增加tsg总控中头文件

3 files changed, 203 insertions, 0 deletions

diff --git a/entry/include/tsg/tsg_rule.h b/entry/include/tsg/tsg_rule.h
new file mode 100644
index 0000000..37a6cbf
--- /dev/null
+++ b/entry/include/tsg/tsg_rule.h
@@ -0,0 +1,82 @@
+#ifndef	__TSG_RULE_H__
+#define	__TSG_RULE_H__
+
+#include <MESA/Maat_rule.h>
+
+#define	TSG_ACTION_NONE			0x00
+#define	TSG_ACTION_MONITOR		0x01
+#define	TSG_ACTION_INTERCEPT	0x02
+#define	TSG_ACTION_DENY			0x10
+#define	TSG_ACTION_MANIPULATE	0x30
+#define	TSG_ACTION_BYPASS		0x80
+#define	TSG_ACTION_MAX			0x80
+
+enum TSG_ETHOD_TYPE
+{
+	TSG_METHOD_TYPE_UNKNOWN=0,
+	TSG_METHOD_TYPE_DROP,
+	TSG_METHOD_TYPE_REDIRECTION,
+	TSG_METHOD_TYPE_BLOCK,
+	TSG_METHOD_TYPE_RESET,
+	TSG_METHOD_TYPE_MAX
+};
+
+
+typedef enum _tsg_protocol
+{
+   PROTO_UNKONWN=0,
+   PROTO_IPv4=1,
+   PROTO_IPv6,
+   PROTO_TCP,
+   PROTO_UDP,
+   PROTO_HTTP,
+   PROTO_MAIL,
+   PROTO_DNS,
+   PROTO_FTP,
+   PROTO_SSL,
+   PROTO_SIP,
+   PROTO_BGP,
+   PROTO_STREAMING_MEDIA,
+   PROTO_MAX
+}tsg_protocol_t;
+
+
+#define	MAX_RESULT_NUM	8
+#define	MAX_DOAMIN_LEN	2048
+
+struct _identify_info
+{
+	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
+	int domain_len;
+	char domain[MAX_DOAMIN_LEN];
+};
+
+typedef	enum _PULL_RESULT_TYPE
+{
+	PULL_KNI_RESULT,
+	PULL_FW_RESULT
+}PULL_RESULT_TYPE;
+
+#define TSG_DOMAIN_MAX 	256
+
+extern Maat_feather_t g_tsg_maat_feather;
+
+int tsg_rule_init(const char *conffile, void *logger);
+
+int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
+
+//return 0 if failed, return >0 on success;
+int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
+
+//return -1 if failed, return 0 on success;
+int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
+
+//return value: -1: failed, 0: not hit, >0: hit count 
+int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
+
+//return NULL if none exists, otherwise return one deny rule;
+struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
+
+int tsg_get_method_id(char *method);
+
+#endif
diff --git a/entry/include/tsg/tsg_send_log.h b/entry/include/tsg/tsg_send_log.h
new file mode 100644
index 0000000..3223f36
--- /dev/null
+++ b/entry/include/tsg/tsg_send_log.h
@@ -0,0 +1,39 @@
+#ifndef	__TSG_SEND_LOG_H__
+#define	__TSG_SEND_LOG_H__
+
+#include <MESA/Maat_rule.h>
+
+
+typedef	struct _tsg_log
+{
+	int result_num;
+	Maat_rule_t *result;
+	struct streaminfo *a_stream;
+}tsg_log_t;
+
+typedef enum _tld_type
+{
+	TLD_TYPE_UNKNOWN=0,
+	TLD_TYPE_LONG=1,
+	TLD_TYPE_STRING,
+	TLD_TYPE_FILE,
+	TLD_TYPE_MAX
+}TLD_TYPE;
+
+
+struct TLD_handle_t;
+struct tsg_log_instance_t;
+
+extern struct tsg_log_instance_t *g_tsg_log_instance;
+
+struct TLD_handle_t *TLD_create(int thread_id);
+int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type);
+int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream);
+int TLD_cancel(struct TLD_handle_t *handle);
+
+int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id);
+
+unsigned long long tsg_get_stream_id(struct streaminfo *a_stream);
+
+
+#endif
diff --git a/entry/include/tsg_rule.h b/entry/include/tsg_rule.h
new file mode 100644
index 0000000..37a6cbf
--- /dev/null
+++ b/entry/include/tsg_rule.h
@@ -0,0 +1,82 @@
+#ifndef	__TSG_RULE_H__
+#define	__TSG_RULE_H__
+
+#include <MESA/Maat_rule.h>
+
+#define	TSG_ACTION_NONE			0x00
+#define	TSG_ACTION_MONITOR		0x01
+#define	TSG_ACTION_INTERCEPT	0x02
+#define	TSG_ACTION_DENY			0x10
+#define	TSG_ACTION_MANIPULATE	0x30
+#define	TSG_ACTION_BYPASS		0x80
+#define	TSG_ACTION_MAX			0x80
+
+enum TSG_ETHOD_TYPE
+{
+	TSG_METHOD_TYPE_UNKNOWN=0,
+	TSG_METHOD_TYPE_DROP,
+	TSG_METHOD_TYPE_REDIRECTION,
+	TSG_METHOD_TYPE_BLOCK,
+	TSG_METHOD_TYPE_RESET,
+	TSG_METHOD_TYPE_MAX
+};
+
+
+typedef enum _tsg_protocol
+{
+   PROTO_UNKONWN=0,
+   PROTO_IPv4=1,
+   PROTO_IPv6,
+   PROTO_TCP,
+   PROTO_UDP,
+   PROTO_HTTP,
+   PROTO_MAIL,
+   PROTO_DNS,
+   PROTO_FTP,
+   PROTO_SSL,
+   PROTO_SIP,
+   PROTO_BGP,
+   PROTO_STREAMING_MEDIA,
+   PROTO_MAX
+}tsg_protocol_t;
+
+
+#define	MAX_RESULT_NUM	8
+#define	MAX_DOAMIN_LEN	2048
+
+struct _identify_info
+{
+	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
+	int domain_len;
+	char domain[MAX_DOAMIN_LEN];
+};
+
+typedef	enum _PULL_RESULT_TYPE
+{
+	PULL_KNI_RESULT,
+	PULL_FW_RESULT
+}PULL_RESULT_TYPE;
+
+#define TSG_DOMAIN_MAX 	256
+
+extern Maat_feather_t g_tsg_maat_feather;
+
+int tsg_rule_init(const char *conffile, void *logger);
+
+int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
+
+//return 0 if failed, return >0 on success;
+int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t *result, int result_num, struct _identify_info *identify_info);
+
+//return -1 if failed, return 0 on success;
+int tsg_shared_table_init(const char *conffile, Maat_feather_t maat_feather, void *logger);
+
+//return value: -1: failed, 0: not hit, >0: hit count 
+int tsg_scan_shared_policy(Maat_feather_t maat_feather, void *pkt, int pkt_len, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, scan_status_t *mid, void *logger, int thread_seq);
+
+//return NULL if none exists, otherwise return one deny rule;
+struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num);
+
+int tsg_get_method_id(char *method);
+
+#endif