summaryrefslogtreecommitdiff
path: root/decoders
diff options
context:
space:
mode:
authorroot <[email protected]>2024-09-04 02:03:05 +0000
committerroot <[email protected]>2024-09-04 02:03:05 +0000
commit654718c56f50616fdcb38d9e26e2b11e99aea5e3 (patch)
treea768848a32261a685ade259783a9c838bbe85879 /decoders
parentf42aa76d5cc0d1e9733cbc3b1f8a118db5806c9c (diff)
remove tunneling flag in session_flags
Diffstat (limited to 'decoders')
-rw-r--r--decoders/session_flags/CMakeLists.txt6
-rw-r--r--decoders/session_flags/session_flags.cpp7
-rw-r--r--decoders/session_flags/session_flags_internal.h5
-rw-r--r--decoders/session_flags/session_flags_plugin.cpp11
-rw-r--r--decoders/session_flags/tunneling.cpp217
-rw-r--r--decoders/session_flags/tunneling.h18
6 files changed, 3 insertions, 261 deletions
diff --git a/decoders/session_flags/CMakeLists.txt b/decoders/session_flags/CMakeLists.txt
index 3302328..ea9308c 100644
--- a/decoders/session_flags/CMakeLists.txt
+++ b/decoders/session_flags/CMakeLists.txt
@@ -1,15 +1,15 @@
add_subdirectory(mesa_sts)
add_definitions(-fPIC)
-set(SESSION_FLAGS_SRC session_flags_plugin.cpp session_flags.cpp fet.cpp tunneling.cpp onlinemean.c)
+set(SESSION_FLAGS_SRC session_flags_plugin.cpp session_flags.cpp fet.cpp onlinemean.c)
add_library(session_flags STATIC ${SESSION_FLAGS_SRC})
add_library(session_flags_dyn SHARED ${SESSION_FLAGS_SRC})
set_target_properties(session_flags PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
target_include_directories(session_flags PUBLIC ${CMAKE_SOURCE_DIR}/deps/)
include_directories(${CMAKE_BINARY_DIR}/vendors/cjson/src/cjson/include)
-target_link_libraries(session_flags toml cjson-static hyperscan_static hyperscan_runtime_static libmesa_sts)
+target_link_libraries(session_flags toml cjson-static libmesa_sts)
set_target_properties(session_flags PROPERTIES PREFIX "")
set_target_properties(session_flags_dyn PROPERTIES PREFIX "")
-target_link_libraries(session_flags_dyn toml cjson-static hyperscan_static hyperscan_runtime_static libmesa_sts) \ No newline at end of file
+target_link_libraries(session_flags_dyn toml cjson-static libmesa_sts) \ No newline at end of file
diff --git a/decoders/session_flags/session_flags.cpp b/decoders/session_flags/session_flags.cpp
index 6f7443f..5abee7e 100644
--- a/decoders/session_flags/session_flags.cpp
+++ b/decoders/session_flags/session_flags.cpp
@@ -737,13 +737,6 @@ struct session_flags_result *session_flags(struct session_flags_plugin_info *sf_
session_flags_calculate_dir(stat, all_pkts);
session_flags_calculate_random_looking(sf_plugin_info, stat, session, topic_id, all_pkts);
- const struct packet *pkt = session_get0_current_packet(session);
- size_t payload_len = packet_get_payload_len(pkt);
- if (g_sf_conf.tunneling_enabled && payload_len > 0 && (topic_id == sf_plugin_info->tcp_topic_id))// detect tunneling on tcp only
- {
- tunneling_scan_sequence(sf_plugin_info, session, ctx, payload_len, flow_type, all_pkts);
- }
-
if (stat->stream_live_time_ms >= START_JUDGE_TIME_MS)
{
if (all_pkts > g_sf_conf.main_dir_front_n_pkts)
diff --git a/decoders/session_flags/session_flags_internal.h b/decoders/session_flags/session_flags_internal.h
index eea0b20..af6e6b3 100644
--- a/decoders/session_flags/session_flags_internal.h
+++ b/decoders/session_flags/session_flags_internal.h
@@ -1,9 +1,7 @@
#pragma once
#include <stdint.h>
#include "onlinemean.h"
-#include "tunneling.h"
-#include "hs/hs_runtime.h"
#include "stellar/session.h"
#include "stellar/session_flags.h"
#include "toml/toml.h"
@@ -80,7 +78,6 @@ struct session_flags_plugin_info{
int session_flags_topic_id;
int tcp_topic_id;
int udp_topic_id;
- hs_database_t *tunneling_hs_db;
};
struct session_flags_iter_values
@@ -134,7 +131,6 @@ struct session_flags_stat
uint64_t last_iter_ts_ms;
int main_dir;
struct random_looking_stat_info random_looking_stat;
- struct tunneling_stat_info tunneling_stat;
struct session_flags_iter iter;
struct session_flags_result result;
};
@@ -142,7 +138,6 @@ struct session_flags_stat
struct session_flags_ctx
{
struct session_flags_stat stat;
- hs_stream_t *tunneling_hs_stream;
uint64_t history_flags;
};
diff --git a/decoders/session_flags/session_flags_plugin.cpp b/decoders/session_flags/session_flags_plugin.cpp
index bbeb0c0..ffd5354 100644
--- a/decoders/session_flags/session_flags_plugin.cpp
+++ b/decoders/session_flags/session_flags_plugin.cpp
@@ -65,8 +65,6 @@ static void session_flags_exdata_free_cb(int idx, void *ex_ptr, void *arg)
{
return;
}
- struct session_flags_ctx *ctx = (struct session_flags_ctx *)ex_ptr;
- tunneling_hs_stream_free(ctx);
free(ex_ptr);
}
@@ -89,10 +87,6 @@ void session_flags_entry(struct session *session, int topic_id, const void *msg,
session_exdata_set(session, sf_plugin_info->sess_ctx_exdata_idx, ctx);
session_flags_stat_init(&ctx->stat, session_get_direction(session));
- if (g_sf_conf.tunneling_enabled)
- {
- tunneling_hs_stream_init(sf_plugin_info, ctx);
- }
}
struct session_flags_stat *stat = &ctx->stat;
@@ -316,7 +310,6 @@ extern "C" void *session_flags_plugin_init(struct stellar *st)
memset(&g_sf_conf, 0, sizeof(g_sf_conf));
session_flags_load_config(sf_plugin_info, CFG_FILE_PATH, &g_sf_conf);
- tunneling_hyperscan_engine_init(sf_plugin_info, &g_sf_conf);
json = cJSON_Parse(g_sf_conf.random_looking_judge_list);
if (json == NULL)
@@ -400,10 +393,6 @@ extern "C" void session_flags_plugin_exit(void *plugin_ctx)
return;
}
- struct session_flags_plugin_info *sf_plugin_info = (struct session_flags_plugin_info *)plugin_ctx;
-
- tunneling_hyperscan_engine_exit(sf_plugin_info->tunneling_hs_db);
-
free(plugin_ctx);
return;
diff --git a/decoders/session_flags/tunneling.cpp b/decoders/session_flags/tunneling.cpp
deleted file mode 100644
index 987ffc5..0000000
--- a/decoders/session_flags/tunneling.cpp
+++ /dev/null
@@ -1,217 +0,0 @@
-#include <cctype>
-#include <stdlib.h>
-#include <stdio.h>
-#include "cJSON.h"
-#include "session_flags_internal.h"
-#include "tunneling.h"
-#include "stellar/log.h"
-
-#define UNUSED(x) (void)(x)
-
-thread_local hs_scratch_t *hs_scratch = NULL;
-extern struct session_flags_init_conf g_sf_conf;
-
-static char tunneling_length_to_character(enum flow_type flow_type, size_t len)
-{
- char ret;
-
- switch(len)
- {
- case 1 ... 200:
- ret = 'A';
- break;
- case 201 ... 600:
- ret = 'B';
- break;
- case 601 ... 1000:
- ret = 'C';
- break;
- case 1001 ... 1460:
- ret = 'D';
- break;
- default:
- ret = 'Z';
- break;
- }
-
- if (flow_type == FLOW_TYPE_C2S)
- {
- return ret;
- }
- else
- {
- return tolower(ret);
- }
-}
-
-static int tunneling_match_event_handler(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, void *context) {
- UNUSED(id);
- UNUSED(from);
- UNUSED(to);
- UNUSED(flags);
-
- struct session_flags_ctx *ctx = (struct session_flags_ctx *)context;
- ctx->stat.result.flags |= SESSION_FLAGS_TUNNELING;
- return 0;
-}
-
-int tunneling_scan_sequence(struct session_flags_plugin_info *sf_plugin_info, struct session *session, struct session_flags_ctx *ctx, size_t payload_len, enum flow_type flow_type, uint64_t pkts_cnt)
-{
- if (ctx->stat.result.flags & SESSION_FLAGS_TUNNELING)
- {
- return 0;
- }
-
- ctx->stat.tunneling_stat.payload_pkt_num++;
- if (ctx->stat.result.is_tls && ctx->stat.tunneling_stat.payload_pkt_num <= g_sf_conf.tunneling_tls_ignore_pkts)
- {
- return 0;
- }
-
- if((ctx->stat.result.is_tls==0) && (ctx->stat.tunneling_stat.payload_pkt_num > g_sf_conf.tunneling_max_scan_pkts))
- {
- return 0;
- }
-
- if((ctx->stat.result.is_tls) && (ctx->stat.tunneling_stat.payload_pkt_num > g_sf_conf.tunneling_max_scan_pkts+g_sf_conf.tunneling_tls_ignore_pkts))
- {
- return 0;
- }
-
- if (hs_scratch == NULL)
- {
- hs_error_t err = hs_alloc_scratch(sf_plugin_info->tunneling_hs_db, &hs_scratch);
- if (err != HS_SUCCESS)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "hs_alloc_scratch failed, err:%d", err);
- return -1;
- }
- }
-
- char tunneling_seq_char = tunneling_length_to_character(flow_type, payload_len);
- STELLAR_LOG_DEBUG(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "session: %s, is tls:%s, total_num: %d, payload_pkt_num: %d, tunneling_seq_char:%c, payload_len:%d",
- session_get0_readable_addr(session), ctx->stat.result.is_tls == true ? "yes":"no", pkts_cnt, ctx->stat.tunneling_stat.payload_pkt_num, tunneling_seq_char, payload_len);
-
- hs_error_t err = hs_scan_stream(ctx->tunneling_hs_stream, &tunneling_seq_char, 1, 0, hs_scratch, tunneling_match_event_handler, ctx);
- if (err != HS_SUCCESS)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "hs_scan_stream failed, err:%d", err);
- return -1;
- }
- if (ctx->stat.result.flags & SESSION_FLAGS_TUNNELING)
- {
- ctx->stat.result.identify[session_flags_tunneling_mask] = pkts_cnt;
- }
-
- return 0;
-}
-
-void tunneling_hs_stream_init(struct session_flags_plugin_info *sf_plugin_info, struct session_flags_ctx *ctx)
-{
- hs_error_t err = hs_open_stream(sf_plugin_info->tunneling_hs_db, 0, &ctx->tunneling_hs_stream);
- if (err != HS_SUCCESS)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "hs_open_stream failed, err:%d", err);
- return;
- }
-}
-
-void tunneling_hs_stream_free(struct session_flags_ctx *ctx)
-{
- if (ctx->tunneling_hs_stream == NULL)
- {
- return;
- }
-
- hs_close_stream(ctx->tunneling_hs_stream, hs_scratch, NULL, NULL);
-}
-
-int tunneling_hyperscan_engine_init(struct session_flags_plugin_info *sf_plugin_info, struct session_flags_init_conf *g_sf_conf)
-{
- cJSON *json = NULL, *item = NULL;
- int array_num;
- char **pcre = NULL;
- hs_compile_error_t *compile_err;
- hs_error_t err;
- unsigned int *flags = NULL;
- unsigned int *ids = NULL;
- int ret = 0;
-
- g_sf_conf->tunneling_enabled = 0;
-
- json = cJSON_Parse(g_sf_conf->tunneling_pcre_list);
- if (json == NULL)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "cJSON_Parse failed, tunneling_pcre_list:%s", g_sf_conf->tunneling_pcre_list);
- goto END;
- }
- item = cJSON_GetObjectItem(json, "tunneling_pcre_list");
- if (item == NULL)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "cJSON_GetObjectItem failed, tunneling_pcre_list:%s", g_sf_conf->tunneling_pcre_list);
- goto END;
- }
- array_num = cJSON_GetArraySize(item);
- if (array_num < 0)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "array size error, array_num:%d", array_num);
- goto END;
- }
-
- if (array_num == 0)
- {
- goto END;
- }
-
- g_sf_conf->tunneling_enabled = 1;
- pcre = (char **)calloc(array_num, sizeof(char *));
- for (int i = 0; i < array_num; i++)
- {
- pcre[i] = cJSON_GetArrayItem(item, i)->valuestring;
- }
-
- flags = (unsigned int *)calloc(array_num, sizeof(unsigned int));
- ids = (unsigned int *)calloc(array_num, sizeof(unsigned int));
- for (int i = 0; i < array_num; i++)
- {
- flags[i] = HS_FLAG_DOTALL;
- ids[i] = i;
- }
-
- err = hs_compile_multi(pcre, flags, ids, array_num, HS_MODE_STREAM, NULL, &sf_plugin_info->tunneling_hs_db, &compile_err);
- if (err != HS_SUCCESS)
- {
- STELLAR_LOG_FATAL(sf_plugin_info->log_handle, SESSION_FLAGS_LOG_MODULE, "hs_compile_multi failed, err:%d, pattern id: %d, err_msg: %s, pattern: %s", err, compile_err->expression, compile_err->message, pcre[compile_err->expression]);
- cJSON_Delete(json);
- free(pcre);
- ret = -1;
- goto END;
- }
-
-END:
- if (json != NULL)
- {
- cJSON_Delete(json);
- }
- if (pcre != NULL)
- {
- free(pcre);
- }
- if (flags != NULL)
- {
- free(flags);
- }
- if (ids != NULL)
- {
- free(ids);
- }
- return ret;
-}
-
-void tunneling_hyperscan_engine_exit(hs_database_t *tunneling_hs_db)
-{
- if (tunneling_hs_db != NULL)
- {
- hs_free_database(tunneling_hs_db);
- }
-}
diff --git a/decoders/session_flags/tunneling.h b/decoders/session_flags/tunneling.h
deleted file mode 100644
index 50fc3fe..0000000
--- a/decoders/session_flags/tunneling.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#pragma once
-
-#include <cstdint>
-#include <stdlib.h>
-#include <hs/hs_common.h>
-#include <hs/hs.h>
-#include "stellar/session.h"
-
-struct tunneling_stat_info
-{
- uint8_t payload_pkt_num;
-};
-
-int tunneling_scan_sequence(struct session_flags_plugin_info *sf_plugin_info, struct session *session, struct session_flags_ctx *ctx, size_t payload_len, flow_type flow_type, uint64_t pkts_cnt);
-void tunneling_hs_stream_init(struct session_flags_plugin_info *sf_plugin_info, struct session_flags_ctx *ctx);
-void tunneling_hs_stream_free(struct session_flags_ctx *ctx);
-int tunneling_hyperscan_engine_init(struct session_flags_plugin_info *sf_plugin_info, struct session_flags_init_conf *g_sf_conf);
-void tunneling_hyperscan_engine_exit(hs_database_t *tunneling_hs_db); \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 15:55:11 +0000