add hw_binary
This commit is contained in:
Junzy
@@ -21,10 +21,25 @@
|
||||
#define HW_EVENT_ADD "SESSION_BUILT"
|
||||
#define HW_EVENT_DEL "SESSION_TEARDOWN"
|
||||
|
||||
#define HW_EVENT_NEW 0x01
|
||||
#define HW_EVENT_AGED 0x02
|
||||
#define HW_EVENT_PERIOD 0x03
|
||||
|
||||
#define HS_EVENT_ADD "Session created"
|
||||
#define HS_EVENT_DEL_1 "Normal over"
|
||||
#define HS_EVENT_DEL_2 "Aged for timeout"
|
||||
#define HS_EVENT_DEL_3 "Active data flow timeout"
|
||||
#define HS_EVENT_DEL_4 "Aged for reset or config-change"
|
||||
#define HS_EVENT_DEL_5 "Other"
|
||||
|
||||
#define FORMAT_LOG_PROTOCOL_ICMP 0x01
|
||||
#define FORMAT_LOG_PROTOCOL_TCP 0x06
|
||||
#define FORMAT_LOG_PROTOCOL_UDP 0x17
|
||||
|
||||
#define HW_BINARY_PROT_ICMP 1
|
||||
#define HW_BINARY_PROT_TCP 6
|
||||
#define HW_BINARY_PROT_UDP 17
|
||||
|
||||
struct nat_format_global_info g_nat_format_info;
|
||||
|
||||
char *multicast_payload;
|
||||
@@ -74,7 +89,7 @@ int extract_time(char *data, int data_len, const char *key, unsigned int *dst) {
|
||||
return 0;
|
||||
}
|
||||
// 函数:从字符串中提取字符串并转为标识
|
||||
int extract_protocol(char *data, int data_len, const char *key, char *dst) {
|
||||
int extract_protocol_hw(char *data, int data_len, const char *key, char *dst) {
|
||||
int offset;
|
||||
char protocol_str[20];
|
||||
if ((offset = get_value_offset(data, data_len, key)) == -1) { return -1; }
|
||||
@@ -90,6 +105,57 @@ int extract_protocol(char *data, int data_len, const char *key, char *dst) {
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
int extract_protocol_hs(char *data, int data_len, const char *key, char *dst) {
|
||||
int offset;
|
||||
char protocol_str[20];
|
||||
if ((offset = get_value_offset(data, data_len, key)) == -1) { return -1; }
|
||||
if (sscanf(data+offset, "%[^,]", protocol_str) != 1) { return -1; }
|
||||
if (strcmp(protocol_str, "TCP") == 0) {
|
||||
*dst = FORMAT_LOG_PROTOCOL_TCP;
|
||||
} else if (strcmp(protocol_str, "UDP") == 0) {
|
||||
*dst = FORMAT_LOG_PROTOCOL_UDP;
|
||||
} else if (strcmp(protocol_str, "ICMP") == 0) {
|
||||
*dst = FORMAT_LOG_PROTOCOL_ICMP;
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
// 函数:从字符串中提取字符串并转为标识
|
||||
int extract_action_hs(char *data, int data_len, const char *key, char *dst) {
|
||||
int offset;
|
||||
char action_str[50];
|
||||
if ((offset = get_value_offset(data, data_len, key)) == -1) { return -1; }
|
||||
if (sscanf(data+offset, "(%*d)%[^,]", action_str) != 1) { return -1; }
|
||||
if (strcmp(action_str, HS_EVENT_ADD) == 0) {
|
||||
*dst = FORMAT_LOG_ACTION_ADD;
|
||||
} else if (strcmp(action_str, HS_EVENT_DEL_1) == 0 || strcmp(action_str, HS_EVENT_DEL_2) == 0 || strcmp(action_str, HS_EVENT_DEL_3) == 0 || strcmp(action_str, HS_EVENT_DEL_4) == 0 || strcmp(action_str, HS_EVENT_DEL_5) == 0) {
|
||||
*dst = FORMAT_LOG_ACTION_DEL;
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
// 组播报文发送
|
||||
int send_multicast() {
|
||||
// 发之前统一填充发送时间
|
||||
time_t now;
|
||||
time(&now);
|
||||
unsigned int now_timestamp = (int)now;
|
||||
for (int i = 0; i < g_nat_format_info.batch_size; i++) {
|
||||
memcpy(multicast_payload + i*PAYLOAD_LEN+SEND_TIME_OFFSET, &now_timestamp, 4);
|
||||
}
|
||||
// 进行发送
|
||||
if (sendto(udp_socket, multicast_payload, PAYLOAD_LEN*g_nat_format_info.batch_size, 0, (struct sockaddr *)&dst_addr, sizeof(dst_addr)) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format", "Send multicast failed: %s", strerror(errno));
|
||||
cur_pkt--;
|
||||
return -1;
|
||||
}
|
||||
|
||||
cur_pkt = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
// 初始化函数
|
||||
int nat_format_init(void) {
|
||||
@@ -97,7 +163,7 @@ int nat_format_init(void) {
|
||||
MESA_load_profile_uint_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT", "magic_num", &g_nat_format_info.magic_num, 0x004e4154);
|
||||
MESA_load_profile_uint_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT", "version", &g_nat_format_info.version, 0x0200);
|
||||
|
||||
MESA_load_profile_uint_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_SEND", "batch_size", &g_nat_format_info.batch_size, 20);
|
||||
MESA_load_profile_int_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_SEND", "batch_size", &g_nat_format_info.batch_size, 20);
|
||||
MESA_load_profile_string_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_SEND", "host_ip", g_nat_format_info.host_ip, 16, "127.0.0.1");
|
||||
MESA_load_profile_int_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_SEND", "host_port", &g_nat_format_info.host_port, 5678);
|
||||
MESA_load_profile_string_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_SEND", "multicast_ip", g_nat_format_info.multicast_ip, 16, "224.88.88.88");
|
||||
@@ -177,13 +243,14 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void
|
||||
int32_t udp_data_len = a_udp->pudpdetail->datalen;
|
||||
unsigned short udp_port = ntohs(a_udp->addr.tuple4_v4->dest);
|
||||
|
||||
// 提取nat信息
|
||||
// 相同的nat基础信息
|
||||
struct nat_payload nat_payload;
|
||||
nat_payload.magic_num = htonl(g_nat_format_info.magic_num);
|
||||
nat_payload.version = htons((unsigned short)g_nat_format_info.version);
|
||||
nat_payload.fw_ip = a_udp->addr.tuple4_v4->saddr; // 防火墙ip为源ip,本身为二进制格式
|
||||
// 根据数据来源的端口采取不同的处理策略
|
||||
// 华为syslog格式:防火墙日志生成时间需要转换为时间戳、动作字符串需要转换为序号、点分十进制格式ip需要转换为二进制
|
||||
|
||||
// 需要分别提取的nat信息 -- syslog格式每个报文只携带一条日志,二进制格式每个报文携带多条日志
|
||||
// 华为syslog
|
||||
if (udp_port == g_nat_format_info.hw_syslog_port) {
|
||||
// <190>2024-01-25 01:41:37 JXNC_LTGC_Eudemon_A %%01SECLOG/6/SESSION_TEARDOWN(l):IPVer=4,Protocol=udp,SourceIP=10.119.25.34,DestinationIP=220.248.192.13,SourcePort=35040,DestinationPort=53,SourceNatIP=118.212.209.248,SourceNatPort=6438,BeginTime=1706147236,EndTime=1706147236,SourceVpnID=0,DestinationVpnID=0,SourceZone=pscenet,DestinationZone=untrust,PolicyName=---,CloseReason=aged-out.
|
||||
// sscanf(udp_data, "%*[^>]>%20[0-9: -]%*[^/]/%*[0-9]/%19[A-Z_]%*[^:]:IPVer=%*[^,],Protocol=%*[^,],SourceIP=%19[^,],DestinationIP=%19[^,],SourcePort=%hu,DestinationPort=%hu,SourceNatIP=%19[^,],SourceNatPort=%hu,BeginTime=%u,EndTime=%u", fw_log_time, action_str, src_intra_ip, dst_ip, &nat_payload.src_intra_port, &nat_payload.dst_port, src_extra_ip, &nat_payload.src_extra_port, &nat_payload.stream_start_timestamp, &nat_payload.stream_end_timestamp);
|
||||
@@ -212,8 +279,8 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
// 字段部分(按顺序排列):SourceIP、DestinationIP、SourcePort、DestinationPort、SourceNatIP、SourceNatPort、BeginTime、EndTime
|
||||
// 依次对应nat_payload的:src_intra_ip, dst_ip, src_intra_port, &dst_port, src_extra_ip, src_extra_port, stream_start_timestamp, stream_end_timestamp
|
||||
// 字段部分(按顺序排列):SourceIP、DestinationIP、SourcePort、DestinationPort、SourceNatIP、SourceNatPort、BeginTime、EndTime、Protocol
|
||||
// 依次对应nat_payload的:src_intra_ip, dst_ip, src_intra_port, &dst_port, src_extra_ip, src_extra_port, stream_start_timestamp, stream_end_timestamp, protocol
|
||||
|
||||
if (extract_ip(udp_data, udp_data_len, "SourceIP", &nat_payload.src_intra_ip) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei syslog", "SourceIP Not Found");
|
||||
@@ -255,33 +322,199 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_protocol(udp_data, udp_data_len, "Protocol", &nat_payload.protocol) < 0) {
|
||||
if (extract_protocol_hw(udp_data, udp_data_len, "Protocol", &nat_payload.protocol) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei syslog", "Protocol Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
} else if (udp_port == g_nat_format_info.hw_binary_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
} else if (udp_port == g_nat_format_info.h3_syslog_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
} else if (udp_port == g_nat_format_info.h3_binary_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
} else if (udp_port == g_nat_format_info.dp_syslog_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
} else if (udp_port == g_nat_format_info.dp_binary_port) {
|
||||
// 将提取出来的信息写进组播载荷
|
||||
memcpy(multicast_payload + cur_pkt*PAYLOAD_LEN, &nat_payload, PAYLOAD_LEN);
|
||||
cur_pkt++;
|
||||
|
||||
// 攒够20个进行发送
|
||||
if (cur_pkt == g_nat_format_info.batch_size) {
|
||||
send_multicast();
|
||||
}
|
||||
}
|
||||
// 华三syslog
|
||||
else if (udp_port == g_nat_format_info.h3_syslog_port) {
|
||||
// <6> Jan 25 09:08:33 2024 JXNC_HJZ_N6FW_H3C9014_1 %%10session/6/SESSION_IPV4_FLOW: -Slot=12.1; Protocol(1001)=UDP;Application(1002)=dns;SrcIPAddr(1003)=10.128.168.99;SrcPort(1004)=39000;NatSrcIPAddr(1005)=113.194.224.20;NatSrcPort(1006)=17306;DstIPAddr(1007)=220.248.192.13;DstPort(1008)=53;NatDstIPAddr(1009)=220.248.192.13;NatDstPort(1010)=53;InitPktCount(1044)=0;InitByteCount(1046)=0;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=01252024090804;EndTime_e(1014)=01252024090834;Event(1048)=(2)Aged for timeout;
|
||||
|
||||
// 字段前的部分:防火墙日志生成时间
|
||||
char fw_log_time_month[10];
|
||||
char fw_log_time_other[15];
|
||||
char fw_log_time[25];
|
||||
if (sscanf(udp_data, "%*[^>]> %s %15[0-9: ]", fw_log_time_month, fw_log_time_other) != 2) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "NAT extraction fw_log_time or action_str failed");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
sprintf(fw_log_time, "%s %s", fw_log_time_month, fw_log_time_other);
|
||||
struct tm fw_time;
|
||||
if (strptime(fw_log_time, "%b %d %H:%M:%S %Y ", &fw_time) == NULL) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "firewall log generation time extraction failed: %s", fw_log_time);
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
nat_payload.fw_log_timestamp = (unsigned int)mktime(&fw_time);
|
||||
|
||||
// 字段部分(按顺序排列):Protocol(1001)、SrcIPAddr(1003)、SrcPort(1004)、NatSrcIPAddr(1005)、NatSrcPort(1006)、DstIPAddr(1007)、DstPort(1008)、BeginTime_e(1013)、EndTime_e(1014)、Event(1048)
|
||||
|
||||
if (extract_protocol_hs(udp_data, udp_data_len, "Protocol(1001)", &nat_payload.protocol) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "Protocol(1001) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_ip(udp_data, udp_data_len, "SrcIPAddr(1003)", &nat_payload.src_intra_ip) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "SrcIPAddr(1003) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_port(udp_data, udp_data_len, "SrcPort(1004)", &nat_payload.src_intra_port) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "SrcPort(1004) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_ip(udp_data, udp_data_len, "NatSrcIPAddr(1005)", &nat_payload.src_extra_ip) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "NatSrcIPAddr(1005) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_port(udp_data, udp_data_len, "NATSrcPort(1006)", &nat_payload.src_extra_port) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "NATSrcPort(1006) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_ip(udp_data, udp_data_len, "DstIPAddr(1007)", &nat_payload.dst_ip) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "DstIPAddr(1007) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_port(udp_data, udp_data_len, "DstPort(1008)", &nat_payload.dst_port) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "DstPort(1008) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_time(udp_data, udp_data_len, "BeginTime_e(1013)", &nat_payload.stream_start_timestamp) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei syslog", "BeginTime_e(1013) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_time(udp_data, udp_data_len, "EndTime_e(1014)", &nat_payload.stream_end_timestamp) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "EndTime_e(1014) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
if (extract_action_hs(udp_data, udp_data_len, "Event(1048)", &nat_payload.action) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huasan syslog", "EndTime_e(1014) Not Found");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
// 将提取出来的信息写进组播载荷
|
||||
memcpy(multicast_payload + cur_pkt*PAYLOAD_LEN, &nat_payload, PAYLOAD_LEN);
|
||||
cur_pkt++;
|
||||
|
||||
// 攒够20个进行发送
|
||||
if (cur_pkt == g_nat_format_info.batch_size) {
|
||||
send_multicast();
|
||||
}
|
||||
}
|
||||
// 迪普syslog TODO
|
||||
else if (udp_port == g_nat_format_info.dp_syslog_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
// 将提取出来的信息写进组播载荷
|
||||
memcpy(multicast_payload + cur_pkt*PAYLOAD_LEN, &nat_payload, PAYLOAD_LEN);
|
||||
cur_pkt++;
|
||||
|
||||
// 攒够20个进行发送
|
||||
if (cur_pkt == 20) {
|
||||
if (sendto(udp_socket, multicast_payload, PAYLOAD_LEN*g_nat_format_info.batch_size, 0, (struct sockaddr *)&dst_addr, sizeof(dst_addr)) < 0) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei syslog", "Send multicast failed: %s", strerror(errno));
|
||||
// 华为二进制
|
||||
else if (udp_port == g_nat_format_info.hw_binary_port) {
|
||||
// 从head提取必要信息
|
||||
struct hw_binary_log_head *hb_head = (struct hw_binary_log_head *)udp_data;
|
||||
int body_len = 0;
|
||||
int event_offset = 0;
|
||||
if (hb_head->Version == HW_BINARY_VERSION_3) {
|
||||
event_offset = HW_BINARY_BODY_V3_EVENT_OFFSET;
|
||||
if (hb_head->LogType == HW_BINARY_TYPE_IPV4) { body_len = HW_BINARY_BODY_LENGTH_V3_IPV4; }
|
||||
else {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei Binary", "Unknown LogType %d for Version 0x03", hb_head->LogType);
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
} else if (hb_head->Version == HW_BINARY_VERSION_8) {
|
||||
event_offset = HW_BINARY_BODY_V8_EVENT_OFFSET;
|
||||
if (hb_head->LogType == HW_BINARY_TYPE_IPV4) { body_len = HW_BINARY_BODY_LENGTH_V8_IPV4; }
|
||||
else if (hb_head->LogType == HW_BINARY_TYPE_NOPAT) { body_len = HW_BINARY_BODY_LENGTH_V8_NOPAT; }
|
||||
else if (hb_head->LogType == HW_BINARY_TYPE_USER) { body_len = HW_BINARY_BODY_LENGTH_V8_USER; }
|
||||
else if (hb_head->LogType != HW_BINARY_TYPE_URL || hb_head->LogType != HW_BINARY_TYPE_TLV) {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei Binary", "Unknown LogType %d for Version 0x08", hb_head->LogType);
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
} else {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei Binary", "Unknown Version %d", hb_head->Version);
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
cur_pkt = 0;
|
||||
u_int16_t log_num = hb_head->Count;
|
||||
// 提取防火墙日志生成时间
|
||||
nat_payload.fw_log_timestamp = hb_head->Second;
|
||||
// 分别处理每一个body
|
||||
struct hw_binary_log_body *hb_body;
|
||||
int offset = sizeof(struct hw_binary_log_head);
|
||||
for (int i = 0; i < log_num; i++) {
|
||||
// 提取字段
|
||||
hb_body = (struct hw_binary_log_body *)(udp_data + offset);
|
||||
if (hb_body->Prot == HW_BINARY_PROT_ICMP) {
|
||||
nat_payload.protocol = FORMAT_LOG_PROTOCOL_ICMP;
|
||||
} else if (hb_body->Prot == HW_BINARY_PROT_TCP) {
|
||||
nat_payload.protocol = FORMAT_LOG_PROTOCOL_TCP;
|
||||
} else if (hb_body->Prot == HW_BINARY_PROT_UDP) {
|
||||
nat_payload.protocol = FORMAT_LOG_PROTOCOL_UDP;
|
||||
} else {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei Binary", "Prot %d Not Define", hb_body->Prot);
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
nat_payload.src_intra_ip = hb_body->SourceIP;
|
||||
nat_payload.src_extra_ip = hb_body->SrcNatIP;
|
||||
nat_payload.dst_ip = hb_body->DestIP;
|
||||
nat_payload.src_intra_port = hb_body->SrcPort;
|
||||
nat_payload.src_extra_port = hb_body->SrcNatPort;
|
||||
nat_payload.dst_port = hb_body->DestPort;
|
||||
nat_payload.stream_start_timestamp = hb_body->StartTime;
|
||||
nat_payload.stream_end_timestamp = hb_body->EndTime;
|
||||
// 动作字段跳到后面的EventTrend判断
|
||||
char EventTrend = *(udp_data + offset + event_offset);
|
||||
if (EventTrend == HW_EVENT_NEW) {
|
||||
nat_payload.action = FORMAT_LOG_ACTION_ADD;
|
||||
} else if (EventTrend == HW_EVENT_AGED) {
|
||||
nat_payload.action = FORMAT_LOG_ACTION_DEL;
|
||||
} else {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format Huawei Binary", "EventTrend %d Not Define", EventTrend);
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
// 将提取出来的信息写进组播载荷
|
||||
memcpy(multicast_payload + cur_pkt*PAYLOAD_LEN, &nat_payload, PAYLOAD_LEN);
|
||||
cur_pkt++;
|
||||
|
||||
// 攒够20个进行发送
|
||||
if (cur_pkt == g_nat_format_info.batch_size) {
|
||||
send_multicast();
|
||||
}
|
||||
|
||||
// 定位下一个body的offset -- 03版本28,08版本的IPV4、NOPAT为44,USER为209,URL、TLV每个不同,由附加长度确定
|
||||
if (i < log_num - 1) {
|
||||
if (body_len > 0) {
|
||||
offset += body_len;
|
||||
} else {
|
||||
char *tmp = (char *)hb_body;
|
||||
u_int16_t AppendLength = *(u_int16_t *)(tmp + sizeof(struct hw_binary_log_body) + HW_BINARY_BODY_V8_TLV_OFFSET);
|
||||
offset += (HW_BINARY_BODY_LENGTH_V8_IPV4 + AppendLength);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (udp_port == g_nat_format_info.h3_binary_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
else if (udp_port == g_nat_format_info.dp_binary_port) {
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
else {
|
||||
MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_INFO, "nat_format", "Unknown Port.");
|
||||
return APP_STATE_GIVEME;
|
||||
}
|
||||
|
||||
return APP_STATE_GIVEME;
|
||||
|
||||
@@ -5,12 +5,34 @@
|
||||
#include <MESA/MESA_handle_logger.h>
|
||||
#include <MESA/MESA_prof_load.h>
|
||||
|
||||
#pragma pack(1)
|
||||
|
||||
#define SEND_TIME_OFFSET 10
|
||||
|
||||
#define HW_BINARY_VERSION_3 0x03
|
||||
#define HW_BINARY_VERSION_8 0x08
|
||||
|
||||
#define HW_BINARY_TYPE_IPV4 0x04
|
||||
#define HW_BINARY_TYPE_NOPAT 0x10
|
||||
#define HW_BINARY_TYPE_USER 0x20
|
||||
#define HW_BINARY_TYPE_URL 0xF1
|
||||
#define HW_BINARY_TYPE_TLV 0x21
|
||||
|
||||
#define HW_BINARY_BODY_LENGTH_V3_IPV4 64
|
||||
#define HW_BINARY_BODY_LENGTH_V8_IPV4 80
|
||||
#define HW_BINARY_BODY_LENGTH_V8_NOPAT 80
|
||||
#define HW_BINARY_BODY_LENGTH_V8_USER 209
|
||||
#define HW_BINARY_BODY_V8_TLV_OFFSET 38
|
||||
|
||||
#define HW_BINARY_BODY_V3_EVENT_OFFSET 57
|
||||
#define HW_BINARY_BODY_V8_EVENT_OFFSET 72
|
||||
|
||||
// 全局配置信息
|
||||
struct nat_format_global_info {
|
||||
u_int32_t magic_num;
|
||||
u_int32_t version;
|
||||
|
||||
u_int32_t batch_size;
|
||||
int32_t batch_size;
|
||||
char host_ip[64];
|
||||
int32_t host_port;
|
||||
char multicast_ip[64];
|
||||
@@ -30,22 +52,64 @@ struct nat_format_global_info {
|
||||
|
||||
// 格式化NAT报文载荷
|
||||
struct nat_payload {
|
||||
unsigned int magic_num;
|
||||
unsigned short version;
|
||||
unsigned int fw_log_timestamp;
|
||||
unsigned int fw_ip;
|
||||
u_int32_t magic_num;
|
||||
u_int16_t version;
|
||||
u_int32_t fw_log_timestamp;
|
||||
u_int32_t send_timestamp = 0;
|
||||
u_int32_t fw_ip;
|
||||
char action;
|
||||
unsigned int stream_start_timestamp;
|
||||
unsigned int stream_end_timestamp;
|
||||
unsigned int src_intra_ip;
|
||||
unsigned short src_intra_port;
|
||||
unsigned int src_extra_ip;
|
||||
unsigned short src_extra_port;
|
||||
unsigned int dst_ip;
|
||||
unsigned short dst_port;
|
||||
u_int32_t stream_start_timestamp;
|
||||
u_int32_t stream_end_timestamp;
|
||||
u_int32_t src_intra_ip;
|
||||
u_int16_t src_intra_port;
|
||||
u_int32_t src_extra_ip;
|
||||
u_int16_t src_extra_port;
|
||||
u_int32_t dst_ip;
|
||||
u_int16_t dst_port;
|
||||
char protocol;
|
||||
};
|
||||
|
||||
// 华为二进制数据结构
|
||||
struct hw_binary_log_head {
|
||||
char Version;
|
||||
char LogType;
|
||||
u_int16_t Count;
|
||||
u_int32_t Second;
|
||||
u_int32_t FlowSequence;
|
||||
u_int16_t DeviceId;
|
||||
char Slot;
|
||||
char Reserved;
|
||||
};
|
||||
struct hw_binary_log_body {
|
||||
char Prot;
|
||||
char Operator;
|
||||
char IpVersion;
|
||||
char TosIPv4;
|
||||
u_int32_t SourceIP;
|
||||
u_int32_t SrcNatIP;
|
||||
u_int32_t DestIP;
|
||||
u_int32_t DestNatIP;
|
||||
u_int16_t SrcPort;
|
||||
u_int16_t SrcNatPort;
|
||||
u_int16_t DestPort;
|
||||
u_int16_t DestNatPort;
|
||||
u_int32_t StartTime;
|
||||
u_int32_t EndTime;
|
||||
// u_int16_t OurVpnIndex;
|
||||
// u_int16_t DestVpnIndex;
|
||||
// u_int32_t InTotalPkg;
|
||||
// u_int32_t OutTotalPkg;
|
||||
// u_int64_t InTotalByte;
|
||||
// u_int64_t OutTotalByte;
|
||||
// u_int16_t AppSubtypeId;
|
||||
// u_int16_t AppTypeId;
|
||||
// u_int32_t AppId;
|
||||
// char EventTrend;
|
||||
// char Reserved1;
|
||||
// u_int16_t Reserved2;
|
||||
// u_int32_t Reserved3;
|
||||
};
|
||||
|
||||
extern "C" int nat_format_init(void);
|
||||
extern "C" void nat_format_destroy(void);
|
||||
extern "C" char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void *a_packet);
|
||||
|
||||
Reference in New Issue
Block a user