diff --git a/CMakeLists.txt b/CMakeLists.txt index 6d051ac..9cea789 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -49,6 +49,7 @@ install(FILES bin/tsg_static_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/ install(FILES bin/tsg_dynamic_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf COMPONENT PROFILE) install(FILES bin/tsg_log_field.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf COMPONENT PROFILE) install(FILES bin/app_l7_proto_id.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf COMPONENT PROFILE) +install(FILES bin/tsg_l7_protocol.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf COMPONENT PROFILE) install(FILES bin/tsg_maat.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf COMPONENT PROFILE) install(FILES inc/tsg_send_log.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) diff --git a/bin/app_l7_proto_id.conf b/bin/app_l7_proto_id.conf index 8c48b31..525133f 100644 --- a/bin/app_l7_proto_id.conf +++ b/bin/app_l7_proto_id.conf @@ -1,8 +1,8 @@ #TYPE:1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET #TYPE FIELD VALUE STRING UNCATEGORIZED 100 -STRING UNCATEGORIZED 101 -STRING UNKNOWN_OTHER 102 +#STRING UNCATEGORIZED 101 +#STRING UNKNOWN_OTHER 102 STRING DNS 103 STRING FTP 104 STRING FTPS 105 diff --git a/bin/maat.conf b/bin/maat.conf index ec29619..7a2ddfc 100644 --- a/bin/maat.conf +++ b/bin/maat.conf @@ -30,5 +30,21 @@ INC_CFG_DIR=tsgrule/inc/index/ FULL_CFG_DIR=tsgrule/full/index/ EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json +[APP_SIGNATURE_MAAT] +MAAT_MODE=1 +STAT_SWITCH=1 +PERF_SWITCH=1 +TABLE_INFO=tsgconf/app_sketch_tableinfo.conf +STAT_FILE=app_sketch_maat.status +EFFECT_INTERVAL_S=1 +REDIS_IP=127.0.0.1 +REDIS_PORT_NUM=1 +REDIS_PORT=7002 +REDIS_INDEX=0 +JSON_CFG_FILE=tsgconf/app_sketch_maat.json +INC_CFG_DIR=tsgrule/inc/index/ +FULL_CFG_DIR=tsgrule/full/index/ +EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json + [MAAT] ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"device_1"}]} diff --git a/bin/main.conf b/bin/main.conf index 2e9e042..25e85d7 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -1,35 +1,40 @@ [MAAT] -PROFILE=./tsgconf/maat.conf -IP_ADDR_TABLE=TSG_SECURITY_ADDR -SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID -CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP +PROFILE="./tsgconf/maat.conf" +IP_ADDR_TABLE="TSG_SECURITY_ADDR" +SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID" +CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP" [TSG_LOG] MODE=1 -NIC_NAME=lo +NIC_NAME="lo" LOG_LEVEL=10 -LOG_PATH=./tsglog/tsglog -BROKER_LIST=127.0.0.1:9092 -COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf +LOG_PATH="./tsglog/tsglog" +BROKER_LIST="127.0.0.1:9092" +COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf" [STATISTIC] CYCLE=30 TELEGRAF_PORT=8100 -TELEGRAF_IP=127.0.0.1 -OUTPUT_PATH=./tsg_statistic.log -APP_NAME=statistic +TELEGRAF_IP="127.0.0.1" +OUTPUT_PATH="./tsg_statistic.log" +APP_NAME="statistic" [FIELD_STAT] CYCLE=30 TELEGRAF_PORT=8125 -TELEGRAF_IP=127.0.0.1 -OUTPUT_PATH=./tsg_stat.log -APP_NAME=tsg_master +TELEGRAF_IP="127.0.0.1" +OUTPUT_PATH="./tsg_stat.log" +APP_NAME="tsg_master" [SYSTEM] ENTRANCE_ID=18 LOG_LEVEL=10 -LOG_PATH=./tsglog/tsg_master -POLICY_PRIORITY_LABEL=POLICY_PRIORITY +SCAN_TIME_INTERVAL=5 +DEFAULT_POLICY_ID=0 +DEFAULT_POLICY_SWITCH=0 +LOG_PATH="./tsglog/tsg_master" +APP_BRIDGE_NAME="APP_BRIDGE" +POLICY_PRIORITY_LABEL="POLICY_PRIORITY" L7_RPTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf" -DEVICE_ID_COMMAND=hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}' \ No newline at end of file +DEVICE_SN_FILENAME="/opt/tsg/etc/tsg_sn.json" +DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'" \ No newline at end of file diff --git a/bin/tsg_l7_protocol.conf b/bin/tsg_l7_protocol.conf index 9c287c1..7b53843 100644 --- a/bin/tsg_l7_protocol.conf +++ b/bin/tsg_l7_protocol.conf @@ -1,8 +1,8 @@ #TYPE:1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET #TYPE FIELD VALUE STRING UNCATEGORIZED 15001 -STRING UNCATEGORIZED 15002 -STRING UNKNOWN_OTHER 15003 +#STRING UNCATEGORIZED 15002 +#STRING UNKNOWN_OTHER 15003 STRING DNS 32 STRING FTP 45 STRING FTPS 751 @@ -52,4 +52,4 @@ STRING BJNP 2481 STRING LDAP 100 STRING RTMP 337 STRING RTSP 176 -STRING ESNI 15009 +STRING ESNI 8008 diff --git a/bin/tsg_maat.json b/bin/tsg_maat.json index b8bbdb2..1d2db87 100644 --- a/bin/tsg_maat.json +++ b/bin/tsg_maat.json @@ -1,33 +1,34 @@ { "compile_table": "TSG_SECURITY_COMPILE", - "group_table": "GROUP_COMPILE_RELATION", + "group2compile_table": "GROUP_COMPILE_RELATION", + "group2group_table": "GROUP_GROUP_RELATION", "rules": [ - { - "compile_id": 1, + { + "compile_id": 2, "service": 0, - "action": 128, + "action": 1, "do_blacklist": 0, "do_log": 1, "effective_rage": 0, - "user_region": "anything", + "user_region": "Virtual", "is_valid": "yes", "groups": [ { - "group_name": "IP_ADDR_1", + "group_name":"OBJ_DST_IP_ADDR", + "virtual_table":"TSG_SECURITY_SOURCE_ADDR", + "not_flag" : 0, "regions": [ - { - "table_name": "TSG_OBJ_IP_ADDR", + { "table_type": "ip_plus", + "table_name": "TSG_OBJ_IP_ADDR", "table_content": { "addr_type": "ipv4", - "src_ip": "192.168.100.5", - "mask_src_ip": "255.255.255.255", - "src_port": "0", - "mask_src_port": "65535", - "dst_ip": "0.0.0.0", - "mask_dst_ip": "255.255.255.255", - "dst_port": "0", - "mask_dst_port": "65535", + "saddr_format": "range", + "src_ip1": "192.168.41.228", + "src_ip2": "192.168.41.228", + "sport_format": "range", + "src_port1": "0", + "src_port2": "0", "protocol": 6, "direction": "double" } @@ -35,116 +36,36 @@ ] }, { - "group_name": "IP_ADDR_2", + "group_name": "HTTP_APP_ID", "regions": [ { - "table_name": "TSG_OBJ_IP_ADDR", - "table_type": "ip_plus", + "table_name": "TSG_OBJ_APP_ID", + "table_type": "intval", "table_content": { - "addr_type": "ipv4", - "src_ip": "192.168.50.37", - "mask_src_ip": "255.255.255.255", - "src_port": "0", - "mask_src_port": "65535", - "dst_ip": "0.0.0.0", - "mask_dst_ip": "255.255.255.255", - "dst_port": "0", - "mask_dst_port": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - }, - { - "group_name": "ASN", - "regions": [ - { - "table_name": "TSG_OBJ_AS_NUMBER", - "table_type": "expr", - "table_content": { - "keywords": "101", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "low_boundary": 106, + "up_boundary": 106 } }, - { - "table_name": "TSG_OBJ_AS_NUMBER", - "table_type": "expr", + { + "table_name": "TSG_OBJ_APP_ID", + "table_type": "intval", "table_content": { - "keywords": "102", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "low_boundary": 67, + "up_boundary": 67 } } ] - }, - { - "group_name": "LOCATION", - "regions": [ - { - "table_name": "TSG_OBJ_GEO_LOCATION", - "table_type": "expr", - "table_content": { - "keywords": "China", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 5, - "service": 0, - "action": 128, - "do_blacklist": 0, - "do_log": 1, - "effective_rage": 0, - "user_region": "anything", - "is_valid": "yes", - "groups": [ - { - "group_name":"IP_ADDR_1", - "virtual_table":"TSG_SECURITY_SOURCE_ADDR", - "not_flag":0 - }, - { - "group_name":"IP_ADDR_2", - "virtual_table":"TSG_SECURITY_DESTINATION_ADDR", - "not_flag":0 - }, - { - "group_name":"ASN", - "virtual_table":"TSG_SECURITY_SOURCE_ASN", - "not_flag":0 - }, - { - "group_name":"LOCATION", - "virtual_table":"TSG_SECURITY_DESTINATION_LOCATION", - "not_flag":0 } ] } ], "plugin_table": [ { - "table_name": "TSG_IP_ASN_USER_DEFINED", + "table_name": "APP_ID_DICT", "table_content": [ - "101\t4\t192.168.50.1\t192.168.50.255\t101\tmesa\t1", - "102\t4\t192.168.100.1\t192.168.100.255\t102\tgeedge\t1" - ] - }, - { - "table_name": "TSG_IP_LOCATION_USER_DEFINED", - "table_content": [ - "201\t20100\t4\t192.168.50.1\t192.168.50.255\t11.12\t11.12\t0\ten\tAS\tAsia\tCN\tChina\tBJ\tBeijing\tBeijing\tAsia/Singapore\t1", - "202\t20200\t4\t192.168.100.1\t192.168.100.255\t11.12\t11.12\t0\ten\tAS\tAsia\tCN\tChina\tSH\tShanghai\tShanghai\tAsia/Singapore\t1" + "20002\tUSER_DEFINE\t20000\tparent_name\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1", + "20001\tWhatsApp_video\t20000\tWhatsApp\tcategory\tsubcategory\ttechnology\trisk\tcharacteristics\tnull\tnull\t1\t0\t3600\t3600\t1800\t1800\t1" ] } - ] + ] } diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index ed336e2..ca3861b 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -72,4 +72,4 @@ 60 APP_SELECTOR_ID intval UTF8 UTF8 yes 0 61 TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION virtual TSG_OBJ_ACCOUNT -- 62 TSG_FIELD_SIP_RESPONDER_DESCRIPTION virtual TSG_OBJ_ACCOUNT -- -63 APP_ID_DICT plugin {"key":1,"valid":16} \ No newline at end of file +63 APP_ID_DICT plugin {"key":1,"valid":18} \ No newline at end of file diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 74d6f34..d412db1 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -55,6 +55,7 @@ struct app_id_dict_table { int ref_cnt; int app_id; + int parent_app_id; int deny_action; int continue_scanning; int tcp_timeout; @@ -64,6 +65,7 @@ struct app_id_dict_table int is_valid; char risk[MAX_APP_ID_PROPERTY_LEN*4]; char app_name[MAX_APP_ID_PROPERTY_LEN]; + char parent_app_name[MAX_APP_ID_PROPERTY_LEN]; char category[MAX_APP_ID_PROPERTY_LEN*4]; char subcategroy[MAX_APP_ID_PROPERTY_LEN*4]; char technology[MAX_APP_ID_PROPERTY_LEN*4]; @@ -85,5 +87,7 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); int tsg_get_method_id(char *method); int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq); +int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq); +int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq); #endif diff --git a/inc/tsg_send_log.h b/inc/tsg_send_log.h index f0c6dc8..50b2090 100644 --- a/inc/tsg_send_log.h +++ b/inc/tsg_send_log.h @@ -36,5 +36,7 @@ int TLD_cancel(struct TLD_handle_t *handle); int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id); unsigned long long tsg_get_stream_id(struct streaminfo *a_stream); +char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id); +unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name); #endif diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 7a4d786..790771f 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1400,7 +1400,6 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "ENTRANCE_ID", &g_tsg_para.entrance_id, 0); MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "MAIL_PROTOCOL_ID",&(g_tsg_para.mail_proto_id), 110); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 5); MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL); diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 1da3a8f..3f0ee07 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -108,7 +108,6 @@ struct l7_protocol UT_hash_handle hh2; /* handle for second hash table */ }; - struct _fqdn_category_t { int ref_cnt; @@ -132,7 +131,6 @@ struct master_context typedef struct _tsg_para { int level; - int mail_proto_id; unsigned short timeout; int app_id_table_type; int device_id; @@ -247,6 +245,9 @@ typedef struct _tsg_statistic int tsg_statistic_init(const char *conffile, void *logger); +//parent_app_name.app_name +int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent); + void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); @@ -255,12 +256,7 @@ void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq); int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq); -int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq); int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq); int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq); -int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq); -unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name); -char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id); - #endif diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 9dda5cf..b27849d 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -448,9 +448,11 @@ static void app_id_dict_new_data(int table_id, const char* key, const char* tabl app_id_dict=(struct app_id_dict_table *)calloc(1, sizeof(struct app_id_dict_table)); ret=sscanf(table_line, - "%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d", + "%d\t%s\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d", &app_id_dict->app_id, app_id_dict->app_name, + &app_id_dict->parent_app_id, + app_id_dict->parent_app_name, app_id_dict->category, app_id_dict->subcategroy, app_id_dict->technology, @@ -465,7 +467,7 @@ static void app_id_dict_new_data(int table_id, const char* key, const char* tabl &app_id_dict->tcp_half_close, &app_id_dict->tcp_time_wait, &app_id_dict->is_valid); - if(ret!=16) + if(ret!=18) { free(app_id_dict); app_id_dict=NULL; @@ -483,6 +485,7 @@ static void app_id_dict_new_data(int table_id, const char* key, const char* tabl atomic_inc(&app_id_dict->ref_cnt); eliminate_default_value(app_id_dict->app_name); + eliminate_default_value(app_id_dict->parent_app_name); eliminate_default_value(app_id_dict->category); eliminate_default_value(app_id_dict->subcategroy); eliminate_default_value(app_id_dict->technology); @@ -1613,3 +1616,36 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea return 0; } + + +int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent) +{ + int offset=0; + char app_id_buff[128]={0}; + struct app_id_dict_table *dict=NULL; + + if(app_id<=0 || app_name==NULL || app_name_len<=0) + { + return offset; + } + + snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id); + dict=(struct app_id_dict_table *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + if(dict!=NULL) + { + if(dict->parent_app_id!=0) + { + offset=snprintf(app_name, app_name_len, "%s.%s", dict->parent_app_name, dict->app_name); + } + else + { + offset=snprintf(app_name, app_name_len, "%s", dict->app_name); + } + + app_id_dict_free_data(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + + return offset; + } + + return offset; +} diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index c7de8bc..ab9d891 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -291,7 +291,7 @@ static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_ha for(i=0; i< category_id_num; i++) { - offset+=snprintf(category_str+offset, sizeof(category_str)-offset, "%d,", category_id[i]); + offset+=snprintf(category_str+offset, sizeof(category_str)-offset, "%s%d", ((i>0) ? "," : ""), category_id[i]); } if(offset>0) @@ -360,10 +360,24 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li return 1; } -static int get_app_id_list(struct app_identify_result *result, char *app_list, int app_list_len, char *surrogate_list, int surrogate_list_len, int *flag) +static int get_app_id_list(struct app_identify_result *result, char *app_list, int app_list_len, char *surrogate_list, int surrogate_list_len) { int i=0; int offset1=0,offset2=0; + + for(i=0; iapp_id_num; i++) + { + offset1+=snprintf(app_list+offset1, app_list_len-offset1, "APP%d=%d;", result->origin, result->app_id[i]); + offset2+=snprintf(surrogate_list+offset2, surrogate_list_len-offset2, "SURROGATE%d=%d;", result->origin, result->surrogate_id[i]); + } + + return 1; +} + +static int get_app_name_list(struct app_identify_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent) +{ + int i=0; + int offset=0; if((*flag)==1) { @@ -373,8 +387,14 @@ static int get_app_id_list(struct app_identify_result *result, char *app_list, i for(i=0; iapp_id_num; i++) { (*flag)=1; - offset1+=snprintf(app_list+offset1, app_list_len-offset1, "%d;", result->app_id[i]); - offset2+=snprintf(surrogate_list+offset2, surrogate_list_len-offset2, "%d;", result->surrogate_id[i]); + + if(i>0 && offset>0 && (app_name_len-offset)>0) + { + app_name[offset]='.'; + offset++; + } + + offset+=tsg_app_id2name(result->app_id[i], app_name+offset, app_name_len-offset, is_joint_parent); } return 1; @@ -383,37 +403,56 @@ static int get_app_id_list(struct app_identify_result *result, char *app_list, i static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { int app_id_flag=0; + int app_offset=0; + int surrogate_offset=0; int l7_protocol_flag=0; - char app_list[256]={0}; + char app_list[512]={0}; + char app_name[512]={0}; char protocol_list[256]={0}; - char surrogate_list[256]={0}; + char surrogate_list[512]={0}; struct gather_app_result *label=NULL; label=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id); - if(label!=NULL) - { - get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag); - get_app_id_list(&(label->result[ORIGIN_USER_DEFINE]), app_list, sizeof(app_list), surrogate_list, sizeof(surrogate_list), &app_id_flag); - if(app_id_flag!=1) - { - get_app_id_list(&(label->result[ORIGIN_DKPT]), app_list, sizeof(app_list), surrogate_list, sizeof(surrogate_list), &app_id_flag); - } + if(label==NULL) + { + return 0; + } + + get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag); + if(l7_protocol_flag==1) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING); + } - if(app_id_flag!=1) - { - get_app_id_list(&(label->result[ORIGIN_QM_ENGINE]), app_list, sizeof(app_list), surrogate_list, sizeof(surrogate_list), &app_id_flag); - } - - if(app_id_flag==1) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, (void *)app_list, TLD_TYPE_STRING); - TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_SURROGATE_ID].name, (void *)surrogate_list, TLD_TYPE_STRING); - } + app_offset=0; + surrogate_offset=0; + get_app_id_list(&(label->result[ORIGIN_USER_DEFINE]), app_list+app_offset, sizeof(app_list)-app_offset, surrogate_list+surrogate_offset, sizeof(surrogate_list)-surrogate_offset); - if(l7_protocol_flag==1) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING); - } + app_offset=strlen(app_list); + surrogate_offset=strlen(surrogate_list); + get_app_id_list(&(label->result[ORIGIN_DKPT]), app_list+app_offset, sizeof(app_list)-app_offset, surrogate_list+surrogate_offset, sizeof(surrogate_list)-surrogate_offset); + + app_offset=strlen(app_list); + surrogate_offset=strlen(surrogate_list); + get_app_id_list(&(label->result[ORIGIN_QM_ENGINE]), app_list+app_offset, sizeof(app_list)-app_offset, surrogate_list+surrogate_offset, sizeof(surrogate_list)-surrogate_offset); + + get_app_name_list(&(label->result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 1); + if(app_id_flag!=1) + { + get_app_name_list(&(label->result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0); + } + + if(app_id_flag!=1) + { + get_app_name_list(&(label->result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 1); + } + + if(app_id_flag==1) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, (void *)app_list, TLD_TYPE_STRING); + TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_SURROGATE_ID].name, (void *)surrogate_list, TLD_TYPE_STRING); + + TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING); } return 1; @@ -1236,11 +1275,10 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl set_common_sub_action(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name, &(log_msg->result[i])); } - payload = cJSON_PrintUnformatted(_handle->object); + payload=cJSON_PrintUnformatted(_handle->object); - status = rd_kafka_produce(_instance->topic_rkt[log_msg->result[i].service_id], RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, payload, strlen(payload), NULL, 0, NULL); - - if(status < 0) + status=rd_kafka_produce(_instance->topic_rkt[log_msg->result[i].service_id], RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, payload, strlen(payload), NULL, 0, NULL); + if(status<0) { clock_gettime(CLOCK_REALTIME, &cur_time); if(cur_time.tv_sec - _instance->drop_start[thread_id].tv_sec>=1)