TSG-9152,TSG-8537,TSG-9153: 总控支持与原始包处理插件交互mirror和capture信息,命中监测策略镜像流量到第三方逻辑从tsg_master总控分离
This commit is contained in:
liuxueli
@@ -4,6 +4,8 @@
|
||||
#define MAX_CATEGORY_ID_NUM 8
|
||||
#define MAX_STR_FIELD_LEN 64
|
||||
|
||||
#define MAX_VLAN_ID_NUM 32
|
||||
|
||||
#define MAX_RESULT_NUM 8
|
||||
#define MAX_DOMAIN_LEN 2048
|
||||
|
||||
@@ -104,4 +106,42 @@ struct tsg_conn_sketch_notify_data
|
||||
};
|
||||
|
||||
|
||||
enum NOTIFY_TYPE
|
||||
{
|
||||
NOTIFY_TYPE_MIRRORED=0,
|
||||
NOTIFY_TYPE_CAPTURE,
|
||||
NOTIFY_TYPE_MAX
|
||||
};
|
||||
|
||||
struct mirrored_vlan
|
||||
{
|
||||
int num;
|
||||
int id[MAX_VLAN_ID_NUM];
|
||||
};
|
||||
|
||||
struct mirrored_stat
|
||||
{
|
||||
long bytes;
|
||||
long packets;
|
||||
int compile_id;
|
||||
};
|
||||
|
||||
struct tsg_notify_data
|
||||
{
|
||||
int compile_id;
|
||||
enum NOTIFY_TYPE type;
|
||||
union
|
||||
{
|
||||
int capture_depth;
|
||||
struct mirrored_vlan *vlan;
|
||||
};
|
||||
};
|
||||
|
||||
struct tsg_notify_execution_result
|
||||
{
|
||||
int stat_mirrored_cnt;
|
||||
char *capture_packet_path;
|
||||
struct mirrored_stat stat_mirrored[MAX_RESULT_NUM];
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
@@ -2,8 +2,7 @@ cmake_minimum_required(VERSION 2.8)
|
||||
|
||||
add_definitions(-fPIC)
|
||||
|
||||
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_traffic_mirror.cpp tsg_send_raw_packet.cpp tsg_action.cpp
|
||||
tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp)
|
||||
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp)
|
||||
|
||||
include_directories(${CMAKE_SOURCE_DIR}/inc)
|
||||
include_directories(/opt/MESA/include/MESA/)
|
||||
|
||||
@@ -552,12 +552,9 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
|
||||
|
||||
static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet)
|
||||
{
|
||||
if(user_region != NULL){
|
||||
if(user_region->drop_para != NULL){
|
||||
if(user_region->drop_para->send_icmp_unreachable_enable){
|
||||
send_icmp_unreachable(a_stream, a_packet);
|
||||
}
|
||||
}
|
||||
if(user_region!=NULL && user_region->deny!=NULL && user_region->deny->type==TSG_DENY_TYPE_SEND_ICMP)
|
||||
{
|
||||
send_icmp_unreachable(a_stream, a_packet);
|
||||
}
|
||||
|
||||
switch(protocol)
|
||||
@@ -580,8 +577,14 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat
|
||||
{
|
||||
struct tcpall_context *context=NULL;
|
||||
struct leaky_bucket *bucket=create_bucket(user_region->deny->bps, a_stream->threadnum);
|
||||
tsg_set_bucket_to_tcpall(a_stream, &context, bucket, a_stream->threadnum);
|
||||
|
||||
int ret=tsg_set_bucket_to_tcpall(a_stream, &context, bucket, a_stream->threadnum);
|
||||
if(ret==0)
|
||||
{
|
||||
destroy_bucket(&bucket, a_stream->threadnum);
|
||||
bucket=NULL;
|
||||
}
|
||||
|
||||
set_ratelimit_flag(a_stream);
|
||||
|
||||
context=NULL;
|
||||
|
||||
@@ -476,9 +476,9 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
|
||||
log_msg.result=p_result;
|
||||
log_msg.result_num=result_num;
|
||||
|
||||
if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.share_bridge_id>=0)
|
||||
if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.recv_notification_data_bridge_id>=0)
|
||||
{
|
||||
notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.share_bridge_id);
|
||||
notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.recv_notification_data_bridge_id);
|
||||
if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL)
|
||||
{
|
||||
TLD_handle = TLD_duplicate(notify->pdata.TLD_handle);
|
||||
@@ -633,10 +633,6 @@ static void free_tcpall_label(int thread_seq, void *project_req_value)
|
||||
{
|
||||
switch(context->method_type)
|
||||
{
|
||||
case TSG_METHOD_TYPE_MIRRORED:
|
||||
dictator_free(thread_seq, (void *)(context->vlan));
|
||||
context->vlan=NULL;
|
||||
break;
|
||||
case TSG_METHOD_TYPE_RATE_LIMIT:
|
||||
destroy_bucket(&(context->bucket), thread_seq);
|
||||
break;
|
||||
@@ -1734,13 +1730,11 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
|
||||
static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet)
|
||||
{
|
||||
int ret=0,hit_num=0;
|
||||
int vlan_num=0;
|
||||
int eth_rawpkt_len=0;
|
||||
scan_status_t scan_mid=NULL;
|
||||
struct Maat_rule_t *p_result=NULL;
|
||||
unsigned char state=APP_STATE_GIVEME;
|
||||
struct Maat_rule_t result[MAX_RESULT_NUM]={0};
|
||||
struct mirrored_vlan vlan[MAX_RESULT_NUM]={0};
|
||||
struct tcpall_context *context=(struct tcpall_context *)(*pme);
|
||||
|
||||
switch(stream_state)
|
||||
@@ -1757,15 +1751,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
master_send_log(a_stream, p_result, 1, NULL, thread_seq);
|
||||
break;
|
||||
case TSG_ACTION_MONITOR:
|
||||
vlan_num=tsg_get_vlan_id_by_monitor_rule(g_tsg_maat_feather, result, hit_num, vlan, MAX_RESULT_NUM);
|
||||
ret=tsg_set_vlan_id_to_tcpall(a_stream, (struct tcpall_context**)pme, vlan, vlan_num, thread_seq);
|
||||
if(ret<=0)
|
||||
{
|
||||
Maat_clean_status(&scan_mid);
|
||||
scan_mid=NULL;
|
||||
return state;
|
||||
}
|
||||
context=(struct tcpall_context*)(*pme);
|
||||
tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
@@ -1789,9 +1775,6 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
||||
{
|
||||
switch(context->method_type)
|
||||
{
|
||||
case TSG_METHOD_TYPE_MIRRORED:
|
||||
tsg_send_raw_packet(a_stream, context->vlan, context->vlan_num, thread_seq);
|
||||
break;
|
||||
case TSG_METHOD_TYPE_RATE_LIMIT:
|
||||
eth_rawpkt_len=get_raw_packet_len(a_stream);
|
||||
if(eth_rawpkt_len<=0)
|
||||
@@ -1982,9 +1965,23 @@ extern "C" int TSG_MASTER_INIT()
|
||||
return -1;
|
||||
}
|
||||
|
||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_SHARE_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_NOTIFY_DATA");
|
||||
g_tsg_para.share_bridge_id=stream_bridge_build(label_buff, "w");
|
||||
if(g_tsg_para.share_bridge_id<0)
|
||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_SEND_NOTIFICATION_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_SEND_NOTIFICATION_DATA");
|
||||
g_tsg_para.send_notification_data_bridge_id=stream_bridge_build(label_buff, "w");
|
||||
if(g_tsg_para.send_notification_data_bridge_id<0)
|
||||
{
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
|
||||
}
|
||||
|
||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_RECV_NOTIFICATION_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_RECV_NOTIFICATION_DATA");
|
||||
g_tsg_para.recv_notification_data_bridge_id=stream_bridge_build(label_buff, "w");
|
||||
if(g_tsg_para.recv_notification_data_bridge_id<0)
|
||||
{
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
|
||||
}
|
||||
|
||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_NOTIFICATION_EXECUTION_RESULT_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_NOTIFICATION_EXECUTION_RESULT");
|
||||
g_tsg_para.notify_execution_result_bridge_id=stream_bridge_build(label_buff, "w");
|
||||
if(g_tsg_para.notify_execution_result_bridge_id<0)
|
||||
{
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
|
||||
}
|
||||
@@ -2107,12 +2104,6 @@ extern "C" int TSG_MASTER_INIT()
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ...");
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret=tsg_send_raw_packet_init(tsg_conffile, g_tsg_para.logger);
|
||||
if(ret<0)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
#include "tsg_label.h"
|
||||
#include "tsg_statistic.h"
|
||||
#include "tsg_leaky_bucket.h"
|
||||
#include "tsg_traffic_mirror.h"
|
||||
|
||||
#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
|
||||
#define atomic_inc(x) __sync_add_and_fetch((x),1)
|
||||
@@ -79,6 +78,7 @@ enum MASTER_TABLE{
|
||||
TABLE_GTP_PHONE_NUMBER,
|
||||
TABLE_RESPONSE_PAGES,
|
||||
TABLE_DNS_PROFILE_RECORD,
|
||||
TABLE_PROFILE_MIRROR,
|
||||
TABLE_MAX
|
||||
};
|
||||
|
||||
@@ -194,15 +194,6 @@ struct master_context
|
||||
struct timespec last_scan_time;
|
||||
};
|
||||
|
||||
struct mirrored_vlan
|
||||
{
|
||||
int vlan_id;
|
||||
int mirrored_pkts;
|
||||
int mirrored_bytes;
|
||||
int compile_id_num;
|
||||
int compile_id[MAX_RESULT_NUM];
|
||||
};
|
||||
|
||||
struct tcpall_context
|
||||
{
|
||||
int set_latency_flag;
|
||||
@@ -210,7 +201,6 @@ struct tcpall_context
|
||||
enum TSG_METHOD_TYPE method_type;
|
||||
union
|
||||
{
|
||||
struct mirrored_vlan *vlan;
|
||||
struct leaky_bucket *bucket;
|
||||
long tamper_count;
|
||||
void *para;
|
||||
@@ -250,8 +240,10 @@ typedef struct tsg_para
|
||||
int session_attribute_project_id;
|
||||
int context_project_id;
|
||||
int tcpall_project_id;
|
||||
int gather_app_project_id;
|
||||
int share_bridge_id;
|
||||
int gather_app_project_id;
|
||||
int notify_execution_result_bridge_id;
|
||||
int send_notification_data_bridge_id;
|
||||
int recv_notification_data_bridge_id;
|
||||
int app_bridge_id;
|
||||
int proto_flag; //tsg_protocol_t
|
||||
int fs2_field_id[TSG_FS2_MAX];
|
||||
@@ -361,7 +353,6 @@ typedef struct tsg_statistic
|
||||
|
||||
int tsg_statistic_init(const char *conffile, void *logger);
|
||||
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
|
||||
int tsg_send_raw_packet_init(const char* conffile, void *logger);
|
||||
|
||||
int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
|
||||
const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
|
||||
@@ -378,7 +369,6 @@ void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl,
|
||||
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
||||
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
|
||||
|
||||
int tsg_set_vlan_id_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct mirrored_vlan *vlan_id, int vlan_num, int thread_seq);
|
||||
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
|
||||
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
|
||||
|
||||
@@ -395,6 +385,5 @@ int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PL
|
||||
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
|
||||
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
|
||||
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
|
||||
int tsg_get_vlan_id_by_monitor_rule(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, struct mirrored_vlan *vlan, int vlan_num);
|
||||
|
||||
#endif
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
#include <MESA/stream.h>
|
||||
#include "tsg_rule.h"
|
||||
#include "tsg_label.h"
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
@@ -19,6 +20,7 @@ enum TSG_DENY_TYPE
|
||||
TSG_DENY_TYPE_REDIRECT_TO,
|
||||
TSG_DENY_TYPE_REDIRECT_URL,
|
||||
TSG_DENY_TYPE_REDIRECT_RECORD,
|
||||
TSG_DENY_TYPE_SEND_ICMP,
|
||||
TSG_DENY_TYPE_MAX
|
||||
};
|
||||
|
||||
@@ -68,6 +70,12 @@ struct dns_user_region
|
||||
struct dns_answer_records *cname;
|
||||
};
|
||||
|
||||
struct packet_capture
|
||||
{
|
||||
int enabled;
|
||||
int depth;
|
||||
};
|
||||
|
||||
struct deny_user_region
|
||||
{
|
||||
enum TSG_DENY_TYPE type;
|
||||
@@ -83,19 +91,22 @@ struct deny_user_region
|
||||
struct dns_user_region *records;
|
||||
int profile_id;
|
||||
int bps;
|
||||
int send_icmp_unreachable_enable;
|
||||
void *para;
|
||||
};
|
||||
};
|
||||
|
||||
struct traffic_mirror_profile
|
||||
{
|
||||
int profile_id;
|
||||
int ref_cnt;
|
||||
struct mirrored_vlan vlan;
|
||||
};
|
||||
|
||||
struct monitor_user_region
|
||||
{
|
||||
int enabled;
|
||||
int vlan_id;
|
||||
};
|
||||
|
||||
struct drop_user_para
|
||||
{
|
||||
int send_icmp_unreachable_enable;
|
||||
int profile_id;
|
||||
};
|
||||
|
||||
struct compile_user_region
|
||||
@@ -107,9 +118,9 @@ struct compile_user_region
|
||||
struct deny_user_region *deny;
|
||||
struct monitor_user_region *mirror;
|
||||
struct Maat_rule_t *result; //XJ default policy
|
||||
struct drop_user_para *drop_para;
|
||||
void *user_region_para;
|
||||
};
|
||||
};
|
||||
struct packet_capture capture;
|
||||
};
|
||||
|
||||
int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir);
|
||||
|
||||
292
src/tsg_rule.cpp
292
src/tsg_rule.cpp
@@ -241,37 +241,6 @@ static int get_fqdn_len(char *domain)
|
||||
return fqdn_len;
|
||||
}
|
||||
|
||||
static int copy_id(int *dst_id, int dst_id_num, int *src_id, int src_id_num)
|
||||
{
|
||||
int i=0,num=0;
|
||||
|
||||
for(i=0; i<src_id_num && num<dst_id_num; i++)
|
||||
{
|
||||
dst_id[num++]=src_id[i];
|
||||
}
|
||||
|
||||
return num;
|
||||
}
|
||||
|
||||
static int copy_vlan_id(struct mirrored_vlan *vlan, int vlan_num, int vlan_id, int *compile_id, int compile_id_num)
|
||||
{
|
||||
int i=0;
|
||||
|
||||
for(i=0; i<vlan_num; i++)
|
||||
{
|
||||
if(vlan[i].vlan_id==vlan_id)
|
||||
{
|
||||
vlan[i].compile_id_num+=copy_id(vlan[i].compile_id, MAX_RESULT_NUM-vlan[i].compile_id_num, compile_id, compile_id_num);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
vlan[vlan_num].vlan_id=vlan_id;
|
||||
vlan[vlan_num].compile_id_num=copy_id(vlan[vlan_num].compile_id, MAX_RESULT_NUM, compile_id, compile_id_num);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int sort_category_id(const void * a, const void * b)
|
||||
{
|
||||
struct fqdn_category *x = (struct fqdn_category *) a;
|
||||
@@ -684,17 +653,28 @@ static int get_integer_from_json(cJSON *object, const char *key, int *value)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct compile_user_region *parse_monitor_user_region(cJSON *object)
|
||||
static struct compile_user_region *parse_monitor_user_region(cJSON *monitor_user_region_object)
|
||||
{
|
||||
int ret=0;
|
||||
cJSON *mirror_item=NULL;
|
||||
struct compile_user_region *user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region));
|
||||
mirror_item=cJSON_GetObjectItem(object, "packet_mirror");
|
||||
if(mirror_item)
|
||||
mirror_item=cJSON_GetObjectItem(monitor_user_region_object, "traffic_mirror");
|
||||
if(mirror_item==NULL)
|
||||
{
|
||||
return user_region;
|
||||
}
|
||||
|
||||
user_region->mirror=(struct monitor_user_region *)calloc(1, sizeof(struct monitor_user_region));
|
||||
ret=get_integer_from_json(mirror_item, "enable", &(user_region->mirror->enabled));
|
||||
if(ret!=1)
|
||||
{
|
||||
return user_region;
|
||||
}
|
||||
|
||||
ret=get_integer_from_json(mirror_item, "mirror_profile", &(user_region->mirror->profile_id));
|
||||
if(ret==1)
|
||||
{
|
||||
user_region->method_type=TSG_METHOD_TYPE_MIRRORED;
|
||||
user_region->mirror=(struct monitor_user_region *)calloc(1, sizeof(struct monitor_user_region));
|
||||
get_integer_from_json(mirror_item, "enable", &(user_region->mirror->enabled));
|
||||
get_integer_from_json(mirror_item, "mirror_vlan", &(user_region->mirror->vlan_id));
|
||||
}
|
||||
|
||||
return user_region;
|
||||
@@ -880,14 +860,36 @@ static struct dns_user_region *parse_dns_user_region(cJSON *resolution_array, in
|
||||
return records;
|
||||
}
|
||||
|
||||
static struct compile_user_region *parse_deny_user_region(cJSON *object)
|
||||
static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region)
|
||||
{
|
||||
if(packet_capture_object==NULL || user_region==NULL)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ret=get_integer_from_json(packet_capture_object, "enable", &(user_region->capture.enabled));
|
||||
if(ret!=1 || user_region->capture.enabled!=1)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret=get_integer_from_json(packet_capture_object, "capture_depth", &(user_region->capture.depth));
|
||||
if(ret==1)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_region_object)
|
||||
{
|
||||
int ret=0;
|
||||
cJSON *item=NULL;
|
||||
cJSON *resolution_array=NULL;
|
||||
struct compile_user_region *user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region));
|
||||
|
||||
item=cJSON_GetObjectItem(object, "method");
|
||||
item=cJSON_GetObjectItem(deny_user_region_object, "method");
|
||||
if(item!=NULL)
|
||||
{
|
||||
user_region->method_type=(TSG_METHOD_TYPE)tsg_get_method_id(item->valuestring);
|
||||
@@ -898,15 +900,15 @@ static struct compile_user_region *parse_deny_user_region(cJSON *object)
|
||||
case TSG_METHOD_TYPE_ALERT:
|
||||
case TSG_METHOD_TYPE_BLOCK:
|
||||
user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region));
|
||||
get_integer_from_json(object, "code", &(user_region->deny->code));
|
||||
ret=get_integer_from_json(object, "html_profile", &(user_region->deny->profile_id));
|
||||
get_integer_from_json(deny_user_region_object, "code", &(user_region->deny->code));
|
||||
ret=get_integer_from_json(deny_user_region_object, "html_profile", &(user_region->deny->profile_id));
|
||||
if(ret==1)
|
||||
{
|
||||
user_region->deny->type=TSG_DENY_TYPE_PROFILE;
|
||||
break;
|
||||
}
|
||||
|
||||
ret=get_string_from_json(object, "message", &(user_region->deny->message));
|
||||
ret=get_string_from_json(deny_user_region_object, "message", &(user_region->deny->message));
|
||||
if(ret==1)
|
||||
{
|
||||
user_region->deny->type=TSG_DENY_TYPE_MESSAGE;
|
||||
@@ -917,22 +919,22 @@ static struct compile_user_region *parse_deny_user_region(cJSON *object)
|
||||
break;
|
||||
case TSG_METHOD_TYPE_REDIRECTION:
|
||||
user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region));
|
||||
get_integer_from_json(object, "code", &(user_region->deny->code));
|
||||
ret=get_string_from_json(object, "redirect_url", &(user_region->deny->redirect_url_to));
|
||||
get_integer_from_json(deny_user_region_object, "code", &(user_region->deny->code));
|
||||
ret=get_string_from_json(deny_user_region_object, "redirect_url", &(user_region->deny->redirect_url_to));
|
||||
if(ret==1)
|
||||
{
|
||||
user_region->deny->type=TSG_DENY_TYPE_REDIRECT_TO;
|
||||
break;
|
||||
}
|
||||
|
||||
ret=get_string_from_json(object, "to", &(user_region->deny->redirect_url_to));
|
||||
ret=get_string_from_json(deny_user_region_object, "to", &(user_region->deny->redirect_url_to));
|
||||
if(ret==1)
|
||||
{
|
||||
user_region->deny->type=TSG_DENY_TYPE_REDIRECT_TO;
|
||||
break;
|
||||
}
|
||||
|
||||
resolution_array=cJSON_GetObjectItem(object, "resolution");
|
||||
resolution_array=cJSON_GetObjectItem(deny_user_region_object, "resolution");
|
||||
if(resolution_array!=NULL)
|
||||
{
|
||||
user_region->deny->records_num=cJSON_GetArraySize(resolution_array);
|
||||
@@ -951,11 +953,16 @@ static struct compile_user_region *parse_deny_user_region(cJSON *object)
|
||||
case TSG_METHOD_TYPE_RATE_LIMIT:
|
||||
user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region));
|
||||
user_region->deny->type=TSG_DENY_TYPE_MAX;
|
||||
get_integer_from_json(object, "bps", &(user_region->deny->bps));
|
||||
get_integer_from_json(deny_user_region_object, "bps", &(user_region->deny->bps));
|
||||
break;
|
||||
case TSG_METHOD_TYPE_DROP:
|
||||
user_region->drop_para=(struct drop_user_para *)calloc(1, sizeof(struct drop_user_para));
|
||||
get_integer_from_json(object, "send_icmp_unreachable", &(user_region->drop_para->send_icmp_unreachable_enable));
|
||||
user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region));
|
||||
ret=get_integer_from_json(deny_user_region_object, "send_icmp_unreachable", &(user_region->deny->send_icmp_unreachable_enable));
|
||||
if(ret==1)
|
||||
{
|
||||
user_region->deny->type=TSG_DENY_TYPE_SEND_ICMP;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case TSG_METHOD_TYPE_RST:
|
||||
case TSG_METHOD_TYPE_RESET:
|
||||
@@ -970,8 +977,9 @@ static struct compile_user_region *parse_deny_user_region(cJSON *object)
|
||||
}
|
||||
|
||||
void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp)
|
||||
{
|
||||
cJSON *object=NULL;
|
||||
{
|
||||
cJSON *user_region_object=NULL;
|
||||
cJSON *packet_capture_object=NULL;
|
||||
struct compile_user_region *user_region=NULL;
|
||||
|
||||
if(rule==NULL)
|
||||
@@ -981,25 +989,29 @@ void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* s
|
||||
|
||||
if(srv_def_large!=NULL && strlen(srv_def_large)>2)
|
||||
{
|
||||
object=cJSON_Parse(srv_def_large);
|
||||
if(object!=NULL)
|
||||
{
|
||||
user_region_object=cJSON_Parse(srv_def_large);
|
||||
if(user_region_object!=NULL)
|
||||
{
|
||||
packet_capture_object=cJSON_GetObjectItem(user_region_object, "packet_capture");
|
||||
|
||||
switch(rule->action)
|
||||
{
|
||||
case TSG_ACTION_DENY:
|
||||
user_region=parse_deny_user_region(object);
|
||||
user_region=parse_deny_user_region(user_region_object);
|
||||
parse_packet_capture(packet_capture_object, user_region);
|
||||
atomic_inc(&user_region->ref_cnt);
|
||||
break;
|
||||
case TSG_ACTION_MONITOR:
|
||||
user_region=parse_monitor_user_region(object);
|
||||
user_region=parse_monitor_user_region(user_region_object);
|
||||
parse_packet_capture(packet_capture_object, user_region);
|
||||
atomic_inc(&user_region->ref_cnt);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
cJSON_Delete(object);
|
||||
object=NULL;
|
||||
cJSON_Delete(user_region_object);
|
||||
user_region_object=NULL;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1340,6 +1352,69 @@ void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl,
|
||||
}
|
||||
}
|
||||
|
||||
void mirrored_profile_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
|
||||
{
|
||||
int i=0,vlan_id_num=0;
|
||||
cJSON *one_vlan=NULL;
|
||||
struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)calloc(1, sizeof(struct traffic_mirror_profile));
|
||||
|
||||
mirror_profile->profile_id=tsg_get_column_integer_value(table_line, 1);
|
||||
char *vlan_ids_str=tsg_get_column_string_value(table_line, 3);
|
||||
|
||||
cJSON *vlan_ids_object=cJSON_Parse(vlan_ids_str);
|
||||
if(vlan_ids_object!=NULL)
|
||||
{
|
||||
vlan_id_num=cJSON_GetArraySize(vlan_ids_object);
|
||||
for(i=0; i<vlan_id_num; i++)
|
||||
{
|
||||
one_vlan=cJSON_GetArrayItem(vlan_ids_object, i);
|
||||
if(one_vlan==NULL)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
mirror_profile->vlan.id[mirror_profile->vlan.num++]=one_vlan->valueint;
|
||||
}
|
||||
}
|
||||
|
||||
atomic_inc(&mirror_profile->ref_cnt);
|
||||
|
||||
*ad=(MAAT_PLUGIN_EX_DATA)mirror_profile;
|
||||
|
||||
cJSON_Delete(vlan_ids_object);
|
||||
vlan_ids_object=NULL;
|
||||
|
||||
_free_field(vlan_ids_str);
|
||||
vlan_ids_str=NULL;
|
||||
|
||||
return ;
|
||||
}
|
||||
|
||||
void mirrored_profile_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
|
||||
{
|
||||
if((*from)!=NULL)
|
||||
{
|
||||
struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)(*from);
|
||||
atomic_inc(&mirror_profile->ref_cnt);
|
||||
(*to)=(*from);
|
||||
}
|
||||
|
||||
return ;
|
||||
}
|
||||
|
||||
void mirrored_profile_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
|
||||
{
|
||||
if((*ad)!=NULL)
|
||||
{
|
||||
struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)*ad;
|
||||
if((__sync_sub_and_fetch(&mirror_profile->ref_cnt, 1) == 0))
|
||||
{
|
||||
_free_field((char *)(*ad));
|
||||
*ad=NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
|
||||
{
|
||||
int i=0,j=0,ret=0;
|
||||
@@ -1544,6 +1619,7 @@ int tsg_rule_init(const char* conffile, void *logger)
|
||||
MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER");
|
||||
MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], _MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES");
|
||||
MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS");
|
||||
MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR");
|
||||
|
||||
MESA_load_profile_int_def(conffile, "MAAT","LOG_LEVEL", &log_level, 30);
|
||||
MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/maat/tsg_maat.log");
|
||||
@@ -1710,6 +1786,20 @@ int tsg_rule_init(const char* conffile, void *logger)
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret=Maat_plugin_EX_register(g_tsg_maat_feather,
|
||||
g_tsg_para.table_id[TABLE_PROFILE_MIRROR],
|
||||
mirrored_profile_new,
|
||||
mirrored_profile_free,
|
||||
mirrored_profile_dup,
|
||||
NULL,
|
||||
0,
|
||||
NULL);
|
||||
|
||||
if(ret<0)
|
||||
{
|
||||
MESA_handle_runtime_log(g_tsg_para.maat_logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Maat_plugin_EX_register failed, table_name: %s", g_tsg_para.table_name[TABLE_PROFILE_MIRROR]);
|
||||
return -1;
|
||||
}
|
||||
|
||||
//init dynamic maat feather
|
||||
MESA_load_profile_int_def(conffile, "MAAT", "DYNAMIC_MAAT_SWITCH", &g_tsg_para.dynamic_maat_switch, 0);
|
||||
@@ -2556,19 +2646,22 @@ struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maa
|
||||
return ((struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]));
|
||||
}
|
||||
|
||||
int tsg_get_vlan_id_by_monitor_rule(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, struct mirrored_vlan *vlan, int vlan_num)
|
||||
int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq)
|
||||
{
|
||||
int i=0,count=0;
|
||||
int i=0;
|
||||
char profile_id_str[32]={0};
|
||||
struct tsg_notify_data notify_data={0};
|
||||
struct compile_user_region *user_region=NULL;
|
||||
struct traffic_mirror_profile *mirror_profile=NULL;
|
||||
|
||||
for(i=0; i<result_num && count<vlan_num; i++)
|
||||
for(i=0; i<result_num; i++)
|
||||
{
|
||||
if(result[i].action!=TSG_ACTION_MONITOR)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
user_region=tsg_get_compile_user_region(maat_feather, &(result[i]));
|
||||
user_region=tsg_get_compile_user_region(g_tsg_maat_feather, &(result[i]));
|
||||
if(user_region==NULL)
|
||||
{
|
||||
continue;
|
||||
@@ -2576,55 +2669,32 @@ int tsg_get_vlan_id_by_monitor_rule(Maat_feather_t maat_feather, struct Maat_rul
|
||||
|
||||
if(user_region->method_type==TSG_METHOD_TYPE_MIRRORED && user_region->mirror!=NULL && user_region->mirror->enabled==1)
|
||||
{
|
||||
count+=copy_vlan_id(vlan, count, user_region->mirror->vlan_id, &(result[i].config_id), 1);
|
||||
|
||||
snprintf(profile_id_str, sizeof(profile_id_str), "%d", user_region->mirror->profile_id);
|
||||
mirror_profile=(struct traffic_mirror_profile *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_PROFILE_MIRROR], profile_id_str);
|
||||
if(mirror_profile!=NULL)
|
||||
{
|
||||
notify_data.compile_id=result[i].config_id;
|
||||
notify_data.type=NOTIFY_TYPE_MIRRORED;
|
||||
notify_data.vlan=&(mirror_profile->vlan);
|
||||
|
||||
stream_bridge_sync_data_put(a_stream, g_tsg_para.send_notification_data_bridge_id, (void *)&(notify_data));
|
||||
mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
if(user_region->capture.enabled==1)
|
||||
{
|
||||
notify_data.compile_id=result[i].config_id;
|
||||
notify_data.type=NOTIFY_TYPE_CAPTURE;
|
||||
notify_data.capture_depth=user_region->capture.depth;
|
||||
stream_bridge_sync_data_put(a_stream, g_tsg_para.send_notification_data_bridge_id, (void *)&(notify_data));
|
||||
}
|
||||
|
||||
tsg_free_compile_user_region(&(result[i]), user_region);
|
||||
user_region=NULL;
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
int tsg_set_vlan_id_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct mirrored_vlan *vlan, int vlan_num, int thread_seq)
|
||||
{
|
||||
int i=0;
|
||||
|
||||
if(vlan==NULL || vlan_num<=0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
|
||||
if(_context==NULL)
|
||||
{
|
||||
_context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
|
||||
memset(_context, 0, sizeof(struct tcpall_context));
|
||||
_context->method_type=TSG_METHOD_TYPE_MIRRORED;
|
||||
|
||||
set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
|
||||
}
|
||||
|
||||
if(_context->method_type==TSG_METHOD_TYPE_MIRRORED || _context->method_type==TSG_METHOD_TYPE_UNKNOWN)
|
||||
{
|
||||
if(_context->vlan==NULL)
|
||||
{
|
||||
_context->method_type=TSG_METHOD_TYPE_MIRRORED;
|
||||
_context->vlan=(struct mirrored_vlan *)dictator_malloc(thread_seq, sizeof(struct mirrored_vlan)*MAX_RESULT_NUM);
|
||||
memset(_context->vlan, 0, sizeof(struct mirrored_vlan));
|
||||
}
|
||||
|
||||
for(i=0; i<vlan_num; i++)
|
||||
{
|
||||
_context->vlan_num+=copy_vlan_id(_context->vlan, _context->vlan_num, vlan[i].vlan_id, vlan[i].compile_id, vlan[i].compile_id_num);
|
||||
}
|
||||
|
||||
(*context)=_context;
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq)
|
||||
@@ -2638,18 +2708,20 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co
|
||||
}
|
||||
else
|
||||
{
|
||||
if(_context->method_type==TSG_METHOD_TYPE_MIRRORED && _context->vlan)
|
||||
if(_context->method_type==TSG_METHOD_TYPE_RATE_LIMIT)
|
||||
{
|
||||
_context->vlan_num=0;
|
||||
dictator_free(thread_seq, _context->vlan);
|
||||
_context->vlan=NULL;
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
_context->method_type=TSG_METHOD_TYPE_RATE_LIMIT;
|
||||
_context->bucket=bucket;
|
||||
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
char *tsg_get_column_string_value(const char* line, int column_seq)
|
||||
|
||||
@@ -1240,39 +1240,32 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name,
|
||||
return 0;
|
||||
}
|
||||
|
||||
int set_mirrored_pkt_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct mirrored_vlan *vlan, int compile_id)
|
||||
int set_notification_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
|
||||
{
|
||||
int i=0;
|
||||
for(i=0; i<vlan->compile_id_num; i++)
|
||||
struct tsg_notify_execution_result *execution_result=NULL;
|
||||
execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, g_tsg_para.notify_execution_result_bridge_id);
|
||||
if(execution_result==NULL)
|
||||
{
|
||||
if(vlan->compile_id[i]==compile_id)
|
||||
return 0;
|
||||
}
|
||||
|
||||
for(i=0; i<execution_result->stat_mirrored_cnt; i++)
|
||||
{
|
||||
if(execution_result->stat_mirrored[i].compile_id==p_result->config_id)
|
||||
{
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(long)(vlan->mirrored_pkts), TLD_TYPE_LONG);
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name, (void *)(long)(vlan->mirrored_bytes), TLD_TYPE_LONG);
|
||||
return 1;
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(execution_result->stat_mirrored[i].packets), TLD_TYPE_LONG);
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name, (void *)(execution_result->stat_mirrored[i].bytes), TLD_TYPE_LONG);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int set_mirrored_session(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
|
||||
{
|
||||
int i=0,ret=0;
|
||||
struct tcpall_context *context=(struct tcpall_context *)project_req_get_struct(a_stream, g_tsg_para.tcpall_project_id);
|
||||
if(context!=NULL && context->method_type==TSG_METHOD_TYPE_MIRRORED)
|
||||
if(execution_result->capture_packet_path!=NULL)
|
||||
{
|
||||
for(i=0; i<context->vlan_num; i++)
|
||||
{
|
||||
ret=set_mirrored_pkt_bytes(_instance, _handle, &(context->vlan[i]), p_result->config_id);
|
||||
if(ret==1)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name, (void *)(execution_result->capture_packet_path), TLD_TYPE_STRING);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
|
||||
@@ -1702,10 +1695,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
|
||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);
|
||||
|
||||
if(log_msg->result[i].action==TSG_ACTION_MONITOR)
|
||||
{
|
||||
set_mirrored_session(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
|
||||
}
|
||||
set_notification_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
|
||||
|
||||
if(_instance->send_user_region==1)
|
||||
{
|
||||
|
||||
@@ -123,6 +123,7 @@ typedef enum _tsg_log_field_id
|
||||
LOG_COMMON_L2TP_ACCESS_CONCENTRATOR_PORT,
|
||||
LOG_COMMON_L2TP_NETWORK_SERVER_PORT,
|
||||
LOG_COMMON_L2TP_VERSION,
|
||||
LOG_COMMON_PACKET_CAPTURE_FILE,
|
||||
LOG_COMMON_MAX
|
||||
}tsg_log_field_id_t;
|
||||
|
||||
|
||||
@@ -1,107 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <MESA/MESA_prof_load.h>
|
||||
#include <MESA/MESA_handle_logger.h>
|
||||
|
||||
#include "tsg_rule.h"
|
||||
#include "tsg_entry.h"
|
||||
|
||||
|
||||
static int send_raw_packet(struct traffic_mirror *ttm,char * pkt_ptr,int pkt_len, struct mirrored_vlan *vlan,int vlan_num,int thread_seq)
|
||||
{
|
||||
int i=0,ret=0;
|
||||
for(i=0; i<vlan_num; i++)
|
||||
{
|
||||
ret=tsg_traffic_mirror_send_burst(ttm, (char *)pkt_ptr, pkt_len, &(vlan[i].vlan_id), ((vlan[i].vlan_id>0) ? 1 : 0), thread_seq);
|
||||
if(ret==TRAFFIC_MIRROR_SEND_SUCCESS)
|
||||
{
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_PKT_SUCCESS], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_BYTE_SUCCESS], 0, FS_OP_ADD, pkt_len);
|
||||
}
|
||||
else
|
||||
{
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_PKT_FAILED], 0, FS_OP_ADD, 1);
|
||||
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_MIRRORED_BYTE_FAILED], 0, FS_OP_ADD, pkt_len);
|
||||
}
|
||||
|
||||
vlan[i].mirrored_pkts+=1;
|
||||
vlan[i].mirrored_bytes+=pkt_len;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq)
|
||||
{
|
||||
int ret=0;
|
||||
void *p_eth_rawpkt=NULL;
|
||||
int eth_rawpkt_len=0;
|
||||
raw_ipfrag_list_t *frag_pkt=NULL;
|
||||
|
||||
if(g_tsg_para.mirror_switch==0 || vlan==NULL || vlan_num<=0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_DATA, &p_eth_rawpkt);
|
||||
switch(0)
|
||||
{
|
||||
case 0:
|
||||
ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_TOT_LEN, ð_rawpkt_len);
|
||||
if(ret<0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
send_raw_packet(g_tsg_para.mirror_handle, (char *)p_eth_rawpkt, eth_rawpkt_len, vlan, vlan_num, thread_seq);
|
||||
break;
|
||||
case 1:
|
||||
frag_pkt=(raw_ipfrag_list_t *)p_eth_rawpkt;
|
||||
while(frag_pkt)
|
||||
{
|
||||
send_raw_packet(g_tsg_para.mirror_handle, (char *)(frag_pkt->frag_packet), frag_pkt->pkt_len, vlan, vlan_num, thread_seq);
|
||||
frag_pkt = frag_pkt->next;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq)
|
||||
{
|
||||
if(g_tsg_para.mirror_switch==0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int vlan_num=0;
|
||||
struct mirrored_vlan vlan[MAX_RESULT_NUM]={0};
|
||||
struct tcpall_context *context=NULL;
|
||||
|
||||
vlan_num=tsg_get_vlan_id_by_monitor_rule(g_tsg_maat_feather, result, result_num, vlan, MAX_RESULT_NUM);
|
||||
tsg_set_vlan_id_to_tcpall(a_stream, &context, vlan, vlan_num, thread_seq);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int tsg_send_raw_packet_init(const char* conffile, void *logger)
|
||||
{
|
||||
MESA_load_profile_short_def(conffile, "TRAFFIC_MIRROR", "TRAFFIC_MIRROR_ENABLE", &g_tsg_para.mirror_switch, 0);
|
||||
if(g_tsg_para.mirror_switch==0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
g_tsg_para.mirror_handle=tsg_traffic_mirror_init(conffile, g_tsg_para.logger);
|
||||
if(g_tsg_para.mirror_handle==NULL)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1,171 +0,0 @@
|
||||
#include <marsio.h>
|
||||
#include <stdio.h>
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <pthread.h>
|
||||
#include <unistd.h>
|
||||
#include <stream.h>
|
||||
|
||||
#include <MESA/MESA_prof_load.h>
|
||||
#include <MESA/MESA_handle_logger.h>
|
||||
|
||||
#include "tsg_traffic_mirror.h"
|
||||
|
||||
#define BURST_MAX 64
|
||||
#define PREDICT_FALSE(x) __builtin_expect((x),0)
|
||||
#define PREDICT_TRUE(x) __builtin_expect((x),1)
|
||||
|
||||
struct traffic_mirror
|
||||
{
|
||||
struct mr_instance * mr_instance;
|
||||
struct mr_vdev * dev_handler;
|
||||
struct mr_sendpath * to_dev_sendpath;
|
||||
char app_name[64];
|
||||
char nic_name[32];
|
||||
int nr_thread;
|
||||
int default_vlan_id;
|
||||
};
|
||||
|
||||
struct traffic_mirror *tsg_traffic_mirror_init(const char *conffile, void *logger)
|
||||
{
|
||||
int ret=0,traffic_mirror_enable=TRAFFIC_MIRROR_DISABLE;
|
||||
struct traffic_mirror *ttm = NULL;
|
||||
|
||||
ttm=(struct traffic_mirror *)calloc(1, sizeof(struct traffic_mirror));
|
||||
|
||||
if (conffile == NULL)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Conffile Path Is Null !!!");
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
MESA_load_profile_int_def(conffile, "TRAFFIC_MIRROR", "TRAFFIC_MIRROR_ENABLE", &traffic_mirror_enable, 0);
|
||||
if (traffic_mirror_enable != TRAFFIC_MIRROR_ENABLE)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Traffic Mirror Is Disable !!!");
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
MESA_load_profile_string_def(conffile, "TRAFFIC_MIRROR", "NIC_NAME", ttm->nic_name, sizeof(ttm->nic_name), "lo");
|
||||
if (ttm->nic_name == NULL)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Traffic Mirror Cfg No Setting Nic Name !!!");
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
MESA_load_profile_string_def(conffile, "TRAFFIC_MIRROR", "APP_NAME", ttm->app_name, sizeof(ttm->app_name),"tsg_traffic_mirror");
|
||||
|
||||
MESA_load_profile_int_def(conffile, "TRAFFIC_MIRROR", "DEFAULT_VLAN_ID", &ttm->default_vlan_id, 0);
|
||||
|
||||
ttm->mr_instance = marsio_create();
|
||||
if (ttm->mr_instance == NULL)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Marsion Create Error !!!");
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
ret = marsio_init(ttm->mr_instance, ttm->app_name);
|
||||
if (ret < 0)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Marsion Init Error !!!");
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
ttm->nr_thread = get_thread_count();
|
||||
if (ttm->nr_thread <= 0)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Get Thread Count Error :%d",ttm->nr_thread);
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
ttm->dev_handler = marsio_open_device(ttm->mr_instance, ttm->nic_name, 0, ttm->nr_thread);
|
||||
if (ttm->dev_handler == NULL)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Marsion Open Device Error :%s",ttm->nic_name);
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
ttm->to_dev_sendpath = marsio_sendpath_create_by_vdev(ttm->dev_handler);
|
||||
if (ttm->to_dev_sendpath == NULL)
|
||||
{
|
||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "TSG_TRAFFIC_MIRROR", "Marsion Create Sendpath Error !!!");
|
||||
goto init_error;
|
||||
}
|
||||
return ttm;
|
||||
|
||||
init_error:
|
||||
if (ttm->mr_instance != NULL)
|
||||
{
|
||||
marsio_destory(ttm->mr_instance);
|
||||
}
|
||||
|
||||
free(ttm);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int tsg_traffic_mirror_send_burst(struct traffic_mirror *ttm,char * pkt_ptr,int pkt_len,int *vlan_array,int vlan_num,int thread_seq)
|
||||
{
|
||||
int i=0,ret=0,tx_buffer_num=0;
|
||||
marsio_buff_t * tx_buff[BURST_MAX];
|
||||
int *vlan_tag_array = NULL;
|
||||
|
||||
if (PREDICT_FALSE((ttm == NULL) || (ttm->to_dev_sendpath == NULL)))
|
||||
{
|
||||
return SEND_ERROR_NOT_INIT;
|
||||
}
|
||||
if (PREDICT_FALSE(thread_seq >= ttm->nr_thread))
|
||||
{
|
||||
return SEND_ERROR_THREAD_SEQ_ERR;
|
||||
}
|
||||
if (PREDICT_FALSE(pkt_ptr == NULL))
|
||||
{
|
||||
return SEND_ERROR_PKT_BUFFER_IS_NULL;
|
||||
}
|
||||
if (PREDICT_FALSE(pkt_len == 0))
|
||||
{
|
||||
return SEND_ERROR_PKT_LEN_ERROR;
|
||||
}
|
||||
if (PREDICT_FALSE(vlan_num > BURST_MAX))
|
||||
{
|
||||
return SEND_ERROR_VLAN_NUM_EXCEED_BURST_MAX;
|
||||
}
|
||||
|
||||
if (PREDICT_FALSE((vlan_num < 1) || (vlan_array == NULL)))
|
||||
{
|
||||
tx_buffer_num = 1;
|
||||
vlan_tag_array = &ttm->default_vlan_id;
|
||||
}
|
||||
else
|
||||
{
|
||||
tx_buffer_num = vlan_num;
|
||||
vlan_tag_array = vlan_array;
|
||||
}
|
||||
|
||||
ret = marsio_buff_malloc_global(ttm->mr_instance, tx_buff, tx_buffer_num, MARSIO_SOCKET_ID_ANY, MARSIO_LCORE_ID_ANY);
|
||||
if (PREDICT_FALSE(ret < 0 ))
|
||||
{
|
||||
return SEND_ERROR_BUFF_MALLOC_ERROR;
|
||||
}
|
||||
|
||||
for (i = 0; i < tx_buffer_num; i++)
|
||||
{
|
||||
unsigned int vlan_id = vlan_tag_array[i];
|
||||
marsio_buff_t * tx_buff_ptr = tx_buff[i];
|
||||
char * tx_buff_begin = marsio_buff_append(tx_buff_ptr, pkt_len);
|
||||
memcpy(tx_buff_begin, pkt_ptr, pkt_len);
|
||||
if(vlan_id>0)
|
||||
{
|
||||
marsio_buff_set_metadata(tx_buff_ptr,MR_BUFF_METADATA_VLAN_TCI,&vlan_id,sizeof(vlan_id));
|
||||
}
|
||||
}
|
||||
|
||||
ret = marsio_send_burst(ttm->to_dev_sendpath, thread_seq, tx_buff, tx_buffer_num);
|
||||
if (PREDICT_FALSE(ret < 0))
|
||||
{
|
||||
marsio_buff_free(ttm->mr_instance, tx_buff, tx_buffer_num, MARSIO_SOCKET_ID_ANY, MARSIO_LCORE_ID_ANY);
|
||||
return TRAFFIC_MIRROR_SEND_ERROR_DROP;
|
||||
}
|
||||
|
||||
return TRAFFIC_MIRROR_SEND_SUCCESS;
|
||||
}
|
||||
@@ -1,23 +0,0 @@
|
||||
#ifndef __TSG_TRAFFIC_MIRROR_H__
|
||||
#define __TSG_TRAFFIC_MIRROR_H__
|
||||
|
||||
#define TRAFFIC_MIRROR_DISABLE 0
|
||||
#define TRAFFIC_MIRROR_ENABLE 1
|
||||
|
||||
#define TRAFFIC_MIRROR_SEND_SUCCESS 0
|
||||
#define SEND_ERROR_NOT_INIT -1
|
||||
#define SEND_ERROR_THREAD_SEQ_ERR -2
|
||||
#define SEND_ERROR_PKT_BUFFER_IS_NULL -3
|
||||
#define SEND_ERROR_PKT_LEN_ERROR -4
|
||||
#define SEND_ERROR_VLAN_BUFFER_IS_NULL -5
|
||||
#define SEND_ERROR_VLAN_NUM_ERROR -6
|
||||
#define SEND_ERROR_VLAN_NUM_EXCEED_BURST_MAX -7
|
||||
#define SEND_ERROR_BUFF_MALLOC_ERROR -8
|
||||
#define TRAFFIC_MIRROR_SEND_ERROR_DROP -9
|
||||
|
||||
struct traffic_mirror;
|
||||
|
||||
struct traffic_mirror *tsg_traffic_mirror_init(const char *conffile, void *logger);
|
||||
int tsg_traffic_mirror_send_burst(struct traffic_mirror *ttm,char * pkt_ptr,int pkt_len,int *vlan_array,int vlan_num,int thread_seq);
|
||||
|
||||
#endif
|
||||
Reference in New Issue
Block a user