提供阻断方式判断函数接口
提供统计命中策略流量信息函数接口 根据sapp提供信息,实现部分统计信息
This commit is contained in:
liuxueli
@@ -3,6 +3,17 @@
|
||||
|
||||
#include <MESA/Maat_rule.h>
|
||||
|
||||
enum TSG_ETHOD_TYPE
|
||||
{
|
||||
TSG_METHOD_TYPE_UNKNOWN=0,
|
||||
TSG_METHOD_TYPE_DROP,
|
||||
TSG_METHOD_TYPE_REDIRECTION,
|
||||
TSG_METHOD_TYPE_BLOCK,
|
||||
TSG_METHOD_TYPE_RESET,
|
||||
TSG_METHOD_TYPE_MAX
|
||||
};
|
||||
|
||||
|
||||
typedef enum _tsg_protocol
|
||||
{
|
||||
PROTO_UNKONWN=0,
|
||||
@@ -58,4 +69,6 @@ int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len,
|
||||
//return NULL if none exists, otherwise return one deny rule;
|
||||
struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
|
||||
|
||||
int tsg_get_method_id(char *method);
|
||||
|
||||
#endif
|
||||
|
||||
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
|
||||
|
||||
add_definitions(-fPIC)
|
||||
|
||||
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp)
|
||||
set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp)
|
||||
|
||||
include_directories(${CMAKE_SOURCE_DIR}/inc)
|
||||
include_directories(/opt/MESA/include/MESA/)
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
|
||||
|
||||
|
||||
char TSG_MASTER_VERSION_20191211=0;
|
||||
char TSG_MASTER_VERSION_20191220=0;
|
||||
const char *tsg_conffile="tsgconf/main.conf";
|
||||
g_tsg_para_t g_tsg_para;
|
||||
|
||||
@@ -361,6 +361,13 @@ extern "C" int TSG_MASTER_INIT()
|
||||
|
||||
FS_start(g_tsg_para.fs2_handle);
|
||||
|
||||
ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger);
|
||||
if(ret<0)
|
||||
{
|
||||
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ...");
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
#define TSG_ACTION_DENY 0x10
|
||||
#define TSG_ACTION_MANIPULATE 0x30
|
||||
#define TSG_ACTION_BYPASS 0x80
|
||||
#define TSG_ACTION_MAX 0x80
|
||||
|
||||
|
||||
enum TSG_FS2_TYPE{
|
||||
@@ -24,6 +25,14 @@ enum TSG_FS2_TYPE{
|
||||
TSG_FS2_MAX
|
||||
};
|
||||
|
||||
struct _str2index
|
||||
{
|
||||
int index;
|
||||
int len;
|
||||
char *type;
|
||||
};
|
||||
|
||||
|
||||
typedef struct _policy_priority_label
|
||||
{
|
||||
tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
|
||||
@@ -50,4 +59,73 @@ typedef struct _tsg_para
|
||||
extern g_tsg_para_t g_tsg_para;
|
||||
|
||||
|
||||
|
||||
typedef enum _tsg_statis_field_id
|
||||
{
|
||||
STATIS_UNKNOWN=0,
|
||||
STATIS_ENTRANCE_ID=1,
|
||||
STATIS_TOTAL_CON_NUM,
|
||||
STATIS_NEW_CON_NUM,
|
||||
STATIS_LIVE_CON_NUM,
|
||||
STATIS_CLOSE_CON_NUM,
|
||||
STATIS_TOTAL_IN_BYTES,
|
||||
STATIS_TOTAL_OUT_BYTES,
|
||||
STATIS_TOTAL_IN_PACKETS,
|
||||
STATIS_TOTAL_OUT_PACKETS,
|
||||
STATIS_DEFAULT_CON_NUM,
|
||||
STATIS_DEFAULT_IN_BYTES,
|
||||
STATIS_DEFAULT_OUT_BYTES,
|
||||
STATIS_DEFAULT_IN_PACKETS,
|
||||
STATIS_DEFAULT_OUT_PACKETS,
|
||||
STATIS_ALLOW_CON_NUM,
|
||||
STATIS_ALLOW_IN_BYTES,
|
||||
STATIS_ALLOW_OUT_BYTES,
|
||||
STATIS_ALLOW_IN_PACKETS,
|
||||
STATIS_ALLOW_OUT_PACKETS,
|
||||
STATIS_DENY_CON_NUM,
|
||||
STATIS_DENY_IN_BYTES,
|
||||
STATIS_DENY_OUT_BYTES,
|
||||
STATIS_DENY_IN_PACKETS,
|
||||
STATIS_DENY_OUT_PACKETS,
|
||||
STATIS_MONITOR_CON_NUM,
|
||||
STATIS_MONITOR_IN_BYTES,
|
||||
STATIS_MONITOR_OUT_BYTES,
|
||||
STATIS_MONITOR_IN_PACKETS,
|
||||
STATIS_MONITOR_OUT_PACKETS,
|
||||
STATIS_INTERCEPT_CON_NUM,
|
||||
STATIS_INTERCEPT_IN_BYTES,
|
||||
STATIS_INTERCEPT_OUT_BYTES,
|
||||
STATIS_INTERCEPT_IN_PACKETS,
|
||||
STATIS_INTERCEPT_OUT_PACKETS,
|
||||
STATIS_MAX
|
||||
}tsg_statis_field_id_t;
|
||||
|
||||
enum TRAFFIC_INFO_IDX
|
||||
{
|
||||
TRAFFIC_INFO_ALLOW=0,
|
||||
TRAFFIC_INFO_DENY,
|
||||
TRAFFIC_INFO_MONITOR,
|
||||
TRAFFIC_INFO_INTERCEPT,
|
||||
TRAFFIC_INFO_MAX
|
||||
};
|
||||
|
||||
struct _traffic_info
|
||||
{
|
||||
long long con_num;
|
||||
long long in_bytes;
|
||||
long long out_bytes;
|
||||
long long in_packets;
|
||||
long long out_packets;
|
||||
};
|
||||
|
||||
typedef struct _tsg_statistic
|
||||
{
|
||||
int cycle;
|
||||
int fs_field_id[STATIS_MAX];
|
||||
struct _traffic_info *traffic_info[TSG_ACTION_MAX];
|
||||
screen_stat_handle_t fs2_handle;
|
||||
}tsg_statis_para_t;
|
||||
|
||||
int tsg_statistic_init(const char *conffile, void *logger);
|
||||
|
||||
#endif
|
||||
@@ -34,6 +34,15 @@ enum kni_scan_table{
|
||||
const char *g_kni_scan_table_name[SCAN_TABLE_MAX];
|
||||
int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0};
|
||||
|
||||
|
||||
const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"},
|
||||
{TSG_METHOD_TYPE_DROP, 4, (char *)"drop"},
|
||||
{TSG_METHOD_TYPE_REDIRECTION, 8, (char *)"redirect"},
|
||||
{TSG_METHOD_TYPE_BLOCK, 5, (char *)"block"},
|
||||
{TSG_METHOD_TYPE_BLOCK, 5, (char *)"rst"}
|
||||
};
|
||||
|
||||
|
||||
void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp)
|
||||
{
|
||||
void *logger=argp;
|
||||
@@ -576,3 +585,18 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num)
|
||||
return p_result;
|
||||
}
|
||||
|
||||
int tsg_get_method_id(char *method)
|
||||
{
|
||||
int i=0;
|
||||
|
||||
for(i=0; i<TSG_METHOD_TYPE_MAX; i++)
|
||||
{
|
||||
if(method2index[i].len==(int)strlen(method) && (strncasecmp(method2index[i].type, method, method2index[i].len))==0)
|
||||
{
|
||||
return method2index[i].index;
|
||||
}
|
||||
}
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -238,7 +238,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int load_log_common_field(const char *filename, id2field_t *id2field, id2field_t *service2topic)
|
||||
int load_log_common_field(const char *filename, id2field_t *id2field, id2field_t *service2topic)
|
||||
{
|
||||
int i=0;
|
||||
int ret=0,id=0;
|
||||
@@ -313,10 +313,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
|
||||
|
||||
_instance=(struct tsg_log_instance_t *)calloc(1, sizeof(struct tsg_log_instance_t));
|
||||
|
||||
MESA_load_profile_int_def(conffile, "TSG_LOG", "MODE",&(_instance->mode), 0);
|
||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL);
|
||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL);
|
||||
|
||||
MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(level), 30);
|
||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", log_path, sizeof(log_path), NULL);
|
||||
|
||||
@@ -327,6 +323,15 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
MESA_load_profile_int_def(conffile, "TSG_LOG", "MODE",&(_instance->mode), 0);
|
||||
if(_instance->mode==CLOSE)
|
||||
{
|
||||
MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "TSG_LOG", "Disable tsg_send_log");
|
||||
return _instance;
|
||||
}
|
||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL);
|
||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL);
|
||||
|
||||
MESA_load_profile_string_def(conffile, "TSG_LOG", "NIC_NAME", nic_name, sizeof(nic_name), "eth0");
|
||||
ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
|
||||
if(ret<0)
|
||||
|
||||
Reference in New Issue
Block a user