gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13777: 支持同步流状态及命中策略ID

Browse Source
This commit is contained in:
刘学利
2023-03-01 05:09:34 +00:00
parent df8fe8fb13
commit bbc31c8d10
18 changed files with 922 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/CMakeLists.txt
View File

@@ -2,7 +2,8 @@ cmake_minimum_required(VERSION 2.8)
add_definitions(-fPIC)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp)
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp
tsg_sync_state.cpp)
include_directories(${CMAKE_SOURCE_DIR}/inc)
include_directories(/opt/MESA/include/MESA/)

12
src/tsg_bridge.cpp
View File

@@ -82,6 +82,15 @@ void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *d
}
}
void free_s_chaining_result(const struct streaminfo *stream, int bridge_id, void *data)
{
if(data!=NULL)
{
dictator_free(stream->threadnum, data);
data=NULL;
}
}
void free_policy_label(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if(data!=NULL)
@@ -159,6 +168,9 @@ int tsg_init_bridge(const char *conffile)
MESA_load_profile_string_def(conffile, "SYSTEM", "POLICY_PRIORITY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].name, MAX_BRIDGE_NAME_LEN, "TSG_POLICY_PRIORITY");
g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].free_cb=free_policy_label;
MESA_load_profile_string_def(conffile, "SYSTEM", "S_CHAINING_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].name, MAX_BRIDGE_NAME_LEN, "SERVICE_CHAINING_RESULT");
g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].free_cb=free_s_chaining_result;
for(int i=0; i<BRIDGE_TYPE_MAX; i++)
{
g_tsg_para.bridge[i].id=stream_bridge_build(g_tsg_para.bridge[i].name, "w");

8
src/tsg_bridge.h
View File

@@ -22,9 +22,17 @@ enum BRIDGE_TYPE
BRIDGE_TYPE_ALL_CONTEXT, //async
BRIDGE_TYPE_GATHER_APP_RESULT, //async
BRIDGE_TYPE_POLICY_PRIORITY, //async
BRIDGE_TYPE_SERVICE_CHAINING, //async
BRIDGE_TYPE_MAX
};
struct tm_hited_result
{
int sid;
int result_num;
struct Maat_rule_t result[MAX_RESULT_NUM];
};
struct app_attributes
{
unsigned int app_id;

203
src/tsg_entry.cpp
View File

@@ -28,6 +28,7 @@
#include "tsg_ssl_utils.h"
#include "tsg_ssh_utils.h"
#include "tsg_protocol_common.h"
#include "tsg_sync_state.h"
#ifdef __cplusplus
extern "C"
@@ -61,6 +62,11 @@ struct id2field g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"
{0, TSG_FS2_HIT_SHARE, "hit_share"},
{0, TSG_FS2_INTERCEPT, "intercept"},
{0, TSG_FS2_SHAPING, "shaping"},
{0, TSG_FS2_S_CHAINING, "s_chaining"},
{0, TSG_FS2_CTRL_OPENING, "ctrl_open"},
{0, TSG_FS2_CTRL_CLOSING, "ctrl_close"},
{0, TSG_FS2_CTRL_ACTIVE, "ctrl_active"},
{0, TSG_FS2_CTRL_RESETALL, "ctrl_rstall"},
{0, TSG_FS2_EXCLUSION, "exclusion"},
{0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
{0, TSG_FS2_APP_Q_RESULT, "Q_result"},
@@ -1147,7 +1153,132 @@ char get_direction_from_tcpall(const struct streaminfo *a_stream)
return -1;
}
static void set_shaping_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq)
static int send_control_packet_in_pending(const struct streaminfo *a_stream, unsigned char state)
{
unsigned long long trace_id=tsg_get_stream_id((struct streaminfo *)a_stream);
MESA_set_stream_opt(a_stream, MSO_STREAM_SET_DATAMETA_TRACE_ID, (void *)&trace_id, sizeof(unsigned long long));
struct segment_id_list sid_list={0};
sid_list.sid_list[0]=(unsigned short)g_tsg_para.service_chaining_sid;
sid_list.sz_sidlist=1;
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));
if(g_tsg_para.send_resetall==0)
{
if(atomic_inc(&g_tsg_para.send_resetall)==1)
{
tsg_sync_resetall_state(a_stream);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_RESETALL], 0, FS_OP_ADD, 1);
}
}
tsg_sync_opening_state(a_stream, state);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_OPENING], 0, FS_OP_ADD, 1);
sid_list.sz_sidlist=0;
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));
return 0;
}
static int send_control_packet_in_closing(const struct streaminfo *a_stream, unsigned char state)
{
unsigned long long trace_id=tsg_get_stream_id((struct streaminfo *)a_stream);
MESA_set_stream_opt(a_stream, MSO_STREAM_SET_DATAMETA_TRACE_ID, (void *)&trace_id, sizeof(unsigned long long));
struct segment_id_list sid_list={0};
sid_list.sid_list[0]=(unsigned short)g_tsg_para.service_chaining_sid;
sid_list.sz_sidlist=1;
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));
tsg_sync_closing_state(a_stream, state);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_CLOSING], 0, FS_OP_ADD, 1);
sid_list.sz_sidlist=0;
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));
return 0;
}
void set_s_chaining_result_to_bridge(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq)
{
if(p_result==NULL || p_result_num==0)
{
return ;
}
struct tm_hited_result *hited_s_chaining=(struct tm_hited_result *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id);
if(hited_s_chaining==NULL)
{
hited_s_chaining=(struct tm_hited_result *)dictator_malloc(thread_seq, sizeof(struct tm_hited_result));
memset(hited_s_chaining, 0, sizeof(struct tm_hited_result));
}
int inc_result_num=0;
struct Maat_rule_t *inc_result=&(hited_s_chaining->result[hited_s_chaining->result_num]);
int num=MIN(MAX_RESULT_NUM-hited_s_chaining->result_num, p_result_num);
for(int i=0; i<num; i++)
{
int repeat_result=0;
for(int j=0; j<hited_s_chaining->result_num+inc_result_num; j++)
{
if(p_result[i].config_id==hited_s_chaining->result[j].config_id)
{
repeat_result=1;
break;
}
}
if(repeat_result==0)
{
memcpy(&(inc_result[inc_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t));
}
}
if(inc_result_num==0)
{
return ;
}
if(hited_s_chaining->sid!=g_tsg_para.service_chaining_sid)
{
struct segment_id_list sid_list={0};
sid_list.sid_list[0]=(unsigned short)g_tsg_para.service_chaining_sid;
sid_list.sz_sidlist=1;
MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));
hited_s_chaining->sid=g_tsg_para.service_chaining_sid;
}
struct update_policy policy_array;
policy_array.id_num=inc_result_num;
policy_array.type=POLICY_UPDATE_SERVICE_CHAINING;
for(int i=0; i<inc_result_num; i++)
{
policy_array.ids[i]=inc_result[i].config_id;
}
tsg_sync_policy_update(a_stream, &policy_array, 1);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_ACTIVE], 0, FS_OP_ADD, 1);
hited_s_chaining->result_num+=inc_result_num;
int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining);
if(ret<0)
{
free_shaping_result(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SERVICE_CHAINING].id, (void *)hited_s_chaining);
return ;
}
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_S_CHAINING], 0, FS_OP_ADD, inc_result_num);
set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);
}
int tsg_notify_hited_s_chaining_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq)
{
set_s_chaining_result_to_bridge(a_stream, result, result_num, thread_seq);
return 0;
}
static void set_shaping_result_to_bridge(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq)
{
if(p_result==NULL || p_result_num==0)
{
@@ -1199,11 +1330,14 @@ static void set_shaping_result_to_project(const struct streaminfo *a_stream, str
free_shaping_result(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
return ;
}
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, inc_result_num);
set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);
}
int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq)
{
set_shaping_result_to_project(a_stream, result, result_num, thread_seq);
set_shaping_result_to_bridge(a_stream, result, result_num, thread_seq);
return 0;
}
@@ -1240,7 +1374,7 @@ int set_log_field_to_project(const struct streaminfo * a_stream, char *domain, v
return 0;
}
void set_security_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq)
static void set_security_result_to_bridge(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq)
{
if(p_result==NULL || p_result_num==0)
{
@@ -1300,7 +1434,7 @@ void set_security_result_to_project(const struct streaminfo *a_stream, struct Ma
int tsg_notify_hited_security_result(const struct streaminfo * a_stream, struct Maat_rule_t * p_result, int p_result_num, int thread_seq)
{
set_security_result_to_project(a_stream, p_result, p_result_num, PULL_FW_RESULT, thread_seq);
set_security_result_to_bridge(a_stream, p_result, p_result_num, PULL_FW_RESULT, thread_seq);
return 0;
}
@@ -1817,12 +1951,15 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
static int master_deal_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *shaping_result, int shaping_result_num)
{
//get shaping rule
set_shaping_result_to_project(a_stream, shaping_result, shaping_result_num, a_stream->threadnum);
set_shaping_result_to_bridge(a_stream, shaping_result, shaping_result_num, a_stream->threadnum);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1);
set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
return 0;
}
static int master_deal_s_chaining_result(const struct streaminfo *a_stream, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num)
{
set_s_chaining_result_to_bridge(a_stream, s_chaining_result, s_chaining_result_num, a_stream->threadnum);
return 0;
}
@@ -1830,7 +1967,6 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
{
struct Maat_rule_t *p_result=NULL;
unsigned char state=APP_STATE_GIVEME;
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
int security_result_num=tsg_fetch_hited_security_result(result, hit_num, security_result, MAX_RESULT_NUM);
@@ -1863,7 +1999,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
if(is_deny_after_N_packets(p_result))
{
set_security_result_to_project(a_stream, p_result, 1, PULL_FW_RESULT, a_stream->threadnum);
set_security_result_to_bridge(a_stream, p_result, 1, PULL_FW_RESULT, a_stream->threadnum);
if(a_stream->type==STREAM_TYPE_TCP)
{
break;
@@ -1882,7 +2018,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
break;
}
tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum);
set_security_result_to_project(a_stream, security_result, security_result_num, PULL_FW_RESULT, a_stream->threadnum);
set_security_result_to_bridge(a_stream, security_result, security_result_num, PULL_FW_RESULT, a_stream->threadnum);
break;
case TSG_ACTION_BYPASS:
context->is_hited_allow=1;
@@ -1900,7 +2036,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
break;
}
set_security_result_to_project(a_stream, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum);
set_security_result_to_bridge(a_stream, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
@@ -1913,12 +2049,20 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
set_log_field_to_project(a_stream, context->domain, context->para, context->proto, a_stream->threadnum);
}
struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
int shaping_result_num=tsg_fetch_hited_shaping_result(result, hit_num, shaping_result, MAX_RESULT_NUM);
if(state==APP_STATE_GIVEME && shaping_result_num>0)
{
master_deal_shaping_result(a_stream, shaping_result, shaping_result_num);
}
struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0};
int s_chaining_result_num=tsg_fetch_hited_s_chaining_result(result, hit_num, s_chaining_result, MAX_RESULT_NUM);
if(state==APP_STATE_GIVEME && s_chaining_result_num>0)
{
master_deal_s_chaining_result(a_stream, s_chaining_result, s_chaining_result_num);
}
return state;
}
@@ -2174,7 +2318,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
{
continue;
}
hit_num+=scan_application_id_and_properties(a_stream, hited_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq);
hit_num+=scan_application_id_and_properties(a_stream, hited_result+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq);
}
if(context->session_flag>0)
@@ -2244,7 +2388,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
break;
case TSG_ACTION_MONITOR:
tsg_notify_hited_monitor_result(a_stream, security_result, hit_num, thread_seq);
set_security_result_to_project(a_stream, security_result, security_result_num, PULL_FW_RESULT,thread_seq);
set_security_result_to_bridge(a_stream, security_result, security_result_num, PULL_FW_RESULT,thread_seq);
break;
default:
break;
@@ -2256,6 +2400,13 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
{
master_deal_shaping_result(a_stream, shaping_result, shaping_result_num);
}
struct Maat_rule_t s_chaining_result[MAX_RESULT_NUM]={0};
int s_chaining_result_num=tsg_fetch_hited_s_chaining_result(hited_result, hit_num, s_chaining_result, MAX_RESULT_NUM);
if(state==APP_STATE_GIVEME && s_chaining_result_num>0)
{
master_deal_s_chaining_result(a_stream, s_chaining_result, s_chaining_result_num);
}
}
Maat_clean_status(&scan_mid);
@@ -2348,6 +2499,8 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo
{
return APP_STATE_DROPME;
}
send_control_packet_in_pending(a_udp, a_udp->opstate);
*pme=dictator_malloc(thread_seq, sizeof(struct udp_context));
memset(*pme, 0, sizeof(struct udp_context));
@@ -2380,6 +2533,8 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo
{
dictator_free(thread_seq, *pme);
*pme=NULL;
send_control_packet_in_closing(a_udp, a_udp->opstate);
}
return (state1|state2);
@@ -2390,12 +2545,13 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp,
struct tcpall_context *_context=(struct tcpall_context *)(*pme);
if(*pme==NULL)
{
{
send_control_packet_in_pending(a_tcp, a_tcp->pktstate);
*pme=(void *)tsg_get_xxx_from_bridge(a_tcp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id);
if(*pme==NULL)
{
*pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
memset(*pme, 0, sizeof(struct tcpall_context));
memset(*pme, 0, sizeof(struct tcpall_context));
tsg_set_xxx_to_bridge(a_tcp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)(*pme));
}
@@ -2408,7 +2564,14 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp,
_context->set_latency_flag=set_tcp_establish_latency_ms(a_tcp, thread_seq, a_packet);
}
return tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet);
unsigned char state=tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet);
if(state&APP_STATE_DROPME || a_tcp->pktstate==OP_STATE_CLOSE)
{
send_control_packet_in_closing(a_tcp, a_tcp->pktstate);
}
return state;
}
extern "C" int TSG_MASTER_INIT()
@@ -2456,6 +2619,8 @@ extern "C" int TSG_MASTER_INIT()
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "IENTIFY_APP_MAX_PKT_NUM", &g_tsg_para.identify_app_max_pkt_num, 20);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "FEATURE_TAMPER", &g_tsg_para.feature_tamper, 0);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SERVICE_CHAINING_SID", &g_tsg_para.service_chaining_sid, 1);
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SHAPING_SID", &g_tsg_para.shaping_sid, 2);
ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
if(ret<0)
@@ -2529,7 +2694,9 @@ extern "C" int TSG_MASTER_INIT()
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ...");
return -1;
}
g_tsg_para.send_resetall=0;
return 0;
}

11
src/tsg_entry.h
View File

@@ -34,6 +34,15 @@ typedef int atomic_t;
#include <alsa/iatomic.h>
#endif
#ifndef TM_FALSE
#define TM_FALSE 0
#endif
#ifndef TM_TRUE
#define TM_TRUE 1
#endif
#ifndef FLAG_FALSE
#define FLAG_FALSE 0
#endif
@@ -246,6 +255,6 @@ int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo
int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
int tsg_fetch_hited_s_chaining_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num);
#endif

29
src/tsg_rule.cpp
View File

@@ -3464,7 +3464,7 @@ int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_
int result_cnt=0;
for(int i=0; i<hited_result_num; i++)
{
if(hited_result[i].action==TSG_ACTION_SHAPING)
if(hited_result[i].action==TSG_ACTION_SHAPING || hited_result[i].action==TSG_ACTION_S_CHAINING)
{
continue;
}
@@ -3479,3 +3479,30 @@ int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_
return result_cnt;
}
int tsg_fetch_hited_s_chaining_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *s_chaining_result, int s_chaining_result_num)
{
if(hited_result==NULL || hited_result_num<=0 || s_chaining_result==NULL || s_chaining_result_num<=0)
{
return 0;
}
int result_cnt=0;
for(int i=0; i<hited_result_num; i++)
{
if(hited_result[i].action!=TSG_ACTION_S_CHAINING)
{
continue;
}
if(result_cnt>=s_chaining_result_num)
{
break;
}
memcpy(&(s_chaining_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t));
}
return result_cnt;
}

180
src/tsg_sync_state.cpp Normal file
View File

@@ -0,0 +1,180 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <MESA/cJSON.h>
#include "tsg_sync_state.h"
#include "tsg_send_log.h"
// i don't need this
int set_exec_profile_ids(const struct streaminfo *a_stream, struct parse_handle *p);
const char *policy_key[ POLICY_UPDATE_MAX] =
{
"service_chaining",
"shaping",
};
static int tsg_send_ctrl_pkt(const struct streaminfo *a_stream, cJSON *object)
{
if (object == NULL)
{
return -1;
}
char *payload = NULL;
uint64_t session_id = tsg_get_stream_id((struct streaminfo *)a_stream);
// tsg_get_stream_id maybe return -1
if (session_id && session_id != (uint64_t)-1)
{
char trace_id[128]={0};
snprintf(trace_id, sizeof(trace_id), "%lu", session_id);
cJSON_AddStringToObject(object, "session_id", trace_id);
}
cJSON_AddStringToObject(object, "tsync", "1.0");
payload = cJSON_PrintUnformatted(object);
if (payload == NULL)
{
cJSON_Delete(object);
return -1;
}
// send//
sapp_inject_ctrl_pkt((struct streaminfo *)a_stream, SIO_DEFAULT, payload, strlen(payload)+1, a_stream->routedir);
cJSON_free(payload);
cJSON_Delete(object);
return 0;
}
int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state)
{
if (a_stream == NULL)
{
return -1;
}
cJSON *object = cJSON_CreateObject();
if (state== OP_STATE_PENDING)
{
cJSON_AddStringToObject(object, "state", "opening");
}
else if (state == OP_STATE_CLOSE)
{
cJSON_AddStringToObject(object, "state", "closing");
}
else
{
cJSON_Delete(object);
return -1;
}
return tsg_send_ctrl_pkt(a_stream, object);
}
int tsg_sync_resetall_state(const struct streaminfo *a_stream)
{
if (a_stream == NULL)
{
return -1;
}
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "resetall");
return tsg_send_ctrl_pkt(a_stream, object);
}
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num)
{
if (a_stream == NULL || policy_array == NULL || policy_array_num > (int) POLICY_UPDATE_MAX || policy_array_num <= 0)
{
return -1;
}
cJSON *params_object = NULL;
cJSON *policy_arr = NULL;
cJSON *object = cJSON_CreateObject();
cJSON_AddStringToObject(object, "state", "active");
cJSON_AddStringToObject(object, "method", "policy_update");
params_object = cJSON_AddObjectToObject(object, "params");
for (int i = 0; i < policy_array_num; i ++)
{
policy_arr = cJSON_CreateIntArray(policy_array[i].ids, policy_array[i].id_num);
if (policy_arr == NULL || policy_array[i].type >= POLICY_UPDATE_MAX)
{
cJSON_Delete(object);
return -1;
}
cJSON_AddItemToObject(params_object, policy_key[policy_array[i].type], policy_arr);
policy_arr = NULL;
}
return tsg_send_ctrl_pkt(a_stream, object);
}
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len)
{
if (a_stream == NULL || payload == NULL || payload_len == 0)
{
return -1;
}
char *state = NULL;
char *method = NULL;
char *tsync = NULL;
cJSON *params_object = NULL;
cJSON *sf_ids_array = NULL;
struct parse_handle result = {0};
cJSON *object = cJSON_Parse((char *)payload);
if (object == NULL)
{
return -1;
}
tsync = cJSON_GetObjectItem(object, "tsync")->valuestring;
memcpy(result.tsync, tsync, strlen(tsync));
//result.session_id = (uint64_t)atoll(cJSON_GetObjectItem(object, "session_id")->string);
state = cJSON_GetObjectItem(object, "state")->valuestring;
memcpy(result.state, state, strlen(state));
method = cJSON_GetObjectItem(object, "method")->valuestring;
memcpy(result.method, method, strlen(method));
params_object = cJSON_GetObjectItem(object, "params");
sf_ids_array = cJSON_GetObjectItem(params_object, "sf_profile_ids");
result.sf_ids.id_num = cJSON_GetArraySize(sf_ids_array);
for (int i = 0; i < result.sf_ids.id_num; i ++)
{
result.sf_ids.ids[i] = cJSON_GetArrayItem(sf_ids_array, i)->valueint;
}
//set_exec_profile_ids(a_stream, &result);
cJSON_Delete(object);
return 0;
}
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state)
{
return tsg_send_session_state(a_stream, state);
}
int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char state)
{
tsg_send_session_state(a_stream, state);
return 0;
}

40
src/tsg_sync_state.h Normal file
View File

@@ -0,0 +1,40 @@
#ifndef TSG_SESSION_STATE_H
#define TSG_SESSION_STATE_H
#include <stdint.h>
#include <MESA/stream.h>
enum policy_type
{
POLICY_UPDATE_SERVICE_CHAINING = 0,
POLICY_UPDATE_SHAPING,
POLICY_UPDATE_MAX
};
struct update_policy
{
enum policy_type type;
int id_num;
int ids[8];
};
// i don't need this
struct parse_handle
{
char tsync[8];
uint64_t session_id;
char state[8];
char method[16];
struct update_policy sf_ids;
};
int tsg_sync_resetall_state(const struct streaminfo *a_stream);
int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_array, int policy_array_num);
int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len);
#endif //TSG_SESSION_STATE_H

10
src/tsg_variable.h
View File

@@ -13,6 +13,11 @@ enum TSG_FS2_TYPE
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_SHAPING,
TSG_FS2_S_CHAINING,
TSG_FS2_CTRL_OPENING,
TSG_FS2_CTRL_CLOSING,
TSG_FS2_CTRL_ACTIVE,
TSG_FS2_CTRL_RESETALL,
TSG_FS2_EXCLUSION,
TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT,
@@ -124,7 +129,7 @@ enum MASTER_DYNAMIC_TABLE
#endif
#ifndef MAX_TSG_ALL_RESULT_NUM
#define MAX_TSG_ALL_RESULT_NUM MAX_RESULT_NUM*2
#define MAX_TSG_ALL_RESULT_NUM MAX_RESULT_NUM*3
#endif
#ifndef MAX_STRING_LEN32
@@ -171,6 +176,8 @@ typedef struct tsg_para
int hash_slot_size;
int hash_thread_safe;
int feature_tamper;
int service_chaining_sid;
int shaping_sid;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int identify_app_max_pkt_num;
@@ -191,6 +198,7 @@ typedef struct tsg_para
char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN];
struct bridge_info bridge[BRIDGE_TYPE_MAX];
int send_resetall;
void *logger;
void *maat_logger;
struct reset_argv reset;