summaryrefslogtreecommitdiff
path: root/src/T2_HTTP_DIG_BIZ.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/T2_HTTP_DIG_BIZ.cpp')
-rw-r--r--src/T2_HTTP_DIG_BIZ.cpp201
1 files changed, 201 insertions, 0 deletions
diff --git a/src/T2_HTTP_DIG_BIZ.cpp b/src/T2_HTTP_DIG_BIZ.cpp
new file mode 100644
index 0000000..1f38505
--- /dev/null
+++ b/src/T2_HTTP_DIG_BIZ.cpp
@@ -0,0 +1,201 @@
+#include <iconv.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include <arpa/inet.h>
+
+#include "T2_HTTP_DIG_BIZ.h"
+
+static const char *module_name = "T2_HTTP_DIG_BIZ";
+static const char *t2_biz_conf_file = "./t2conf/T2_HTTP_DIG_BIZ.conf";
+
+static char T2_HTTP_DIG_BIZ_VERSION_20190121 = 0;
+static g_http_dig_biz_info_t g_http_dig_biz_info;
+
+static int init_t2_dig_context(t2_digapis_context_t **param, soq_protocol_t proto, int thread_seq)
+{
+ t2_digapis_context_t *pme;
+
+ pme = (t2_digapis_context_t *)calloc(1, sizeof(t2_digapis_context_t));
+ *param = pme;
+ return 0;
+}
+
+static void destroy_t2_dig_context(t2_digapis_context_t *pme)
+{
+ int ret;
+ digapis_error_msg dig_emsg;
+ digapis_detector_result result;
+
+ ret = digapis_detector_thread_init();
+ if(ret < 0)
+ {
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_FATAL, module_name, "<%s>%d: digapis_detector_thread_init error", __FILE__, __LINE__);
+ }
+
+ memset(&result, 0, sizeof(digapis_detector_result));
+ result.is_ipv4 = pme->is_ipv4;
+ snprintf(result.sip, 128, "%s", pme->sip);
+ snprintf(result.dip, 128, "%s", pme->dip);
+ result.sport = pme->sport;
+ result.dport = pme->dport;
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_INFO, module_name, "<%s>%d: HTTP stream.", __FILE__, __LINE__);
+
+ ret = digapis_detector_process_request((const unsigned char*)pme->request, pme->request_len, &result, &dig_emsg);
+ if(ret != 0)
+ {
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_FATAL, module_name, "<%s>%d: digapis_detector_process_request error! request_msg:%s", __FILE__, __LINE__, pme->request);
+ }
+ else
+ {
+ if(result.request_category_1 != 0)
+ {
+ ret = digapis_detector_process_response((const unsigned char*)pme->request, pme->request_len, (const unsigned char*)pme->response, pme->response_len, &result, &dig_emsg);
+ if(ret != 0)
+ {
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_FATAL, module_name, "<%s>%d: digapis_detector_process_response error! response_msg:%s", __FILE__, __LINE__, pme->response);
+ }
+ else
+ {
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_INFO, module_name, "<%s>%d: digapis_detector_process_response success.", __FILE__, __LINE__);
+ }
+ }
+ }
+ free(pme);
+ pme = NULL;
+}
+
+int T2_HTTP_DIGAPI_ENTRY(stSessionInfo* session_info, void **param, int thread_seq, struct streaminfo *a_stream, void *a_packet)
+{
+ t2_digapis_context_t *pme = (t2_digapis_context_t *)*param;
+ http_infor* http_info = (http_infor*)session_info->app_info;
+
+ if(NULL == session_info)
+ {
+ destroy_t2_dig_context(pme);
+ *param = NULL;
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_FATAL, module_name, "session_info is NULL");
+ return PROT_STATE_DROPME;
+ }
+
+ if(session_info->session_state&SESSION_STATE_PENDING)
+ {
+ if((init_t2_dig_context(&pme, PROTO_HTTP, thread_seq)) < 0)
+ {
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_FATAL, module_name, "init_process_context failed ...");
+ return PROT_STATE_DROPME;
+ }
+ *param = pme;
+ if(ADDR_TYPE_IPV4 == a_stream->addr.addrtype)
+ {
+ pme->is_ipv4 = 1;
+ inet_ntop(AF_INET, &(((struct stream_tuple4_v4*)a_stream->addr.tuple4_v4)->saddr), pme->sip, 128);
+ inet_ntop(AF_INET, &(((struct stream_tuple4_v4*)a_stream->addr.tuple4_v4)->daddr), pme->dip, 128);
+ pme->sport = ntohs(((struct stream_tuple4_v4*)a_stream->addr.tuple4_v4)->source);
+ pme->dport = ntohs(((struct stream_tuple4_v4*)a_stream->addr.tuple4_v4)->dest);
+ }
+ if(ADDR_TYPE_IPV6 == a_stream->addr.addrtype)
+ {
+ pme->is_ipv4 = 0;
+ inet_ntop(AF_INET6, ((struct stream_tuple4_v6*)a_stream->addr.tuple4_v6)->saddr, pme->sip, 128);
+ inet_ntop(AF_INET6, ((struct stream_tuple4_v6*)a_stream->addr.tuple4_v6)->daddr, pme->dip, 128);
+ pme->sport = ntohs(((struct stream_tuple4_v6*)a_stream->addr.tuple4_v6)->source);
+ pme->dport = ntohs(((struct stream_tuple4_v6*)a_stream->addr.tuple4_v6)->dest);
+ }
+ }
+
+ if(HTTP_REQ_LINE == session_info->prot_flag && (pme->request_len+session_info->buflen+2)< REQUEST_MAX_LENGTH)
+ {
+ memcpy(pme->request+pme->request_len, session_info->buf, session_info->buflen);
+ pme->request_len += session_info->buflen;
+ memcpy(pme->request+pme->request_len, "\r\n", 2);
+ pme->request_len += 2;
+ }
+ if(HTTP_RES_LINE == session_info->prot_flag &&(pme->response_len+session_info->buflen+2)<RESPONSE_MAX_LENGTH)
+ {
+ memcpy(pme->response+pme->response_len, session_info->buf, session_info->buflen);
+ pme->response_len += session_info->buflen;
+ memcpy(pme->response+pme->response_len, "\r\n", 2);
+ pme->response_len += 2;
+ }
+ if(HTTP_UNGZIP_CONTENT == session_info->prot_flag && 0x01 == a_stream->curdir && (pme->request_len+session_info->buflen+4)< REQUEST_MAX_LENGTH)
+ {
+ memcpy(pme->request+pme->request_len, "\r\n", 2);
+ pme->request_len += 2;
+ memcpy(pme->request+pme->request_len, session_info->buf, session_info->buflen);
+ pme->request_len += session_info->buflen;
+ memcpy(pme->request+pme->request_len, "\r\n", 2);
+ pme->request_len += 2;
+ }
+ if(HTTP_UNGZIP_CONTENT == session_info->prot_flag && 0x02 == a_stream->curdir && (pme->response_len+session_info->buflen+4)<RESPONSE_MAX_LENGTH)
+ {
+ memcpy(pme->response+pme->response_len, "\r\n", 2);
+ pme->response_len += 2;
+ memcpy(pme->response+pme->response_len, session_info->buf, session_info->buflen);
+ pme->response_len += session_info->buflen;
+ memcpy(pme->response+pme->response_len, "\r\n", 2);
+ pme->response_len += 2;
+ }
+
+ if(http_info->append_infor.contlen > 0)
+ {
+ if(http_info->curdir == 1 && (pme->request_len+http_info->append_infor.contlen+2)< REQUEST_MAX_LENGTH)
+ {
+ memcpy(pme->request+pme->request_len, http_info->append_infor.content, http_info->append_infor.contlen);
+ pme->request_len += http_info->append_infor.contlen;
+ memcpy(pme->request+pme->request_len, "\r\n", 2);
+ pme->request_len += 2;
+ }
+ else if((pme->response_len+http_info->append_infor.contlen+2)<RESPONSE_MAX_LENGTH)
+ {
+ memcpy(pme->response+pme->response_len, http_info->append_infor.content, http_info->append_infor.contlen);
+ pme->response_len += http_info->append_infor.contlen;
+ memcpy(pme->response+pme->response_len, "\r\n", 2);
+ pme->response_len += 2;
+ }
+ }
+
+ if((session_info->session_state&SESSION_STATE_CLOSE))
+ {
+ destroy_t2_dig_context(pme);
+ *param = NULL;
+ }
+ return PROT_STATE_GIVEME;
+}
+
+int T2_HTTP_DIG_BIZ_INIT(void)
+{
+ digapis_detector_cfg dig_cfg;
+ digapis_error_msg dig_emsg;
+
+ memset(&g_http_dig_biz_info, 0, sizeof(g_http_dig_biz_info_t));
+
+ MESA_load_profile_int_def(t2_biz_conf_file, "HTTP_BIZ", "RUN_RLOG_LV", &g_http_dig_biz_info.run_rlog_lv, 10);
+ MESA_load_profile_string_def(t2_biz_conf_file, "HTTP_BIZ", "RUN_LOG_PATH", g_http_dig_biz_info.run_log_path, MAX_PATH_LEN, "./t2log/T2_HTTP_DIG_BIZ.log");
+
+ g_http_dig_biz_info.run_log_handle = MESA_create_runtime_log_handle(g_http_dig_biz_info.run_log_path, g_http_dig_biz_info.run_rlog_lv);
+ if(g_http_dig_biz_info.run_log_handle == NULL)
+ {
+ printf("<%s>%d: MESA_create_runtime_log_handle failed ...\n", __FILE__, __LINE__);
+ return -1;
+ }
+
+ memset(&dig_cfg, 0, sizeof(digapis_detector_cfg));
+ MESA_load_profile_string_def(t2_biz_conf_file, "HTTP_BIZ", "ES_URL", dig_cfg.es_url, MAX_PATH_LEN, "http://elastic:[email protected]:39200/");
+ MESA_load_profile_string_def(t2_biz_conf_file, "HTTP_BIZ", "ES_INDEX", dig_cfg.es_index, 128, "aiids_tcp_");
+ MESA_load_profile_string_def(t2_biz_conf_file, "HTTP_BIZ", "ES_DOC_TYPE", dig_cfg.es_doc_type, 128, "vulnerability");
+
+ int ret = digapis_detector_init(&dig_cfg, &dig_emsg);
+ if(ret != 0)
+ {
+ MESA_handle_runtime_log(g_http_dig_biz_info.run_log_handle, RLOG_LV_FATAL, module_name, "<%s>%d: digapis_detector_init error", __FILE__, __LINE__);
+ return -1;
+ }
+ return 0;
+}
+
+void T2_HTTP_DIG_BIZ_DESTROY()
+{
+
+}
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:05:25 +0000