diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 54f83ba..d3a8039 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -3,6 +3,17 @@ #include +enum TSG_ETHOD_TYPE +{ + TSG_METHOD_TYPE_UNKNOWN=0, + TSG_METHOD_TYPE_DROP, + TSG_METHOD_TYPE_REDIRECTION, + TSG_METHOD_TYPE_BLOCK, + TSG_METHOD_TYPE_RESET, + TSG_METHOD_TYPE_MAX +}; + + typedef enum _tsg_protocol { PROTO_UNKONWN=0, @@ -58,4 +69,6 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, //return NULL if none exists, otherwise return one deny rule; struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); +int tsg_get_method_id(char *method); + #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b41393f..b512e58 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8) add_definitions(-fPIC) -set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp) +set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp) include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index af6fa05..40b9cd5 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -14,7 +14,7 @@ -char TSG_MASTER_VERSION_20191211=0; +char TSG_MASTER_VERSION_20191220=0; const char *tsg_conffile="tsgconf/main.conf"; g_tsg_para_t g_tsg_para; @@ -360,6 +360,13 @@ extern "C" int TSG_MASTER_INIT() FS_start(g_tsg_para.fs2_handle); + + ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ..."); + return -1; + } return 0; } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index e502d25..eb104fc 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -11,6 +11,7 @@ #define TSG_ACTION_DENY 0x10 #define TSG_ACTION_MANIPULATE 0x30 #define TSG_ACTION_BYPASS 0x80 +#define TSG_ACTION_MAX 0x80 enum TSG_FS2_TYPE{ @@ -24,6 +25,14 @@ enum TSG_FS2_TYPE{ TSG_FS2_MAX }; +struct _str2index +{ + int index; + int len; + char *type; +}; + + typedef struct _policy_priority_label { tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) @@ -50,4 +59,73 @@ typedef struct _tsg_para extern g_tsg_para_t g_tsg_para; -#endif \ No newline at end of file + +typedef enum _tsg_statis_field_id +{ + STATIS_UNKNOWN=0, + STATIS_ENTRANCE_ID=1, + STATIS_TOTAL_CON_NUM, + STATIS_NEW_CON_NUM, + STATIS_LIVE_CON_NUM, + STATIS_CLOSE_CON_NUM, + STATIS_TOTAL_IN_BYTES, + STATIS_TOTAL_OUT_BYTES, + STATIS_TOTAL_IN_PACKETS, + STATIS_TOTAL_OUT_PACKETS, + STATIS_DEFAULT_CON_NUM, + STATIS_DEFAULT_IN_BYTES, + STATIS_DEFAULT_OUT_BYTES, + STATIS_DEFAULT_IN_PACKETS, + STATIS_DEFAULT_OUT_PACKETS, + STATIS_ALLOW_CON_NUM, + STATIS_ALLOW_IN_BYTES, + STATIS_ALLOW_OUT_BYTES, + STATIS_ALLOW_IN_PACKETS, + STATIS_ALLOW_OUT_PACKETS, + STATIS_DENY_CON_NUM, + STATIS_DENY_IN_BYTES, + STATIS_DENY_OUT_BYTES, + STATIS_DENY_IN_PACKETS, + STATIS_DENY_OUT_PACKETS, + STATIS_MONITOR_CON_NUM, + STATIS_MONITOR_IN_BYTES, + STATIS_MONITOR_OUT_BYTES, + STATIS_MONITOR_IN_PACKETS, + STATIS_MONITOR_OUT_PACKETS, + STATIS_INTERCEPT_CON_NUM, + STATIS_INTERCEPT_IN_BYTES, + STATIS_INTERCEPT_OUT_BYTES, + STATIS_INTERCEPT_IN_PACKETS, + STATIS_INTERCEPT_OUT_PACKETS, + STATIS_MAX +}tsg_statis_field_id_t; + +enum TRAFFIC_INFO_IDX +{ + TRAFFIC_INFO_ALLOW=0, + TRAFFIC_INFO_DENY, + TRAFFIC_INFO_MONITOR, + TRAFFIC_INFO_INTERCEPT, + TRAFFIC_INFO_MAX +}; + +struct _traffic_info +{ + long long con_num; + long long in_bytes; + long long out_bytes; + long long in_packets; + long long out_packets; +}; + +typedef struct _tsg_statistic +{ + int cycle; + int fs_field_id[STATIS_MAX]; + struct _traffic_info *traffic_info[TSG_ACTION_MAX]; + screen_stat_handle_t fs2_handle; +}tsg_statis_para_t; + +int tsg_statistic_init(const char *conffile, void *logger); + +#endif diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 6498ed9..1598d02 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -34,6 +34,15 @@ enum kni_scan_table{ const char *g_kni_scan_table_name[SCAN_TABLE_MAX]; int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0}; + +const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"}, + {TSG_METHOD_TYPE_DROP, 4, (char *)"drop"}, + {TSG_METHOD_TYPE_REDIRECTION, 8, (char *)"redirect"}, + {TSG_METHOD_TYPE_BLOCK, 5, (char *)"block"}, + {TSG_METHOD_TYPE_BLOCK, 5, (char *)"rst"} + }; + + void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { void *logger=argp; @@ -576,3 +585,18 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num) return p_result; } +int tsg_get_method_id(char *method) +{ + int i=0; + + for(i=0; imode), 0); - MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL); - MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL); MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(level), 30); MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", log_path, sizeof(log_path), NULL); @@ -326,6 +322,15 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", log_path, level); return NULL; } + + MESA_load_profile_int_def(conffile, "TSG_LOG", "MODE",&(_instance->mode), 0); + if(_instance->mode==CLOSE) + { + MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "TSG_LOG", "Disable tsg_send_log"); + return _instance; + } + MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL); + MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL); MESA_load_profile_string_def(conffile, "TSG_LOG", "NIC_NAME", nic_name, sizeof(nic_name), "eth0"); ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);