tsg_sync_state.h"
#include "tsg_send_log.h"
@@ -11,159 +12,166 @@ int set_exec_profile_ids(const struct streaminfo *a_stream, struct parse_handle
const char *policy_key[ POLICY_UPDATE_MAX] =
{
"service_chaining",
"shaping",
"service_chaining",
"shaping",
};
static int tsg_send_ctrl_pkt(const struct streaminfo *a_stream, cJSON *object)
{
if (object == NULL)
{
return -1;
}
if (object == NULL)
{
return -1;
}
char *payload = NULL;
uint64_t session_id = tsg_get_stream_id((struct streaminfo *)a_stream);
char *payload = NULL;
uint64_t session_id = tsg_get_stream_trace_id((struct streaminfo *)a_stream);
// tsg_get_stream_id maybe return -1
if (session_id && session_id != (uint64_t)-1)
{
char trace_id[128]={0};
snprintf(trace_id, sizeof(trace_id), "%lu", session_id);
cJSON_AddStringToObject(object, "session_id", trace_id);
}
// tsg_get_stream_trace_id maybe return -1
if (session_id && session_id != (uint64_t)-1)
{
char trace_id[128]={0};
snprintf(trace_id, sizeof(trace_id), "%lu", session_id);
cJSON_AddStringToObject(object, "session_id", trace_id);
}
cJSON_AddStringToObject(object, "tsync", "1.0");
cJSON_AddStringToObject(object, "tsync", "1.0");
payload = cJSON_PrintUnformatted(object);
if (payload == NULL)
{
cJSON_Delete(object);
return -1;
}
payload = cJSON_PrintUnformatted(object);
if (payload == NULL)
{
cJSON_Delete(object);
return -1;
}
// send//
sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, payload, strlen(payload)+1, a_stream->routedir);
// send//
sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, payload, strlen(payload)+1, a_stream->routedir);
cJSON_free(payload);
cJSON_Delete(object);
cJSON_free(payload);
cJSON_Delete(object);
return 0;
return 0;
}
int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state)
{
if (a_stream == NULL)
{
return -1;
}
if (a_stream == NULL)
{
return -1;
}
cJSON *object = cJSON_CreateObject();
if (state== OP_STATE_PENDING)
{
cJSON_AddStringToObject(object, "state", "opening");
}
else if (state == OP_STATE_CLOSE)
{
cJSON_AddStringToObject(object, "state", "closing");
}
else
{
cJSON_Delete(object);
return -1;
}
cJSON *object = cJSON_CreateObject();
return tsg_send_ctrl_pkt(a_stream, object);
if (state== OP_STATE_PENDING)
{
cJSON_AddStringToObject(object, "state", "opening");
}
else if (state == OP_STATE_CLOSE)
{
cJSON_AddStringToObject(object, "state", "closing");
}
else
{
cJSON_Delete(object);
return -1;
}
return tsg_send_ctrl_pkt(a_stream, object);
}
int tsg_sync_resetall_state(const struct streaminfo *a_stream)
{
if (a_stream == NULL)
{
return -1;
}
if (a_stream == NULL)
{
return -1;
}
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "resetall");
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "resetall");
return tsg_send_ctrl_pkt(a_stream, object);
return tsg_send_ctrl_pkt(a_stream, object);
}
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num)
{
if (a_stream == NULL || policy_array == NULL || policy_array_num > (int) POLICY_UPDATE_MAX || policy_array_num <= 0)
{
return -1;
}
if (a_stream == NULL || policy_array == NULL || policy_array_num > (int) POLICY_UPDATE_MAX || policy_array_num <= 0)
{
return -1;
}
cJSON *params_object = NULL;
cJSON *policy_arr = NULL;
cJSON *object = cJSON_CreateObject();
cJSON *params_object = NULL;
cJSON *policy_arr = NULL;
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "active");
cJSON_AddStringToObject(object, "method", "policy_update");
params_object = cJSON_AddObjectToObject(object, "params");
cJSON_AddStringToObject(object, "state", "active");
cJSON_AddStringToObject(object, "method", "policy_update");
params_object = cJSON_AddObjectToObject(object, "params");
for (int i = 0; i < policy_array_num; i++)
{
int tmp_ids[8]={0};
int n_tmp_ids=MIN(policy_array[i].n_ids, 8);
for(int j=0; j<n_tmp_ids; j++)
{
tmp_ids[j]=(int)(policy_array[i].ids[j]);
}
policy_arr = cJSON_CreateIntArray(tmp_ids, n_tmp_ids);
if (policy_arr == NULL || policy_array[i].type >= POLICY_UPDATE_MAX)
{
cJSON_Delete(object);
return -1;
}
for (int i = 0; i < policy_array_num; i ++)
{
policy_arr = cJSON_CreateIntArray(policy_array[i].ids, policy_array[i].id_num);
if (policy_arr == NULL || policy_array[i].type >= POLICY_UPDATE_MAX)
{
cJSON_Delete(object);
return -1;
}
cJSON_AddItemToObject(params_object, policy_key[policy_array[i].type], policy_arr);
policy_arr = NULL;
}
cJSON_AddItemToObject(params_object, policy_key[policy_array[i].type], policy_arr);
policy_arr = NULL;
}
return tsg_send_ctrl_pkt(a_stream, object);
return tsg_send_ctrl_pkt(a_stream, object);
}
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len)
{
if (a_stream == NULL || payload == NULL || payload_len == 0)
{
return -1;
}
if (a_stream == NULL || payload == NULL || payload_len == 0)
{
return -1;
}
char *state = NULL;
char *method = NULL;
char *tsync = NULL;
cJSON *params_object = NULL;
cJSON *sf_ids_array = NULL;
struct parse_handle result = {0};
char *state = NULL;
char *method = NULL;
char *tsync = NULL;
cJSON *params_object = NULL;
cJSON *sf_ids_array = NULL;
struct parse_handle result = {0};
cJSON *object = cJSON_Parse((char *)payload);
if (object == NULL)
{
return -1;
}
tsync = cJSON_GetObjectItem(object, "tsync")->valuestring;
memcpy(result.tsync, tsync, strlen(tsync));
cJSON *object = cJSON_Parse((char *)payload);
if (object == NULL)
{
return -1;
}
//result.session_id = (uint64_t)atoll(cJSON_GetObjectItem(object, "session_id")->string);
tsync = cJSON_GetObjectItem(object, "tsync")->valuestring;
memcpy(result.tsync, tsync, strlen(tsync));
state = cJSON_GetObjectItem(object, "state")->valuestring;
memcpy(result.state, state, strlen(state));
//result.session_id = (uint64_t)atoll(cJSON_GetObjectItem(object, "session_id")->string);
method = cJSON_GetObjectItem(object, "method")->valuestring;
memcpy(result.method, method, strlen(method));
state = cJSON_GetObjectItem(object, "state")->valuestring;
memcpy(result.state, state, strlen(state));
params_object = cJSON_GetObjectItem(object, "params");
sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids");
result.sf_ids.id_num = cJSON_GetArraySize(sf_ids_array);
for (int i = 0; i < result.sf_ids.id_num; i ++)
{
result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint;
}
method = cJSON_GetObjectItem(object, "method")->valuestring;
memcpy(result.method, method, strlen(method));
//set_exec_profile_ids(a_stream, &result);
params_object = cJSON_GetObjectItem(object, "params");
sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids");
result.sf_ids.n_ids = cJSON_GetArraySize(sf_ids_array);
for (int i = 0; i < result.sf_ids.n_ids; i ++)
{
result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint;
}
cJSON_Delete(object);
return 0;
//set_exec_profile_ids(a_stream, &result);
cJSON_Delete(object);
return 0;
}
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state)

9
src/tsg_sync_state.h
View File

@@ -1,5 +1,4 @@
#ifndef TSG_SESSION_STATE_H
#define TSG_SESSION_STATE_H
#pragma once
#include <stdint.h>
#include <MESA/stream.h>
@@ -14,8 +13,8 @@ enum policy_type
struct update_policy
{
enum policy_type type;
int id_num;
int ids[8];
int n_ids;
long long ids[8];
};
// i don't need this
@@ -36,5 +35,3 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len);
#endif //TSG_SESSION_STATE_H

4
src/tsg_tamper.cpp
View File

@@ -36,11 +36,11 @@ int swap_payload2byte(char *str, int endlen)
{
char temp;
if(endlen<4){ //最少满足2个16bit的长度即最小4字节。
if(endlen<4){ //最少满<EFBFBD><EFBFBD>?<3F><>?6bit的长度即最<EFBFBD><EFBFBD>?字节<E5AD97><E88A82>?
return 0;
}
//这样交换是别面校验和不对的问
//这样交换是别面校验和不对的问<EFBFBD><EFBFBD>?
for(int i=1; i<endlen; i=i+2){
for (int j=i+2; j<endlen; j=j+2){
if(str[i] != str[j]){

85
src/tsg_variable.cpp Normal file
View File

@@ -0,0 +1,85 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "tsg_label.h"
#include "tsg_variable.h"
struct tsg_rt_para g_tsg_para;
struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
{PROTO_IPv4, 0, "IPV4"},
{PROTO_IPv6, 0, "IPV6"},
{PROTO_TCP, 0, "TCP"},
{PROTO_UDP, 0, "UDP"},
{PROTO_HTTP, 0, "HTTP"},
{PROTO_MAIL, 0, "MAIL"},
{PROTO_DNS, 0, "DNS"},
{PROTO_FTP, 0, "FTP"},
{PROTO_SSL, 0, "SSL"},
{PROTO_SIP, 0, "SIP"},
{PROTO_BGP, 0, "BGP"},
{PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
{PROTO_QUIC, 0, "QUIC"},
{PROTO_SSH, 0, "SSH"},
{PROTO_SMTP, 0, "SMTP"},
{PROTO_IMAP, 0, "IMAP"},
{PROTO_POP3, 0, "POP3"},
{PROTO_RTP, 0, "RTP"},
{PROTO_APP, 0, "BASE"},
{PROTO_L2TP, 0, "L2TP"},
{PROTO_PPTP, 0, "PPTP"},
{PROTO_STRATUM, 0, "Stratum"},
{PROTO_RDP, 0, "RDP"},
{PROTO_DTLS, 0, "DTLS"}
};
const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
{
struct l7_protocol *l7_proto=NULL;
HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto);
if(l7_proto!=NULL)
{
return (const char *)l7_proto->name;
}
return NULL;
}
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
{
struct l7_protocol *l7_proto=NULL;
HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto);
if(l7_proto!=NULL)
{
return l7_proto->id;
}
return 0;
}
long long tsg_get_current_time_ms(void)
{
int size=sizeof(long long);
long long current_time_ms=0;
sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, &current_time_ms, &size);
return current_time_ms;
}
unsigned long long tsg_get_stream_trace_id(const struct streaminfo * a_stream)
{
int ret=0;
int device_id_size=sizeof(unsigned long long);
unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc;
ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size);
if(ret==0)
{
return device_id;
}
return -1;
}

105
src/tsg_variable.h
View File

@@ -1,5 +1,8 @@
#pragma once
#include "uthash.h"
#include "tsg_bridge.h"
#include <MESA/stream.h>
#include <MESA/field_stat2.h>
#include <ctemplate/template.h>
@@ -72,54 +75,6 @@ enum DEPLOY_MODE
DEPLOY_MODE_MAX
};
enum MASTER_STATIC_TABLE
{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN,
TABLE_DST_ASN,
TABLE_SRC_LOCATION,
TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN,
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD,
TABLE_PROFILE_MIRROR,
TABLE_HTTP_URL,
TABLE_DTLS_SNI,
TABLE_TUNNEL_ID,
TABLE_TUNNEL_CATALOG,
TABLE_TUNNEL_ENDPOINT,
TABLE_TUNNEL_LABEL,
TABLE_SESSION_FLAGS,
TABLE_SESSION_LOG,
TABLE_MAX
};
enum MASTER_DYNAMIC_TABLE
{
DYN_TABLE_SUBSCRIBER_IP=0,
DYN_TABLE_GTP_SIGNALING,
DYN_TABLE_MAX
};
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
@@ -136,13 +91,6 @@ enum MASTER_DYNAMIC_TABLE
#define MAX_STRING_LEN32 32
#endif
struct id2field
{
int type;
int id;
char name[MAX_STRING_LEN32];
};
struct reset_argv
{
int pkt_num;
@@ -153,22 +101,23 @@ struct reset_argv
int remedy;
};
#ifndef MAX_TABLE_NAME_LEN
#define MAX_TABLE_NAME_LEN 64
#endif
#ifndef MAX_STRING_LEN128
#define MAX_STRING_LEN128 128
#endif
typedef struct tsg_para
struct id2field
{
int type;
int id;
char name[MAX_STRING_LEN32];
};
struct tsg_rt_para
{
int level;
short mirror_switch;
unsigned short timeout;
int dynamic_maat_switch;
int location_field_num;
int app_dict_field_num;
int device_seq_in_dc;
int datacenter_id;
int scan_signaling_switch;
@@ -178,31 +127,18 @@ typedef struct tsg_para
int feature_tamper;
int service_chaining_sid;
int shaping_sid;
int send_resetall;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int identify_app_max_pkt_num;
int unknown_app_id;
int hit_path_switch;
int session_record_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int session_attribute_project_id;
int proto_flag; //tsg_protocol_t
int proto_flag; //enum TSG_PROTOCOL
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_STRING_LEN128];
char log_path[MAX_STRING_LEN128];
char device_id_command[MAX_STRING_LEN128];
char data_center[MAX_STRING_LEN128];
char device_tag[MAX_STRING_LEN128];
char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN];
struct bridge_info bridge[BRIDGE_TYPE_MAX];
int send_resetall;
void *logger;
void *maat_logger;
struct reset_argv reset;
struct mirrored_vlan default_vlan;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
@@ -210,9 +146,18 @@ typedef struct tsg_para
ctemplate::Template *tpl_403,*tpl_404;
ctemplate::Template *tpl_200,*tpl_204;
ctemplate::Template *tpl_303;
}g_tsg_para_t;
};
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
extern struct tsg_rt_para g_tsg_para;;
extern struct id2field g_tsg_proto_name2id[PROTO_MAX];
struct l7_protocol
{
int id; /* first key */
char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
};
long long tsg_get_current_time_ms(void);

7
src/version.map
View File

@@ -8,6 +8,13 @@ global:
*tsg_free_gtp_signaling_field;
*tsg_*;
*TLD_*;
*session_runtime_attribute_get*;
*srt_attribute*;
*session_runtime_process_context_async*;
*session_runtime_process_context_get*;
*srt_process_context_*;
*session_matched_rules_notify*;
*session_matched_rules_copy*;
*GIT*;
};
local: *;