gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-8407,TSG-8583: 修复L2TP/MAIL日志中的异常

Browse Source
This commit is contained in:
liuxueli
2021-11-30 23:46:30 +03:00
parent 6cde067435
commit f98acd814f
3 changed files with 100 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inc/tsg_label.h
View File

@@ -29,6 +29,8 @@ typedef enum _tsg_protocol
PROTO_POP3, PROTO_POP3,
PROTO_RTP, PROTO_RTP,
PROTO_APP, PROTO_APP,
PROTO_L2TP,
PROTO_PPTP,
PROTO_MAX PROTO_MAX
}tsg_protocol_t; }tsg_protocol_t;

16
src/tsg_entry.cpp
View File

@@ -113,7 +113,9 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
{PROTO_IMAP, 0, "IMAP"}, {PROTO_IMAP, 0, "IMAP"},
{PROTO_POP3, 0, "POP3"}, {PROTO_POP3, 0, "POP3"},
{PROTO_RTP, 0, "RTP"}, {PROTO_RTP, 0, "RTP"},
{PROTO_APP, 0, "APP"} {PROTO_APP, 0, "APP"},
{PROTO_L2TP, 0, "L2TP"},
{PROTO_PPTP, 0, "PPTP"}
}; };
#define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 #define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1
@@ -924,13 +926,15 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol
struct gather_app_result *gather_result=NULL; struct gather_app_result *gather_result=NULL;
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
if(gather_result==NULL) if(gather_result!=NULL)
{ {
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)); return 0;
memset(gather_result, 0, sizeof(struct gather_app_result));
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
} }
gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
memset(gather_result, 0, sizeof(struct gather_app_result));
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
if(app_id>0) if(app_id>0)
{ {
@@ -1556,7 +1560,7 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c
ret=identify_application_protocol(a_stream, context, a_packet); ret=identify_application_protocol(a_stream, context, a_packet);
if(ret==1) if(ret==1)
{ {
//set_l7_protocol_label(a_stream, context->proto); set_l7_protocol_label(a_stream, context->proto);
set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum); set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum);
if(context->proto==PROTO_SSL) if(context->proto==PROTO_SSL)

138
src/tsg_rule.cpp
View File

@@ -44,6 +44,7 @@ const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNK
{TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"} {TSG_METHOD_TYPE_TAMPER, 6, (char *)"tamper"}
}; };
//functioned as strdup, for dictator compatible. //functioned as strdup, for dictator compatible.
static char* tsg_strdup(const char* s) static char* tsg_strdup(const char* s)
{ {
@@ -1977,74 +1978,103 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a
return 0; return 0;
} }
static unsigned short get_trans_protocol(const struct streaminfo *a_stream)
{
if(a_stream==NULL)
{
return 255;
}
switch(a_stream->type)
{
case STREAM_TYPE_TCP:
return 6;
break;
case STREAM_TYPE_UDP:
return 17;
break;
default:
break;
}
return 255;
}
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num) int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num)
{ {
int hit_num=0,maat_ret=0;
unsigned short tans_proto=0;
unsigned int proto_id=0; unsigned int proto_id=0;
struct ipaddr t_addr; struct ipaddr t_addr;
struct ipaddr* p_addr=NULL;
struct ipaddr* p_addr=NULL; struct ipaddr* p_addr=NULL;
const struct streaminfo *cur_stream = a_stream; const struct streaminfo *cur_stream = a_stream;
do do
{ {
switch(cur_stream->addr.addrtype) switch(cur_stream->addr.addrtype)
{ {
is_scan_addr = 1; case ADDR_TYPE_IPV4:
if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4 || cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V6) case ADDR_TYPE_IPV6:
{ case __ADDR_TYPE_IP_PAIR_V4:
memcpy(&t_addr, &cur_stream->addr, sizeof(t_addr)); case __ADDR_TYPE_IP_PAIR_V6:
if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4) if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4 ||
cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V6)
{
memcpy(&t_addr, &cur_stream->addr, sizeof(t_addr));
if(cur_stream->addr.addrtype == __ADDR_TYPE_IP_PAIR_V4)
{
t_addr.addrtype = ADDR_TYPE_IPV4;
}
else
{
t_addr.addrtype = ADDR_TYPE_IPV6;
}
p_addr = &t_addr;
} }
else else
t_addr.addrtype = ADDR_TYPE_IPV6; {
p_addr = &t_addr; p_addr = (struct ipaddr *)&cur_stream->addr;
}
else
{
p_addr = (struct ipaddr *)&cur_stream->addr;
}
}
else
{
is_scan_addr = 0;
p_addr = NULL;
} }
if(is_scan_addr==1 && p_addr!=NULL) if(p_addr==NULL)
{
switch(cur_stream->type)
{
case STREAM_TYPE_TCP:
{ {
break; break;
case STREAM_TYPE_UDP:
tans_proto=17;
break;
default:
tans_proto=255;
break;
} }
maat_ret=Maat_scan_proto_addr(maat_feather, g_tsg_para.table_id[TABLE_IP_ADDR], p_addr, tans_proto, result+hit_num, result_num-hit_num, mid, (int)cur_stream->threadnum); tans_proto=get_trans_protocol(cur_stream);
if(maat_ret>0) maat_ret=Maat_scan_proto_addr(maat_feather, g_tsg_para.table_id[TABLE_IP_ADDR], p_addr, tans_proto, result+hit_num, result_num-hit_num, mid, (int)cur_stream->threadnum);
{ if(maat_ret>0)
MESA_handle_runtime_log(g_tsg_para.logger, {
RLOG_LV_DEBUG, MESA_handle_runtime_log(g_tsg_para.logger,
"SCAN_IP", RLOG_LV_DEBUG,
"Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", "SCAN_IP",
PRINTADDR(a_stream, g_tsg_para.level), "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d",
maat_ret, PRINTADDR(a_stream, g_tsg_para.level),
result[hit_num].config_id, maat_ret,
result[hit_num].service_id, result[hit_num].config_id,
(unsigned char)result[hit_num].action result[hit_num].service_id,
(unsigned char)result[hit_num].action
); );
hit_num+=maat_ret; hit_num+=maat_ret;
} }
else else
{ {
MESA_handle_runtime_log(g_tsg_para.logger,RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", PRINTADDR(a_stream, g_tsg_para.level), maat_ret); MESA_handle_runtime_log(g_tsg_para.logger,RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", PRINTADDR(a_stream, g_tsg_para.level), maat_ret);
}
break;
case ADDR_TYPE_L2TP:
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_L2TP].name);
hit_num+=tsg_scan_app_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, g_tsg_proto_name2id[PROTO_L2TP].name, proto_id, (int)a_stream->threadnum);
break;
case ADDR_TYPE_PPTP:
proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[PROTO_PPTP].name);
hit_num+=tsg_scan_app_id_policy(maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, g_tsg_proto_name2id[PROTO_PPTP].name, proto_id, (int)a_stream->threadnum);
break;
default:
break; break;
} }