gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13520,TSG-13356: 支持通过tsg_pull_shaping_result函数获取命中的shaping策略,增加common_shaping_rule_ids日志字段,支持通过bridge接口及时通知命中的shaping策略,增加gtest测试用例

Browse Source
This commit is contained in:
刘学利
2023-02-07 02:51:03 +00:00
parent 5328511bfb
commit ccf02881fa
24 changed files with 1126 additions and 434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

342
src/tsg_entry.cpp
View File

@@ -66,6 +66,7 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
{0, TSG_FS2_HIT_ADDR, "hit_addr"},
{0, TSG_FS2_HIT_SHARE, "hit_share"},
{0, TSG_FS2_INTERCEPT, "intercept"},
{0, TSG_FS2_SHAPING, "shaping"},
{0, TSG_FS2_EXCLUSION, "exclusion"},
{0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
{0, TSG_FS2_APP_Q_RESULT, "Q_result"},
@@ -880,6 +881,15 @@ static void free_tcpall_label(int thread_seq, void *project_req_value)
return ;
}
void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data)
{
if(data!=NULL)
{
dictator_free(stream->threadnum, data);
data=NULL;
}
}
void free_policy_label(int thread_seq, void *project_req_value)
{
if(project_req_value!=NULL)
@@ -956,84 +966,6 @@ static void copy_monitor_result(const struct streaminfo *a_stream, struct master
}
static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, PULL_RESULT_TYPE result_type, int thread_seq)
{
int ret=0;
struct policy_priority_label *priority_label=NULL;
priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
if(priority_label==NULL)
{
priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));
memset(priority_label, 0, sizeof(struct policy_priority_label));
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"DUP_HIT_POLICY",
"Hit policy, domain: %s policy_id: %d action: %d addr: %s",
(context->domain!=NULL ? context->domain : ""),
p_result->config_id,
(unsigned char)p_result->action,
PRINTADDR(a_stream, g_tsg_para.level)
);
}
priority_label->proto=context->proto;
if(context->domain!=NULL)
{
priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(context->domain));
memcpy(priority_label->domain, context->domain, priority_label->domain_len);
}
if(context->para!=NULL)
{
int length=strlen(context->http_url);
priority_label->para=dictator_malloc(thread_seq,length+1);
memcpy(priority_label->para, context->para, length);
((char *)priority_label->para)[length]='\0';
}
if(priority_label->result_num<=0 || (priority_label->result[0].action < p_result->action))
{
priority_label->result_num=1;
priority_label->result_type=result_type;
memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
}
ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
if(ret<0)
{
free_policy_label(thread_seq, (void *)priority_label);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_FATAL,
"PROJECT_ADD",
"Add policy_priority_label failed, policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s",
(context->domain!=NULL ? context->domain : ""),
(context->para!=NULL ? context->http_url : ""),
priority_label->result[0].config_id,
(unsigned char)priority_label->result[0].action,
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
}
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"COPY_RESULT",
"Hit policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s",
(context->domain!=NULL ? context->domain : ""),
(context->para!=NULL ? context->http_url : ""),
priority_label->result[0].config_id,
(unsigned char)priority_label->result[0].action,
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
}
static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq)
{
if(context->result==NULL)
@@ -1424,6 +1356,155 @@ char get_direction_from_tcpall(const struct streaminfo *a_stream)
return -1;
}
int get_shaping_result(struct Maat_rule_t *hit_result, int hit_num, struct Maat_rule_t *shaping_result, int shaping_result_num)
{
int shaping_cnt=0;
for(int i=0; i<hit_num; i++)
{
if(hit_result[i].action==TSG_ACTION_SHAPING && shaping_cnt<shaping_result_num)
{
memcpy(&shaping_result[shaping_cnt++], &hit_result[i], sizeof(struct Maat_rule_t));
}
}
return shaping_cnt;
}
static void set_shaping_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq)
{
if(p_result==NULL || p_result_num==0)
{
return ;
}
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get((struct streaminfo *)a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
if(shaping_label==NULL)
{
shaping_label=(struct notify_shaping_policy *)dictator_malloc(thread_seq, sizeof(struct notify_shaping_policy));
memset(shaping_label, 0, sizeof(struct notify_shaping_policy));
}
int inc_result_num=0;
struct Maat_rule_t *inc_result=&(shaping_label->shaping_result[shaping_label->shaping_result_num]);
int num=MIN(MAX_RESULT_NUM-shaping_label->shaping_result_num, p_result_num);
for(int i=0; i<num; i++)
{
int repeat_result=0;
for(int j=0; j<shaping_label->shaping_result_num+inc_result_num; j++)
{
if(p_result[i].config_id==shaping_label->shaping_result[j].config_id)
{
repeat_result=1;
break;
}
}
if(repeat_result==0)
{
memcpy(&(inc_result[inc_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t));
}
}
struct notify_shaping_policy sync_result={0, {0}};
sync_result.shaping_result_num=inc_result_num;
memcpy(sync_result.shaping_result, inc_result, inc_result_num*sizeof(struct Maat_rule_t));
stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)&sync_result);
shaping_label->shaping_result_num+=inc_result_num;
int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label);
if(ret<0)
{
free_shaping_result(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label);
return ;
}
}
int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq)
{
set_shaping_result_to_project(a_stream, result, result_num, thread_seq);
return 0;
}
static void set_security_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq)
{
if(p_result==NULL || p_result_num==0)
{
return ;
}
struct policy_priority_label *priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
if(priority_label==NULL)
{
priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));
memset(priority_label, 0, sizeof(struct policy_priority_label));
}
else
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"DUP_HIT_POLICY",
"Hit policy, domain: %s policy_id: %d action: %d addr: %s",
(context->domain!=NULL ? context->domain : ""),
p_result->config_id,
(unsigned char)p_result->action,
PRINTADDR(a_stream, g_tsg_para.level)
);
}
priority_label->proto=context->proto;
if(context->domain!=NULL)
{
priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(context->domain));
memcpy(priority_label->domain, context->domain, priority_label->domain_len);
}
if(context->para!=NULL)
{
int length=strlen(context->http_url);
priority_label->para=dictator_malloc(thread_seq,length+1);
memcpy(priority_label->para, context->para, length);
((char *)priority_label->para)[length]='\0';
}
if(priority_label->security_result_num<=0 || (priority_label->security_result[0].action < p_result->action))
{
priority_label->security_result_num=1;
priority_label->result_type=result_type;
memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t));
}
int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
if(ret<0)
{
free_policy_label(thread_seq, (void *)priority_label);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_FATAL,
"PROJECT_ADD",
"Add policy_priority_label failed, policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s",
(context->domain!=NULL ? context->domain : ""),
(context->para!=NULL ? context->http_url : ""),
priority_label->security_result[0].config_id,
(unsigned char)priority_label->security_result[0].action,
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
}
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"COPY_RESULT",
"Hit policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s",
(context->domain!=NULL ? context->domain : ""),
(context->para!=NULL ? context->http_url : ""),
priority_label->security_result[0].config_id,
(unsigned char)priority_label->security_result[0].action,
PRINTADDR(a_stream, g_tsg_para.level)
);
return ;
}
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq)
{
@@ -1654,6 +1735,11 @@ struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result
for(i=0; i<result_num; i++)
{
if((unsigned char)result[i].action==TSG_ACTION_SHAPING)
{
continue;
}
if(p_result==NULL)
{
p_result=&result[i];
@@ -1947,10 +2033,23 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
return hit_num;
}
static int master_deal_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int hit_num)
{
//get shaping rule
struct Maat_rule_t shaping_result[hit_num];
int shaping_result_num=get_shaping_result(result, hit_num, shaping_result, hit_num);
set_shaping_result_to_project(a_stream, shaping_result, shaping_result_num, a_stream->threadnum);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1);
set_method_to_tcpall(a_stream, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
return 0;
}
static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet)
{
Maat_rule_t *p_result=NULL;
unsigned char state=APP_STATE_GIVEME;
unsigned char state=APP_STATE_GIVEME;
p_result=tsg_policy_decision_criteria(result, hit_num);
if(p_result!=NULL)
@@ -1977,7 +2076,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER))
{
copy_deny_result(a_stream, context, p_result, a_stream->threadnum);
copy_result_to_project(a_stream, context, p_result, PULL_FW_RESULT, a_stream->threadnum);
set_security_result_to_project(a_stream, context, p_result, 1, PULL_FW_RESULT, a_stream->threadnum);
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_DEBUG,
"DENY",
@@ -1999,7 +2098,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
break;
case TSG_ACTION_BYPASS:
copy_bypass_result(a_stream, context, p_result, a_stream->threadnum);
copy_result_to_project(a_stream, context, p_result, PULL_FW_RESULT, a_stream->threadnum);
set_security_result_to_project(a_stream, context, p_result, 1, PULL_FW_RESULT, a_stream->threadnum);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
@@ -2012,7 +2111,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
break;
}
copy_result_to_project(a_stream, context, p_result, PULL_KNI_RESULT, a_stream->threadnum);
set_security_result_to_project(a_stream, context, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum);
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
@@ -2023,6 +2122,11 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream,
}
}
if(state==APP_STATE_GIVEME)
{
master_deal_shaping_result(a_stream, result, hit_num);
}
return state;
}
@@ -2030,7 +2134,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
{
int hit_num=0,app_id=-1;
int is_parent_ssl=0;
struct master_context *context=NULL;
struct master_context *context=NULL;
struct gather_app_result *gather_result=NULL;
struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL;
struct app_identify_result *identify_result=(struct app_identify_result *)data;
@@ -2139,7 +2243,6 @@ static int session_flags_identify_result_cb(const struct streaminfo *a_stream, i
context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL);
return 0;
}
@@ -2248,7 +2351,6 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
}
hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet);
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
context->deal_pkt_num++;
break;
@@ -2348,7 +2450,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
struct Maat_rule_t *p_result=NULL;
unsigned char state=APP_STATE_GIVEME;
struct identify_info tmp_identify_info;
struct Maat_rule_t result[MAX_RESULT_NUM]={0};
struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
struct tcpall_context *all_context=(struct tcpall_context *)(*pme);
if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW && !(all_context->udp_data_dropme))
@@ -2359,21 +2461,29 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
all_context->default_policy_after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id);
}
hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM);
hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, security_result, MAX_RESULT_NUM);
if(hit_num>0)
{
p_result=tsg_policy_decision_criteria(result, hit_num);
switch(p_result->action)
p_result=tsg_policy_decision_criteria(security_result, hit_num);
if(p_result!=NULL)
{
case TSG_ACTION_DENY:
state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
master_send_log(a_stream, p_result, 1, NULL, thread_seq);
break;
case TSG_ACTION_MONITOR:
tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq);
break;
default:
break;
switch(p_result->action)
{
case TSG_ACTION_DENY:
state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
master_send_log(a_stream, p_result, 1, NULL, thread_seq);
break;
case TSG_ACTION_MONITOR:
tsg_notify_hited_monitor_result(a_stream, security_result, hit_num, thread_seq);
break;
default:
break;
}
}
if(state==APP_STATE_GIVEME)
{
master_deal_shaping_result(a_stream, security_result, hit_num);
}
}
@@ -2396,21 +2506,22 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
}
break;
case TSG_METHOD_TYPE_TAMPER:
if(0 == send_tamper_xxx(a_stream, &all_context->tamper_count, a_packet)){
state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
}
break;
case TSG_METHOD_TYPE_TAMPER:
if(0 == send_tamper_xxx(a_stream, &all_context->tamper_count, a_packet))
{
state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
}
break;
case TSG_METHOD_TYPE_DEFAULT:
if(!is_do_default_policy(a_stream, all_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE)
{
break;
}
if(get_default_policy(g_tsg_para.default_compile_id, &result[0]))
if(get_default_policy(g_tsg_para.default_compile_id, &security_result[0]))
{
state=tsg_deal_deny_action(a_stream, &result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
master_send_log(a_stream, &result[0], 1, NULL, thread_seq);
state=tsg_deal_deny_action(a_stream, &security_result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
master_send_log(a_stream, &security_result[0], 1, NULL, thread_seq);
}
break;
case TSG_METHOD_TYPE_DROP:
@@ -2424,7 +2535,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
break;
}
ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &result[0], 1, &tmp_identify_info);
ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &security_result[0], 1, &tmp_identify_info);
if(ret<=0)
{
break;
@@ -2432,11 +2543,11 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
if(all_context->hited_para.hited_app_id<=0)
{
state=tsg_deal_deny_action(a_stream, &result[0], all_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet);
state=tsg_deal_deny_action(a_stream, &security_result[0], all_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet);
}
else
{
state=tsg_deny_application(a_stream, &result[0], all_context->protocol, all_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet);
state=tsg_deny_application(a_stream, &security_result[0], all_context->protocol, all_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet);
}
break;
default:
@@ -2625,6 +2736,7 @@ extern "C" int TSG_MASTER_INIT()
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
MESA_load_profile_string_def(tsg_conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_FLAGS],_MAX_TABLE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA");
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT],_MAX_TABLE_NAME_LEN, "NOTIFY_SHAPING_RESULT");
for(i=0; i<BRIDGE_TYPE_MAX; i++)
{
@@ -2659,6 +2771,18 @@ extern "C" int TSG_MASTER_INIT()
return -1;
}
ret=stream_bridge_register_data_free_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], free_shaping_result);
if(ret<0)
{
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_FATAL,
"APP_BRIDGE",
"Register async free callback failed, bridge_name: %d",
g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]
);
return -1;
}
g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label);
if(g_tsg_para.context_project_id<0)
{

21
src/tsg_entry.h
View File

@@ -112,6 +112,7 @@ enum TSG_FS2_TYPE{
TSG_FS2_HIT_ADDR,
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_SHAPING,
TSG_FS2_EXCLUSION,
TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT,
@@ -184,6 +185,7 @@ enum BRIDGE_TYPE
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_NOTIFY_FLAGS,
BRIDGE_TYPE_NOTIFY_SHAPING_RESULT,
BRIDGE_TYPE_MAX
};
@@ -216,9 +218,25 @@ struct l7_protocol
UT_hash_handle hh2; /* handle for second hash table */
};
struct policy_priority_label
{
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
int domain_len;
int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
int security_result_num;
union
{
char *http_url;
char *quic_ua;
void *para;
};
char domain[MAX_DOMAIN_LEN];
Maat_rule_t security_result[MAX_RESULT_NUM];
};
struct fqdn_category
{
int ref_cnt;
int ref_cnt;
unsigned int category_id;
};
@@ -342,6 +360,7 @@ typedef struct tsg_para
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int priority_project_id;
int shaping_project_id;
int session_attribute_project_id;
int context_project_id;
int tcpall_project_id;

28
src/tsg_rule.cpp
View File

@@ -2247,9 +2247,9 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
priority_label->proto=proto;
priority_label->result_num=1;
priority_label->security_result_num=1;
priority_label->result_type=result_type;
memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t));
int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
if(ret<0)
@@ -2259,8 +2259,8 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
RLOG_LV_FATAL,
"PROJECT_ADD",
"Add policy_priority_label failed, policy, policy_id: %d action: %d addr: %s",
priority_label->result[0].config_id,
(unsigned char)priority_label->result[0].action,
priority_label->security_result[0].config_id,
(unsigned char)priority_label->security_result[0].action,
PRINTADDR(a_stream, g_tsg_para.level)
);
return -1;
@@ -2270,14 +2270,26 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
RLOG_LV_DEBUG,
"COPY_RESULT",
"Hit policy, policy_id: %d action: %d addr: %s",
priority_label->result[0].config_id,
(unsigned char)priority_label->result[0].action,
priority_label->security_result[0].config_id,
(unsigned char)priority_label->security_result[0].action,
PRINTADDR(a_stream, g_tsg_para.level)
);
return 0;
}
int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
if(shaping_label!=NULL && result!=NULL && result_num>0)
{
int num=MIN(shaping_label->shaping_result_num, result_num);
memcpy(result, shaping_label->shaping_result, num*sizeof(Maat_rule_t));
return num;
}
return 0;
}
int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info)
{
@@ -2289,8 +2301,8 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
{
if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT))
{
num=MIN(label->result_num, result_num);
memcpy(result, label->result, num*sizeof(Maat_rule_t));
num=MIN(label->security_result_num, result_num);
memcpy(result, label->security_result, num*sizeof(Maat_rule_t));
if(label->domain_len>0)
{

41
src/tsg_send_log.cpp
View File

@@ -1209,6 +1209,17 @@ struct TLD_handle_t *TLD_create(int thread_id)
return _handle;
}
int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff_len)
{
StringBuffer sb(0, 2048);
Writer<StringBuffer> writer(sb);
_handle->document->Accept(writer);
memcpy(buff, sb.GetString(), MIN(sb.GetSize(), buff_len));
return 1;
}
static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
@@ -1326,6 +1337,27 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T
return 0;
}
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
if(shaping_label==NULL)
{
return 0;
}
int offset=0;
char shaping_rule_ids[512]={0};
for(int i=0; i<shaping_label->shaping_result_num; i++)
{
offset+=snprintf(shaping_rule_ids+offset, sizeof(shaping_rule_ids)-offset, "%d,", shaping_label->shaping_result[i].config_id);
}
shaping_rule_ids[offset-1]='\0';
TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING);
return 1;
}
static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
{
int ret=0;
@@ -2082,7 +2114,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
if(_instance->mode==CLOSE)
{
TLD_cancel(handle);
TLD_cancel(handle);
FS_operate(_instance->fs2_handle, _instance->sum_line_id, _instance->fs2_field_id[LOG_COLUMN_STATUS_DROP], FS_OP_ADD, 1);
MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log.");
return 0;
@@ -2108,6 +2140,11 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG);
set_application_behavior(_instance, _handle, log_msg->a_stream);
if(log_msg->result[i].service_id==2 && log_msg->a_stream!=NULL) // stream of intercept is NULL
{
set_shaping_rule_ids(_instance, _handle, log_msg->a_stream);
}
for(i=0;i<log_msg->result_num; i++)
{
@@ -2170,7 +2207,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
);
continue;
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(log_msg->result[i].config_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);

1
src/tsg_send_log_internal.h
View File

@@ -134,6 +134,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_TRAFFIC_VSYSTEM_ID,
LOG_COMMON_APP_FULL_PATH,
LOG_COMMON_FLAGS,
LOG_COMMON_SHAPING_RULE_IDS,
LOG_COMMON_MAX
}tsg_log_field_id_t;

89
src/tsg_variable.cpp Normal file
View File

@@ -0,0 +1,89 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <sys/time.h>
#include <unistd.h>
#include "tsg_variable.h"
g_tsg_para_t g_tsg_para;
id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
{0, TSG_FS2_UDP_LINKS, "udp_links"},
{0, TSG_FS2_BYPASS, "bypass"},
{0, TSG_FS2_HIT_ADDR, "hit_addr"},
{0, TSG_FS2_HIT_SHARE, "hit_share"},
{0, TSG_FS2_INTERCEPT, "intercept"},
{0, TSG_FS2_SHAPING, "shaping"},
{0, TSG_FS2_EXCLUSION, "exclusion"},
{0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
{0, TSG_FS2_APP_Q_RESULT, "Q_result"},
{0, TSG_FS2_APP_USER_RESULT, "U_result"},
{0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"},
{0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
{0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
{0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
{0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
{0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
{0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
{0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
{0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"},
{0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"},
{0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"},
{0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"},
{0, TSG_FS2_ASN_ADD, "asn_add"},
{0, TSG_FS2_ASN_DEL, "asn_del"},
{0, TSG_FS2_GTPC_ADD, "gtpc_add"},
{0, TSG_FS2_GTPC_DEL, "gtpc_del"},
{0, TSG_FS2_LOCATION_ADD, "location_add"},
{0, TSG_FS2_LOCATION_DEL, "location_del"},
{0, TSG_FS2_FQDN_ADD, "fqdn_add"},
{0, TSG_FS2_FQDN_DEL, "fqdn_del"},
{0, TSG_FS2_SUBSCRIBER_ADD, "subscriber_add"},
{0, TSG_FS2_SUBSCRIBER_DEL, "subscriber_del"},
{0, TSG_FS2_SECURIRY_ADD, "security_add"},
{0, TSG_FS2_SECURIRY_DEL, "security_del"},
{0, TSG_FS2_MIRRORED_ADD, "mirrored_add"},
{0, TSG_FS2_MIRRORED_DEL, "mirrored_del"},
{0, TSG_FS2_HTTP_RES_ADD, "http_res_add"},
{0, TSG_FS2_HTTP_RES_DEL, "http_res_del"},
{0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"},
{0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"},
{0, TSG_FS2_APP_ID_ADD, "app_id_add"},
{0, TSG_FS2_APP_ID_DEL, "app_id_del"},
{0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"},
{0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"},
{0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"},
{0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"},
{0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"},
{0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"}
};
id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
{PROTO_IPv4, 0, "IPV4"},
{PROTO_IPv6, 0, "IPV6"},
{PROTO_TCP, 0, "TCP"},
{PROTO_UDP, 0, "UDP"},
{PROTO_HTTP, 0, "HTTP"},
{PROTO_MAIL, 0, "MAIL"},
{PROTO_DNS, 0, "DNS"},
{PROTO_FTP, 0, "FTP"},
{PROTO_SSL, 0, "SSL"},
{PROTO_SIP, 0, "SIP"},
{PROTO_BGP, 0, "BGP"},
{PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
{PROTO_QUIC, 0, "QUIC"},
{PROTO_SSH, 0, "SSH"},
{PROTO_SMTP, 0, "SMTP"},
{PROTO_IMAP, 0, "IMAP"},
{PROTO_POP3, 0, "POP3"},
{PROTO_RTP, 0, "RTP"},
{PROTO_APP, 0, "BASE"},
{PROTO_L2TP, 0, "L2TP"},
{PROTO_PPTP, 0, "PPTP"},
{PROTO_STRATUM, 0, "Stratum"},
{PROTO_RDP, 0, "RDP"},
{PROTO_DTLS, 0, "DTLS"}
};

69
src/tsg_variable.h Normal file
View File

@@ -0,0 +1,69 @@
#pragma once
struct reset_argv
{
int pkt_num;
int seed1;
int seed2;
int th_flags;
int dir;
int remedy;
};
#define _MAX_TABLE_NAME_LEN 64
typedef struct tsg_para
{
int level;
short mirror_switch;
unsigned short timeout;
int dynamic_maat_switch;
int location_field_num;
int app_dict_field_num;
int device_seq_in_dc;
int datacenter_id;
int scan_signaling_switch;
int hash_timeout;
int hash_slot_size;
int hash_thread_safe;
int feature_tamper;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int identify_app_max_pkt_num;
int unknown_app_id;
int hit_path_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int priority_project_id;
int shaping_project_id;
int session_attribute_project_id;
int context_project_id;
int tcpall_project_id;
int gather_app_project_id;
int bridge_id[BRIDGE_TYPE_MAX];
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOMAIN_LEN/8];
char log_path[MAX_DOMAIN_LEN/8];
char device_id_command[MAX_DOMAIN_LEN/8];
char data_center[_MAX_TABLE_NAME_LEN];
char device_tag[MAX_DOMAIN_LEN/2];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
void *logger;
void *maat_logger;
struct reset_argv reset;
struct mirrored_vlan default_vlan;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
struct traffic_mirror *mirror_handle;
ctemplate::Template *tpl_403,*tpl_404;
ctemplate::Template *tpl_200,*tpl_204;
ctemplate::Template *tpl_303;
}g_tsg_para_t;
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
extern id2field_t g_tsg_proto_name2id[PROTO_MAX];