diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index b40c481..fed4164 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -28,6 +28,7 @@ enum TSG_METHOD_TYPE TSG_METHOD_TYPE_RATE_LIMIT, TSG_METHOD_TYPE_MIRRORED, TSG_METHOD_TYPE_TAMPER, + TSG_METHOD_TYPE_DEFAULT, TSG_METHOD_TYPE_MAX }; diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 18fafa5..5545fb5 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -573,6 +573,85 @@ static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule return STATE_DROPME|STATE_DROPPKT; } +static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) +{ + if(user_region==NULL) + { + return do_action_drop(a_stream, p_result, user_region, protocol, user_data); + } + + struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + if(_context==NULL) + { + _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context)); + memset(_context, 0, sizeof(struct tcpall_context)); + set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + _context->method_type=TSG_METHOD_TYPE_TAMPER; + _context->tamper_count = 1; + }else{ + if(_context->method_type != TSG_METHOD_TYPE_TAMPER) + { + _context->method_type=TSG_METHOD_TYPE_TAMPER; + _context->tamper_count = 1; + } + else + { + //to do error log + //_context->method_type + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + __FUNCTION__, + "_context->method_type : %d", + _context->method_type); + + return STATE_GIVEME; + } + } + + if(0 == send_tamper_xxx(a_stream, &_context->tamper_count, user_data)){ + return STATE_DROPPKT; + } + return STATE_GIVEME; +} + +static unsigned char do_action_default_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) +{ + struct deny_user_region *deny_region=NULL; + + switch(a_stream->type) + { + case STREAM_TYPE_TCP: + deny_region=&(user_region->session_para->tcp); + break; + case STREAM_TYPE_UDP: + deny_region=&(user_region->session_para->udp); + break; + default: + return STATE_DROPME|STATE_DROPPKT; + break; + } + + switch(deny_region->type) + { + case TSG_DENY_TYPE_DEFAULT_RST: + do_action_reset(a_stream, p_result, protocol); + break; + case TSG_DENY_TYPE_SEND_ICMP: + case TSG_DENY_TYPE_DEFAULT_DROP: + struct compile_user_region tmp_user_region; + tmp_user_region.deny=deny_region; + tmp_user_region.capture.enabled=0; + tmp_user_region.capture.depth=0; + tmp_user_region.method_type=TSG_METHOD_TYPE_DROP; + do_action_drop(a_stream, p_result, &tmp_user_region, protocol, user_data); + break; + default: + break; + } + + return STATE_DROPME|STATE_DROPPKT; +} + static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, enum ACTION_RETURN_TYPE type) { struct tcpall_context *context=NULL; @@ -725,42 +804,6 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) -{ - if(user_region==NULL){ - return do_action_drop(a_stream, p_result, user_region, protocol, user_data); - } - - struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); - if(_context==NULL){ - _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context)); - memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); - _context->method_type=TSG_METHOD_TYPE_TAMPER; - _context->tamper_count = -1; - }else{ - if(_context->method_type == TSG_METHOD_TYPE_UNKNOWN){ - _context->method_type=TSG_METHOD_TYPE_TAMPER; - _context->tamper_count = -1; - }else if (_context->method_type == TSG_METHOD_TYPE_TAMPER){ - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - __FUNCTION__, - "Tamper is been processed, _context->method_type : %d", - _context->method_type); - return STATE_GIVEME; - } - } - - if(a_stream->type != STREAM_TYPE_TCP){ - if(0 == send_tamper_xxx(a_stream, &_context->tamper_count, user_data)){ - return STATE_DROPPKT; - } - } - - return STATE_GIVEME; -} - unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) { unsigned char local_state=STATE_GIVEME; @@ -805,10 +848,20 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_ case TSG_METHOD_TYPE_TAMPER: local_state=do_action_tamper(a_stream, p_result, user_region, protocol, user_data); break; + case TSG_METHOD_TYPE_DEFAULT: + local_state=do_action_default_xxx(a_stream, p_result, user_region, protocol, user_data); + break; default: break; } + + if(method_type!=TSG_METHOD_TYPE_DEFAULT) + { + struct tcpall_context *context=NULL; + tsg_set_method_to_tcpall(a_stream, &context, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum); + } + security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME); diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 9faeb5b..f8ae18e 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1,2118 +1,2179 @@ -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include "MESA/sip.h" -#include -#include -#include -#include - -#include "app_label.h" -#include "tsg_rule.h" -#include "tsg_entry.h" -#include "tsg_send_log.h" -#include "tsg_statistic.h" -#include "tsg_send_log_internal.h" -#include "tsg_ssl_utils.h" -#include "tsg_ssh_utils.h" -#include "tsg_protocol_common.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -#define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL -#define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v) - -/* VERSION TAG */ -#ifdef GIT_VERSION -GIT_VERSION_EXPEND(GIT_VERSION); -#else -static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; -#endif -#undef GIT_VERSION_CATTER -#undef GIT_VERSION_EXPEND - -#ifdef __cplusplus -} -#endif - -struct session_record_ctx -{ - struct TLD_handle_t *log; - tsg_protocol_t proto_type; -}; - -char TSG_MASTER_VERSION_20200805 = 0; -const char *tsg_conffile="tsgconf/main.conf"; -g_tsg_para_t g_tsg_para; - -id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, - {0, TSG_FS2_UDP_LINKS, "udp_links"}, - {0, TSG_FS2_BYPASS, "bypass"}, - {0, TSG_FS2_HIT_ADDR, "hit_addr"}, - {0, TSG_FS2_HIT_SHARE, "hit_share"}, - {0, TSG_FS2_INTERCEPT, "intercept"}, - {0, TSG_FS2_EXCLUSION, "exclusion"}, - {0, TSG_FS2_SUCCESS_LOG, "success_log"}, - {0, TSG_FS2_FAILED_LOG, "failed_log"}, - {0, TSG_FS2_DROP_LOG, "drop_log"}, - {0, TSG_FS2_ABORT_ALLOW, "abort_allow"}, - {0, TSG_FS2_ABORT_DENY, "abort_deny"}, - {0, TSG_FS2_ABORT_MONITOR, "abort_monitor"}, - {0, TSG_FS2_ABORT_INTERCEPT, "abort_intercept"}, - {0, TSG_FS2_ABORT_UNKNOWN, "abort_unknown"}, - {0, TSG_FS2_APP_DPKT_RESULT, "D_result"}, - {0, TSG_FS2_APP_Q_RESULT, "Q_result"}, - {0, TSG_FS2_APP_USER_RESULT, "U_result"}, - {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"}, - {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"}, - {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"}, - {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"}, - {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"}, - {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"}, - {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"}, - {0, TSG_FS2_DDOS_SUCCESS_LOG, "ddos_suc_log"}, - {0, TSG_FS2_DDOS_FAILED_LOG, "ddos_fai_log"}, - {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"}, - {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"}, - {0, TSG_FS2_CREATE_LOG_HANDLE, "create_log_cnt"}, - {0, TSG_FS2_DUP_LOG_HANDLE, "dup_log_cnt"}, - {0, TSG_FS2_APPEND_LOG_HANDLE, "append_log_cnt"}, - {0, TSG_FS2_FREE_LOG_HANDLE, "free_log_cnt"}, - {0, TSG_FS2_FREE_RAPID_SIZE, "free_rapid_size"}, - {0, TSG_FS2_FREE_RAPID_CAPACITY, "free_rapid_capacity"} - }; - -id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, - {PROTO_IPv4, 0, "IPV4"}, - {PROTO_IPv6, 0, "IPV6"}, - {PROTO_TCP, 0, "TCP"}, - {PROTO_UDP, 0, "UDP"}, - {PROTO_HTTP, 0, "HTTP"}, - {PROTO_MAIL, 0, "MAIL"}, - {PROTO_DNS, 0, "DNS"}, - {PROTO_FTP, 0, "FTP"}, - {PROTO_SSL, 0, "SSL"}, - {PROTO_SIP, 0, "SIP"}, - {PROTO_BGP, 0, "BGP"}, - {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, - {PROTO_QUIC, 0, "QUIC"}, - {PROTO_SSH, 0, "SSH"}, - {PROTO_SMTP, 0, "SMTP"}, - {PROTO_IMAP, 0, "IMAP"}, - {PROTO_POP3, 0, "POP3"}, - {PROTO_RTP, 0, "RTP"}, - {PROTO_APP, 0, "APP"}, - {PROTO_L2TP, 0, "L2TP"}, - {PROTO_PPTP, 0, "PPTP"} - }; - -#define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 - -static int init_context(void **pme, int thread_seq) -{ - *pme=dictator_malloc(thread_seq, sizeof(struct master_context)); - memset(*pme, 0, sizeof(struct master_context)); - - return 0; -} - -static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len) -{ - int ret=0,flags=0; - char buff[4096]={0}; - cJSON *object=NULL; - - FILE *fp=fopen(filename, "rb"); - if(fp) - { - ret=fread(buff, sizeof(buff), 1, fp); - if(ret<(int)sizeof(buff)) - { - object=cJSON_Parse(buff); - if(object) - { - cJSON *item=cJSON_GetObjectItem(object, "sn"); - if(item && item->valuestring!=NULL && device_sn_len>(int)strlen(item->valuestring)) - { - flags=1; - memcpy(device_sn, item->valuestring, strlen(item->valuestring)); - } - cJSON_Delete(object); - object=NULL; - } - } - - fclose(fp); - fp=NULL; - } - - return flags; -} - -static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict *dict, unsigned short *timeout) -{ - if(a_stream==NULL || dict==NULL) - { - return 0; - } - - switch(a_stream->type) - { - case STREAM_TYPE_TCP: - if((*timeout) >= dict->tcp_timeout) - { - return 0; - } - - *timeout=dict->tcp_timeout; - break; - case STREAM_TYPE_UDP: - if((*timeout) >= dict->udp_timeout) - { - return 0; - } - - *timeout=dict->udp_timeout; - break; - default: - return 0; - } - - int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short)); - if(ret<0) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1); - } - else - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1); - } - - return 1; -} - -static int get_device_id(char *command, int datacenter_id) -{ - FILE *fp=NULL; - char buffer[128]={0}; - - fp=popen(command, "r"); - if(fp) - { - fgets(buffer,sizeof(buffer),fp); - pclose(fp); - } - - return (datacenter_id<<7)+(atoi(buffer)%128); -} - -static int get_deploy_mode(void) -{ - char s_mode[128]={0}; - int len=sizeof(s_mode); - int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len); - if(ret>=0) - { - if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0) - { - g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR; - } - else if((memcmp(s_mode, "inline", strlen(s_mode)))==0) - { - g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE; - } - else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0) - { - g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT; - } - else - { - g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR; - } - } - - return 0; -} - -static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context) -{ - if(g_tsg_para.hit_path_switch==0) - { - return 0; - } - - char path_buff[1024*128]={0}; - int i=0, n_read=0, offset=0; - struct Maat_hit_path_t hit_path[1024]; - - n_read=Maat_get_scan_status(g_tsg_maat_feather, &(context->mid), MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path)); - for(i=0; ipudpdetail==NULL || a_stream->pudpdetail->pdata==NULL || a_stream->pudpdetail->datalen<12) - { - return 0; - } - - switch(a_stream->addr.addrtype) - { - case ADDR_TYPE_IPV4: - tpl4=a_stream->addr.tuple4_v4; - if((ntohs(tpl4->source)!=53) && (ntohs(tpl4->dest)!=53)) - { - return 0; - } - break; - case ADDR_TYPE_IPV6: - tpl6=a_stream->addr.tuple4_v6; - if((ntohs(tpl6->source)!=53) && (ntohs(tpl6->dest)!=53)) - { - return 0; - } - break; - default: - return 0; - break; - } - - struct _dns_hdr *dns_hdr=(struct _dns_hdr *)(a_stream->pudpdetail->pdata); - if(dns_hdr->qdcount==1 && dns_hdr->z==0) - { - return 1; - } - - return 0; -} - -int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data) -{ - if(a_stream==NULL || project_id<0) - { - return 0; - } - - int ret=project_req_add_struct((struct streaminfo *)a_stream, project_id, data); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT", - "Add project failed, project_id: %d addr: %s", - project_id, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return 0; - } - - return 1; -} - -const void *get_struct_project(const struct streaminfo *a_stream, int project_id) -{ - if(a_stream==NULL || project_id<0) - { - return NULL; - } - - return project_req_get_struct(a_stream, project_id); -} -static int get_table_id(tsg_protocol_t protocol) -{ - switch(protocol) - { - case PROTO_HTTP: - return g_tsg_para.table_id[TABLE_HTTP_HOST]; - case PROTO_SSL: - return g_tsg_para.table_id[TABLE_SSL_SNI]; - case PROTO_QUIC: - return g_tsg_para.table_id[TABLE_QUIC_SNI]; - default: - break; - } - - return -1; -} - -static int get_raw_packet_len(const struct streaminfo *a_stream) -{ - int raw_packet_len=0; - - if(a_stream->type==STREAM_TYPE_TCP) - { - if(a_stream->ptcpdetail==NULL || a_stream->ptcpdetail->pdata==NULL || a_stream->ptcpdetail->datalen<=0) - { - return 0; - } - } - - int ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_TOT_LEN, &raw_packet_len); - if(ret<0) - { - return 0; - } - - return raw_packet_len; -} - -static int get_default_policy(int compile_id, struct Maat_rule_t *result) -{ - struct Maat_rule_t p_result={0}; - struct compile_user_region *user_region=NULL; - - p_result.config_id=compile_id; - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); - if(user_region!=NULL) - { - if(user_region->result!=NULL) - { - memcpy(result, user_region->result, sizeof(struct Maat_rule_t)); - if(result->action==TSG_ACTION_BYPASS) - { - result->action=TSG_ACTION_NONE; - } - } - - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); - return 1; - } - - return 0; -} - - -static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct master_context *context, int thread_seq) -{ - tsg_log_t log_msg; - char quic_version[64]={0}; - char *domain_field_name=NULL; - char *schema_field_name=NULL; - char *quic_ua_field_name=NULL; - char *quic_version_field_name=NULL; - struct TLD_handle_t *TLD_handle=NULL; - tsg_protocol_t proto=PROTO_UNKONWN; - struct tsg_conn_sketch_notify_data *notify=NULL; - if(context!=NULL) - { - proto=context->proto; - } - - log_msg.a_stream=(struct streaminfo *)a_stream; - log_msg.result=p_result; - log_msg.result_num=result_num; - - if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0) - { - notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]); - if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL) - { - TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); - if (TLD_handle!=NULL) - { - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); - return 1; - } - } - } - - TLD_handle=TLD_create(thread_seq); - schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); - - if(proto>PROTO_UNKONWN && protodomain!=NULL) - { - switch(proto) - { - case PROTO_HTTP: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - break; - case PROTO_SSL: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - break; - case PROTO_QUIC: - domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI); - TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); - break; - default: - break; - } - } - - if(context->quic_version>0) - { - if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version))) - { - quic_version_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_VERSION); - TLD_append(TLD_handle, quic_version_field_name, (void *)quic_version, TLD_TYPE_STRING); - } - - if(context->quic_ua!=NULL) - { - quic_ua_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_USER_AGENT); - TLD_append(TLD_handle, quic_ua_field_name, (void *)context->quic_ua, TLD_TYPE_STRING); - } - } - } - else - { - TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING); - } - - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); - - if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID) - { - tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq); - } - - return 1; -} - - -static int tsg_proto_name2flag(char *proto_list, int *flag) -{ - int i=0; - char *s=NULL,*e=NULL; - - s=proto_list; - while(s) - { - e=index(s, ';'); - if(!e) - { - break; - } - - for(i=0; i< PROTO_MAX; i++) - { - if((memcmp(s, g_tsg_proto_name2id[i].name, e-s))==0) - { - *flag|=(1<domain!=NULL) - { - dictator_free(thread_seq, (void *)context->domain); - context->domain=NULL; - } - - if(context->quic_ua!=NULL) - { - dictator_free(thread_seq, (void *)context->quic_ua); - context->quic_ua=NULL; - } - - if(context->result!=NULL) - { - dictator_free(thread_seq, (void *)context->result); - context->result=NULL; - } - - if(context->mid!=NULL) - { - Maat_clean_status(&context->mid); - context->mid=NULL; - } - - dictator_free(thread_seq, (void *)context); - context=NULL; - } - - project_req_value=NULL; - - return ; -} - -static void free_tcpall_label(int thread_seq, void *project_req_value) -{ - if(project_req_value!=NULL) - { - struct tcpall_context *context=(struct tcpall_context *)project_req_value; - if(context->para!=NULL) - { - switch(context->method_type) - { - case TSG_METHOD_TYPE_RATE_LIMIT: - destroy_bucket(&(context->bucket), thread_seq); - break; - default: - break; - } - } - - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } - - return ; -} - -static void free_policy_label(int thread_seq, void *project_req_value) -{ - if(project_req_value!=NULL) - { - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - -void free_gather_app_result(int thread_seq, void *project_req_value) -{ - if(project_req_value!=NULL) - { - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - -static void copy_monitor_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int result_num, int thread_seq) -{ - int i=0; - - if(context->result==NULL) - { - context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)*MAX_RESULT_NUM); - - for(i=0; ihit_cntresult+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t)); - context->hit_cnt+=1; - } - } - else - { - if(context->result[0].action==TSG_ACTION_MONITOR) - { - for(i=0; ihit_cntresult+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t)); - context->hit_cnt+=1; - } - } - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "MONITOR", - "Hit monitor policy, policy_id: %d service: %d action: %d addr: %s", - p_result[0].config_id, - p_result[0].service_id, - (unsigned char)p_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - -} - -static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq) -{ - int ret=0; - struct policy_priority_label *priority_label=NULL; - - priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); - if(priority_label==NULL) - { - priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); - } - else - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "DUP_HIT_POLICY", - "Hit policy, domain: %s policy_id: %d action: %d addr: %s", - (domain!=NULL ? domain : ""), - p_result->config_id, - (unsigned char)p_result->action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - } - - memset(priority_label, 0, sizeof(struct policy_priority_label)); - - priority_label->proto=proto; - if(domain!=NULL) - { - priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(domain)); - memcpy(priority_label->domain, domain, priority_label->domain_len); - } - - priority_label->result_num=1; - priority_label->result_type=result_type; - memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); - - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); - if(ret<0) - { - free_policy_label(thread_seq, (void *)priority_label); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT_ADD", - "Add policy_priority_label failed, policy, domain: %s policy_id: %d action: %d addr: %s", - (domain!=NULL ? domain : ""), - priority_label->result[0].config_id, - (unsigned char)priority_label->result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "COPY_RESULT", - "Hit policy, domain: %s policy_id: %d action: %d addr: %s", - (domain!=NULL ? domain : ""), - priority_label->result[0].config_id, - (unsigned char)priority_label->result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ; -} - -static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq) -{ - if(context->result==NULL) - { - context->hit_cnt=1; - context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)); - - memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); - } - else - { - if(context->result[0].action==TSG_ACTION_BYPASS) - { - if(p_result->config_id>context->result[0].config_id) - { - context->hit_cnt=1; - memcpy(&(context->result[0]), p_result, sizeof(struct Maat_rule_t)); - } - } - else // hit monitor - { - context->hit_cnt=1; - memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); - } - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "ALLOW", - "Hit allow policy, policy_id: %d service: %d action: %d addr: %s", - p_result[0].config_id, - p_result[0].service_id, - (unsigned char)p_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ; -} - -static int l7_protocol_mapper(const char *filename) -{ - int ret=0; - FILE *fp=NULL; - char line[1024]={0}; - char type_name[32]={0}; - struct l7_protocol *protocol=NULL; - - fp=fopen(filename, "r"); - if(fp==NULL) - { - printf("Open %s failed ...", filename); - return -1; - } - - memset(line, 0, sizeof(line)); - - while((fgets(line, sizeof(line), fp))!=NULL) - { - if(line[0]=='#' || line[0]=='\n' || line[0]=='\r' ||line[0]=='\0') - { - continue; - } - - protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol)); - ret=sscanf(line, "%s %s %d", type_name, protocol->name, &protocol->id); - assert(ret==3); - - HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol); - HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol); - - memset(line, 0, sizeof(line)); - } - - fclose(fp); - fp=NULL; - - return 1; -} - -char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id) -{ - struct l7_protocol *l7_proto=NULL; - HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto); - if(l7_proto!=NULL) - { - return l7_proto->name; - } - - return NULL; -} - -unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) -{ - struct l7_protocol *l7_proto=NULL; - - HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto); - if(l7_proto!=NULL) - { - return l7_proto->id; - } - - return 0; -} - -static int set_l7_protocol_to_pme(struct master_context *context, unsigned int app_id) -{ - int i=0; - char *l7_protocol_name=NULL; - l7_protocol_name=tsg_l7_protocol_id2name(app_id); - if(l7_protocol_name!=NULL) - { - for(i=PROTO_HTTP; iproto=(tsg_protocol_t)g_tsg_proto_name2id[i].type; - return 1; - } - } - } - - context->proto=PROTO_APP; - - return 0; -} - -int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq) -{ - int ret=0; - scan_status_t mid=NULL; - Maat_rule_t tmp_result; - - if(domain!=NULL) - { - ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq); - if(mid!=NULL) - { - Maat_clean_status(&mid); - mid=NULL; - } - - if(ret>0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "EXCLUSION_SSL_SNI", - "Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s", - domain, - tmp_result.config_id, - tmp_result.service_id, - (unsigned char)tmp_result.action, - p_result->config_id, - p_result->service_id, - (unsigned char)p_result->action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return 1; - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "EXCLUSION_SSL_SNI", - "Not hit %s stream_dir: %d addr: %s scan ret: %d", - domain, - a_stream->dir, - PRINTADDR(a_stream, g_tsg_para.level), - ret - ); - } - - return 0; -} - -static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq) -{ - int scan_ret=0; - struct session_attribute_label *attribute_label=NULL; - - attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); - if(attribute_label!=NULL && domain!=NULL && table_id>=0) - { - attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq); - scan_ret=tsg_scan_fqdn_category_id(g_tsg_maat_feather, a_stream, result, result_num, mid, table_id, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num, thread_seq); - } - - return scan_ret; -} - -static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol_t protocol) -{ - struct gather_app_result *gather_result=NULL; - - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); - if(gather_result!=NULL) - { - return 0; - } - - gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); - memset(gather_result, 0, sizeof(struct gather_app_result)); - set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); - - int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); - if(app_id>0) - { - gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1; - gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id; - gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; - } - - return 0; -} - -void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) -{ - unsigned long long create_time=0; - unsigned long long current_time=0; - int ret=0,size=sizeof(create_time); - struct _ssl_ja3_info_t *ja3_info=NULL; - struct session_attribute_label *attribute_label=NULL; - - attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); - if(attribute_label==NULL) - { - attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label)); - memset(attribute_label, 0, sizeof(struct session_attribute_label)); - - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label); - if(ret<0) - { - dictator_free(thread_seq, (void *)attribute_label); - attribute_label=NULL; - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT_ADD", - "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s", - attribute_label->establish_latency_ms, - attribute_label->proto, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return ; - } - } - - switch(type) - { - case TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY: - ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size); - if(ret<0) - { - break; - } - - size=sizeof(current_time); - ret=sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, (void *)¤t_time, &size); - if(ret<0) - { - break; - } - - attribute_label->establish_latency_ms=current_time-create_time; - break; - case TSG_ATTRIBUTE_TYPE_PROTOCOL: - attribute_label->proto=(tsg_protocol_t)(*(int *)value); - break; - case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE: - attribute_label->http_action_file_size=(*(int *)value); - break; - case TSG_ATTRIBUTE_TYPE_JA3_HASH: - ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); - if(ja3_info!=NULL) - { - if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0) - { - attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1); - memset(attribute_label->ja3_fingerprint, 0, ja3_info->fp_len+1); - memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len); - } - } - break; - case TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO: - tsg_get_umts_user_info(a_stream, &(attribute_label->user_info)); - break; - case TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID: - tsg_get_subscribe_id(a_stream, &attribute_label->client_subscribe_id, &attribute_label->server_subscribe_id); - break; - case TSG_ATTRIBUTE_TYPE_ASN: - tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); - tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); - break; - case TSG_ATTRIBUTE_TYPE_LOCATION: - tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); - tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); - break; - case TSG_ATTRIBUTE_TYPE_CATEGORY_ID: - if(value_len<=0 || value_len>MAX_CATEGORY_ID_NUM) - { - break; - } - memcpy(attribute_label->fqdn_category_id, value, sizeof(unsigned int)*value_len); - attribute_label->fqdn_category_id_num=value_len; - break; - default: - break; - } - - return ; -} - -static int set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr) -{ - struct tcphdr *tcp=NULL; - - if(ip_hdr==NULL || a_tcp==NULL) - { - return 0; - } - - switch(a_tcp->addr.addrtype) - { - case ADDR_TYPE_IPV4: - tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP); - break; - case ADDR_TYPE_IPV6: - tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V6, ADDR_TYPE_TCP); - break; - default: - return 0; - break; - } - - if((tcp!=NULL) && !(tcp->syn)) - { - set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY, NULL, 0, a_tcp->threadnum); - return 1; - } - - return 0; -} - -int tsg_set_device_id_to_telegraf(char *device_sn) -{ - char buff[128]={0}; - FILE *fp=NULL; - - if(device_sn) - { - fp=fopen("/etc/default/telegraf", "wb"); - if(fp) - { - snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); - fwrite(buff, strlen(buff), 1, fp); - fclose(fp); - fp=NULL; - return 0; - } - } - - return -1; -} - -static void free_session_attribute_label(int thread_seq, void *project_req_value) -{ - struct session_attribute_label *label=(struct session_attribute_label *)project_req_value; - - if(label!=NULL) - { - if(label->client_asn!=NULL) - { - ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); - label->client_asn=NULL; - } - - if(label->server_asn!=NULL) - { - ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); - label->server_asn=NULL; - } - - if(label->client_location!=NULL) - { - location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); - label->client_location=NULL; - } - - if(label->server_location!=NULL) - { - location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); - label->server_location=NULL; - } - - if(label->client_subscribe_id!=NULL) - { - subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); - label->client_subscribe_id=NULL; - } - - if(label->server_subscribe_id!=NULL) - { - subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); - label->server_subscribe_id=NULL; - } - - if(label->ja3_fingerprint!=NULL) - { - dictator_free(thread_seq, (void *)label->ja3_fingerprint); - label->ja3_fingerprint=NULL; - } - - if(label->user_info!=NULL) - { - free_user_item(label->user_info->apn); - free_user_item(label->user_info->imsi); - free_user_item(label->user_info->imei); - free_user_item(label->user_info->msisdn); - - dictator_free(thread_seq, (void *)label->user_info); - label->user_info=NULL; - } - - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - -struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) -{ - int i=0; - Maat_rule_t *p_result=NULL; - - for(i=0; i(unsigned char)p_result->action) - { - p_result=&result[i]; - continue; - } - - if(result[i].action==p_result->action) - { - if(result[i].config_id>p_result->config_id) - { - p_result=&result[i]; - } - } - } - - return p_result; -} - -static int identify_application_protocol(const struct streaminfo *a_stream, struct master_context *context, void *a_packet) -{ - int ret=0, length=0; - - switch(a_stream->type) - { - case STREAM_TYPE_TCP: - if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host); - if(length>=0) - { - context->proto=PROTO_HTTP; - if(length>0 && host!=NULL) - { - context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1); - memset(context->domain, 0, length+1); - memcpy(context->domain, host, length); - } - return 1; - } - } - - if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status); - if(chello_status==CHELLO_PARSE_SUCCESS) - { - context->proto=PROTO_SSL; - if(chello->sni!=NULL) - { - length=strlen(chello->sni); - context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1); - memset(context->domain, 0, length+1); - memcpy(context->domain, chello->sni, length); - } - - context->is_esni=(int)chello->is_encrypt_sni; - - ssl_chello_free(chello); - return 1; - } - - ssl_chello_free(chello); - } - - if(g_tsg_para.proto_flag&(1<0) - { - context->proto=PROTO_FTP; - return 1; - } - } - - if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum); - if(ret>0) - { - switch(ret) - { - case SMTP_PROTOCOL: - context->proto=PROTO_SMTP; - return 1; - break; - case POP3_PROTOCOL: - context->proto=PROTO_POP3; - return 1; - break; - case IMAP_PROTOCOL: - context->proto=PROTO_IMAP; - return 1; - break; - default: - break; - } - } - } - - if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger); - if(ret > 0) - { - context->proto=PROTO_SSH; - return 1; - } - } - - break; - case STREAM_TYPE_UDP: - if(g_tsg_para.proto_flag&(1<proto=PROTO_DNS; - return 1; - } - } - - if(g_tsg_para.proto_flag&(1<quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len); - if(context->quic_version > 0) - { - context->proto=PROTO_QUIC; - if(sni_len>0) - { - context->domain=(char *)dictator_malloc(a_stream->threadnum, sni_len+1); - memcpy(context->domain, sni_buff, sni_len); - context->domain[sni_len]='\0'; - } - - if(ua_len>0) - { - context->quic_ua=(char *)dictator_malloc(a_stream->threadnum, ua_len+1); - memcpy(context->quic_ua, ua_buff, ua_len); - context->quic_ua[ua_len]='\0'; - } - return 1; - } - } - - if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &from, &from_len, &to, &to_len); - if(sip_ret==SIP_TRUE) - { - context->proto=PROTO_SIP; - } - - return 1; - } - break; - default: - break; - } - - if(context->protoproto>PROTO_MAX) - { - context->proto = PROTO_UNKONWN; - } - - return ret; -} - -int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq) -{ - int i=0,hit_num=0; - char *name=NULL; - char app_id_buff[32]={0}; - struct app_id_dict *dict=NULL; - - for(i=0; i< identify_result->app_id_num; i++) - { - snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]); - dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); - if(dict!=NULL) - { - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->risk, (char *)"risk", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->category, (char *)"category", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->technology, (char *)"technology", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq); - hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq); - - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq); - //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq); - - set_app_timeout(a_stream, dict, &(context->timeout)); - app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); - } - else - { - name=tsg_l7_protocol_id2name(identify_result->app_id[i]); - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq); - } - } - - return hit_num; -} - -static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet) -{ - Maat_rule_t *p_result=NULL; - unsigned char state=APP_STATE_GIVEME; - - p_result=tsg_policy_decision_criteria(result, hit_num); - if(p_result!=NULL) - { - print_hit_path(a_stream, context); - switch((unsigned char)p_result->action) - { - case TSG_ACTION_DENY: - state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet); - if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER)) - { - context->hit_cnt=0; - master_send_log(a_stream, p_result, 1, context, a_stream->threadnum); - copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "DENY", - "Hit deny policy, policy_id: %d service: %d action: %d addr: %s", - p_result->config_id, - p_result->service_id, - (unsigned char)p_result->action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - } - break; - case TSG_ACTION_MONITOR: - if(context->proto==PROTO_RTP) - { - break; - } - copy_monitor_result(a_stream, context, result, hit_num, a_stream->threadnum); - tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum); - break; - case TSG_ACTION_BYPASS: - copy_bypass_result(a_stream, context, p_result, a_stream->threadnum); - copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); - state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; - break; - case TSG_ACTION_INTERCEPT: - if(is_intercept_exclusion(a_stream, p_result, context->domain, a_stream->threadnum)) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1); - break; - } - - copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_KNI_RESULT, a_stream->threadnum); - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); - state=APP_STATE_DROPME|APP_STATE_KILL_OTHER; - break; - default: - break; - } - } - - return state; -} - -static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) -{ - int hit_num=0,app_id=-1; - int is_parent_ssl=0; - struct master_context *context=NULL; - struct gather_app_result *gather_result=NULL; - struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL; - struct app_identify_result *identify_result=(struct app_identify_result *)data; - - if(data==NULL) - { - return 0; - } - - context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); - if(context==NULL) - { - init_context((void **)(&context), a_stream->threadnum); - set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context); - } - - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); - if(gather_result==NULL) - { - gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); - memset(gather_result, 0, sizeof(struct gather_app_result)); - set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); - } - - switch(identify_result->origin) - { - case ORIGIN_DKPT: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1); - break; - case ORIGIN_QM_ENGINE: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1); - break; - case ORIGIN_USER_DEFINE: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1); - break; - case ORIGIN_BUILT_IN: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1); - break; - case ORIGIN_BASIC_PROTOCOL: - if(context->proto==PROTO_UNKONWN || context->proto==PROTO_APP) - { - set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]); - } - - app_id=identify_result->app_id[identify_result->app_id_num-1]; - if(app_id==(int)tsg_l7_protocol_name2id("SMTPS") || - app_id==(int)tsg_l7_protocol_name2id("IMAPS") || - app_id==(int)tsg_l7_protocol_name2id("POP3S") || - app_id==(int)tsg_l7_protocol_name2id("FTPS") || - app_id==(int)tsg_l7_protocol_name2id("HTTPS") - ) - { - is_parent_ssl=1; - } - break; - default: - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level)); - return 0; - } - - memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result)); - - if(context->mid==NULL) - { - return 0; - } - - record_time_start(&(context->last_scan_time)); - hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum); - p_result=tsg_policy_decision_criteria(scan_result, hit_num); - if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1)) - { - return 0; - } - - master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL); - - return 0; -} - - -static int deal_pending_state(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int result_num, void *a_packet) -{ - int i=0,table_id=0; - int ret=0,hit_num=0; - unsigned int protocol_id=0; - struct gather_app_result *identify_result=NULL; - - ret=identify_application_protocol(a_stream, context, a_packet); - if(ret==1) - { - set_l7_protocol_label(a_stream, context->proto); - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum); - - if(context->proto==PROTO_SSL) - { - set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, 0, a_stream->threadnum); - } - - table_id=get_table_id(context->proto); - hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum); - hit_num+=scan_fqdn_category_id(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum); - if(context->is_esni) - { - protocol_id=tsg_l7_protocol_name2id("ESNI"); - hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, (char *)"ESNI", protocol_id, a_stream->threadnum); - } - } - - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, result+hit_num, MAX_RESULT_NUM-hit_num); - if(ret>0) - { - hit_num+=ret; - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); - } - - identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); - for(i=0; iresult[i]), a_stream->threadnum); - } - - - if((is_only_monitor(result, hit_num)) && context->proto!=PROTO_UNKONWN && context->proto!=PROTO_APP && context->proto!=PROTO_SSH) // business deal action of monitor - { - hit_num=0; - } - - return hit_num; -} - - -static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet) -{ - int i=0, ret=0, hit_num=0; - unsigned char state=APP_STATE_GIVEME; - Maat_rule_t scan_result[MAX_RESULT_NUM]; - Maat_rule_t *p_result=NULL; - struct gather_app_result *identify_result=NULL; - struct master_context *context=(struct master_context *)*pme; - - if(*pme==NULL) - { - context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); - if(context==NULL) - { - init_context(pme, thread_seq); - context=(struct master_context *)*pme; - set_struct_project(a_stream, g_tsg_para.context_project_id, *pme); - } - else - { - *pme=(void *)context; - } - record_time_start(&context->last_scan_time); - } - - switch(a_stream->opstate) - { - case OP_STATE_PENDING: - if(a_stream->type==STREAM_TYPE_TCP) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1); - } - else - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1); - } - - hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet); - p_result=tsg_policy_decision_criteria(scan_result, hit_num); - if(g_tsg_para.default_compile_switch==1 && p_result==NULL) - { - if(get_default_policy(g_tsg_para.default_compile_id, &scan_result[0])) - { - hit_num=1; - p_result=&scan_result[0]; - } - } - - state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); - break; - case OP_STATE_DATA: - //case OP_STATE_CLOSE: - if(is_hited_allow(context->result, context->hit_cnt)) - { - break; - } - - if(record_time_elapse_us(&context->last_scan_time) < (g_tsg_para.scan_time_interval*1000000)) - { - break; - } - - if(context->mid!=NULL) - { - Maat_clean_status(&context->mid); - context->mid=NULL; - } - - record_time_start(&context->last_scan_time); - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, scan_result+hit_num, MAX_RESULT_NUM-hit_num); - if(ret>0) - { - hit_num+=ret; - } - - identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); - for(i=0; iresult[i]), thread_seq); - } - - p_result=tsg_policy_decision_criteria(scan_result, hit_num); - if(p_result!=NULL && p_result->action!=TSG_ACTION_MONITOR) - { - state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); - } - break; - default: - break; - } - - if(context->is_ratelimit==1 && a_stream->type==STREAM_TYPE_TCP) - { - state=APP_STATE_KILL_OTHER|APP_STATE_DROPME; - } - - if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME) - { - if(context!=NULL && context->is_log==0 && context->hit_cnt>0 && context->result!=NULL) - { - context->is_log = 1; - master_send_log(a_stream, context->result, context->hit_cnt, context, thread_seq); - } - *pme = NULL; - } - - return state; -} - -static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet) -{ - int ret=0,hit_num=0; - int eth_rawpkt_len=0; - scan_status_t scan_mid=NULL; - struct Maat_rule_t *p_result=NULL; - unsigned char state=APP_STATE_GIVEME; - struct Maat_rule_t result[MAX_RESULT_NUM]={0}; - struct tcpall_context *context=(struct tcpall_context *)(*pme); - - switch(stream_state) - { - case OP_STATE_PENDING: - hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM); - if(hit_num>0) - { - p_result=tsg_policy_decision_criteria(result, hit_num); - switch(p_result->action) - { - case TSG_ACTION_DENY: - state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet); - master_send_log(a_stream, p_result, 1, NULL, thread_seq); - break; - case TSG_ACTION_MONITOR: - tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq); - break; - default: - break; - } - } - - Maat_clean_status(&scan_mid); - scan_mid=NULL; - break; - default: - break; - } - - if(context==NULL) - { - context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); - *pme=(void *)context; - } - - if(context!=NULL && context->para!=NULL) - { - switch(context->method_type) - { - case TSG_METHOD_TYPE_RATE_LIMIT: - eth_rawpkt_len=get_raw_packet_len(a_stream); - if(eth_rawpkt_len<=0) - { - break; - } - - ret=is_permit_pass(eth_rawpkt_len*8, context->bucket, thread_seq); - if(ret==0) - { - state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; - } - break; - case TSG_METHOD_TYPE_TAMPER: - if(a_stream->opstate != OP_STATE_PENDING){ - if(0 == send_tamper_xxx(a_stream, &context->tamper_count, a_packet)){ - state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; - } - } - break; - default: - break; - } - } - - return state; -} - -extern "C" unsigned char TSG_MASTER_TCP_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) -{ - return tsg_master_data_entry(a_tcp, pme, thread_seq, a_packet); -} - -struct udp_context -{ - struct master_context *data_entry; - struct tcpall_context *all_entry; -}; - -extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet) -{ - unsigned char state1=APP_STATE_GIVEME; - unsigned char state2=APP_STATE_GIVEME; - struct udp_context *context=(struct udp_context *)(*pme); - - if(*pme==NULL) - { - *pme=dictator_malloc(thread_seq, sizeof(struct udp_context)); - memset(*pme, 0, sizeof(struct udp_context)); - context=(struct udp_context *)(*pme); - } - - state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet); - if(context->all_entry==NULL || context->all_entry->method_type!=TSG_METHOD_TYPE_RATE_LIMIT) - { - state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet); - } - - if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE) - { - dictator_free(thread_seq, *pme); - *pme=NULL; - } - - return (state1|state2); -} - -extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq, const void *a_packet) -{ - if(*pme==NULL) - { - *pme=(void *)get_struct_project(a_tcp, g_tsg_para.tcpall_project_id); - if(*pme==NULL) - { - *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(*pme, 0, sizeof(struct tcpall_context)); - set_struct_project(a_tcp, g_tsg_para.tcpall_project_id, (void *)(*pme)); - } - } - - struct tcpall_context *_context=(struct tcpall_context *)(*pme); - - if(_context->set_latency_flag==0) - { - _context->set_latency_flag=set_tcp_establish_latency_ms(a_tcp, thread_seq, a_packet); - } - - return tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet); -} - -extern "C" int TSG_MASTER_INIT() -{ - int i=0,ret=0; - char buff[128]={0}; - int value=0,cycle=0; - int output_prometheus=0; - unsigned short fs_server_port=0; - char app_name[MAX_STRING_LEN]={0}; - char label_buff[MAX_STRING_LEN*4]={0}; - char fs_server_ip[MAX_IPV4_LEN]={0}; - char fs_output_path[MAX_STRING_LEN*4]={0}; - char device_sn_filename[MAX_STRING_LEN]={0}; - char identify_proto_name[MAX_STRING_LEN*4]={0}; - - memset(&g_tsg_para, 0, sizeof(g_tsg_para)); - - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "tsglog/tsg_master"); - - g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level); - if(g_tsg_para.logger==NULL) - { - printf("MESA_create_runtime_log_handle failed ...\n"); - return -1; - } - - srand(time(0)); - get_deploy_mode(); - - MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1); - MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535); - MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13); - MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14); - MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE); - MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1); - - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_SWITCH", &g_tsg_para.default_compile_switch, 0); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0); - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;"); - tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); - - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0); - MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120); - - ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0); - if(ret<0) - { - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL); - g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id); - } - else - { - g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128); - } - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json"); - ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn)); - if(ret==0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename); - } - - ret=tsg_set_device_id_to_telegraf(g_tsg_para.device_sn); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf"); - } - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); - g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); - if(g_tsg_para.priority_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); - return -1; - } - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL"); - g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); - if(g_tsg_para.session_attribute_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); - } - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR"); - - for(i=0; isession_attribute_project_id=g_tsg_para.session_attribute_project_id; - - MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); - MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); - MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); - MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); - MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); - MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1); - - g_tsg_para.fs2_handle=FS_create_handle(); - - value=1;//Rewrite - FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); - value=1;//Do not create stat thread - FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); - - FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); - FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); - - value=1; - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); - - if(fs_server_port > 0 && strlen(fs_server_ip) > 0) - { - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); - } - - value=FS_OUTPUT_INFLUX_LINE; - FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value)); - - for(i=0; ifs_status_ids[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_STATUS, FS_CALC_CURRENT, buff); - } - - FS_start(g_tsg_para.fs2_handle); - - for(i=0; ifs_status_ids[i], 0, FS_OP_SET, g_tsg_log_instance->send_log_percent[i]); - } - - ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ..."); - return -1; - } - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf"); - l7_protocol_mapper(buff); - - ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ..."); - return -1; - } - - return 0; -} - - - -extern "C" int TSG_MASTER_UNLOAD() -{ - Maat_burn_feather(g_tsg_maat_feather); - g_tsg_maat_feather=NULL; - - if(g_tsg_para.dynamic_maat_switch==1) - { - Maat_burn_feather(g_tsg_dynamic_maat_feather); - g_tsg_dynamic_maat_feather=NULL; - } - - return 0; -} - +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include "MESA/sip.h" +#include +#include +#include +#include + +#include "app_label.h" +#include "tsg_rule.h" +#include "tsg_entry.h" +#include "tsg_send_log.h" +#include "tsg_statistic.h" +#include "tsg_send_log_internal.h" +#include "tsg_ssl_utils.h" +#include "tsg_ssh_utils.h" +#include "tsg_protocol_common.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL +#define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v) + +/* VERSION TAG */ +#ifdef GIT_VERSION +GIT_VERSION_EXPEND(GIT_VERSION); +#else +static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; +#endif +#undef GIT_VERSION_CATTER +#undef GIT_VERSION_EXPEND + +#ifdef __cplusplus +} +#endif + +struct session_record_ctx +{ + struct TLD_handle_t *log; + tsg_protocol_t proto_type; +}; + +char TSG_MASTER_VERSION_20200805 = 0; +const char *tsg_conffile="tsgconf/main.conf"; +g_tsg_para_t g_tsg_para; + +id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, + {0, TSG_FS2_UDP_LINKS, "udp_links"}, + {0, TSG_FS2_BYPASS, "bypass"}, + {0, TSG_FS2_HIT_ADDR, "hit_addr"}, + {0, TSG_FS2_HIT_SHARE, "hit_share"}, + {0, TSG_FS2_INTERCEPT, "intercept"}, + {0, TSG_FS2_EXCLUSION, "exclusion"}, + {0, TSG_FS2_SUCCESS_LOG, "success_log"}, + {0, TSG_FS2_FAILED_LOG, "failed_log"}, + {0, TSG_FS2_DROP_LOG, "drop_log"}, + {0, TSG_FS2_ABORT_ALLOW, "abort_allow"}, + {0, TSG_FS2_ABORT_DENY, "abort_deny"}, + {0, TSG_FS2_ABORT_MONITOR, "abort_monitor"}, + {0, TSG_FS2_ABORT_INTERCEPT, "abort_intercept"}, + {0, TSG_FS2_ABORT_UNKNOWN, "abort_unknown"}, + {0, TSG_FS2_APP_DPKT_RESULT, "D_result"}, + {0, TSG_FS2_APP_Q_RESULT, "Q_result"}, + {0, TSG_FS2_APP_USER_RESULT, "U_result"}, + {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"}, + {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"}, + {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"}, + {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"}, + {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"}, + {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"}, + {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"}, + {0, TSG_FS2_DDOS_SUCCESS_LOG, "ddos_suc_log"}, + {0, TSG_FS2_DDOS_FAILED_LOG, "ddos_fai_log"}, + {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"}, + {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"}, + {0, TSG_FS2_CREATE_LOG_HANDLE, "create_log_cnt"}, + {0, TSG_FS2_DUP_LOG_HANDLE, "dup_log_cnt"}, + {0, TSG_FS2_APPEND_LOG_HANDLE, "append_log_cnt"}, + {0, TSG_FS2_FREE_LOG_HANDLE, "free_log_cnt"}, + {0, TSG_FS2_FREE_RAPID_SIZE, "free_rapid_size"}, + {0, TSG_FS2_FREE_RAPID_CAPACITY, "free_rapid_capacity"} + }; + +id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, + {PROTO_IPv4, 0, "IPV4"}, + {PROTO_IPv6, 0, "IPV6"}, + {PROTO_TCP, 0, "TCP"}, + {PROTO_UDP, 0, "UDP"}, + {PROTO_HTTP, 0, "HTTP"}, + {PROTO_MAIL, 0, "MAIL"}, + {PROTO_DNS, 0, "DNS"}, + {PROTO_FTP, 0, "FTP"}, + {PROTO_SSL, 0, "SSL"}, + {PROTO_SIP, 0, "SIP"}, + {PROTO_BGP, 0, "BGP"}, + {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, + {PROTO_QUIC, 0, "QUIC"}, + {PROTO_SSH, 0, "SSH"}, + {PROTO_SMTP, 0, "SMTP"}, + {PROTO_IMAP, 0, "IMAP"}, + {PROTO_POP3, 0, "POP3"}, + {PROTO_RTP, 0, "RTP"}, + {PROTO_APP, 0, "APP"}, + {PROTO_L2TP, 0, "L2TP"}, + {PROTO_PPTP, 0, "PPTP"} + }; + +#define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 + +static int init_context(void **pme, int thread_seq) +{ + *pme=dictator_malloc(thread_seq, sizeof(struct master_context)); + memset(*pme, 0, sizeof(struct master_context)); + + return 0; +} + +static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len) +{ + int ret=0,flags=0; + char buff[4096]={0}; + cJSON *object=NULL; + + FILE *fp=fopen(filename, "rb"); + if(fp) + { + ret=fread(buff, sizeof(buff), 1, fp); + if(ret<(int)sizeof(buff)) + { + object=cJSON_Parse(buff); + if(object) + { + cJSON *item=cJSON_GetObjectItem(object, "sn"); + if(item && item->valuestring!=NULL && device_sn_len>(int)strlen(item->valuestring)) + { + flags=1; + memcpy(device_sn, item->valuestring, strlen(item->valuestring)); + } + cJSON_Delete(object); + object=NULL; + } + } + + fclose(fp); + fp=NULL; + } + + return flags; +} + +static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict *dict, unsigned short *timeout) +{ + if(a_stream==NULL || dict==NULL) + { + return 0; + } + + switch(a_stream->type) + { + case STREAM_TYPE_TCP: + if((*timeout) >= dict->tcp_timeout) + { + return 0; + } + + *timeout=dict->tcp_timeout; + break; + case STREAM_TYPE_UDP: + if((*timeout) >= dict->udp_timeout) + { + return 0; + } + + *timeout=dict->udp_timeout; + break; + default: + return 0; + } + + int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short)); + if(ret<0) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1); + } + else + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1); + } + + return 1; +} + +static int get_device_id(char *command, int datacenter_id) +{ + FILE *fp=NULL; + char buffer[128]={0}; + + fp=popen(command, "r"); + if(fp) + { + fgets(buffer,sizeof(buffer),fp); + pclose(fp); + } + + return (datacenter_id<<7)+(atoi(buffer)%128); +} + +static int get_deploy_mode(void) +{ + char s_mode[128]={0}; + int len=sizeof(s_mode); + int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len); + if(ret>=0) + { + if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0) + { + g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR; + } + else if((memcmp(s_mode, "inline", strlen(s_mode)))==0) + { + g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE; + } + else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0) + { + g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT; + } + else + { + g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR; + } + } + + return 0; +} + +static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context) +{ + if(g_tsg_para.hit_path_switch==0) + { + return 0; + } + + char path_buff[1024*128]={0}; + int i=0, n_read=0, offset=0; + struct Maat_hit_path_t hit_path[1024]; + + n_read=Maat_get_scan_status(g_tsg_maat_feather, &(context->mid), MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path)); + for(i=0; ipudpdetail==NULL || a_stream->pudpdetail->pdata==NULL || a_stream->pudpdetail->datalen<12) + { + return 0; + } + + switch(a_stream->addr.addrtype) + { + case ADDR_TYPE_IPV4: + tpl4=a_stream->addr.tuple4_v4; + if((ntohs(tpl4->source)!=53) && (ntohs(tpl4->dest)!=53)) + { + return 0; + } + break; + case ADDR_TYPE_IPV6: + tpl6=a_stream->addr.tuple4_v6; + if((ntohs(tpl6->source)!=53) && (ntohs(tpl6->dest)!=53)) + { + return 0; + } + break; + default: + return 0; + break; + } + + struct _dns_hdr *dns_hdr=(struct _dns_hdr *)(a_stream->pudpdetail->pdata); + if(dns_hdr->qdcount==1 && dns_hdr->z==0) + { + return 1; + } + + return 0; +} + +int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data) +{ + if(a_stream==NULL || project_id<0) + { + return 0; + } + + int ret=project_req_add_struct((struct streaminfo *)a_stream, project_id, data); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_FATAL, + "PROJECT", + "Add project failed, project_id: %d addr: %s", + project_id, + PRINTADDR(a_stream, g_tsg_para.level) + ); + return 0; + } + + return 1; +} + +const void *get_struct_project(const struct streaminfo *a_stream, int project_id) +{ + if(a_stream==NULL || project_id<0) + { + return NULL; + } + + return project_req_get_struct(a_stream, project_id); +} +static int get_table_id(tsg_protocol_t protocol) +{ + switch(protocol) + { + case PROTO_HTTP: + return g_tsg_para.table_id[TABLE_HTTP_HOST]; + case PROTO_SSL: + return g_tsg_para.table_id[TABLE_SSL_SNI]; + case PROTO_QUIC: + return g_tsg_para.table_id[TABLE_QUIC_SNI]; + default: + break; + } + + return -1; +} + +static int get_raw_packet_len(const struct streaminfo *a_stream) +{ + int raw_packet_len=0; + + if(a_stream->type==STREAM_TYPE_TCP) + { + if(a_stream->ptcpdetail==NULL || a_stream->ptcpdetail->pdata==NULL || a_stream->ptcpdetail->datalen<=0) + { + return 0; + } + } + + int ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_TOT_LEN, &raw_packet_len); + if(ret<0) + { + return 0; + } + + return raw_packet_len; +} + +static int get_default_para(const struct streaminfo *a_stream, int compile_id) +{ + int after_n_packets=0; + struct Maat_rule_t p_result={0}; + struct compile_user_region *user_region=NULL; + + p_result.config_id=compile_id; + user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); + if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT) + { + if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY) + { + switch(a_stream->type) + { + case STREAM_TYPE_TCP: + after_n_packets=user_region->session_para->tcp.after_n_packets; + break; + case STREAM_TYPE_UDP: + after_n_packets=user_region->session_para->udp.after_n_packets; + break; + default: + break; + } + } + + security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + } + + return after_n_packets; +} + +static int get_default_policy(int compile_id, struct Maat_rule_t *result) +{ + struct Maat_rule_t p_result={0}; + struct compile_user_region *user_region=NULL; + + p_result.config_id=compile_id; + user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); + if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT) + { + if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY) + { + memcpy(result, &(user_region->session_para->result), sizeof(struct Maat_rule_t)); + } + + security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + return 1; + } + + return 0; +} + +static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets) +{ + if(after_n_packets<=0 || a_stream->pdetail==NULL) + { + return 0; + } + + switch(a_stream->type) + { + case STREAM_TYPE_TCP: + if((int)(a_stream->ptcpdetail->clientpktnum+a_stream->ptcpdetail->serverpktnum) >= after_n_packets) + { + return 1; + } + break; + case STREAM_TYPE_UDP: + if((int)(a_stream->pudpdetail->clientpktnum+a_stream->pudpdetail->serverpktnum) >= after_n_packets) + { + return 1; + } + break; + default: + break; + } + + return 0; +} + +static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct master_context *context, int thread_seq) +{ + tsg_log_t log_msg; + char quic_version[64]={0}; + char *domain_field_name=NULL; + char *schema_field_name=NULL; + char *quic_ua_field_name=NULL; + char *quic_version_field_name=NULL; + struct TLD_handle_t *TLD_handle=NULL; + tsg_protocol_t proto=PROTO_UNKONWN; + struct tsg_conn_sketch_notify_data *notify=NULL; + if(context!=NULL) + { + proto=context->proto; + } + + log_msg.a_stream=(struct streaminfo *)a_stream; + log_msg.result=p_result; + log_msg.result_num=result_num; + + if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0) + { + notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]); + if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL) + { + TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); + if (TLD_handle!=NULL) + { + tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); + return 1; + } + } + } + + TLD_handle=TLD_create(thread_seq); + schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); + + if(proto>PROTO_UNKONWN && protodomain!=NULL) + { + switch(proto) + { + case PROTO_HTTP: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST); + TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); + break; + case PROTO_SSL: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI); + TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); + break; + case PROTO_QUIC: + domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI); + TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING); + break; + default: + break; + } + } + + if(context->quic_version>0) + { + if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version))) + { + quic_version_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_VERSION); + TLD_append(TLD_handle, quic_version_field_name, (void *)quic_version, TLD_TYPE_STRING); + } + + if(context->quic_ua!=NULL) + { + quic_ua_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_USER_AGENT); + TLD_append(TLD_handle, quic_ua_field_name, (void *)context->quic_ua, TLD_TYPE_STRING); + } + } + } + else + { + TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING); + } + + tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); + + if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID) + { + tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq); + } + + return 1; +} + + +static int tsg_proto_name2flag(char *proto_list, int *flag) +{ + int i=0; + char *s=NULL,*e=NULL; + + s=proto_list; + while(s) + { + e=index(s, ';'); + if(!e) + { + break; + } + + for(i=0; i< PROTO_MAX; i++) + { + if((memcmp(s, g_tsg_proto_name2id[i].name, e-s))==0) + { + *flag|=(1<domain!=NULL) + { + dictator_free(thread_seq, (void *)context->domain); + context->domain=NULL; + } + + if(context->quic_ua!=NULL) + { + dictator_free(thread_seq, (void *)context->quic_ua); + context->quic_ua=NULL; + } + + if(context->result!=NULL) + { + dictator_free(thread_seq, (void *)context->result); + context->result=NULL; + } + + if(context->mid!=NULL) + { + Maat_clean_status(&context->mid); + context->mid=NULL; + } + + dictator_free(thread_seq, (void *)context); + context=NULL; + } + + project_req_value=NULL; + + return ; +} + +static void free_tcpall_label(int thread_seq, void *project_req_value) +{ + if(project_req_value!=NULL) + { + struct tcpall_context *context=(struct tcpall_context *)project_req_value; + if(context->para!=NULL) + { + switch(context->method_type) + { + case TSG_METHOD_TYPE_RATE_LIMIT: + destroy_bucket(&(context->bucket), thread_seq); + break; + default: + break; + } + } + + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; + } + + return ; +} + +static void free_policy_label(int thread_seq, void *project_req_value) +{ + if(project_req_value!=NULL) + { + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; + } +} + +void free_gather_app_result(int thread_seq, void *project_req_value) +{ + if(project_req_value!=NULL) + { + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; + } +} + +static void copy_monitor_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int result_num, int thread_seq) +{ + int i=0; + + if(context->result==NULL) + { + context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)*MAX_RESULT_NUM); + + for(i=0; ihit_cntresult+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t)); + context->hit_cnt+=1; + } + } + else + { + if(context->result[0].action==TSG_ACTION_MONITOR) + { + for(i=0; ihit_cntresult+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t)); + context->hit_cnt+=1; + } + } + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "MONITOR", + "Hit monitor policy, policy_id: %d service: %d action: %d addr: %s", + p_result[0].config_id, + p_result[0].service_id, + (unsigned char)p_result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + +} + +static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq) +{ + int ret=0; + struct policy_priority_label *priority_label=NULL; + + priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); + if(priority_label==NULL) + { + priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "DUP_HIT_POLICY", + "Hit policy, domain: %s policy_id: %d action: %d addr: %s", + (domain!=NULL ? domain : ""), + p_result->config_id, + (unsigned char)p_result->action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + } + + memset(priority_label, 0, sizeof(struct policy_priority_label)); + + priority_label->proto=proto; + if(domain!=NULL) + { + priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(domain)); + memcpy(priority_label->domain, domain, priority_label->domain_len); + } + + priority_label->result_num=1; + priority_label->result_type=result_type; + memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t)); + + ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); + if(ret<0) + { + free_policy_label(thread_seq, (void *)priority_label); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_FATAL, + "PROJECT_ADD", + "Add policy_priority_label failed, policy, domain: %s policy_id: %d action: %d addr: %s", + (domain!=NULL ? domain : ""), + priority_label->result[0].config_id, + (unsigned char)priority_label->result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "COPY_RESULT", + "Hit policy, domain: %s policy_id: %d action: %d addr: %s", + (domain!=NULL ? domain : ""), + priority_label->result[0].config_id, + (unsigned char)priority_label->result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return ; +} + +static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq) +{ + if(context->result==NULL) + { + context->hit_cnt=1; + context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)); + + memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); + } + else + { + if(context->result[0].action==TSG_ACTION_BYPASS) + { + if(p_result->config_id>context->result[0].config_id) + { + context->hit_cnt=1; + memcpy(&(context->result[0]), p_result, sizeof(struct Maat_rule_t)); + } + } + else // hit monitor + { + context->hit_cnt=1; + memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); + } + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "ALLOW", + "Hit allow policy, policy_id: %d service: %d action: %d addr: %s", + p_result[0].config_id, + p_result[0].service_id, + (unsigned char)p_result[0].action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return ; +} + +static int l7_protocol_mapper(const char *filename) +{ + int ret=0; + FILE *fp=NULL; + char line[1024]={0}; + char type_name[32]={0}; + struct l7_protocol *protocol=NULL; + + fp=fopen(filename, "r"); + if(fp==NULL) + { + printf("Open %s failed ...", filename); + return -1; + } + + memset(line, 0, sizeof(line)); + + while((fgets(line, sizeof(line), fp))!=NULL) + { + if(line[0]=='#' || line[0]=='\n' || line[0]=='\r' ||line[0]=='\0') + { + continue; + } + + protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol)); + ret=sscanf(line, "%s %s %d", type_name, protocol->name, &protocol->id); + assert(ret==3); + + HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol); + HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol); + + memset(line, 0, sizeof(line)); + } + + fclose(fp); + fp=NULL; + + return 1; +} + +char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id) +{ + struct l7_protocol *l7_proto=NULL; + HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto); + if(l7_proto!=NULL) + { + return l7_proto->name; + } + + return NULL; +} + +unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) +{ + struct l7_protocol *l7_proto=NULL; + + HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto); + if(l7_proto!=NULL) + { + return l7_proto->id; + } + + return 0; +} + +static int set_l7_protocol_to_pme(struct master_context *context, unsigned int app_id) +{ + int i=0; + char *l7_protocol_name=NULL; + l7_protocol_name=tsg_l7_protocol_id2name(app_id); + if(l7_protocol_name!=NULL) + { + for(i=PROTO_HTTP; iproto=(tsg_protocol_t)g_tsg_proto_name2id[i].type; + return 1; + } + } + } + + context->proto=PROTO_APP; + + return 0; +} + +int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq) +{ + int ret=0; + scan_status_t mid=NULL; + Maat_rule_t tmp_result; + + if(domain!=NULL) + { + ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq); + if(mid!=NULL) + { + Maat_clean_status(&mid); + mid=NULL; + } + + if(ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "EXCLUSION_SSL_SNI", + "Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s", + domain, + tmp_result.config_id, + tmp_result.service_id, + (unsigned char)tmp_result.action, + p_result->config_id, + p_result->service_id, + (unsigned char)p_result->action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + + return 1; + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "EXCLUSION_SSL_SNI", + "Not hit %s stream_dir: %d addr: %s scan ret: %d", + domain, + a_stream->dir, + PRINTADDR(a_stream, g_tsg_para.level), + ret + ); + } + + return 0; +} + +static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq) +{ + int scan_ret=0; + struct session_attribute_label *attribute_label=NULL; + + attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); + if(attribute_label!=NULL && domain!=NULL && table_id>=0) + { + attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq); + scan_ret=tsg_scan_fqdn_category_id(g_tsg_maat_feather, a_stream, result, result_num, mid, table_id, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num, thread_seq); + } + + return scan_ret; +} + +static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol_t protocol) +{ + struct gather_app_result *gather_result=NULL; + + gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + if(gather_result!=NULL) + { + return 0; + } + + gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); + memset(gather_result, 0, sizeof(struct gather_app_result)); + set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); + + int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); + if(app_id>0) + { + gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1; + gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id; + gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; + } + + return 0; +} + +void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) +{ + unsigned long long create_time=0; + unsigned long long current_time=0; + int ret=0,size=sizeof(create_time); + struct _ssl_ja3_info_t *ja3_info=NULL; + struct session_attribute_label *attribute_label=NULL; + + attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); + if(attribute_label==NULL) + { + attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label)); + memset(attribute_label, 0, sizeof(struct session_attribute_label)); + + ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label); + if(ret<0) + { + dictator_free(thread_seq, (void *)attribute_label); + attribute_label=NULL; + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_FATAL, + "PROJECT_ADD", + "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s", + attribute_label->establish_latency_ms, + attribute_label->proto, + PRINTADDR(a_stream, g_tsg_para.level) + ); + return ; + } + } + + switch(type) + { + case TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY: + ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size); + if(ret<0) + { + break; + } + + size=sizeof(current_time); + ret=sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, (void *)¤t_time, &size); + if(ret<0) + { + break; + } + + attribute_label->establish_latency_ms=current_time-create_time; + break; + case TSG_ATTRIBUTE_TYPE_PROTOCOL: + attribute_label->proto=(tsg_protocol_t)(*(int *)value); + break; + case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE: + attribute_label->http_action_file_size=(*(int *)value); + break; + case TSG_ATTRIBUTE_TYPE_JA3_HASH: + ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); + if(ja3_info!=NULL) + { + if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0) + { + attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1); + memset(attribute_label->ja3_fingerprint, 0, ja3_info->fp_len+1); + memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len); + } + } + break; + case TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO: + tsg_get_umts_user_info(a_stream, &(attribute_label->user_info)); + break; + case TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID: + tsg_get_subscribe_id(a_stream, &attribute_label->client_subscribe_id, &attribute_label->server_subscribe_id); + break; + case TSG_ATTRIBUTE_TYPE_ASN: + tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); + tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn)); + break; + case TSG_ATTRIBUTE_TYPE_LOCATION: + tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); + tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location)); + break; + case TSG_ATTRIBUTE_TYPE_CATEGORY_ID: + if(value_len<=0 || value_len>MAX_CATEGORY_ID_NUM) + { + break; + } + memcpy(attribute_label->fqdn_category_id, value, sizeof(unsigned int)*value_len); + attribute_label->fqdn_category_id_num=value_len; + break; + default: + break; + } + + return ; +} + +static int set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr) +{ + struct tcphdr *tcp=NULL; + + if(ip_hdr==NULL || a_tcp==NULL) + { + return 0; + } + + switch(a_tcp->addr.addrtype) + { + case ADDR_TYPE_IPV4: + tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP); + break; + case ADDR_TYPE_IPV6: + tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V6, ADDR_TYPE_TCP); + break; + default: + return 0; + break; + } + + if((tcp!=NULL) && !(tcp->syn)) + { + set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY, NULL, 0, a_tcp->threadnum); + return 1; + } + + return 0; +} + +int tsg_set_device_id_to_telegraf(char *device_sn) +{ + char buff[128]={0}; + FILE *fp=NULL; + + if(device_sn) + { + fp=fopen("/etc/default/telegraf", "wb"); + if(fp) + { + snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); + fwrite(buff, strlen(buff), 1, fp); + fclose(fp); + fp=NULL; + return 0; + } + } + + return -1; +} + +static void free_session_attribute_label(int thread_seq, void *project_req_value) +{ + struct session_attribute_label *label=(struct session_attribute_label *)project_req_value; + + if(label!=NULL) + { + if(label->client_asn!=NULL) + { + ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); + label->client_asn=NULL; + } + + if(label->server_asn!=NULL) + { + ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); + label->server_asn=NULL; + } + + if(label->client_location!=NULL) + { + location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); + label->client_location=NULL; + } + + if(label->server_location!=NULL) + { + location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); + label->server_location=NULL; + } + + if(label->client_subscribe_id!=NULL) + { + subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); + label->client_subscribe_id=NULL; + } + + if(label->server_subscribe_id!=NULL) + { + subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); + label->server_subscribe_id=NULL; + } + + if(label->ja3_fingerprint!=NULL) + { + dictator_free(thread_seq, (void *)label->ja3_fingerprint); + label->ja3_fingerprint=NULL; + } + + if(label->user_info!=NULL) + { + free_user_item(label->user_info->apn); + free_user_item(label->user_info->imsi); + free_user_item(label->user_info->imei); + free_user_item(label->user_info->msisdn); + + dictator_free(thread_seq, (void *)label->user_info); + label->user_info=NULL; + } + + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; + } +} + +struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num) +{ + int i=0; + Maat_rule_t *p_result=NULL; + + for(i=0; i(unsigned char)p_result->action) + { + p_result=&result[i]; + continue; + } + + if(result[i].action==p_result->action) + { + if(result[i].config_id>p_result->config_id) + { + p_result=&result[i]; + } + } + } + + return p_result; +} + +static int identify_application_protocol(const struct streaminfo *a_stream, struct master_context *context, void *a_packet) +{ + int ret=0, length=0; + + switch(a_stream->type) + { + case STREAM_TYPE_TCP: + if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host); + if(length>=0) + { + context->proto=PROTO_HTTP; + if(length>0 && host!=NULL) + { + context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1); + memset(context->domain, 0, length+1); + memcpy(context->domain, host, length); + } + return 1; + } + } + + if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status); + if(chello_status==CHELLO_PARSE_SUCCESS) + { + context->proto=PROTO_SSL; + if(chello->sni!=NULL) + { + length=strlen(chello->sni); + context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1); + memset(context->domain, 0, length+1); + memcpy(context->domain, chello->sni, length); + } + + context->is_esni=(int)chello->is_encrypt_sni; + + ssl_chello_free(chello); + return 1; + } + + ssl_chello_free(chello); + } + + if(g_tsg_para.proto_flag&(1<0) + { + context->proto=PROTO_FTP; + return 1; + } + } + + if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum); + if(ret>0) + { + switch(ret) + { + case SMTP_PROTOCOL: + context->proto=PROTO_SMTP; + return 1; + break; + case POP3_PROTOCOL: + context->proto=PROTO_POP3; + return 1; + break; + case IMAP_PROTOCOL: + context->proto=PROTO_IMAP; + return 1; + break; + default: + break; + } + } + } + + if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger); + if(ret > 0) + { + context->proto=PROTO_SSH; + return 1; + } + } + + break; + case STREAM_TYPE_UDP: + if(g_tsg_para.proto_flag&(1<proto=PROTO_DNS; + return 1; + } + } + + if(g_tsg_para.proto_flag&(1<quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len); + if(context->quic_version > 0) + { + context->proto=PROTO_QUIC; + if(sni_len>0) + { + context->domain=(char *)dictator_malloc(a_stream->threadnum, sni_len+1); + memcpy(context->domain, sni_buff, sni_len); + context->domain[sni_len]='\0'; + } + + if(ua_len>0) + { + context->quic_ua=(char *)dictator_malloc(a_stream->threadnum, ua_len+1); + memcpy(context->quic_ua, ua_buff, ua_len); + context->quic_ua[ua_len]='\0'; + } + return 1; + } + } + + if(g_tsg_para.proto_flag&(1<ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &from, &from_len, &to, &to_len); + if(sip_ret==SIP_TRUE) + { + context->proto=PROTO_SIP; + } + + return 1; + } + break; + default: + break; + } + + if(context->protoproto>PROTO_MAX) + { + context->proto = PROTO_UNKONWN; + } + + return ret; +} + +int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq) +{ + int i=0,hit_num=0; + char *name=NULL; + char app_id_buff[32]={0}; + struct app_id_dict *dict=NULL; + + for(i=0; i< identify_result->app_id_num; i++) + { + snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]); + dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + if(dict!=NULL) + { + hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->risk, (char *)"risk", thread_seq); + hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->category, (char *)"category", thread_seq); + hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->technology, (char *)"technology", thread_seq); + hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq); + hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq); + + hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq); + //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq); + + set_app_timeout(a_stream, dict, &(context->timeout)); + app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + } + else + { + name=tsg_l7_protocol_id2name(identify_result->app_id[i]); + hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq); + } + } + + return hit_num; +} + +static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet) +{ + Maat_rule_t *p_result=NULL; + unsigned char state=APP_STATE_GIVEME; + struct tcpall_context *tmp_tcpall_context=NULL; + + p_result=tsg_policy_decision_criteria(result, hit_num); + if(p_result!=NULL) + { + print_hit_path(a_stream, context); + switch((unsigned char)p_result->action) + { + case TSG_ACTION_DENY: + state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet); + if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER)) + { + context->hit_cnt=0; + master_send_log(a_stream, p_result, 1, context, a_stream->threadnum); + copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "DENY", + "Hit deny policy, policy_id: %d service: %d action: %d addr: %s", + p_result->config_id, + p_result->service_id, + (unsigned char)p_result->action, + PRINTADDR(a_stream, g_tsg_para.level) + ); + } + break; + case TSG_ACTION_MONITOR: + if(context->proto==PROTO_RTP) + { + break; + } + copy_monitor_result(a_stream, context, result, hit_num, a_stream->threadnum); + tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum); + break; + case TSG_ACTION_BYPASS: + copy_bypass_result(a_stream, context, p_result, a_stream->threadnum); + copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); + state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; + + tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum); + break; + case TSG_ACTION_INTERCEPT: + if(is_intercept_exclusion(a_stream, p_result, context->domain, a_stream->threadnum)) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1); + break; + } + + copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_KNI_RESULT, a_stream->threadnum); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); + state=APP_STATE_DROPME|APP_STATE_KILL_OTHER; + + tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum); + break; + default: + break; + } + } + + return state; +} + +static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + int hit_num=0,app_id=-1; + int is_parent_ssl=0; + struct master_context *context=NULL; + struct gather_app_result *gather_result=NULL; + struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL; + struct app_identify_result *identify_result=(struct app_identify_result *)data; + + if(data==NULL) + { + return 0; + } + + context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); + if(context==NULL) + { + init_context((void **)(&context), a_stream->threadnum); + set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context); + } + + gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + if(gather_result==NULL) + { + gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); + memset(gather_result, 0, sizeof(struct gather_app_result)); + set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); + } + + switch(identify_result->origin) + { + case ORIGIN_DKPT: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1); + break; + case ORIGIN_QM_ENGINE: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1); + break; + case ORIGIN_USER_DEFINE: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1); + break; + case ORIGIN_BUILT_IN: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1); + break; + case ORIGIN_BASIC_PROTOCOL: + if(context->proto==PROTO_UNKONWN || context->proto==PROTO_APP) + { + set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]); + } + + app_id=identify_result->app_id[identify_result->app_id_num-1]; + if(app_id==(int)tsg_l7_protocol_name2id("SMTPS") || + app_id==(int)tsg_l7_protocol_name2id("IMAPS") || + app_id==(int)tsg_l7_protocol_name2id("POP3S") || + app_id==(int)tsg_l7_protocol_name2id("FTPS") || + app_id==(int)tsg_l7_protocol_name2id("HTTPS") + ) + { + is_parent_ssl=1; + } + break; + default: + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level)); + return 0; + } + + memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result)); + + if(context->mid==NULL) + { + return 0; + } + + record_time_start(&(context->last_scan_time)); + hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum); + p_result=tsg_policy_decision_criteria(scan_result, hit_num); + if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1)) + { + return 0; + } + + master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL); + + return 0; +} + + +static int deal_pending_state(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int result_num, void *a_packet) +{ + int i=0,table_id=0; + int ret=0,hit_num=0; + unsigned int protocol_id=0; + struct gather_app_result *identify_result=NULL; + + ret=identify_application_protocol(a_stream, context, a_packet); + if(ret==1) + { + set_l7_protocol_label(a_stream, context->proto); + set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum); + + if(context->proto==PROTO_SSL) + { + set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, 0, a_stream->threadnum); + } + + table_id=get_table_id(context->proto); + hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum); + hit_num+=scan_fqdn_category_id(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum); + if(context->is_esni) + { + protocol_id=tsg_l7_protocol_name2id("ESNI"); + hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, (char *)"ESNI", protocol_id, a_stream->threadnum); + } + } + + ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, result+hit_num, MAX_RESULT_NUM-hit_num); + if(ret>0) + { + hit_num+=ret; + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); + } + + identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + for(i=0; iresult[i]), a_stream->threadnum); + } + + + if((is_only_monitor(result, hit_num)) && context->proto!=PROTO_UNKONWN && context->proto!=PROTO_APP && context->proto!=PROTO_SSH) // business deal action of monitor + { + hit_num=0; + } + + return hit_num; +} + + +static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet) +{ + int i=0, ret=0, hit_num=0; + unsigned char state=APP_STATE_GIVEME; + Maat_rule_t scan_result[MAX_RESULT_NUM]; + Maat_rule_t *p_result=NULL; + struct gather_app_result *identify_result=NULL; + struct master_context *context=(struct master_context *)*pme; + + if(*pme==NULL) + { + context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); + if(context==NULL) + { + init_context(pme, thread_seq); + context=(struct master_context *)*pme; + set_struct_project(a_stream, g_tsg_para.context_project_id, *pme); + } + else + { + *pme=(void *)context; + } + record_time_start(&context->last_scan_time); + } + + switch(a_stream->opstate) + { + case OP_STATE_PENDING: + if(a_stream->type==STREAM_TYPE_TCP) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1); + } + else + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1); + } + + hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet); + p_result=tsg_policy_decision_criteria(scan_result, hit_num); + state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); + break; + case OP_STATE_DATA: + //case OP_STATE_CLOSE: + if(is_hited_allow(context->result, context->hit_cnt)) + { + break; + } + + if(record_time_elapse_us(&context->last_scan_time) < (g_tsg_para.scan_time_interval*1000000)) + { + break; + } + + if(context->mid!=NULL) + { + Maat_clean_status(&context->mid); + context->mid=NULL; + } + + record_time_start(&context->last_scan_time); + ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, scan_result+hit_num, MAX_RESULT_NUM-hit_num); + if(ret>0) + { + hit_num+=ret; + } + + identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + for(i=0; iresult[i]), thread_seq); + } + + p_result=tsg_policy_decision_criteria(scan_result, hit_num); + if(p_result!=NULL && p_result->action!=TSG_ACTION_MONITOR) + { + state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); + } + break; + default: + break; + } + + if(context->is_ratelimit==1 && a_stream->type==STREAM_TYPE_TCP) + { + state=APP_STATE_KILL_OTHER|APP_STATE_DROPME; + } + + if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME) + { + if(context!=NULL && context->is_log==0 && context->hit_cnt>0 && context->result!=NULL) + { + context->is_log = 1; + master_send_log(a_stream, context->result, context->hit_cnt, context, thread_seq); + } + *pme = NULL; + } + + return state; +} + +static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet) +{ + int ret=0,hit_num=0; + int eth_rawpkt_len=0; + scan_status_t scan_mid=NULL; + struct Maat_rule_t *p_result=NULL; + unsigned char state=APP_STATE_GIVEME; + struct Maat_rule_t result[MAX_RESULT_NUM]={0}; + struct tcpall_context *context=(struct tcpall_context *)(*pme); + + if(stream_state==OP_STATE_PENDING) + { + context->method_type=TSG_METHOD_TYPE_DEFAULT; + context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); + + hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM); + if(hit_num>0) + { + p_result=tsg_policy_decision_criteria(result, hit_num); + switch(p_result->action) + { + case TSG_ACTION_DENY: + state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet); + master_send_log(a_stream, p_result, 1, NULL, thread_seq); + break; + case TSG_ACTION_MONITOR: + tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq); + break; + default: + break; + } + } + + Maat_clean_status(&scan_mid); + scan_mid=NULL; + } + + switch(context->method_type) + { + case TSG_METHOD_TYPE_RATE_LIMIT: + eth_rawpkt_len=get_raw_packet_len(a_stream); + if(eth_rawpkt_len<=0) + { + break; + } + + ret=is_permit_pass(eth_rawpkt_len*8, context->bucket, thread_seq); + if(ret==0) + { + state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; + } + break; + case TSG_METHOD_TYPE_TAMPER: + if(0 == send_tamper_xxx(a_stream, &context->tamper_count, a_packet)){ + state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; + }else{ + state=APP_STATE_GIVEME; + } + context->tamper_count += 1; + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + __FUNCTION__, + "Addr: %s, send_tamper_xxx num %ld", + PRINTADDR(a_stream, g_tsg_para.level), + context->tamper_count); + break; + case TSG_METHOD_TYPE_DEFAULT: + if(!is_do_default_policy(a_stream, context->after_n_packets) || stream_state==OP_STATE_CLOSE) + { + break; + } + + if(get_default_policy(g_tsg_para.default_compile_id, &result[0])) + { + state=tsg_deal_deny_action(a_stream, &result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet); + master_send_log(a_stream, &result[0], 1, NULL, thread_seq); + } + break; + default: + break; + } + + return state; +} + +extern "C" unsigned char TSG_MASTER_TCP_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) +{ + return tsg_master_data_entry(a_tcp, pme, thread_seq, a_packet); +} + +struct udp_context +{ + struct master_context *data_entry; + struct tcpall_context *all_entry; +}; + +extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet) +{ + unsigned char state1=APP_STATE_GIVEME; + unsigned char state2=APP_STATE_GIVEME; + struct udp_context *context=(struct udp_context *)(*pme); + + if(*pme==NULL) + { + *pme=dictator_malloc(thread_seq, sizeof(struct udp_context)); + memset(*pme, 0, sizeof(struct udp_context)); + context=(struct udp_context *)(*pme); + + context->all_entry=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); + memset(context->all_entry, 0, sizeof(struct tcpall_context)); + } + + state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet); + if(context->all_entry==NULL || context->all_entry->method_type!=TSG_METHOD_TYPE_RATE_LIMIT) + { + state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet); + } + + if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE) + { + dictator_free(thread_seq, *pme); + *pme=NULL; + } + + return (state1|state2); +} + +extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq, const void *a_packet) +{ + if(*pme==NULL) + { + *pme=(void *)get_struct_project(a_tcp, g_tsg_para.tcpall_project_id); + if(*pme==NULL) + { + *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); + memset(*pme, 0, sizeof(struct tcpall_context)); + set_struct_project(a_tcp, g_tsg_para.tcpall_project_id, (void *)(*pme)); + } + } + + struct tcpall_context *_context=(struct tcpall_context *)(*pme); + + if(_context->set_latency_flag==0) + { + _context->set_latency_flag=set_tcp_establish_latency_ms(a_tcp, thread_seq, a_packet); + } + + return tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet); +} + +extern "C" int TSG_MASTER_INIT() +{ + int i=0,ret=0; + char buff[128]={0}; + int value=0,cycle=0; + int output_prometheus=0; + unsigned short fs_server_port=0; + char app_name[MAX_STRING_LEN]={0}; + char label_buff[MAX_STRING_LEN*4]={0}; + char fs_server_ip[MAX_IPV4_LEN]={0}; + char fs_output_path[MAX_STRING_LEN*4]={0}; + char device_sn_filename[MAX_STRING_LEN]={0}; + char identify_proto_name[MAX_STRING_LEN*4]={0}; + + memset(&g_tsg_para, 0, sizeof(g_tsg_para)); + + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "tsglog/tsg_master"); + + g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level); + if(g_tsg_para.logger==NULL) + { + printf("MESA_create_runtime_log_handle failed ...\n"); + return -1; + } + + srand(time(0)); + get_deploy_mode(); + + MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1); + MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535); + MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13); + MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14); + MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE); + MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1); + + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0); + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;"); + tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); + + MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0); + MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120); + + ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0); + if(ret<0) + { + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL); + g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id); + } + else + { + g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128); + } + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json"); + ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn)); + if(ret==0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename); + } + + ret=tsg_set_device_id_to_telegraf(g_tsg_para.device_sn); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf"); + } + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); + g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); + if(g_tsg_para.priority_project_id<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); + return -1; + } + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL"); + g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); + if(g_tsg_para.session_attribute_project_id<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); + } + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_BEHAVIOR_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR"); + + for(i=0; isession_attribute_project_id=g_tsg_para.session_attribute_project_id; + + MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); + MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); + MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); + MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); + MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); + MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1); + + g_tsg_para.fs2_handle=FS_create_handle(); + + value=1;//Rewrite + FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); + value=1;//Do not create stat thread + FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); + + FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); + FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); + FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); + + value=1; + FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); + + if(fs_server_port > 0 && strlen(fs_server_ip) > 0) + { + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); + } + + value=FS_OUTPUT_INFLUX_LINE; + FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value)); + + for(i=0; ifs_status_ids[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_STATUS, FS_CALC_CURRENT, buff); + } + + FS_start(g_tsg_para.fs2_handle); + + for(i=0; ifs_status_ids[i], 0, FS_OP_SET, g_tsg_log_instance->send_log_percent[i]); + } + + ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ..."); + return -1; + } + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf"); + l7_protocol_mapper(buff); + + ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ..."); + return -1; + } + + return 0; +} + + + +extern "C" int TSG_MASTER_UNLOAD() +{ + Maat_burn_feather(g_tsg_maat_feather); + g_tsg_maat_feather=NULL; + + if(g_tsg_para.dynamic_maat_switch==1) + { + Maat_burn_feather(g_tsg_dynamic_maat_feather); + g_tsg_dynamic_maat_feather=NULL; + } + + return 0; +} + diff --git a/src/tsg_entry.h b/src/tsg_entry.h index fe11495..c409682 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -207,12 +207,12 @@ struct master_context struct tcpall_context { int set_latency_flag; - int vlan_num; enum TSG_METHOD_TYPE method_type; union { struct leaky_bucket *bucket; - long tamper_count; + long tamper_count; + int after_n_packets; void *para; }; }; @@ -242,7 +242,6 @@ typedef struct tsg_para enum DEPLOY_MODE deploy_mode; int scan_time_interval; int hit_path_switch; - int default_compile_switch; int default_compile_id; int table_id[TABLE_MAX]; int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP @@ -376,7 +375,7 @@ void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* ar void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp); void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq); - +int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq); int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq); void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp); diff --git a/src/tsg_protocol_common.h b/src/tsg_protocol_common.h index fa4b740..c941ae2 100644 --- a/src/tsg_protocol_common.h +++ b/src/tsg_protocol_common.h @@ -21,6 +21,8 @@ enum TSG_DENY_TYPE TSG_DENY_TYPE_REDIRECT_URL, TSG_DENY_TYPE_REDIRECT_RECORD, TSG_DENY_TYPE_SEND_ICMP, + TSG_DENY_TYPE_DEFAULT_RST, + TSG_DENY_TYPE_DEFAULT_DROP, TSG_DENY_TYPE_MAX }; @@ -52,7 +54,6 @@ struct dns_answer_records struct dns_record_val record_val; }; - struct dns_profile_records { int ref_cnt; @@ -83,6 +84,7 @@ struct deny_user_region { int code; int records_num; + int after_n_packets; }; union { @@ -91,7 +93,7 @@ struct deny_user_region struct dns_user_region *records; int profile_id; int bps; - int send_icmp_unreachable_enable; + int send_icmp_enable; void *para; }; }; @@ -109,6 +111,13 @@ struct monitor_user_region int profile_id; }; +struct default_session_para +{ + struct Maat_rule_t result; //XJ default policy + struct deny_user_region tcp; + struct deny_user_region udp; +}; + struct compile_user_region { int ref_cnt; @@ -117,8 +126,8 @@ struct compile_user_region { struct deny_user_region *deny; struct monitor_user_region *mirror; - struct Maat_rule_t *result; //XJ default policy - void *user_region_para; + struct default_session_para *session_para; + void *user_region_para; }; struct packet_capture capture; }; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 8556035..6fe7eee 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -42,7 +42,8 @@ const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNK {TSG_METHOD_TYPE_ALERT, 5, (char *)"alert"}, {TSG_METHOD_TYPE_RATE_LIMIT, 10, (char *)"rate_limit"}, {TSG_METHOD_TYPE_MIRRORED, 8, (char *)"mirrored"}, - {TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"} + {TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"}, + {TSG_METHOD_TYPE_DEFAULT, 7, (char *)"default"} }; @@ -860,6 +861,67 @@ static struct dns_user_region *parse_dns_user_region(cJSON *resolution_array, in return records; } +static int parse_default_para(cJSON *deny_user_region_object, struct compile_user_region *user_region) +{ + cJSON *method_item=NULL; + cJSON *tcp_session_item=cJSON_GetObjectItem(deny_user_region_object, "tcp_session"); + cJSON *udp_session_item=cJSON_GetObjectItem(deny_user_region_object, "udp_session"); + if(tcp_session_item==NULL || udp_session_item==NULL) + { + return 0; + } + + user_region->method_type=TSG_METHOD_TYPE_DEFAULT; + user_region->session_para=(struct default_session_para *)calloc(1, sizeof(struct default_session_para)); + + method_item=cJSON_GetObjectItem(tcp_session_item, "method"); + if(method_item!=NULL) + { + int method_type=tsg_get_method_id(method_item->valuestring); + switch(method_type) + { + case TSG_METHOD_TYPE_RST: + case TSG_METHOD_TYPE_RESET: + user_region->session_para->tcp.type=TSG_DENY_TYPE_DEFAULT_RST; + get_integer_from_json(tcp_session_item, "after_n_packets", &(user_region->session_para->tcp.after_n_packets)); + break; + case TSG_METHOD_TYPE_DROP: + get_integer_from_json(tcp_session_item, "after_n_packets", &(user_region->session_para->tcp.after_n_packets)); + get_integer_from_json(tcp_session_item, "send_icmp_unreachable", &(user_region->session_para->tcp.send_icmp_enable)); + if(user_region->session_para->tcp.send_icmp_enable==1) + { + user_region->session_para->tcp.type=TSG_DENY_TYPE_SEND_ICMP; + } + else + { + user_region->session_para->tcp.type=TSG_DENY_TYPE_DEFAULT_DROP; + } + break; + default: + break; + } + + } + + method_item=cJSON_GetObjectItem(udp_session_item, "method"); + if(method_item!=NULL) + { + user_region->session_para->udp.type=TSG_DENY_TYPE_DEFAULT_DROP; + get_integer_from_json(udp_session_item, "after_n_packets", &(user_region->session_para->udp.after_n_packets)); + get_integer_from_json(udp_session_item, "send_icmp_unreachable", &(user_region->session_para->udp.send_icmp_enable)); + if(user_region->session_para->udp.send_icmp_enable==1) + { + user_region->session_para->udp.type=TSG_DENY_TYPE_SEND_ICMP; + } + else + { + user_region->session_para->udp.type=TSG_DENY_TYPE_DEFAULT_DROP; + } + } + + return 1; +} + static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region) { if(packet_capture_object==NULL || user_region==NULL) @@ -957,7 +1019,7 @@ static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_regio break; case TSG_METHOD_TYPE_DROP: user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region)); - ret=get_integer_from_json(deny_user_region_object, "send_icmp_unreachable", &(user_region->deny->send_icmp_unreachable_enable)); + ret=get_integer_from_json(deny_user_region_object, "send_icmp_unreachable", &(user_region->deny->send_icmp_enable)); if(ret==1) { user_region->deny->type=TSG_DENY_TYPE_SEND_ICMP; @@ -969,7 +1031,8 @@ static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_regio break; case TSG_METHOD_TYPE_TAMPER: break; - default: + default: + parse_default_para(deny_user_region_object, user_region); break; } @@ -1015,16 +1078,12 @@ void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* s } } - if(g_tsg_para.default_compile_switch==1 && g_tsg_para.default_compile_id==rule->config_id) + if(g_tsg_para.default_compile_id==rule->config_id && user_region!=NULL) { - if(user_region==NULL) + if(user_region->method_type==TSG_METHOD_TYPE_DEFAULT && user_region->session_para!=NULL) { - user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region)); - atomic_inc(&user_region->ref_cnt); + memcpy(&(user_region->session_para->result), rule, sizeof(struct Maat_rule_t)); } - - user_region->result=(struct Maat_rule_t *)calloc(1, sizeof(struct Maat_rule_t)); - memcpy(user_region->result, rule, sizeof(struct Maat_rule_t)); } *ad=(MAAT_RULE_EX_DATA)user_region; @@ -2697,6 +2756,29 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma return 1; } +int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq) +{ + struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + if(_context==NULL) + { + _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); + memset(_context, 0, sizeof(struct tcpall_context)); + set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + } + + switch(_context->method_type) + { + case TSG_METHOD_TYPE_DEFAULT: + case TSG_METHOD_TYPE_MIRRORED: + _context->method_type=method_type; + break; + default: + break; + } + + return 1; +} + int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq) { struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); @@ -2706,18 +2788,19 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co memset(_context, 0, sizeof(struct tcpall_context)); set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); } - else + + switch(_context->method_type) { - if(_context->method_type==TSG_METHOD_TYPE_RATE_LIMIT) - { + case TSG_METHOD_TYPE_RATE_LIMIT: return 1; - } - else - { + break; + case TSG_METHOD_TYPE_DEFAULT: + break; + default: return 0; - } + break; } - + _context->method_type=TSG_METHOD_TYPE_RATE_LIMIT; _context->bucket=bucket;