gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-7600: 根据APP_ID_DICT中的timeout时间设置流超时时间

Browse Source
This commit is contained in:
liuxueli
2021-09-02 17:19:06 +08:00
parent 093c02e3f0
commit cc4ff41cc9
5 changed files with 75 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
inc/tsg_rule.h
View File

@@ -50,8 +50,8 @@ struct app_id_dict
int parent_app_id;
int deny_action;
int continue_scanning;
int tcp_timeout;
int udp_timeout;
unsigned short tcp_timeout;
unsigned short udp_timeout;
int tcp_time_wait;
int tcp_half_close;
char *risk;

11
src/tsg_action.cpp
View File

@@ -30,7 +30,16 @@ static int set_drop_stream(const struct streaminfo *a_stream)
int opt_value=1;
MESA_set_stream_opt(a_stream, MSO_DROP_STREAM, (void *)&opt_value, sizeof(opt_value));
MESA_set_stream_opt(a_stream, MSO_DROP_CURRENT_PKT, (void *)&opt_value, sizeof(opt_value));
MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout));
int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)&g_tsg_para.timeout, sizeof(g_tsg_para.timeout));
if(ret<0)
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1);
}
else
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1);
}
return STATE_DROPME|STATE_DROPPKT;
}

71
src/tsg_entry.cpp
View File

@@ -77,7 +77,9 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
{0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
{0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
{0, TSG_FS2_DDOS_SUCCESS_LOG, "ddos_suc_log"},
{0, TSG_FS2_DDOS_FAILED_LOG, "ddos_fai_log"}
{0, TSG_FS2_DDOS_FAILED_LOG, "ddos_fai_log"},
{0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
{0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"}
};
id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
@@ -145,6 +147,48 @@ static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
return flags;
}
static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict *dict, unsigned short *timeout)
{
if(a_stream==NULL || dict==NULL)
{
return 0;
}
switch(a_stream->type)
{
case STREAM_TYPE_TCP:
if((*timeout) >= dict->tcp_timeout)
{
return 0;
}
*timeout=dict->tcp_timeout;
break;
case STREAM_TYPE_UDP:
if((*timeout) >= dict->udp_timeout)
{
return 0;
}
*timeout=dict->udp_timeout;
break;
default:
return 0;
}
int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short));
if(ret<0)
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1);
}
else
{
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1);
}
return 1;
}
static int get_device_id(char *command, int datacenter_id)
{
FILE *fp=NULL;
@@ -1198,7 +1242,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
return ret;
}
int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct app_identify_result *identify_result, int thread_seq)
int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq)
{
int i=0,hit_num=0;
char *name=NULL;
@@ -1211,23 +1255,24 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
if(dict!=NULL)
{
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->risk, (char *)"risk", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->category, (char *)"category", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->technology, (char *)"technology", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->subcategroy, (char *)"subcategroy", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->characteristics, (char *)"characteristics", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->risk, (char *)"risk", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->category, (char *)"category", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->technology, (char *)"technology", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategroy", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->app_name, identify_result->app_id[i], thread_seq);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq);
//hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq);
set_app_timeout(a_stream, dict, &(context->timeout));
app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
}
else
{
name=tsg_l7_protocol_id2name(identify_result->app_id[i]);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq);
hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq);
}
}
}
return hit_num;
}
@@ -1362,7 +1407,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
record_time_start(&(context->last_scan_time));
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, &(context->mid), identify_result, a_stream->threadnum);
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum);
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
{
@@ -1494,7 +1539,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
for(i=0; i<ORIGIN_MAX && identify_result!=NULL; i++)
{
hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, &(identify_result->result[i]), thread_seq);
hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(identify_result->result[i]), thread_seq);
}
p_result=tsg_policy_decision_criteria(scan_result, hit_num);

3
src/tsg_entry.h
View File

@@ -111,6 +111,8 @@ enum TSG_FS2_TYPE{
TSG_FS2_MIRRORED_BYTE_FAILED,
TSG_FS2_DDOS_SUCCESS_LOG,
TSG_FS2_DDOS_FAILED_LOG,
TSG_FS2_SET_TIMOUT_SUCCESS,
TSG_FS2_SET_TIMOUT_FAILED,
TSG_FS2_MAX
};
@@ -177,6 +179,7 @@ struct master_context
int is_esni;
int is_log;
int is_ratelimit;
unsigned short timeout;
char *domain;
scan_status_t mid;
struct Maat_rule_t *result;

4
src/tsg_rule.cpp
View File

@@ -509,8 +509,8 @@ static void app_id_dict_new(int table_id, const char* key, const char* table_lin
dict->characteristics=tsg_get_column_string_value(table_line, 7);
dict->deny_action=tsg_get_column_integer_value(table_line, 10);
dict->continue_scanning=tsg_get_column_integer_value(table_line, 11);
dict->tcp_timeout=tsg_get_column_integer_value(table_line, 12);
dict->udp_timeout=tsg_get_column_integer_value(table_line, 13);
dict->tcp_timeout=(unsigned short)tsg_get_column_integer_value(table_line, 12);
dict->udp_timeout=(unsigned short)tsg_get_column_integer_value(table_line, 13);
dict->tcp_half_close=tsg_get_column_integer_value(table_line, 14);
dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 15);
break;