gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持扫描PROTOCIOL

Browse Source
This commit is contained in:
liuxueli
2020-01-10 17:26:33 +08:00
parent 2546578fd5
commit cba2dbfab0
5 changed files with 273 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
bin/tsg_static_tableinfo.conf
View File

@@ -17,25 +17,26 @@
6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0
6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0 6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0
7 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK yes 0 7 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK yes 0
8 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 8 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0
9 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- 9 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0
10 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- 10 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
11 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- 11 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
12 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- 12 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
13 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- 13 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
14 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- 14 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
15 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- 15 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
16 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- 16 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
17 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- 17 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
18 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- 18 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- 19 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- 20 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- 21 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- 22 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- 23 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- 24 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- 25 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- 26 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- 27 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- 28 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
29 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} -- 29 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
30 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} --

9
inc/tsg_rule.h
View File

@@ -65,15 +65,6 @@ int tsg_rule_init(const char *conffile, void *logger);
int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
//return 0 if failed, return >0 on success;
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
//return -1 if failed, return 0 on success;
int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
//return value: -1: failed, 0: not hit, >0: hit count
int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
//return NULL if none exists, otherwise return one deny rule; //return NULL if none exists, otherwise return one deny rule;
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);

174
src/tsg_entry.cpp
View File

@@ -3,6 +3,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <assert.h> #include <assert.h>
#include <MESA/http.h>
#include <MESA/stream.h> #include <MESA/stream.h>
#include <MESA/MESA_prof_load.h> #include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h> #include <MESA/MESA_handle_logger.h>
@@ -12,6 +13,7 @@
#include "tsg_send_log.h" #include "tsg_send_log.h"
#include "tsg_statistic.h" #include "tsg_statistic.h"
#include "tsg_send_log_internal.h" #include "tsg_send_log_internal.h"
#include "tsg_ssl_utils.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
@@ -35,7 +37,7 @@ static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL;
#endif #endif
char TSG_MASTER_VERSION_20191226=0; char TSG_MASTER_VERSION_20200110=0;
const char *tsg_conffile="tsgconf/main.conf"; const char *tsg_conffile="tsgconf/main.conf";
g_tsg_para_t g_tsg_para; g_tsg_para_t g_tsg_para;
@@ -47,27 +49,74 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "link
{TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}, {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"},
{TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"} {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"}
}; };
static void free_policy_label(int thread_seq, void *project_req_value) static void free_policy_label(int thread_seq, void *project_req_value)
{ {
dictator_free(thread_seq, project_req_value); dictator_free(thread_seq, project_req_value);
project_req_value=NULL; project_req_value=NULL;
} }
static char *schema_index2string(tsg_protocol_t proto)
{
char *schema_field_value=NULL;
switch(proto)
{
case PROTO_HTTP:
schema_field_value=(char *)"HTTP";
break;
case PROTO_SSL:
schema_field_value=(char *)"SSL";
break;
case PROTO_DNS:
schema_field_value=(char *)"DNS";
break;
case PROTO_FTP:
schema_field_value=(char *)"FTP";
break;
case PROTO_BGP:
schema_field_value=(char *)"BGP";
break;
case PROTO_SIP:
schema_field_value=(char *)"SIP";
break;
case PROTO_MAIL:
schema_field_value=(char *)"MAIL";
break;
case PROTO_STREAMING_MEDIA:
schema_field_value=(char *)"STREAMING_MEDIA";
break;
default:
break;
}
return schema_field_value;
}
static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct _identify_info *identify_info, int thread_seq) static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct _identify_info *identify_info, int thread_seq)
{ {
tsg_log_t log_msg; tsg_log_t log_msg;
char *domain_field_name=NULL; char *domain_field_name=NULL;
char *schema_field_name=NULL; char *schema_field_name=NULL;
char *schema_field_value=NULL;
struct TLD_handle_t *TLD_handle=NULL; struct TLD_handle_t *TLD_handle=NULL;
TLD_handle=TLD_create(thread_seq); TLD_handle=TLD_create(thread_seq);
if(identify_info!=NULL) if(identify_info!=NULL && (identify_info->proto>PROTO_UNKONWN) && (identify_info->proto<PROTO_MAX))
{ {
schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE);
TLD_append(TLD_handle, schema_field_name, (void *)((identify_info->proto==PROTO_HTTP) ? "HTTP" : "SSL"), TLD_TYPE_STRING);
schema_field_value=schema_index2string(identify_info->proto);
domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info->proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI)); if(schema_field_value!=NULL)
TLD_append(TLD_handle, domain_field_name, (void *)identify_info->domain, TLD_TYPE_STRING); {
TLD_append(TLD_handle, schema_field_name, (void *)schema_field_value, TLD_TYPE_STRING);
}
if(identify_info->proto==PROTO_HTTP || identify_info->proto==PROTO_SSL)
{
domain_field_name=log_field_id2name(g_tsg_log_instance, ((identify_info->proto==PROTO_HTTP) ? LOG_HTTP_HOST : LOG_SSL_SNI));
TLD_append(TLD_handle, domain_field_name, (void *)identify_info->domain, TLD_TYPE_STRING);
}
} }
log_msg.a_stream=a_stream; log_msg.a_stream=a_stream;
@@ -110,9 +159,80 @@ static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int
return p_result; return p_result;
} }
static int identify_application_protocol(struct streaminfo *a_stream, struct _identify_info *identify_info)
{
int ret=0;
identify_info->proto = PROTO_UNKONWN;
//http
char *host = NULL;
ret=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, DIR_C2S, &host);
if(ret>=0)
{
identify_info->proto=PROTO_HTTP;
if(ret==0)
{
identify_info->domain_len=0;
}
else
{
identify_info->domain_len=MIN(ret, (int)sizeof(identify_info->domain) - 1);
strncpy(identify_info->domain, host, identify_info->domain_len);
}
return 1;
}
//ssl
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
struct ssl_chello *chello = NULL;
chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
if(chello_status==CHELLO_PARSE_SUCCESS)
{
identify_info->proto=PROTO_SSL;
if(chello->sni==NULL)
{
identify_info->domain_len = 0;
}
else
{
identify_info->domain_len = strnlen(chello->sni, sizeof(identify_info->domain) - 1);
strncpy(identify_info->domain, chello->sni, identify_info->domain_len);
}
ret=1;
}
ssl_chello_free(chello);
//dns
struct stream_tuple4_v4 *tpl4 = NULL;
struct stream_tuple4_v6 *tpl6 = NULL;
switch(a_stream->addr.addrtype)
{
case ADDR_TYPE_IPV4:
tpl4=a_stream->addr.tuple4_v4;
if((ntohs(tpl4->source)==53) || (ntohs(tpl4->dest)==53))
{
identify_info->proto=PROTO_DNS;
}
break;
case ADDR_TYPE_IPV6:
tpl6=a_stream->addr.tuple4_v6;
if((ntohs(tpl6->source)==53) || (ntohs(tpl6->dest)==53))
{
identify_info->proto=PROTO_DNS;
}
break;
default:
break;
}
return ret;
}
extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
{ {
int identify_flag=0;
int ret=0,hit_num=0; int ret=0,hit_num=0;
int state=APP_STATE_DROPME; int state=APP_STATE_DROPME;
scan_status_t mid=NULL; scan_status_t mid=NULL;
@@ -128,7 +248,10 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
case OP_STATE_PENDING: case OP_STATE_PENDING:
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1);
ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, PROTO_MAX, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num); memset(&identify_info, 0, sizeof(identify_info));
identify_application_protocol(a_tcp, &identify_info);
ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_tcp, identify_info.proto, &mid, all_result+hit_num, MAX_RESULT_NUM-hit_num);
if(ret>0) if(ret>0)
{ {
hit_num+=ret; hit_num+=ret;
@@ -146,22 +269,15 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
} }
else else
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d", MESA_handle_runtime_log(g_tsg_para.logger,
printaddr(&a_tcp->addr, thread_seq), ret); RLOG_LV_DEBUG,
"SCAN_IP",
"Not hit %s scan ret: %d",
printaddr(&a_tcp->addr, thread_seq), ret);
} }
memset(&identify_info, 0, sizeof(identify_info));
ret=tsg_scan_shared_policy(g_tsg_maat_feather, ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq);
a_tcp->ptcpdetail->pdata,
a_tcp->ptcpdetail->datalen,
all_result+hit_num,
MAX_RESULT_NUM-hit_num,
&identify_info,
&mid,
g_tsg_para.logger,
thread_seq);
if(ret>0) if(ret>0)
{ {
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
@@ -179,7 +295,6 @@ printaddr(&a_tcp->addr, thread_seq), ret);
); );
hit_num+=ret; hit_num+=ret;
identify_flag=1;
} }
else else
{ {
@@ -204,11 +319,18 @@ printaddr(&a_tcp->addr, thread_seq), ret);
case TSG_ACTION_DENY: case TSG_ACTION_DENY:
MESA_kill_tcp(a_tcp, a_packet); MESA_kill_tcp(a_tcp, a_packet);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s",
p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq));
master_send_log(a_tcp, p_result, 1, ((identify_flag==1) ? &identify_info : NULL), thread_seq); master_send_log(a_tcp, p_result, 1, &identify_info, thread_seq);
state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER;
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"DENY",
"Hit deny policy, policy_id: %d action: %d addr: %s",
p_result[0].config_id,
p_result[0].action,
printaddr(&a_tcp->addr, thread_seq)
);
break; break;
case TSG_ACTION_MONITOR: case TSG_ACTION_MONITOR:
if(q_result!=NULL && (p_result==q_result)) if(q_result!=NULL && (p_result==q_result))

24
src/tsg_entry.h
View File

@@ -5,6 +5,21 @@
#include <MESA/field_stat2.h> #include <MESA/field_stat2.h>
#include "tsg_rule.h" #include "tsg_rule.h"
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
enum MASTER_TABLE{
TABLE_IP_ADDR=0,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_MAX
};
enum TSG_FS2_TYPE{ enum TSG_FS2_TYPE{
TSG_FS2_LINKS=0, TSG_FS2_LINKS=0,
TSG_FS2_BYPASS, TSG_FS2_BYPASS,
@@ -40,14 +55,15 @@ struct _master_context
struct Maat_rule_t *result; struct Maat_rule_t *result;
}; };
#define _MAX_TABLE_NAME_LEN 64
typedef struct _tsg_para typedef struct _tsg_para
{ {
int device_id; int device_id;
int ip_addr_table_id; int table_id[TABLE_MAX];
int subscribe_id_table_id;
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
int priority_project_id; int priority_project_id;
int fs2_field_id[TSG_FS2_MAX]; int fs2_field_id[TSG_FS2_MAX];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
void *logger; void *logger;
screen_stat_handle_t fs2_handle; screen_stat_handle_t fs2_handle;
}g_tsg_para_t; }g_tsg_para_t;
@@ -125,4 +141,6 @@ typedef struct _tsg_statistic
int tsg_statistic_init(const char *conffile, void *logger); int tsg_statistic_init(const char *conffile, void *logger);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct _identify_info *identify_info, Maat_rule_t *result, int result_num, scan_status_t *mid, int thread_seq);
#endif #endif

184
src/tsg_rule.cpp
View File

@@ -11,7 +11,6 @@
#include "Maat_rule.h" #include "Maat_rule.h"
#include "Maat_command.h" #include "Maat_command.h"
#include "MESA/http.h" #include "MESA/http.h"
#include "tsg_ssl_utils.h"
#include "tsg_rule.h" #include "tsg_rule.h"
#include "tsg_entry.h" #include "tsg_entry.h"
@@ -21,10 +20,6 @@ Maat_feather_t g_tsg_dynamic_maat_feather;
#define MAX_PATH_LEN 1024 #define MAX_PATH_LEN 1024
#define MAX_IPV6_ADDR_LEN 128 #define MAX_IPV6_ADDR_LEN 128
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
enum kni_scan_table{ enum kni_scan_table{
TSG_FIELD_SSL_SNI, TSG_FIELD_SSL_SNI,
TSG_FIELD_HTTP_HOST, TSG_FIELD_HTTP_HOST,
@@ -42,6 +37,21 @@ const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNK
{TSG_METHOD_TYPE_RESET, 3, (char *)"rst"} {TSG_METHOD_TYPE_RESET, 3, (char *)"rst"}
}; };
const struct _str2index g_tsg_proto_string[PROTO_MAX+1]={{PROTO_UNKONWN, 0, (char *)""},
{PROTO_IPv4, 5, (char *)"IPv4."},
{PROTO_IPv6, 5, (char *)"IPv6."},
{PROTO_TCP, 4, (char *)"TCP."},
{PROTO_UDP, 4, (char *)"UDP."},
{PROTO_HTTP, 5, (char *)"HTTP."},
{PROTO_MAIL, 5, (char *)"MAIL."},
{PROTO_DNS, 4, (char *)"DNS."},
{PROTO_FTP, 4, (char *)"FTP."},
{PROTO_SSL, 4, (char *)"SSL."},
{PROTO_SIP, 4, (char *)"SIP."},
{PROTO_BGP, 4, (char *)"BGP."},
{PROTO_STREAMING_MEDIA, 16, (char *)"STREAMING_MEDIA."},
{PROTO_MAX, 0, (char *)""}
};
void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp)
{ {
@@ -200,16 +210,16 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
int tsg_rule_init(const char* conffile, void *logger) int tsg_rule_init(const char* conffile, void *logger)
{ {
int ret=0; int i=0,ret=0;
char maat_conffile[256]={0}; char maat_conffile[256]={0};
char ip_addr_table[32]={0};
char subscriber_id_table[32]={0};
char cb_subscriber_ip_table[32]={0}; char cb_subscriber_ip_table[32]={0};
MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf"); MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf");
MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR"); MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_OBJ_IP_ADDR");
MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID"); MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST");
MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI");
//init dynamic maat feather //init dynamic maat feather
g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger); g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger);
@@ -218,29 +228,16 @@ int tsg_rule_init(const char* conffile, void *logger)
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_STATIC", "STATIC"); MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_STATIC", "STATIC");
return -1; return -1;
} }
g_tsg_para.ip_addr_table_id=Maat_table_register(g_tsg_maat_feather, ip_addr_table);
if(g_tsg_para.ip_addr_table_id<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "Maat_table_register %s failed", ip_addr_table);
return -1;
}
g_tsg_para.subscribe_id_table_id=Maat_table_register(g_tsg_maat_feather, subscriber_id_table);
if(g_tsg_para.subscribe_id_table_id<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_table_register %s failed", subscriber_id_table);
return -1;
}
// init sni or host share table for(i=0; i<TABLE_MAX; i++)
ret=tsg_shared_table_init(conffile, g_tsg_maat_feather, logger);
if(ret<0)
{ {
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "tsg_shared_table_init %s failed"); g_tsg_para.table_id[i]=Maat_table_register(g_tsg_maat_feather, g_tsg_para.table_name[i]);
return -1; if(g_tsg_para.table_id[i]<0)
} {
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "Maat_table_register %s failed, Please check tsgconf/tsg_static_tableinfo.conf", g_tsg_para.table_name[i]);
return -1;
}
}
//init dynamic maat feather //init dynamic maat feather
g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger); g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger);
@@ -275,59 +272,6 @@ int tsg_rule_init(const char* conffile, void *logger)
return 0; return 0;
} }
static void protocol_identify(char *buff, int buff_len, struct _identify_info *result){
result->proto = PROTO_UNKONWN;
//http
char *host = NULL;
int ret = http_host_parser(buff, (uint32_t)buff_len, DIR_C2S, &host);
//printf("http_host_parse: ret = %d, buff_len = %d, buff = %s\n", ret, buff_len, buff);
if(ret >= 0){
result->proto = PROTO_HTTP;
if(ret == 0){
result->domain_len = 0;
}
else{
result->domain_len = MIN(ret, (int)sizeof(result->domain) - 1);
strncpy(result->domain, host, result->domain_len);
}
return;
}
//ssl
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
struct ssl_chello *chello = NULL;
chello = ssl_chello_parse((const unsigned char*)buff, buff_len, &chello_status);
if(chello_status == CHELLO_PARSE_SUCCESS){
result->proto = PROTO_SSL;
if(chello->sni == NULL){
result->domain_len = 0;
}
else{
result->domain_len = strnlen(chello->sni, sizeof(result->domain) - 1);
strncpy(result->domain, chello->sni, result->domain_len);
}
}
ssl_chello_free(chello);
return;
}
//return -1 if failed, return 0 on success;
int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger){
g_tsg_maat_feather = maat_feather;
g_kni_scan_table_name[TSG_FIELD_HTTP_HOST] = "TSG_FIELD_HTTP_HOST";
g_kni_scan_table_name[TSG_FIELD_SSL_SNI] = "TSG_FIELD_SSL_SNI";
int i;
for(i = 0; i < SCAN_TABLE_MAX; i++){
g_kni_scan_tableid[i] = Maat_table_register(maat_feather, g_kni_scan_table_name[i]);
if(g_kni_scan_tableid[i] < 0){
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "Failed at Maat_table_register, tablename = %s, ret = %d",
g_kni_scan_table_name[i], g_kni_scan_tableid[i]);
return -1;
}
}
return 0;
}
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct _identify_info *identify_info) int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct _identify_info *identify_info)
{ {
int num=0; int num=0;
@@ -466,7 +410,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
} }
maat_ret=Maat_scan_proto_addr(maat_feather, maat_ret=Maat_scan_proto_addr(maat_feather,
g_tsg_para.ip_addr_table_id, g_tsg_para.table_id[TABLE_IP_ADDR],
p_addr, p_addr,
tans_proto, tans_proto,
result+hit_num, result+hit_num,
@@ -483,6 +427,24 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
}while(cur_stream != NULL && hit_num < result_num); }while(cur_stream != NULL && hit_num < result_num);
if(hit_num<result_num && proto>PROTO_UNKONWN && proto<PROTO_MAX)
{
maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.table_id[TABLE_APP_ID],
CHARSET_GBK,
g_tsg_proto_string[proto].type,
strlen(g_tsg_proto_string[proto].type),
result+hit_num,
&found_pos,
result_num-hit_num,
mid,
a_stream->threadnum);
if(maat_ret > 0)
{
hit_num+=maat_ret;
}
}
if(hit_num<result_num) if(hit_num<result_num)
{ {
@@ -491,7 +453,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
if(source_subscribe_id!=NULL) if(source_subscribe_id!=NULL)
{ {
maat_ret=Maat_full_scan_string(maat_feather, maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.subscribe_id_table_id, g_tsg_para.table_id[TABLE_SUBSCRIBER_ID],
CHARSET_GBK, CHARSET_GBK,
source_subscribe_id, source_subscribe_id,
strlen(source_subscribe_id), strlen(source_subscribe_id),
@@ -511,7 +473,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
if(dest_subscribe_id!=NULL) if(dest_subscribe_id!=NULL)
{ {
maat_ret=Maat_full_scan_string(maat_feather, maat_ret=Maat_full_scan_string(maat_feather,
g_tsg_para.subscribe_id_table_id, g_tsg_para.table_id[TABLE_SUBSCRIBER_ID],
CHARSET_GBK, CHARSET_GBK,
dest_subscribe_id, dest_subscribe_id,
strlen(dest_subscribe_id), strlen(dest_subscribe_id),
@@ -534,23 +496,39 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
//return value: -1: failed, 0: not hit, >0: hit count //return value: -1: failed, 0: not hit, >0: hit count
int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, int tsg_scan_shared_policy(Maat_feather_t maat_feather, struct _identify_info *identify_info, Maat_rule_t *result, int result_num, scan_status_t *mid, int thread_seq)
struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq)
{ {
memset(identify_info, 0, sizeof(*identify_info)); int ret=0,idx=0;
protocol_identify((char*)pkt, pkt_len, identify_info);
if(identify_info->proto != PROTO_SSL && identify_info->proto != PROTO_HTTP){ if(identify_info->proto!=PROTO_UNKONWN && identify_info->domain_len>0)
return -1; {
switch(identify_info->proto)
{
case PROTO_HTTP:
idx=TABLE_HTTP_HOST;
break;
case PROTO_SSL:
idx=TABLE_SSL_SNI;
break;
default:
return 0;
break;
}
ret=Maat_full_scan_string(g_tsg_maat_feather,
g_tsg_para.table_id[idx],
CHARSET_UTF8,
identify_info->domain,
identify_info->domain_len,
result,
NULL,
result_num,
mid,
thread_seq
);
} }
int tableid;
if(identify_info->proto == PROTO_SSL){ return ret;
tableid = g_kni_scan_tableid[TSG_FIELD_SSL_SNI];
}
else{
tableid = g_kni_scan_tableid[TSG_FIELD_HTTP_HOST];
}
return Maat_full_scan_string(g_tsg_maat_feather, tableid, CHARSET_UTF8, identify_info->domain, identify_info->domain_len,
result, NULL, result_num, mid, thread_seq);
} }