gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13778 TSG master支持MAAT4

Browse Source
This commit is contained in:
刘学利
2023-04-03 08:30:49 +00:00
parent 8819217948
commit b696e82879
48 changed files with 7416 additions and 4501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -4,7 +4,7 @@ variables:
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel
INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel
stages:
- analysis
@@ -101,7 +101,6 @@ run_test_for_centos7:
- yum makecache
- ./ci/travis.sh
- cd build
- make test
- ctest --verbose
run_test_for_centos8:
@@ -111,7 +110,6 @@ run_test_for_centos8:
- yum makecache
- ./ci/travis.sh
- cd build
- make test
- ctest --verbose
branch_build_debug_for_centos7:

21
bin/maat.conf
View File

@@ -1,8 +1,8 @@
[STATIC]
MAAT_MODE=1
MAAT_MODE=json
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
TABLE_INFO=tsgconf/tsg_static_tableinfo.json
STAT_FILE=tsg_static_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=127.0.0.1
@@ -13,22 +13,7 @@ JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[DYNAMIC]
MAAT_MODE=1
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
STAT_FILE=tsg_dynamic_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=127.0.0.1
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=1
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
LOG_LEVEL=0
[APP_SIGNATURE_MAAT]
MAAT_MODE=1

12
bin/main.conf
View File

@@ -1,10 +1,7 @@
[MAAT]
PROFILE="./tsgconf/maat.conf"
IP_ADDR_TABLE="TSG_SECURITY_ADDR"
SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
LOG_LEVEL=10
LOG_PATH="./tsglog/maat/maat.log"
PROFILE="./tsgconf/maat.conf"
[TSG_LOG]
MODE=1
@@ -15,6 +12,11 @@ SASL_USERNAME="admin"
SASL_PASSWD="galaxy2019"
BROKER_LIST="127.0.0.1:9092"
COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
SEND_USER_REGION=0
SEND_DATA_CENTER_SWITCH=0
SEND_APP_ID_SWITCH=1
SEND_NAT_LINKINFO_SWITCH=0
RAPIDJSON_CHUNK_CAPACITY=8192
[STATISTIC]
CYCLE=30
@@ -42,6 +44,8 @@ POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
L7_RPTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
DEVICE_SN_FILENAME="/opt/tsg/etc/tsg_sn.json"
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"
SERVICE_CHAINING_SID=1004
SHAPING_SID=1005
[TRAFFIC_MIRROR]
TRAFFIC_MIRROR_ENABLE=1

632
bin/table_info_security.json Normal file
View File

@@ -0,0 +1,632 @@
[
{
"table_id":0,
"table_name":"TSG_SECURITY_COMPILE",
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":8,
"custom": {
"compile_id":1,
"service_id":2,
"action":3,
"do_blacklist":4,
"do_log":5,
"tags":6,
"user_region":7,
"clause_num":9,
"evaluation_order":10
}
},
{
"table_id":1,
"table_name":"TRAFFIC_SHAPING_COMPILE",
"table_type":"compile",
"user_region_encoded":"escape",
"valid_column":8,
"custom": {
"compile_id":1,
"service_id":2,
"action":3,
"do_blacklist":4,
"do_log":5,
"tags":6,
"user_region":7,
"clause_num":9,
"evaluation_order":10
}
},
{
"table_id":2,
"table_name":"GROUP_COMPILE_RELATION",
"table_type":"group2compile",
"associated_compile_table_id":0,
"valid_column":3,
"custom": {
"group_id":1,
"compile_id":2,
"not_flag":4,
"virtual_table_name":5,
"clause_index":6
}
},
{
"table_id":3,
"table_name":"GROUP_GROUP_RELATION",
"table_type":"group2group",
"valid_column":3,
"custom": {
"group_id":1,
"super_group_id":2
}
},
{
"table_id":4,
"table_name":"TSG_OBJ_IP_ADDR",
"table_type":"ip_plus",
"valid_column":18,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"saddr_format":4,
"sip1":5,
"sip2":6
}
},
{
"table_id":64,
"table_name":"TSG_OBJ_IP_LEARNING_ADDR",
"table_type":"ip_plus",
"valid_column":18,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"saddr_format":4,
"sip1":5,
"sip2":6
}
},
{
"table_id":5,
"table_name":"TSG_OBJ_SUBSCRIBER_ID",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":6,
"table_name":"TSG_OBJ_ACCOUNT",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":7,
"table_name":"TSG_OBJ_URL",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":8,
"table_name":"TSG_OBJ_FQDN",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":9,
"table_name":"TSG_OBJ_FQDN_CAT",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":10,
"table_name":"TSG_OBJ_KEYWORDS",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":11,
"table_name":"TSG_OBJ_APP_ID",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":12,
"table_name":"TSG_OBJ_HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"district":3,
"keywords":4,
"expr_type":5,
"match_method":6,
"is_hexbin":7
}
},
{
"table_id":13,
"table_name":"TSG_FIELD_HTTP_HOST",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":14,
"table_name":"TSG_FIELD_HTTP_URL",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_URL"]
},
{
"table_id":15,
"table_name":"TSG_FIELD_HTTP_REQ_HDR",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_HTTP_SIGNATURE"]
},
{
"table_id":16,
"table_name":"TSG_FIELD_HTTP_RES_HDR",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_HTTP_SIGNATURE"]
},
{
"table_id":17,
"table_name":"TSG_FIELD_HTTP_REQ_BODY",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":18,
"table_name":"TSG_FIELD_HTTP_RES_BODY",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":19,
"table_name":"TSG_FIELD_SSL_SNI",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":20,
"table_name":"TSG_FIELD_SSL_CN",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":21,
"table_name":"TSG_FIELD_SSL_SAN",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":22,
"table_name":"TSG_FIELD_DNS_QNAME",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":23,
"table_name":"TSG_FIELD_QUIC_SNI",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":24,
"table_name":"TSG_FIELD_MAIL_ACCOUNT",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_ACCOUNT"]
},
{
"table_id":25,
"table_name":"TSG_FIELD_MAIL_FROM",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_ACCOUNT"]
},
{
"table_id":26,
"table_name":"TSG_FIELD_MAIL_TO",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_ACCOUNT"]
},
{
"table_id":27,
"table_name":"TSG_FIELD_MAIL_SUBJECT",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":28,
"table_name":"TSG_FIELD_MAIL_CONTENT",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":29,
"table_name":"TSG_FIELD_MAIL_ATT_NAME",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":30,
"table_name":"TSG_FIELD_MAIL_ATT_CONTENT",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":31,
"table_name":"TSG_FIELD_FTP_URI",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_URL"]
},
{
"table_id":32,
"table_name":"TSG_FIELD_FTP_CONTENT",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_KEYWORDS"]
},
{
"table_id":33,
"table_name":"TSG_FIELD_FTP_ACCOUNT",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_ACCOUNT"]
},
{
"table_id":34,
"table_name":"TSG_SECURITY_SOURCE_ADDR",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_IP_ADDR"]
},
{
"table_id":35,
"table_name":"TSG_SECURITY_DESTINATION_ADDR",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_IP_ADDR"]
},
{
"table_id":36,
"table_name":"TSG_IP_ASN_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":37,
"table_name":"TSG_IP_ASN_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":38,
"table_name":"TSG_IP_LOCATION_BUILT_IN",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":39,
"table_name":"TSG_IP_LOCATION_USER_DEFINED",
"table_type":"ip_plugin",
"valid_column":19,
"custom": {
"item_id":1,
"ip_type":3,
"start_ip":4,
"end_ip":5,
"addr_format":7
}
},
{
"table_id":40,
"table_name":"TSG_OBJ_AS_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":41,
"table_name":"TSG_SECURITY_SOURCE_ASN",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_AS_NUMBER"]
},
{
"table_id":42,
"table_name":"TSG_SECURITY_DESTINATION_ASN",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_AS_NUMBER"]
},
{
"table_id":43,
"table_name":"TSG_OBJ_GEO_LOCATION",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":44,
"table_name":"TSG_SECURITY_SOURCE_LOCATION",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_GEO_LOCATION"]
},
{
"table_id":45,
"table_name":"TSG_SECURITY_DESTINATION_LOCATION",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_GEO_LOCATION"]
},
{
"table_id":46,
"table_name":"TSG_FQDN_CATEGORY_BUILT_IN",
"table_type":"fqdn_plugin",
"valid_column":5,
"custom": {
"item_id":1,
"suffix_match_method":4,
"fqdn":3
}
},
{
"table_id":47,
"table_name":"TSG_FQDN_CATEGORY_USER_DEFINED",
"table_type":"fqdn_plugin",
"valid_column":5,
"custom": {
"item_id":1,
"suffix_match_method":4,
"fqdn":3
}
},
{
"table_id":48,
"table_name":"TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_ACCOUNT"]
},
{
"table_id":49,
"table_name":"TSG_FIELD_SIP_RESPONDER_DESCRIPTION",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_ACCOUNT"]
},
{
"table_id":50,
"table_name":"TSG_OBJ_IMSI",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":51,
"table_name":"TSG_OBJ_PHONE_NUMBER",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":52,
"table_name":"TSG_OBJ_APN",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":53,
"table_name":"TSG_FILED_GTP_IMSI",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_IMSI"]
},
{
"table_id":54,
"table_name":"TSG_FILED_GTP_PHONE_NUMBER",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_PHONE_NUMBER"]
},
{
"table_id":55,
"table_name":"TSG_FILED_GTP_APN",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_APN"]
},
{
"table_id":56,
"table_name":"TSG_DECYPTION_EXCLUSION_SSL_SNI",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"]
},
{
"table_id":57,
"table_name":"TSG_OBJ_TUNNEL_ID",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":58,
"table_name":"TSG_TUNNEL_CATALOG",
"table_type":"bool_plugin",
"valid_column":5,
"custom": {
"item_id":1,
"bool_expr":4
}
},
{
"table_id":59,
"table_name":"TSG_TUNNEL_ENDPOINT",
"table_type":"ip_plugin",
"valid_column":6,
"custom": {
"item_id":1,
"ip_type":2,
"start_ip":3,
"end_ip":4,
"addr_format":7
}
},
{
"table_id":60,
"table_name":"TSG_TUNNEL_LABEL",
"table_type":"plugin",
"valid_column":4,
"custom": {
"key":1,
"tag":3
}
},
{
"table_id":61,
"table_name":"TSG_SECURITY_TUNNEL",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_TUNNEL_ID"]
},
{
"table_id":62,
"table_name":"TSG_OBJ_FLAG",
"table_type":"flag",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"flag":3,
"flag_mask":4
}
},
{
"table_id":63,
"table_name":"TSG_SECURITY_FLAG",
"table_type":"virtual",
"physical_table": ["TSG_OBJ_FLAG"]
}
]

14
bin/tsg_log_field.conf
View File

@@ -1,13 +1,13 @@
#TYPE1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
#TYPE TOPIC SERVICE
TOPIC SECURITY-EVENT 0
TOPIC SESSION-RECORD 2
TOPIC INTERNAL-RTP-RECORD 4
TOPIC VOIP-RECORD 5
TOPIC INTERIM-SESSION-RECORD 6
TOPIC TRANSACTION-RECORD 7
TOPIC GTPC-RECORD 8
TOPIC BGP-RECORD 9
TOPIC SESSION-RECORD 1
TOPIC INTERNAL-RTP-RECORD 2
TOPIC VOIP-RECORD 3
TOPIC INTERIM-SESSION-RECORD 4
TOPIC TRANSACTION-RECORD 5
TOPIC GTPC-RECORD 6
TOPIC BGP-RECORD 7
#TYPE FIELD VALUE
LONG common_policy_id 1

17
bin/tsg_maat.json
View File

@@ -9,7 +9,7 @@
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"tags": "{}",
"user_region": "Virtual",
"is_valid": "yes",
"groups": [
@@ -23,14 +23,13 @@
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "range",
"src_ip1": "192.168.41.228",
"src_ip2": "192.168.41.228",
"sport_format": "range",
"src_port1": "0",
"src_port2": "0",
"protocol": 6,
"direction": "double"
"addr_format": "range",
"ip1": "192.168.41.228",
"ip2": "192.168.41.228",
"port_format": "range",
"port1": "0",
"port2": "0",
"protocol": -1
}
}
]

826
bin/tsg_static_tableinfo.json Normal file
View File

@@ -0,0 +1,826 @@
[
{
"table_id": 0,
"table_name": "TSG_COMPILE",
"db_tables":["TSG_SECURITY_COMPILE", "TRAFFIC_SHAPING_COMPILE", "SERVICE_CHAINING_COMPILE", "PXY_TCP_OPTION_COMPILE", "APP_SELECTOR_COMPILE"],
"table_type": "compile",
"user_region_encoded": "escape",
"valid_column": 8,
"custom": {
"compile_id": 1,
"service_id": 2,
"action": 3,
"do_blacklist": 4,
"do_log": 5,
"tags": 6,
"user_region": 7,
"clause_num": 9,
"evaluation_order":10
}
},
{
"table_id": 1,
"table_name": "TSG_GROUP_COMPILE_RELATION",
"db_tables":["GROUP_SECURITY_COMPILE_RELATION", "GROUP_SHAPING_COMPILE_RELATION", "GROUP_SERVICE_CHAINING_COMPILE_RELATION", "GROUP_PXY_TCP_OPTION_COMPILE_RELATION", "APP_SELECTOR_GROUP_COMPILE_RELATION"],
"table_type": "group2compile",
"associated_compile_table_id": 0,
"valid_column": 3,
"custom": {
"group_id": 1,
"compile_id": 2,
"not_flag": 4,
"virtual_table_name": 5,
"clause_index": 6
}
},
{
"table_id": 2,
"table_name": "TSG_GROUP_GROUP_RELATION",
"db_tables": ["GROUP_GROUP_RELATION", "APP_SELECTOR_GROUP_GROUP_RELATION"],
"table_type": "group2group",
"valid_column": 3,
"custom": {
"group_id": 1,
"super_group_id": 2
}
},
{
"table_id": 3,
"table_name": "TSG_IP_ADDR",
"db_tables": ["TSG_OBJ_IP_ADDR", "TSG_OBJ_IP_LEARNING_ADDR"],
"table_type": "ip_plus",
"valid_column": 11,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
"ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
}
},
{
"table_id": 4,
"table_name": "TSG_OBJ_SUBSCRIBER_ID",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 5,
"table_name": "TSG_OBJ_ACCOUNT",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 5,
"table_name": "TSG_OBJ_URL",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 7,
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 8,
"table_name": "TSG_OBJ_FQDN_CAT",
"table_type": "intval",
"valid_column": 5,
"custom": {
"item_id": 1,
"group_id": 2,
"low_bound": 3,
"up_bound": 4
}
},
{
"table_id": 9,
"table_name": "TSG_OBJ_KEYWORDS",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 10,
"table_name": "TSG_OBJ_APP_ID",
"table_type": "intval",
"valid_column": 5,
"custom": {
"item_id": 1,
"group_id": 2,
"low_bound": 3,
"up_bound": 4
}
},
{
"table_id": 11,
"table_name": "TSG_OBJ_HTTP_SIGNATURE",
"table_type": "expr_plus",
"valid_column": 8,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"district": 3,
"keywords": 4,
"expr_type": 5,
"match_method": 6,
"is_hexbin": 7
}
},
{
"table_id": 12,
"table_name": "TSG_OBJ_FQDN_CAT",
"table_type": "intval",
"valid_column": 5,
"custom": {
"item_id": 1,
"group_id": 2,
"low_bound": 3,
"up_bound": 4
}
},
{
"table_id": 13,
"table_name": "TSG_FIELD_HTTP_HOST",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 14,
"table_name": "TSG_FIELD_HTTP_HOST_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 15,
"table_name": "TSG_FIELD_HTTP_URL",
"table_type": "virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id": 16,
"table_name": "TSG_FIELD_HTTP_REQ_HDR",
"table_type": "virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id": 17,
"table_name": "TSG_FIELD_HTTP_RES_HDR",
"table_type": "virtual",
"physical_table": "TSG_OBJ_HTTP_SIGNATURE"
},
{
"table_id": 18,
"table_name": "TSG_FIELD_HTTP_REQ_BODY",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 19,
"table_name": "TSG_FIELD_HTTP_RES_BODY",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 20,
"table_name": "TSG_FIELD_SSL_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 21,
"table_name": "TSG_FIELD_SSL_SNI_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 22,
"table_name": "TSG_FIELD_SSL_CN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 23,
"table_name": "TSG_FIELD_SSL_CN_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 24,
"table_name": "TSG_FIELD_SSL_SAN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 25,
"table_name": "TSG_FIELD_SSL_SAN_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 26,
"table_name": "TSG_FIELD_DNS_QNAME",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 27,
"table_name": "TSG_FIELD_DNS_QNAME_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 28,
"table_name": "TSG_FIELD_QUIC_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 29,
"table_name": "TSG_FIELD_QUIC_SNI_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 30,
"table_name": "TSG_FIELD_MAIL_ACCOUNT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id": 31,
"table_name": "TSG_FIELD_MAIL_FROM",
"table_type": "virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id": 32,
"table_name": "TSG_FIELD_MAIL_TO",
"table_type": "virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id": 33,
"table_name": "TSG_FIELD_MAIL_SUBJECT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 34,
"table_name": "TSG_FIELD_MAIL_CONTENT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 35,
"table_name": "TSG_FIELD_MAIL_ATT_NAME",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 36,
"table_name": "TSG_FIELD_MAIL_ATT_CONTENT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 37,
"table_name": "TSG_FIELD_FTP_URI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_URL"
},
{
"table_id": 38,
"table_name": "TSG_FIELD_FTP_CONTENT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_KEYWORDS"
},
{
"table_id": 39,
"table_name": "TSG_FIELD_FTP_ACCOUNT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id": 40,
"table_name": "TSG_SECURITY_SOURCE_ADDR",
"table_type": "virtual",
"physical_table": "TSG_OBJ_IP_ADDR"
},
{
"table_id": 41,
"table_name": "TSG_SECURITY_DESTINATION_ADDR",
"table_type": "virtual",
"physical_table": "TSG_OBJ_IP_ADDR"
},
{
"table_id": 42,
"table_name": "TSG_IP_ASN_BUILT_IN",
"table_type": "ip_plugin",
"valid_column": 19,
"custom": {
"item_id": 1,
"key_type": "pointer",
"ip_type": 3,
"start_ip": 4,
"end_ip": 5,
"addr_format": 7
}
},
{
"table_id": 43,
"table_name": "TSG_IP_ASN_USER_DEFINED",
"table_type": "ip_plugin",
"valid_column": 19,
"custom": {
"item_id": 1,
"key_type": "pointer",
"ip_type": 3,
"start_ip": 4,
"end_ip": 5,
"addr_format": 7
}
},
{
"table_id": 44,
"table_name": "TSG_IP_LOCATION_BUILT_IN",
"table_type": "ip_plugin",
"valid_column": 19,
"custom": {
"item_id": 1,
"key_type": "pointer",
"ip_type": 3,
"start_ip": 4,
"end_ip": 5,
"addr_format": 7
}
},
{
"table_id": 45,
"table_name": "TSG_IP_LOCATION_USER_DEFINED",
"table_type": "ip_plugin",
"valid_column": 19,
"custom": {
"item_id": 1,
"key_type": "pointer",
"ip_type": 3,
"start_ip": 4,
"end_ip": 5,
"addr_format": 7
}
},
{
"table_id": 46,
"table_name": "TSG_OBJ_AS_NUMBER",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 47,
"table_name": "TSG_SECURITY_SOURCE_ASN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id": 48,
"table_name": "TSG_SECURITY_DESTINATION_ASN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_AS_NUMBER"
},
{
"table_id": 49,
"table_name": "TSG_OBJ_GEO_LOCATION",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 50,
"table_name": "TSG_SECURITY_SOURCE_LOCATION",
"table_type": "virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id": 51,
"table_name": "TSG_SECURITY_DESTINATION_LOCATION",
"table_type": "virtual",
"physical_table": "TSG_OBJ_GEO_LOCATION"
},
{
"table_id": 52,
"table_name": "TSG_FQDN_CATEGORY_BUILT_IN",
"table_type": "fqdn_plugin",
"valid_column": 5,
"custom": {
"item_id": 1,
"key_type": "pointer",
"suffix_match_method": 4,
"fqdn": 3
}
},
{
"table_id": 53,
"table_name": "TSG_FQDN_CATEGORY_USER_DEFINED",
"table_type": "fqdn_plugin",
"valid_column": 5,
"custom": {
"item_id": 1,
"key_type": "pointer",
"suffix_match_method": 4,
"fqdn": 3
}
},
{
"table_id": 54,
"table_name": "TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION",
"table_type": "virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id": 55,
"table_name": "TSG_FIELD_SIP_RESPONDER_DESCRIPTION",
"table_type": "virtual",
"physical_table": "TSG_OBJ_ACCOUNT"
},
{
"table_id": 56,
"table_name": "TSG_OBJ_IMSI",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 57,
"table_name": "TSG_OBJ_PHONE_NUMBER",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 58,
"table_name": "TSG_OBJ_APN",
"table_type": "expr",
"valid_column": 7,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"keywords": 3,
"expr_type": 4,
"match_method": 5,
"is_hexbin": 6
}
},
{
"table_id": 59,
"table_name": "TSG_FILED_GTP_IMSI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_IMSI"
},
{
"table_id": 60,
"table_name": "TSG_FILED_GTP_PHONE_NUMBER",
"table_type": "virtual",
"physical_table": "TSG_OBJ_PHONE_NUMBER"
},
{
"table_id": 61,
"table_name": "TSG_FILED_GTP_APN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_APN"
},
{
"table_id": 62,
"table_name": "TSG_DECYPTION_EXCLUSION_SSL_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 63,
"table_name": "TSG_OBJ_TUNNEL_ID",
"table_type": "intval",
"valid_column": 5,
"custom": {
"item_id": 1,
"group_id": 2,
"low_bound": 3,
"up_bound": 4
}
},
{
"table_id": 64,
"table_name": "TSG_TUNNEL_CATALOG",
"table_type": "bool_plugin",
"valid_column": 5,
"custom": {
"item_id": 1,
"key_type": "integer",
"bool_expr": 4
}
},
{
"table_id": 65,
"table_name": "TSG_TUNNEL_ENDPOINT",
"table_type": "ip_plugin",
"valid_column": 6,
"custom": {
"item_id": 1,
"key_type": "pointer",
"ip_type": 2,
"start_ip": 3,
"end_ip": 4,
"addr_format": 7
}
},
{
"table_id": 66,
"table_name": "TSG_TUNNEL_LABEL",
"table_type": "plugin",
"valid_column": 4,
"custom": {
"key": 1,
"key_type": "integer"
}
},
{
"table_id": 67,
"table_name": "TSG_SECURITY_TUNNEL",
"table_type": "virtual",
"physical_table": "TSG_OBJ_TUNNEL_ID"
},
{
"table_id": 68,
"table_name": "TSG_OBJ_FLAG",
"table_type": "flag",
"valid_column": 5,
"custom": {
"item_id": 1,
"group_id": 2,
"flag": 3,
"flag_mask": 4
}
},
{
"table_id": 69,
"table_name": "TSG_SECURITY_FLAG",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FLAG"
},
{
"table_id": 70,
"table_name": "APP_SELECTOR_ID",
"table_type": "intval",
"valid_column": 5,
"custom": {
"item_id": 1,
"group_id": 2,
"low_bound": 3,
"up_bound": 4
}
},
{
"table_id": 71,
"table_name": "APP_SELECTOR_PROPERTIES",
"table_type": "expr_plus",
"valid_column": 8,
"custom": {
"scan_mode": "block",
"pattern_type": "literal",
"item_id": 1,
"group_id": 2,
"district": 3,
"keywords": 4,
"expr_type": 5,
"match_method": 6,
"is_hexbin": 7
}
},
{
"table_id": 72,
"table_name": "APP_ID_DICT",
"table_type": "plugin",
"valid_column": 18,
"custom": {
"key": 1,
"key_type": "integer"
}
},
{
"table_id": 73,
"table_name": "APP_SIGNATURE_UPDATE_PROFILE",
"table_type": "plugin",
"valid_column": 5,
"custom": {
"key": 1,
"key_type": "integer",
"foreign": [
2,
3
]
}
},
{
"table_id": 74,
"table_name": "PXY_TCP_OPTION_SOURCE_ADDR",
"table_type": "virtual",
"physical_table": "TSG_OBJ_IP_ADDR"
},
{
"table_id": 75,
"table_name": "PXY_TCP_OPTION_DESTINATION_ADDR",
"table_type": "virtual",
"physical_table": "TSG_OBJ_IP_ADDR"
},
{
"table_id": 76,
"table_name": "PXY_TCP_OPTION_SERVER_FQDN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 77,
"table_name": "PXY_TCP_OPTION_SERVER_FQDN",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
},
{
"table_id": 78,
"table_name": "TRAFFIC_SHAPING_PROFILE",
"table_type": "plugin",
"valid_column": 7,
"custom": {
"key": 1,
"key_type": "integer"
}
},
{
"table_id": 79,
"table_name": "TSG_DYN_MOBILE_IDENTITY_APN_TEID",
"table_type": "plugin",
"valid_column": 7,
"custom": {
"key": 2,
"key_type": "integer"
}
},
{
"table_id": 80,
"table_name": "TSG_DYN_SUBSCRIBER_IP",
"table_type": "plugin",
"valid_column": 5,
"custom": {
"key": 3,
"key_type": "pointer"
}
},
{
"table_id": 81,
"table_name": "TSG_PROFILE_DNS_RECORDS",
"table_type": "plugin",
"valid_column": 5,
"custom": {
"key": 1,
"key_type": "integer"
}
},
{
"table_id": 82,
"table_name": "TSG_PROFILE_RESPONSE_PAGES",
"table_type": "plugin",
"valid_column": 5,
"custom": {
"key": 1,
"key_type": "integer",
"foreign": [
4
]
}
},
{
"table_id": 83,
"table_name": "TSG_PROFILE_TRAFFIC_MIRROR",
"table_type": "plugin",
"valid_column": 4,
"custom": {
"key": 1,
"key_type": "integer"
}
},
{
"table_id": 84,
"table_name": "T_VSYS_INFO",
"table_type": "plugin",
"valid_column": 3,
"custom": {
"key": 1,
"key_type": "integer"
}
},
{
"table_id": 85,
"table_name": "TSG_FIELD_DTLS_SNI",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN"
},
{
"table_id": 86,
"table_name": "TSG_FIELD_DTLS_SNI_CAT",
"table_type": "virtual",
"physical_table": "TSG_OBJ_FQDN_CAT"
}
]

13
ctest/CMakeLists.txt
View File

@@ -7,15 +7,22 @@ add_test(NAME COPY_GTEST_MAIN_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/
add_test(NAME COPY_GTEST_MAAT_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/maat.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/")
add_test(NAME COPY_GTEST_LOG_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_log_field.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/")
add_test(NAME COPY_GTEST_PROTO_CONF COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_l7_protocol.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/")
add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_static_tableinfo.conf ${CMAKE_BINARY_DIR}/testing/tsgconf/")
add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/tsg_static_tableinfo.json ${CMAKE_BINARY_DIR}/testing/tsgconf/")
add_test(NAME COPY_GTEST_MAAT_RULE COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/gtest_maat.json ${CMAKE_BINARY_DIR}/testing/tsgconf/tsg_maat.json")
add_test(NAME COPY_GTEST_PROFILE_RESPONSE_PAGES COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/foreign_files ${CMAKE_BINARY_DIR}/testing/")
#add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_BRIDGE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_bridge ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_ACTION_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_action ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_SENDLOG_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sendlog ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/")
add_test(NAME COPY_GTEST_SYNC_SESSION_STATE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_sync_session_state ${CMAKE_BINARY_DIR}/testing/")
set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing)
#add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_BRIDGE COMMAND gtest_bridge WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_ACTION COMMAND gtest_action WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_SENDLOG COMMAND gtest_sendlog WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR})
add_test(NAME GTEST_SYNC_SESSION_STATE COMMAND gtest_sync_session_state WORKING_DIRECTORY ${GTEST_RUN_DIR})

26
inc/app_label.h
View File

@@ -1,5 +1,4 @@
#ifndef __APP_LABEL_H__
#define __APP_LABEL_H__
#pragma once
#define MAX_APP_ID_NUM 8
@@ -40,19 +39,19 @@ struct app_identify_result
unsigned int surrogate_id[MAX_APP_ID_NUM];
};
enum _ATTRIBUTE_TYPE
enum LUA_ATTRIBUTE_TYPE
{
ATTRIBUTE_TYPE_UNKNOWN,
ATTRIBUTE_TYPE_IP,
ATTRIBUTE_TYPE_STRING,
ATTRIBUTE_TYPE_NUMERIC,
ATTRIBUTE_TYPE_BOOL,
_ATTRIBUTE_TYPE_MAX
LUA_ATTRIBUTE_TYPE_UNKNOWN,
LUA_ATTRIBUTE_TYPE_IP,
LUA_ATTRIBUTE_TYPE_STRING,
LUA_ATTRIBUTE_TYPE_NUMERIC,
LUA_ATTRIBUTE_TYPE_BOOL,
LUA_ATTRIBUTE_TYPE_MAX
};
struct attribute_kv
{
enum _ATTRIBUTE_TYPE type;
enum LUA_ATTRIBUTE_TYPE type;
char *name;
union
{
@@ -63,10 +62,9 @@ struct attribute_kv
};
};
struct user_defined_attribute_label
struct user_defined_attribute
{
int attribute_num;
struct attribute_kv *attribute;
int n_akv;
struct attribute_kv *akv;
};
#endif

69
inc/tsg_label.h
View File

@@ -1,5 +1,6 @@
#ifndef __TSG_LABEL_H__
#define __TSG_LABEL_H__
#pragma once
#include <stddef.h>
#define MAX_CATEGORY_ID_NUM 8
#define MAX_STR_FIELD_LEN 64
@@ -8,7 +9,7 @@
#define MAX_RESULT_NUM 8
typedef enum _tsg_protocol
enum TSG_PROTOCOL
{
PROTO_UNKONWN=0,
PROTO_IPv4=1,
@@ -36,8 +37,7 @@ typedef enum _tsg_protocol
PROTO_RDP,
PROTO_DTLS,
PROTO_MAX
}tsg_protocol_t;
};
struct asn_info
{
@@ -86,29 +86,9 @@ struct tunnel_endpoint
char *description;
};
struct session_attribute_label
{
int http_action_file_size;
int fqdn_category_id_num;
tsg_protocol_t proto;
long establish_latency_ms;
struct asn_info *client_asn;
struct asn_info *server_asn;
struct location_info *client_location;
struct location_info *server_location;
struct subscribe_id_info *client_subscribe_id;
struct subscribe_id_info *server_subscribe_id;
char *ja3_fingerprint;
unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM];
struct umts_user_info *user_info;
struct tunnel_endpoint *client_endpoint;
struct tunnel_endpoint *server_endpoint;
unsigned long session_flags;
};
struct tsg_conn_sketch_notify_data
{
tsg_protocol_t protocol;
enum TSG_PROTOCOL protocol;
union
{
char *mail_eml_filename;
@@ -117,12 +97,6 @@ struct tsg_conn_sketch_notify_data
}pdata;
};
struct notify_shaping_policy
{
int shaping_result_num;
struct Maat_rule_t shaping_result[MAX_RESULT_NUM];
};
enum NOTIFY_TYPE
{
NOTIFY_TYPE_MIRRORED=0,
@@ -140,18 +114,18 @@ struct mirrored_stat
{
long bytes;
long packets;
int compile_id;
long long compile_id;
};
struct policy_capture_result
{
int compile_id;
long long compile_id;
char *packet_path;
};
struct tsg_notify_data
{
int compile_id;
long long compile_id;
enum NOTIFY_TYPE type;
union
{
@@ -181,7 +155,7 @@ struct http_s3_file
struct business_notify_data
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
enum TSG_PROTOCOL proto; //enum _tsg_protocol (tsg_types.h)
union
{
struct http_s3_file *s3_http;
@@ -189,4 +163,25 @@ struct business_notify_data
};
};
#endif
struct session_runtime_attribute;
const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream);
const char *srt_attribute_get_ja3_fingerprint(const struct session_runtime_attribute *srt_attribute);
const char *srt_attribute_get_client_subscriber_id(const struct session_runtime_attribute *srt_attribute);
const char *srt_attribute_get_server_subscriber_id(const struct session_runtime_attribute *srt_attribute);
const struct asn_info *srt_attribute_get_client_ip_asn(const struct session_runtime_attribute *srt_attribute);
const struct asn_info *srt_attribute_get_server_ip_asn(const struct session_runtime_attribute *srt_attribute);
const struct location_info *srt_attribute_get_client_ip_location(const struct session_runtime_attribute *srt_attribute);
const struct location_info *srt_attribute_get_server_ip_location(const struct session_runtime_attribute *srt_attribute);
size_t srt_attribute_get_category_ids(const struct session_runtime_attribute *srt_attribute, unsigned int *category_ids, size_t n_category_ids);
int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned int *category_ids, int n_category_ids);
struct session_runtime_process_context;
int session_runtime_process_context_async(const struct streaminfo *a_stream, void *data);
const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream);
// return NULL; http host or ssl sni or quic sni or dtls sni
const char *srt_process_context_get_domain(const struct session_runtime_process_context *srt_process_context);
const char *srt_process_context_get_http_url(const struct session_runtime_process_context *srt_process_context);
const char *srt_process_context_get_quic_ua(const struct session_runtime_process_context *srt_process_context);
enum TSG_PROTOCOL srt_process_context_get_protocol(const struct session_runtime_process_context *srt_process_context);

93
inc/tsg_rule.h
View File

@@ -1,17 +1,7 @@
#ifndef __TSG_RULE_H__
#define __TSG_RULE_H__
#include <MESA/Maat_rule.h>
#pragma once
#include "tsg_label.h"
#define TSG_DOMAIN_MAX 256
#define MAX_APP_ID_PROPERTY_LEN 128
#ifndef MAX_DOMAIN_LEN
#define MAX_DOMAIN_LEN 2048
#endif
#define TSG_ACTION_NONE 0x00
#define TSG_ACTION_MONITOR 0x01
#define TSG_ACTION_INTERCEPT 0x02
@@ -19,9 +9,21 @@
#define TSG_ACTION_SHAPING 0x20
#define TSG_ACTION_MANIPULATE 0x30
#define TSG_ACTION_S_CHAINING 0x40
#define TSG_ACTION_BYPASS 0x80
#define TSG_ACTION_BYPASS 0x60
#define TSG_ACTION_SHUNT 0x80
#define TSG_ACTION_MAX 0x80
enum TSG_SERVICE
{
TSG_SERVICE_SECURITY=2,
TSG_SERVICE_INTERCEPT=3,
TSG_SERVICE_CHAINING=5,
TSG_SERVICE_SHAPING=6,
TSG_SERVICE_PRE_SIGNATURE=7,
TSG_SERVICE_SIGNATURE=8,
TSG_SERVICE_MAX
};
enum TSG_METHOD_TYPE
{
TSG_METHOD_TYPE_UNKNOWN=0,
@@ -37,65 +39,40 @@ enum TSG_METHOD_TYPE
TSG_METHOD_TYPE_DEFAULT,
TSG_METHOD_TYPE_APP_DROP,
TSG_METHOD_TYPE_ALLOW,
TSG_METHOD_TYPE_SHUNT,
TSG_METHOD_TYPE_MAX
};
struct identify_info
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
char domain[MAX_DOMAIN_LEN];
};
typedef enum _PULL_RESULT_TYPE
{
PULL_KNI_RESULT,
PULL_FW_RESULT,
PULL_ALL_RESULT
}PULL_RESULT_TYPE;
extern Maat_feather_t g_tsg_maat_feather;
int tsg_rule_init(const char *conffile, void *logger);
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info);
int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num);
char *tsg_pull_quic_ua(struct streaminfo *a_stream);
char *tsg_pull_http_url(struct streaminfo *a_stream);
//return NULL if none exists, otherwise return one deny rule;
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
enum ACTION_RETURN_TYPE
{
ACTION_RETURN_TYPE_PROT=0,
ACTION_RETURN_TYPE_APP,
ACTION_RETURN_TYPE_TCPALL
};
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data);
int tsg_get_method_id(char *method);
extern struct maat *g_tsg_maat_feather;
int tsg_free_compile_user_region(const struct Maat_rule_t *rule, struct compile_user_region *user_region);
struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maat_feather, struct Maat_rule_t *result);
struct maat_rule
{
long long rule_id;
unsigned char action;
unsigned char service_id;
unsigned char do_log;
unsigned char padding[5];
};
struct matched_policy_rules
{
size_t n_rules;
struct maat_rule rules[MAX_RESULT_NUM];
};
////return -1 if none exists otherwise return >=0
int tsg_get_column_integer_value(const char* line, int column_seq);
void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *rules, size_t n_rules, int thread_seq);
size_t tsg_matched_rules_select(struct maat *feather, TSG_SERVICE service, long long *matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_scan_nesting_addr(const struct streaminfo *a_stream, struct maat *feather, enum TSG_PROTOCOL proto, struct maat_state *s_mid, struct maat_rule *rules, size_t n_rules);
size_t session_matched_rules_copy(const struct streaminfo *a_stream, enum TSG_SERVICE service, struct maat_rule *rules, size_t n_rules);
//return NULL if none exists, otherwise return value;
char *tsg_get_column_string_value(const char* line, int column_seq);
int tsg_get_fqdn_category_ids(struct maat *feather, char *fqdn, unsigned int *category_ids, int n_category_ids);
int tsg_set_fqdn_category_id(const struct streaminfo *a_stream, unsigned int *category_id, int category_id_num, int thread_seq);
int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq);
int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq);
int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq);
int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
int tsg_notify_hited_security_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
int tsg_notify_hited_s_chaining_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data);
#endif

53
inc/tsg_send_log.h
View File

@@ -1,11 +1,4 @@
#ifndef __TSG_SEND_LOG_H__
#define __TSG_SEND_LOG_H__
#include <MESA/Maat_rule.h>
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#pragma once
enum DO_LOG
{
@@ -14,15 +7,7 @@ enum DO_LOG
LOG_NOFILE=2,
};
typedef struct _tsg_log
{
int result_num;
Maat_rule_t *result;
struct streaminfo *a_stream;
}tsg_log_t;
typedef enum _tld_type
enum TLD_TYPE
{
TLD_TYPE_UNKNOWN=0,
TLD_TYPE_LONG=1,
@@ -32,7 +17,19 @@ typedef enum _tld_type
TLD_TYPE_CJSON, // TLD_TYPE_CJSON is obsolete, please use TLD_TYPE_OBJECT
TLD_TYPE_OBJECT,
TLD_TYPE_MAX
}TLD_TYPE;
};
enum LOG_TYPE
{
LOG_TYPE_SECURITY_EVENT=0,
LOG_TYPE_SESSION_RECORD,
LOG_TYPE_INTERNAL_RTP_RECORD,
LOG_TYPE_VOIP_RECORD,
LOG_TYPE_INTERIM_SESSION_RECORD,
LOG_TYPE_TRANSACTION_RECORD,
LOG_TYPE_GTPC_RECORD,
LOG_TYPE_BGP_RECORD
};
struct TLD_handle_t;
struct tsg_log_instance_t;
@@ -40,24 +37,20 @@ struct tsg_log_instance_t;
extern struct tsg_log_instance_t *g_tsg_log_instance;
struct TLD_handle_t *TLD_create(int thread_id);
int TLD_search(struct TLD_handle_t *handle, char *key);
int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type);
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream);
int TLD_cancel(struct TLD_handle_t *handle);
int TLD_append(struct TLD_handle_t *handle, char *key, void *value, enum TLD_TYPE type);
struct TLD_handle_t *TLD_duplicate(struct TLD_handle_t *handle);
//type only TLD_TYPE_LONG/TLD_TYPE_STRING
int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, TLD_TYPE type);
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id);
int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, enum TLD_TYPE type);
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream);
int TLD_cancel(struct TLD_handle_t *handle);
//return topic_id; return >=0 if success,otherwise return -1;
int tsg_register_topic(struct tsg_log_instance_t *instance, char *topic_name);
int tsg_register_topic(struct tsg_log_instance_t *instance, const char *topic_name);
int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *payload, int payload_len, int thread_id);
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream, enum LOG_TYPE log_type, struct maat_rule *rules, size_t n_rules, int thread_id);
unsigned long long tsg_get_stream_id(struct streaminfo *a_stream);
char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id);
unsigned long long tsg_get_stream_trace_id(const struct streaminfo *a_stream);
const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id);
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name);
#endif

4
inc/tsg_statistic.h
View File

@@ -20,8 +20,8 @@ struct _traffic_info
long long out_packets;
};
int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq);
int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq);
int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq);
int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq);
int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq);
#endif

5
src/CMakeLists.txt
View File

@@ -2,14 +2,13 @@ cmake_minimum_required(VERSION 2.8)
add_definitions(-fPIC)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp
tsg_sync_state.cpp)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_protocol.cpp tsg_sync_state.cpp tsg_variable.cpp)
include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/)
include_directories(/usr/include/)
set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maatframe pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer)
set(TSG_MASTER_DEPEND_DYN_LIB MESA_handle_logger MESA_prof_load maat4 pthread MESA_field_stat2 rdkafka cjson MESA_jump_layer)
set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)

145
src/tsg_action.cpp
View File

@@ -17,26 +17,27 @@
#include <MESA/stream.h>
#include <MESA/MESA_handle_logger.h>
#include "app_label.h"
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_entry.h"
#include "tsg_bridge.h"
#include "tsg_statistic.h"
#include "tsg_send_log.h"
#include "tsg_protocol_common.h"
#include "tsg_rule_internal.h"
extern "C" int sendpacket_do_checksum(unsigned char *buf, int protocol, int len);
static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate::TemplateDictionary *tpl_dict, int policy_id)
static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate::TemplateDictionary *tpl_dict, long long policy_id)
{
char ip_str[128]={0};
struct session_attribute_label *attr_label=NULL;
tpl_dict->SetIntValue("tsg_policy_id", policy_id);
tpl_dict->SetIntValue("tsg_policy_id", policy_id); //TODO
attr_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
if(attr_label!=NULL && attr_label->client_subscribe_id!=NULL)
const struct session_runtime_attribute *srt_attribute=(const struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
if(srt_attribute!=NULL && srt_attribute->client_subscribe_id!=NULL)
{
tpl_dict->SetFormattedValue("tsg_subscriber_id", "%s", attr_label->client_subscribe_id->subscribe_id);
tpl_dict->SetFormattedValue("tsg_subscriber_id", "%s", srt_attribute->client_subscribe_id->subscribe_id);
}
else
{
@@ -62,7 +63,7 @@ static int replace_policy_variable(const struct streaminfo *a_stream, ctemplate:
return 0;
}
static int set_drop_stream(const struct streaminfo *a_stream, tsg_protocol_t protocol)
static int set_drop_stream(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol)
{
int ret=0, opt_value=1;
MESA_set_stream_opt(a_stream, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value));
@@ -153,7 +154,7 @@ static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void
return 0;
}
static void template_generate(const struct streaminfo *a_stream, int status_code, int policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq)
static void template_generate(const struct streaminfo *a_stream, int status_code, long long policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq)
{
std::string page_output, msg_output;
ctemplate::Template *tpl=NULL;
@@ -223,16 +224,14 @@ static void template_generate(const struct streaminfo *a_stream, int status_code
return ;
}
static int get_response_pages(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, char **payload, int thread_seq)
static int get_response_pages(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, char **payload, int thread_seq)
{
char key[16]={0};
int payload_len=0;
struct http_response_pages *res_pages=NULL;
switch(user_region->deny->type)
{
case TSG_DENY_TYPE_MESSAGE:
template_generate(a_stream, user_region->deny->code, p_result->config_id, user_region->deny->message, payload, (size_t *)&payload_len, thread_seq);
template_generate(a_stream, user_region->deny->code, p_result->rule_id, user_region->deny->message, payload, (size_t *)&payload_len, thread_seq);
return payload_len;
break;
case TSG_DENY_TYPE_PROFILE:
@@ -241,25 +240,24 @@ static int get_response_pages(const struct streaminfo *a_stream, struct Maat_rul
break;
}
snprintf(key, sizeof(key), "%d", user_region->deny->profile_id);
res_pages=(struct http_response_pages *)Maat_plugin_get_EX_data(g_tsg_maat_feather,g_tsg_para.table_id[TABLE_RESPONSE_PAGES], key);
if(res_pages!=NULL)
struct http_response_pages *response_pages=(struct http_response_pages *)matched_rule_cites_http_response_pages(g_tsg_maat_feather, (long long)user_region->deny->profile_id);
if(response_pages!=NULL)
{
switch(res_pages->format)
switch(response_pages->format)
{
case HTTP_RESPONSE_FORMAT_HTML:
*payload=(char *)dictator_malloc(thread_seq, res_pages->content_len);
memcpy(*payload, res_pages->content, res_pages->content_len);
payload_len=res_pages->content_len;
*payload=(char *)dictator_malloc(thread_seq, response_pages->content_len);
memcpy(*payload, response_pages->content, response_pages->content_len);
payload_len=response_pages->content_len;
break;
case HTTP_RESPONSE_FORMAT_TEMPLATE:
template_generate(a_stream, user_region->deny->code, p_result->config_id, res_pages->content, payload, (size_t *)&payload_len, thread_seq);
template_generate(a_stream, user_region->deny->code, p_result->rule_id, response_pages->content, payload, (size_t *)&payload_len, thread_seq);
break;
default:
break;
}
http_response_pages_free(g_tsg_para.table_id[TABLE_RESPONSE_PAGES], (MAAT_PLUGIN_EX_DATA *)&res_pages, 0, NULL);
plugin_ex_data_http_response_pages_free(response_pages);
}
return payload_len;
@@ -439,7 +437,7 @@ static int http_send_reponse_packet(const struct streaminfo *a_stream, char *pac
return ip_tcp_hdr_len+http_hdr_len+payload_len;
}
static int http_build_response_packet(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
static int http_build_response_packet(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *a_packet)
{
char *payload=NULL;
char message[1024*64]={0};
@@ -465,7 +463,7 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct
http_hdr_len=get_http_header(message+ip_tcp_hdr_len, sizeof(message)-ip_tcp_hdr_len, user_region->deny->code, NULL);
payload_len=get_response_pages(a_stream, p_result, user_region, &payload, a_stream->threadnum);
set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, (void *)&payload_len, sizeof(int), a_stream->threadnum);
srt_attribute_set_reponse_size(a_stream, payload_len);
get_tcp_mss_option(a_stream, TCP_OPT_MSS, (void *)&max_segment_size);
@@ -499,7 +497,7 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct
return send_pkt_len;
}
static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, int code, char *http_hdr, int http_hdr_len)
static int http_get_redirect_url(const struct streaminfo *a_stream, struct maat_rule *p_result, char *url, int code, char *http_hdr, int http_hdr_len)
{
int used_len=0;
char *tmp_buff=NULL;
@@ -510,7 +508,7 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_
{
ctemplate::TemplateDictionary dict_303("url_dict"); //dict is automatically finalized after function returned.
replace_policy_variable(a_stream, &dict_303, p_result->config_id);
replace_policy_variable(a_stream, &dict_303, p_result->rule_id);
tpl_303->Expand(&output, &dict_303);
@@ -532,7 +530,7 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_
return used_len;
}
static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol)
static unsigned char do_action_reset(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol)
{
if(a_stream->type==STREAM_TYPE_TCP)
{
@@ -550,7 +548,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
RLOG_LV_FATAL,
"RST_TCP",
"Send RST failed policy_id: %d service: %d action: %d addr: %s",
p_result->config_id,
p_result->rule_id,
p_result->service_id,
(unsigned char)p_result->action,
PRINTADDR(a_stream, g_tsg_para.level)
@@ -569,8 +567,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
return STATE_DROPPKT|STATE_DROPME;
}
static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet)
static unsigned char do_action_drop(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *a_packet)
{
switch(protocol)
{
@@ -584,7 +581,7 @@ static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data, enum ACTION_RETURN_TYPE type)
static unsigned char do_action_tamper(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data, enum ACTION_RETURN_TYPE type)
{
if(g_tsg_para.feature_tamper==0)
{
@@ -592,12 +589,12 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru
return STATE_DROPME|STATE_DROPPKT;
}
struct tcpall_context * _context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id);
struct session_runtime_action_context * _context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
if(_context==NULL)
{
_context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
memset(_context, 0, sizeof(struct tcpall_context));
tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context);
_context=(struct session_runtime_action_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_action_context));
memset(_context, 0, sizeof(struct session_runtime_action_context));
session_runtime_action_context_async(a_stream, (void *)_context);
_context->method_type=TSG_METHOD_TYPE_TAMPER;
_context->tamper_count = 0;
}
@@ -607,21 +604,20 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru
_context->tamper_count = 0;
}
//当前为tsg_master_plug暂时不处理在tsg_master_all_entry处理,防止命中发两次
if(ACTION_RETURN_TYPE_APP == type)
{
return STATE_GIVEME|STATE_DROPPKT|STATE_KILL_OTHER;
}
//TCP这里发送的话tsg_master_all_entry仍会处理发送,UDP没有这个情况,所以加该判断
if(a_stream->type == STREAM_TYPE_UDP)
{
send_tamper_xxx(a_stream, &_context->tamper_count, user_data);
}
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data)
{
struct deny_user_region *deny_region=NULL;
@@ -663,11 +659,11 @@ static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Ma
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type)
static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type)
{
struct leaky_bucket *bucket=create_bucket(user_region->deny->bps, a_stream->threadnum);
int ret=set_bucket_to_tcpall(a_stream, bucket, a_stream->threadnum);
int ret=srt_action_context_set_leaky_bucket(a_stream, bucket, a_stream->threadnum);
if(ret==0)
{
destroy_bucket(&bucket, a_stream->threadnum);
@@ -687,7 +683,7 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat
return STATE_GIVEME|STATE_KILL_OTHER;
}
static unsigned char do_action_block_sip(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data)
static unsigned char do_action_block_sip(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data)
{
int offset=0;
char payload[1024]={0};
@@ -714,7 +710,7 @@ static unsigned char do_action_block_sip(const struct streaminfo *a_stream, Maat
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
static unsigned char do_action_block_mail(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region)
{
char *payload=NULL;
@@ -739,7 +735,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
static unsigned char do_action_block_http(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *a_packet)
{
int opt_value=0;
int send_pkt_len=0;
@@ -766,7 +762,7 @@ static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maa
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data)
{
if(user_region==NULL || user_region->deny==NULL)
{
@@ -796,7 +792,7 @@ static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region)
{
int used_http_hdr_len=0;
char http_hdr[1024]={0};
@@ -819,7 +815,7 @@ static unsigned char do_action_redirect_http(const struct streaminfo *a_stream,
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, enum TSG_PROTOCOL protocol, const void *user_data)
{
if(user_region==NULL || user_region->deny==NULL)
{
@@ -842,7 +838,7 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M
return STATE_DROPME|STATE_DROPPKT;
}
static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char local_state=STATE_GIVEME;
unsigned char state=0;
@@ -883,19 +879,18 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
if(type!=ACTION_RETURN_TYPE_TCPALL && user_region->deny->after_n_packets>0)
{
set_protocol_to_tcpall(a_stream, protocol, a_stream->threadnum);
set_method_to_tcpall(a_stream, user_region->method_type, a_stream->threadnum);
srt_action_context_set_l7_protocol(a_stream, protocol, a_stream->threadnum);
srt_action_context_set_rule_method(a_stream, user_region->method_type, a_stream->threadnum);
if(a_stream->type==STREAM_TYPE_UDP && type!=ACTION_RETURN_TYPE_PROT)
{
set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum);
srt_action_context_set_after_n_packet(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum);
}
else
{
set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets, a_stream->threadnum);
srt_action_context_set_after_n_packet(a_stream, user_region->deny->after_n_packets, a_stream->threadnum);
}
//tsg_set_policy_result(a_stream, PULL_FW_RESULT, p_result, protocol, a_stream->threadnum);
local_state=((type==ACTION_RETURN_TYPE_PROT) ? (STATE_DROPME) : (STATE_DROPME|STATE_KILL_OTHER));
break;
}
@@ -920,11 +915,11 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
break;
}
tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum);
session_packet_capture_notify(a_stream, p_result, 1, a_stream->threadnum);
if(method_type!=TSG_METHOD_TYPE_DEFAULT && method_type!=TSG_METHOD_TYPE_APP_DROP)
{
set_method_to_tcpall(a_stream, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum);
srt_action_context_set_rule_method(a_stream, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum);
}
state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME);
@@ -937,26 +932,23 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
return state;
}
unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data)
unsigned char tsg_enforing_deny_application(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char state=0;
char app_id_buff[32]={0};
struct app_id_dict *dict=NULL;
struct compile_user_region app_user_region={0}, *user_region=NULL;
snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id);
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)app_id);
if(dict==NULL)
{
set_drop_stream(a_stream, protocol);
return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT);
}
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region!=NULL)
unsigned char state=0;
struct compile_user_region app_user_region;
struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
if(maat_compile!=NULL && maat_compile->user_region!=NULL)
{
app_user_region.capture=user_region->capture;
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
app_user_region.capture=maat_compile->user_region->capture;
plugin_ex_data_security_compile_free(maat_compile);
}
switch(dict->deny_app_para.type)
@@ -974,29 +966,28 @@ unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_
}
state=tsg_do_deny_action(a_stream, &app_user_region, p_result, protocol, type, user_data);
app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
plugin_ex_data_app_id_dict_free(dict);
return state;
}
unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
unsigned char tsg_enforing_deny(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, enum ACTION_RETURN_TYPE type, const void *user_data)
{
unsigned char state=0;
struct compile_user_region *user_region=NULL;
if(p_result->action==TSG_ACTION_BYPASS)
{
return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPME : APP_STATE_GIVEME);
}
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region==NULL)
struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
if(maat_compile==NULL || maat_compile->user_region==NULL)
{
set_drop_stream(a_stream, protocol);
return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT);
}
if(user_region->method_type==TSG_METHOD_TYPE_APP_DROP)
unsigned char state=0;
if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_APP_DROP)
{
unsigned int app_id=0;
@@ -1008,14 +999,14 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
{
app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
}
state=tsg_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data);
state=tsg_enforing_deny_application(a_stream, p_result, protocol, app_id, ACTION_RETURN_TYPE_APP, user_data);
}
else
{
state=tsg_do_deny_action(a_stream, user_region, p_result, protocol, type, user_data);
state=tsg_do_deny_action(a_stream, maat_compile->user_region, p_result, protocol, type, user_data);
}
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
plugin_ex_data_security_compile_free(maat_compile);
return state;
}

943
src/tsg_bridge.cpp
View File

File diff suppressed because it is too large Load Diff

154
src/tsg_bridge.h
View File

@@ -1,10 +1,10 @@
#pragma once
#include <MESA/stream.h>
#include <MESA/Maat_rule.h>
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_label.h"
#include "tsg_rule.h"
#include "tsg_leaky_bucket.h"
#ifndef MAX_BRIDGE_NAME_LEN
@@ -15,24 +15,29 @@ enum BRIDGE_TYPE
{
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_NOTIFY_FLAGS,
BRIDGE_TYPE_NOTIFY_SHAPING_RESULT, //sync and async
BRIDGE_TYPE_DATA_CONTEXT, //async
BRIDGE_TYPE_ALL_CONTEXT, //async
BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_SYNC_SESSION_FLAGS,
BRIDGE_TYPE_SHAPING_RESULT, //sync and async
BRIDGE_TYPE_SESSION_PROCESS_CONTEXT, //async
BRIDGE_TYPE_SESSION_ACTION_CONTEXT, //async
BRIDGE_TYPE_GATHER_APP_RESULT, //async
BRIDGE_TYPE_POLICY_PRIORITY, //async
BRIDGE_TYPE_SERVICE_CHAINING, //async
BRIDGE_TYPE_SERVICE_CHAINING_RESULT, //async
BRIDGE_TYPE_SECURITY_RESULT, //async
BRIDGE_TYPE_SESSION_ATTRIBUTE, //async
BRIDGE_TYPE_MAC_LINKINFO, //async
BRIDGE_TYPE_NAT_C2S_LINKINFO,
BRIDGE_TYPE_NAT_S2C_LINKINFO,
BRIDGE_TYPE_APP_LUA_RESULT,
BRIDGE_TYPE_BUSINESS_S3_FILENAME,
BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT,
BRIDGE_TYPE_ASYNC_SESSION_FLAGS,
BRIDGE_TYPE_APP_SIGNATURE_RESULT,
BRIDGE_TYPE_INTERCEPT_RESULT, //sync and async
BRIDGE_TYPE_SEGMENT_IDS, //async service_chaining or shping SID
BRIDGE_TYPE_MAX
};
struct tm_hited_result
{
int sid;
int result_num;
struct Maat_rule_t result[MAX_RESULT_NUM];
};
struct app_attributes
{
unsigned int app_id;
@@ -47,29 +52,13 @@ struct gather_app_result
struct app_attributes attributes[MAX_APP_ID_NUM];
};
struct policy_priority_label
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
int security_result_num;
union
{
char *http_url;
char *quic_ua;
void *para;
};
char domain[MAX_DOMAIN_LEN];
struct Maat_rule_t security_result[MAX_RESULT_NUM];
};
struct hited_app_para
{
int hited_app_id;
int after_n_packets;
};
struct master_context
struct session_runtime_process_context
{
unsigned char is_esni;
unsigned char is_hited_allow;
@@ -77,31 +66,38 @@ struct master_context
unsigned char is_app_link;
unsigned char sync_cb_state;
unsigned short timeout;
tsg_protocol_t proto;
enum TSG_PROTOCOL proto;
int hited_app_id; // only app
unsigned int quic_version;
unsigned long session_flag;
union
{
char *ssl_sni;
char *quic_sni;
char *dtls_sni;
char *http_host;
char *domain;
};
union
{
char *http_url;
char *quic_ua;
void *para;
};
scan_status_t mid;
struct maat_state *mid;
struct hited_app_para hited_para; // l7 protocol and app
long long last_scan_time;
struct Maat_rule_t *hited_result;
struct maat_rule *hited_result;
};
struct tcpall_context
struct session_runtime_action_context
{
char udp_data_dropme;
char set_latency_flag;
char direction;
char padding[5];
enum TSG_METHOD_TYPE method_type;
tsg_protocol_t protocol;
enum TSG_PROTOCOL protocol;
union
{
struct leaky_bucket *bucket;
@@ -112,28 +108,78 @@ struct tcpall_context
};
};
struct udp_context
struct udp_session_runtime_context
{
struct master_context *data_entry;
struct tcpall_context *all_entry;
struct session_runtime_process_context *srt_process_context;
struct session_runtime_action_context *srt_action_context;
};
struct bridge_info
struct session_runtime_attribute
{
int id;
char name[MAX_BRIDGE_NAME_LEN];
stream_bridge_free_cb_t *free_cb;
stream_bridge_sync_cb_t *sync_cb;
int http_action_file_size;
size_t n_fqdn_category_ids;
enum TSG_PROTOCOL proto;
long establish_latency_ms;
struct asn_info *client_asn;
struct asn_info *server_asn;
struct location_info *client_location;
struct location_info *server_location;
struct subscribe_id_info *client_subscribe_id;
struct subscribe_id_info *server_subscribe_id;
const char *ja3_fingerprint;
unsigned int fqdn_category_ids[MAX_CATEGORY_ID_NUM];
struct umts_user_info *user_info;
struct tunnel_endpoint *client_endpoint;
struct tunnel_endpoint *server_endpoint;
unsigned long session_flags;
};
int tsg_init_bridge(const char *conffile);
void free_context_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_tcpall_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_policy_label(const struct streaminfo *stream, int bridge_id, void *data);
void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data);
void free_gather_app_result(const struct streaminfo *stream, int bridge_id, void *data);
// init
int tsg_bridge_init(const char *conffile);
void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id);
int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data);
//send log
void *session_mac_linkinfo_get(const struct streaminfo * a_stream);
void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream);
void *session_business_data_get(const struct streaminfo * a_stream);
void *session_session_flags_get(const struct streaminfo * a_stream);
void *session_application_behavior_get(const struct streaminfo * a_stream);
void *session_mirrored_and_capture_packets_exec_result_get(const struct streaminfo * a_stream);
void *session_lua_user_defined_attribute_get(const struct streaminfo * a_stream);
void *session_nat_c2s_linkinfo_get(const struct streaminfo * a_stream);
void *session_nat_s2c_linkinfo_get(const struct streaminfo * a_stream);
void *session_control_segment_ids_get(const struct streaminfo *a_stream);
int session_control_segment_ids_async(const struct streaminfo *a_stream, void *data);
void session_matched_rules_free(const struct streaminfo * a_stream, TSG_SERVICE service, void * data);
int session_matched_rules_async(const struct streaminfo * a_stream, TSG_SERVICE service, void * data);
const struct matched_policy_rules *session_matched_rules_get(const struct streaminfo *a_stream, enum TSG_SERVICE service);
int session_capture_packets_sync(const struct streaminfo *a_stream, struct maat_rule *results, int depth);
int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_rule *results, struct mirrored_vlan *vlan);
// security
void session_matched_rules_notify(const struct streaminfo * a_stream, TSG_SERVICE service, struct maat_rule *results, size_t n_results, int thread_seq);
// session runtime attribute
int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol);
int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags);
int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream);
int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint);
int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size);
//gather app identify result
int session_gather_app_results_async(const struct streaminfo * a_stream, void * data);
void *session_gather_app_results_get(const struct streaminfo * a_stream);
// session runtime do action context
int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data);
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream);
int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq);
int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq);
int srt_action_context_set_rule_method(const struct streaminfo * a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq);
int srt_action_context_set_after_n_packet(const struct streaminfo * a_stream, int after_n_packets, int thread_seq);
int srt_action_context_set_hitted_app_id(const struct streaminfo * a_stream, int hited_app_id, int thread_seq);
char srt_action_context_get_direction(const struct streaminfo * a_stream);

11
src/tsg_dns.cpp
View File

@@ -4,6 +4,7 @@
#include <MESA/dns.h>
#include "tsg_entry.h"
#include "tsg_rule_internal.h"
#include "tsg_protocol_common.h"
static int random_integer(int max, int min)
@@ -192,12 +193,9 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
}
int used_len=0;
if(answer_records->record_val.selected_flag==1)
{
char profile_id[128]={0};
snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id);
struct dns_profile_records *profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
struct dns_profile_records *profile_records=(struct dns_profile_records *)matched_rule_cites_dns_profile_record(g_tsg_maat_feather, answer_records->record_val.selected.profile_id);
if(profile_records==NULL)
{
return 0;
@@ -208,7 +206,7 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl);
(*answer_record_num)+=record_num;
dns_profile_records_free(0, (MAAT_PLUGIN_EX_DATA *)&profile_records, 0, NULL);
plugin_ex_data_dns_profile_record_free(profile_records);
}
else
{
@@ -216,11 +214,10 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, &(answer_records->record_val), 1, answer_records->max_ttl, answer_records->min_ttl);
}
return used_len;
}
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data)
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data)
{
int ret=0,used_len=0,record_num=0;
unsigned char raw_route_dir=0;

1919
src/tsg_entry.cpp
View File

File diff suppressed because it is too large Load Diff

101
src/tsg_entry.h
View File

@@ -1,5 +1,4 @@
#ifndef __TSG_ENTRY_H__
#define __TSG_ENTRY_H__
#pragma once
#include <sys/socket.h>
#include <netinet/in.h>
@@ -7,7 +6,6 @@
#include <MESA/dns.h>
#include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
#include "uthash.h"
@@ -54,35 +52,12 @@ typedef int atomic_t;
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
TSG_ATTRIBUTE_TYPE_PROTOCOL,
TSG_ATTRIBUTE_TYPE_JA3_HASH,
TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
TSG_ATTRIBUTE_TYPE_LOCATION,
TSG_ATTRIBUTE_TYPE_ASN,
TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
TSG_ATTRIBUTE_TYPE_SESSION_FLAGS,
_MAX_TSG_ATTRIBUTE_TYPE
};
enum HTTP_RESPONSE_FORMAT
{
HTTP_RESPONSE_FORMAT_TEMPLATE=0,
HTTP_RESPONSE_FORMAT_HTML
};
struct l7_protocol
{
int id; /* first key */
char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
};
struct fqdn_category
{
int ref_cnt;
@@ -112,7 +87,7 @@ struct app_id_dict
char *app_name;
char *parent_app_name;
char *category;
char *subcategroy;
char *subcategory;
char *technology;
char *characteristics;
struct deny_user_region deny_app_para;
@@ -181,80 +156,8 @@ typedef enum tsg_statis_field_id
STATIS_MAX
}tsg_statis_field_id_t;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
typedef struct tsg_statistic
{
int cycle;
int fs_line_id;
int thread_alive;
pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
}tsg_statis_para_t;
int tsg_statistic_init(const char *conffile, void *logger);
void tsg_statistic_destroy(void);
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
long long get_current_time_ms(void);
//parent_app_name.app_name
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
//return 18 or 19: subdivision_addr
int tsg_get_location_type(void);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void gtp_c_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
int set_method_to_tcpall(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq);
int set_protocol_to_tcpall(const struct streaminfo *a_stream, tsg_protocol_t protocol, int thread_seq);
int set_bucket_to_tcpall(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq);
int set_after_n_packet_to_tcpall(const struct streaminfo *a_stream, int after_n_packets, int thread_seq);
char get_direction_from_tcpall(const struct streaminfo *a_stream);
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned long flag, int thread_seq);
int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_s_chaining_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num);
#endif

7
src/tsg_gtp_signaling.cpp
View File

@@ -5,7 +5,7 @@
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h>
#include "tsg_entry.h"
#include "tsg_rule_internal.h"
#include "tsg_gtp_signaling.h"
MESA_htable_handle g_gtp_signaling_hash_handle=NULL;
@@ -150,7 +150,7 @@ static int get_umts_user_info_form_hash(struct umts_user_info **user_info, unsig
static int get_umts_user_info_form_redis(struct umts_user_info **user_info, unsigned int teid, int thread_seq)
{
(*user_info)=tsg_get_umts_user_info_form_redis(teid);
(*user_info) = tsg_get_umts_user_info_form_redis(g_tsg_maat_feather, (long long)teid);
if((*user_info)!=NULL)
{
return 1;
@@ -159,8 +159,7 @@ static int get_umts_user_info_form_redis(struct umts_user_info **user_info, unsi
return 0;
}
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info)
int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info)
{
int ret=0;
unsigned int uplink=0,downlink=0;

12
src/tsg_icmp.cpp
View File

@@ -171,8 +171,7 @@ static void format_icmpv4(const char *raw_pkt, char *ret_icmpv4, int *ret_len){
}
/*
* icmpv6数据包组
* [ICMPV6] = [ipv6_headr]+[icmp]
* icmpv6数据包组<EFBFBD><EFBFBD>? * [ICMPV6] = [ipv6_headr]+[icmp]
*
* icmpv6的最大MTU应是ipv6的最小MTU(1280)
* <本端内容来自RFC443>
@@ -183,9 +182,8 @@ static void format_icmpv4(const char *raw_pkt, char *ret_icmpv4, int *ret_len){
*
* [ICMPV6] = [ipv6_headr]+[icmp]
*
* 计算ICMPV6的校验和 (ICMP + 伪首部) 作为计算数据部分
* 注意 ICMPV6数据要补充成四字节对
* ipv6伪首部数据: 长度
* 计算ICMPV6的校验和<EFBFBD><EFBFBD>?(ICMP + 伪首<EFBFBD><EFBFBD>? 作为计算数据部分
* 注意<EFBFBD><EFBFBD>?ICMPV6数据要补充成四字节对<EFBFBD><EFBFBD>? * ipv6伪首部数<E983A8><E695B0>? 长度
* {
* Soucre Address : 16
* Destination Address: 16
@@ -267,7 +265,7 @@ static void format_icmpv6(const char *raw_pkt, char *ret_icmpv6, int *ret_len){
memcpy(icmp.origin_data, raw_pkt, icmp_original_data_len);
upper_layer_packet_len = htonl((int)icmp_len);
four_byte_alignment(&icmp_len, &icmp_checksum_len); //icmp_len和icmp_checksum_len 补充为4字节对齐
four_byte_alignment(&icmp_len, &icmp_checksum_len); //icmp_len和icmp_checksum_len 补充<EFBFBD><EFBFBD>?字节对齐
//calc icmp checksum
memcpy(icmp_checksum_buf, &icmp, icmp_len);
@@ -350,6 +348,6 @@ unsigned char send_icmp_unreachable(const struct streaminfo *a_stream)
__FUNCTION__,
debug_buf);
return STATE_DROPME|STATE_DROPPKT;;
return STATE_DROPME|STATE_DROPPKT;
}

25
src/tsg_protocol.cpp Normal file
View File

@@ -0,0 +1,25 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <MESA/ssl.h>
#include <MESA/stream.h>
int tm_get_ssl_ja3_fingerprint(const struct streaminfo *a_stream, char **ja3_fingerprint)
{
struct _ssl_ja3_info_t *ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
if(ja3_info!=NULL)
{
if(ja3_info->fp!=NULL && ja3_info->fp_len>0)
{
*ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
memset(*ja3_fingerprint, 0, ja3_info->fp_len+1);
memcpy(*ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
return 1;
}
}
return 0;
}

12
src/tsg_protocol_common.h
View File

@@ -1,5 +1,4 @@
#ifndef __TSG_PROTOCOL_COMMON_H__
#define __TSG_PROTOCOL_COMMON_H__
#pragma once
#include <MESA/stream.h>
#include "tsg_rule.h"
@@ -120,14 +119,13 @@ struct monitor_user_region
struct default_session_para
{
struct Maat_rule_t result; //XJ default policy
struct maat_rule result; //XJ default policy
struct deny_user_region tcp;
struct deny_user_region udp;
};
struct compile_user_region
{
int ref_cnt;
enum TSG_METHOD_TYPE method_type;
union
{
@@ -137,13 +135,13 @@ struct compile_user_region
void *user_region_para;
};
struct packet_capture capture;
struct maat_rule compile_rule;
};
int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir);
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data);
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct maat_rule *p_result, struct compile_user_region *user_region, const void *user_data);
unsigned char send_icmp_unreachable(const struct streaminfo *a_stream);
int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt);
unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data);
unsigned char tsg_enforing_deny_application(const struct streaminfo *a_stream, struct maat_rule *p_result, enum TSG_PROTOCOL protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data);
#endif

2903
src/tsg_rule.cpp
View File

File diff suppressed because it is too large Load Diff

177
src/tsg_rule_internal.h Normal file
View File

@@ -0,0 +1,177 @@
#pragma once
#include <MESA/maat.h>
#include "tsg_rule.h"
#include "tsg_variable.h"
#ifndef MAX_FILEPATH_LEN
#define MAX_FILEPATH_LEN 128
#endif
#ifndef MAX_IPV6_ADDR_LEN
#define MAX_IPV6_ADDR_LEN 128
#endif
#ifndef TUNNEL_BOOL_ID_MAX
#define TUNNEL_BOOL_ID_MAX 128
#endif
#ifndef TUNNEL_CATALOG_MAX
#define TUNNEL_CATALOG_MAX 128
#endif
#ifndef MAX_TABLE_NAME_LEN
#define MAX_TABLE_NAME_LEN 64
#endif
enum MAAT_MODE
{
MAAT_MODE_FILE=0,
MAAT_MODE_JSON,
MAAT_MODE_REDIS,
MAAT_MODE_MAX
};
enum MAAT_PLUGIN_TB
{
MAAT_PLUGIN_SECURITY_COMPILE=0,
MAAT_PLUGIN_ASN_USER_DEFINED,
MAAT_PLUGIN_ASN_BUILT_IN,
MAAT_PLUGIN_LOCATION_USER_DEFINED,
MAAT_PLUGIN_LOCATION_BUILT_IN,
MAAT_PLUGIN_FQDN_CAT_USER_DEFINED,
MAAT_PLUGIN_FQDN_CAT_BUILT_IN,
MAAT_PLUGIN_APP_ID_DICT,
MAAT_PLUGIN_RESPONSE_PAGES,
MAAT_PLUGIN_DNS_PROFILE_RECORD,
MAAT_PLUGIN_PROFILE_MIRROR,
MAAT_PLUGIN_TUNNEL_CATALOG,
MAAT_PLUGIN_TUNNEL_ENDPOINT,
MAAT_PLUGIN_TUNNEL_LABEL,
MAAT_PLUGIN_SESSION_LOG, //T_VSYS_INFO,
MAAT_PLUGIN_SUBSCRIBER_IP2ID,
MAAT_PLUGIN_GTP_IP2SIGNALING,
MAAT_PLUGIN_MAX
};
struct maat_plugin_table
{
int id;
char name[MAX_TABLE_NAME_LEN];
maat_ex_new_func_t *ex_new;
maat_ex_free_func_t *ex_free;
maat_ex_dup_func_t *ex_dup;
};
enum MAAT_SCAN_TB
{
MAAT_SCAN_SRC_IP_ADDR=0,
MAAT_SCAN_DST_IP_ADDR,
MAAT_SCAN_SUBSCRIBER_ID,
MAAT_SCAN_APP_ID,
MAAT_SCAN_HTTP_HOST,
MAAT_SCAN_HTTP_URL,
MAAT_SCAN_SSL_SNI,
MAAT_SCAN_EXCLUSION_SSL_SNI,
MAAT_SCAN_SRC_ASN,
MAAT_SCAN_DST_ASN,
MAAT_SCAN_SRC_LOCATION,
MAAT_SCAN_DST_LOCATION,
MAAT_SCAN_QUIC_SNI,
//MAAT_SCAN_FQDN_CAT_ID,
MAAT_SCAN_SELECTOR_ID,
MAAT_SCAN_SELECTOR_PROPERTIES,
MAAT_SCAN_GTP_APN,
MAAT_SCAN_GTP_IMSI,
MAAT_SCAN_GTP_PHONE_NUMBER,
MAAT_SCAN_DTLS_SNI,
MAAT_SCAN_TUNNEL_ID,
MAAT_SCAN_SESSION_FLAGS,
MAAT_SCAN_MAX
};
struct maat_scan_table
{
int id;
char name[MAX_TABLE_NAME_LEN];
};
struct maat_runtime_para
{
int level;
int default_compile_id;
int location_field_num;
int session_record_switch;
char data_center[MAX_STRING_LEN128];
char device_tag[MAX_STRING_LEN128];
struct mirrored_vlan default_vlan;
struct maat_scan_table scan_tb[MAAT_SCAN_MAX];
struct maat_plugin_table plugin_tb[MAAT_PLUGIN_MAX];
void *logger;
};
struct maat_compile
{
int ref_cnt;
struct maat_rule rule;
char *p_user_region;
struct compile_user_region *user_region;
};
int tsg_maat_rule_init(const char *conffile);
void plugin_ex_data_gtp_c_free(struct umts_user_info *user_info);
void plugin_ex_data_asn_number_free(struct asn_info *asn);
void plugin_ex_data_location_free(struct location_info *location);
void plugin_ex_data_subscriber_id_free(struct subscribe_id_info *subscriber);
void plugin_ex_data_tunnel_endpoint_free(struct tunnel_endpoint *t_enpoint);
void plugin_ex_data_http_response_pages_free(struct http_response_pages *response_pages);
void plugin_ex_data_app_id_dict_free(struct app_id_dict * dict);
void plugin_ex_data_security_compile_free(struct maat_compile *maat_compile);
void plugin_ex_data_dns_profile_record_free(struct dns_profile_records * records);
void tsg_maat_state_free(struct maat_state *state);
int srt_attribute_set_ip_asn(const struct streaminfo *a_stream, struct maat *feather, struct asn_info **client_asn, struct asn_info **server_asn);
int srt_attribute_set_ip_location(const struct streaminfo *a_stream, struct maat *feather, struct location_info **client_location, struct location_info **server_location);
int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info **client_subscriber_id, struct subscribe_id_info **server_subscriber_id);
int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id);
void *matched_rule_cites_app_id_dict(struct maat *feather, long long app_id);
void *matched_rule_cites_security_compile(struct maat *feather, long long compile_id);
void *matched_rule_cites_dns_profile_record(struct maat *feather, long long profile_id);
char *tsg_data_center_get(void);
char *tsg_device_tag_get(void);
int tsg_location_type_get(void);
int tsg_session_record_switch_get(void);
int tsg_table_idx_get_by_protocol(enum TSG_PROTOCOL proto);
int tsg_http_url_table_idx_get(void);
long long tsg_default_compile_id_get(void);
//parent_app_name.app_name
int tsg_get_app_name_by_id(struct maat *feather, int app_id, char *app_name, int app_name_len, int is_joint_parent);
size_t tsg_scan_session_flags(const struct streaminfo *a_stream, struct maat *feather, unsigned long flag, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
size_t tsg_scan_app_id_policy(const struct streaminfo *a_stream, struct maat *feather, unsigned int app_id, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
size_t tsg_scan_shared_policy(const struct streaminfo *a_stream, struct maat *feather, char *domain, int idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
size_t tsg_scan_app_properties_policy(const struct streaminfo *a_stream, struct maat *feather, char *property, char *district, struct maat_state *s_mid, struct maat_rule *results, int n_results);
size_t tsg_scan_tunnel_id(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *results, size_t n_results, struct maat_state *s_mid, long long *bool_id_array, size_t n_bool_id_array);
size_t tsg_scan_fqdn_category_id(const struct streaminfo * a_stream, struct maat *feather, unsigned int *category_id, int category_id_num, int table_idx, struct maat_state *s_mid, struct maat_rule *results, size_t n_results);
int tsg_scan_intercept_exclusion(const struct streaminfo *a_stream, struct maat *feather, struct maat_rule *p_result, char *domain, int thread_seq);
struct maat_rule *tsg_select_deny_rule(struct maat_rule *rules, size_t n_rules);
struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, long long teid);
size_t tsg_select_matched_security_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_matched_shaping_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
size_t tsg_select_matched_service_chaining_rules(struct maat_rule * matched_rules, size_t n_matched_rules, struct maat_rule *rules, size_t n_rules);
int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq);

483
src/tsg_send_log.cpp
View File

@@ -19,7 +19,9 @@
#include "app_label.h"
#include "tsg_entry.h"
#include "tsg_bridge.h"
#include "tsg_send_log.h"
#include "tsg_rule_internal.h"
#include "tsg_send_log_internal.h"
#include "rapidjson/document.h" // rapidjson's DOM-style API
@@ -33,7 +35,6 @@
using namespace rapidjson;
using namespace std;
char TSG_SEND_LOG_VERSION_20200729=0;
struct tsg_log_instance_t *g_tsg_log_instance;
struct TLD_handle_t
@@ -127,7 +128,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat
for(int i=0; i<thread_num; i++)
{
topic->send_log_percent[i]=100;
topic->drop_start[i]=get_current_time_ms();
topic->drop_start[i]=tsg_get_current_time_ms();
}
topic->fs2_line_id=FS_register(_instance->fs2_handle, FS_STYLE_LINE, FS_CALC_SPEED, topic->name);
@@ -138,7 +139,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat
static int update_percent(struct tsg_log_instance_t *_instance, int service_id, enum LOG_COLUMN_STATUS column, int thread_id)
{
long long current_time_ms=get_current_time_ms();
long long current_time_ms=tsg_get_current_time_ms();
struct topic_stat *topic=(struct topic_stat *)&(_instance->service2topic[service_id]);
switch(column)
@@ -202,7 +203,7 @@ static struct tsg_log_instance_t *get_log_instance(void)
return NULL;
}
static int is_tunnels(struct streaminfo *a_stream)
static int is_tunnels(const struct streaminfo *a_stream)
{
const struct streaminfo *ptmp = a_stream;
const struct streaminfo *pfather=NULL;
@@ -240,7 +241,7 @@ static int is_tunnels(struct streaminfo *a_stream)
return is_tunnel;
}
static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, enum MESA_stream_opt type)
static int set_isn(const struct streaminfo *a_stream, struct TLD_handle_t *_handle, char *field_name, enum MESA_stream_opt type)
{
unsigned int isn=0;
int size=sizeof(isn);
@@ -253,21 +254,21 @@ static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch
return 1;
}
static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
if(a_stream->type==STREAM_TYPE_TCP)
{
switch(a_stream->dir)
{
case DIR_C2S:
set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S);
set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S);
break;
case DIR_S2C:
set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C);
set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C);
break;
case DIR_DOUBLE:
set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S);
set_isn(_handle, a_stream, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C);
set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_CLIENT_ISN].name, MSO_TCP_ISN_C2S);
set_isn(a_stream, _handle, _instance->id2field[LOG_COMMON_TCP_SERVER_ISN].name, MSO_TCP_ISN_S2C);
break;
default:
break;
@@ -277,9 +278,9 @@ static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t
return 1;
}
static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
const char *linkinfo=(const char *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]);
const char *linkinfo=(const char *)session_mac_linkinfo_get(a_stream);
if(linkinfo==NULL)
{
return 0;
@@ -316,7 +317,7 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_
return 0;
}
static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info)
static int set_asn(struct TLD_handle_t *_handle, const struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info)
{
if(asn_info!=NULL)
{
@@ -334,7 +335,7 @@ static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch
return 1;
}
static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info)
static int set_location(struct TLD_handle_t *_handle, const struct streaminfo *a_stream, char *field_name, struct location_info *location_info)
{
if(location_info==NULL)
{
@@ -344,7 +345,7 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea
int len=0;
char buff[1024]={0};
int buff_len=sizeof(buff);
int location_type=tsg_get_location_type();
int location_type=tsg_location_type_get();
switch(location_type)
{
case 18:
@@ -376,9 +377,9 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea
return 1;
}
static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
char direction=get_direction_from_tcpall(a_stream);
char direction=srt_action_context_get_direction(a_stream);
if(direction>0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_DIRECTION].name, (void *)(long)direction, TLD_TYPE_LONG);
@@ -388,7 +389,7 @@ static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle
return 0;
}
static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
unsigned short tunnel_type=0;
char nest_addr_buf[1024];
@@ -409,7 +410,7 @@ static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_han
return 1;
}
static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
int addr_type=0;
unsigned short c_port=0, s_port=0;
@@ -456,7 +457,7 @@ static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t
return 1;
}
static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
long common_con_duration_ms=0;
int size=sizeof(unsigned long long);
@@ -500,7 +501,7 @@ static int set_subscriber_id(struct TLD_handle_t *_handle, char *field_name, str
return 0;
}
static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, unsigned int *category_id, int category_id_num)
static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, unsigned int *category_id, int category_id_num)
{
int i=0;
if(category_id_num<=0 || category_id==NULL)
@@ -519,7 +520,7 @@ static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_ha
return 1;
}
static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct umts_user_info *user_info)
static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct umts_user_info *user_info)
{
if(user_info==NULL)
{
@@ -549,7 +550,7 @@ static int set_umts_user_info(struct tsg_log_instance_t *_instance, struct TLD_h
return 1;
}
static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct tcp_flow_stat *tflow_project=NULL;
struct udp_flow_stat *uflow_project=NULL;
@@ -600,7 +601,7 @@ static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name,
for(j=0; j<result[i].app_num; j++)
{
Value object(kObjectType);
ret=tsg_app_id2name(result[i].attributes[j].app_id, app_name, sizeof(app_name), 0);
ret=tsg_get_app_name_by_id(g_tsg_maat_feather, result[i].attributes[j].app_id, app_name, sizeof(app_name), 0);
if(ret>0)
{
add_str_member(_handle, &object, "app_name", app_name);
@@ -636,7 +637,7 @@ static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, c
{
char app_name[512]={0};
Value object(kObjectType);
int ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
int ret=tsg_get_app_name_by_id(g_tsg_maat_feather, result->attributes[i].app_id, app_name, sizeof(app_name), 1);
if(ret>0)
{
add_str_member(_handle, &object, "app_name", app_name);
@@ -666,7 +667,7 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
for(i=0; i<result->app_num; i++)
{
memset(app_name, 0, sizeof(app_name));
tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
tsg_get_app_name_by_id(g_tsg_maat_feather, result->attributes[i].app_id, app_name, sizeof(app_name), 1);
if(strnlen(app_name, sizeof(app_name)) > 0)
{
Value app_name_str;
@@ -802,7 +803,7 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han
if(combined_num==0)
{
offset=tsg_app_id2name(result[ORIGIN_UNKNOWN].attributes[0].app_id, app_full_path, sizeof(app_full_path), 0);
offset=tsg_get_app_name_by_id(g_tsg_maat_feather, result[ORIGIN_UNKNOWN].attributes[0].app_id, app_full_path, sizeof(app_full_path), 0);
if(offset>0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_full_path, TLD_TYPE_STRING);
@@ -814,7 +815,7 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han
for(int i=0; i<combined_num; i++)
{
offset+=tsg_app_id2name(combined_array[i], app_full_path+offset, sizeof(app_full_path)-offset, 0);
offset+=tsg_get_app_name_by_id(g_tsg_maat_feather, combined_array[i], app_full_path+offset, sizeof(app_full_path)-offset, 0);
if(offset>0)
{
app_full_path[offset++]='.';
@@ -840,13 +841,13 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han
return 1;
}
int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
if(gather_result==NULL)
{
char app_name[512]={0};
if(tsg_app_id2name(_instance->unknown_app_id, app_name, sizeof(app_name), 0))
if(tsg_get_app_name_by_id(g_tsg_maat_feather, _instance->unknown_app_id, app_name, sizeof(app_name), 0))
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
@@ -879,7 +880,7 @@ int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handl
return 1;
}
int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id)
int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, enum LOG_FIELD_ID id)
{
if(layer_num==0)
{
@@ -897,7 +898,7 @@ int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle,
return 1;
}
static int set_mpls(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_mpls_addr *mpls_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id)
static int set_mpls(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_mpls_addr *mpls_addr, int layer_num, Value *tunnel_object, enum LOG_FIELD_ID id)
{
if(layer_num==0)
{
@@ -1209,9 +1210,9 @@ int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff
return 1;
}
static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id);
struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)session_conn_sketch_notify_data_get(a_stream);
if(notify_mail!=NULL && notify_mail->pdata.mail_eml_filename!=NULL && notify_mail->protocol==PROTO_MAIL)
{
TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
@@ -1222,10 +1223,9 @@ static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_
return 0;
}
static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct business_notify_data *bnd_label=(struct business_notify_data *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]);
struct business_notify_data *bnd_label=(struct business_notify_data *)session_business_data_get(a_stream);
if(bnd_label==NULL || bnd_label->pdata==NULL)
{
return 0;
@@ -1252,20 +1252,29 @@ static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_hand
return 1;
}
int set_nat_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, int project_id)
int set_nat_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
const char *nat_linkinfo=(const char *)stream_bridge_async_data_get(a_stream, project_id);
if(nat_linkinfo==NULL)
if(_instance->send_nat_linkinfo==0 || a_stream==NULL)
{
return 0;
}
copy_rapidjson(_handle, field_name, nat_linkinfo);
return 0;
char *c2s_linkinfo=(char *)session_nat_c2s_linkinfo_get(a_stream);
if(c2s_linkinfo!=NULL)
{
copy_rapidjson(_handle, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, c2s_linkinfo);
}
static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, Value *object, enum addr_type_t up_layer_type)
char *s2c_linkinfo=(char *)session_nat_s2c_linkinfo_get(a_stream);
if(s2c_linkinfo!=NULL)
{
copy_rapidjson(_handle, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, s2c_linkinfo);
}
return 1;
}
static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, Value *object, enum addr_type_t up_layer_type)
{
char ip_buff[64]={0};
if(a_stream==NULL)
@@ -1273,7 +1282,7 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T
return 0;
}
tsg_log_field_id_t s_ip_idx, d_ip_idx, s_port_idx, d_port_idx;
enum LOG_FIELD_ID s_ip_idx, d_ip_idx, s_port_idx, d_port_idx;
switch(up_layer_type)
{
@@ -1332,9 +1341,9 @@ struct session_marker_notify_ctx
char *identify_str;
};
int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct session_marker_notify_ctx *sm_notify=(struct session_marker_notify_ctx *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_ASYNC_SESSION_FLAGS]);
struct session_marker_notify_ctx *sm_notify=(struct session_marker_notify_ctx *)session_session_flags_get(a_stream);
if(sm_notify==NULL)
{
return 0;
@@ -1353,18 +1362,23 @@ int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t
return 0;
}
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
if(shaping_label==NULL)
if(a_stream==NULL)
{
return 0;
}
struct matched_policy_rules *hited_shaping=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SHAPING);
if(hited_shaping==NULL)
{
return 0;
}
Value shaping_rule_ids_array(kArrayType);
for(int i=0; i<shaping_label->shaping_result_num; i++)
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
shaping_rule_ids_array.PushBack(shaping_label->shaping_result[i].config_id, _handle->document->GetAllocator());
shaping_rule_ids_array.PushBack((unsigned int)(hited_shaping->rules[i].rule_id), _handle->document->GetAllocator());
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *) &shaping_rule_ids_array, TLD_TYPE_OBJECT);
@@ -1372,7 +1386,7 @@ int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle
return 0;
}
static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
int ret=0;
char ip_buff[64]={0};
@@ -1469,7 +1483,7 @@ static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h
return 0;
}
char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id)
char *log_field_id2name(struct tsg_log_instance_t *instance, enum LOG_FIELD_ID id)
{
struct tsg_log_instance_t *_instance=instance;
if(_instance!=NULL)
@@ -1480,66 +1494,45 @@ char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t
return NULL;
}
unsigned long long tsg_get_stream_id(struct streaminfo * a_stream)
{
int ret=0;
int device_id_size=sizeof(unsigned long long);
unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc;
ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size);
if(ret==0)
{
return device_id;
}
return -1;
}
int is_multi_hit_same_policy(struct Maat_rule_t *result, int *policy_id, int *policy_id_num)
int is_multi_hit_same_policy(struct maat_rule *result, int *policy_id, int *policy_id_num)
{
int j=0;
for(j=0;j<*policy_id_num;j++)
{
if(policy_id[j]==result->config_id)
if(policy_id[j]==result->rule_id)
{
return 1;
}
}
policy_id[(*policy_id_num)++]=result->config_id;
policy_id[(*policy_id_num)++]=result->rule_id;
return 0;
}
static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct Maat_rule_t *p_result, int thread_seq)
static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct maat_rule *p_result, int thread_seq)
{
cJSON *item=NULL;
cJSON *object=NULL;
char *user_region=NULL;
TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_VSYSTEM_ID].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name);
if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0)
if(p_result->action!=TSG_ACTION_NONE)
{
user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1);
int ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1);
if(ret==p_result->serv_def_len)
struct maat_compile *compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
if(compile!=NULL && compile->p_user_region!=NULL)
{
user_region[p_result->serv_def_len]='\0';
object=cJSON_Parse(user_region);
object=cJSON_Parse(compile->p_user_region);
if(_instance->send_user_region==1)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)user_region, TLD_TYPE_STRING);
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)(compile->p_user_region), TLD_TYPE_STRING);
}
dictator_free(thread_seq, user_region);
user_region=NULL;
plugin_ex_data_security_compile_free(compile);
}
}
if(object==NULL)
@@ -1573,35 +1566,20 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo
return 0;
}
int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
if(a_stream==NULL)
struct application_behavior *behavior_result=(struct application_behavior *)session_application_behavior_get(a_stream);
if(behavior_result!=NULL)
{
return 0;
}
struct application_behavior *behavior_result=NULL;
behavior_result=(struct application_behavior *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]);
if(behavior_result==NULL)
{
return 0;
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_APPLICATION_BEHAVIOR].name, (void *)(behavior_result->stream_behavior), TLD_TYPE_STRING);
}
return 1;
}
int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
int set_policy_action_para_exec_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct maat_rule *p_result)
{
if(a_stream==NULL)
{
return 0;
}
int i=0;
struct tsg_notify_execution_result *execution_result=NULL;
execution_result=(struct tsg_notify_execution_result *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]);
struct tsg_notify_execution_result *execution_result=(struct tsg_notify_execution_result *)session_mirrored_and_capture_packets_exec_result_get(a_stream);
if(execution_result==NULL)
{
return 0;
@@ -1611,9 +1589,9 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
TLD_delete(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name);
for(i=0; i<execution_result->stat_mirrored_cnt; i++)
for(int i=0; i<execution_result->stat_mirrored_cnt; i++)
{
if(execution_result->stat_mirrored[i].compile_id==p_result->config_id)
if(execution_result->stat_mirrored[i].compile_id==p_result->rule_id)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(execution_result->stat_mirrored[i].packets), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name, (void *)(execution_result->stat_mirrored[i].bytes), TLD_TYPE_LONG);
@@ -1621,9 +1599,9 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
}
}
for(i=0; i<execution_result->capture_result_cnt; i++)
for(int i=0; i<execution_result->capture_result_cnt; i++)
{
if(execution_result->capture_result[i].compile_id==p_result->config_id)
if(execution_result->capture_result[i].compile_id==p_result->rule_id)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name, (void *)(execution_result->capture_result[i].packet_path), TLD_TYPE_STRING);
break;
@@ -1633,85 +1611,82 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
return 1;
}
int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
int ret=0;
struct session_attribute_label *attribute_label=NULL;
attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, _instance->session_attribute_project_id);
if(attribute_label==NULL)
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
if(srt_attribute==NULL)
{
return 0;
}
if(attribute_label->establish_latency_ms>0)
if(srt_attribute->establish_latency_ms>0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)attribute_label->establish_latency_ms, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)srt_attribute->establish_latency_ms, TLD_TYPE_LONG);
}
if(attribute_label->http_action_file_size>0)
if(srt_attribute->http_action_file_size>0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_ACTION_FILESIZE].name, (void *)(long)attribute_label->http_action_file_size, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_ACTION_FILESIZE].name, (void *)(long)srt_attribute->http_action_file_size, TLD_TYPE_LONG);
}
set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_ASN].name, attribute_label->client_asn);
set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_ASN].name, attribute_label->server_asn);
set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_ASN].name, srt_attribute->client_asn);
set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_ASN].name, srt_attribute->server_asn);
set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, attribute_label->client_location);
set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, attribute_label->server_location);
set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, srt_attribute->client_location);
set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, srt_attribute->server_location);
ret=set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->client_subscribe_id);
int ret=set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, srt_attribute->client_subscribe_id);
if(ret==0)
{
set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->server_subscribe_id);
set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, srt_attribute->server_subscribe_id);
}
set_fqdn_category(_instance, _handle, a_stream, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num);
set_fqdn_category(_instance, _handle, a_stream, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids);
if(attribute_label->ja3_fingerprint!=NULL)
if(srt_attribute->ja3_fingerprint!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)attribute_label->ja3_fingerprint, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)srt_attribute->ja3_fingerprint, TLD_TYPE_STRING);
}
set_umts_user_info(_instance, _handle, a_stream, attribute_label->user_info);
set_umts_user_info(_instance, _handle, a_stream, srt_attribute->user_info);
if(attribute_label->client_endpoint!=NULL)
if(srt_attribute->client_endpoint!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_A_DESC].name, (void *)attribute_label->client_endpoint->description, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_A_DESC].name, (void *)srt_attribute->client_endpoint->description, TLD_TYPE_STRING);
}
if(attribute_label->server_endpoint!=NULL)
if(srt_attribute->server_endpoint!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_B_DESC].name, (void *)attribute_label->server_endpoint->description, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_B_DESC].name, (void *)srt_attribute->server_endpoint->description, TLD_TYPE_STRING);
}
if(attribute_label->session_flags>0 && !(TLD_search(_handle, _instance->id2field[LOG_COMMON_FLAGS].name)))
if(srt_attribute->session_flags>0 && !(TLD_search(_handle, _instance->id2field[LOG_COMMON_FLAGS].name)))
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_FLAGS].name, (void *)attribute_label->session_flags, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_FLAGS].name, (void *)srt_attribute->session_flags, TLD_TYPE_LONG);
}
return 1;
}
int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]);
struct user_defined_attribute *uda_label=(struct user_defined_attribute *)session_lua_user_defined_attribute_get(a_stream);
if(uda_label!=NULL)
{
Value array(kArrayType);
for(int i=0; i<uda_label->attribute_num; i++)
for(int i=0; i<uda_label->n_akv; i++)
{
Value object(kObjectType);
switch(uda_label->attribute[i].type)
switch(uda_label->akv[i].type)
{
case ATTRIBUTE_TYPE_BOOL:
case ATTRIBUTE_TYPE_NUMERIC:
add_number_member(_handle, &object, uda_label->attribute[i].name, uda_label->attribute[i].number);
case LUA_ATTRIBUTE_TYPE_BOOL:
case LUA_ATTRIBUTE_TYPE_NUMERIC:
add_number_member(_handle, &object, uda_label->akv[i].name, uda_label->akv[i].number);
break;
case ATTRIBUTE_TYPE_IP:
case ATTRIBUTE_TYPE_STRING:
add_str_member(_handle, &object, uda_label->attribute[i].name, uda_label->attribute[i].string);
case LUA_ATTRIBUTE_TYPE_IP:
case LUA_ATTRIBUTE_TYPE_STRING:
add_str_member(_handle, &object, uda_label->akv[i].name, uda_label->akv[i].string);
break;
default:
continue;
@@ -1726,7 +1701,7 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand
return 0;
}
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream)
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream)
{
if(instance==NULL || handle==NULL || a_stream==NULL)
{
@@ -1762,7 +1737,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
set_common_tunnels(_instance, _handle, a_stream);
}
unsigned long long stream_id=tsg_get_stream_id(a_stream);
unsigned long long stream_id=tsg_get_stream_trace_id(a_stream);
char stream_id_buff[128]={0};
snprintf(stream_id_buff, sizeof(stream_id_buff), "%llu", stream_id);
TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)stream_id_buff, TLD_TYPE_STRING);
@@ -1773,7 +1748,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
return 0;
}
int load_log_common_field(const char *filename, id2field_t *id2field, struct topic_stat **service2topic, int *max_service)
int log_common_fields_new(const char *filename, id2field_t *id2field, struct topic_stat **service2topic, int *max_service)
{
int i=0,flag=0;
int ret=0,id=0;
@@ -1881,7 +1856,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
char override_sled_ip[32]={0};
char kafka_errstr[1024]={0};
unsigned int local_ip_nr=0;
char bridge_name[LOG_BRIDGE_MAX][128]={0};
rd_kafka_conf_t *rdkafka_conf = NULL;
char broker_list[1024]={0};
struct tsg_log_instance_t *_instance=NULL;
@@ -1916,24 +1890,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
MESA_load_profile_int_def(conffile, "TSG_LOG", "VSYSTEM_ID", &(_instance->vsystem_id), 1);
MESA_load_profile_int_def(conffile, "SYSTEM","UNKNOWN_APP_ID", &_instance->unknown_app_id, 4);
MESA_load_profile_string_def(conffile, "TSG_LOG", "LINKINFO_FROM_MAC", bridge_name[LOG_BRIDGE_MAC_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_MAC_LINKINFO]), "mirror_linkinfo_from_mac");
MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_C2S_LINKINFO", bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO]), "common_link_info_c2s");
MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_S2C_LINKINFO", bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO]), "common_link_info_s2c");
MESA_load_profile_string_def(conffile, "TSG_LOG", "APP_LUA_SCRIPTS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_LUA_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_LUA_RESULT]), "LUA_USER_DEFINED_ATTRIBUTE");
MESA_load_profile_string_def(conffile, "TSG_LOG", "BUSINESS_S3_FILENAME", bridge_name[LOG_BRIDGE_BUSINESS_S3_FILENAME], sizeof(bridge_name[LOG_BRIDGE_BUSINESS_S3_FILENAME]), "TSG_BUSINESS_S3_FILENAME");
MESA_load_profile_string_def(conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT]), "TSG_APPLICATION_BEHAVIOR");
MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT], sizeof(bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]), "TSG_NOTIFICATION_EXECUTION_RESULT");
MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_ASYNC_FLAGS_BRIDGE_NAME", bridge_name[LOG_BRIDGE_ASYNC_SESSION_FLAGS], sizeof(bridge_name[LOG_BRIDGE_ASYNC_SESSION_FLAGS]), "SESSION_FLAGS_ASYNC_NOTIFY_DATA");
for(int i=0; i<LOG_BRIDGE_MAX; i++)
{
_instance->bridge_id[i]=stream_bridge_build(bridge_name[i], "w");
if(_instance->bridge_id[i]<0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "LINKINFO_FROM_MAC", "stream_bridge_build is error, bridge_name: %s", bridge_name[i]);
}
}
_instance->logger=MESA_create_runtime_log_handle(log_path, _instance->level);
if(_instance->logger==NULL)
{
@@ -2020,7 +1976,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
return NULL;
}
load_log_common_field(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
log_common_fields_new(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
if(_instance->service2topic!=NULL)
{
@@ -2030,16 +1986,11 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
{
register_topic(_instance, &( _instance->service2topic[i]));
}
if(i==1)
{
memcpy(&(_instance->service2topic[i]), &(_instance->service2topic[0]), sizeof(struct topic_stat)); // service id of security event is 0 and 1
}
}
}
else
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "load_log_common_field is error, please check %s", common_field_file);
MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "log_common_fields_new is error, please check %s", common_field_file);
}
return _instance;
@@ -2091,71 +2042,75 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance)
free(instance);
instance=NULL;
/*
int ret=0,count=0;
while(1)
{
ret=rd_kafka_wait_destroyed(1000);
if(ret==0)
{
break;
}
count++;
}
*/
return ;
}
int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_id)
int send_log_by_type(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, LOG_TYPE log_type, int thread_id)
{
int fs_id=0,ret=0,repeat_cnt=0;
int policy_id[MAX_RESULT_NUM]={0};
int ret=update_percent(_instance, log_type, LOG_COLUMN_STATUS_DROP, thread_id);
if(ret==1)
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"record_log",
"drop log: log_type=%d send_log_percent: %d addr=%s",
log_type,
_instance->service2topic[log_type].send_log_percent[thread_id],
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
}
StringBuffer sb(0, 2048);
Writer<StringBuffer> writer(sb);
_handle->document->Accept(writer);
tsg_send_payload(_instance, log_type, (char *)sb.GetString(), sb.GetSize(), thread_id);
if(g_tsg_para.session_record_switch==0 && (p_result[0].service_id==2 || p_result[0].service_id==6 || p_result[0].service_id==7))
{
return 0;
}
for(int i=0;i<p_result_num; i++)
int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_id)
{
if(is_multi_hit_same_policy(&(p_result[i]), policy_id, &repeat_cnt))
int fs_id=0,repeat_cnt=0;
int policy_id[MAX_RESULT_NUM]={0};
for(size_t i=0;i<n_rules; i++)
{
if(is_multi_hit_same_policy(&(rules[i]), policy_id, &repeat_cnt))
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg_send_log",
"tsg same log:cfg_id=%d service=%d addr=%s",
p_result[i].config_id,
p_result[i].service_id,
rules[i].rule_id,
rules[i].service_id,
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
continue;
}
switch(p_result[i].do_log)
switch(rules[i].do_log)
{
case LOG_ABORT:
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg_send_log",
"tsg abort log:cfg_id=%d service=%d addr=%s",
p_result[i].config_id,
p_result[i].service_id,
rules[i].rule_id,
rules[i].service_id,
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
fs_id=action2fs_id((int)p_result[i].action);
fs_id=action2fs_id((int)rules[i].action);
FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1);
continue;
break;
case LOG_ALL:
if(p_result[i].action==TSG_ACTION_MONITOR)
if(rules[i].action==TSG_ACTION_MONITOR)
{
set_s3_filename(_instance, _handle, a_stream);
set_mail_eml(_instance, _handle, a_stream);
}
break;
case LOG_NOFILE:
if(p_result[i].action==TSG_ACTION_MONITOR)
if(rules[i].action==TSG_ACTION_MONITOR)
{
TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);
@@ -2166,39 +2121,15 @@ int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle,
break;
}
ret=update_percent(_instance, p_result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id);
if(ret==1)
{
MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s",
p_result[i].config_id,
p_result[i].service_id,
_instance->service2topic[p_result[i].service_id].send_log_percent[thread_id],
(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
);
continue;
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(rules[i].rule_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(rules[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)rules[i].action), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(p_result[i].config_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(p_result[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)p_result[i].action), TLD_TYPE_LONG);
set_policy_action_para_exec_result(_instance, _handle, a_stream, &(rules[i]));
set_notify_execution_result(_instance, _handle, a_stream, &(p_result[i]));
set_xxxx_from_user_region(_handle, _instance, &(rules[i]), thread_id);
if(_instance->send_nat_linkinfo &&p_result[i].config_id==0 && a_stream!=NULL)
{
set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]);
set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]);
}
set_xxxx_from_user_region(_handle, _instance, &(p_result[i]), thread_id);
StringBuffer sb(0, 2048);
Writer<StringBuffer> writer(sb);
_handle->document->Accept(writer);
tsg_send_payload(_instance, p_result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id);
send_log_by_type(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, thread_id);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
@@ -2209,14 +2140,14 @@ int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle,
return 0;
}
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id)
int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream, enum LOG_TYPE log_type, struct maat_rule *rules, size_t n_rules, int thread_id)
{
if(instance==NULL || handle==NULL || log_msg==NULL)
if(instance==NULL || handle==NULL || rules==NULL || n_rules==0)
{
TLD_cancel(handle);
if(instance!=NULL)
{
MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL ");
MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "tsg_send_log", " instance==NULL || TLD_handle==NULL || log_msg==NULL ");
}
return -1;
}
@@ -2228,51 +2159,61 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
{
TLD_cancel(handle);
FS_operate(_instance->fs2_handle, _instance->sum_line_id, _instance->fs2_field_id[LOG_COLUMN_STATUS_DROP], FS_OP_ADD, 1);
MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log.");
MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "tsg_send_log", "Disable tsg_send_log.");
return 0;
}
TLD_append_streaminfo(instance, handle, log_msg->a_stream);
TLD_append_streaminfo(instance, handle, a_stream);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING);
if(strlen(g_tsg_para.device_sn)>0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_ID].name, (void *)(g_tsg_para.device_sn), TLD_TYPE_STRING);
}
if(strlen(g_tsg_para.data_center)>0 && _instance->send_data_center==1)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)(g_tsg_para.data_center), TLD_TYPE_STRING);
}
if(strlen(g_tsg_para.device_tag)>0)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING);
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)tsg_data_center_get(), TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)tsg_device_tag_get(), TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG);
set_application_behavior(_instance, _handle, log_msg->a_stream);
set_application_behavior(_instance, _handle, a_stream);
if((log_msg->result[0].service_id==2 || log_msg->result[0].service_id==6 || log_msg->result[0].service_id==7) && log_msg->a_stream!=NULL) // stream of intercept is NULL
{
set_shaping_rule_ids(_instance, _handle, log_msg->a_stream);
}
struct matched_policy_rules *matched_security_rules=NULL;
send_log(_instance, _handle, log_msg->a_stream, log_msg->result, log_msg->result_num, thread_id);
//fetch firewall result
if(log_msg->result[0].service_id==2 || log_msg->result[0].service_id==7)
switch(log_type)
{
struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
if(priority_label!=NULL && priority_label->security_result_num>0)
case LOG_TYPE_SECURITY_EVENT:
send_security_event_log(_instance, _handle, a_stream, rules, n_rules, thread_id);
break;
case LOG_TYPE_SESSION_RECORD:
case LOG_TYPE_TRANSACTION_RECORD:
matched_security_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SECURITY);
if(matched_security_rules!=NULL && matched_security_rules->n_rules>0)
{
if(priority_label->security_result[0].action!=TSG_ACTION_INTERCEPT)
if(matched_security_rules->rules[0].action!=TSG_ACTION_INTERCEPT)
{
send_log(_instance, _handle, log_msg->a_stream, priority_label->security_result, priority_label->security_result_num, thread_id);
free_policy_label(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
tsg_set_xxx_to_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
send_security_event_log(_instance, _handle, a_stream, matched_security_rules->rules, matched_security_rules->n_rules, thread_id);
session_matched_rules_free(a_stream, TSG_SERVICE_SECURITY, (void *)matched_security_rules);
session_matched_rules_async(a_stream, TSG_SERVICE_SECURITY, NULL);
}
}
// no break;
case LOG_TYPE_INTERIM_SESSION_RECORD:
if(tsg_session_record_switch_get()==0)
{
break;
}
set_shaping_rule_ids(_instance, _handle, a_stream);
set_nat_linkinfo(_instance, _handle, a_stream);
send_log_by_type(_instance, _handle, a_stream, log_type, thread_id);
break;
case LOG_TYPE_BGP_RECORD:
case LOG_TYPE_VOIP_RECORD:
case LOG_TYPE_GTPC_RECORD:
case LOG_TYPE_INTERNAL_RTP_RECORD:
send_log_by_type(_instance, _handle, a_stream, log_type, thread_id);
break;
default:
TLD_cancel(handle);
return 0;
}
TLD_cancel(handle);
@@ -2313,7 +2254,7 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa
{
MESA_handle_runtime_log(_instance->logger,
RLOG_LV_INFO,
"TSG_SEND_LOG",
"tsg_send_log",
"tsg_send_log to kafka is error (payload==NULL || payload_len<=0 || topic_id<0 || _instance->service2topic[topic_id].topic_rkt==NULL), topic: %s",
_instance->service2topic[topic_id].name
);
@@ -2327,7 +2268,7 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa
MESA_handle_runtime_log(_instance->logger,
RLOG_LV_INFO,
"TSG_SEND_LOG",
"tsg_send_log",
"tsg_send_log to kafka is error of code: %d %s(%s), status: %d, topic: %s %s",
rd_kafka_last_error(),
rd_kafka_err2name(rd_kafka_last_error()),
@@ -2343,7 +2284,7 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa
update_percent(_instance, topic_id, LOG_COLUMN_STATUS_SUCCESS, thread_id);
MESA_handle_runtime_log(_instance->logger,
RLOG_LV_DEBUG,
"TSG_SEND_LOG",
"tsg_send_log",
"log send successfully %s: %s",
_instance->service2topic[topic_id].name,
payload

29
src/tsg_send_log_internal.h
View File

@@ -1,5 +1,4 @@
#ifndef __TSG_SEND_LOG_INTERNAL_H__
#define __TSG_SEND_LOG_INTERNAL_H__
#pragma once
#include <MESA/field_stat2.h>
@@ -16,14 +15,14 @@
#define MAX_STRING_LEN32 32
#endif
enum _SEND_MODE
enum SEND_MODE
{
CLOSE=0,
KAFKA=1,
};
typedef enum _tsg_log_field_id
enum LOG_FIELD_ID
{
LOG_COMMON_POLICY_ID=1,
LOG_COMMON_SERVICE,
@@ -140,7 +139,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_SHAPING_RULE_IDS,
LOG_COMMON_FLAGS_IDENTIFY_INFO,
LOG_COMMON_MAX
}tsg_log_field_id_t;
};
enum LOG_COLUMN_STATUS
{
@@ -168,20 +167,6 @@ enum LOG_FS2_TYPE{
LOG_FS2_TYPE_MAX
};
enum LOG_BRIDGE
{
LOG_BRIDGE_MAC_LINKINFO=0,
LOG_BRIDGE_NAT_C2S_LINKINFO,
LOG_BRIDGE_NAT_S2C_LINKINFO,
LOG_BRIDGE_APP_LUA_RESULT,
LOG_BRIDGE_BUSINESS_S3_FILENAME,
LOG_BRIDGE_APP_BEHAVIOR_RESULT,
LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT,
LOG_BRIDGE_ASYNC_SESSION_FLAGS,
LOG_BRIDGE_MAX
};
typedef struct _id2field
{
int type;
@@ -213,11 +198,9 @@ struct tsg_log_instance_t
int send_data_center;
int recovery_interval;
int rapidjson_chunk_capacity;
int session_attribute_project_id;
int tcp_flow_project_id;
int udp_flow_project_id;
int sum_line_id;
int bridge_id[LOG_BRIDGE_MAX];
int fs2_column_id[LOG_COLUMN_STATUS_MAX];
int fs2_field_id[LOG_FS2_TYPE_MAX];
char tcp_label[MAX_STRING_LEN32];
@@ -235,9 +218,7 @@ struct tsg_log_instance_t
void *logger;
};
char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id);
char *log_field_id2name(struct tsg_log_instance_t *instance, enum LOG_FIELD_ID id);
struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle);
void tsg_sendlog_destroy(struct tsg_log_instance_t * instance);
#endif

28
src/tsg_statistic.cpp
View File

@@ -11,7 +11,29 @@
#include "tsg_statistic.h"
#include "tsg_send_log_internal.h"
tsg_statis_para_t g_tsg_statis_para;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
struct tsg_statistic
{
int cycle;
int fs_line_id;
int thread_alive;
pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
};
struct tsg_statistic g_tsg_statis_para;
int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq)
{
@@ -31,7 +53,7 @@ int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_s
return 0;
}
int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_info, int thread_seq)
int tsg_set_intercept_flow(struct maat_rule *p_result, struct _traffic_info *traffic_info, int thread_seq)
{
struct _traffic_info *_info=NULL;
@@ -49,7 +71,7 @@ int tsg_set_intercept_flow(Maat_rule_t *p_result, struct _traffic_info *traffic_
return 0;
}
int tsg_set_policy_flow(struct streaminfo *a_stream, Maat_rule_t *p_result, int thread_seq)
int tsg_set_policy_flow(const struct streaminfo *a_stream, struct maat_rule *p_result, int thread_seq)
{
unsigned long long value=0;
int value_len=sizeof(unsigned long long);

18
src/tsg_sync_state.cpp
View File

@@ -3,6 +3,7 @@
#include <string.h>
#include <MESA/cJSON.h>
#include "tsg_variable.h"
#include "tsg_sync_state.h"
#include "tsg_send_log.h"
@@ -23,9 +24,9 @@ static int tsg_send_ctrl_pkt(const struct streaminfo *a_stream, cJSON *object)
}
char *payload = NULL;
uint64_t session_id = tsg_get_stream_id((struct streaminfo *)a_stream);
uint64_t session_id = tsg_get_stream_trace_id((struct streaminfo *)a_stream);
// tsg_get_stream_id maybe return -1
// tsg_get_stream_trace_id maybe return -1
if (session_id && session_id != (uint64_t)-1)
{
char trace_id[128]={0};
@@ -107,7 +108,14 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli
for (int i = 0; i < policy_array_num; i++)
{
policy_arr = cJSON_CreateIntArray(policy_array[i].ids, policy_array[i].id_num);
int tmp_ids[8]={0};
int n_tmp_ids=MIN(policy_array[i].n_ids, 8);
for(int j=0; j<n_tmp_ids; j++)
{
tmp_ids[j]=(int)(policy_array[i].ids[j]);
}
policy_arr = cJSON_CreateIntArray(tmp_ids, n_tmp_ids);
if (policy_arr == NULL || policy_array[i].type >= POLICY_UPDATE_MAX)
{
cJSON_Delete(object);
@@ -154,8 +162,8 @@ int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload,
params_object = cJSON_GetObjectItem(object, "params");
sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids");
result.sf_ids.id_num = cJSON_GetArraySize(sf_ids_array);
for (int i = 0; i < result.sf_ids.id_num; i ++)
result.sf_ids.n_ids = cJSON_GetArraySize(sf_ids_array);
for (int i = 0; i < result.sf_ids.n_ids; i ++)
{
result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint;
}

9
src/tsg_sync_state.h
View File

@@ -1,5 +1,4 @@
#ifndef TSG_SESSION_STATE_H
#define TSG_SESSION_STATE_H
#pragma once
#include <stdint.h>
#include <MESA/stream.h>
@@ -14,8 +13,8 @@ enum policy_type
struct update_policy
{
enum policy_type type;
int id_num;
int ids[8];
int n_ids;
long long ids[8];
};
// i don't need this
@@ -36,5 +35,3 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len);
#endif //TSG_SESSION_STATE_H

4
src/tsg_tamper.cpp
View File

@@ -36,11 +36,11 @@ int swap_payload2byte(char *str, int endlen)
{
char temp;
if(endlen<4){ //最少满足2个16bit的长度即最小4字节。
if(endlen<4){ //最少满<EFBFBD><EFBFBD>?<3F><>?6bit的长度即最<EFBFBD><EFBFBD>?字节<E5AD97><E88A82>?
return 0;
}
//这样交换是别面校验和不对的问
//这样交换是别面校验和不对的问<EFBFBD><EFBFBD>?
for(int i=1; i<endlen; i=i+2){
for (int j=i+2; j<endlen; j=j+2){
if(str[i] != str[j]){

85
src/tsg_variable.cpp Normal file
View File

@@ -0,0 +1,85 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "tsg_label.h"
#include "tsg_variable.h"
struct tsg_rt_para g_tsg_para;
struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
{PROTO_IPv4, 0, "IPV4"},
{PROTO_IPv6, 0, "IPV6"},
{PROTO_TCP, 0, "TCP"},
{PROTO_UDP, 0, "UDP"},
{PROTO_HTTP, 0, "HTTP"},
{PROTO_MAIL, 0, "MAIL"},
{PROTO_DNS, 0, "DNS"},
{PROTO_FTP, 0, "FTP"},
{PROTO_SSL, 0, "SSL"},
{PROTO_SIP, 0, "SIP"},
{PROTO_BGP, 0, "BGP"},
{PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
{PROTO_QUIC, 0, "QUIC"},
{PROTO_SSH, 0, "SSH"},
{PROTO_SMTP, 0, "SMTP"},
{PROTO_IMAP, 0, "IMAP"},
{PROTO_POP3, 0, "POP3"},
{PROTO_RTP, 0, "RTP"},
{PROTO_APP, 0, "BASE"},
{PROTO_L2TP, 0, "L2TP"},
{PROTO_PPTP, 0, "PPTP"},
{PROTO_STRATUM, 0, "Stratum"},
{PROTO_RDP, 0, "RDP"},
{PROTO_DTLS, 0, "DTLS"}
};
const char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
{
struct l7_protocol *l7_proto=NULL;
HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto);
if(l7_proto!=NULL)
{
return (const char *)l7_proto->name;
}
return NULL;
}
unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
{
struct l7_protocol *l7_proto=NULL;
HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto);
if(l7_proto!=NULL)
{
return l7_proto->id;
}
return 0;
}
long long tsg_get_current_time_ms(void)
{
int size=sizeof(long long);
long long current_time_ms=0;
sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, &current_time_ms, &size);
return current_time_ms;
}
unsigned long long tsg_get_stream_trace_id(const struct streaminfo * a_stream)
{
int ret=0;
int device_id_size=sizeof(unsigned long long);
unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc;
ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size);
if(ret==0)
{
return device_id;
}
return -1;
}

105
src/tsg_variable.h
View File

@@ -1,5 +1,8 @@
#pragma once
#include "uthash.h"
#include "tsg_bridge.h"
#include <MESA/stream.h>
#include <MESA/field_stat2.h>
#include <ctemplate/template.h>
@@ -72,54 +75,6 @@ enum DEPLOY_MODE
DEPLOY_MODE_MAX
};
enum MASTER_STATIC_TABLE
{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN,
TABLE_DST_ASN,
TABLE_SRC_LOCATION,
TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN,
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD,
TABLE_PROFILE_MIRROR,
TABLE_HTTP_URL,
TABLE_DTLS_SNI,
TABLE_TUNNEL_ID,
TABLE_TUNNEL_CATALOG,
TABLE_TUNNEL_ENDPOINT,
TABLE_TUNNEL_LABEL,
TABLE_SESSION_FLAGS,
TABLE_SESSION_LOG,
TABLE_MAX
};
enum MASTER_DYNAMIC_TABLE
{
DYN_TABLE_SUBSCRIBER_IP=0,
DYN_TABLE_GTP_SIGNALING,
DYN_TABLE_MAX
};
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
@@ -136,13 +91,6 @@ enum MASTER_DYNAMIC_TABLE
#define MAX_STRING_LEN32 32
#endif
struct id2field
{
int type;
int id;
char name[MAX_STRING_LEN32];
};
struct reset_argv
{
int pkt_num;
@@ -153,22 +101,23 @@ struct reset_argv
int remedy;
};
#ifndef MAX_TABLE_NAME_LEN
#define MAX_TABLE_NAME_LEN 64
#endif
#ifndef MAX_STRING_LEN128
#define MAX_STRING_LEN128 128
#endif
typedef struct tsg_para
struct id2field
{
int type;
int id;
char name[MAX_STRING_LEN32];
};
struct tsg_rt_para
{
int level;
short mirror_switch;
unsigned short timeout;
int dynamic_maat_switch;
int location_field_num;
int app_dict_field_num;
int device_seq_in_dc;
int datacenter_id;
int scan_signaling_switch;
@@ -178,31 +127,18 @@ typedef struct tsg_para
int feature_tamper;
int service_chaining_sid;
int shaping_sid;
int send_resetall;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int identify_app_max_pkt_num;
int unknown_app_id;
int hit_path_switch;
int session_record_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int session_attribute_project_id;
int proto_flag; //tsg_protocol_t
int proto_flag; //enum TSG_PROTOCOL
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_STRING_LEN128];
char log_path[MAX_STRING_LEN128];
char device_id_command[MAX_STRING_LEN128];
char data_center[MAX_STRING_LEN128];
char device_tag[MAX_STRING_LEN128];
char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN];
struct bridge_info bridge[BRIDGE_TYPE_MAX];
int send_resetall;
void *logger;
void *maat_logger;
struct reset_argv reset;
struct mirrored_vlan default_vlan;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
@@ -210,9 +146,18 @@ typedef struct tsg_para
ctemplate::Template *tpl_403,*tpl_404;
ctemplate::Template *tpl_200,*tpl_204;
ctemplate::Template *tpl_303;
}g_tsg_para_t;
};
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
extern struct tsg_rt_para g_tsg_para;;
extern struct id2field g_tsg_proto_name2id[PROTO_MAX];
struct l7_protocol
{
int id; /* first key */
char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
};
long long tsg_get_current_time_ms(void);

7
src/version.map
View File

@@ -8,6 +8,13 @@ global:
*tsg_free_gtp_signaling_field;
*tsg_*;
*TLD_*;
*session_runtime_attribute_get*;
*srt_attribute*;
*session_runtime_process_context_async*;
*session_runtime_process_context_get*;
*srt_process_context_*;
*session_matched_rules_notify*;
*session_matched_rules_copy*;
*GIT*;
};
local: *;

1
test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.1 Normal file
View File

@@ -0,0 +1 @@
test1

1
test/bin/foreign_files/TSG_PROFILE_RESPONSE_PAGES.2 Normal file
View File

@@ -0,0 +1 @@
test2

217
test/bin/gtest_maat.json
View File

@@ -1,7 +1,7 @@
{
"compile_table": "TSG_SECURITY_COMPILE",
"group2compile_table": "GROUP_COMPILE_RELATION",
"group2group_table": "GROUP_GROUP_RELATION",
"compile_table": "TSG_COMPILE",
"group2compile_table": "TSG_GROUP_COMPILE_RELATION",
"group2group_table": "TSG_GROUP_GROUP_RELATION",
"rules": [
{
"compile_id": 1,
@@ -9,9 +9,10 @@
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "Virtual",
"tags": "{}",
"user_region": "{}",
"is_valid": "yes",
"evaluation_order": "2.111",
"groups": [
{
"group_name":"OBJ_DST_IP_ADDR",
@@ -23,12 +24,12 @@
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "range",
"src_ip1": "0.0.0.0",
"src_ip2": "255.255.255.255",
"sport_format": "range",
"src_port1": "0",
"src_port2": "0",
"addr_format": "range",
"ip1": "0.0.0.0",
"ip2": "255.255.255.255",
"port_format": "range",
"port1": "0",
"port2": "0",
"protocol": 0,
"direction": "double"
}
@@ -43,9 +44,10 @@
"action": 16,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"tags": "{}",
"user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}",
"is_valid": "yes",
"evaluation_order": "2.111",
"groups": [
{
"group_name": "OBJ_DST_IP_ADDR",
@@ -57,12 +59,12 @@
"table_name": "TSG_OBJ_IP_ADDR",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "range",
"src_ip1": "0.0.0.0",
"src_ip2": "255.255.255.255",
"sport_format": "range",
"src_port1": "0",
"src_port2": "0",
"addr_format": "range",
"ip1": "0.0.0.0",
"ip2": "255.255.255.255",
"format": "range",
"port1": "0",
"port2": "0",
"protocol": 0,
"direction": "double"
}
@@ -70,20 +72,185 @@
]
}
]
},
{
"compile_id": 3,
"service": 0,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "{}",
"is_valid": "yes",
"evaluation_order": "0.0",
"groups": [
{
"not_flag": 0,
"clause_index": 0,
"virtual_table": "TSG_SECURITY_TUNNEL",
"regions": [
{
"table_name": "TSG_OBJ_TUNNEL_ID",
"table_type": "interval",
"table_content": {
"low_boundary": 900,
"up_boundary": 1003
}
}
]
}
]
},
{
"compile_id": 4,
"service": 0,
"action": 16,
"do_blacklist": 0,
"do_log": 1,
"tags": "{}",
"user_region": "{\"method\":\"rate_limit\",\"bps\":1024,\"packet_capture\":{\"enable\":1,\"capture_depth\":2000}}",
"is_valid": "yes",
"evaluation_order": "0.0",
"groups": [
{
"not_flag": 0,
"clause_index": 0,
"virtual_table": "TSG_SECURITY_TUNNEL",
"regions": [
{
"table_name": "TSG_OBJ_TUNNEL_ID",
"table_type": "interval",
"table_content": {
"low_boundary": 900,
"up_boundary": 1003
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "APP_ID_DICT",
"table_content": [
"4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
"67\thttp\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
"156\tqq\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
"336\tOPENVPN\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
"199\tSSL\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
"1241\tqq_web\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1",
"3145\tqq_r2\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1"
"67\thttp\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"drop\",\"after_n_packets\":0,\"send_icmp_unreachable\":1,\"send_tcp_reset\":1}\t0\t60\t120\t30\t30\t1",
"68\thttps\t0\tnull\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1",
"4\tunknown\t0\tnull\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\tnull\t1\t3600\t3600\t1800\t1800\t1",
"70\thttps\t1\tssl\tnetworking\tinfrastructure\tnetwork-protocol\t3\tused-by-malware,vulnerability,widely-used\tnull\tnull\t{\"method\":\"rate_limit\",\"bps\":1000}\t0\t0\t0\t0\t0\t1"
]
},
{
"table_name": "TSG_DYN_MOBILE_IDENTITY_APN_TEID",
"table_content": [
"1\t111039813\t460045157065560\t861440152009856\t111039813.cmiott.gxqli.mcto60g.com\t8626070583075127\t1",
"2\t111052899\t460045157053102\t861440152041083\t111052899.cmiott.wkctf.mcto60g.com\t8626070583008402\t1"
]
},
{
"table_name": "TSG_IP_ASN_BUILT_IN",
"table_content": [
]
},
{
"table_name": "TSG_IP_ASN_USER_DEFINED",
"table_content": [
]
},
{
"table_name": "TSG_IP_LOCATION_BUILT_IN",
"table_content": [
"6777621\t1819730\t4\t124.156.128.0\t124.156.191.255\t22.25\t114.1667\t50.0\ten\tAS\tAsia\tHK\tHong\\bKong\tOther\tOther\tOther\tRoad1\tAsia/Hong_Kong\t1",
"3716523\t1814992\t4\t192.168.50.1\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tXin\\bXi\\bGang\tRoad1\tAsia/Shanghai\t1"
]
},
{
"table_name": "TSG_IP_LOCATION_USER_DEFINED",
"table_content": [
"371652\t181499\t4\t192.168.50.10\t192.168.50.255\t34.7725\t113.7266\t50.0\ten\tAS\tAsia\tCN\tChina\tBeijing\tBeijing\tHua\\bYan\\bBei\\bLi\tRoad1\tAsia/Shanghai\t1"
]
},
{
"table_name": "TSG_FQDN_CATEGORY_BUILT_IN",
"table_content": [
"106285681\t4\t106285681.201198.com\t1\t1",
"106285682\t5\t106285682.201198.com\t1\t1",
"106285688\t8\t106285688.201198.com\t1\t1",
"106285689\t9\t106285689.201198.com\t1\t1",
"106285690\t9\t106285689.201198.com\t1\t1",
"106285691\t10\t1106285683.201198.com\t1\t1"
]
},
{
"table_name": "TSG_FQDN_CATEGORY_USER_DEFINED",
"table_content": [
"1106285681\t4\t1106285681.201198.com\t1\t1",
"1106285682\t5\t1106285682.201198.com\t1\t1",
"1106285683\t6\t1106285683.201198.com\t1\t1",
"1106285684\t7\t1106285684.201198.com\t1\t1",
"1106285685\t7\t1106285684.201198.com\t1\t1"
]
},
{
"table_name": "TSG_TUNNEL_CATALOG",
"table_content": [
"977\t1.1.1.1-1.1.1.1\tGTP\t1367\t1",
"978\t1.1.1.1-1.1.1.1\tGTP\t1367&1605\t1"
]
},
{
"table_name": "TSG_TUNNEL_ENDPOINT",
"table_content": [
"989\t4\t192.50.0.0\t192.50.255.255\ttest\t1",
"990\t4\t192.50.0.0\t192.50.255.255\ttest\t1",
"991\t4\t192.40.128.0\t192.40.255.255\ttest\t1",
"992\t4\t192.40.0.0\t192.40.127.255\ttest\t1"
]
},
{
"table_name": "TSG_TUNNEL_LABEL",
"table_content": [
"15560\t15560\tVLAN_ID\t1",
"15561\t15561\tVLAN_ID\t1"
]
},
{
"table_name": "TSG_DYN_SUBSCRIBER_IP",
"table_content": [
"1299\t4\t192.168.56.28\ttest5628\t1",
"1300\t4\t192.168.56.27\ttest5627\t1"
]
},
{
"table_name": "TSG_PROFILE_DNS_RECORDS",
"table_content": [
"8119\teditTypeA\tA\t[{\"value\":\"1.1.1.1\",\"priority\":null},{\"value\":\"2.2.2.2\",\"priority\":null},{\"value\":\"3.3.3.3\",\"priority\":null}]\t1",
"7961\tFile\tAAAA\t[{\"value\":\"1030::C9B4:FF12:48AA:1A2B\",\"priority\":null},{\"value\":\"1030::C9B4:FF12:48AA:1A2C\",\"priority\":null}]\t1",
"7701\tTypeCNAME\tCNAME\t[{\"value\":\"www.facebook.com\",\"priority\":null},{\"value\":\"www.twitter.com\",\"priority\":null}]\t1"
]
},
{
"table_name": "TSG_PROFILE_RESPONSE_PAGES",
"table_content": [
"957\ttest-html-1\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.1\t1",
"958\ttest-html-2\thtml\tforeign_files/TSG_PROFILE_RESPONSE_PAGES.2\t1"
]
},
{
"table_name": "TSG_PROFILE_TRAFFIC_MIRROR",
"table_content": [
"845\t168.50.28yinyong\t[3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34]\t1",
"123\ttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest\t[66]\t1"
]
},
{
"table_name": "T_VSYS_INFO",
"table_content": [
"6\t1\t1"
]
}
]
}

17
test/src/CMakeLists.txt
View File

@@ -9,8 +9,17 @@ include_directories(${PROJECT_SOURCE_DIR}/src/)
add_definitions(-std=c++11)
LINK_DIRECTORIES(/opt/MESA/lib)
#add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp gtest_common.cpp gtest_rule.cpp)
#target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe)
add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_rule.cpp)
target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4)
add_executable(gtest_bridge ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_protocol.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_bridge.cpp)
target_link_libraries(gtest_bridge gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4)
add_executable(gtest_action ${PROJECT_SOURCE_DIR}/src/tsg_action.cpp ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp ${PROJECT_SOURCE_DIR}/src/tsg_dns.cpp ${PROJECT_SOURCE_DIR}/src/tsg_icmp.cpp ${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_action.cpp)
target_link_libraries(gtest_action gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4 MESA_field_stat2)
add_executable(gtest_sendlog ${PROJECT_SOURCE_DIR}/src/tsg_send_log.cpp ${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp gtest_common.cpp gtest_sendlog.cpp)
target_link_libraries(gtest_sendlog gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger maat4 rdkafka MESA_field_stat2)
set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp
${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp
@@ -26,10 +35,12 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp
${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp
${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp
${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp
${PROJECT_SOURCE_DIR}/src/tsg_variable.cpp
${PROJECT_SOURCE_DIR}/src/tsg_protocol.cpp
)
add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp)
target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe MESA_htable)
target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable)
add_executable(gtest_sync_session_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp gtest_common.cpp gtest_session_state.cpp)
target_link_libraries(gtest_sync_session_state gtest-static cjson ctemplate-static)

111
test/src/gtest_action.cpp Normal file
View File

@@ -0,0 +1,111 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "tsg_rule.h"
#include "tsg_label.h"
#include "tsg_entry.h"
#include "tsg_variable.h"
#include "tsg_rule_internal.h"
#include "tsg_protocol_common.h"
#include <gtest/gtest.h>
struct maat *g_tsg_maat_feather;
const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *matched_rule_cites_http_response_pages(struct maat *feather, long long profile_id)
{
return NULL;
}
void plugin_ex_data_http_response_pages_free(struct http_response_pages * response_pages)
{
}
void *matched_rule_cites_app_id_dict(struct maat *feather, long long app_id)
{
return NULL;
}
void plugin_ex_data_app_id_dict_free(struct app_id_dict * dict)
{
}
void *matched_rule_cites_security_compile(struct maat *feather, long long profile_id)
{
return NULL;
}
void plugin_ex_data_security_compile_free(struct maat_compile * maat_compile)
{
}
void *matched_rule_cites_dns_profile_record(struct maat *feather, long long profile_id)
{
return NULL;
}
void plugin_ex_data_dns_profile_record_free(struct dns_profile_records * records)
{
}
int session_runtime_action_context_async(const struct streaminfo * a_stream, void * data)
{
return 0;
}
int srt_attribute_set_reponse_size(const struct streaminfo * a_stream, int http_action_file_size)
{
return 0;
}
int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq)
{
return 0;
}
int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, enum TSG_PROTOCOL protocol, int thread_seq)
{
return 0;
}
int srt_action_context_set_rule_method(const struct streaminfo * a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq)
{
return 0;
}
int srt_action_context_set_after_n_packet(const struct streaminfo * a_stream, int after_n_packets, int thread_seq)
{
return 0;
}
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream)
{
return NULL;
}
int tsg_set_statistic_opt(int value, enum _STATISTIC_OPT_TYPE type, int thread_seq)
{
return 0;
}
int session_packet_capture_notify(const struct streaminfo * a_stream, struct maat_rule *results, size_t n_results, int thread_seq)
{
return 0;
}
TEST(TM_ACTION, Http)
{
EXPECT_EQ(1, 1);
}
int main(int argc, char *argv[])
{
testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

101
test/src/gtest_bridge.cpp Normal file
View File

@@ -0,0 +1,101 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "tsg_rule.h"
#include "tsg_label.h"
#include "tsg_entry.h"
#include "tsg_variable.h"
#include "tsg_rule_internal.h"
#include "tsg_protocol_common.h"
#include <gtest/gtest.h>
void tsg_maat_state_free(struct maat_state *state)
{
}
void destroy_bucket(struct leaky_bucket * * bucket, int thread_seq)
{
}
void plugin_ex_data_gtp_c_free(struct umts_user_info *user_info)
{
}
void plugin_ex_data_asn_number_free(struct asn_info *asn)
{
}
void plugin_ex_data_location_free(struct location_info *location)
{
}
void plugin_ex_data_subscriber_id_free(struct subscribe_id_info *subscriber)
{
}
void plugin_ex_data_tunnel_endpoint_free(struct tunnel_endpoint *t_enpoint)
{
}
int srt_attribute_set_ip_asn(const struct streaminfo * a_stream, struct maat *feather, struct asn_info **client_asn, struct asn_info **server_asn)
{
return 0;
}
int srt_attribute_set_ip_location(const struct streaminfo * a_stream, struct maat *feather, struct location_info **client_location, struct location_info **server_location)
{
return 0;
}
int srt_attribute_set_subscriber_id(const struct streaminfo *a_stream, struct maat *feather, struct subscribe_id_info **client_subscribe_id, struct subscribe_id_info **server_subscribe_id)
{
return 0;
}
int session_runtine_attribute_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info)
{
return 0;
}
struct umts_user_info *tsg_get_umts_user_info_form_redis(struct maat *feather, unsigned int teid)
{
return NULL;
}
int session_app_identify_result_cb(const struct streaminfo * a_stream, int bridge_id, void * data)
{
return 0;
}
int session_flags_identify_result_cb(const struct streaminfo * a_stream, int bridge_id, void * data)
{
return 0;
}
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num)
{
return 0;
}
TEST(TM_Bridge, HitedSecurityPolicyResult)
{
EXPECT_EQ(1,1);
EXPECT_NE(nullptr, "");
EXPECT_STREQ("460045157065560", "460045157065560");
}
int main(int argc, char *argv[])
{
int ret=tsg_bridge_init("tsgconf/main.conf");
if(ret<0)
{
return -1;
}
testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

6
test/src/gtest_common.h
View File

@@ -3,10 +3,10 @@
#include "tsg_send_log.h"
extern "C" int TSG_MASTER_INIT();
void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data);
void session_matched_rules_free(const struct streaminfo *stream, int bridge_id, void *data);
int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff_len);
int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream);
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream);
int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream);
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream);

4
test/src/gtest_function.h
View File

@@ -28,6 +28,6 @@ using namespace rapidjson;
using namespace std;
extern "C" int TSG_MASTER_INIT();
int set_vlan(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id);
int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result);
int set_vlan(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct single_layer_vlan_addr *vlan_addr, int layer_num, Value *tunnel_object, tsg_log_field_id_t id);
int set_app_full_path(struct TLD_handle_t *handle, char *field_name, struct gather_app_result *result);

636
test/src/gtest_master.cpp
View File

@@ -3,41 +3,46 @@
#include <unistd.h>
#include "gtest_common.h"
#include "tsg_rule.h"
#include "tsg_entry.h"
#include "tsg_rule_internal.h"
#include <gtest/gtest.h>
extern int rd_kafka_get_sendlog_cnt(void);
extern const char *rd_kafka_get_sendlog_payload(int idx);
extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);;
extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);;
extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data);
TEST(TSGMaster, SetAPPIDHttp)
{
struct streaminfo a_stream={0};
struct gather_app_result gather_result[ORIGIN_MAX]={0};
const struct streaminfo a_stream={0};
struct gather_app_result async_gather_result[ORIGIN_MAX]={0};
gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1;
gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67; //HTTP
async_gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1;
async_gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
async_gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67; //HTTP
tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result);
struct gather_app_result *get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
EXPECT_NE(nullptr, get_result);
EXPECT_EQ(1, get_result[ORIGIN_BASIC_PROTOCOL].app_num);
EXPECT_EQ(67, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id);
EXPECT_EQ(0, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence);
EXPECT_EQ(0, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id);
EXPECT_EQ(ORIGIN_BASIC_PROTOCOL, get_result[ORIGIN_BASIC_PROTOCOL].origin);
session_gather_app_results_async(&a_stream, (void *)async_gather_result);
struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream);
EXPECT_NE(nullptr, gather_result);
EXPECT_EQ(1, gather_result[ORIGIN_BASIC_PROTOCOL].app_num);
EXPECT_EQ(67, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id);
EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence);
EXPECT_EQ(0, gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id);
EXPECT_EQ(ORIGIN_BASIC_PROTOCOL, gather_result[ORIGIN_BASIC_PROTOCOL].origin);
struct TLD_handle_t *handle=TLD_create(0);
set_app_id(g_tsg_log_instance, handle, (struct streaminfo *)&a_stream);
char app_ids[256]={0};
TLD_convert_json(handle, app_ids, sizeof(app_ids));
EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\"}", app_ids);
EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\",\"common_app_id\":{\"LPI_L7\":[{\"app_name\":\"http\",\"app_id\":67,\"surrogate_id\":0,\"packet_sequence\":0}]}}", app_ids);
tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, NULL);
get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
EXPECT_EQ(nullptr, get_result);
session_gather_app_results_async(&a_stream, NULL);
gather_result=(struct gather_app_result *)session_gather_app_results_get(&a_stream);
EXPECT_EQ(nullptr, gather_result);
}
TEST(TSGMaster, SetAPPIDUnknown)
@@ -55,45 +60,53 @@ TEST(TSGMaster, SetAPPIDUnknown)
TEST(TSGMaster, ShapingSetRuleIds)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
struct maat_rule shaping_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM; i++)
{
shaping_result[i].action=TSG_ACTION_SHAPING;
shaping_result[i].config_id=TSG_ACTION_SHAPING+i;
shaping_result[i].rule_id=TSG_ACTION_SHAPING+i;
}
tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
matched_shaping_rules_deal(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
struct TLD_handle_t *handle=TLD_create(0);
set_shaping_rule_ids(g_tsg_log_instance, handle, (struct streaminfo *)&a_stream);
set_shaping_rule_ids(g_tsg_log_instance, handle, &a_stream);
char shaping_rule_ids[256]={0};
TLD_convert_json(handle, shaping_rule_ids, sizeof(shaping_rule_ids));
EXPECT_STREQ("{\"common_shaping_rule_ids\":[32,33,34,35,36,37,38,39]}", shaping_rule_ids);
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
}
int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)data;
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
struct matched_policy_rules *hited_shaping=(struct matched_policy_rules *)data;
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
return 0;
@@ -102,37 +115,38 @@ int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, voi
TEST(TSGMaster, ShapingPolicyNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
struct maat_rule shaping_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM; i++)
{
shaping_result[i].action=TSG_ACTION_SHAPING;
shaping_result[i].config_id=TSG_ACTION_SHAPING+i;
shaping_result[i].rule_id=TSG_ACTION_SHAPING+i;
}
stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_cb);
stream_bridge_register_data_sync_cb(stream_bridge_build("NOTIFY_SHAPING_RESULT", "w"), shaping_policy_notify_cb);
tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM);
EXPECT_EQ(MAX_RESULT_NUM, shaping_result_num);
for(int i=0; i<shaping_result_num; i++)
matched_shaping_rules_deal(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
}
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
}
int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id, void *data)
@@ -144,24 +158,24 @@ int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id
TEST(TSGMaster, ShapingPolicyNotifyNULL)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
struct maat_rule shaping_result[MAX_RESULT_NUM]={0};
stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_null_cb);
stream_bridge_register_data_sync_cb(stream_bridge_build("NOTIFY_SHAPING_RESULT", "w"), shaping_policy_notify_cb);
tsg_notify_hited_shaping_result(&a_stream, shaping_result, 0, 0);
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
EXPECT_EQ(nullptr, shaping_label);
matched_shaping_rules_deal(&a_stream, shaping_result, 0, 0);
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_EQ(nullptr, hited_shaping);
}
int shaping_duplicate_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)data;
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
struct matched_policy_rules *hited_shaping=(struct matched_policy_rules *)data;
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
return 0;
@@ -170,126 +184,120 @@ int shaping_duplicate_policy_notify_cb(const struct streaminfo *stream, int brid
TEST(TSGMaster, ShapingDuplicatePolicyNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
struct maat_rule shaping_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM; i++)
{
shaping_result[i].action=TSG_ACTION_SHAPING;
shaping_result[i].config_id=TSG_ACTION_SHAPING+(i%4);
shaping_result[i].rule_id=TSG_ACTION_SHAPING+(i%4);
}
stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_duplicate_policy_notify_cb);
stream_bridge_register_data_sync_cb(stream_bridge_build("NOTIFY_SHAPING_RESULT", "w"), shaping_policy_notify_cb);
tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_result_num);
for(int i=0; i<shaping_result_num; i++)
matched_shaping_rules_deal(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
}
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
}
TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
struct maat_rule shaping_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
shaping_result[i].action=TSG_ACTION_SHAPING;
shaping_result[i].config_id=TSG_ACTION_SHAPING+i;
shaping_result[i].rule_id=TSG_ACTION_SHAPING+i;
}
stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_duplicate_policy_notify_cb);
stream_bridge_register_data_sync_cb(stream_bridge_build("NOTIFY_SHAPING_RESULT", "w"), shaping_policy_notify_cb);
// First notify
tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0);
int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_result_num);
for(int i=0; i<shaping_result_num; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
}
matched_shaping_rules_deal(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0);
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
// Second notify
tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0);
shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_result_num);
for(int i=0; i<shaping_result_num; i++)
matched_shaping_rules_deal(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0);
hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_shaping->n_rules);
for(size_t i=0; i<hited_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hited_shaping->rules[i].rule_id);
}
shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
EXPECT_NE(nullptr, shaping_label);
EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
for(int i=0; i<shaping_label->shaping_result_num; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, shaping_label->shaping_result[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
}
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
}
TEST(TSGMaster, SecurityPolicySendlog)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM; i++)
{
security_result[i].do_log=1;
security_result[i].action=TSG_ACTION_MONITOR;
security_result[i].config_id=TSG_ACTION_MONITOR+i;
matched_policy[i].do_log=1;
matched_policy[i].action=TSG_ACTION_MONITOR;
matched_policy[i].rule_id=TSG_ACTION_MONITOR+i;
}
// First notify
tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM, 0);
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, matched_policy, MAX_RESULT_NUM, 0);
struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
EXPECT_NE(nullptr, priority_label);
EXPECT_EQ(MAX_RESULT_NUM, priority_label->security_result_num);
for(int i=0; i<priority_label->security_result_num; i++)
const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_NE(nullptr, hited_security);
EXPECT_EQ(MAX_RESULT_NUM, hited_security->n_rules);
for(size_t i=0; i<hited_security->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action);
EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id);
EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[i].action);
EXPECT_EQ(TSG_ACTION_MONITOR+i, hited_security->rules[i].rule_id);
}
struct TLD_handle_t * handle=TLD_create(0);
struct Maat_rule_t session_record={0, 2, 1, 0, 0, 0, 0, {0}};
tsg_log_t log_msg={1, &session_record, (struct streaminfo*)&a_stream};
tsg_send_log(g_tsg_log_instance, handle, &log_msg, 0);
struct maat_rule session_record={0, 0, 2, 1, 0};
tsg_send_log(g_tsg_log_instance, handle, &a_stream, LOG_TYPE_SESSION_RECORD, &session_record, 1, 0);
int sendlog_cnt=rd_kafka_get_sendlog_cnt();
EXPECT_EQ(8, sendlog_cnt);
EXPECT_EQ(9, sendlog_cnt);
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(0));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(1));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(2));
@@ -300,169 +308,331 @@ TEST(TSGMaster, SecurityPolicySendlog)
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(7));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(8));
priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
EXPECT_EQ(nullptr, priority_label);
hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_EQ(nullptr, hited_security);
}
TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
security_result[i].action=TSG_ACTION_MONITOR;
security_result[i].config_id=TSG_ACTION_MONITOR+i;
}
// First notify
tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0);
struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
EXPECT_NE(nullptr, priority_label);
EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num);
for(int i=0; i<priority_label->security_result_num; i++)
{
EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action);
EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id);
}
// Second notify
tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0);
priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
EXPECT_NE(nullptr, priority_label);
EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num);
for(int i=0; i<priority_label->security_result_num; i++)
{
EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action);
EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id);
}
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
}
extern void set_s_chaining_result_to_bridge(const struct streaminfo * a_stream, struct Maat_rule_t * p_result, int p_result_num, int thread_seq);
TEST(TSGMaster, ServiceChainingPolicyNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0};
struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
s_chaining_result[i].action=TSG_ACTION_S_CHAINING;
s_chaining_result[i].config_id=TSG_ACTION_S_CHAINING+i;
s_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i;
}
set_s_chaining_result_to_bridge(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
struct tm_hited_result *hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id);
matched_service_chaining_rules_deal(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hited_s_chaining);
EXPECT_EQ(g_tsg_para.service_chaining_sid, hited_s_chaining->sid);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num);
for(int i=0; i<hited_s_chaining->result_num; i++)
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules);
for(size_t i=0; i<hited_s_chaining->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id);
}
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id));
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
}
TEST(TSGMaster, ServiceChainingDuplicatePolicyMultipleNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0};
struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0};
// first
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
s_chaining_result[i].action=TSG_ACTION_S_CHAINING;
s_chaining_result[i].config_id=TSG_ACTION_S_CHAINING+i;
s_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i;
}
set_s_chaining_result_to_bridge(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
struct tm_hited_result *hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id);
matched_service_chaining_rules_deal(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hited_s_chaining);
EXPECT_EQ(g_tsg_para.service_chaining_sid, hited_s_chaining->sid);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num);
for(int i=0; i<hited_s_chaining->result_num; i++)
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules);
for(size_t i=0; i<hited_s_chaining->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id);
}
// second
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
s_chaining_result[i].action=TSG_ACTION_S_CHAINING;
s_chaining_result[i].config_id=TSG_ACTION_S_CHAINING+i;
s_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i;
}
tsg_notify_hited_s_chaining_result(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 1);
hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id);
matched_service_chaining_rules_deal(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hited_s_chaining);
EXPECT_EQ(g_tsg_para.service_chaining_sid, hited_s_chaining->sid);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num);
for(int i=0; i<hited_s_chaining->result_num; i++)
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules);
for(size_t i=0; i<hited_s_chaining->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id);
}
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id));
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
}
TEST(TSGMaster, ServiceChainingPolicyMultipleNotify)
{
const struct streaminfo a_stream={0};
struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0};
struct maat_rule s_chaining_result[MAX_RESULT_NUM]={0};
// first
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
s_chaining_result[i].action=TSG_ACTION_S_CHAINING;
s_chaining_result[i].config_id=TSG_ACTION_S_CHAINING+i;
s_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i;
}
set_s_chaining_result_to_bridge(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
struct tm_hited_result *hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id);
matched_service_chaining_rules_deal(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hited_s_chaining);
EXPECT_EQ(g_tsg_para.service_chaining_sid, hited_s_chaining->sid);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->result_num);
for(int i=0; i<hited_s_chaining->result_num; i++)
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules);
for(size_t i=0; i<hited_s_chaining->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id);
}
// second
for(int i=MAX_RESULT_NUM/2; i<MAX_RESULT_NUM; i++)
{
s_chaining_result[i].action=TSG_ACTION_S_CHAINING;
s_chaining_result[i].config_id=TSG_ACTION_S_CHAINING+i;
s_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i;
}
tsg_notify_hited_s_chaining_result(&a_stream, &(s_chaining_result[MAX_RESULT_NUM/2]), MAX_RESULT_NUM/2, 1);
hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id);
matched_service_chaining_rules_deal(&a_stream, s_chaining_result, MAX_RESULT_NUM/2, 0);
hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hited_s_chaining);
EXPECT_EQ(g_tsg_para.service_chaining_sid, hited_s_chaining->sid);
EXPECT_EQ(MAX_RESULT_NUM, hited_s_chaining->result_num);
for(int i=0; i<hited_s_chaining->result_num; i++)
EXPECT_EQ(MAX_RESULT_NUM/2, hited_s_chaining->n_rules);
for(size_t i=0; i<hited_s_chaining->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->result[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->result[i].config_id);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hited_s_chaining->rules[i].rule_id);
}
free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining);
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, NULL);
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id));
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
}
TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
matched_policy[i].action=TSG_ACTION_MONITOR;
matched_policy[i].rule_id=TSG_ACTION_MONITOR+i;
}
// First notify
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, matched_policy, MAX_RESULT_NUM/2, 0);
const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_NE(nullptr, hited_security);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_security->n_rules);
for(size_t i=0; i<hited_security->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[i].action);
EXPECT_EQ(TSG_ACTION_MONITOR+i, hited_security->rules[i].rule_id);
}
// Second notify
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, matched_policy, MAX_RESULT_NUM/2, 0);
hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_NE(nullptr, hited_security);
EXPECT_EQ(MAX_RESULT_NUM/2, hited_security->n_rules);
for(size_t i=0; i<hited_security->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[i].action);
EXPECT_EQ(TSG_ACTION_MONITOR+i, hited_security->rules[i].rule_id);
}
session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security);
session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
}
extern int session_packet_capture_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq);
TEST(TSGMaster, SecurityPolicyIntercept)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[1].action=TSG_ACTION_INTERCEPT;
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
// Set Intercept
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[1], 1, 0);
const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_NE(nullptr, hited_security);
EXPECT_EQ(1, hited_security->n_rules);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].rule_id);
session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security);
session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
}
TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[0].action=TSG_ACTION_MONITOR;
matched_policy[0].rule_id=TSG_ACTION_MONITOR;
matched_policy[1].action=TSG_ACTION_INTERCEPT;
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
// First Monitor, second Intercpt
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[0], 1, 0);
int ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
EXPECT_EQ(0, ret);
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_SECURITY, &(matched_policy[2]), 1);
EXPECT_EQ(1, ret);
EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].action);
EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].rule_id);
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_SECURITY, &(matched_policy[2]), 1);
EXPECT_EQ(1, ret);
EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].action);
EXPECT_EQ(TSG_ACTION_MONITOR, matched_policy[2].rule_id);
const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_NE(nullptr, hited_security);
EXPECT_EQ(1, hited_security->n_rules);
EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[0].action);
EXPECT_EQ(TSG_ACTION_MONITOR, hited_security->rules[0].rule_id);
session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security);
session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
// Set Intercept
session_matched_rules_notify(&a_stream, TSG_SERVICE_INTERCEPT, &matched_policy[1], 1, 0);
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
EXPECT_EQ(1, ret);
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id);
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
EXPECT_EQ(1, ret);
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id);
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_NE(nullptr, hited_intercept);
EXPECT_EQ(1, hited_intercept->n_rules);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
}
TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify)
{
const struct streaminfo a_stream={0};
// service chaining notify
struct maat_rule service_chaining_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
service_chaining_result[i].action=TSG_ACTION_S_CHAINING;
service_chaining_result[i].rule_id=TSG_ACTION_S_CHAINING+i;
}
matched_service_chaining_rules_deal(&a_stream, service_chaining_result, MAX_RESULT_NUM/2, 0);
const struct matched_policy_rules *hitted_service_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hitted_service_chaining);
EXPECT_EQ(MAX_RESULT_NUM/2, hitted_service_chaining->n_rules);
for(size_t i=0; i<hitted_service_chaining->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_S_CHAINING, hitted_service_chaining->rules[i].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING+i, hitted_service_chaining->rules[i].rule_id);
}
// shping notify
struct maat_rule shaping_result[MAX_RESULT_NUM]={0};
for(int i=0; i<MAX_RESULT_NUM/2; i++)
{
shaping_result[i].action=TSG_ACTION_SHAPING;
shaping_result[i].rule_id=TSG_ACTION_SHAPING+i;
}
matched_shaping_rules_deal(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0);
const struct matched_policy_rules *hitted_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hitted_shaping);
EXPECT_EQ(MAX_RESULT_NUM/2, hitted_shaping->n_rules);
for(size_t i=0; i<hitted_shaping->n_rules; i++)
{
EXPECT_EQ(TSG_ACTION_SHAPING, hitted_shaping->rules[i].action);
EXPECT_EQ(TSG_ACTION_SHAPING+i, hitted_shaping->rules[i].rule_id);
}
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(2, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[1]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hitted_shaping);
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hitted_service_chaining);
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
}
int main(int argc, char *argv[])

1132
test/src/gtest_rule.cpp
View File

File diff suppressed because it is too large Load Diff

115
test/src/gtest_sendlog.cpp
View File

@@ -2,37 +2,128 @@
#include <string.h>
#include <unistd.h>
#include "tsg_rule.h"
#include "gtest_common.h"
#include <gtest/gtest.h>
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent)
{
return 0;
}
struct maat *g_tsg_maat_feather;
int tsg_get_location_type(void)
{
return 19;
}
char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
char *tsg_device_tag_get(void)
{
return NULL;
}
char get_direction_from_tcpall(const struct streaminfo *a_stream)
char *tsg_data_center_get(void)
{
return NULL;
}
int tsg_location_type_get(void)
{
return 0;
}
int tsg_session_record_switch_get(void)
{
return 0;
}
void *session_mac_linkinfo_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_gather_app_results_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_business_data_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_session_flags_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_application_behavior_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_mirrored_and_capture_packets_exec_result_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_lua_user_defined_attribute_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_nat_c2s_linkinfo_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *session_nat_s2c_linkinfo_get(const struct streaminfo * a_stream)
{
return NULL;
}
int session_matched_rules_async(const struct streaminfo * a_stream, TSG_SERVICE service, void * data)
{
return 0;
}
const struct matched_policy_rules *session_matched_rules_get(const struct streaminfo *a_stream, enum TSG_SERVICE service)
{
return 0;
}
void session_matched_rules_free(const struct streaminfo * a_stream, TSG_SERVICE service, void * data)
{
}
char srt_action_context_get_direction(const struct streaminfo * a_stream)
{
return 0;
}
int tsg_get_app_name_by_id(struct maat *feahter, int app_id, char * app_name, int app_name_len, int is_joint_parent)
{
return 0;
}
const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo * a_stream)
{
return NULL;
}
void *matched_rule_cites_security_compile(struct maat * feather, long long compile_id)
{
return NULL;
}
void plugin_ex_data_security_compile_free(struct maat_compile * maat_compile)
{
}
TEST(MasterTest, SetVlan)
{
//int ret=set_vlan(NULL, NULL, NULL, 0, NULL, LOG_COMMON_TUNNELS_VLAN_SRC_ID);
//EXPECT_EQ(1, ret);
}
int main(int argc, char *argv[])
{
testing::InitGoogleTest(&argc, argv);

6
test/src/gtest_session_state.cpp
View File

@@ -10,7 +10,7 @@ extern int get_ctrl_pkt(char *buf, int len);
struct parse_handle test_handle;
unsigned long long tsg_get_stream_id(struct streaminfo * a_stream)
unsigned long long tsg_get_stream_trace_id(const struct streaminfo * a_stream)
{
return 10;
}
@@ -131,11 +131,11 @@ TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping1)
int ctrl_pkt_len = 0;
memset(&policy_array, 0, sizeof(struct update_policy) * 2);
policy_array[0].type = POLICY_UPDATE_SHAPING;
policy_array[0].id_num = 3;
policy_array[0].n_ids = 3;
policy_array[0].ids[0] = 1;
policy_array[0].ids[1] = 2;
policy_array[0].ids[2] = 3;
policy_array[1].id_num = 3;
policy_array[1].n_ids = 3;
policy_array[1].ids[0] = 4;
policy_array[1].ids[1] = 5;
policy_array[1].ids[2] = 6;