支持拼接app_name和parent_app_name字符串

修正配置文件
2021-05-11 17:19:41 +08:00
parent 301d13a790
commit ce7120dd6e
13 changed files with 193 additions and 175 deletions
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1400,7 +1400,6 @@ extern "C" int TSG_MASTER_INIT()

 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "ENTRANCE_ID", &g_tsg_para.entrance_id, 0);
 	MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
-	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "MAIL_PROTOCOL_ID",&(g_tsg_para.mail_proto_id), 110);	
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 5);

 	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL);
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -108,7 +108,6 @@ struct l7_protocol
    UT_hash_handle hh2;        /* handle for second hash table */
 };

-
 struct _fqdn_category_t
 {
 	int ref_cnt;	
@@ -132,7 +131,6 @@ struct master_context
 typedef	struct _tsg_para
 {
 	int level;	
-	int mail_proto_id;
 	unsigned short timeout;
 	int app_id_table_type;
 	int device_id;
@@ -247,6 +245,9 @@ typedef	struct _tsg_statistic

 int tsg_statistic_init(const char *conffile, void *logger);

+//parent_app_name.app_name
+int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
+
 void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
 void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
 void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
@@ -255,12 +256,7 @@ void security_compile_free(int idx, const struct Maat_rule_t* rule, const char*
 struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
 int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
 int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num,  scan_status_t *mid, int table_id, int thread_seq);
-int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq);
 int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
 int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq);
-int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq);
-unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name);
-char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id);
-

 #endif
--- a/src/tsg_rule.cpp
+++ b/src/tsg_rule.cpp
@@ -448,9 +448,11 @@ static void app_id_dict_new_data(int table_id, const char* key, const char* tabl
 	app_id_dict=(struct app_id_dict_table *)calloc(1, sizeof(struct app_id_dict_table));
 	
 	ret=sscanf(table_line,
-				"%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d",
+				"%d\t%s\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d",
 				&app_id_dict->app_id, 
 				app_id_dict->app_name,
+				&app_id_dict->parent_app_id, 
+				app_id_dict->parent_app_name,
 				app_id_dict->category, 
 				app_id_dict->subcategroy, 
 				app_id_dict->technology,
@@ -465,7 +467,7 @@ static void app_id_dict_new_data(int table_id, const char* key, const char* tabl
 				&app_id_dict->tcp_half_close,
 				&app_id_dict->tcp_time_wait, 
 				&app_id_dict->is_valid);
-	if(ret!=16)
+	if(ret!=18)
 	{
 		free(app_id_dict);
 		app_id_dict=NULL;
@@ -483,6 +485,7 @@ static void app_id_dict_new_data(int table_id, const char* key, const char* tabl

 	atomic_inc(&app_id_dict->ref_cnt);
 	eliminate_default_value(app_id_dict->app_name);
+	eliminate_default_value(app_id_dict->parent_app_name);
 	eliminate_default_value(app_id_dict->category);
 	eliminate_default_value(app_id_dict->subcategroy);
 	eliminate_default_value(app_id_dict->technology);
@@ -1613,3 +1616,36 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea

 	return 0;
 }
+
+
+int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent)
+{
+	int offset=0;
+	char app_id_buff[128]={0};
+	struct app_id_dict_table *dict=NULL;
+
+	if(app_id<=0 || app_name==NULL || app_name_len<=0)
+	{
+		return offset;
+	}
+
+	snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id);
+	dict=(struct app_id_dict_table *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
+	if(dict!=NULL)
+	{
+		if(dict->parent_app_id!=0)
+		{		
+			offset=snprintf(app_name, app_name_len, "%s.%s", dict->parent_app_name, dict->app_name);
+		}
+		else
+		{
+			offset=snprintf(app_name, app_name_len, "%s", dict->app_name);
+		}
+		
+		app_id_dict_free_data(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
+
+		return offset;
+	}
+
+	return offset;
+}
--- a/src/tsg_send_log.cpp
+++ b/src/tsg_send_log.cpp
@@ -291,7 +291,7 @@ static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_ha
 	
 	for(i=0; i< category_id_num; i++)
 	{
-		offset+=snprintf(category_str+offset, sizeof(category_str)-offset, "%d,", category_id[i]);
+		offset+=snprintf(category_str+offset, sizeof(category_str)-offset, "%s%d", ((i>0) ? "," : ""), category_id[i]);
 	}

 	if(offset>0)
@@ -360,10 +360,24 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
 	return 1;
 }

-static int get_app_id_list(struct app_identify_result *result, char *app_list, int app_list_len, char *surrogate_list, int surrogate_list_len, int *flag)
+static int get_app_id_list(struct app_identify_result *result, char *app_list, int app_list_len, char *surrogate_list, int surrogate_list_len)
 {
 	int i=0;
 	int offset1=0,offset2=0;
+	
+	for(i=0; i<result->app_id_num; i++)
+	{
+		offset1+=snprintf(app_list+offset1, app_list_len-offset1, "APP%d=%d;", result->origin, result->app_id[i]);
+		offset2+=snprintf(surrogate_list+offset2, surrogate_list_len-offset2, "SURROGATE%d=%d;", result->origin, result->surrogate_id[i]);
+	}
+
+	return 1;
+}
+
+static int get_app_name_list(struct app_identify_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
+{
+	int i=0;
+	int offset=0;

 	if((*flag)==1)
 	{
@@ -373,8 +387,14 @@ static int get_app_id_list(struct app_identify_result *result, char *app_list, i
 	for(i=0; i<result->app_id_num; i++)
 	{
 		(*flag)=1;
-		offset1+=snprintf(app_list+offset1, app_list_len-offset1, "%d;", result->app_id[i]);
-		offset2+=snprintf(surrogate_list+offset2, surrogate_list_len-offset2, "%d;", result->surrogate_id[i]);
+
+		if(i>0 && offset>0 && (app_name_len-offset)>0)
+		{
+			app_name[offset]='.';
+			offset++;
+		}
+		
+		offset+=tsg_app_id2name(result->app_id[i], app_name+offset, app_name_len-offset, is_joint_parent);
 	}

 	return 1;
@@ -383,37 +403,56 @@ static int get_app_id_list(struct app_identify_result *result, char *app_list, i
 static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
 	int app_id_flag=0;
+	int app_offset=0;
+	int surrogate_offset=0;
 	int l7_protocol_flag=0;
-	char app_list[256]={0};
+	char app_list[512]={0};
+	char app_name[512]={0};
 	char protocol_list[256]={0};
-	char surrogate_list[256]={0};
+	char surrogate_list[512]={0};
 	struct gather_app_result *label=NULL;
 	
 	label=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
-	if(label!=NULL)
-	{		
-		get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
-		get_app_id_list(&(label->result[ORIGIN_USER_DEFINE]), app_list, sizeof(app_list), surrogate_list, sizeof(surrogate_list), &app_id_flag);
-		if(app_id_flag!=1)
-		{
-			get_app_id_list(&(label->result[ORIGIN_DKPT]), app_list, sizeof(app_list), surrogate_list, sizeof(surrogate_list), &app_id_flag);
-		}
+	if(label==NULL)
+	{
+		return 0;
+	}
+	
+	get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
+	if(l7_protocol_flag==1)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
+	}

-		if(app_id_flag!=1)
-		{
-			get_app_id_list(&(label->result[ORIGIN_QM_ENGINE]), app_list, sizeof(app_list), surrogate_list, sizeof(surrogate_list), &app_id_flag);
-		}
-		
-		if(app_id_flag==1)
-		{
-			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, (void *)app_list, TLD_TYPE_STRING);		
-			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_SURROGATE_ID].name, (void *)surrogate_list, TLD_TYPE_STRING);	
-		}
+	app_offset=0;
+	surrogate_offset=0;
+	get_app_id_list(&(label->result[ORIGIN_USER_DEFINE]), app_list+app_offset, sizeof(app_list)-app_offset, surrogate_list+surrogate_offset, sizeof(surrogate_list)-surrogate_offset);

-		if(l7_protocol_flag==1)
-		{
-			TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
-		}
+	app_offset=strlen(app_list);
+	surrogate_offset=strlen(surrogate_list);
+	get_app_id_list(&(label->result[ORIGIN_DKPT]), app_list+app_offset, sizeof(app_list)-app_offset, surrogate_list+surrogate_offset, sizeof(surrogate_list)-surrogate_offset);
+
+	app_offset=strlen(app_list);
+	surrogate_offset=strlen(surrogate_list);
+	get_app_id_list(&(label->result[ORIGIN_QM_ENGINE]), app_list+app_offset, sizeof(app_list)-app_offset, surrogate_list+surrogate_offset, sizeof(surrogate_list)-surrogate_offset);
+
+	get_app_name_list(&(label->result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 1);
+	if(app_id_flag!=1)
+	{
+		get_app_name_list(&(label->result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0);
+	}
+
+	if(app_id_flag!=1)
+	{
+		get_app_name_list(&(label->result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 1);
+	}
+	
+	if(app_id_flag==1)
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, (void *)app_list, TLD_TYPE_STRING);		
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_SURROGATE_ID].name, (void *)surrogate_list, TLD_TYPE_STRING);
+
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
 	}

 	return 1;
@@ -1236,11 +1275,10 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
 			set_common_sub_action(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name, &(log_msg->result[i]));
 		}
 		
-		payload = cJSON_PrintUnformatted(_handle->object);
+		payload=cJSON_PrintUnformatted(_handle->object);

-		status = rd_kafka_produce(_instance->topic_rkt[log_msg->result[i].service_id], RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, payload, strlen(payload), NULL, 0, NULL);			
-
-		if(status < 0)
+		status=rd_kafka_produce(_instance->topic_rkt[log_msg->result[i].service_id], RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, payload, strlen(payload), NULL, 0, NULL);
+		if(status<0)
 		{
 			clock_gettime(CLOCK_REALTIME, &cur_time);
 			if(cur_time.tv_sec - _instance->drop_start[thread_id].tv_sec>=1)