gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14928: 接收通知的ssl_intercept_info信息,填充到Proxy_intercept_event日志中发送; 接收SCE/SHAPER通知的日志信息

Browse Source
This commit is contained in:
杨玉波
2023-05-10 07:35:03 +00:00
committed by liuxueli
parent c5e959492d
commit ee0f57d6d3
15 changed files with 1666 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bin/tsg_log_field.conf
View File

@@ -125,3 +125,14 @@ STRING common_app_full_path 111
LONG common_flags 112 LONG common_flags 112
LONG common_shaping_rule_ids 113 LONG common_shaping_rule_ids 113
LONG common_flags_identify_info 114 LONG common_flags_identify_info 114
LONG ssl_pinningst 115
LONG ssl_cert_verify 116
LONG ssl_intercept_state 117
LONG ssl_server_side_latency 118
LONG ssl_client_side_latency 119
STRING ssl_server_side_version 120
STRING ssl_client_side_version 121
STRING ssl_error 122
STRING ssl_passthrough_reason 123
LONG sce_profile_ids 124
LONG shaping_profile_ids 125

3
inc/tsg_send_log.h
View File

@@ -28,7 +28,8 @@ enum LOG_TYPE
LOG_TYPE_INTERIM_SESSION_RECORD, LOG_TYPE_INTERIM_SESSION_RECORD,
LOG_TYPE_TRANSACTION_RECORD, LOG_TYPE_TRANSACTION_RECORD,
LOG_TYPE_GTPC_RECORD, LOG_TYPE_GTPC_RECORD,
LOG_TYPE_BGP_RECORD LOG_TYPE_BGP_RECORD,
LOG_TYPE_INTERCEPT_ENEVT
}; };
struct TLD_handle_t; struct TLD_handle_t;

105
src/tsg_bridge.cpp
View File

@@ -26,6 +26,66 @@ struct bridge_info
struct bridge_info g_tm_bridge_para[BRIDGE_TYPE_MAX]; struct bridge_info g_tm_bridge_para[BRIDGE_TYPE_MAX];
void session_sce_log_update_free(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if (data != NULL)
{
dictator_free(a_stream->threadnum, data);
data = NULL;
}
return;
}
void session_shaper_log_update_free(const struct streaminfo *a_stream, int bridge_id, void *data)
{
if (data != NULL)
{
dictator_free(a_stream->threadnum, data);
data = NULL;
}
return;
}
void session_proxy_log_update_free(const struct streaminfo *a_stream, int bridge_id, void *data)
{
struct proxy_log_update *proxy = (struct proxy_log_update *)data;
if (proxy != NULL)
{
if (proxy->ssl_downstream_version != NULL)
{
dictator_free(a_stream->threadnum, (void *)proxy->ssl_downstream_version);
proxy->ssl_downstream_version = NULL;
}
if (proxy->ssl_error != NULL)
{
dictator_free(a_stream->threadnum, (void *)proxy->ssl_error);
proxy->ssl_error = NULL;
}
if (proxy->ssl_passthrough_reason != NULL)
{
dictator_free(a_stream->threadnum, (void *)proxy->ssl_passthrough_reason);
proxy->ssl_passthrough_reason = NULL;
}
if (proxy->ssl_upstream_version != NULL)
{
dictator_free(a_stream->threadnum, (void *)proxy->ssl_upstream_version);
proxy->ssl_upstream_version = NULL;
}
dictator_free(a_stream->threadnum, (void *)proxy);
proxy = NULL;
}
data = NULL;
return;
}
void session_runtime_process_context_free(const struct streaminfo *a_stream, int bridge_id, void *data) void session_runtime_process_context_free(const struct streaminfo *a_stream, int bridge_id, void *data)
{ {
struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)data; struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)data;
@@ -935,6 +995,42 @@ void *session_lua_user_defined_attribute_get(const struct streaminfo *a_stream)
return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_LUA_RESULT].id); return session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_APP_LUA_RESULT].id);
} }
void *session_log_update_data_get(const struct streaminfo *a_stream, enum TSG_SERVICE service)
{
switch (service)
{
case TSG_SERVICE_INTERCEPT:
return stream_bridge_async_data_get(a_stream, g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_PROXY].id);
case TSG_SERVICE_CHAINING:
return stream_bridge_async_data_get(a_stream, g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SCE].id);
case TSG_SERVICE_SHAPING:
return stream_bridge_async_data_get(a_stream, g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SHAPER].id);
default:
return NULL;
}
}
int session_log_update_data_put(const struct streaminfo *a_stream, enum TSG_SERVICE service, void *data)
{
switch (service)
{
case TSG_SERVICE_INTERCEPT:
return stream_bridge_async_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_PROXY].id, data);
case TSG_SERVICE_CHAINING:
return stream_bridge_async_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SCE].id, data);
case TSG_SERVICE_SHAPING:
return stream_bridge_async_data_put(a_stream, g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SHAPER].id, data);
default:
return 0;
}
}
int tsg_bridge_init(const char *conffile) int tsg_bridge_init(const char *conffile)
{ {
MESA_load_profile_string_def(conffile, "BRIDGE", "APP_IDENTIFY_RESULT_BRIDGE", g_tm_bridge_para[BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE"); MESA_load_profile_string_def(conffile, "BRIDGE", "APP_IDENTIFY_RESULT_BRIDGE", g_tm_bridge_para[BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE");
@@ -984,6 +1080,15 @@ int tsg_bridge_init(const char *conffile)
MESA_load_profile_string_def(conffile, "BRIDGE", "SEGMENT_IDS_BRIDGE_NAME",g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].name, MAX_BRIDGE_NAME_LEN, "SEGMENT_IDS"); MESA_load_profile_string_def(conffile, "BRIDGE", "SEGMENT_IDS_BRIDGE_NAME",g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].name, MAX_BRIDGE_NAME_LEN, "SEGMENT_IDS");
g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].free_cb=session_segment_id_free; g_tm_bridge_para[BRIDGE_TYPE_SEGMENT_IDS].free_cb=session_segment_id_free;
MESA_load_profile_string_def(conffile, "BRIDGE", "SCE_LOG_UPDATE_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SCE].name, MAX_BRIDGE_NAME_LEN, "SCE_LOG_UPDATE");
g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SCE].free_cb = session_sce_log_update_free;
MESA_load_profile_string_def(conffile, "BRIDGE", "SHAPER_LOG_UPDATE_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SHAPER].name, MAX_BRIDGE_NAME_LEN, "SHAPER_LOG_UPDATE");
g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_SHAPER].free_cb = session_shaper_log_update_free;
MESA_load_profile_string_def(conffile, "BRIDGE", "PROXY_LOG_UPDATE_BRIDGE_NAME", g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_PROXY].name, MAX_BRIDGE_NAME_LEN, "PROXY_LOG_UPDATE");
g_tm_bridge_para[BRIDGE_TYPE_LOG_UPDATE_PROXY].free_cb = session_proxy_log_update_free;
for(int i=0; i<BRIDGE_TYPE_MAX; i++) for(int i=0; i<BRIDGE_TYPE_MAX; i++)
{ {
g_tm_bridge_para[i].id=stream_bridge_build(g_tm_bridge_para[i].name, "w"); g_tm_bridge_para[i].id=stream_bridge_build(g_tm_bridge_para[i].name, "w");

30
src/tsg_bridge.h
View File

@@ -13,18 +13,18 @@
enum BRIDGE_TYPE enum BRIDGE_TYPE
{ {
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0, BRIDGE_TYPE_SEND_CONN_SKETCH_DATA = 0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA, BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT, BRIDGE_TYPE_SYNC_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_SYNC_SESSION_FLAGS, BRIDGE_TYPE_SYNC_SESSION_FLAGS,
BRIDGE_TYPE_SHAPING_RESULT, //sync and async BRIDGE_TYPE_SHAPING_RESULT, // sync and async
BRIDGE_TYPE_SESSION_PROCESS_CONTEXT, //async BRIDGE_TYPE_SESSION_PROCESS_CONTEXT, // async
BRIDGE_TYPE_SESSION_ACTION_CONTEXT, //async BRIDGE_TYPE_SESSION_ACTION_CONTEXT, // async
BRIDGE_TYPE_GATHER_APP_RESULT, //async BRIDGE_TYPE_GATHER_APP_RESULT, // async
BRIDGE_TYPE_SERVICE_CHAINING_RESULT, //async BRIDGE_TYPE_SERVICE_CHAINING_RESULT, // async
BRIDGE_TYPE_SECURITY_RESULT, //async BRIDGE_TYPE_SECURITY_RESULT, // async
BRIDGE_TYPE_SESSION_ATTRIBUTE, //async BRIDGE_TYPE_SESSION_ATTRIBUTE, // async
BRIDGE_TYPE_MAC_LINKINFO, //async BRIDGE_TYPE_MAC_LINKINFO, // async
BRIDGE_TYPE_NAT_C2S_LINKINFO, BRIDGE_TYPE_NAT_C2S_LINKINFO,
BRIDGE_TYPE_NAT_S2C_LINKINFO, BRIDGE_TYPE_NAT_S2C_LINKINFO,
BRIDGE_TYPE_APP_LUA_RESULT, BRIDGE_TYPE_APP_LUA_RESULT,
@@ -33,8 +33,12 @@ enum BRIDGE_TYPE
BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT, BRIDGE_TYPE_POLICY_ACTION_PARA_EXEC_RESULT,
BRIDGE_TYPE_ASYNC_SESSION_FLAGS, BRIDGE_TYPE_ASYNC_SESSION_FLAGS,
BRIDGE_TYPE_APP_SIGNATURE_RESULT, BRIDGE_TYPE_APP_SIGNATURE_RESULT,
BRIDGE_TYPE_INTERCEPT_RESULT, //sync and async BRIDGE_TYPE_INTERCEPT_RESULT, // sync and async
BRIDGE_TYPE_SEGMENT_IDS, //async service_chaining or shping SID BRIDGE_TYPE_SEGMENT_IDS, // async service_chaining or shping SID
BRIDGE_TYPE_LOG_UPDATE_SCE,
BRIDGE_TYPE_LOG_UPDATE_SHAPER,
BRIDGE_TYPE_LOG_UPDATE_PROXY,
BRIDGE_TYPE_MAX BRIDGE_TYPE_MAX
}; };
@@ -139,6 +143,10 @@ struct session_runtime_attribute
// init // init
int tsg_bridge_init(const char *conffile); int tsg_bridge_init(const char *conffile);
// tsg_parse_log_update
void *session_log_update_data_get(const struct streaminfo *a_stream, enum TSG_SERVICE service);
int session_log_update_data_put(const struct streaminfo *a_stream, enum TSG_SERVICE service, void *data);
//send log //send log
void *session_mac_linkinfo_get(const struct streaminfo * a_stream); void *session_mac_linkinfo_get(const struct streaminfo * a_stream);
void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream); void *session_conn_sketch_notify_data_get(const struct streaminfo * a_stream);

36
src/tsg_entry.cpp
View File

@@ -735,6 +735,30 @@ int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_
return 1; return 1;
} }
int session_state_control_packet(const struct streaminfo *a_stream, void *payload, unsigned int payload_len)
{
if(payload==NULL || payload_len==0)
{
return 0;
}
int is_ctrl_pkt=0;
const void *raw_pkt = get_rawpkt_from_streaminfo(a_stream);
int ret=get_opt_from_rawpkt(raw_pkt, RAW_PKT_GET_IS_CTRL_PKT, (void *)&is_ctrl_pkt);
if(ret<0 || is_ctrl_pkt==0)
{
return 0;
}
ret=tsg_parse_log_update_payload(a_stream, (const void *)payload, payload_len);
if(ret>=0)
{
return 1;
}
return 0;
}
int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream, unsigned char state) int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream, unsigned char state)
{ {
struct segment_id_list sid_list={0}; struct segment_id_list sid_list={0};
@@ -2060,6 +2084,12 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo
unsigned char state2=APP_STATE_GIVEME; unsigned char state2=APP_STATE_GIVEME;
struct udp_session_runtime_context *udp_srt_context=(struct udp_session_runtime_context *)(*pme); struct udp_session_runtime_context *udp_srt_context=(struct udp_session_runtime_context *)(*pme);
int is_ctrl_pkt=session_state_control_packet(a_udp, a_udp->pudpdetail->pdata, a_udp->pudpdetail->datalen);
if(is_ctrl_pkt==1)
{
return APP_STATE_DROPPKT;
}
if(*pme==NULL) if(*pme==NULL)
{ {
unsigned short tunnel_type=0; unsigned short tunnel_type=0;
@@ -2114,6 +2144,12 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp,
{ {
struct session_runtime_action_context *_context=(struct session_runtime_action_context *)(*pme); struct session_runtime_action_context *_context=(struct session_runtime_action_context *)(*pme);
int is_ctrl_pkt=session_state_control_packet(a_tcp, a_tcp->ptcpdetail->pdata, a_tcp->ptcpdetail->datalen);
if(is_ctrl_pkt==1)
{
return APP_STATE_DROPPKT;
}
if(*pme==NULL) if(*pme==NULL)
{ {
session_state_sync_in_opening_and_closing(a_tcp, a_tcp->pktstate); session_state_sync_in_opening_and_closing(a_tcp, a_tcp->pktstate);

6
src/tsg_proxy.cpp
View File

@@ -21,7 +21,7 @@ enum tsg_proxy_ipv6hdr_parse_error{
TSG_PROXY_IPV6HDR_INVALID_TYPE = -3, TSG_PROXY_IPV6HDR_INVALID_TYPE = -3,
}; };
int update_segment_sids(struct cmsg_int16_array *d_sids_array, unsigned short *s_sids, unsigned int n_s_sids) int update_segment_sids(struct tcp_sids *d_sids_array, unsigned short *s_sids, unsigned int n_s_sids)
{ {
for(unsigned int i=0; i<n_s_sids; i++) for(unsigned int i=0; i<n_s_sids; i++)
{ {
@@ -209,7 +209,7 @@ static int tsg_proxy_rawpkt_info_get(const void *raw_pkt, struct tsg_proxy_tcp_o
int ret; int ret;
struct segment_id_list *sids = NULL; struct segment_id_list *sids = NULL;
ret = get_rawpkt_opt_from_streaminfo(stream, RWA_PKT_GET_SID_LIST, &sids); ret = get_rawpkt_opt_from_streaminfo(stream, RAW_PKT_GET_SID_LIST, &sids);
if (ret != sizeof(struct segment_id_list)) { if (ret != sizeof(struct segment_id_list)) {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get sid list, stream treaceid = %llu, %s", tsg_get_stream_trace_id(stream), printaddr(&stream->addr, stream->threadnum)); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get sid list, stream treaceid = %llu, %s", tsg_get_stream_trace_id(stream), printaddr(&stream->addr, stream->threadnum));
return -1; return -1;
@@ -436,7 +436,7 @@ static void tsg_proxy_cmsg_fqdn_category_fill(struct session_runtime_attribute *
{ {
size_t n_category_ids = 0; size_t n_category_ids = 0;
uint32_t category_ids[8] = {0}; uint32_t category_ids[8] = {0};
struct cmsg_int32_array *fqdn_cat_ids = &cmsg->fqdn_cat_id_val; struct fqdn_cat_id_val *fqdn_cat_ids = &cmsg->fqdn_cat_ids;
n_category_ids = srt_attribute_get_category_ids(session_attr, category_ids, sizeof(category_ids)/sizeof(category_ids[0])); n_category_ids = srt_attribute_get_category_ids(session_attr, category_ids, sizeof(category_ids)/sizeof(category_ids[0]));
if (n_category_ids > 0 && n_category_ids <= 8) { if (n_category_ids > 0 && n_category_ids <= 8) {

110
src/tsg_send_log.cpp
View File

@@ -21,6 +21,7 @@
#include "tsg_entry.h" #include "tsg_entry.h"
#include "tsg_bridge.h" #include "tsg_bridge.h"
#include "tsg_send_log.h" #include "tsg_send_log.h"
#include "tsg_sync_state.h"
#include "tsg_rule_internal.h" #include "tsg_rule_internal.h"
#include "tsg_send_log_internal.h" #include "tsg_send_log_internal.h"
@@ -392,7 +393,7 @@ static int set_direction(struct tsg_log_instance_t *_instance, struct TLD_handle
static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) static int set_address_list(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{ {
unsigned short tunnel_type=0; unsigned short tunnel_type=0;
char nest_addr_buf[1024]; char nest_addr_buf[1024]={0};
int tunnel_type_size=sizeof(tunnel_type); int tunnel_type_size=sizeof(tunnel_type);
MESA_get_stream_opt(a_stream, MSO_STREAM_TUNNEL_TYPE, &tunnel_type, &tunnel_type_size); MESA_get_stream_opt(a_stream, MSO_STREAM_TUNNEL_TYPE, &tunnel_type, &tunnel_type_size);
@@ -1362,6 +1363,58 @@ int set_session_flags(struct tsg_log_instance_t *_instance, struct TLD_handle_t
return 0; return 0;
} }
int set_sce_profile_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct sce_log_update *sce = (struct sce_log_update *)session_log_update_data_get(a_stream, TSG_SERVICE_CHAINING);
if(sce==NULL)
{
return 0;
}
Value sce_profile_ids_array(kArrayType);
for(size_t i=0; i<sce->n_profile_ids; i++)
{
sce_profile_ids_array.PushBack((unsigned int)(sce->profile_ids[i]), _handle->document->GetAllocator());
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_SCE_PROFILE_IDS].name, (void *) &sce_profile_ids_array, TLD_TYPE_OBJECT);
return 0;
}
int set_shaping_profile_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct shaper_log_update *shaping = (struct shaper_log_update *)session_log_update_data_get(a_stream, TSG_SERVICE_SHAPING);
if(shaping==NULL)
{
return 0;
}
Value shaping_object(kObjectType);
Value shaping_array(kArrayType);
for(size_t i=0; i<shaping->n_shaper_rule; i++)
{
Value object(kObjectType);
object.AddMember("rule_id", (unsigned int)shaping->shaper_rules[i].rule_id, _handle->document->GetAllocator());
Value shaping_profile_ids_array(kArrayType);
for(size_t j=0; j<shaping->shaper_rules[i].n_profile_ids; j++)
{
shaping_profile_ids_array.PushBack((unsigned long)(shaping->shaper_rules[i].profile_ids[j]), _handle->document->GetAllocator());
}
add_object_member(_handle, &object, "profile_ids", shaping_profile_ids_array)
shaping_array.PushBack(object, _handle->document->GetAllocator());
}
TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_PROFILE_IDS].name, &shaping_array, TLD_TYPE_OBJECT);
//add_object_member(_handle, &shaping_object, _instance->id2field[LOG_COMMON_SHAPING_PROFILE_IDS].name, shaping_array);
return 0;
}
int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream) int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{ {
if(a_stream==NULL) if(a_stream==NULL)
@@ -1378,7 +1431,7 @@ int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle
Value shaping_rule_ids_array(kArrayType); Value shaping_rule_ids_array(kArrayType);
for(size_t i=0; i<hited_shaping->n_rules; i++) for(size_t i=0; i<hited_shaping->n_rules; i++)
{ {
shaping_rule_ids_array.PushBack((unsigned int)(hited_shaping->rules[i].rule_id), _handle->document->GetAllocator()); shaping_rule_ids_array.PushBack((unsigned long)(hited_shaping->rules[i].rule_id), _handle->document->GetAllocator());
} }
TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *) &shaping_rule_ids_array, TLD_TYPE_OBJECT); TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *) &shaping_rule_ids_array, TLD_TYPE_OBJECT);
@@ -1689,6 +1742,25 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand
return 0; return 0;
} }
int set_intercept_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream)
{
struct proxy_log_update *proxy = (struct proxy_log_update *)session_log_update_data_get(a_stream, TSG_SERVICE_INTERCEPT);
if(proxy!=NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_PINNING_STATE].name, (void *)(long)proxy->ssl_pinning_state, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_CERT_VERIFY].name, (void *)(long)proxy->ssl_cert_verify, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_INTERCEPT_STATE].name, (void *)(long)proxy->ssl_intercept_state, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_UPSTREAM_LATENCY].name, (void *)(long)proxy->ssl_upstream_latency, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_DOWNSTREAM_LATENCY].name, (void *)(long)proxy->ssl_downstream_latency, TLD_TYPE_LONG);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_UPSTREAM_VERSION].name, proxy->ssl_upstream_version, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_DOWNSTREAM_VERSION].name, proxy->ssl_downstream_version, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_ERROR].name, proxy->ssl_error, TLD_TYPE_STRING);
TLD_append(_handle, _instance->id2field[LOG_COMMON_SSL_PASSTHROUGHT_REASON].name, proxy->ssl_passthrough_reason, TLD_TYPE_STRING);
}
return 0;
}
int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream) int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream)
{ {
if(instance==NULL || handle==NULL || a_stream==NULL) if(instance==NULL || handle==NULL || a_stream==NULL)
@@ -2056,7 +2128,7 @@ int send_log_by_type(struct tsg_log_instance_t *_instance, struct TLD_handle_t *
return 0; return 0;
} }
int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_id) int send_event_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, LOG_TYPE log_type, struct maat_rule *rules, size_t n_rules, int thread_id)
{ {
int fs_id=0,repeat_cnt=0; int fs_id=0,repeat_cnt=0;
int policy_id[MAX_RESULT_NUM]={0}; int policy_id[MAX_RESULT_NUM]={0};
@@ -2118,7 +2190,7 @@ int send_security_event_log(struct tsg_log_instance_t *_instance, struct TLD_han
set_xxxx_from_user_region(_handle, _instance, &(rules[i]), thread_id); set_xxxx_from_user_region(_handle, _instance, &(rules[i]), thread_id);
send_log_by_type(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, thread_id); send_log_by_type(_instance, _handle, a_stream, log_type, thread_id);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);
TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
@@ -2166,24 +2238,32 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
set_application_behavior(_instance, _handle, a_stream); set_application_behavior(_instance, _handle, a_stream);
struct matched_policy_rules *matched_security_rules=NULL; struct matched_policy_rules *matched_rules=NULL;
switch(log_type) switch(log_type)
{ {
case LOG_TYPE_SECURITY_EVENT: case LOG_TYPE_SECURITY_EVENT:
send_security_event_log(_instance, _handle, a_stream, rules, n_rules, thread_id); send_event_log(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, rules, n_rules, thread_id);
break; break;
case LOG_TYPE_SESSION_RECORD: case LOG_TYPE_SESSION_RECORD:
case LOG_TYPE_TRANSACTION_RECORD: case LOG_TYPE_TRANSACTION_RECORD:
matched_security_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SECURITY); matched_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SECURITY);
if(matched_security_rules!=NULL && matched_security_rules->n_rules>0) if(matched_rules!=NULL && matched_rules->n_rules>0)
{ {
if(matched_security_rules->rules[0].action!=TSG_ACTION_INTERCEPT) send_event_log(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, matched_rules->rules, matched_rules->n_rules, thread_id);
{ session_matched_rules_free(a_stream, TSG_SERVICE_SECURITY, (void *)matched_rules);
send_security_event_log(_instance, _handle, a_stream, matched_security_rules->rules, matched_security_rules->n_rules, thread_id); session_matched_rules_async(a_stream, TSG_SERVICE_SECURITY, NULL);
session_matched_rules_free(a_stream, TSG_SERVICE_SECURITY, (void *)matched_security_rules); matched_rules=NULL;
session_matched_rules_async(a_stream, TSG_SERVICE_SECURITY, NULL); }
}
matched_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_INTERCEPT);
if(matched_rules!=NULL && matched_rules->n_rules>0)
{
set_intercept_info(instance, handle, a_stream);
send_event_log(_instance, _handle, a_stream, LOG_TYPE_INTERCEPT_ENEVT, matched_rules->rules, matched_rules->n_rules, thread_id);
session_matched_rules_free(a_stream, TSG_SERVICE_INTERCEPT, (void *)matched_rules);
session_matched_rules_async(a_stream, TSG_SERVICE_INTERCEPT, NULL);
matched_rules=NULL;
} }
// no break; // no break;
case LOG_TYPE_INTERIM_SESSION_RECORD: case LOG_TYPE_INTERIM_SESSION_RECORD:
@@ -2191,6 +2271,8 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
{ {
break; break;
} }
set_sce_profile_ids(_instance, _handle, a_stream);
set_shaping_profile_ids(_instance, _handle, a_stream);
set_shaping_rule_ids(_instance, _handle, a_stream); set_shaping_rule_ids(_instance, _handle, a_stream);
set_nat_linkinfo(_instance, _handle, a_stream); set_nat_linkinfo(_instance, _handle, a_stream);
send_log_by_type(_instance, _handle, a_stream, log_type, thread_id); send_log_by_type(_instance, _handle, a_stream, log_type, thread_id);

11
src/tsg_send_log_internal.h
View File

@@ -138,6 +138,17 @@ enum LOG_FIELD_ID
LOG_COMMON_FLAGS, LOG_COMMON_FLAGS,
LOG_COMMON_SHAPING_RULE_IDS, LOG_COMMON_SHAPING_RULE_IDS,
LOG_COMMON_FLAGS_IDENTIFY_INFO, LOG_COMMON_FLAGS_IDENTIFY_INFO,
LOG_COMMON_SSL_PINNING_STATE,
LOG_COMMON_SSL_CERT_VERIFY,
LOG_COMMON_SSL_INTERCEPT_STATE,
LOG_COMMON_SSL_UPSTREAM_LATENCY,
LOG_COMMON_SSL_DOWNSTREAM_LATENCY,
LOG_COMMON_SSL_UPSTREAM_VERSION,
LOG_COMMON_SSL_DOWNSTREAM_VERSION,
LOG_COMMON_SSL_ERROR,
LOG_COMMON_SSL_PASSTHROUGHT_REASON,
LOG_COMMON_SCE_PROFILE_IDS,
LOG_COMMON_SHAPING_PROFILE_IDS,
LOG_COMMON_MAX LOG_COMMON_MAX
}; };

371
src/tsg_sync_state.cpp
View File

@@ -11,7 +11,7 @@
char *mpack_data = NULL; char *mpack_data = NULL;
size_t mpack_size = 0; size_t mpack_size = 0;
static int tsg_mpack_init_map(const struct streaminfo *a_stream, mpack_writer_t *writer, const char *state) static int mpack_init_map(const struct streaminfo *a_stream, mpack_writer_t *writer, const char *state)
{ {
mpack_writer_init_growable(writer, &mpack_data, &mpack_size); mpack_writer_init_growable(writer, &mpack_data, &mpack_size);
mpack_build_map(writer); mpack_build_map(writer);
@@ -31,9 +31,9 @@ static int tsg_mpack_init_map(const struct streaminfo *a_stream, mpack_writer_t
return 0; return 0;
} }
static int tsg_mpack_send_pkt(const struct streaminfo *a_stream, mpack_writer_t *writer) static int mpack_send_pkt(const struct streaminfo *a_stream, mpack_writer_t *writer)
{ {
mpack_complete_map(writer); // tsg_mpack_init_map mpack_complete_map(writer); // mpack_init_map
if (mpack_writer_destroy(writer) != mpack_ok) if (mpack_writer_destroy(writer) != mpack_ok)
{ {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "MPACK_WRITER", "An error occurred encoding the data!"); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "MPACK_WRITER", "An error occurred encoding the data!");
@@ -58,18 +58,18 @@ int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char stat
mpack_writer_t writer; mpack_writer_t writer;
if (state == OP_STATE_PENDING) if (state == OP_STATE_PENDING)
{ {
tsg_mpack_init_map(a_stream, &writer, "opening"); mpack_init_map(a_stream, &writer, "opening");
} }
else if (state == OP_STATE_CLOSE) else if (state == OP_STATE_CLOSE)
{ {
tsg_mpack_init_map(a_stream, &writer, "closing"); mpack_init_map(a_stream, &writer, "closing");
} }
else else
{ {
return -1; return -1;
} }
return tsg_mpack_send_pkt(a_stream, &writer); return mpack_send_pkt(a_stream, &writer);
} }
int tsg_sync_resetall_state(const struct streaminfo *a_stream) int tsg_sync_resetall_state(const struct streaminfo *a_stream)
@@ -80,12 +80,12 @@ int tsg_sync_resetall_state(const struct streaminfo *a_stream)
} }
mpack_writer_t writer; mpack_writer_t writer;
tsg_mpack_init_map(a_stream, &writer, "resetall"); mpack_init_map(a_stream, &writer, "resetall");
return tsg_mpack_send_pkt(a_stream, &writer); return mpack_send_pkt(a_stream, &writer);
} }
static void tsg_mpack_append_str(mpack_writer_t *writer, char *str) static void mpack_append_string(mpack_writer_t *writer, char *str)
{ {
if (str) if (str)
{ {
@@ -99,64 +99,67 @@ static void tsg_mpack_append_str(mpack_writer_t *writer, char *str)
return; return;
} }
static void tsg_mpack_append_array_u32(mpack_writer_t *writer, struct cmsg_int32_array *array) static void mpack_append_fqdn_cat_ids(mpack_writer_t *writer, struct fqdn_cat_id_val *array)
{ {
if (array->num > 0) if (array->num > 0)
{ {
mpack_build_array(writer); int num = MIN(array->num, FQDN_CAT_ID_VALS);
for (size_t i = 0; i < array->num; i++) mpack_build_array(writer);
{ for (int i = 0; i < num; i++)
mpack_write_u32(writer, array->value[i]); {
} mpack_write_u32(writer, array->value[i]);
mpack_complete_array(writer); }
} mpack_complete_array(writer);
else }
{ else
mpack_write_nil(writer); {
} mpack_write_nil(writer);
}
return; return;
} }
static void tsg_mpack_append_array_u16(mpack_writer_t *writer, struct cmsg_int16_array *array) static void mpack_append_tcp_sids(mpack_writer_t *writer, struct tcp_sids *array)
{ {
if (array->num > 0) if (array->num > 0)
{ {
mpack_build_array(writer); int num = MIN(array->num, TCP_XXX_SIDS);
for (size_t i = 0; i < array->num; i++) mpack_build_array(writer);
{ for (int i = 0; i < num; i++)
mpack_write_u16(writer, array->value[i]); {
} mpack_write_u16(writer, array->value[i]);
mpack_complete_array(writer); }
} mpack_complete_array(writer);
else }
{ else
mpack_write_nil(writer); {
} mpack_write_nil(writer);
}
return; return;
} }
static void tsg_mpack_append_array_u8(mpack_writer_t *writer, struct cmsg_int8_array *array) static void mpack_append_route_ctx(mpack_writer_t *writer, struct tcp_route_ctx *array)
{ {
if (array->num > 0) if (array->num > 0)
{ {
mpack_build_array(writer); int num = MIN(array->num, TCP_XXX_ROUTE_CTX);
for (size_t i = 0; i < array->num; i++) mpack_build_array(writer);
{ for (int i = 0; i < num; i++)
mpack_write_u8(writer, array->value[i]); {
} mpack_write_u8(writer, array->value[i]);
mpack_complete_array(writer); }
} mpack_complete_array(writer);
else }
{ else
mpack_write_nil(writer); {
} mpack_write_nil(writer);
}
return; return;
} }
static void tsg_mpack_append_cmsg_value(mpack_writer_t *writer, struct proxy_cmsg *cmsg) static void mpack_append_cmsg_value(mpack_writer_t *writer, struct proxy_cmsg *cmsg)
{ {
if (cmsg == NULL) if (cmsg == NULL)
{ {
@@ -192,44 +195,44 @@ static void tsg_mpack_append_cmsg_value(mpack_writer_t *writer, struct proxy_cms
mpack_write_u32(writer, cmsg->tcp_ts_server_val); mpack_write_u32(writer, cmsg->tcp_ts_server_val);
mpack_write_u8(writer, cmsg->tcp_info_packet_cur_dir); mpack_write_u8(writer, cmsg->tcp_info_packet_cur_dir);
tsg_mpack_append_str(writer, cmsg->src_sub_id); mpack_append_string(writer, cmsg->src_sub_id);
tsg_mpack_append_str(writer, cmsg->dst_sub_id); mpack_append_string(writer, cmsg->dst_sub_id);
tsg_mpack_append_str(writer, cmsg->src_asn); mpack_append_string(writer, cmsg->src_asn);
tsg_mpack_append_str(writer, cmsg->dst_asn); mpack_append_string(writer, cmsg->dst_asn);
tsg_mpack_append_str(writer, cmsg->src_organization); mpack_append_string(writer, cmsg->src_organization);
tsg_mpack_append_str(writer, cmsg->dst_organization); mpack_append_string(writer, cmsg->dst_organization);
tsg_mpack_append_str(writer, cmsg->src_ip_location_country); mpack_append_string(writer, cmsg->src_ip_location_country);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_country); mpack_append_string(writer, cmsg->dst_ip_location_country);
tsg_mpack_append_str(writer, cmsg->src_ip_location_provine); mpack_append_string(writer, cmsg->src_ip_location_provine);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_provine); mpack_append_string(writer, cmsg->dst_ip_location_provine);
tsg_mpack_append_str(writer, cmsg->src_ip_location_city); mpack_append_string(writer, cmsg->src_ip_location_city);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_city); mpack_append_string(writer, cmsg->dst_ip_location_city);
tsg_mpack_append_str(writer, cmsg->src_ip_location_subdivision); mpack_append_string(writer, cmsg->src_ip_location_subdivision);
tsg_mpack_append_str(writer, cmsg->dst_ip_location_subdivision); mpack_append_string(writer, cmsg->dst_ip_location_subdivision);
tsg_mpack_append_str(writer, cmsg->ssl_client_ja3_fingerprint); mpack_append_string(writer, cmsg->ssl_client_ja3_fingerprint);
// fqdn_cat_id_val // fqdn_cat_id_val
tsg_mpack_append_array_u32(writer, &cmsg->fqdn_cat_id_val); mpack_append_fqdn_cat_ids(writer, &cmsg->fqdn_cat_ids);
// tcp_seq_sids // tcp_seq_sids
tsg_mpack_append_array_u16(writer, &cmsg->tcp_seq_sids); mpack_append_tcp_sids(writer, &cmsg->tcp_seq_sids);
// tcp_ack_sids // tcp_ack_sids
tsg_mpack_append_array_u16(writer, &cmsg->tcp_ack_sids); mpack_append_tcp_sids(writer, &cmsg->tcp_ack_sids);
// tcp_seq_route_ctx // tcp_seq_route_ctx
tsg_mpack_append_array_u8(writer, &cmsg->tcp_seq_route_ctx); mpack_append_route_ctx(writer, &cmsg->tcp_seq_route_ctx);
// tcp_ack_route_ctx // tcp_ack_route_ctx
tsg_mpack_append_array_u8(writer, &cmsg->tcp_ack_route_ctx); mpack_append_route_ctx(writer, &cmsg->tcp_ack_route_ctx);
mpack_complete_array(writer); // array mpack_complete_array(writer); // array
} }
return; return;
} }
static void tsg_mpack_append_update_policy(mpack_writer_t *writer, struct update_policy *policy_update, enum policy_type type) static void mpack_append_update_policy(mpack_writer_t *writer, struct update_policy *policy_update, enum policy_type type)
{ {
switch (type) switch (type)
{ {
@@ -250,8 +253,9 @@ static void tsg_mpack_append_update_policy(mpack_writer_t *writer, struct update
mpack_write_cstr(writer, "rule_ids"); mpack_write_cstr(writer, "rule_ids");
if (policy_update->n_ids > 0) if (policy_update->n_ids > 0)
{ {
int n_ids = MIN(policy_update->n_ids, UPDATE_POLICY_RULE_IDS);
mpack_build_array(writer); // rule_ids mpack_build_array(writer); // rule_ids
for (int i = 0; i < policy_update->n_ids; i++) for (int i = 0; i < n_ids; i++)
{ {
mpack_write_i64(writer, policy_update->ids[i]); mpack_write_i64(writer, policy_update->ids[i]);
} }
@@ -265,7 +269,7 @@ static void tsg_mpack_append_update_policy(mpack_writer_t *writer, struct update
if (type == POLICY_UPDATE_INTERCEPT) if (type == POLICY_UPDATE_INTERCEPT)
{ {
mpack_write_cstr(writer, "tcp_handshake"); mpack_write_cstr(writer, "tcp_handshake");
tsg_mpack_append_cmsg_value(writer, &policy_update->cmsg); mpack_append_cmsg_value(writer, &policy_update->cmsg);
} }
mpack_complete_map(writer); // update_policy_type mpack_complete_map(writer); // update_policy_type
@@ -281,7 +285,7 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli
mpack_writer_t writer; mpack_writer_t writer;
tsg_mpack_init_map((struct streaminfo *)a_stream, &writer, "active"); mpack_init_map((struct streaminfo *)a_stream, &writer, "active");
// method: policy_update // method: policy_update
mpack_write_cstr(&writer, "method"); mpack_write_cstr(&writer, "method");
@@ -292,11 +296,11 @@ int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_poli
mpack_build_map(&writer); mpack_build_map(&writer);
for (int i = 0; i < (int)n_policy_update; i++) for (int i = 0; i < (int)n_policy_update; i++)
{ {
tsg_mpack_append_update_policy(&writer, &policy_update[i], policy_update[i].type); mpack_append_update_policy(&writer, &policy_update[i], policy_update[i].type);
} }
mpack_complete_map(&writer); // params mpack_complete_map(&writer); // params
return tsg_mpack_send_pkt(a_stream, &writer); return mpack_send_pkt(a_stream, &writer);
} }
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state) int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state)
@@ -310,3 +314,206 @@ int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char stat
return 0; return 0;
} }
static char *mpack_parse_get_string(mpack_node_t node, char *p_str, int thread_seq)
{
if (p_str != NULL)
{
dictator_free(thread_seq, p_str);
p_str = NULL;
}
int str_len = 0;
const char *str = NULL;
char *result = NULL;
str = mpack_node_str(node);
str_len = mpack_node_strlen(node);
result = (char *)dictator_malloc(thread_seq, str_len + 1);
memset(result, 0, str_len + 1);
memcpy(result, str, str_len);
return result;
}
static void mpack_parse_intercept_info(mpack_node_t node, struct proxy_log_update *proxy, int thread_seq)
{
if (mpack_node_array_length(node) != (size_t)(SSL_INTERCEPT_MAX_INDEX))
{
return;
}
proxy->ssl_intercept_state = mpack_node_u8(mpack_node_array_at(node, SSL_INTERCEPT_STATE));
proxy->ssl_upstream_latency = mpack_node_u64(mpack_node_array_at(node, SSL_UPSTREAM_LATENCY));
proxy->ssl_downstream_latency = mpack_node_u64(mpack_node_array_at(node, SSL_DOWNSTREAM_LATENCY));
proxy->ssl_upstream_version = mpack_parse_get_string(mpack_node_array_at(node, SSL_UPSTREAM_VERSION), proxy->ssl_upstream_version, thread_seq);
proxy->ssl_downstream_version = mpack_parse_get_string(mpack_node_array_at(node, SSL_DOWNSTREAM_VERSION), proxy->ssl_downstream_version, thread_seq);
proxy->ssl_pinning_state = mpack_node_u8(mpack_node_array_at(node, SSL_PINNING_STATE));
proxy->ssl_cert_verify = mpack_node_u8(mpack_node_array_at(node, SSL_CERT_VERIFY));
proxy->ssl_error = mpack_parse_get_string(mpack_node_array_at(node, SSL_ERROR), proxy->ssl_error, thread_seq);
proxy->ssl_passthrough_reason = mpack_parse_get_string(mpack_node_array_at(node, SSL_PASSTHROUGH_REASON), proxy->ssl_passthrough_reason, thread_seq);
return;
}
static void mpack_parse_append_profile_id(mpack_node_t profile_ids_node, uint32_t *ids, size_t *n_id, size_t max)
{
*n_id = MIN(mpack_node_array_length(profile_ids_node), max);
for (int i = 0; i < (int)(*n_id); i++)
{
ids[i] = mpack_node_u32(mpack_node_array_at(profile_ids_node, i));
}
return;
}
int mpack_parse_sce_profile_ids(const struct streaminfo *a_stream, mpack_tree_t tree, mpack_node_t sce_node)
{
mpack_node_t sf_profile_ids = mpack_node_map_cstr(sce_node, "sf_profile_ids");
if (mpack_node_type(sf_profile_ids) != mpack_type_array)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "PARSE_SCE", "sf_profile_ids error! mpack_node_type(sf_profile_ids): %d", (int)mpack_node_type(sf_profile_ids));
mpack_tree_destroy(&tree);
return -1;
}
struct sce_log_update *sce_handle = (struct sce_log_update *)session_log_update_data_get(a_stream, TSG_SERVICE_CHAINING);
if (sce_handle == NULL)
{
sce_handle = (struct sce_log_update *)dictator_malloc(a_stream->threadnum, sizeof(struct sce_log_update));
memset(sce_handle, 0, sizeof(struct sce_log_update));
session_log_update_data_put(a_stream, TSG_SERVICE_CHAINING, (void *)sce_handle);
}
mpack_parse_append_profile_id(sf_profile_ids, sce_handle->profile_ids, &sce_handle->n_profile_ids, SCE_PROFILE_IDS);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PARSE_SCE", "n_profile_ids: %lu;", sce_handle->n_profile_ids);
mpack_tree_destroy(&tree);
return 0;
}
int mpack_parse_shaper_profile_ids(const struct streaminfo *a_stream, mpack_tree_t tree, mpack_node_t shaper_node)
{
struct shaper_log_update *shaper_handle = (struct shaper_log_update *)session_log_update_data_get(a_stream, TSG_SERVICE_SHAPING);
if (shaper_handle == NULL)
{
shaper_handle = (struct shaper_log_update *)dictator_malloc(a_stream->threadnum, sizeof(struct shaper_log_update));
memset(shaper_handle, 0, sizeof(struct shaper_log_update));
session_log_update_data_put(a_stream, TSG_SERVICE_SHAPING, (void *)shaper_handle);
}
shaper_handle->n_shaper_rule = MIN(mpack_node_array_length(shaper_node), SHAPR_RULE_IDS);
mpack_node_t sh_ids_node;
for (int i = 0; i < (int)shaper_handle->n_shaper_rule; i++)
{
sh_ids_node = mpack_node_array_at(shaper_node, i);
shaper_handle->shaper_rules[i].rule_id = mpack_node_i64(mpack_node_map_cstr(sh_ids_node, "rule_id"));
mpack_parse_append_profile_id(mpack_node_map_cstr(sh_ids_node, "profile_ids"), shaper_handle->shaper_rules[i].profile_ids, &shaper_handle->shaper_rules[i].n_profile_ids, SHAPR_PROFILE_IDS);
}
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PARSE_SHAPER", "n_sh_profile_ids: %lu;", shaper_handle->n_shaper_rule);
mpack_tree_destroy(&tree);
return 0;
}
int mpack_parse_proxy_intercept_info(const struct streaminfo *a_stream, mpack_tree_t tree, mpack_node_t proxy_node)
{
mpack_node_t ssl_intercept_info = mpack_node_map_str_optional(proxy_node, "ssl_intercept_info", 18);
if (mpack_node_type(ssl_intercept_info) != mpack_type_array)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "PARSE_PROXY", "ssl_intercept_info error! mpack_node_type(ssl_intercept_info): %d", (int)mpack_node_type(ssl_intercept_info));
mpack_tree_destroy(&tree);
return -1;
}
struct proxy_log_update *proxy_handle = (struct proxy_log_update *)session_log_update_data_get(a_stream, TSG_SERVICE_INTERCEPT);
if (proxy_handle == NULL)
{
proxy_handle = (struct proxy_log_update *)dictator_malloc(a_stream->threadnum, sizeof(struct proxy_log_update));
memset(proxy_handle, 0, sizeof(struct proxy_log_update));
session_log_update_data_put(a_stream, TSG_SERVICE_INTERCEPT, (void *)proxy_handle);
}
mpack_parse_intercept_info(ssl_intercept_info, proxy_handle, a_stream->threadnum);
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG,
"PARSE_PROXY",
"ssl_intercept_state: %u; ssl_upstream_latency: %llu; ssl_downstream_latency: %llu; ssl_upstream_version: %s; ssl_downstream_version: %s; ssl_pinning_state: %u; ssl_cert_verify: %u; ssl_error: %s; ssl_passthrough_reason: %s;",
proxy_handle->ssl_intercept_state,
proxy_handle->ssl_upstream_latency,
proxy_handle->ssl_downstream_latency,
proxy_handle->ssl_upstream_version,
proxy_handle->ssl_downstream_version,
proxy_handle->ssl_pinning_state,
proxy_handle->ssl_cert_verify,
proxy_handle->ssl_error,
proxy_handle->ssl_passthrough_reason);
mpack_tree_destroy(&tree);
return 0;
}
int tsg_parse_log_update_payload(const struct streaminfo *a_stream, const void *payload, unsigned int payload_len)
{
if (a_stream == NULL || payload == NULL || payload_len == 0)
{
return -1;
}
mpack_tree_t tree;
mpack_tree_init_data(&tree, (const char *)payload, payload_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t method = mpack_node_map_cstr(root, "method");
if (mpack_node_type(method) != mpack_type_str)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "PARSE_LOG_UPDATE", "method error! mpack_node_type(method) = %d", (int)mpack_node_type(method));
mpack_tree_destroy(&tree);
return -1;
}
if (mpack_node_strlen(method) != strlen("log_update") || memcmp("log_update", mpack_node_str(method), strlen("log_update")) != 0)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "PARSE_LOG_UPDATE", "method error! mpack_node_strlen(method) = %lu", mpack_node_strlen(method));
mpack_tree_destroy(&tree);
return -1;
}
uint64_t session_id = mpack_node_u64(mpack_node_map_cstr(root, "session_id"));
if (session_id != tsg_get_stream_trace_id(a_stream))
{
// if session_id = 0, it's could be mpack_node_type(root) = nil
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "PARSE_LOG_UPDATE", "session_id error! session_id: %llu, real session_id: %llu", session_id, tsg_get_stream_trace_id(a_stream));
mpack_tree_destroy(&tree);
return -1;
}
mpack_node_t params_node = mpack_node_map_cstr(root, "params");
if (mpack_node_type(params_node) == mpack_type_nil)
{
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "PARSE_LOG_UPDATE", "params_node error!");
mpack_tree_destroy(&tree);
return -1;
}
mpack_node_t temp_node = mpack_node_map_str_optional(params_node, "sce", 3);
if (mpack_node_type(temp_node) != mpack_type_nil && mpack_node_type(temp_node) != mpack_type_missing)
{
return mpack_parse_sce_profile_ids(a_stream, tree, temp_node);
}
temp_node = mpack_node_map_str_optional(params_node, "shaper", 6);
if (mpack_node_type(temp_node) != mpack_type_nil && mpack_node_type(temp_node) != mpack_type_missing)
{
return mpack_parse_shaper_profile_ids(a_stream, tree, temp_node);
}
temp_node = mpack_node_map_str_optional(params_node, "proxy", 5);
if (mpack_node_type(temp_node) != mpack_type_nil && mpack_node_type(temp_node) != mpack_type_missing)
{
return mpack_parse_proxy_intercept_info(a_stream, tree, temp_node);
}
return -1;
}

95
src/tsg_sync_state.h
View File

@@ -11,30 +11,45 @@ enum policy_type
POLICY_UPDATE_MAX POLICY_UPDATE_MAX
}; };
struct cmsg_int32_array enum ssl_intercept_info_index
{ {
size_t num; SSL_INTERCEPT_STATE = 0,
uint32_t value[8]; SSL_UPSTREAM_LATENCY,
SSL_DOWNSTREAM_LATENCY,
SSL_UPSTREAM_VERSION,
SSL_DOWNSTREAM_VERSION,
SSL_PINNING_STATE,
SSL_CERT_VERIFY,
SSL_ERROR,
SSL_PASSTHROUGH_REASON,
SSL_INTERCEPT_MAX_INDEX
}; };
struct cmsg_int16_array #define FQDN_CAT_ID_VALS 8
struct fqdn_cat_id_val
{ {
size_t num; size_t num;
uint16_t value[8]; uint32_t value[FQDN_CAT_ID_VALS];
}; };
struct cmsg_int8_array #define TCP_XXX_SIDS 8
struct tcp_sids
{ {
size_t num; size_t num;
uint8_t value[64]; uint16_t value[TCP_XXX_SIDS];
};
#define TCP_XXX_ROUTE_CTX 64
struct tcp_route_ctx
{
size_t num;
uint8_t value[TCP_XXX_ROUTE_CTX];
}; };
struct proxy_cmsg struct proxy_cmsg
{ {
uint32_t tcp_seq; uint8_t tcp_info_packet_cur_dir;
uint32_t tcp_ack;
uint16_t tcp_mss_client;
uint16_t tcp_mss_server;
uint8_t tcp_wsacle_exist; uint8_t tcp_wsacle_exist;
uint8_t tcp_wsacle_client; uint8_t tcp_wsacle_client;
uint8_t tcp_wsacle_server; uint8_t tcp_wsacle_server;
@@ -43,11 +58,15 @@ struct proxy_cmsg
uint8_t tcp_ts_client; uint8_t tcp_ts_client;
uint8_t tcp_ts_server; uint8_t tcp_ts_server;
uint8_t tcp_protocol; uint8_t tcp_protocol;
uint16_t tcp_mss_client;
uint16_t tcp_mss_server;
uint16_t tcp_window_client; uint16_t tcp_window_client;
uint16_t tcp_window_server; uint16_t tcp_window_server;
uint32_t tcp_ts_client_val; uint32_t tcp_ts_client_val;
uint32_t tcp_ts_server_val; uint32_t tcp_ts_server_val;
uint8_t tcp_info_packet_cur_dir; uint32_t tcp_seq;
uint32_t tcp_ack;
char *src_sub_id; char *src_sub_id;
char *dst_sub_id; char *dst_sub_id;
char *src_asn; char *src_asn;
@@ -63,25 +82,63 @@ struct proxy_cmsg
char *src_ip_location_subdivision; char *src_ip_location_subdivision;
char *dst_ip_location_subdivision; char *dst_ip_location_subdivision;
char *ssl_client_ja3_fingerprint; char *ssl_client_ja3_fingerprint;
struct cmsg_int32_array fqdn_cat_id_val; struct fqdn_cat_id_val fqdn_cat_ids;
struct cmsg_int16_array tcp_seq_sids; struct tcp_sids tcp_seq_sids;
struct cmsg_int16_array tcp_ack_sids; struct tcp_sids tcp_ack_sids;
struct cmsg_int8_array tcp_seq_route_ctx; struct tcp_route_ctx tcp_seq_route_ctx;
struct cmsg_int8_array tcp_ack_route_ctx; struct tcp_route_ctx tcp_ack_route_ctx;
}; };
#define UPDATE_POLICY_RULE_IDS 8
struct update_policy struct update_policy
{ {
enum policy_type type; enum policy_type type;
int n_ids; int n_ids;
long long ids[8]; long long ids[UPDATE_POLICY_RULE_IDS];
struct proxy_cmsg cmsg; struct proxy_cmsg cmsg;
}; };
struct proxy_log_update
{
uint8_t ssl_pinning_state;
uint8_t ssl_cert_verify;
uint8_t ssl_intercept_state;
uint64_t ssl_upstream_latency;
uint64_t ssl_downstream_latency;
char *ssl_upstream_version;
char *ssl_downstream_version;
char *ssl_error;
char *ssl_passthrough_reason;
};
#define SHAPR_PROFILE_IDS 8
struct shaper_rule
{
long long rule_id;
size_t n_profile_ids;
uint32_t profile_ids[SHAPR_PROFILE_IDS];
};
#define SHAPR_RULE_IDS 8
struct shaper_log_update
{
size_t n_shaper_rule;
struct shaper_rule shaper_rules[SHAPR_RULE_IDS];
};
#define SCE_PROFILE_IDS 8
struct sce_log_update
{
size_t n_profile_ids;
uint32_t profile_ids[SCE_PROFILE_IDS];
};
int tsg_sync_resetall_state(const struct streaminfo *a_stream); int tsg_sync_resetall_state(const struct streaminfo *a_stream);
int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state); int tsg_send_session_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char state); int tsg_sync_opening_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state); int tsg_sync_closing_state(const struct streaminfo *a_stream, unsigned char state);
int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_update, size_t n_policy_update); int tsg_sync_policy_update(const struct streaminfo *a_stream, struct update_policy *policy_update, size_t n_policy_update);
// int tsg_recv_control_pkt(const struct streaminfo *a_stream, const void *payload, int payload_len); int tsg_parse_log_update_payload(const struct streaminfo *a_stream, const void *payload, unsigned int payload_len);

2
test/src/gtest_common.cpp
View File

@@ -119,7 +119,7 @@ const void *get_rawpkt_from_streaminfo(const struct streaminfo *pstream)
} }
int get_opt_from_rawpkt(const void *rawpkt, int type, void *out_value) int get_opt_from_rawpkt(const void *rawpkt, int type, void *out_value)
{ {
if (type > RWA_PKT_GET_SID_LIST) { if (type > RAW_PKT_GET_SID_LIST) {
return -1; return -1;
} }

33
test/src/gtest_kafka.cpp
View File

@@ -1,6 +1,8 @@
#include <string.h> #include <string.h>
#include <librdkafka/rdkafka.h> #include <librdkafka/rdkafka.h>
#include <MESA/cJSON.h>
#ifndef MIN #ifndef MIN
#define MIN(a,b) ((a)>(b) ? (b) : (a)) #define MIN(a,b) ((a)>(b) ? (b) : (a))
#endif #endif
@@ -56,8 +58,30 @@ const char *rd_kafka_err2str(rd_kafka_resp_err_t err)
int rd_kafka_produce(rd_kafka_topic_t *rkt, int32_t partitition, int msgflags, void *payload, size_t len, const void *key, size_t keylen, void *msg_opaque) int rd_kafka_produce(rd_kafka_topic_t *rkt, int32_t partitition, int msgflags, void *payload, size_t len, const void *key, size_t keylen, void *msg_opaque)
{ {
int length=MIN(len, sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt])); cJSON *object=cJSON_Parse((const char *)payload);
memcpy((void *)(g_kafka_sendlog[g_kafka_sendlog_cnt++]), payload, length); if(object!=NULL)
{
cJSON_DeleteItemFromObject(object, "common_start_time");
cJSON_DeleteItemFromObject(object, "common_end_time");
char *result=cJSON_PrintUnformatted(object);
int length=MIN(strlen(result), sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt]));
memset(g_kafka_sendlog[g_kafka_sendlog_cnt], 0, sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt]));
memcpy((void *)(g_kafka_sendlog[g_kafka_sendlog_cnt++]), result, length);
cJSON_free(result);
result=NULL;
cJSON_Delete(object);
object=NULL;
}
else
{
int length=MIN(len, sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt]));
memset(g_kafka_sendlog[g_kafka_sendlog_cnt], 0, sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt]));
memcpy((void *)(g_kafka_sendlog[g_kafka_sendlog_cnt++]), payload, length);
}
return 0; return 0;
} }
@@ -66,6 +90,11 @@ int rd_kafka_get_sendlog_cnt(void)
return g_kafka_sendlog_cnt; return g_kafka_sendlog_cnt;
} }
void rd_kafka_clean_sendlog_cnt(void)
{
g_kafka_sendlog_cnt=0;
}
const char *rd_kafka_get_sendlog_payload(int idx) const char *rd_kafka_get_sendlog_payload(int idx)
{ {
if(idx>g_kafka_sendlog_cnt || idx <0) if(idx>g_kafka_sendlog_cnt || idx <0)

208
test/src/gtest_master.cpp
View File

@@ -4,10 +4,12 @@
#include "gtest_common.h" #include "gtest_common.h"
#include "tsg_entry.h" #include "tsg_entry.h"
#include "tsg_sync_state.h"
#include "tsg_rule_internal.h" #include "tsg_rule_internal.h"
#include <gtest/gtest.h> #include <gtest/gtest.h>
extern int rd_kafka_get_sendlog_cnt(void); extern int rd_kafka_get_sendlog_cnt(void);
extern void rd_kafka_clean_sendlog_cnt(void);
extern const char *rd_kafka_get_sendlog_payload(int idx); extern const char *rd_kafka_get_sendlog_payload(int idx);
extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);; extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);;
extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq); extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);
@@ -15,7 +17,6 @@ extern int matched_intercept_rules_deal(const struct streaminfo * a_stream, stru
extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data); extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data);
TEST(TSGMaster, SetAPPIDHttp) TEST(TSGMaster, SetAPPIDHttp)
{ {
const struct streaminfo a_stream={0}; const struct streaminfo a_stream={0};
@@ -299,15 +300,17 @@ TEST(TSGMaster, SecurityPolicySendlog)
int sendlog_cnt=rd_kafka_get_sendlog_cnt(); int sendlog_cnt=rd_kafka_get_sendlog_cnt();
EXPECT_EQ(9, sendlog_cnt); EXPECT_EQ(9, sendlog_cnt);
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(0)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":1,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(0));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(1)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":2,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(1));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(2)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":3,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(2));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(3)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":4,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(3));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(4)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":5,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(4));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(5)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":6,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(5));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(6)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":7,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(6));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(7)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"common_policy_id\":8,\"common_service\":0,\"common_vsys_id\":0,\"common_action\":1}", rd_kafka_get_sendlog_payload(7));
//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(8)); EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1}", rd_kafka_get_sendlog_payload(8));
rd_kafka_clean_sendlog_cnt();
hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY); hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
EXPECT_EQ(nullptr, hited_security); EXPECT_EQ(nullptr, hited_security);
@@ -655,37 +658,6 @@ TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify)
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING)); EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
} }
TEST(TSGMaster, InterceptPolicy)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[1].action=TSG_ACTION_INTERCEPT;
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
// Set Intercept
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_NE(nullptr, hited_intercept);
EXPECT_EQ(1, hited_intercept->n_rules);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
}
TEST(TSGMaster, InterceptAndNOInterceptPolicy) TEST(TSGMaster, InterceptAndNOInterceptPolicy)
{ {
const struct streaminfo a_stream={0}; const struct streaminfo a_stream={0};
@@ -847,6 +819,160 @@ TEST(TSGMaster, ServiceChainingAndShapingAndInterceptPolicy)
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT)); EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
} }
TEST(TSGMaster, InterceptPolicySendLog)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[1].do_log=1;
matched_policy[1].action=TSG_ACTION_INTERCEPT;
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
// Set Intercept
matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_NE(nullptr, hited_intercept);
EXPECT_EQ(1, hited_intercept->n_rules);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
struct proxy_log_update proxy={0, 1, 1, 10, 20, (char*)"upstream_version", (char*)"downstream_version", (char*)"error", (char*)"passthrough_reason"};
session_log_update_data_put(&a_stream, TSG_SERVICE_INTERCEPT, (void *)&proxy);
struct TLD_handle_t *handle=TLD_create(0);
matched_policy[0].action=0;
matched_policy[0].rule_id=0;
matched_policy[0].service_id=0;
tsg_send_log(g_tsg_log_instance, handle, &a_stream, LOG_TYPE_SESSION_RECORD, &(matched_policy[0]), 1, 0);
int sendlog_cnt=rd_kafka_get_sendlog_cnt();
EXPECT_EQ(2, sendlog_cnt);
// intercept
EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"ssl_pinningst\":0,\"ssl_cert_verify\":1,\"ssl_intercept_state\":1,\"ssl_server_side_latency\":10,\"ssl_client_side_latency\":20,\"ssl_server_side_version\":\"upstream_version\",\"ssl_client_side_version\":\"downstream_version\",\"ssl_error\":\"error\",\"ssl_passthrough_reason\":\"passthrough_reason\"}", rd_kafka_get_sendlog_payload(1));
// session record
EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"ssl_pinningst\":0,\"ssl_cert_verify\":1,\"ssl_intercept_state\":1,\"ssl_server_side_latency\":10,\"ssl_client_side_latency\":20,\"ssl_server_side_version\":\"upstream_version\",\"ssl_client_side_version\":\"downstream_version\",\"ssl_error\":\"error\",\"ssl_passthrough_reason\":\"passthrough_reason\",\"common_policy_id\":2,\"common_service\":3,\"common_vsys_id\":0,\"common_action\":2}", rd_kafka_get_sendlog_payload(0));
session_log_update_data_put(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
rd_kafka_clean_sendlog_cnt();
hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_EQ(nullptr, hited_intercept);
}
TEST(TSGMaster, ServiceChainingPolicySendLog)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[1].do_log=1;
matched_policy[1].action=TSG_ACTION_S_CHAINING;
matched_policy[1].rule_id=TSG_ACTION_S_CHAINING;
matched_policy[1].service_id=TSG_SERVICE_CHAINING;
// Set Intercept
matched_service_chaining_rules_deal(&a_stream, &matched_policy[1], 1, 0);
const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_NE(nullptr, hited_s_chaining);
EXPECT_EQ(1, hited_s_chaining->n_rules);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action);
EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id);
EXPECT_EQ(TSG_SERVICE_CHAINING, hited_s_chaining->rules[0].service_id);
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
struct sce_log_update sce={8, {1,2,3,4,5,6,7,8}};
session_log_update_data_put(&a_stream, TSG_SERVICE_CHAINING, (void *)&sce);
struct TLD_handle_t *handle=TLD_create(0);
matched_policy[0].action=0;
matched_policy[0].rule_id=0;
matched_policy[0].service_id=0;
tsg_send_log(g_tsg_log_instance, handle, &a_stream, LOG_TYPE_SESSION_RECORD, &(matched_policy[0]), 1, 0);
int sendlog_cnt=rd_kafka_get_sendlog_cnt();
EXPECT_EQ(1, sendlog_cnt);
// session record
EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"sce_profile_ids\":[1,2,3,4,5,6,7,8]}", rd_kafka_get_sendlog_payload(0));
session_log_update_data_put(&a_stream, TSG_SERVICE_CHAINING, NULL);
rd_kafka_clean_sendlog_cnt();
session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_EQ(nullptr, hited_s_chaining);
}
TEST(TSGMaster, ShapingPolicySendLog)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[1].do_log=1;
matched_policy[1].action=TSG_ACTION_SHAPING;
matched_policy[1].rule_id=TSG_ACTION_SHAPING;
matched_policy[1].service_id=TSG_SERVICE_SHAPING;
// Set Intercept
matched_shaping_rules_deal(&a_stream, &matched_policy[1], 1, 0);
const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_NE(nullptr, hited_shaping);
EXPECT_EQ(1, hited_shaping->n_rules);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].action);
EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].rule_id);
EXPECT_EQ(TSG_SERVICE_SHAPING, hited_shaping->rules[0].service_id);
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
EXPECT_NE(nullptr, segment_ids);
EXPECT_EQ(1, segment_ids->sz_sidlist);
EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
session_segment_id_free(&a_stream, 0, (void *)segment_ids);
session_control_segment_ids_async(&a_stream, NULL);
struct shaper_log_update shaping={1, {TSG_ACTION_SHAPING, 8, {1,2,3,4,5,6,7,8}}};
session_log_update_data_put(&a_stream, TSG_SERVICE_SHAPING, (void *)&shaping);
struct TLD_handle_t *handle=TLD_create(0);
matched_policy[0].action=0;
matched_policy[0].rule_id=0;
matched_policy[0].service_id=0;
tsg_send_log(g_tsg_log_instance, handle, &a_stream, LOG_TYPE_SESSION_RECORD, &(matched_policy[0]), 1, 0);
int sendlog_cnt=rd_kafka_get_sendlog_cnt();
EXPECT_EQ(1, sendlog_cnt);
// session record
EXPECT_STREQ("{\"common_app_full_path\":\"unknown\",\"common_app_label\":\"unknown\",\"common_server_port\":0,\"common_client_port\":0,\"common_stream_dir\":0,\"common_address_type\":0,\"common_con_duration_ms\":0,\"common_stream_trace_id\":\"5\",\"common_sled_ip\":\"0.0.0.0\",\"common_device_tag\":\"{\\\"tags\\\":[{\\\"tag\\\":\\\"device_id\\\",\\\"value\\\":\\\"device_1\\\"}]}\",\"common_t_vsys_id\":1,\"shaping_profile_ids\":[{\"rule_id\":32,\"profile_ids\":[1,2,3,4,5,6,7,8]}],\"common_shaping_rule_ids\":[32]}", rd_kafka_get_sendlog_payload(0));
session_log_update_data_put(&a_stream, TSG_SERVICE_SHAPING, NULL);
rd_kafka_clean_sendlog_cnt();
session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_EQ(nullptr, hited_shaping);
}
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
TSG_MASTER_INIT(); TSG_MASTER_INIT();

4
test/src/gtest_sendlog.cpp
View File

@@ -34,6 +34,10 @@ void *session_mac_linkinfo_get(const struct streaminfo * a_stream)
{ {
return NULL; return NULL;
} }
void *session_log_update_data_get(const struct streaminfo *a_stream, enum TSG_SERVICE service)
{
return NULL;
}
void *session_gather_app_results_get(const struct streaminfo * a_stream) void *session_gather_app_results_get(const struct streaminfo * a_stream)
{ {

692
test/src/gtest_sync_state.cpp
View File

@@ -19,6 +19,41 @@ unsigned long long tsg_get_stream_trace_id(const struct streaminfo *a_stream)
return 10; return 10;
} }
void *session_log_update_data_get(const struct streaminfo *a_stream, enum TSG_SERVICE service)
{
switch (service)
{
case TSG_SERVICE_INTERCEPT:
return stream_bridge_async_data_get(a_stream, BRIDGE_TYPE_LOG_UPDATE_PROXY);
case TSG_SERVICE_CHAINING:
return stream_bridge_async_data_get(a_stream, BRIDGE_TYPE_LOG_UPDATE_SCE);
case TSG_SERVICE_SHAPING:
return stream_bridge_async_data_get(a_stream, BRIDGE_TYPE_LOG_UPDATE_SHAPER);
default:
return NULL;
}
}
int session_log_update_data_put(const struct streaminfo *a_stream, enum TSG_SERVICE service, void *data)
{
switch (service)
{
case TSG_SERVICE_INTERCEPT:
return stream_bridge_async_data_put(a_stream, BRIDGE_TYPE_LOG_UPDATE_PROXY, data);
case TSG_SERVICE_CHAINING:
return stream_bridge_async_data_put(a_stream, BRIDGE_TYPE_LOG_UPDATE_SCE, data);
case TSG_SERVICE_SHAPING:
return stream_bridge_async_data_put(a_stream, BRIDGE_TYPE_LOG_UPDATE_SHAPER, data);
default:
return 0;
}
}
TEST(SESSION_STATE, IllegalPara) TEST(SESSION_STATE, IllegalPara)
{ {
struct streaminfo a_stream = {0}; struct streaminfo a_stream = {0};
@@ -139,7 +174,6 @@ TEST(POLICY_UPDATE, Sce)
{ {
test.ids[i] = 100 + i; test.ids[i] = 100 + i;
} }
tsg_sync_policy_update(&a_stream, &test, 1); tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf)); ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
@@ -157,6 +191,35 @@ TEST(POLICY_UPDATE, Sce)
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
} }
TEST(POLICY_UPDATE, SceOverLimitIds)
{
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
test.type = POLICY_UPDATE_SERVICE_CHAINING;
test.n_ids = 4;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 100 + i;
}
test.n_ids += UPDATE_POLICY_RULE_IDS;
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t sce_map = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "sce");
EXPECT_EQ(mpack_node_array_length(mpack_node_map_cstr(sce_map, "rule_ids")), UPDATE_POLICY_RULE_IDS);
EXPECT_EQ(0, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(sce_map, "rule_ids"), 5)));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(POLICY_UPDATE, Shaper) TEST(POLICY_UPDATE, Shaper)
{ {
char ctrl_pkt_buf[1024] = {0}; char ctrl_pkt_buf[1024] = {0};
@@ -169,7 +232,6 @@ TEST(POLICY_UPDATE, Shaper)
{ {
test.ids[i] = 10000 + i; test.ids[i] = 10000 + i;
} }
tsg_sync_policy_update(&a_stream, &test, 1); tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf)); ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
@@ -187,7 +249,36 @@ TEST(POLICY_UPDATE, Shaper)
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
} }
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0) TEST(POLICY_UPDATE, ShaperOverLimitIds)
{
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
memset(&test, 0, sizeof(test));
test.type = POLICY_UPDATE_SHAPING;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 10000 + i;
}
test.n_ids += UPDATE_POLICY_RULE_IDS;
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t shaper_map = mpack_node_map_cstr(mpack_node_map_cstr(root, "params"), "shaper");
EXPECT_EQ(mpack_node_array_length(mpack_node_map_cstr(shaper_map, "rule_ids")), UPDATE_POLICY_RULE_IDS);
EXPECT_EQ(0, mpack_node_i64(mpack_node_array_at(mpack_node_map_cstr(shaper_map, "rule_ids"), 7)));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
}
TEST(POLICY_UPDATE, ActiveStateServiceChainingAndShaping0)
{ {
struct streaminfo a_stream = {0}; struct streaminfo a_stream = {0};
struct update_policy policy_array[POLICY_UPDATE_MAX]; struct update_policy policy_array[POLICY_UPDATE_MAX];
@@ -238,7 +329,7 @@ TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0)
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
} }
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping1) TEST(POLICY_UPDATE, ActiveStateServiceChainingAndShaping1)
{ {
struct streaminfo a_stream = {0}; struct streaminfo a_stream = {0};
struct update_policy policy_array[2]; struct update_policy policy_array[2];
@@ -349,10 +440,10 @@ static void gtest_cmsg_init(struct proxy_cmsg *cmsg)
cmsg->ssl_client_ja3_fingerprint = (char *)calloc(1, 256); cmsg->ssl_client_ja3_fingerprint = (char *)calloc(1, 256);
snprintf(cmsg->ssl_client_ja3_fingerprint, 256, "thisistest=%d", 15); snprintf(cmsg->ssl_client_ja3_fingerprint, 256, "thisistest=%d", 15);
cmsg->fqdn_cat_id_val.num = 4; cmsg->fqdn_cat_ids.num = 4;
for (size_t i = 0; i < 4; i++) for (size_t i = 0; i < 4; i++)
{ {
cmsg->fqdn_cat_id_val.value[i] = i + 1; cmsg->fqdn_cat_ids.value[i] = i + 1;
} }
cmsg->tcp_seq_sids.num = 5; cmsg->tcp_seq_sids.num = 5;
@@ -408,6 +499,7 @@ TEST(POLICY_UPDATE, Proxy)
int ctrl_pkt_len = 0; int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0}; struct streaminfo a_stream = {0};
struct update_policy test; struct update_policy test;
memset(&test, 0, sizeof(test));
struct proxy_cmsg cmsg; struct proxy_cmsg cmsg;
test.type = POLICY_UPDATE_INTERCEPT; test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6; test.n_ids = 6;
@@ -464,20 +556,598 @@ TEST(POLICY_UPDATE, Proxy)
EXPECT_EQ(i + 5, mpack_node_u8(mpack_node_array_at(tcp_ack_route_ctxs, i))); EXPECT_EQ(i + 5, mpack_node_u8(mpack_node_array_at(tcp_ack_route_ctxs, i)));
} }
// // sce EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
// EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(params, "sce"))); gtest_cmsg_destroy(&cmsg);
}
// // shaper TEST(POLICY_UPDATE, ProxyOverLimit)
// EXPECT_EQ(mpack_type_nil, mpack_node_type(mpack_node_map_cstr(params, "shaper"))); {
char ctrl_pkt_buf[1024] = {0};
int ctrl_pkt_len = 0;
struct streaminfo a_stream = {0};
struct update_policy test;
struct proxy_cmsg cmsg;
test.type = POLICY_UPDATE_INTERCEPT;
test.n_ids = 6;
for (int i = 0; i < test.n_ids; i++)
{
test.ids[i] = 10000 + i;
}
gtest_cmsg_init(&cmsg);
memcpy(&test.cmsg, &cmsg, sizeof(struct proxy_cmsg));
test.cmsg.fqdn_cat_ids.num += FQDN_CAT_ID_VALS;
test.cmsg.tcp_ack_sids.num += TCP_XXX_SIDS;
test.cmsg.tcp_seq_sids.num += TCP_XXX_SIDS;
test.cmsg.tcp_seq_route_ctx.num += TCP_XXX_ROUTE_CTX;
test.cmsg.tcp_ack_route_ctx.num += TCP_XXX_ROUTE_CTX;
tsg_sync_policy_update(&a_stream, &test, 1);
ctrl_pkt_len = get_ctrl_pkt(ctrl_pkt_buf, sizeof(ctrl_pkt_buf));
mpack_tree_t tree;
mpack_tree_init_data(&tree, ctrl_pkt_buf, ctrl_pkt_len);
mpack_tree_parse(&tree);
mpack_node_t root = mpack_tree_root(&tree);
mpack_node_t params = mpack_node_map_cstr(root, "params");
// proxy
EXPECT_EQ(mpack_type_map, mpack_node_type(mpack_node_map_cstr(params, "proxy")));
mpack_node_t proxy_map = mpack_node_map_cstr(params, "proxy");
mpack_node_t tcp_handshake = mpack_node_map_cstr(proxy_map, "tcp_handshake");
mpack_node_t fqdn_cat_id_vals = mpack_node_array_at(tcp_handshake, 31);
EXPECT_EQ(FQDN_CAT_ID_VALS, mpack_node_array_length(fqdn_cat_id_vals));
mpack_node_t tcp_seq_sids = mpack_node_array_at(tcp_handshake, 32);
EXPECT_EQ(TCP_XXX_SIDS, mpack_node_array_length(tcp_seq_sids));
mpack_node_t tcp_ack_sids = mpack_node_array_at(tcp_handshake, 33);
EXPECT_EQ(TCP_XXX_SIDS, mpack_node_array_length(tcp_ack_sids));
mpack_node_t tcp_seq_route_ctxs = mpack_node_array_at(tcp_handshake, 34);
EXPECT_EQ(TCP_XXX_ROUTE_CTX, mpack_node_array_length(tcp_seq_route_ctxs));
mpack_node_t tcp_ack_route_ctxs = mpack_node_array_at(tcp_handshake, 35);
EXPECT_EQ(TCP_XXX_ROUTE_CTX, mpack_node_array_length(tcp_ack_route_ctxs));
EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok); EXPECT_EQ(mpack_tree_destroy(&tree), mpack_ok);
gtest_cmsg_destroy(&cmsg); gtest_cmsg_destroy(&cmsg);
} }
void gtest_get_sce_mpack_date(char **mpack_data, size_t *mpack_size, uint64_t session_id, char *method, int n_ids)
{
mpack_writer_t writer;
mpack_writer_init_growable(&writer, mpack_data, mpack_size);
mpack_build_map(&writer);
// tsync : 2.0
mpack_write_cstr(&writer, "tsync");
mpack_write_cstr(&writer, "2.0");
// session_id
mpack_write_cstr(&writer, "session_id");
mpack_write_u64(&writer, session_id);
// state
mpack_write_cstr(&writer, "state");
mpack_write_cstr(&writer, "active");
// method: log_update
mpack_write_cstr(&writer, "method");
mpack_write_cstr(&writer, method);
// params
mpack_write_cstr(&writer, "params");
mpack_build_map(&writer);
{
mpack_write_cstr(&writer, "sce");
mpack_build_map(&writer);
{
mpack_write_cstr(&writer, "sf_profile_ids");
if (n_ids == 0)
{
mpack_write_nil(&writer);
}
else
{
mpack_build_array(&writer);
for (int i = 0; i < n_ids; i++)
{
mpack_write_u32(&writer, i + 1);
}
mpack_complete_array(&writer);
}
}
mpack_complete_map(&writer);
}
mpack_complete_map(&writer);
mpack_complete_map(&writer);
// printf("mpack_size = %lu\n", (unsigned long)mpack_size);
// for (int i = 0; i < mpack_size; i++)
// {
// printf("%x ", mpack_data[i]);
// }
EXPECT_EQ(mpack_writer_destroy(&writer), mpack_ok);
}
TEST(LOG_UPDATE, SceIllegalLog)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
// error session
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 123456789, (char *)"log_update", 3);
EXPECT_EQ(-1, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_FALSE(result);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
// error method
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 10, (char *)"policy_update", 3);
EXPECT_EQ(-1, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
result = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_FALSE(result);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
// n_profile_ids = 0
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 10, (char *)"log_update", 0);
EXPECT_EQ(-1, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
result = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_FALSE(result);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
}
TEST(LOG_UPDATE, SceNormal)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 10, (char *)"log_update", 3);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_TRUE(result);
struct sce_log_update *sce = (struct sce_log_update *)result;
EXPECT_EQ(3, sce->n_profile_ids);
for (int i = 0; i < (int)sce->n_profile_ids; i++)
{
EXPECT_EQ(i + 1, sce->profile_ids[i]);
}
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT));
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING));
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_CHAINING, NULL);
free(mpack_data);
mpack_data = NULL;
}
TEST(LOG_UPDATE, SceTwice)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 10, (char *)"log_update", 3);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_TRUE(result);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 10, (char *)"log_update", 5);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result_2 = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_EQ(result_2, result);
struct sce_log_update *sce = (struct sce_log_update *)result_2;
EXPECT_EQ(5, sce->n_profile_ids);
for (int i = 0; i < (int)sce->n_profile_ids; i++)
{
EXPECT_EQ(i + 1, sce->profile_ids[i]);
}
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT));
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING));
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_CHAINING, NULL);
free(mpack_data);
mpack_data = NULL;
}
TEST(LOG_UPDATE, SceOverLimitProfileIds)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
gtest_get_sce_mpack_date(&mpack_data, &mpack_size, 10, (char *)"log_update", 3 + SCE_PROFILE_IDS);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING);
EXPECT_TRUE(result);
struct sce_log_update *sce = (struct sce_log_update *)result;
EXPECT_EQ(SCE_PROFILE_IDS, sce->n_profile_ids);
for (int i = 0; i < (int)sce->n_profile_ids; i++)
{
EXPECT_EQ(i + 1, sce->profile_ids[i]);
}
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_CHAINING, NULL);
free(mpack_data);
mpack_data = NULL;
}
void gtest_get_shaper_mpack_date(char **mpack_data, size_t *mpack_size, uint64_t session_id, int n_sh_profile_ids, long long *rules, int n_profile_ids)
{
mpack_writer_t writer;
mpack_writer_init_growable(&writer, mpack_data, mpack_size);
mpack_build_map(&writer);
// tsync : 2.0
mpack_write_cstr(&writer, "tsync");
mpack_write_cstr(&writer, "2.0");
// session_id
mpack_write_cstr(&writer, "session_id");
mpack_write_u64(&writer, session_id);
// state
mpack_write_cstr(&writer, "state");
mpack_write_cstr(&writer, "active");
// method: log_update
mpack_write_cstr(&writer, "method");
mpack_write_cstr(&writer, "log_update");
// params
mpack_write_cstr(&writer, "params");
mpack_build_map(&writer);
{
mpack_write_cstr(&writer, "shaper");
mpack_build_array(&writer);
for (int i = 0; i < n_sh_profile_ids; i++)
{
mpack_build_map(&writer);
{
mpack_write_cstr(&writer, "rule_id");
mpack_write_i64(&writer, rules[i]);
mpack_write_cstr(&writer, "profile_ids");
mpack_build_array(&writer);
for (int j = 0; j < n_profile_ids; j++)
{
mpack_write_u32(&writer, j + 1);
}
mpack_complete_array(&writer);
}
mpack_complete_map(&writer);
}
mpack_complete_array(&writer);
}
mpack_complete_map(&writer);
mpack_complete_map(&writer);
// printf("mpack_size = %lu\n", (unsigned long)mpack_size);
// for (int i = 0; i < mpack_size; i++)
// {
// printf("%x ", mpack_data[i]);
// }
EXPECT_EQ(mpack_writer_destroy(&writer), mpack_ok);
}
TEST(LOG_UPDATE, ShaperNormal)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
long long rule[4] = {2, 3, 4, 5};
gtest_get_shaper_mpack_date(&mpack_data, &mpack_size, 10, 4, rule, 3);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_TRUE(result);
struct shaper_log_update *shaper = (struct shaper_log_update *)result;
for (int i = 0; i < (int)shaper->n_shaper_rule; i++)
{
EXPECT_EQ(i + 2, shaper->shaper_rules[i].rule_id);
EXPECT_EQ(3, shaper->shaper_rules[i].n_profile_ids);
for (int j = 0; j < (int)shaper->shaper_rules[i].n_profile_ids; j++)
{
EXPECT_EQ(j + 1, shaper->shaper_rules[i].profile_ids[j]);
}
}
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT));
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING));
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_SHAPING, NULL);
free(mpack_data);
mpack_data = NULL;
}
TEST(LOG_UPDATE, ShaperTwice)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
long long rule[4] = {2, 3, 4, 5};
gtest_get_shaper_mpack_date(&mpack_data, &mpack_size, 10, 4, rule, 3);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_TRUE(result);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
gtest_get_shaper_mpack_date(&mpack_data, &mpack_size, 10, 3, rule, 4);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result_2 = session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_EQ(result_2, result);
struct shaper_log_update *shaper = (struct shaper_log_update *)result;
EXPECT_EQ(3, shaper->n_shaper_rule);
for (int i = 0; i < (int)shaper->n_shaper_rule; i++)
{
EXPECT_EQ(i + 2, shaper->shaper_rules[i].rule_id);
EXPECT_EQ(4, shaper->shaper_rules[i].n_profile_ids);
for (int j = 0; j < (int)shaper->shaper_rules[i].n_profile_ids; j++)
{
EXPECT_EQ(j + 1, shaper->shaper_rules[i].profile_ids[j]);
}
}
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT));
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING));
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_SHAPING, NULL);
free(mpack_data);
mpack_data = NULL;
}
TEST(LOG_UPDATE, ShaperOverLimitProfileIds)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
long long rule[4 + SHAPR_RULE_IDS] = {2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13};
gtest_get_shaper_mpack_date(&mpack_data, &mpack_size, 10, 4 + SHAPR_RULE_IDS, rule, 3 + SHAPR_PROFILE_IDS);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING);
EXPECT_TRUE(result);
struct shaper_log_update *shaper = (struct shaper_log_update *)result;
EXPECT_EQ(shaper->n_shaper_rule, SHAPR_RULE_IDS);
for (int i = 0; i < (int)shaper->n_shaper_rule; i++)
{
EXPECT_EQ(i + 2, shaper->shaper_rules[i].rule_id);
EXPECT_EQ(SHAPR_PROFILE_IDS, shaper->shaper_rules[i].n_profile_ids);
for (int j = 0; j < (int)shaper->shaper_rules[i].n_profile_ids; j++)
{
EXPECT_EQ(j + 1, shaper->shaper_rules[i].profile_ids[j]);
}
}
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_SHAPING, NULL);
free(mpack_data);
mpack_data = NULL;
}
// if flag = 0 nil flag = 1 array flag = 2 ssl_upstream_version = thisisssl_upstream_version_for_test_twice
void gtest_get_proxy_mpack_date(char **mpack_data, size_t *mpack_size, uint64_t session_id, int flag)
{
mpack_writer_t writer;
mpack_writer_init_growable(&writer, mpack_data, mpack_size);
mpack_build_map(&writer);
// tsync : 2.0
mpack_write_cstr(&writer, "tsync");
mpack_write_cstr(&writer, "2.0");
// session_id
mpack_write_cstr(&writer, "session_id");
mpack_write_u64(&writer, session_id);
// state
mpack_write_cstr(&writer, "state");
mpack_write_cstr(&writer, "active");
// method: log_update
mpack_write_cstr(&writer, "method");
mpack_write_cstr(&writer, "log_update");
// params
mpack_write_cstr(&writer, "params");
mpack_build_map(&writer);
{
mpack_write_cstr(&writer, "proxy");
mpack_build_map(&writer);
mpack_write_cstr(&writer, "ssl_intercept_info");
{
if (flag == 0)
{
mpack_write_nil(&writer);
}
else
{
mpack_build_array(&writer);
{
mpack_write_u8(&writer, 1);
mpack_write_u64(&writer, 2);
mpack_write_u64(&writer, 3);
if (flag == 2)
{
mpack_write_cstr(&writer, "thisisssl_upstream_version_for_test_twice");
mpack_write_cstr(&writer, "thisisssl_downstream_version_for_test_twice");
mpack_write_u8(&writer, 7);
}
else
{
mpack_write_cstr(&writer, "thisisssl_upstream_version");
mpack_write_cstr(&writer, "thisisssl_downstream_version");
mpack_write_u8(&writer, 4);
}
mpack_write_u8(&writer, 5);
mpack_write_cstr(&writer, "thisisssl_error");
mpack_write_cstr(&writer, "thisisssl_passthrough_reason");
}
mpack_complete_array(&writer);
}
}
mpack_complete_map(&writer);
}
mpack_complete_map(&writer);
mpack_complete_map(&writer);
// printf("mpack_size = %lu\n", (unsigned long)mpack_size);
// for (int i = 0; i < mpack_size; i++)
// {
// printf("%x ", mpack_data[i]);
// }
EXPECT_EQ(mpack_writer_destroy(&writer), mpack_ok);
}
TEST(LOG_UPDATE, ProxyIllegalLog)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
gtest_get_proxy_mpack_date(&mpack_data, &mpack_size, 10, 0);
EXPECT_EQ(-1, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_FALSE(result);
free(mpack_data);
mpack_data = NULL;
}
TEST(LOG_UPDATE, ProxyNormal)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
gtest_get_proxy_mpack_date(&mpack_data, &mpack_size, 10, 1);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_TRUE(result);
struct proxy_log_update *proxy = (struct proxy_log_update *)result;
EXPECT_EQ(1, proxy->ssl_intercept_state);
EXPECT_EQ(2, proxy->ssl_upstream_latency);
EXPECT_EQ(3, proxy->ssl_downstream_latency);
EXPECT_STREQ("thisisssl_upstream_version", proxy->ssl_upstream_version);
EXPECT_STREQ("thisisssl_downstream_version", proxy->ssl_downstream_version);
EXPECT_EQ(4, proxy->ssl_pinning_state);
EXPECT_EQ(5, proxy->ssl_cert_verify);
EXPECT_STREQ("thisisssl_error", proxy->ssl_error);
EXPECT_STREQ("thisisssl_passthrough_reason", proxy->ssl_passthrough_reason);
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING));
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING));
free(proxy->ssl_downstream_version);
free(proxy->ssl_error);
free(proxy->ssl_passthrough_reason);
free(proxy->ssl_upstream_version);
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
free(mpack_data);
mpack_data = NULL;
}
TEST(LOG_UPDATE, ProxyTwice)
{
char *mpack_data = NULL;
size_t mpack_size = 0;
const struct streaminfo a_stream = {0};
gtest_get_proxy_mpack_date(&mpack_data, &mpack_size, 10, 1);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result = session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_TRUE(result);
free(mpack_data);
mpack_data = NULL;
mpack_size = 0;
struct proxy_log_update *proxy = (struct proxy_log_update *)result;
char *ssl_upstream_version = proxy->ssl_upstream_version;
char *ssl_downstream_version = proxy->ssl_upstream_version;
EXPECT_STREQ("thisisssl_upstream_version", proxy->ssl_upstream_version);
EXPECT_STREQ("thisisssl_downstream_version", proxy->ssl_downstream_version);
EXPECT_EQ(4, proxy->ssl_pinning_state);
// second
gtest_get_proxy_mpack_date(&mpack_data, &mpack_size, 10, 2);
EXPECT_EQ(0, tsg_parse_log_update_payload(&a_stream, mpack_data, mpack_size));
void *result_2 = session_log_update_data_get(&a_stream, TSG_SERVICE_INTERCEPT);
EXPECT_EQ(result_2, result);
proxy = (struct proxy_log_update *)result_2;
char *ssl_upstream_version_2 = proxy->ssl_upstream_version;
char *ssl_downstream_version_2 = proxy->ssl_upstream_version;
EXPECT_NE(ssl_upstream_version_2, ssl_upstream_version);
EXPECT_NE(ssl_downstream_version_2, ssl_downstream_version);
EXPECT_STREQ("thisisssl_upstream_version_for_test_twice", proxy->ssl_upstream_version);
EXPECT_STREQ("thisisssl_downstream_version_for_test_twice", proxy->ssl_downstream_version);
EXPECT_EQ(7, proxy->ssl_pinning_state);
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_CHAINING));
EXPECT_FALSE(session_log_update_data_get(&a_stream, TSG_SERVICE_SHAPING));
free(proxy->ssl_downstream_version);
free(proxy->ssl_error);
free(proxy->ssl_passthrough_reason);
free(proxy->ssl_upstream_version);
free(result);
result = NULL;
session_log_update_data_put(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
free(mpack_data);
mpack_data = NULL;
}
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
g_tsg_para.logger = MESA_create_runtime_log_handle("log/tsg_sync_state", 10); g_tsg_para.logger = MESA_create_runtime_log_handle("log/tsg_sync_state", 10);
// tsg_bridge_init("tsgconf/main.conf");
testing::InitGoogleTest(&argc, argv); testing::InitGoogleTest(&argc, argv);
int ret = RUN_ALL_TESTS(); int ret = RUN_ALL_TESTS();
MESA_destroy_runtime_log_handle(g_tsg_para.logger); MESA_destroy_runtime_log_handle(g_tsg_para.logger);