diff options
| author | 刘学利 <[email protected]> | 2020-10-14 15:18:16 +0800 |
|---|---|---|
| committer | 刘学利 <[email protected]> | 2020-10-14 15:18:16 +0800 |
| commit | 347936e3beee15c19fb4aa3e698ad62a32cc31b7 (patch) | |
| tree | 2431f8224e1a7a23a309a12be33b7caee0433661 | |
| parent | 4e7788bf4c0494b6dde1f82347d0f35e0fb73637 (diff) | |
增加udp的链接数统计
增加程序的健壮性
| -rw-r--r-- | .gitlab-ci.yml | 30 | ||||
| -rw-r--r-- | CMakeLists.txt | 37 | ||||
| -rw-r--r-- | bin/tsg_log_field.conf | 4 | ||||
| -rw-r--r-- | bin/tsg_static_tableinfo.conf | 41 | ||||
| -rw-r--r-- | ci/travis.sh | 9 | ||||
| -rw-r--r-- | cmake/Package.cmake | 20 | ||||
| -rw-r--r-- | cmake/PreUninstall.sh | 5 | ||||
| -rw-r--r-- | cmake/Version.cmake | 19 | ||||
| -rw-r--r-- | cmake/changelog.sh | 4 | ||||
| -rw-r--r-- | inc/tsg_label.h | 86 | ||||
| -rw-r--r-- | inc/tsg_rule.h | 37 | ||||
| -rw-r--r-- | src/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | src/tsg_entry.cpp | 668 | ||||
| -rw-r--r-- | src/tsg_entry.h | 78 | ||||
| -rw-r--r-- | src/tsg_rule.cpp | 642 | ||||
| -rw-r--r-- | src/tsg_send_log.cpp | 184 | ||||
| -rw-r--r-- | src/tsg_send_log_internal.h | 19 | ||||
| -rw-r--r-- | src/tsg_ssh_utils.cpp | 21 | ||||
| -rw-r--r-- | src/tsg_ssh_utils.h | 7 | ||||
| -rw-r--r-- | src/tsg_statistic.cpp | 84 | ||||
| -rw-r--r-- | src/version.map | 1 |
21 files changed, 1377 insertions, 623 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 36955e7..88a39ad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,7 +3,7 @@ variables: GIT_STRATEGY: "clone" BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ INSTALL_PREFIX: "/home/mesasoft/sapp_run/" - INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel + INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel libasan stages: - build @@ -47,6 +47,11 @@ develop_build_debug: variables: BUILD_TYPE: Debug PACKAGE: 1 + UPLOAD_RPM: 1 + ASAN_OPTION: ADDRESS + TESTING_VERSION_BUILD: 1 + PULP3_REPO_NAME: tsg-testing-x86_64.el7 + PULP3_DIST_NAME: tsg-testing-x86_64.el7 artifacts: name: "tsg_master-$CI_COMMIT_REF_NAME-debug" paths: @@ -61,6 +66,11 @@ develop_build_release: variables: BUILD_TYPE: RelWithDebInfo PACKAGE: 1 + UPLOAD_RPM: 1 + ASAN_OPTION: ADDRESS + TESTING_VERSION_BUILD: 1 + PULP3_REPO_NAME: tsg-testing-x86_64.el7 + PULP3_DIST_NAME: tsg-testing-x86_64.el7 artifacts: name: "tsg_master-$CI_COMMIT_REF_NAME-release" paths: @@ -69,13 +79,29 @@ develop_build_release: - /^develop.*$/i - /^master.*$/i +release_build_debug: + stage: build + variables: + BUILD_TYPE: Debug + PACKAGE: 1 + UPLOAD_RPM: 1 + PULP3_REPO_NAME: tsg-stable-x86_64.el7 + PULP3_DIST_NAME: tsg-stable-x86_64.el7 + extends: .build_by_travis + artifacts: + name: "tsg_master-$CI_COMMIT_REF_NAME-release" + paths: + - build/*.rpm + only: + - tags release_build_release: stage: build variables: BUILD_TYPE: RelWithDebInfo PACKAGE: 1 - UPLOAD: 1 + UPLOAD_RPM: 1 + UPLOAD_SYMBOL_FILES: 1 SYMBOL_TARGET: tsg_master PULP3_REPO_NAME: tsg-stable-x86_64.el7 PULP3_DIST_NAME: tsg-stable-x86_64.el7 diff --git a/CMakeLists.txt b/CMakeLists.txt index 7d02c09..8190556 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,30 +14,32 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g") include_directories(${PROJECT_SOURCE_DIR}/inc/) include_directories(/opt/MESA/include/) -option(ENABLE_WARNING_ALL "Enable all optional warnings which are desirable for normal code" TRUE) -option(ENABLE_SANITIZE_ADDRESS "Enable AddressSanitizer" FALSE) -option(ENABLE_SANITIZE_THREAD "Enable ThreadSanitizer" FALSE) - -if(ENABLE_SANITIZE_ADDRESS) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fno-omit-frame-pointer") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer") - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") - set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") -elseif(ENABLE_SANITIZE_THREAD) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=thread -fno-omit-frame-pointer") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=thread -fno-omit-frame-pointer") - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") - set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") +#for ASAN +set(ASAN_OPTION "OFF" CACHE STRING " set asan type chosen by the user, using OFF as default") +set_property(CACHE ASAN_OPTION PROPERTY STRINGS OFF ADDRESS THREAD) +message(STATUS "ASAN_OPTION='${ASAN_OPTION}'") + +if(ASAN_OPTION MATCHES "ADDRESS") + set(CMAKE_C_FLAGS "${CMAKADDRESS} -g -DCMAKE_BUILD_TYPE=Debug -fsanitize=address -fno-omit-frame-pointer") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -DCMAKE_BUILD_TYPE=Debug -fsanitize=address -fno-omit-frame-pointer") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") +elseif(ASAN_OPTION MATCHES "THREAD") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -DCMAKE_BUILD_TYPE=Debug -fsanitize=thread -fno-omit-frame-pointer") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -DCMAKE_BUILD_TYPE=Debug -fsanitize=thread -fno-omit-frame-pointer") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -lasan") endif() +# end of for ASAN set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) add_subdirectory(src) -SET(CPACK_RPM_LIBRARY_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/cmake/PreInstall.sh") -SET(CPACK_RPM_LIBRARY_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/cmake/PreUninstall.sh") +SET(CPACK_RPM_LIBRARIES_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/cmake/PreInstall.sh") +SET(CPACK_RPM_LIBRARIES_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/cmake/PreUninstall.sh") -set(CPACK_RPM_LIBRARY_USER_FILELIST "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/tsgconf/main.conf" +set(CPACK_RPM_LIBRARIES_USER_FILELIST "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/tsgconf/main.conf" "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/tsgconf/maat.conf" "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/tsgconf/tsg_static_tableinfo.conf" "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/tsgconf/tsg_dynamic_tableinfo.conf" @@ -54,5 +56,6 @@ install(FILES bin/tsg_maat.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf COMP install(FILES inc/tsg_send_log.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) install(FILES inc/tsg_rule.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) install(FILES inc/tsg_statistic.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) +install(FILES inc/tsg_label.h DESTINATION /opt/MESA/include/tsg COMPONENT HEADER) include(Package) diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 7ca6635..fac4bee 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -47,4 +47,6 @@ STRING common_clinet_asn 39 STRING common_server_asn 40 STRING common_clinet_location 41 STRING common_server_location 42 -STRING quic_sni 43 +STRING quic_sni 43 +STRING ssl_ja3_fingerprint 44 +STRING common_data_center 45
\ No newline at end of file diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index d8505f0..e365143 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -17,23 +17,22 @@ 5 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 6 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0 7 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 -7 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0 8 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK/windows-1251 yes 0 -9 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0 +9 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 10 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 -11 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 +11 TSG_OBJ_FQDN_CAT intval UTF8 UTF8 yes 0 12 TSG_OBJ_GEO_LOCATION expr UTF8 UTF8/GBK yes 0 -13 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- +13 TSG_FIELD_HTTP_HOST virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- 14 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- 15 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- 16 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- 17 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- 18 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- -19 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- -20 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- -21 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- -22 TSG_FIELD_QUIC_SNI virtual TSG_OBJ_FQDN -- -23 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- +19 TSG_FIELD_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +20 TSG_FIELD_SSL_CN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +21 TSG_FIELD_SSL_SAN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +22 TSG_FIELD_QUIC_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +23 TSG_FIELD_DNS_QNAME virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- 24 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- 25 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- 26 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- @@ -48,19 +47,21 @@ 35 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- 36 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- 37 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} -38 TSG_DECYPTION_EXCLUSION_SSL_SNI virtual TSG_OBJ_FQDN +38 TSG_DECYPTION_EXCLUSION_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] 39 TSG_PROFILE_RESPONSE_PAGES plugin {"key":1,"foreign":"4","valid":5} -- 40 TSG_IP_ASN_BUILT_IN ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7,"estimate_size":4194304} 41 TSG_IP_ASN_USER_DEFINED ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":7,"estimate_size":4194304} 42 TSG_IP_LOCATION_BUILT_IN ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":18,"estimate_size":4194304} 43 TSG_IP_LOCATION_USER_DEFINED ip_plugin {"row_id":1,"ip_type":3,"start_ip":4,"end_ip":5,"valid":18,"estimate_size":4194304} -44 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- -45 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER -- -46 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- -47 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- -48 PXY_TCP_OPTION_COMPILE compile escape -- -49 PXY_TCP_OPTION_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- -50 PXY_TCP_OPTION_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- -51 PXY_TCP_OPTION_SERVER_FQDN virtual TSG_OBJ_FQDN -- -52 PXY_TCP_OPTION_ADDR composition {"source":"PXY_TCP_OPTION_SOURCE_ADDR","destination":"PXY_TCP_OPTION_DESTINATION_ADDR"} - +44 TSG_OBJ_AS_NUMBER expr UTF8 UTF8/GBK yes 0 +45 TSG_SECURITY_SOURCE_ASN virtual TSG_OBJ_AS_NUMBER -- +46 TSG_SECURITY_DESTINATION_ASN virtual TSG_OBJ_AS_NUMBER -- +47 TSG_SECURITY_SOURCE_LOCATION virtual TSG_OBJ_GEO_LOCATION -- +48 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- +49 PXY_TCP_OPTION_COMPILE compile escape -- +50 PXY_TCP_OPTION_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- +51 PXY_TCP_OPTION_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- +52 PXY_TCP_OPTION_SERVER_FQDN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] -- +53 PXY_TCP_OPTION_ADDR composition {"source":"PXY_TCP_OPTION_SOURCE_ADDR","destination":"PXY_TCP_OPTION_DESTINATION_ADDR"} +54 TSG_FQDN_CATEGORY_BUILT_IN fqdn_plugin {"row_id":1,"is_suffix_match":4,"fqdn":3,"valid":5} -- +55 TSG_FQDN_CATEGORY_USER_DEFINED fqdn_plugin {"row_id":1,"is_suffix_match":4,"fqdn":3,"valid":5} --
\ No newline at end of file diff --git a/ci/travis.sh b/ci/travis.sh index c5ceb6f..56f0553 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -43,7 +43,8 @@ cd build cmake3 -DCMAKE_CXX_FLAGS=$CXX_FLAGS \ -DCMAKE_BUILD_TYPE=$BUILD_TYPE \ -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \ - -DENABLE_DEVEL=$ENABLE_DEVEL_SWITCH \ + -DASAN_OPTION=$ASAN_OPTION \ + -DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \ .. make @@ -52,10 +53,12 @@ if [ -n "${PACKAGE}" ]; then make package fi -if [ -n "${UPLOAD}" ]; then +if [ -n "${UPLOAD_RPM}" ]; then cp ~/rpm_upload_tools.py ./ python3 rpm_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.rpm - +fi + +if [ -n "${UPLOAD_SYMBOL_FILES}" ]; then rpm -i $SYMBOL_TARGET*debuginfo*.rpm _symbol_file=`find /usr/lib/debug/ -name "$SYMBOL_TARGET*.so*.debug"` cp $_symbol_file ${_symbol_file}info.${CI_COMMIT_SHORT_SHA} diff --git a/cmake/Package.cmake b/cmake/Package.cmake index edb4258..5eb84a3 100644 --- a/cmake/Package.cmake +++ b/cmake/Package.cmake @@ -14,8 +14,8 @@ set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) set(CPACK_PACKAGE_VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_BUILD}") execute_process(COMMAND bash -c "echo -ne \"`uname -r | awk -F'.' '{print $5\".\"$6\".\"$7}'`\"" OUTPUT_VARIABLE SYSTEM_VERSION) -execute_process(COMMAND sh changelog.sh WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake) -SET(CPACK_RPM_CHANGELOG_FILE ${PROJECT_SOURCE_DIR}/cmake/changelog.txt) +execute_process(COMMAND sh changelog.sh ${CMAKE_BINARY_DIR} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake) +SET(CPACK_RPM_CHANGELOG_FILE ${CMAKE_BINARY_DIR}/changelog.txt) # RPM Build set(CPACK_GENERATOR "RPM") @@ -30,13 +30,13 @@ set(CPACK_COMPONENTS_IGNORE_GROUPS 1) set(CPACK_COMPONENTS_GROUPING ONE_PER_GROUP) set(CPACK_COMPONENT_HEADER_DISPLAY_NAME "develop") -set(CPACK_COMPONENT_LIBRARY_REQUIRED TRUE) -set(CPACK_RPM_LIBRARY_PACKAGE_NAME ${MY_RPM_NAME_PREFIX}) -set(CPACK_RPM_LIBRARY_FILE_NAME "${CPACK_RPM_LIBRARY_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") -set(CPACK_RPM_LIBRARY_DEBUGINFO_FILE_NAME "${CPACK_RPM_LIBRARY_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") +set(CPACK_COMPONENT_LIBRARIES_REQUIRED TRUE) +set(CPACK_RPM_LIBRARIES_PACKAGE_NAME ${MY_RPM_NAME_PREFIX}) +set(CPACK_RPM_LIBRARIES_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") +set(CPACK_RPM_LIBRARIES_DEBUGINFO_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") -set(CPACK_COMPONENT_LIBRARY_GROUP "library") -set(CPACK_COMPONENT_PROFILE_GROUP "library") +set(CPACK_COMPONENT_PROFILE_GROUP "libraries") +set(CPACK_COMPONENT_LIBRARIES_GROUP "libraries") set(CPACK_COMPONENT_HEADER_REQUIRED TRUE) set(CPACK_RPM_HEADER_PACKAGE_NAME "${MY_RPM_NAME_PREFIX}-devel") @@ -44,10 +44,10 @@ set(CPACK_RPM_HEADER_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-${CPACK_PACKAGE set(CPACK_RPM_HEADER_DEBUGINFO_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") set(CPACK_COMPONENT_HEADER_GROUP "header") -set(CPACK_RPM_HEADER_PACKAGE_REQUIRES_PRE ${CPACK_RPM_LIBRARY_PACKAGE_NAME}) +set(CPACK_RPM_HEADER_PACKAGE_REQUIRES_PRE ${CPACK_RPM_LIBRARIES_PACKAGE_NAME}) set(CPACK_RPM_HEADER_PACKAGE_CONFLICTS ${CPACK_RPM_HEADER_PACKAGE_NAME}) -set(CPACK_COMPONENTS_ALL LIBRARY HEADER PROFILE) +set(CPACK_COMPONENTS_ALL HEADER PROFILE LIBRARIES) set(CPACK_BUILD_SOURCE_DIRS "${CMAKE_SOURCE_DIR}") diff --git a/cmake/PreUninstall.sh b/cmake/PreUninstall.sh index 96abc6f..b6cb3ef 100644 --- a/cmake/PreUninstall.sh +++ b/cmake/PreUninstall.sh @@ -2,6 +2,11 @@ if [ $1 == 0 ]; then DST=${RPM_INSTALL_PREFIX} mkdir -p ${DST}/plug/platform/ + mkdir -p ${DST}/etc/ + + touch ${DST}/plug/conflist.inf + touch ${DST}/etc/project_list.conf + sed -i '/tsg_master.inf/d' ${DST}/plug/conflist.inf sed -i '/POLICY_PRIORITY/d' ${DST}/etc/project_list.conf sed -i '/TSG_MASTER_INTERNAL_LABEL/d' ${DST}/etc/project_list.conf diff --git a/cmake/Version.cmake b/cmake/Version.cmake index 752f20f..9b05d0b 100644 --- a/cmake/Version.cmake +++ b/cmake/Version.cmake @@ -19,6 +19,11 @@ include(${__VERSION_CONFIG}) string(REGEX REPLACE "^v([0-9]+)\\..*" "\\1" VERSION_MAJOR "${VCS_TAG}") string(REGEX REPLACE "^v[0-9]+\\.([0-9]+).*" "\\1" VERSION_MINOR "${VCS_TAG}") string(REGEX REPLACE "^v[0-9]+\\.[0-9]+\\.([0-9]+).*" "\\1" VERSION_PATCH "${VCS_TAG}") +string(REGEX REPLACE "[T\\:\\+\\-]" "" VERSION_DATE "${VCS_DATE}") + +if(VERSION_DAILY_BUILD) + set(VERSION_PATCH ${VERSION_PATCH}.${VERSION_DATE}) +endif() if(NOT VERSION_MAJOR) set(VERSION_MAJOR 1) @@ -38,16 +43,12 @@ set(VERSION_BUILD "${VCS_SHORT_HASH}") # print information message(STATUS "Version: ${VERSION}-${VERSION_BUILD}") -if(NOT DEFINE_GIT_VERSION) - option(DEFINE_GIT_VERSION "Set DEFINE_GIT_VERSION to OFF" OFF) - -set(GIT_VERSION - "${VERSION}-${CMAKE_BUILD_TYPE}-${VERSION_BUILD}-${VCS_BRANCH}-${VCS_TAG}-${VCS_DATE}") -string(REGEX REPLACE "[-:+/\\.]" "_" GIT_VERSION ${GIT_VERSION}) +option(DEFINE_GIT_VERSION "Set DEFINE_GIT_VERSION to TRUE or FALSE" TRUE) if(DEFINE_GIT_VERSION) - add_definitions(-DGIT_VERSION=${GIT_VERSION}) - option(DEFINE_GIT_VERSION "Set DEFINE_GIT_VERSION to OFF" ON) -endif() + set(GIT_VERSION + "${VERSION}-${CMAKE_BUILD_TYPE}-${VERSION_BUILD}-${VCS_BRANCH}-${VCS_TAG}-${VCS_DATE}") + string(REGEX REPLACE "[-:+/\\.]" "_" GIT_VERSION ${GIT_VERSION}) + add_definitions(-DGIT_VERSION=${GIT_VERSION}) endif() diff --git a/cmake/changelog.sh b/cmake/changelog.sh index 7d8bf7f..67f995f 100644 --- a/cmake/changelog.sh +++ b/cmake/changelog.sh @@ -1,4 +1,4 @@ #!/bin/sh - +work_path=$1 branch=`git status | grep branch | awk '{print $NF}'` -git log --branches=$branch --no-merges --date=local --show-signature --pretty="* %ad %an %ae %nhash: %H%ncommit:%n%B" | awk -F"-" '{print "- "$0}' | sed 's/- \*/\*/g' | sed 's/- $//g' | sed 's/-/ -/g' | sed 's/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}//g' > changelog.txt +git log --branches=$branch --no-merges --date=local --show-signature --pretty="* %ad %an %ae %nhash: %H%ncommit:%n%B" | awk -F"-" '{print "- "$0}' | sed 's/- \*/\*/g' | sed 's/- $//g' | sed 's/-/ -/g' | sed 's/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}//g' > $work_path/changelog.txt diff --git a/inc/tsg_label.h b/inc/tsg_label.h new file mode 100644 index 0000000..a88a2a9 --- /dev/null +++ b/inc/tsg_label.h @@ -0,0 +1,86 @@ +#ifndef __TSG_LABEL_H__ +#define __TSG_LABEL_H__ + +#define MAX_CATEGORY_ID_NUM 8 +#define MAX_STR_FIELD_LEN 64 + +typedef enum _tsg_protocol +{ + PROTO_UNKONWN=0, + PROTO_IPv4=1, + PROTO_IPv6, + PROTO_TCP, + PROTO_UDP, + PROTO_HTTP, + PROTO_MAIL, + PROTO_DNS, + PROTO_FTP, + PROTO_SSL, + PROTO_SIP, + PROTO_BGP, + PROTO_STREAMING_MEDIA, + PROTO_QUIC, + PROTO_SSH, + PROTO_SMTP, + PROTO_IMAP, + PROTO_POP3, + PROTO_MAX +}tsg_protocol_t; + + +struct _asn_info_t +{ + int ref_cnt; + int addr_type; + int table_id; + char start_ip[MAX_STR_FIELD_LEN]; + char end_ip[MAX_STR_FIELD_LEN]; + char asn[MAX_STR_FIELD_LEN]; + char organization[MAX_STR_FIELD_LEN*4]; +}; + +struct _location_info_t +{ + int geoname_id; + int table_id; + int ref_cnt; + int addr_type; + double latitude; + double longitude; + double coords; + char start_ip[MAX_STR_FIELD_LEN]; + char end_ip[MAX_STR_FIELD_LEN]; + char language[MAX_STR_FIELD_LEN]; + char continent_abbr[MAX_STR_FIELD_LEN*4]; + char continent_full[MAX_STR_FIELD_LEN*4]; + char country_abbr[MAX_STR_FIELD_LEN*4]; + char country_full[MAX_STR_FIELD_LEN*4]; + char province_abbr[MAX_STR_FIELD_LEN*4]; + char province_full[MAX_STR_FIELD_LEN*4]; + char city_full[MAX_STR_FIELD_LEN*4]; + char time_zone[MAX_STR_FIELD_LEN*4]; +}; + +struct _subscribe_id_info_t +{ + int ref_cnt; + int table_id; + char subscribe_id[MAX_STR_FIELD_LEN*4]; +}; + +struct _session_attribute_label_t +{ + int fqdn_category_id_num; + tsg_protocol_t proto; + long establish_latency_ms; + struct _asn_info_t *client_asn; + struct _asn_info_t *server_asn; + struct _location_info_t *client_location; + struct _location_info_t *server_location; + struct _subscribe_id_info_t *client_subscribe_id; + struct _subscribe_id_info_t *server_subscribe_id; + char *ja3_fingerprint; + unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM]; +}; + +#endif diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index eb76c2a..f6db9fd 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -3,6 +3,8 @@ #include <MESA/Maat_rule.h> +#include "tsg_label.h" + #define TSG_ACTION_NONE 0x00 #define TSG_ACTION_MONITOR 0x01 #define TSG_ACTION_INTERCEPT 0x02 @@ -22,27 +24,6 @@ enum TSG_ETHOD_TYPE TSG_METHOD_TYPE_MAX }; - -typedef enum _tsg_protocol -{ - PROTO_UNKONWN=0, - PROTO_IPv4=1, - PROTO_IPv6, - PROTO_TCP, - PROTO_UDP, - PROTO_HTTP, - PROTO_MAIL, - PROTO_DNS, - PROTO_FTP, - PROTO_SSL, - PROTO_SIP, - PROTO_BGP, - PROTO_STREAMING_MEDIA, - PROTO_QUIC, - PROTO_MAX -}tsg_protocol_t; - - #define MAX_RESULT_NUM 8 #define MAX_DOAMIN_LEN 2048 @@ -53,18 +34,6 @@ struct _identify_info char domain[MAX_DOAMIN_LEN]; }; -struct _internal_label -{ - tsg_protocol_t proto; - long establish_latency_ms; - struct _asn_info *client_asn; - struct _asn_info *server_asn; - struct _location_info *client_location; - struct _location_info *server_location; - struct _subscribe_id_info *client_subscribe_id; - struct _subscribe_id_info *server_subscribe_id; -}; - typedef enum _PULL_RESULT_TYPE { @@ -86,4 +55,6 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num); int tsg_get_method_id(char *method); +int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq); + #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 76ea01f..514c958 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8) add_definitions(-fPIC) -set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp) +set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp) include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) @@ -16,5 +16,5 @@ set_target_properties(tsg_master PROPERTIES LINK_FLAGS "-Wl,--version-script=${P target_link_libraries(tsg_master ${TSG_MASTER_DEPEND_DYN_LIB}) set_target_properties(tsg_master PROPERTIES PREFIX "") -install(TARGETS tsg_master LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master COMPONENT LIBRARY) +install(TARGETS tsg_master LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master COMPONENT LIBRARIES) install(FILES ../bin/tsg_master.inf DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/platform/tsg_master COMPONENT PROFILE) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 6c513db..63e3bfb 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -7,6 +7,7 @@ #include <MESA/http.h> #include <MESA/ftp.h> +#include <MESA/ssl.h> #include <MESA/mail.h> #include "MESA/gquic.h" #include <MESA/stream.h> @@ -19,6 +20,7 @@ #include "tsg_statistic.h" #include "tsg_send_log_internal.h" #include "tsg_ssl_utils.h" +#include "tsg_ssh_utils.h" #ifdef __cplusplus extern "C" @@ -46,14 +48,33 @@ char TSG_MASTER_VERSION_20200805=0; const char *tsg_conffile="tsgconf/main.conf"; g_tsg_para_t g_tsg_para; -id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_LINKS, "links"}, +id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{TLD_TYPE_UNKNOWN, TSG_FS2_TCP_LINKS, "tcp_links"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_UDP_LINKS, "udp_links"}, {TLD_TYPE_UNKNOWN, TSG_FS2_BYPASS, "bypass"}, {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_ADDR, "hit_addr"}, {TLD_TYPE_UNKNOWN, TSG_FS2_HIT_SHARE, "hit_share"}, {TLD_TYPE_UNKNOWN, TSG_FS2_INTERCEPT, "intercept"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_LOG, "log"}, - {TLD_TYPE_UNKNOWN, TSG_FS2_DENY, "deny"} - }; + {TLD_TYPE_UNKNOWN, TSG_FS2_SUCCESS_LOG, "success_log"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_FAILED_LOG, "failed_log"}, + {TLD_TYPE_UNKNOWN, TSG_FS2_DROP_LOG, "drop_log"} + }; + +id2field_t g_tsg_proto_name2id[PROTO_MAX]={{TLD_TYPE_UNKNOWN, PROTO_UNKONWN, "unknown"}, + {TLD_TYPE_UNKNOWN, PROTO_IPv4, "IPV4"}, + {TLD_TYPE_UNKNOWN, PROTO_IPv6, "IPV6"}, + {TLD_TYPE_UNKNOWN, PROTO_TCP, "TCP"}, + {TLD_TYPE_UNKNOWN, PROTO_UDP, "UDP"}, + {TLD_TYPE_UNKNOWN, PROTO_HTTP, "HTTP"}, + {TLD_TYPE_UNKNOWN, PROTO_MAIL, "MAIL"}, + {TLD_TYPE_UNKNOWN, PROTO_DNS, "DNS"}, + {TLD_TYPE_UNKNOWN, PROTO_FTP, "FTP"}, + {TLD_TYPE_UNKNOWN, PROTO_SSL, "SSL"}, + {TLD_TYPE_UNKNOWN, PROTO_SIP, "SIP"}, + {TLD_TYPE_UNKNOWN, PROTO_BGP, "BGP"}, + {TLD_TYPE_UNKNOWN, PROTO_STREAMING_MEDIA, "STREAMING_MEDIA"}, + {TLD_TYPE_UNKNOWN, PROTO_QUIC, "QUIC"}, + {TLD_TYPE_UNKNOWN, PROTO_SSH, "SSH"} + }; #define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 @@ -90,25 +111,33 @@ static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len) return flags; } -int tsg_set_device_id_to_telegraf(char *device_sn) +static int tsg_proto_name2flag(char *proto_list, int *flag) { - char buff[128]={0}; - FILE *fp=NULL; + int i=0; + char *s=NULL,*e=NULL; - if(device_sn) + s=proto_list; + while(s) { - fp=fopen("/etc/default/telegraf", "wb"); - if(fp) + e=index(s, ';'); + if(!e) { - snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); - fwrite(buff, strlen(buff), 1, fp); - fclose(fp); - fp=NULL; - return 0; + break; } + + for(i=0; i< PROTO_MAX; i++) + { + if((memcmp(s, g_tsg_proto_name2id[i].name, e-s))==0) + { + *flag|=(1<<g_tsg_proto_name2id[i].id); + break; + } + } + + s=e+1; } - return -1; + return 0; } static void free_policy_label(int thread_seq, void *project_req_value) @@ -117,53 +146,6 @@ static void free_policy_label(int thread_seq, void *project_req_value) project_req_value=NULL; } -static void free_internal_label(int thread_seq, void *project_req_value) -{ - struct _internal_label *label=(struct _internal_label *)project_req_value; - - if(label!=NULL) - { - if(label->client_asn!=NULL) - { - ASN_free_data(label->client_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); - label->client_asn=NULL; - } - - if(label->server_asn!=NULL) - { - ASN_free_data(label->server_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); - label->server_asn=NULL; - } - - if(label->client_location!=NULL) - { - location_free_data(label->client_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); - label->client_location=NULL; - } - - if(label->server_location!=NULL) - { - location_free_data(label->server_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); - label->server_location=NULL; - } - - if(label->client_subscribe_id!=NULL) - { - subscribe_id_free_data(label->client_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); - label->client_subscribe_id=NULL; - } - - if(label->server_subscribe_id!=NULL) - { - subscribe_id_free_data(label->server_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); - label->server_subscribe_id=NULL; - } - - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - static void free_context(void **pme, int thread_seq) { struct _master_context *_context=(struct _master_context *)*pme; @@ -229,6 +211,9 @@ static char *schema_index2string(tsg_protocol_t proto) case PROTO_QUIC: schema_field_value=(char *)"QUIC"; break; + case PROTO_SSH: + schema_field_value=(char *)"SSH"; + break; default: break; } @@ -287,6 +272,80 @@ static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_re return 1; } +int tsg_set_device_id_to_telegraf(char *device_sn) +{ + char buff[128]={0}; + FILE *fp=NULL; + + if(device_sn) + { + fp=fopen("/etc/default/telegraf", "wb"); + if(fp) + { + snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); + fwrite(buff, strlen(buff), 1, fp); + fclose(fp); + fp=NULL; + return 0; + } + } + + return -1; +} + +static void free_session_attribute_label(int thread_seq, void *project_req_value) +{ + struct _session_attribute_label_t *label=(struct _session_attribute_label_t *)project_req_value; + + if(label!=NULL) + { + if(label->client_asn!=NULL) + { + ASN_free_data(label->client_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); + label->client_asn=NULL; + } + + if(label->server_asn!=NULL) + { + ASN_free_data(label->server_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); + label->server_asn=NULL; + } + + if(label->client_location!=NULL) + { + location_free_data(label->client_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); + label->client_location=NULL; + } + + if(label->server_location!=NULL) + { + location_free_data(label->server_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); + label->server_location=NULL; + } + + if(label->client_subscribe_id!=NULL) + { + subscribe_id_free_data(label->client_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); + label->client_subscribe_id=NULL; + } + + if(label->server_subscribe_id!=NULL) + { + subscribe_id_free_data(label->server_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); + label->server_subscribe_id=NULL; + } + + if(label->ja3_fingerprint!=NULL) + { + dictator_free(thread_seq, (void *)label->ja3_fingerprint); + label->ja3_fingerprint=NULL; + } + + dictator_free(thread_seq, project_req_value); + project_req_value=NULL; + } +} + static struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, struct _identify_info *identify_info, int thread_seq) { int i=0,ret=0; @@ -395,7 +454,7 @@ static struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_str p_result->config_id, p_result->service_id, (unsigned char)p_result->action, - printaddr(&a_stream->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, thread_seq) : "") ); p_result=q_result; @@ -409,7 +468,7 @@ static struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_str "Not hit %s stream_dir: %d addr: %s scan ret: %d", identify_info->domain, a_stream->dir, - printaddr(&a_stream->addr, thread_seq), + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, thread_seq) : ""), ret ); } @@ -418,110 +477,181 @@ static struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_str return p_result; } -static int identify_application_protocol(struct streaminfo *a_stream, struct _identify_info *identify_info, void *a_packet) +static int identify_application_protocol(struct streaminfo *a_stream, struct _identify_info *identify_info, struct _session_attribute_label_t *attribute_label, void *a_packet) { - int ret=0; - + int ret=0; identify_info->proto = PROTO_UNKONWN; - //http - char *host=NULL; - ret=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host); - if(ret>=0) - { - identify_info->proto=PROTO_HTTP; - if(ret>0 && host!=NULL) - { - identify_info->domain_len=MIN(ret, (int)sizeof(identify_info->domain) - 1); - strncpy(identify_info->domain, host, identify_info->domain_len); - } - else - { - identify_info->domain_len=0; - } - return 1; - } - - //ssl - enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT; - struct ssl_chello *chello = NULL; - chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status); - if(chello_status==CHELLO_PARSE_SUCCESS) + switch(a_stream->type) { - identify_info->proto=PROTO_SSL; - if(chello->sni==NULL) - { - identify_info->domain_len = 0; - } - else - { - identify_info->domain_len = strnlen(chello->sni, sizeof(identify_info->domain) - 1); - strncpy(identify_info->domain, chello->sni, identify_info->domain_len); - } - - ssl_chello_free(chello); - return 1; - } - - ssl_chello_free(chello); + case STREAM_TYPE_TCP: + if(g_tsg_para.proto_flag&(1<<PROTO_HTTP)) //http + { + char *host=NULL; + ret=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host); + if(ret>=0) + { + identify_info->proto=PROTO_HTTP; + if(ret>0 && host!=NULL) + { + identify_info->domain_len=MIN(ret, (int)sizeof(identify_info->domain) - 1); + strncpy(identify_info->domain, host, identify_info->domain_len); + } + else + { + identify_info->domain_len=0; + } + return 1; + } + } - //dns - struct stream_tuple4_v4 *tpl4 = NULL; - struct stream_tuple4_v6 *tpl6 = NULL; + if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl + { + enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT; + struct ssl_chello *chello = NULL; - switch(a_stream->addr.addrtype) - { - case ADDR_TYPE_IPV4: - tpl4=a_stream->addr.tuple4_v4; - if((ntohs(tpl4->source)==53) || (ntohs(tpl4->dest)==53)) + chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status); + if(chello_status==CHELLO_PARSE_SUCCESS) + { + identify_info->proto=PROTO_SSL; + if(chello->sni==NULL) + { + identify_info->domain_len = 0; + } + else + { + identify_info->domain_len = strnlen(chello->sni, sizeof(identify_info->domain) - 1); + strncpy(identify_info->domain, chello->sni, identify_info->domain_len); + } + + ssl_chello_free(chello); + + struct _ssl_ja3_info_t *ja3_info=NULL; + ja3_info=ssl_get_ja3_fingerprint(a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); + if(ja3_info!=NULL) + { + if(ja3_info->sni==NULL || ja3_info->sni_len<=0) + { + identify_info->domain_len = 0; + } + else + { + identify_info->domain_len = strnlen(ja3_info->sni, sizeof(identify_info->domain) - 1); + strncpy(identify_info->domain, ja3_info->sni, identify_info->domain_len); + } + + if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0) + { + attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1); + memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len); + attribute_label->ja3_fingerprint[ja3_info->fp_len]='\0'; + } + + return 1; + } + + return 1; + } + + ssl_chello_free(chello); + } + + if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp + { + ret=ftp_control_identify(a_stream); + if(ret>0) + { + identify_info->proto=PROTO_FTP; + return 1; + } + } + + if(g_tsg_para.proto_flag&(1<<PROTO_MAIL)) //mail { - identify_info->proto=PROTO_DNS; - return 1; + ret=mail_protocol_identify_by_first_payload(a_stream,(char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum); + if(ret>0) + { + switch(ret) + { + case SMTP_PROTOCOL: + identify_info->proto=PROTO_SMTP; + return 1; + break; + case POP3_PROTOCOL: + identify_info->proto=PROTO_POP3; + return 1; + break; + case IMAP_PROTOCOL: + identify_info->proto=PROTO_IMAP; + return 1; + break; + default: + break; + } + } } + break; - case ADDR_TYPE_IPV6: - tpl6=a_stream->addr.tuple4_v6; - if((ntohs(tpl6->source)==53) || (ntohs(tpl6->dest)==53)) + case STREAM_TYPE_UDP: + if(g_tsg_para.proto_flag&(1<<PROTO_DNS)) //dns + { + struct stream_tuple4_v4 *tpl4 = NULL; + struct stream_tuple4_v6 *tpl6 = NULL; + + switch(a_stream->addr.addrtype) + { + case ADDR_TYPE_IPV4: + tpl4=a_stream->addr.tuple4_v4; + if((ntohs(tpl4->source)==53) || (ntohs(tpl4->dest)==53)) + { + identify_info->proto=PROTO_DNS; + return 1; + } + break; + case ADDR_TYPE_IPV6: + tpl6=a_stream->addr.tuple4_v6; + if((ntohs(tpl6->source)==53) || (ntohs(tpl6->dest)==53)) + { + identify_info->proto=PROTO_DNS; + return 1; + } + break; + default: + break; + } + } + + if(g_tsg_para.proto_flag&(1<<PROTO_SSH)) //ssh { - identify_info->proto=PROTO_DNS; - return 1; + ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger); + if(ret > 0) + { + identify_info->proto=PROTO_SSH; + return 1; + } + } + + if(g_tsg_para.proto_flag&(1<<PROTO_QUIC)) //quic + { + ret=quic_protocol_identify(a_stream, a_packet, identify_info->domain, sizeof(identify_info->domain)); + if(ret>0) + { + identify_info->proto=PROTO_QUIC; + identify_info->domain_len=ret; + return 1; + } } break; default: break; } - - //ftp - ret=ftp_control_identify(a_stream); - if(ret>0) - { - identify_info->proto=PROTO_FTP; - return 1; - } - - //mail - ret=mail_protocol_identify_by_first_payload(a_stream,(char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum); - if(ret>=SMTP_PROTOCOL&& ret<=IMAP_PROTOCOL) - { - identify_info->proto=PROTO_MAIL; - return 1; - } - - //quic - ret=quic_protocol_identify(a_stream, a_packet, identify_info->domain, sizeof(identify_info->domain)); - if(ret>0) - { - identify_info->proto=PROTO_QUIC; - identify_info->domain_len=ret; - return 1; - } return ret; } extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) { - int ret=0,hit_num=0; + int i=0,ret=0,hit_num=0; struct timespec tv; int state=APP_STATE_GIVEME; scan_status_t mid=NULL; @@ -531,17 +661,17 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t Maat_rule_t all_result[MAX_RESULT_NUM]; policy_priority_label_t *priority_label=NULL; struct _master_context *_context=(struct _master_context *)*pme; - struct _internal_label *internal_label=NULL; + struct _session_attribute_label_t *internal_label=NULL; switch(a_tcp->opstate) { case OP_STATE_PENDING: - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LINKS], 0, FS_OP_ADD, 1); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1); + + internal_label=(struct _session_attribute_label_t *)dictator_malloc(1, sizeof(struct _session_attribute_label_t)); + memset(internal_label, 0, sizeof(struct _session_attribute_label_t)); memset(&identify_info, 0, sizeof(identify_info)); - identify_application_protocol(a_tcp, &identify_info, a_packet); - - internal_label=(struct _internal_label *)dictator_malloc(1, sizeof(struct _internal_label)); - memset(internal_label, 0, sizeof(struct _internal_label)); + identify_application_protocol(a_tcp, &identify_info, internal_label, a_packet); internal_label->proto=identify_info.proto; if(identify_info.proto==PROTO_HTTP) @@ -559,7 +689,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s", internal_label->establish_latency_ms, internal_label->proto, - printaddr(&a_tcp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") ); } else @@ -570,7 +700,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t "Add internal_label successfully, establish latency ms: %llu proto: %d addr: %s", internal_label->establish_latency_ms, internal_label->proto, - printaddr(&a_tcp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") ); } @@ -578,39 +708,96 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t if(ret>0) { hit_num+=ret; - //q_result=tsg_policy_decision_criteria(a_tcp, all_result, hit_num, NULL, thread_seq); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } - - ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq); - if(ret>0) - { - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FQDN", - "Hit %s: %s policy_id: %d service: %d action: %d addr: %s", - (identify_info.proto==PROTO_HTTP) ? "host" : "sni", - identify_info.domain, - all_result[hit_num].config_id, - all_result[hit_num].service_id, - (unsigned char)all_result[hit_num].action, - printaddr(&a_tcp->addr, thread_seq) - ); - hit_num+=ret; - } - else + if(identify_info.proto==PROTO_HTTP || identify_info.proto==PROTO_SSL) { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_FQDN", - "Not hit %s: %s stream_dir: %d addr: %s", - (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), - (ret==-1) ? "NULL" : identify_info.domain, - a_tcp->dir, - printaddr(&a_tcp->addr, thread_seq) + ret=tsg_scan_shared_policy(g_tsg_maat_feather, &identify_info, all_result+hit_num, MAX_RESULT_NUM-hit_num, &mid, thread_seq); + if(ret>0) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN", + "Hit %s: %s policy_id: %d service: %d action: %d addr: %s", + (identify_info.proto==PROTO_HTTP) ? "host" : "sni", + identify_info.domain, + all_result[hit_num].config_id, + all_result[hit_num].service_id, + (unsigned char)all_result[hit_num].action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") + ); + + hit_num+=ret; + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN", + "Not hit %s: %s ret: %d stream_dir: %d addr: %s", + (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), + (ret==-1) ? "NULL" : identify_info.domain, + ret, + a_tcp->dir, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") + ); + } + + if(strlen(identify_info.domain)>0 && identify_info.domain_len>0) + { + internal_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, + identify_info.domain, + internal_label->fqdn_category_id, + MAX_CATEGORY_ID_NUM, + g_tsg_para.logger, + thread_seq + ); + } + + for(i=0; i<internal_label->fqdn_category_id_num; i++) + { + int idx=identify_info.proto==PROTO_HTTP ? TABLE_HTTP_HOST : TABLE_SSL_SNI; + ret=Maat_scan_intval(g_tsg_maat_feather, + g_tsg_para.table_id[idx], + (unsigned int)internal_label->fqdn_category_id[i], + all_result+hit_num, + MAX_RESULT_NUM-hit_num, + &mid, + thread_seq ); + if(ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN_CAT", + "Hit %s: %s category_id: %d policy_id: %d service: %d action: %d addr: %s", + (identify_info.proto==PROTO_HTTP) ? "host" : "sni", + identify_info.domain, + internal_label->fqdn_category_id[i], + all_result[hit_num].config_id, + all_result[hit_num].service_id, + (unsigned char)all_result[hit_num].action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") + ); + hit_num+=ret; + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN_CAT", + "Not hit %s: %s category_id: %d ret: %d stream_dir: %d addr: %s", + (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), + (ret==-1) ? "NULL" : identify_info.domain, + internal_label->fqdn_category_id[i], + ret, + a_tcp->dir, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") + ); + } + } } if(mid!=NULL) @@ -646,7 +833,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t p_result[0].config_id, p_result[0].service_id, (unsigned char)p_result[0].action, - printaddr(&a_tcp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") ); state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; @@ -674,7 +861,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t "Add policy_priority_label failed, intercept policy, policy_id: %d action: %d addr: %s", priority_label->result[0].config_id, (unsigned char)priority_label->result[0].action, - printaddr(&a_tcp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") ); } @@ -684,7 +871,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t "Hit intercept policy, policy_id: %d action: %d addr: %s", priority_label->result[0].config_id, (unsigned char)priority_label->result[0].action, - printaddr(&a_tcp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_tcp->addr, thread_seq) : "") ); return APP_STATE_DROPME|APP_STATE_KILL_OTHER; break; @@ -723,7 +910,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet) { - int ret=0; + int i=0,ret=0; int hit_num=0; scan_status_t mid=NULL; int state=APP_STATE_GIVEME; @@ -731,16 +918,17 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t Maat_rule_t result[MAX_RESULT_NUM]={0}; struct _identify_info identify_info; struct _master_context *_context=(struct _master_context *)*pme; - struct _internal_label *internal_label=NULL; + struct _session_attribute_label_t *internal_label=NULL; switch(a_udp->opstate) { - case OP_STATE_PENDING: + case OP_STATE_PENDING: + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1); memset(&identify_info, 0, sizeof(identify_info)); - identify_application_protocol(a_udp, &identify_info, a_packet); + identify_application_protocol(a_udp, &identify_info, NULL, a_packet); - internal_label=(struct _internal_label *)dictator_malloc(1, sizeof(struct _internal_label)); - memset(internal_label, 0, sizeof(struct _internal_label)); + internal_label=(struct _session_attribute_label_t *)dictator_malloc(1, sizeof(struct _session_attribute_label_t)); + memset(internal_label, 0, sizeof(struct _session_attribute_label_t)); internal_label->proto=identify_info.proto; ret=project_req_add_struct(a_udp, g_tsg_para.internal_project_id, (const void *)internal_label); @@ -751,7 +939,7 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t "PROJECT_ADD", "Add internal_label failed, proto: %d addr: %s", internal_label->proto, - printaddr(&a_udp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") ); } else @@ -761,7 +949,7 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t "PROJECT_ADD", "Add internal_label successfully, proto: %d addr: %s", internal_label->proto, - printaddr(&a_udp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") ); } @@ -787,7 +975,7 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - printaddr(&a_udp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") ); hit_num+=ret; @@ -801,9 +989,62 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t "QUIC SNI", identify_info.domain, a_udp->dir, - printaddr(&a_udp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") ); } + + if(strlen(identify_info.domain)>0 && identify_info.domain_len>0) + { + internal_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, + identify_info.domain, + internal_label->fqdn_category_id, + MAX_CATEGORY_ID_NUM, + g_tsg_para.logger, + thread_seq + ); + } + + for(i=0; i<internal_label->fqdn_category_id_num; i++) + { + ret=Maat_scan_intval(g_tsg_maat_feather, + g_tsg_para.table_id[TABLE_QUIC_SNI], + (unsigned int)internal_label->fqdn_category_id[i], + result+hit_num, + MAX_RESULT_NUM-hit_num, + &mid, + thread_seq + ); + if(ret>0) + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN_CAT", + "Hit %s: %s category_id: %d policy_id: %d service: %d action: %d addr: %s", + "QUIC SNI", + identify_info.domain, + internal_label->fqdn_category_id[i], + result[hit_num].config_id, + result[hit_num].service_id, + (unsigned char)result[hit_num].action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") + ); + hit_num+=ret; + } + else + { + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "SCAN_FQDN_CAT", + "Not hit %s: %s category_id: %d ret: %d stream_dir: %d addr: %s", + (ret==-1) ? "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"), + (ret==-1) ? "NULL" : identify_info.domain, + internal_label->fqdn_category_id[i], + ret, + a_udp->dir, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") + ); + } + } } if(mid!=NULL) @@ -837,7 +1078,7 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t p_result[0].config_id, p_result[0].service_id, (unsigned char)p_result[0].action, - printaddr(&a_udp->addr, thread_seq) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_udp->addr, thread_seq) : "") ); state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; @@ -881,27 +1122,30 @@ extern "C" char TSG_MASTER_UDP_ENTRY(struct streaminfo *a_udp, void **pme, int t extern "C" int TSG_MASTER_INIT() { - int i=0,ret=0,cycle=0; - int value=0,level=30; + int i=0,ret=0; + int value=0,cycle=0; unsigned short fs_server_port=0; char app_name[MAX_STRING_LEN]={0}; - char log_path[MAX_STRING_LEN*4]={0}; char label_buff[MAX_STRING_LEN*4]={0}; char fs_server_ip[MAX_IPV4_LEN]={0}; char fs_output_path[MAX_STRING_LEN*4]={0}; char device_sn_filename[MAX_STRING_LEN]={0}; + char identify_proto_name[MAX_STRING_LEN*4]={0}; memset(&g_tsg_para, 0, sizeof(g_tsg_para)); - MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &level, 30); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", log_path, sizeof(log_path), "tsglog/tsg_master"); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "tsglog/tsg_master"); - g_tsg_para.logger=MESA_create_runtime_log_handle(log_path, level); + g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level); if(g_tsg_para.logger==NULL) { printf("MESA_create_runtime_log_handle failed ...\n"); return -1; } + + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;"); + tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_ID", &g_tsg_para.device_id, 0); MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300); @@ -934,7 +1178,7 @@ extern "C" int TSG_MASTER_INIT() } MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL"); - g_tsg_para.internal_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_internal_label); + g_tsg_para.internal_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); if(g_tsg_para.internal_project_id<0) { MESA_handle_runtime_log(g_tsg_para.logger, @@ -989,12 +1233,24 @@ extern "C" int TSG_MASTER_INIT() for(i=0; i<TSG_FS2_MAX; i++) { - g_tsg_para.fs2_field_id[g_tsg_fs2_field[i].id]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_CURRENT, g_tsg_fs2_field[i].name); + g_tsg_para.fs2_field_id[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_tsg_fs2_field[i].name); } + char buff[32]={0}; + int thread_num=get_thread_count(); + for(i=0; i<thread_num && g_tsg_log_instance!=NULL; i++) + { + snprintf(buff, sizeof(buff), "send_log_percent_%02d", i); + g_tsg_log_instance->fs_status_ids[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_STATUS, FS_CALC_CURRENT, buff); + } FS_start(g_tsg_para.fs2_handle); + for(i=0; i<thread_num; i++) + { + FS_operate(g_tsg_para.fs2_handle,g_tsg_log_instance ->fs_status_ids[i], 0, FS_OP_SET, g_tsg_log_instance->send_log_percent[i]); + } + ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger); if(ret<0) { diff --git a/src/tsg_entry.h b/src/tsg_entry.h index f91b987..d03fb88 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -4,6 +4,7 @@ #include <MESA/Maat_rule.h> #include <MESA/field_stat2.h> #include "tsg_rule.h" +#include "tsg_label.h" #include "tsg_statistic.h" #if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411) @@ -39,18 +40,23 @@ enum MASTER_TABLE{ TABLE_LOCATION_USER_DEFINED, TABLE_LOCATION_BUILT_IN, TABLE_QUIC_SNI, + TABLE_FQDN_CAT_ID, + TABLE_FQDN_CAT_USER_DEFINED, + TABLE_FQDN_CAT_BUILT_IN, TABLE_MAX }; enum TSG_FS2_TYPE{ - TSG_FS2_LINKS=0, + TSG_FS2_TCP_LINKS=0, + TSG_FS2_UDP_LINKS, TSG_FS2_BYPASS, TSG_FS2_HIT_ADDR, TSG_FS2_HIT_SHARE, TSG_FS2_INTERCEPT, - TSG_FS2_LOG, - TSG_FS2_DENY, + TSG_FS2_SUCCESS_LOG, + TSG_FS2_FAILED_LOG, + TSG_FS2_DROP_LOG, TSG_FS2_MAX }; @@ -61,45 +67,14 @@ struct _str2index char *type; }; -struct _asn_info +struct _fqdn_category_t { - int ref_cnt; - int addr_type; - char start_ip[40]; - char end_ip[40]; - char asn[40]; - char organization[256]; - int table_id; + int ref_cnt; + unsigned int category_id; + int match_method; + char fqdn[MAX_DOAMIN_LEN/8]; }; -struct _location_info -{ - int ref_cnt; - int addr_type; - char start_ip[40]; - char end_ip[40]; - double latitude; - double longitude; - double coords; - char language[40]; - char continent_abbr[256]; - char continent_full[256]; - char country_abbr[256]; - char country_full[256]; - char province_abbr[256]; - char province_full[256]; - char city_full[256]; - char time_zone[128]; - int geoname_id; - int table_id; -}; - -struct _subscribe_id_info -{ - int ref_cnt; - int table_id; - char subscribe_id[256]; -}; typedef struct _policy_priority_label { @@ -123,14 +98,19 @@ struct _master_context #define _MAX_TABLE_NAME_LEN 64 typedef struct _tsg_para { + int level; unsigned short timeout; + int app_id_table_type; int device_id; int table_id[TABLE_MAX]; int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP int priority_project_id; int internal_project_id; + int proto_flag; //tsg_protocol_t int fs2_field_id[TSG_FS2_MAX]; char device_sn[MAX_DOAMIN_LEN/8]; + char log_path[MAX_DOAMIN_LEN/8]; + char data_center[_MAX_TABLE_NAME_LEN]; char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; void *logger; screen_stat_handle_t fs2_handle; @@ -138,8 +118,6 @@ typedef struct _tsg_para extern g_tsg_para_t g_tsg_para; - - typedef enum _tsg_statis_field_id { STATIS_UNKNOWN=0, @@ -177,6 +155,24 @@ typedef enum _tsg_statis_field_id STATIS_INTERCEPT_OUT_BYTES, STATIS_INTERCEPT_IN_PACKETS, STATIS_INTERCEPT_OUT_PACKETS, + STATIS_IPV4_IN_BYTES, + STATIS_IPV4_OUT_BYTES, + STATIS_IPV4_IN_PACKETS, + STATIS_IPV4_OUT_PACKETS, + STATIS_IPV6_IN_BYTES, + STATIS_IPV6_OUT_BYTES, + STATIS_IPV6_IN_PACKETS, + STATIS_IPV6_OUT_PACKETS, + STATIS_TCP_NEW_CON_NUM, + STATIS_TCP_IN_BYTES, + STATIS_TCP_OUT_BYTES, + STATIS_TCP_IN_PACKETS, + STATIS_TCP_OUT_PACKETS, + STATIS_UDP_NEW_CON_NUM, + STATIS_UDP_IN_BYTES, + STATIS_UDP_OUT_BYTES, + STATIS_UDP_IN_PACKETS, + STATIS_UDP_OUT_PACKETS, STATIS_ALERT_BYTES, STATIS_BLOCK_BYTES, STATIS_PINNING_NUM, diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 1d366e3..3acaa63 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -6,7 +6,7 @@ #include <arpa/inet.h> #include <MESA/stream.h> #include <MESA/MESA_prof_load.h> - +#include "MESA/cJSON.h" #include "MESA/MESA_handle_logger.h" #include "Maat_rule.h" #include "Maat_command.h" @@ -52,6 +52,10 @@ const struct _str2index g_tsg_proto_string[PROTO_MAX+1]={{PROTO_UNKONWN, 0, (cha {PROTO_BGP, 4, (char *)"BGP."}, {PROTO_STREAMING_MEDIA, 16, (char *)"STREAMING_MEDIA."}, {PROTO_QUIC, 5, (char *)"QUIC."}, + {PROTO_SSH, 4, (char *)"SSH."}, + {PROTO_SMTP, 5, (char *)"MAIL."}, + {PROTO_IMAP, 5, (char *)"MAIL."}, + {PROTO_POP3, 5, (char *)"MAIL."}, {PROTO_MAX, 0, (char *)""} }; @@ -92,124 +96,140 @@ static char* str_unescape(char* s) return s; } +static int proto_str2id(tsg_protocol_t proto) +{ + switch(proto) + { + case PROTO_TCP: return 100; + case PROTO_UDP: return 101; + case PROTO_HTTP: return 106; + case PROTO_MAIL: return 110; + case PROTO_IMAP: return 110; + case PROTO_POP3: return 110;//116 + case PROTO_SMTP: return 110;//122 + case PROTO_DNS: return 103; + case PROTO_FTP: return 104; + case PROTO_SSL: return 126; + case PROTO_SIP: return 120; + case PROTO_QUIC: return 119; + case PROTO_SSH: return 125; + case PROTO_IPv6: + case PROTO_IPv4: + case PROTO_STREAMING_MEDIA: + case PROTO_BGP: + default: + break; + } + + return 0; +} + +static int get_data_center(char *accept_tag, char *data_center, int data_center_len) +{ + int i=0,len; + cJSON *object=cJSON_Parse(accept_tag); + if(object!=NULL) + { + cJSON *array=cJSON_GetObjectItem(object, "tags"); + if(array!=NULL) + { + for(i=0; i<cJSON_GetArraySize(array); i++) + { + cJSON *item=cJSON_GetArrayItem(array, i); + if(item!=NULL) + { + cJSON *tag_item=cJSON_GetObjectItem(item, "tag"); + if(tag_item!=NULL && tag_item->valuestring!=NULL && (memcmp("device_id", tag_item->valuestring, strlen("device_id")))==0) + { + cJSON *v_item=cJSON_GetObjectItem(item, "value"); + if(v_item!=NULL && v_item->valuestring!=NULL) + { + len=strlen(v_item->valuestring); + memcpy(data_center, v_item->valuestring, (len>data_center_len-1 ? data_center_len-1 : len)); + } + return 1; + } + } + } + } + } + + return 0; +} + +static void eliminate_default_value(char *value) +{ + if(value!=NULL && (memcmp(value, "null", 4))==0) + { + value[0]='\0'; + } +} void ASN_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - void *logger=argp; - struct _asn_info *asn=(struct _asn_info *)(*from); - - atomic_inc(&asn->ref_cnt); - *to=*from; + struct _asn_info_t *asn=(struct _asn_info_t *)(*from); - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "IP_ASN", - "Dup(table_id: %d) ip ASN: start_ip: %s end_ip: %s asn: %s organization: %s ref_cnt: %d", - table_id, - asn->start_ip, - asn->end_ip, - asn->asn, - asn->organization, - asn->ref_cnt - ); + if(asn!=NULL) + { + atomic_inc(&asn->ref_cnt); + *to=*from; + } return; } void ASN_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; int ret=0,id=0,is_valid=0; - struct _asn_info *asn=NULL; - asn=(struct _asn_info *)calloc(1, sizeof(struct _asn_info)); + struct _asn_info_t *asn=NULL; + asn=(struct _asn_info_t *)calloc(1, sizeof(struct _asn_info_t)); ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%d", &id, &asn->addr_type, asn->start_ip, asn->end_ip, asn->asn, asn->organization, &is_valid); if(ret!=7) { free(asn); asn=NULL; - - MESA_handle_runtime_log(logger, - RLOG_LV_FATAL, - "IP_ASN", - "Parse ip ASN failed, ret: %d table_id: %d table_line: %s", - ret, - table_id, - table_line - ); return; } str_unescape(asn->organization); + eliminate_default_value(asn->organization); atomic_inc(&asn->ref_cnt); asn->table_id=table_id; *ad=(MAAT_PLUGIN_EX_DATA)asn; - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "IP_ASN", - "Add(table_id: %d) ip ASN: start_ip: %s end_ip: %s asn: %s organization: %s ref_cnt: %d", - table_id, - asn->start_ip, - asn->end_ip, - asn->asn, - asn->organization, - asn->ref_cnt - ); return; } void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - struct _asn_info *asn=(struct _asn_info *)(*ad); + struct _asn_info_t *asn=(struct _asn_info_t *)(*ad); - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "IP_ASN", - "Delate(table_id: %d) ip ASN: start_ip: %s end_ip: %s asn: %s organization: %s ref_cnt: %d", - table_id, - asn->start_ip, - asn->end_ip, - asn->asn, - asn->organization, - asn->ref_cnt - ); - - atomic_dec(&asn->ref_cnt); - if(asn->ref_cnt<=0) + if(asn!=NULL) { - free(*ad); - *ad=NULL; + atomic_dec(&asn->ref_cnt); + + if(asn->ref_cnt<=0) + { + free(*ad); + *ad=NULL; + } } - return; } void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - void *logger=argp; - struct _location_info *location=(struct _location_info *)(*from); + struct _location_info_t *location=(struct _location_info_t *)(*from); - atomic_inc(&location->ref_cnt); - *to=*from; + if(location!=NULL) + { + atomic_inc(&location->ref_cnt); + *to=*from; + } - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "IP_LOCATION", - "Dup(table_id: %d) location: geoname_id: %d start_ip: %s end_ip: %s continent: %s country: %s province: %s city: %s ref_cnt: %d", - table_id, - location->geoname_id, - location->start_ip, - location->end_ip, - location->continent_full, - location->country_full, - location->province_full, - location->city_full, - location->ref_cnt - ); return; } @@ -217,9 +237,9 @@ void location_new_data(int table_id, const char* key, const char* table_line, MA { void *logger=argp; int ret=0,id=0,is_valid=0; - struct _location_info *location=NULL; + struct _location_info_t *location=NULL; - location=(struct _location_info *)calloc(1, sizeof(struct _location_info)); + location=(struct _location_info_t *)calloc(1, sizeof(struct _location_info_t)); ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", @@ -261,68 +281,118 @@ void location_new_data(int table_id, const char* key, const char* table_line, MA str_unescape(location->country_full); str_unescape(location->province_full); str_unescape(location->city_full); + eliminate_default_value(location->language); + eliminate_default_value(location->continent_abbr); + eliminate_default_value(location->continent_full); + eliminate_default_value(location->country_abbr); + eliminate_default_value(location->country_full); + eliminate_default_value(location->province_abbr); + eliminate_default_value(location->province_full); + eliminate_default_value(location->city_full); + eliminate_default_value(location->time_zone); atomic_inc(&location->ref_cnt); location->table_id=table_id; *ad=(MAAT_PLUGIN_EX_DATA)location; - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "IP_LOCATION", - "Add(table_id: %d) ip location: geoname_id: %d start_ip: %s end_ip: %s continent: %s country: %s province: %s city: %s ref_cnt: %d", - table_id, - location->geoname_id, - location->start_ip, - location->end_ip, - location->continent_full, - location->country_full, - location->province_full, - location->city_full, - location->ref_cnt - ); return; } void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - struct _location_info *location=(struct _location_info *)(*ad); + struct _location_info_t *location=(struct _location_info_t *)(*ad); - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "IP_LOCATION", - "Delete(table_id: %d) location: geoname_id: %d start_ip: %s end_ip: %s continent: %s country: %s province: %s city: %s ref_cnt: %d", - table_id, - location->geoname_id, - location->start_ip, - location->end_ip, - location->continent_full, - location->country_full, - location->province_full, - location->city_full, - location->ref_cnt - ); - - atomic_dec(&location->ref_cnt); - if(location->ref_cnt<=0) + if(location!=NULL) { - free(*ad); - *ad=NULL; + atomic_dec(&location->ref_cnt); + + if(location->ref_cnt<=0) + { + free(*ad); + *ad=NULL; + } } return; } +void fqdn_cat_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +{ + struct _fqdn_category_t *fqdn_cat=(struct _fqdn_category_t *)(*from); -void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) + if(fqdn_cat!=NULL) + { + atomic_inc(&fqdn_cat->ref_cnt); + *to=*from; + } + return; +} + +void fqdn_cat_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { void *logger=argp; - struct _subscribe_id_info *subscribe_id=(struct _subscribe_id_info *)(*from); + int ret=0,id=0,is_valid=0; + struct _fqdn_category_t *fqdn_cat=NULL; - atomic_inc(&subscribe_id->ref_cnt); - *to=*from; + fqdn_cat=(struct _fqdn_category_t *)calloc(1, sizeof(struct _fqdn_category_t)); - MESA_handle_runtime_log(logger, RLOG_LV_DEBUG, "SUBSCRIBE_ID", "Dup(table_id: %d ) subscribe_id: %s ref_cnt: %d", table_id, subscribe_id->subscribe_id, subscribe_id->ref_cnt); + ret=sscanf(table_line, + "%d\t%u\t%s\t\t%d\t%d", + &id, + &fqdn_cat->category_id, + fqdn_cat->fqdn, + &fqdn_cat->match_method, + &is_valid + ); + if(ret!=5) + { + free(fqdn_cat); + fqdn_cat=NULL; + + MESA_handle_runtime_log(logger, + RLOG_LV_FATAL, + "FQDN_CAT", + "Parse fqdn category failed, ret: %d table_id: %d table_line: %s", + ret, + table_id, + table_line + ); + return; + } + + atomic_inc(&fqdn_cat->ref_cnt); + *ad=(MAAT_PLUGIN_EX_DATA)fqdn_cat; + + return; +} + +void fqdn_cat_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +{ + struct _fqdn_category_t *fqdn_cat=(struct _fqdn_category_t *)(*ad); + + if(fqdn_cat!=NULL) + { + atomic_dec(&fqdn_cat->ref_cnt); + + if(fqdn_cat->ref_cnt<=0) + { + free(*ad); + *ad=NULL; + } + } + return; +} + + +void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +{ + struct _subscribe_id_info_t *subscribe_id=(struct _subscribe_id_info_t *)(*from); + + if(subscribe_id!=NULL) + { + atomic_inc(&subscribe_id->ref_cnt); + *to=*from; + } return; } @@ -332,9 +402,9 @@ void subscribe_id_new_data(int table_id, const char* key, const char* table_line void *logger=argp; int ret=0,id=0,type=0,is_valid=0; char ip_addr[MAX_IPV6_ADDR_LEN]={0}; - struct _subscribe_id_info *subscribe_id=NULL; + struct _subscribe_id_info_t *subscribe_id=NULL; - subscribe_id=(struct _subscribe_id_info *)calloc(1, sizeof(struct _subscribe_id_info)); + subscribe_id=(struct _subscribe_id_info_t *)calloc(1, sizeof(struct _subscribe_id_info_t)); ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%d", &id, &type, ip_addr, subscribe_id->subscribe_id, &is_valid); if(ret!=5) @@ -359,29 +429,22 @@ void subscribe_id_new_data(int table_id, const char* key, const char* table_line subscribe_id->table_id=table_id; *ad=(MAAT_PLUGIN_EX_DATA)subscribe_id; - MESA_handle_runtime_log(logger, - RLOG_LV_DEBUG, - "SUBSCRIBE_ID", - "Add(table_id: %d ) subscribe_id: %s ref_cnt: %d", - table_id, - subscribe_id->subscribe_id, - subscribe_id->ref_cnt - ); return; } void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - struct _subscribe_id_info *subscribe_id=(struct _subscribe_id_info *)(*ad); - - MESA_handle_runtime_log(logger, RLOG_LV_DEBUG, "SUBSCRIBE_ID", "Delete(table_id: %d ) subscribe_id: %s ref_cnt: %d", table_id, subscribe_id->subscribe_id, subscribe_id->ref_cnt); + struct _subscribe_id_info_t *subscribe_id=(struct _subscribe_id_info_t *)(*ad); - atomic_dec(&subscribe_id->ref_cnt); - if(subscribe_id->ref_cnt<=0) + if(subscribe_id!=NULL) { - free(*ad); - *ad=NULL; + atomic_dec(&subscribe_id->ref_cnt); + + if(subscribe_id->ref_cnt<=0) + { + free(*ad); + *ad=NULL; + } } return; @@ -401,8 +464,22 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam memset(effective_flag, 0, sizeof(effective_flag)); MESA_load_profile_string_def(conffile, module, "EFFECTIVE_RANGE_FILE", effective_range_filename, sizeof(effective_range_filename),"./tsgconf/maat.conf"); - MESA_load_profile_string_def(conffile, "MAAT", "ACCEPT_TAGS", effective_flag, sizeof(effective_flag),""); + if(strlen(effective_range_filename)>0) + { + MESA_load_profile_string_def(effective_range_filename, "MAAT", "ACCEPT_TAGS", effective_flag, sizeof(effective_flag),""); + } + + if(strlen(effective_flag)==0) + { + MESA_load_profile_string_def(conffile, "MAAT", "ACCEPT_TAGS", effective_flag, sizeof(effective_flag),""); + } + + if(strlen(g_tsg_para.data_center)==0 && strlen(effective_flag)>0) + { + get_data_center(effective_flag, g_tsg_para.data_center, sizeof(g_tsg_para.data_center)); + } + MESA_load_profile_int_def(conffile, module,"MAAT_MODE", &(maat_mode),0); MESA_load_profile_int_def(conffile, module,"STAT_SWITCH", &(maat_stat_on),1); MESA_load_profile_int_def(conffile, module,"PERF_SWITCH", &(maat_perf_on),1); @@ -495,7 +572,9 @@ int tsg_rule_init(const char* conffile, void *logger) char maat_conffile[256]={0}; char cb_subscriber_ip_table[32]={0}; - MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf"); + MESA_load_profile_int_def(conffile, "MAAT","APP_ID_TABLE_TYPE", &g_tsg_para.app_id_table_type, 1); + + MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf"); MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR"); MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID"); MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); @@ -515,6 +594,10 @@ int tsg_rule_init(const char* conffile, void *logger) MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT"); + MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN"); + MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED"); + //init static maat feather g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger); if(g_tsg_maat_feather==NULL) @@ -580,6 +663,28 @@ int tsg_rule_init(const char* conffile, void *logger) } } + for(i=TABLE_FQDN_CAT_USER_DEFINED; i<=TABLE_FQDN_CAT_BUILT_IN; i++) + { + ret=Maat_fqdn_plugin_EX_register(g_tsg_maat_feather, + g_tsg_para.table_id[i], + fqdn_cat_new_data, + fqdn_cat_free_data, + fqdn_cat_dup_data, + 0, + logger + ); + if(ret<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, + "RULE_INIT", + "Maat_ip_plugin_EX_register failed, table_name: %s table_id: %d", + g_tsg_para.table_name[i], + g_tsg_para.table_id[i] + ); + return -1; + } + } + //init dynamic maat feather g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger); if(g_tsg_maat_feather==NULL) @@ -640,23 +745,29 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re } else { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PULL_RESULT", - "pull policy failed, hit: %s %s: %s policy_id: %d service: %d action: %d addr: %s", - (label->result_type==PULL_KNI_RESULT) ? "KNI" : "FW", - label->proto==PROTO_HTTP ? "host" : "sni", - label->domain, - label->result->config_id, - label->result->service_id, - label->result->action, - printaddr(&a_stream->addr, a_stream->threadnum)); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "PULL_RESULT", + "pull policy failed, hit: %s %s: %s policy_id: %d service: %d action: %d addr: %s", + (label->result_type==PULL_KNI_RESULT) ? "KNI" : "FW", + label->proto==PROTO_HTTP ? "host" : "sni", + label->domain, + label->result->config_id, + label->result->service_id, + label->result->action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") + ); } } else { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "PULL_RESULT", - "pull policy failed, Not hit, label is %s addr: %s", - (label==NULL) ? "NULL" : label->domain, - printaddr(&a_stream->addr, a_stream->threadnum)); + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "PULL_RESULT", + "pull policy failed, Not hit, label is %s addr: %s", + (label==NULL) ? "NULL" : label->domain, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") + ); } return 0; @@ -738,7 +849,7 @@ int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PL return 0; } -int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id_info **source_subscribe_id, struct _subscribe_id_info **dest_subscribe_id) +int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id_info_t **source_subscribe_id, struct _subscribe_id_info_t **dest_subscribe_id) { char source_ip[MAX_IPV6_ADDR_LEN]={0}; char dest_ip[MAX_IPV6_ADDR_LEN]={0}; @@ -763,18 +874,18 @@ int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id if(strlen(dest_ip)>0 && *dest_subscribe_id==NULL) { - *dest_subscribe_id = (struct _subscribe_id_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip); + *dest_subscribe_id = (struct _subscribe_id_info_t *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip); } if(strlen(source_ip)>0 && *source_subscribe_id==NULL) { - *source_subscribe_id = (struct _subscribe_id_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip); + *source_subscribe_id = (struct _subscribe_id_info_t *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip); } return 0; } -int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct _asn_info *asn, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) +int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct _asn_info_t *asn, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) { int ret=0; @@ -793,28 +904,28 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre if(ret > 0) { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP_ASN", - "Hit IP_ASN: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", - asn->asn, - ret, - g_tsg_para.table_name[idx], - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - printaddr(&a_stream->addr, a_stream->threadnum) + RLOG_LV_DEBUG, + "SCAN_IP_ASN", + "Hit IP_ASN: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", + asn->asn, + ret, + g_tsg_para.table_name[idx], + result[0].config_id, + result[0].service_id, + (unsigned char)result[0].action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } else { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP_ASN", - "No hit IP_ASN: %s scan ret: %d table_name: %s addr: %s", - asn->asn, - ret, - g_tsg_para.table_name[idx], - printaddr(&a_stream->addr, a_stream->threadnum) + RLOG_LV_DEBUG, + "SCAN_IP_ASN", + "No hit IP_ASN: %s scan ret: %d table_name: %s addr: %s", + asn->asn, + ret, + g_tsg_para.table_name[idx], + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } } @@ -826,15 +937,15 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre "IP_ASN is NULL scan ret: %d table_name: %s addr: %s", ret, g_tsg_para.table_name[idx], - printaddr(&a_stream->addr, a_stream->threadnum) - ); + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") + ); } return (ret>0 ? ret : 0); } -int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct _location_info *location, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) +int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct _location_info_t *location, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) { int ret=0; char buff[1024]={0}; @@ -855,28 +966,28 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a if(ret > 0) { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP_LOCATION", - "Hit IP_LOCATION: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", - buff, - ret, - g_tsg_para.table_name[idx], - result[0].config_id, - result[0].service_id, - (unsigned char)result[0].action, - printaddr(&a_stream->addr, a_stream->threadnum) + RLOG_LV_DEBUG, + "SCAN_IP_LOCATION", + "Hit IP_LOCATION: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", + buff, + ret, + g_tsg_para.table_name[idx], + result[0].config_id, + result[0].service_id, + (unsigned char)result[0].action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } else { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_IP_LOCATION", - "No hit IP_LOCATION: %s scan ret: %d table_name: %s addr: %s", - buff, - ret, - g_tsg_para.table_name[idx], - printaddr(&a_stream->addr, a_stream->threadnum) + RLOG_LV_DEBUG, + "SCAN_IP_LOCATION", + "No hit IP_LOCATION: %s scan ret: %d table_name: %s addr: %s", + buff, + ret, + g_tsg_para.table_name[idx], + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } } @@ -888,8 +999,8 @@ int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a "IP_LOCATION is NULL scan ret: %d table_name: %s addr: %s", ret, g_tsg_para.table_name[idx], - printaddr(&a_stream->addr, a_stream->threadnum) - ); + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") + ); } return (ret>0 ? ret : 0); @@ -903,15 +1014,15 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * int hit_num=0,tans_proto=0; int is_scan_addr=1, maat_ret=0,found_pos=0; const struct streaminfo *cur_stream = a_stream; - struct _internal_label *internal_label=NULL; + struct _session_attribute_label_t *internal_label=NULL; if(result==NULL || result_num<=0 || a_stream==NULL || maat_feather==NULL) { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, + RLOG_LV_DEBUG, "SCAN_NESTING_ADDR", - "result==NULL || result_num<=0 || maat_feather==NULL || a_stream==%s", - (a_stream!=NULL) ? printaddr(&a_stream->addr, a_stream->threadnum) : "NULL"); + "result==NULL || result_num<=0 || maat_feather==NULL || a_stream==NULL" + ); return -1; } @@ -969,7 +1080,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * RLOG_LV_DEBUG, "SCAN_IP", "Hit addr: %s scan ret: %d policy_id: %d service: %d action: %d", - printaddr(&cur_stream->addr, cur_stream->threadnum), + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&cur_stream->addr, cur_stream->threadnum) : ""), maat_ret, result[hit_num].config_id, result[hit_num].service_id, @@ -984,7 +1095,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * RLOG_LV_DEBUG, "SCAN_IP", "No hit addr: %s scan ret: %d", - printaddr(&cur_stream->addr, cur_stream->threadnum), + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&cur_stream->addr, cur_stream->threadnum) : ""), maat_ret ); } @@ -996,28 +1107,47 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * if(hit_num<result_num && proto>PROTO_UNKONWN && proto<PROTO_MAX) { - maat_ret=Maat_full_scan_string(maat_feather, - g_tsg_para.table_id[TABLE_APP_ID], - CHARSET_GBK, - g_tsg_proto_string[proto].type, - strlen(g_tsg_proto_string[proto].type), - result+hit_num, - &found_pos, - result_num-hit_num, - mid, - a_stream->threadnum); + if(g_tsg_para.app_id_table_type==0) + { + maat_ret=Maat_full_scan_string(maat_feather, + g_tsg_para.table_id[TABLE_APP_ID], + CHARSET_GBK, + g_tsg_proto_string[proto].type, + strlen(g_tsg_proto_string[proto].type), + result+hit_num, + &found_pos, + result_num-hit_num, + mid, + a_stream->threadnum + ); + } + else + { + unsigned int proto_id=proto_str2id(proto); + if(proto_id>0) + { + maat_ret=Maat_scan_intval(maat_feather, + g_tsg_para.table_id[TABLE_APP_ID], + proto_id, + result+hit_num, + result_num-hit_num, + mid, + a_stream->threadnum + ); + } + } if(maat_ret > 0) { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_PROTO", - "Hit PROTO: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", - g_tsg_proto_string[proto].type, - maat_ret, - result[hit_num].config_id, - result[hit_num].service_id, - (unsigned char)result[hit_num].action, - printaddr(&a_stream->addr, a_stream->threadnum) + RLOG_LV_DEBUG, + "SCAN_PROTO", + "Hit PROTO: %s scan ret: %d policy_id: %d service: %d action: %d addr: %s", + g_tsg_proto_string[proto].type, + maat_ret, + result[hit_num].config_id, + result[hit_num].service_id, + (unsigned char)result[hit_num].action, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); hit_num+=maat_ret; @@ -1025,21 +1155,22 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * else { MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "SCAN_PROTO", - "No hit PROTO: %s scan ret: %d addr: %s", - g_tsg_proto_string[proto].type, - maat_ret, - printaddr(&a_stream->addr, a_stream->threadnum) + RLOG_LV_DEBUG, + "SCAN_PROTO", + "No hit PROTO: %s(%d) scan ret: %d addr: %s", + g_tsg_proto_string[proto].type, + proto_str2id(proto), + maat_ret, + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } } - internal_label=(struct _internal_label *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id); + internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id); if(internal_label==NULL) { - internal_label=(struct _internal_label *)calloc(1, sizeof(struct _internal_label)); - memset(internal_label, 0, sizeof(struct _internal_label)); + internal_label=(struct _session_attribute_label_t *)calloc(1, sizeof(struct _session_attribute_label_t)); + memset(internal_label, 0, sizeof(struct _session_attribute_label_t)); } if(hit_num<result_num) @@ -1088,7 +1219,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - printaddr(&a_stream->addr, a_stream->threadnum) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); hit_num+=maat_ret; @@ -1101,7 +1232,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * "No hit source subscribe id: %s scan ret: %d addr: %s", internal_label->client_subscribe_id->subscribe_id, maat_ret, - printaddr(&a_stream->addr, a_stream->threadnum) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } } @@ -1129,7 +1260,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * result[hit_num].config_id, result[hit_num].service_id, (unsigned char)result[hit_num].action, - printaddr(&a_stream->addr, a_stream->threadnum) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); hit_num+=maat_ret; @@ -1142,7 +1273,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * "No hit dest subscribe id: %s scan ret: %d addr: %s", internal_label->server_subscribe_id->subscribe_id, maat_ret, - printaddr(&a_stream->addr, a_stream->threadnum) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } } @@ -1156,7 +1287,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * "ADD_INTERNAL_LABEL", "Add internal label failed, ret: %d addr: %s", ret, - printaddr(&a_stream->addr, a_stream->threadnum) + (g_tsg_para.level<RLOG_LV_FATAL ? printaddr(&a_stream->addr, a_stream->threadnum) : "") ); } @@ -1250,3 +1381,46 @@ int tsg_get_method_id(char *method) return -1; } +int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq) +{ + int i=0,ret=0; + struct _fqdn_category_t *ex_data_array[8]={0}; + + if(category_id!=NULL && category_id_num>0) + { + ret=Maat_fqdn_plugin_get_EX_data(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8); + if(ret>0) + { + for(i=0; i<ret; i++) + { + if(i<category_id_num) + { + category_id[i]=ex_data_array[i]->category_id; + } + + fqdn_cat_free_data(g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger); + } + + return i<category_id_num ? i : category_id_num; + } + + ret=Maat_fqdn_plugin_get_EX_data(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_BUILT_IN], fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8); + if(ret>0) + { + for(i=0; i<ret && i<category_id_num; i++) + { + if(i<category_id_num) + { + category_id[i]=ex_data_array[i]->category_id; + } + + fqdn_cat_free_data(g_tsg_para.table_id[TABLE_FQDN_CAT_BUILT_IN], (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger); + } + + return i<category_id_num ? i : category_id_num; + } + } + + return 0; +} + diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index e6625c7..0c43608 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -10,6 +10,7 @@ #include <sys/types.h> #include <sys/ioctl.h> #include <unistd.h> +#include <pthread.h> #include <MESA/stream.h> #include <MESA/MESA_prof_load.h> @@ -34,6 +35,7 @@ extern "C" int MESA_get_dev_ipv4(const char *device, int *ip_add); int is_multi_hit_same_policy(struct Maat_rule_t *result, int *policy_id, int *policy_id_num) { + return 0; int j=0; for(j=0;j<*policy_id_num;j++) @@ -186,10 +188,10 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name, int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { char buff[512]={0}; - struct _location_info *location=NULL; - struct _internal_label *internal_label=NULL; + struct _location_info_t *location=NULL; + struct _session_attribute_label_t *internal_label=NULL; - internal_label=(struct _internal_label *)project_req_get_struct(a_stream, _instance->internal_project_id); + internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id); if(internal_label!=NULL) { TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)internal_label->establish_latency_ms, TLD_TYPE_LONG); @@ -209,22 +211,21 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD if(internal_label->client_location!=NULL) { location=internal_label->client_location; - snprintf(buff, sizeof(buff), "%s,%s,%s", (!(memcmp(location->city_full, "null", 4)) ? "" : location->city_full), - (!(memcmp(location->province_full, "null", 4)) ? "" : location->province_full), - (!(memcmp(location->country_full, "null", 4)) ? "" : location->country_full) - ); + snprintf(buff, sizeof(buff), "%s,%s,%s", location->city_full, location->province_full, location->country_full); TLD_append(_handle, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, (void *)buff, TLD_TYPE_STRING); } if(internal_label->server_location!=NULL) { location=internal_label->server_location; - snprintf(buff, sizeof(buff), "%s,%s,%s", (!(memcmp(location->city_full, "null", 4)) ? "" : location->city_full), - (!(memcmp(location->province_full, "null", 4)) ? "" : location->province_full), - (!(memcmp(location->country_full, "null", 4)) ? "" : location->country_full) - ); + snprintf(buff, sizeof(buff), "%s,%s,%s", location->city_full, location->province_full, location->country_full); TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, (void *)buff, TLD_TYPE_STRING); } + + if(internal_label->ja3_fingerprint!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_SSL_JA3_FINGERPRINT].name, (void *)internal_label->ja3_fingerprint, TLD_TYPE_STRING); + } } return 0; @@ -232,6 +233,7 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream) { + int i_or_e=0,direction=0; int ret=0,addr_type=0; unsigned short tunnel_type=0; char nest_addr_buf[1024]; @@ -254,10 +256,9 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle if(_instance==NULL || _handle==NULL || a_stream==NULL) { MESA_handle_runtime_log(_instance->logger, - ((a_stream==NULL) ? RLOG_LV_DEBUG: RLOG_LV_FATAL), + RLOG_LV_DEBUG, "TLD_APPEND_STREAM", - "instance==NULL || TLD_handle==NULL || addr: %s", - ((a_stream==NULL) ? "NULL": (printaddr(&a_stream->addr, a_stream->threadnum))) + "instance==NULL || TLD_handle==NULL || addr==NULL" ); return -1; } @@ -360,6 +361,35 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle TLD_append(_handle, _instance->id2field[LOG_COMMON_ADDRESS_LIST].name, (void *)nest_addr_buf, TLD_TYPE_STRING); set_common_field_from_label(_instance, _handle, a_stream); + + i_or_e=MESA_dir_link_to_human(a_stream->routedir); + switch(a_stream->curdir) + { + case DIR_C2S: + if(i_or_e=='E' || i_or_e=='e') + { + direction='E'; + } + else + { + direction='I'; + } + break; + case DIR_S2C: + if(i_or_e=='E' || i_or_e=='e') + { + direction='I'; + } + else + { + direction='E'; + } + break; + default: + break; + } + + TLD_append(_handle, _instance->id2field[LOG_COMMON_DIRECTION].name, (void *)(long)direction, TLD_TYPE_LONG); return 0; } @@ -455,25 +485,34 @@ int load_log_common_field(const char *filename, id2field_t *id2field, id2field_t struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) { - int i=0,ret=0,level=30; + int i=0,ret=0; char nic_name[32]={0}; char kafka_errstr[1024]={0}; unsigned int local_ip_nr=0; - char log_path[MAX_STRING_LEN*4]={0}; rd_kafka_t *kafka_handle = NULL; rd_kafka_conf_t *rdkafka_conf = NULL; rd_kafka_topic_conf_t *topic_conf; struct tsg_log_instance_t *_instance=NULL; _instance=(struct tsg_log_instance_t *)calloc(1, sizeof(struct tsg_log_instance_t)); + + int thread_num=get_thread_count(); + _instance->drop_start=(struct timespec *)calloc(1, sizeof(struct timespec)*thread_num); + _instance->fs_status_ids=(int *)calloc(1, sizeof(int)*thread_num); + _instance->send_log_percent=(int *)calloc(1, sizeof(int)*thread_num); - MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(level), 30); - MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/tsglog"); + for(i=0;i<thread_num; i++) + { + _instance->send_log_percent[i]=100; + } - _instance->logger=MESA_create_runtime_log_handle(log_path, level); + MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30); + MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog"); + + _instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level); if(_instance->logger==NULL) { - printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", log_path, level); + printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", _instance->log_path, _instance->level); return NULL; } @@ -483,9 +522,16 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "TSG_LOG", "Disable tsg_send_log"); return _instance; } + + MESA_load_profile_int_def(conffile, "TSG_LOG", "RECOVERY_INTERVEL_S", &(_instance->recovery_interval), 30); + MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL); MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL); + MESA_load_profile_string_def(conffile, "TSG_LOG", "SEND_QUEUE_MAX_MESSAGE", _instance->send_queue_max_msg, sizeof(_instance->send_queue_max_msg), "1000000"); + MESA_load_profile_string_def(conffile, "TSG_LOG", "REFRESH_INTERVAL_MS", _instance->refresh_interval_ms, sizeof(_instance->refresh_interval_ms), "600000"); + MESA_load_profile_string_def(conffile, "TSG_LOG", "REQUIRE_ACK", _instance->require_ack, sizeof(_instance->require_ack), "1"); + MESA_load_profile_string_def(conffile, "TSG_LOG", "TCP_LABEL", _instance->tcp_label, sizeof(_instance->tcp_label), "tcp_flow_stat"); MESA_load_profile_string_def(conffile, "TSG_LOG", "UDP_LABEL", _instance->udp_label, sizeof(_instance->udp_label), "udp_flow_stat"); @@ -518,10 +564,10 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) inet_ntop(AF_INET,&(local_ip_nr),_instance->local_ip_str,sizeof(_instance->local_ip_str)); - rdkafka_conf = rd_kafka_conf_new(); - rd_kafka_conf_set(rdkafka_conf, "queue.buffering.max.messages", "1000000", kafka_errstr, sizeof(kafka_errstr)); - rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", "600000",kafka_errstr, sizeof(kafka_errstr)); - rd_kafka_conf_set(rdkafka_conf, "request.required.acks", "1", kafka_errstr, sizeof(kafka_errstr)); + rdkafka_conf = rd_kafka_conf_new(); + rd_kafka_conf_set(rdkafka_conf, "queue.buffering.max.messages", _instance->send_queue_max_msg, kafka_errstr, sizeof(kafka_errstr)); + rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", _instance->refresh_interval_ms, kafka_errstr, sizeof(kafka_errstr)); + rd_kafka_conf_set(rdkafka_conf, "request.required.acks", _instance->require_ack, kafka_errstr, sizeof(kafka_errstr)); if(!(kafka_handle=rd_kafka_new(RD_KAFKA_PRODUCER, rdkafka_conf, kafka_errstr, sizeof(kafka_errstr)))) { @@ -574,6 +620,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl int i=0,status=0; char *payload=NULL; int repeat_cnt=0; + struct timespec cur_time; int policy_id[MAX_RESULT_NUM]={0}; struct TLD_handle_t *_handle=handle; struct tsg_log_instance_t *_instance=instance; @@ -587,19 +634,50 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl if(_instance->mode==CLOSE) { - TLD_cancel(handle); + TLD_cancel(handle); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DROP_LOG], 0, FS_OP_ADD, 1); MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log."); return 0; } TLD_append_streaminfo(instance, handle, log_msg->a_stream); TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING); - TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_ID].name, (void *)(g_tsg_para.device_sn), TLD_TYPE_STRING); + if(strlen(g_tsg_para.device_sn)>0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_ID].name, (void *)(g_tsg_para.device_sn), TLD_TYPE_STRING); + } + if(strlen(g_tsg_para.data_center)>0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)(g_tsg_para.data_center), TLD_TYPE_STRING); + } + for(i=0;i<log_msg->result_num; i++) { if(is_multi_hit_same_policy(&(log_msg->result[i]), policy_id, &repeat_cnt)) { + MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, + "TSG_SEND_LOG", + "tsg same log:cfg_id=%d service=%d addr=%s", + log_msg->result[i].config_id, + log_msg->result[i].service_id, + (_instance->level<RLOG_LV_FATAL ? (log_msg->a_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "") + ); + continue; + } + + clock_gettime(CLOCK_REALTIME, &cur_time); + if((cur_time.tv_nsec%100)>_instance->send_log_percent[thread_id]) + { + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DROP_LOG], 0, FS_OP_ADD, 1); + MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, + "TSG_SEND_LOG", + "tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s", + log_msg->result[i].config_id, + log_msg->result[i].service_id, + _instance->send_log_percent[thread_id], + (_instance->level<RLOG_LV_FATAL ? (log_msg->a_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "") + ); continue; } @@ -607,11 +685,12 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl { case LOG_ABORT: MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, - "TSG_SEND_LOG", - "tsg abort log:cfg_id=%d service=%d addr=%s", - log_msg->result[i].config_id, - log_msg->result[i].service_id, - printaddr(&(log_msg->a_stream->addr), thread_id)); + "TSG_SEND_LOG", + "tsg abort log:cfg_id=%d service=%d addr=%s", + log_msg->result[i].config_id, + log_msg->result[i].service_id, + (_instance->level<RLOG_LV_FATAL ? (log_msg->a_stream==NULL ? "" : printaddr(&(log_msg->a_stream->addr), thread_id)) : "") + ); continue; break; @@ -638,14 +717,36 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl if(status < 0) { - MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", + clock_gettime(CLOCK_REALTIME, &cur_time); + if(cur_time.tv_sec - _instance->drop_start[thread_id].tv_sec>=1) + { + _instance->send_log_percent[thread_id]/=2; + clock_gettime(CLOCK_REALTIME, &_instance->drop_start[thread_id]); + FS_operate(g_tsg_para.fs2_handle, _instance->fs_status_ids[thread_id], 0, FS_OP_SET, _instance->send_log_percent[thread_id]); + } + + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_FAILED_LOG], 0, FS_OP_ADD, 1); + + MESA_handle_runtime_log(_instance->logger, + RLOG_LV_INFO, + "TSG_SEND_LOG", "tsg_send_log to kafka is error, status: %d, topic: %s payload: %s", - status, _instance->service2topic[log_msg->result[i].service_id].name, payload); + status, + _instance->service2topic[log_msg->result[i].service_id].name, + payload + ); } else { - MESA_handle_runtime_log(_instance->logger,RLOG_LV_INFO, "TSG_SEND_LOG", - "log send successfully %s: %s", _instance->service2topic[log_msg->result[i].service_id].name, payload); + MESA_handle_runtime_log(_instance->logger, + RLOG_LV_DEBUG, + "TSG_SEND_LOG", + "log send successfully %s: %s", + _instance->service2topic[log_msg->result[i].service_id].name, + payload + ); + FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SUCCESS_LOG], 0, FS_OP_ADD, 1); + FS_operate(g_tsg_para.fs2_handle, _instance->fs_status_ids[thread_id], 0, FS_OP_SET, _instance->send_log_percent[thread_id]); } free(payload); @@ -655,12 +756,21 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SUB_ACTION].name); - - FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_LOG], 0, FS_OP_ADD, 1); } TLD_cancel(handle); + if(_instance->send_log_percent[thread_id]<100) + { + clock_gettime(CLOCK_REALTIME, &cur_time); + if(cur_time.tv_sec - _instance->drop_start[thread_id].tv_sec>=_instance->recovery_interval) + { + _instance->send_log_percent[thread_id]++; + _instance->drop_start[thread_id].tv_sec=cur_time.tv_sec; + FS_operate(g_tsg_para.fs2_handle, _instance->fs_status_ids[thread_id], 0, FS_OP_SET, _instance->send_log_percent[thread_id]); + } + } + return 0; } diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index 93dff80..0cc43b4 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -3,6 +3,8 @@ #include <librdkafka/rdkafka.h> #include <MESA/cJSON.h> +#include <time.h> + #define MAX_IPV4_LEN 16 @@ -66,6 +68,8 @@ typedef enum _tsg_log_field_id LOG_COMMON_CLINET_LOCATION, LOG_COMMON_SERVER_LOCATION, LOG_QUIC_SNI, + LOG_SSL_JA3_FINGERPRINT, + LOG_COMMON_DATA_CENTER, LOG_COMMON_MAX }tsg_log_field_id_t; @@ -85,19 +89,28 @@ struct TLD_handle_t struct tsg_log_instance_t { int mode; - int max_service; + int level; + int max_service; + int recovery_interval; int internal_project_id; int tcp_flow_project_id; int udp_flow_project_id; - void *logger; + int *send_log_percent; + int *fs_status_ids; + struct timespec *drop_start; + char log_path[MAX_STRING_LEN*2]; char tcp_label[MAX_STRING_LEN]; char udp_label[MAX_STRING_LEN]; char common_field_file[MAX_STRING_LEN*4]; char broker_list[MAX_STRING_LEN*4]; + char send_queue_max_msg[MAX_STRING_LEN]; + char require_ack[MAX_STRING_LEN]; + char refresh_interval_ms[MAX_STRING_LEN]; char local_ip_str[MAX_IPV4_LEN]; id2field_t id2field[LOG_COMMON_MAX]; rd_kafka_topic_t **topic_rkt; - id2field_t *service2topic; + id2field_t *service2topic; + void *logger; }; char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id); diff --git a/src/tsg_ssh_utils.cpp b/src/tsg_ssh_utils.cpp new file mode 100644 index 0000000..fc0c136 --- /dev/null +++ b/src/tsg_ssh_utils.cpp @@ -0,0 +1,21 @@ +#include <stdio.h> +#include <stdlib.h> +#include "tsg_ssh_utils.h" + + +#define SSH_PROTOCOL_FIELD "SSH" +#define SSH_PROTOCOL_FIELD_LEN 3 + + +int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp) +{ + if(buff == NULL || buff_len < SSH_PROTOCOL_FIELD_LEN) + { + return -1; + } + if(memcmp((void *)buff,SSH_PROTOCOL_FIELD, SSH_PROTOCOL_FIELD_LEN) == 0) + return 1; + else + return 0; +} + diff --git a/src/tsg_ssh_utils.h b/src/tsg_ssh_utils.h new file mode 100644 index 0000000..9ff8705 --- /dev/null +++ b/src/tsg_ssh_utils.h @@ -0,0 +1,7 @@ +#ifndef __TSG_SSH_UTILS_H__ +#define __TSG_SSH_UTILS_H__ +#include <string.h> +#include <MESA/MESA_handle_logger.h> +int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp); + +#endif diff --git a/src/tsg_statistic.cpp b/src/tsg_statistic.cpp index 5fb2b22..38dce15 100644 --- a/src/tsg_statistic.cpp +++ b/src/tsg_statistic.cpp @@ -245,15 +245,45 @@ static void *tsg_statistic_thread(void *arg) value=0; total_value=0; - sapp_get_platform_opt(SPO_TCP_STREAM_NEW, (void *)&value, &value_len); + sapp_get_platform_opt(SPO_TCP_STREAM_NEW, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_NEW_CON_NUM], FS_OP_SET, value); + total_value+=value; + + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_TCP_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_TCP_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_BYTES], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_TCP_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_TCP_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_BYTES], FS_OP_SET, value); + value=0; - sapp_get_platform_opt(SPO_UDP_STREAM_NEW, (void *)&value, &value_len); + sapp_get_platform_opt(SPO_UDP_STREAM_NEW, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_NEW_CON_NUM], FS_OP_SET, value); + total_value+=value; FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_NEW_CON_NUM], FS_OP_SET, total_value); - total_traffic_info.con_num+=total_value; + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_UDP_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_UDP_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_BYTES], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_UDP_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_UDP_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_BYTES], FS_OP_SET, value); + value_len=sizeof(total_traffic_info.in_bytes); sapp_get_platform_opt(SPO_TOTAL_INBOUND_BYTE, (void *)&total_traffic_info.in_bytes, &value_len); value_len=sizeof(total_traffic_info.in_packets); @@ -275,6 +305,32 @@ static void *tsg_statistic_thread(void *arg) FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_MAYBE_PINNING_NUM], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_MAYBE]); FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_NOT_PINNING_NUM], FS_OP_SET, g_tsg_statis_para.statistic_opt[OPT_TYPE_PINNING_NOT]); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV4_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV4_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_BYTES], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV4_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV4_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_BYTES], FS_OP_SET, value); + + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV6_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_INBOUND_IPV6_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_BYTES], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV6_PKT, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_PACKETS], FS_OP_SET, value); + value=0; + sapp_get_platform_opt(SPO_TOTAL_RCV_OUTBOUND_IPV6_BYTE, (void *)&value, &value_len); + FS_operate(g_tsg_statis_para.fs2_handle, g_tsg_statis_para.fs_line_id, g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_BYTES], FS_OP_SET, value); + FS_passive_output(g_tsg_statis_para.fs2_handle); sleep(g_tsg_statis_para.cycle); @@ -370,6 +426,28 @@ int tsg_statistic_init(const char *conffile, void *logger) g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_in_packets"); g_tsg_statis_para.fs_field_id[STATIS_INTERCEPT_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"intercept_out_packets"); + g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_in_packets"); + g_tsg_statis_para.fs_field_id[STATIS_IPV4_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_in_bytes"); + g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_out_packets"); + g_tsg_statis_para.fs_field_id[STATIS_IPV4_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv4_out_bytes"); + + g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_in_packets"); + g_tsg_statis_para.fs_field_id[STATIS_IPV6_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_in_bytes"); + g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_out_packets"); + g_tsg_statis_para.fs_field_id[STATIS_IPV6_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"ipv6_out_bytes"); + + g_tsg_statis_para.fs_field_id[STATIS_TCP_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_conn_num"); + g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_in_packets"); + g_tsg_statis_para.fs_field_id[STATIS_TCP_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_in_bytes"); + g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_out_packets"); + g_tsg_statis_para.fs_field_id[STATIS_TCP_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"tcp_out_bytes"); + + g_tsg_statis_para.fs_field_id[STATIS_UDP_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_conn_num"); + g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_in_packets"); + g_tsg_statis_para.fs_field_id[STATIS_UDP_IN_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_in_bytes"); + g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_PACKETS]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_out_packets"); + g_tsg_statis_para.fs_field_id[STATIS_UDP_OUT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"udp_out_bytes"); + g_tsg_statis_para.fs_field_id[STATIS_ALERT_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"alert_bytes"); g_tsg_statis_para.fs_field_id[STATIS_BLOCK_BYTES]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"block_bytes"); g_tsg_statis_para.fs_field_id[STATIS_PINNING_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"pinning_num"); diff --git a/src/version.map b/src/version.map index a232a31..f569c5f 100644 --- a/src/version.map +++ b/src/version.map @@ -7,6 +7,7 @@ global: *tsg_pull_policy_result*; *tsg_*; *TLD_*; + *GIT*; }; local: *; }; |