Feature statistic app count
This commit is contained in:
刘学利
@@ -65,7 +65,21 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
|
|||||||
{0, TSG_FS2_ABORT_DENY, "abort_deny"},
|
{0, TSG_FS2_ABORT_DENY, "abort_deny"},
|
||||||
{0, TSG_FS2_ABORT_MONITOR, "abort_monitor"},
|
{0, TSG_FS2_ABORT_MONITOR, "abort_monitor"},
|
||||||
{0, TSG_FS2_ABORT_INTERCEPT, "abort_intercept"},
|
{0, TSG_FS2_ABORT_INTERCEPT, "abort_intercept"},
|
||||||
{0, TSG_FS2_ABORT_UNKNOWN, "abort_unknown"}
|
{0, TSG_FS2_ABORT_UNKNOWN, "abort_unknown"},
|
||||||
|
{0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
|
||||||
|
{0, TSG_FS2_APP_Q_RESULT, "Q_result"},
|
||||||
|
{0, TSG_FS2_APP_USER_RESULT, "U_result"},
|
||||||
|
{0, TSG_FS2_APP_ONLY_DPKT_RESULT, "only_D_result"},
|
||||||
|
{0, TSG_FS2_APP_ONLY_Q_RESULT, "only_Q_result"},
|
||||||
|
{0, TSG_FS2_APP_ONLY_USER_RESULT, "only_U_result"},
|
||||||
|
{0, TSG_FS2_APP_DQ_SAME_RESULT, "DQ_same_result"},
|
||||||
|
{0, TSG_FS2_APP_DQ_DIFF_RESULT, "DQ_diff_result"},
|
||||||
|
{0, TSG_FS2_APP_DU_SAME_RESULT, "DU_same_result"},
|
||||||
|
{0, TSG_FS2_APP_DU_DIFF_RESULT, "DU_diff_result"},
|
||||||
|
{0, TSG_FS2_APP_QU_SAME_RESULT, "QU_same_result"},
|
||||||
|
{0, TSG_FS2_APP_QU_DIFF_RESULT, "QU_diff_result"},
|
||||||
|
{0, TSG_FS2_APP_DQU_SAME_RESULT, "DQU_same_result"},
|
||||||
|
{0, TSG_FS2_APP_DQU_DIFF_RESULT, "DQU_diff_result"}
|
||||||
};
|
};
|
||||||
|
|
||||||
id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
|
id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
|
||||||
@@ -1297,6 +1311,13 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id);
|
||||||
|
if(context==NULL)
|
||||||
|
{
|
||||||
|
init_context((void **)(&context), a_stream->threadnum);
|
||||||
|
set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context);
|
||||||
|
}
|
||||||
|
|
||||||
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
|
||||||
if(gather_result==NULL)
|
if(gather_result==NULL)
|
||||||
{
|
{
|
||||||
@@ -1307,28 +1328,24 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
|
|||||||
|
|
||||||
switch(identify_result->origin)
|
switch(identify_result->origin)
|
||||||
{
|
{
|
||||||
case ORIGIN_DKPT:
|
case ORIGIN_DKPT:
|
||||||
case ORIGIN_QM_ENGINE:
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1);
|
||||||
case ORIGIN_USER_DEFINE:
|
break;
|
||||||
case ORIGIN_BASIC_PROTOCOL:
|
case ORIGIN_QM_ENGINE:
|
||||||
memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
break;
|
||||||
|
case ORIGIN_USER_DEFINE:
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
break;
|
||||||
|
case ORIGIN_BASIC_PROTOCOL:
|
||||||
|
set_l7_protocol_to_context(context, identify_result->app_id[identify_result->app_id_num-1]);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
|
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id);
|
memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
|
||||||
if(context==NULL)
|
|
||||||
{
|
|
||||||
init_context((void **)(&context), a_stream->threadnum);
|
|
||||||
set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(identify_result->origin==ORIGIN_BASIC_PROTOCOL)
|
|
||||||
{
|
|
||||||
set_l7_protocol_to_context(context, identify_result->app_id[identify_result->app_id_num-1]);
|
|
||||||
}
|
|
||||||
record_time_start(&(context->last_scan_time));
|
record_time_start(&(context->last_scan_time));
|
||||||
|
|
||||||
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, &(context->mid), identify_result, a_stream->threadnum);
|
hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, &(context->mid), identify_result, a_stream->threadnum);
|
||||||
|
|||||||
@@ -80,6 +80,20 @@ enum TSG_FS2_TYPE{
|
|||||||
TSG_FS2_ABORT_MONITOR,
|
TSG_FS2_ABORT_MONITOR,
|
||||||
TSG_FS2_ABORT_INTERCEPT,
|
TSG_FS2_ABORT_INTERCEPT,
|
||||||
TSG_FS2_ABORT_UNKNOWN,
|
TSG_FS2_ABORT_UNKNOWN,
|
||||||
|
TSG_FS2_APP_DPKT_RESULT,
|
||||||
|
TSG_FS2_APP_Q_RESULT,
|
||||||
|
TSG_FS2_APP_USER_RESULT,
|
||||||
|
TSG_FS2_APP_ONLY_DPKT_RESULT,
|
||||||
|
TSG_FS2_APP_ONLY_Q_RESULT,
|
||||||
|
TSG_FS2_APP_ONLY_USER_RESULT,
|
||||||
|
TSG_FS2_APP_DQ_SAME_RESULT,
|
||||||
|
TSG_FS2_APP_DQ_DIFF_RESULT,
|
||||||
|
TSG_FS2_APP_DU_SAME_RESULT,
|
||||||
|
TSG_FS2_APP_DU_DIFF_RESULT,
|
||||||
|
TSG_FS2_APP_QU_SAME_RESULT,
|
||||||
|
TSG_FS2_APP_QU_DIFF_RESULT,
|
||||||
|
TSG_FS2_APP_DQU_SAME_RESULT,
|
||||||
|
TSG_FS2_APP_DQU_DIFF_RESULT,
|
||||||
TSG_FS2_MAX
|
TSG_FS2_MAX
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -25,6 +25,7 @@
|
|||||||
char TSG_SEND_LOG_VERSION_20200729=0;
|
char TSG_SEND_LOG_VERSION_20200729=0;
|
||||||
struct tsg_log_instance_t *g_tsg_log_instance;
|
struct tsg_log_instance_t *g_tsg_log_instance;
|
||||||
|
|
||||||
|
#define SET_FLAG(a, b, c) ((a)>0 ? (b)|=(c) : (a))
|
||||||
|
|
||||||
const id2field_t tld_type[TLD_TYPE_MAX]={{TLD_TYPE_UNKNOWN, TLD_TYPE_UNKNOWN, "UNKOWN"},
|
const id2field_t tld_type[TLD_TYPE_MAX]={{TLD_TYPE_UNKNOWN, TLD_TYPE_UNKNOWN, "UNKOWN"},
|
||||||
{TLD_TYPE_LONG, TLD_TYPE_LONG, "LONG"},
|
{TLD_TYPE_LONG, TLD_TYPE_LONG, "LONG"},
|
||||||
@@ -525,6 +526,67 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
|
|||||||
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
|
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
app_id_flag=0;
|
||||||
|
SET_FLAG(label->result[ORIGIN_DKPT].app_id_num, app_id_flag, 1);
|
||||||
|
SET_FLAG(label->result[ORIGIN_QM_ENGINE].app_id_num, app_id_flag, 2);
|
||||||
|
SET_FLAG(label->result[ORIGIN_USER_DEFINE].app_id_num, app_id_flag, 4);
|
||||||
|
|
||||||
|
switch(app_id_flag)
|
||||||
|
{
|
||||||
|
case 1:
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ONLY_DPKT_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ONLY_Q_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
if((label->result[ORIGIN_DKPT].app_id[label->result[ORIGIN_DKPT].app_id_num-1]) == (label->result[ORIGIN_QM_ENGINE].app_id[label->result[ORIGIN_QM_ENGINE].app_id_num-1]))
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DQ_SAME_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DQ_DIFF_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_ONLY_USER_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
break;
|
||||||
|
case 5:
|
||||||
|
if((label->result[ORIGIN_USER_DEFINE].app_id[label->result[ORIGIN_USER_DEFINE].app_id_num-1]) == (label->result[ORIGIN_DKPT].app_id[label->result[ORIGIN_DKPT].app_id_num-1]))
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DU_SAME_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DU_DIFF_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 6:
|
||||||
|
if((label->result[ORIGIN_USER_DEFINE].app_id[label->result[ORIGIN_USER_DEFINE].app_id_num-1]) == (label->result[ORIGIN_QM_ENGINE].app_id[label->result[ORIGIN_QM_ENGINE].app_id_num-1]))
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_QU_SAME_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_QU_DIFF_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 7:
|
||||||
|
if((label->result[ORIGIN_USER_DEFINE].app_id[label->result[ORIGIN_USER_DEFINE].app_id_num-1]) == (label->result[ORIGIN_QM_ENGINE].app_id[label->result[ORIGIN_QM_ENGINE].app_id_num-1]) &&
|
||||||
|
(label->result[ORIGIN_USER_DEFINE].app_id[label->result[ORIGIN_USER_DEFINE].app_id_num-1]) == (label->result[ORIGIN_DKPT].app_id[label->result[ORIGIN_DKPT].app_id_num-1]))
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DQU_SAME_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DQU_DIFF_RESULT], 0, FS_OP_ADD, 1);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -1158,8 +1220,8 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
|
|||||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "REFRESH_INTERVAL_MS", _instance->refresh_interval_ms, sizeof(_instance->refresh_interval_ms), "600000");
|
MESA_load_profile_string_def(conffile, "TSG_LOG", "REFRESH_INTERVAL_MS", _instance->refresh_interval_ms, sizeof(_instance->refresh_interval_ms), "600000");
|
||||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "REQUIRE_ACK", _instance->require_ack, sizeof(_instance->require_ack), "1");
|
MESA_load_profile_string_def(conffile, "TSG_LOG", "REQUIRE_ACK", _instance->require_ack, sizeof(_instance->require_ack), "1");
|
||||||
|
|
||||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "TCP_LABEL", _instance->tcp_label, sizeof(_instance->tcp_label), "tcp_flow_stat");
|
MESA_load_profile_string_def(conffile, "SYSTEM", "TCP_LABEL", _instance->tcp_label, sizeof(_instance->tcp_label), "tcp_flow_stat");
|
||||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "UDP_LABEL", _instance->udp_label, sizeof(_instance->udp_label), "udp_flow_stat");
|
MESA_load_profile_string_def(conffile, "SYSTEM", "UDP_LABEL", _instance->udp_label, sizeof(_instance->udp_label), "udp_flow_stat");
|
||||||
|
|
||||||
_instance->tcp_flow_project_id=project_customer_register(_instance->tcp_label, "struct");
|
_instance->tcp_flow_project_id=project_customer_register(_instance->tcp_label, "struct");
|
||||||
_instance->udp_flow_project_id=project_customer_register(_instance->udp_label, "struct");
|
_instance->udp_flow_project_id=project_customer_register(_instance->udp_label, "struct");
|
||||||
@@ -1174,7 +1236,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "NIC_NAME", nic_name, sizeof(nic_name), "eth0");
|
MESA_load_profile_string_def(conffile, "SYSTEM", "NIC_NAME", nic_name, sizeof(nic_name), "lo");
|
||||||
ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
|
ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user