diff options
| author | 刘学利 <[email protected]> | 2022-05-16 02:15:23 +0000 |
|---|---|---|
| committer | 刘学利 <[email protected]> | 2022-05-16 02:15:23 +0000 |
| commit | 0c181467c297e2b6f872ec65944547ed07794a88 (patch) | |
| tree | d82bbc9883f354cc66f7143286f0f9e1ddb9051f | |
| parent | 14cf2b75b6c3b2cac019beb4f0494b2e00627d9c (diff) | |
TSG-10110: 支持在策略日志中填充RDP协议字段v5.6.2
| -rw-r--r-- | .gitlab-ci.yml | 2 | ||||
| -rw-r--r-- | inc/tsg_label.h | 1 | ||||
| -rw-r--r-- | src/tsg_entry.cpp | 35 |
3 files changed, 32 insertions, 6 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 03ab647..1a08d5f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,7 @@ variables: BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux" BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ INSTALL_PREFIX: "/home/mesasoft/sapp_run/" - INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel + INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel stages: - build diff --git a/inc/tsg_label.h b/inc/tsg_label.h index 10cbf57..ea82160 100644 --- a/inc/tsg_label.h +++ b/inc/tsg_label.h @@ -34,6 +34,7 @@ typedef enum _tsg_protocol PROTO_L2TP, PROTO_PPTP, PROTO_STRATUM, + PROTO_RDP, PROTO_MAX }tsg_protocol_t; diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 106e7a1..c93ea33 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -5,6 +5,7 @@ #include <sys/time.h> #include <unistd.h> +#include <MESA/rdp.h> #include <MESA/http.h> #include <MESA/ftp.h> #include <MESA/ssl.h> @@ -120,7 +121,8 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, {PROTO_APP, 0, "BASE"}, {PROTO_L2TP, 0, "L2TP"}, {PROTO_PPTP, 0, "PPTP"}, - {PROTO_STRATUM, 0, "Stratum"} + {PROTO_STRATUM, 0, "Stratum"}, + {PROTO_RDP, 0, "RDP"} }; #define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 @@ -561,9 +563,10 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t switch(proto) { case PROTO_SSH: + case PROTO_RDP: case PROTO_STRATUM: notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]); - if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM)) + if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM || notify->protocol== PROTO_RDP)) { TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); if (TLD_handle!=NULL) @@ -1435,6 +1438,16 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru } } + if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP + { + ret=rdp_protocol_identify((const char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, (unsigned int)a_stream->threadnum); + if(ret==1) + { + context->proto=PROTO_RDP; + return 1; + } + } + break; case STREAM_TYPE_UDP: if(g_tsg_para.proto_flag&(1<<PROTO_DNS)) //dns @@ -1477,7 +1490,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru unsigned char sip_ret=0; char *from=NULL, *to=NULL; unsigned int from_len=0, to_len=0; - sip_ret=sip_identify_from_to((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &from, &from_len, &to, &to_len); + sip_ret=sip_identify_from_to((char *)a_stream->pudpdetail->pdata, (unsigned int)a_stream->pudpdetail->datalen, &from, &from_len, &to, &to_len); if(sip_ret==SIP_TRUE) { context->proto=PROTO_SIP; @@ -1485,6 +1498,17 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru return 1; } + + if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP + { + ret=rdp_protocol_identify((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, (unsigned int)a_stream->threadnum); + if(ret==1) + { + context->proto=PROTO_RDP; + return 1; + } + } + break; default: break; @@ -1807,7 +1831,8 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c context->proto!=PROTO_UNKONWN && context->proto!=PROTO_APP && context->proto!=PROTO_SSH && - context->proto!=PROTO_STRATUM) // business deal action of monitor + context->proto!=PROTO_STRATUM && + context->proto!=PROTO_RDP) // business deal action of monitor { hit_num=0; } @@ -2137,7 +2162,7 @@ extern "C" int TSG_MASTER_INIT() g_tsg_para.default_vlan.num=1; MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;Stratum;"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;Stratum;RDP;"); tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0); |