diff options
| author | 刘学利 <[email protected]> | 2023-02-09 07:14:55 +0000 |
|---|---|---|
| committer | 刘学利 <[email protected]> | 2023-02-09 07:14:55 +0000 |
| commit | 1332eedb94c7f26d17f2bdb919f7d3eb290124b8 (patch) | |
| tree | dc30bb48545dfb3df117d718b3fd7b93c70fb7f1 | |
| parent | 6756fcdf7a96cc56f3fb54241e5f3088ef2f162d (diff) | |
TSG-13584: Firewall的安全日志依赖session record日志,修复TRAFFIC_SHAPING_PROFILE表是否生效字段编号定义错误,使用cppcheck进行代码检查v5.10.1
47 files changed, 1454 insertions, 2055 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 666e385..eb7c574 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaatframe-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel stages: +- analysis - build - test - package @@ -45,6 +46,54 @@ stages: tags: - share +run_cppcheck_for_centos7: + stage: analysis + image: $BUILD_IMAGE_CENTOS7 + script: + - mkdir build || true + - cd build + - cmake3 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .. + - cppcheck --project=compile_commands.json + --enable=all + --error-exitcode=1 + --suppress=unusedFunction + --suppress=missingInclude + --suppress=uselessAssignmentPtrArg + --suppress=unreachableCode + --suppress=internalAstError + --suppress=unmatchedSuppression + --suppress=memleakOnRealloc + --suppress=internalAstError + --suppress=unmatchedSuppression + --suppress=redundantAssignment + --suppress=constParameter + tags: + - share + +run_cppcheck_for_centos8: + stage: analysis + image: $BUILD_IMAGE_CENTOS8 + script: + - mkdir build || true + - cd build + - cmake3 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .. + - cppcheck --project=compile_commands.json + --enable=all + --error-exitcode=1 + --suppress=unusedFunction + --suppress=missingInclude + --suppress=uselessAssignmentPtrArg + --suppress=unreachableCode + --suppress=internalAstError + --suppress=unmatchedSuppression + --suppress=memleakOnRealloc + --suppress=internalAstError + --suppress=unmatchedSuppression + --suppress=redundantAssignment + --suppress=constParameter + tags: + - share + run_test_for_centos7: stage: test extends: .build_by_travis_for_centos7 @@ -53,9 +102,7 @@ run_test_for_centos7: - ./ci/travis.sh - cd build - make test - - cd testing - - ./gtest_rule - - ./gtest_master + - ctest --verbose run_test_for_centos8: stage: test @@ -65,9 +112,7 @@ run_test_for_centos8: - ./ci/travis.sh - cd build - make test - - cd testing - - ./gtest_rule - - ./gtest_master + - ctest --verbose branch_build_debug_for_centos7: stage: build diff --git a/CMakeLists.txt b/CMakeLists.txt index 9944579..c480e23 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,6 +14,29 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g") include_directories(${PROJECT_SOURCE_DIR}/inc/) include_directories(/opt/MESA/include/) +#for cppcheck +find_program(CMAKE_CXX_CPPCHECK NAMES cppcheck) +if (CMAKE_CXX_CPPCHECK) + list( + APPEND CMAKE_CXX_CPPCHECK + "--enable=all" + "--error-exitcode=1" + "--suppress=unreachableCode" + "--suppress=unusedFunction" + "--suppress=missingInclude" + "--suppress=uselessAssignmentPtrArg" + "--suppress=unmatchedSuppression" + "--suppress=internalAstError" + "--suppress=unmatchedSuppression" + "--suppress=memleakOnRealloc" + "--suppress=redundantAssignment" + "--suppress=constParameter" + ) + set(CMAKE_C_CPPCHECK ${CMAKE_CXX_CPPCHECK}) +else() + message(FATAL_ERROR "Could not find the program cppcheck.") +endif() + #for ASAN set(ASAN_OPTION "OFF" CACHE STRING " set asan type chosen by the user, using OFF as default") set_property(CACHE ASAN_OPTION PROPERTY STRINGS OFF ADDRESS THREAD) diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index dd9fa64..e73a70a 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -93,4 +93,4 @@ 79 TSG_SECURITY_TUNNEL virtual TSG_OBJ_TUNNEL_ID -- 80 TSG_OBJ_FLAG flag -- 81 TSG_SECURITY_FLAG virtual TSG_OBJ_FLAG -- -82 TRAFFIC_SHAPING_PROFILE plugin {"key":1,"valid":8}
\ No newline at end of file +82 TRAFFIC_SHAPING_PROFILE plugin {"key":1,"valid":7}
\ No newline at end of file diff --git a/ctest/CMakeLists.txt b/ctest/CMakeLists.txt index ba5a437..1179b3b 100644 --- a/ctest/CMakeLists.txt +++ b/ctest/CMakeLists.txt @@ -11,7 +11,9 @@ add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/ add_test(NAME COPY_GTEST_MAAT_RULE COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/gtest_maat.json ${CMAKE_BINARY_DIR}/testing/tsgconf/tsg_maat.json") add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/") -add_test(NAME COPY_GTEST_MASTER COMMAND sh -c "cp -r ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/") +add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/") -add_test(NAME FAKE_TEST COMMAND sh -c "pwd") +set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing) +add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR}) +add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR}) diff --git a/inc/tsg_label.h b/inc/tsg_label.h index 03258e7..bcd401b 100644 --- a/inc/tsg_label.h +++ b/inc/tsg_label.h @@ -7,7 +7,6 @@ #define MAX_VLAN_ID_NUM 32 #define MAX_RESULT_NUM 8 -#define MAX_DOMAIN_LEN 2048 typedef enum _tsg_protocol { diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 42f3542..6e5853c 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -8,6 +8,10 @@ #define TSG_DOMAIN_MAX 256 #define MAX_APP_ID_PROPERTY_LEN 128 +#ifndef MAX_DOMAIN_LEN +#define MAX_DOMAIN_LEN 2048 +#endif + #define TSG_ACTION_NONE 0x00 #define TSG_ACTION_MONITOR 0x01 #define TSG_ACTION_INTERCEPT 0x02 @@ -90,5 +94,6 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq); int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); +int tsg_notify_hited_security_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq); #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 57058f5..2efdb3b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8) add_definitions(-fPIC) -set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp) +set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp) include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index e9edde6..7d75494 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -125,14 +125,13 @@ static int get_http_header(char *buff, int len, int code, char *user_define) static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void *out) { - int i=0,ret=0; int tcp_opt_num=0; struct tcp_option *tcp_opt=NULL; - ret=MESA_get_stream_opt(a_stream, MSO_TCP_SYN_OPT, (void *)&tcp_opt, &tcp_opt_num); + int ret=MESA_get_stream_opt(a_stream, MSO_TCP_SYN_OPT, (void *)&tcp_opt, &tcp_opt_num); if(ret>0) { - for(i=0; i<tcp_opt_num; i++) + for(int i=0; i<tcp_opt_num; i++) { if(tcp_opt[i].type!=type) { @@ -156,8 +155,6 @@ static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void static void template_generate(const struct streaminfo *a_stream, int status_code, int policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq) { - int used_len=0; - char *tmp_buff=NULL; std::string page_output, msg_output; ctemplate::Template *tpl=NULL; ctemplate::TemplateDictionary dict("pg_page_dict"); //dict is automatically finalized after function returned. @@ -173,8 +170,8 @@ static void template_generate(const struct streaminfo *a_stream, int status_code tpl_message->Expand(&msg_output, &dict_msg); - used_len=msg_output.length(); - tmp_buff=(char *)dictator_malloc(a_stream->threadnum, (used_len+1)*sizeof(char)); + int used_len=msg_output.length(); + char *tmp_buff=(char *)dictator_malloc(a_stream->threadnum, (used_len+1)*sizeof(char)); memcpy(tmp_buff, msg_output.c_str(), used_len); tmp_buff[used_len]='\0'; @@ -537,18 +534,16 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol) { - int ret=0,opt_value=0; - struct rst_tcp_para rst_paras={0}; - if(a_stream->type==STREAM_TYPE_TCP) { + struct rst_tcp_para rst_paras={0}; rst_paras.rst_pkt_num=g_tsg_para.reset.pkt_num; rst_paras.signature_seed1=g_tsg_para.reset.seed1; rst_paras.signature_seed2=g_tsg_para.reset.seed2; rst_paras.th_flags=g_tsg_para.reset.th_flags; rst_paras.__pad_no_use=0; rst_paras.dir=g_tsg_para.reset.dir; - ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras)); + int ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras)); if(ret<0) { MESA_handle_runtime_log(g_tsg_para.logger, @@ -564,7 +559,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul if(g_tsg_para.reset.remedy==1) { - opt_value=1; + int opt_value=1; MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value)); } @@ -597,12 +592,12 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru return STATE_DROPME|STATE_DROPPKT; } - struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context * _context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(_context==NULL) { _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); _context->method_type=TSG_METHOD_TYPE_TAMPER; _context->tamper_count = 0; } @@ -695,7 +690,6 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region) { char *payload=NULL; - unsigned char raw_route_dir=0; switch(user_region->deny->code) { @@ -711,7 +705,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa if(payload!=NULL) { - raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; + unsigned char raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload), raw_route_dir); } diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp new file mode 100644 index 0000000..2b2d06d --- /dev/null +++ b/src/tsg_bridge.cpp @@ -0,0 +1,188 @@ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <MESA/MESA_prof_load.h> +#include <MESA/MESA_handle_logger.h> + +#include "tsg_bridge.h" +#include "tsg_variable.h" + +extern int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); +extern int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data); + +void free_context_label(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + struct master_context *context=(struct master_context *)data; + if(context!=NULL) + { + if(context->domain!=NULL) + { + dictator_free(a_stream->threadnum, (void *)context->domain); + context->domain=NULL; + } + + if(context->quic_ua!=NULL) + { + dictator_free(a_stream->threadnum, (void *)context->quic_ua); + context->quic_ua=NULL; + } + + if(context->mid!=NULL) + { + Maat_clean_status(&context->mid); + context->mid=NULL; + } + + dictator_free(a_stream->threadnum, (void *)context); + context=NULL; + } + + data=NULL; + + return ; +} + +void free_tcpall_label(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + if(data!=NULL) + { + struct tcpall_context *context=(struct tcpall_context *)data; + if(context->para!=NULL) + { + switch(context->method_type) + { + case TSG_METHOD_TYPE_RATE_LIMIT: + destroy_bucket(&(context->bucket), a_stream->threadnum); + break; + default: + break; + } + } + + dictator_free(a_stream->threadnum, data); + data=NULL; + } + + return ; +} + +void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data) +{ + if(data!=NULL) + { + dictator_free(stream->threadnum, data); + data=NULL; + } +} + +void free_policy_label(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + if(data!=NULL) + { + struct policy_priority_label *priority_label=(struct policy_priority_label *)data; + if(priority_label->para!=NULL) + { + dictator_free(a_stream->threadnum, priority_label->para); + priority_label->para=NULL; + } + dictator_free(a_stream->threadnum, data); + data=NULL; + } +} + +void free_gather_app_result(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + if(data!=NULL) + { + dictator_free(a_stream->threadnum, data); + data=NULL; + } +} + +int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data) +{ + if(a_stream==NULL || bridge_id<0) + { + return 0; + } + + int ret=stream_bridge_async_data_put(a_stream, bridge_id, data); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE", "Add project failed, bridge_id: %d addr: %s", bridge_id, PRINTADDR(a_stream, g_tsg_para.level)); + return 0; + } + + return 1; +} + +void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id) +{ + if(a_stream!=NULL || bridge_id>=0) + { + return stream_bridge_async_data_get(a_stream, bridge_id); + } + + return NULL; +} + +int tsg_init_bridge(const char *conffile) +{ + MESA_load_profile_string_def(conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE"); + g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].sync_cb=app_identify_result_cb; + + MESA_load_profile_string_def(conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); + MESA_load_profile_string_def(conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); + + MESA_load_profile_string_def(conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].name, MAX_BRIDGE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA"); + g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].sync_cb=session_flags_identify_result_cb; + + MESA_load_profile_string_def(conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].name, MAX_BRIDGE_NAME_LEN, "NOTIFY_SHAPING_RESULT"); + g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].free_cb=free_shaping_result; + + MESA_load_profile_string_def(conffile, "SYSTEM", "DATA_CONTEXT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_DATA_CONTEXT"); + g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].free_cb=free_context_label; + + MESA_load_profile_string_def(conffile, "SYSTEM", "ALL_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_ALL_CONTEXT"); + g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].free_cb=free_tcpall_label; + + MESA_load_profile_string_def(conffile, "SYSTEM", "GATHER_APP_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].name, MAX_BRIDGE_NAME_LEN, "GATHER_APP_IDENTIFY_RESULT"); + g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].free_cb=free_gather_app_result; + + MESA_load_profile_string_def(conffile, "SYSTEM", "POLICY_PRIORITY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].name, MAX_BRIDGE_NAME_LEN, "TSG_POLICY_PRIORITY"); + g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].free_cb=free_policy_label; + + for(int i=0; i<BRIDGE_TYPE_MAX; i++) + { + g_tsg_para.bridge[i].id=stream_bridge_build(g_tsg_para.bridge[i].name, "w"); + if(g_tsg_para.bridge[i].id<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge[i].name); + return -1; + } + + if(g_tsg_para.bridge[i].sync_cb) + { + int ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge[i].id, g_tsg_para.bridge[i].sync_cb); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE_SYNC_CB", "Register callback failed, bridge_name: %d", g_tsg_para.bridge[i].name); + return -1; + } + } + + if(g_tsg_para.bridge[i].free_cb) + { + int ret=stream_bridge_register_data_free_cb(g_tsg_para.bridge[i].id, g_tsg_para.bridge[i].free_cb); + if(ret<0) + { + MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE_FREE_CB", "Register async free callback failed, bridge_name: %d", g_tsg_para.bridge[i].name); + return -1; + } + } + } + + return 0; +} + diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h new file mode 100644 index 0000000..9371ecf --- /dev/null +++ b/src/tsg_bridge.h @@ -0,0 +1,130 @@ +#pragma once + +#include <MESA/stream.h> +#include <MESA/Maat_rule.h> + +#include "tsg_rule.h" +#include "app_label.h" +#include "tsg_leaky_bucket.h" + +#ifndef MAX_BRIDGE_NAME_LEN +#define MAX_BRIDGE_NAME_LEN 64 +#endif + +enum BRIDGE_TYPE +{ + BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0, + BRIDGE_TYPE_RECV_CONN_SKETCH_DATA, + BRIDGE_TYPE_APP_IDENTIFY_RESULT, + BRIDGE_TYPE_NOTIFY_FLAGS, + BRIDGE_TYPE_NOTIFY_SHAPING_RESULT, //sync and async + BRIDGE_TYPE_DATA_CONTEXT, //async + BRIDGE_TYPE_ALL_CONTEXT, //async + BRIDGE_TYPE_GATHER_APP_RESULT, //async + BRIDGE_TYPE_POLICY_PRIORITY, //async + BRIDGE_TYPE_MAX +}; + +struct app_attributes +{ + unsigned int app_id; + unsigned int surrogate_id; + unsigned int packet_sequence; +}; + +struct gather_app_result +{ + int app_num; + enum APP_IDENTIFY_ORIGIN origin; + struct app_attributes attributes[MAX_APP_ID_NUM]; +}; + +struct policy_priority_label +{ + tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) + int domain_len; + int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h) + int security_result_num; + union + { + char *http_url; + char *quic_ua; + void *para; + }; + char domain[MAX_DOMAIN_LEN]; + struct Maat_rule_t security_result[MAX_RESULT_NUM]; +}; + +struct hited_app_para +{ + int hited_app_id; + int after_n_packets; +}; + +struct master_context +{ + unsigned char is_esni; + unsigned char is_hited_allow; + unsigned char deal_pkt_num; + unsigned char is_app_link; + unsigned char sync_cb_state; + unsigned short timeout; + tsg_protocol_t proto; + int hited_app_id; // only app + unsigned int quic_version; + unsigned long session_flag; + char *domain; + union + { + char *http_url; + char *quic_ua; + void *para; + }; + scan_status_t mid; + struct hited_app_para hited_para; // l7 protocol and app + long long last_scan_time; +}; + +struct tcpall_context +{ + char udp_data_dropme; + char set_latency_flag; + char direction; + char padding[5]; + enum TSG_METHOD_TYPE method_type; + tsg_protocol_t protocol; + union + { + struct leaky_bucket *bucket; + long tamper_count; + int default_policy_after_n_packets; + struct hited_app_para hited_para; + void *para; + }; +}; + +struct udp_context +{ + struct master_context *data_entry; + struct tcpall_context *all_entry; +}; + +struct bridge_info +{ + int id; + char name[MAX_BRIDGE_NAME_LEN]; + stream_bridge_free_cb_t *free_cb; + stream_bridge_sync_cb_t *sync_cb; +}; + +int tsg_init_bridge(const char *conffile); + +void free_context_label(const struct streaminfo *stream, int bridge_id, void *data); +void free_tcpall_label(const struct streaminfo *stream, int bridge_id, void *data); +void free_policy_label(const struct streaminfo *stream, int bridge_id, void *data); +void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data); +void free_gather_app_result(const struct streaminfo *stream, int bridge_id, void *data); + +void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id); +int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data); + diff --git a/src/tsg_dns.cpp b/src/tsg_dns.cpp index af331c7..5f52262 100644 --- a/src/tsg_dns.cpp +++ b/src/tsg_dns.cpp @@ -34,9 +34,8 @@ static int record_hton_uint32(char *payload, unsigned int value) return 4; } -static int compress_domain_record(unsigned char *domain, int domain_len, u_char *result) +static int compress_domain_record(const unsigned char *domain, int domain_len, u_char *result) { - int section_len = 0; int result_pos = 1; int domain_pos = 0; @@ -45,9 +44,9 @@ static int compress_domain_record(unsigned char *domain, int domain_len, u_char return -1; } - while((domain[domain_pos] != '\n')||(domain[domain_pos] != '\0')) + while((domain[domain_pos] != '\n') && (domain[domain_pos] != '\0')) { - section_len = 0; + int section_len = 0; while((domain[domain_pos] != '.') &&(domain[domain_pos] != '\n')&&(domain[domain_pos] != '\0')) { result[result_pos] = domain[domain_pos]; @@ -122,26 +121,26 @@ int dns_set_response_question(char *payload, int payload_len, dns_query_question int dns_set_response_records(char *payload, int payload_len, struct dns_record_val *record_val, int record_val_num, int max_ttl, int min_ttl) { - int i=0,ttl=0,used_len=0; + int used_len=0; unsigned short compress_len=0; unsigned char compress_name[DNS_MAX_NAME+1]={0}; - for(i=0; i<record_val_num; i++) + for(int i=0; i<record_val_num; i++) { used_len+=record_hton_uint16(payload+used_len, (unsigned short)0xc00c); used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].answer_type));//type used_len+=record_hton_uint16(payload+used_len, (unsigned short)1); //class - ttl=random_integer(max_ttl, min_ttl)+min_ttl; + int ttl=random_integer(max_ttl, min_ttl)+min_ttl; used_len+=record_hton_uint32(payload+used_len, (unsigned int)ttl);//ttl switch(record_val[i].answer_type) { - case DNS_TYPE_A: + case DNS_TYPE_A: used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len used_len+=record_set_uint32(payload+used_len, (unsigned int)(record_val[i].v4_addr.s_addr)); //IPv4 break; - case DNS_TYPE_AAAA: + case DNS_TYPE_AAAA: used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len memcpy(payload+used_len, record_val[i].v6_addr.s6_addr, record_val[i].len); //IPv6 used_len+=record_val[i].len; @@ -191,22 +190,21 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans { return 0; } - - char profile_id[128]={0}; - int idx=0, used_len=0, record_num=0; - struct dns_profile_records *profile_records=NULL; + + int used_len=0; if(answer_records->record_val.selected_flag==1) - { + { + char profile_id[128]={0}; snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id); - profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id); + struct dns_profile_records *profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id); if(profile_records==NULL) { return 0; } - record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num); - idx=random_integer(profile_records->record_num, record_num); + int record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num); + int idx=random_integer(profile_records->record_num, record_num); used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl); (*answer_record_num)+=record_num; diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index a29442b..35312a7 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -50,17 +50,11 @@ static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL; } #endif -struct session_record_ctx -{ - struct TLD_handle_t *log; - tsg_protocol_t proto_type; -}; - char TSG_MASTER_VERSION_20200805 = 0; const char *tsg_conffile="tsgconf/main.conf"; g_tsg_para_t g_tsg_para; -id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, +struct id2field g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, {0, TSG_FS2_UDP_LINKS, "udp_links"}, {0, TSG_FS2_BYPASS, "bypass"}, {0, TSG_FS2_HIT_ADDR, "hit_addr"}, @@ -111,7 +105,7 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"} }; -id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, +struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, {PROTO_IPv4, 0, "IPV4"}, {PROTO_IPv6, 0, "IPV6"}, {PROTO_TCP, 0, "TCP"}, @@ -140,6 +134,75 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, #define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1 +static int init_page_template(const char *conffile) +{ + char page_path[256]; + memset(page_path, 0, sizeof(page_path)); + MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE403", page_path, sizeof(page_path), "./tsgconf/HTTP403.html"); + g_tsg_para.tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); + + memset(page_path, 0, sizeof(page_path)); + MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE404", page_path, sizeof(page_path), "./tsgconf/HTTP404.html"); + g_tsg_para.tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); + + memset(page_path, 0, sizeof(page_path)); + MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE200", page_path, sizeof(page_path), "./tsgconf/HTTP200.html"); + g_tsg_para.tpl_200 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); + + memset(page_path, 0, sizeof(page_path)); + MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE204", page_path, sizeof(page_path), "./tsgconf/HTTP204.html"); + g_tsg_para.tpl_204 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); + + return 0; +} + +static int init_fs2_handle(const char *conffile) +{ + int value=0,cycle=0; + int output_prometheus=0; + unsigned short fs_server_port=0; + char app_name[128]={0}; + char fs_server_ip[MAX_IPV4_LEN]={0}; + char fs_output_path[128]={0}; + + MESA_load_profile_int_def(conffile, "FIELD_STAT", "CYCLE", &cycle, 30); + MESA_load_profile_short_nodef(conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); + MESA_load_profile_string_nodef(conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); + MESA_load_profile_string_def(conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); + MESA_load_profile_string_def(conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); + MESA_load_profile_int_def(conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1); + + g_tsg_para.fs2_handle=FS_create_handle(); + + value=1;//Rewrite + FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); + value=1;//Do not create stat thread + FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); + + FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); + FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); + FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); + + value=1; + FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); + + if(fs_server_port > 0 && strlen(fs_server_ip) > 0) + { + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); + FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); + } + + value=FS_OUTPUT_INFLUX_LINE; + FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value)); + + for(int i=0; i<TSG_FS2_MAX; i++) + { + g_tsg_para.fs2_field_id[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_tsg_fs2_field[i].name); + } + + return 0; +} + static int init_context(void **pme, int thread_seq) { *pme=dictator_malloc(thread_seq, sizeof(struct master_context)); @@ -150,17 +213,16 @@ static int init_context(void **pme, int thread_seq) static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len) { - int ret=0,flags=0; - char buff[4096]={0}; - cJSON *object=NULL; + int flags=0; FILE *fp=fopen(filename, "rb"); if(fp) { - ret=fread(buff, sizeof(buff), 1, fp); + char buff[4096]={0}; + int ret=fread(buff, sizeof(buff), 1, fp); if(ret<(int)sizeof(buff)) { - object=cJSON_Parse(buff); + cJSON *object=cJSON_Parse(buff); if(object) { cJSON *item=cJSON_GetObjectItem(object, "sn"); @@ -336,36 +398,6 @@ static int print_hit_path(const struct streaminfo *a_stream, struct master_conte return 1; } -static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt) -{ - int i=0; - - for(i=0; i<hit_cnt; i++) - { - if(result[i].action==TSG_ACTION_BYPASS || result[i].action==TSG_ACTION_INTERCEPT || result[i].action==TSG_ACTION_DENY) - { - return 0; - } - } - - return 1; -} - -static int is_hited_allow(struct Maat_rule_t *result, int hit_cnt) -{ - int i=0; - - for(i=0; i<hit_cnt; i++) - { - if(result[i].action==TSG_ACTION_BYPASS) - { - return 1; - } - } - - return 0; -} - static int is_dns_protocol(const struct streaminfo *a_stream) { struct stream_tuple4_v4 *tpl4 = NULL; @@ -427,36 +459,6 @@ static int is_deny_application(Maat_rule_t *p_result) return ret; } -static int is_alone_business(tsg_protocol_t proto, unsigned int hited_app_id) -{ - unsigned int l7_proto_id=0; - switch(proto) - { - case PROTO_HTTP: - case PROTO_MAIL: - case PROTO_DNS: - case PROTO_FTP: - case PROTO_SSL: - case PROTO_SIP: - case PROTO_QUIC: - case PROTO_SMTP: - case PROTO_IMAP: - case PROTO_POP3: - case PROTO_RTP: - case PROTO_DTLS: - l7_proto_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[proto].name); - if(l7_proto_id==hited_app_id) - { - return 1; - } - break; - default: - break; - } - - return 0; -} - long long get_current_time_ms(void) { int size=sizeof(long long); @@ -466,38 +468,6 @@ long long get_current_time_ms(void) return current_time_ms; } -int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data) -{ - if(a_stream==NULL || project_id<0) - { - return 0; - } - - int ret=project_req_add_struct((struct streaminfo *)a_stream, project_id, data); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT", - "Add project failed, project_id: %d addr: %s", - project_id, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return 0; - } - - return 1; -} - -const void *get_struct_project(const struct streaminfo *a_stream, int project_id) -{ - if(a_stream==NULL || project_id<0) - { - return NULL; - } - - return project_req_get_struct(a_stream, project_id); -} static int get_table_id(tsg_protocol_t protocol) { switch(protocol) @@ -643,7 +613,7 @@ int set_hited_app_id(const struct streaminfo *a_stream, unsigned int hited_app_i { struct gather_app_result *gather_result=NULL; - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); if(gather_result==NULL) { return 0; @@ -657,6 +627,7 @@ int set_hited_app_id(const struct streaminfo *a_stream, unsigned int hited_app_i return 1; } +#if 0 static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct master_context *context, int thread_seq) { tsg_log_t log_msg; @@ -677,20 +648,20 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t log_msg.result=p_result; log_msg.result_num=result_num; - if(p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0) + if(p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id>=0) { switch(proto) { case PROTO_SSH: case PROTO_RDP: case PROTO_STRATUM: - notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]); + notify=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id); if (notify != NULL && notify->pdata.TLD_handle!=NULL && (notify->protocol== PROTO_SSH || notify->protocol== PROTO_STRATUM || notify->protocol== PROTO_RDP)) { TLD_handle = TLD_duplicate(notify->pdata.TLD_handle); if (TLD_handle!=NULL) { - tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); + tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq); return 1; } @@ -788,14 +759,12 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t return 1; } - +#endif static int tsg_proto_name2flag(char *proto_list, int *flag) { - int i=0; - char *s=NULL,*e=NULL; - - s=proto_list; + char *e=NULL; + char *s=proto_list; while(s) { e=index(s, ';'); @@ -804,7 +773,7 @@ static int tsg_proto_name2flag(char *proto_list, int *flag) break; } - for(i=0; i< PROTO_MAX; i++) + for(int i=0; i< PROTO_MAX; i++) { if((strncasecmp(s, g_tsg_proto_name2id[i].name, e-s))==0) { @@ -813,107 +782,12 @@ static int tsg_proto_name2flag(char *proto_list, int *flag) } } - s=e+1; + s=e+1; } return 0; } -static void free_context_label(int thread_seq, void *project_req_value) -{ - struct master_context *context=(struct master_context *)project_req_value; - if(context!=NULL) - { - if(context->domain!=NULL) - { - dictator_free(thread_seq, (void *)context->domain); - context->domain=NULL; - } - - if(context->quic_ua!=NULL) - { - dictator_free(thread_seq, (void *)context->quic_ua); - context->quic_ua=NULL; - } - - if(context->result!=NULL) - { - dictator_free(thread_seq, (void *)context->result); - context->result=NULL; - } - - if(context->mid!=NULL) - { - Maat_clean_status(&context->mid); - context->mid=NULL; - } - - dictator_free(thread_seq, (void *)context); - context=NULL; - } - - project_req_value=NULL; - - return ; -} - -static void free_tcpall_label(int thread_seq, void *project_req_value) -{ - if(project_req_value!=NULL) - { - struct tcpall_context *context=(struct tcpall_context *)project_req_value; - if(context->para!=NULL) - { - switch(context->method_type) - { - case TSG_METHOD_TYPE_RATE_LIMIT: - destroy_bucket(&(context->bucket), thread_seq); - break; - default: - break; - } - } - - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } - - return ; -} - -void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data) -{ - if(data!=NULL) - { - dictator_free(stream->threadnum, data); - data=NULL; - } -} - -void free_policy_label(int thread_seq, void *project_req_value) -{ - if(project_req_value!=NULL) - { - struct policy_priority_label *priority_label=(struct policy_priority_label *)project_req_value; - if(priority_label->para!=NULL) - { - dictator_free(thread_seq, priority_label->para); - priority_label->para=NULL; - } - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - -void free_gather_app_result(int thread_seq, void *project_req_value) -{ - if(project_req_value!=NULL) - { - dictator_free(thread_seq, project_req_value); - project_req_value=NULL; - } -} - static char *malloc_copy_string(char *origin, int length, int thread_seq) { if(length<=0 && origin==NULL) @@ -928,127 +802,6 @@ static char *malloc_copy_string(char *origin, int length, int thread_seq) return dest; } -static void copy_monitor_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int result_num, int thread_seq) -{ - int i=0; - - if(context->result==NULL) - { - context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)*MAX_RESULT_NUM); - - for(i=0; i<result_num && p_result[i].action!=TSG_ACTION_INTERCEPT && context->hit_cnt<MAX_RESULT_NUM; i++) // SSL Decryption Exclusion - { - memcpy(context->result+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t)); - context->hit_cnt+=1; - } - } - else - { - if(context->result[0].action==TSG_ACTION_MONITOR) - { - for(i=0; i<result_num && p_result[i].action!=TSG_ACTION_INTERCEPT && context->hit_cnt<MAX_RESULT_NUM; i++) // SSL Decryption Exclusion - { - memcpy(context->result+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t)); - context->hit_cnt+=1; - } - } - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "MONITOR", - "Hit monitor policy, policy_id: %d service: %d action: %d addr: %s", - p_result[0].config_id, - p_result[0].service_id, - (unsigned char)p_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - -} - -static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq) -{ - if(context->result==NULL) - { - context->hit_cnt=1; - context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)); - - memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); - } - else - { - if(context->result[0].action==TSG_ACTION_BYPASS) - { - if(p_result->config_id>context->result[0].config_id) - { - context->hit_cnt=1; - memcpy(&(context->result[0]), p_result, sizeof(struct Maat_rule_t)); - } - } - else // hit monitor - { - context->hit_cnt=1; - memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); - } - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "ALLOW", - "Hit allow policy, policy_id: %d service: %d action: %d addr: %s", - p_result[0].config_id, - p_result[0].service_id, - (unsigned char)p_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ; -} - -static void copy_deny_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq) -{ - if(context->result==NULL) - { - context->hit_cnt=1; - context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)); - - memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); - } - else - { - if(context->result[0].action==TSG_ACTION_BYPASS) - { - return ; - } - - if(context->result[0].action==TSG_ACTION_DENY) - { - if(p_result->config_id>context->result[0].config_id) - { - context->hit_cnt=1; - memcpy(&(context->result[0]), p_result, sizeof(struct Maat_rule_t)); - } - } - else // hit monitor - { - context->hit_cnt=1; - memcpy(context->result, p_result, sizeof(struct Maat_rule_t)); - } - } - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "DENY", - "Hit deny policy, policy_id: %d service: %d action: %d addr: %s", - p_result[0].config_id, - p_result[0].service_id, - (unsigned char)p_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - - return ; -} - int copy_app_result(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence) { if(identify_result->app_id_num<=gather_result->app_num) @@ -1069,14 +822,17 @@ int copy_app_result(struct gather_app_result *gather_result, struct app_identify return 0; } -static int l7_protocol_mapper(const char *filename) +static int l7_protocol_mapper(const char *conffile) { int ret=0; FILE *fp=NULL; char line[1024]={0}; char type_name[32]={0}; + char filename[128]={0}; struct l7_protocol *protocol=NULL; + MESA_load_profile_string_def(conffile, "SYSTEM", "L7_PROTOCOL_FILE", filename, sizeof(filename), "./tsgconf/tsg_l7_protocol.conf"); + fp=fopen(filename, "r"); if(fp==NULL) { @@ -1094,7 +850,7 @@ static int l7_protocol_mapper(const char *filename) } protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol)); - ret=sscanf(line, "%s %s %d", type_name, protocol->name, &protocol->id); + ret=sscanf(line, "%31s %31s %d", type_name, protocol->name, &protocol->id); assert(ret==3); HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol); @@ -1136,12 +892,10 @@ unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) static int set_l7_protocol_to_pme(struct master_context *context, unsigned int app_id) { - int i=0; - char *l7_protocol_name=NULL; - l7_protocol_name=tsg_l7_protocol_id2name(app_id); + char *l7_protocol_name=tsg_l7_protocol_id2name(app_id); if(l7_protocol_name!=NULL) { - for(i=PROTO_HTTP; i<PROTO_MAX; i++) + for(int i=PROTO_HTTP; i<PROTO_MAX; i++) { if((strcasecmp(g_tsg_proto_name2id[i].name, l7_protocol_name))==0) { @@ -1158,13 +912,11 @@ static int set_l7_protocol_to_pme(struct master_context *context, unsigned int a int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq) { - int ret=0; - scan_status_t mid=NULL; - Maat_rule_t tmp_result; - if(domain!=NULL) { - ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq); + scan_status_t mid=NULL; + struct Maat_rule_t tmp_result; + int ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq); if(mid!=NULL) { Maat_clean_status(&mid); @@ -1223,7 +975,7 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol { struct gather_app_result *gather_result=NULL; - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); if(gather_result!=NULL) { return 0; @@ -1231,7 +983,7 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX); memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX); - set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result); int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name); if(app_id>0) @@ -1248,12 +1000,12 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol int set_after_n_packet_to_tcpall(const struct streaminfo *a_stream, int after_n_packets, int thread_seq) { - struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(_context==NULL) { _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); } _context->hited_para.after_n_packets=after_n_packets; @@ -1263,12 +1015,12 @@ int set_after_n_packet_to_tcpall(const struct streaminfo *a_stream, int after_n_ int set_hited_app_id_to_tcpall(const struct streaminfo *a_stream, int hited_app_id, int thread_seq) { - struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(_context==NULL) { _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); } _context->hited_para.hited_app_id=hited_app_id; @@ -1278,12 +1030,12 @@ int set_hited_app_id_to_tcpall(const struct streaminfo *a_stream, int hited_app_ int set_protocol_to_tcpall(const struct streaminfo *a_stream, tsg_protocol_t protocol, int thread_seq) { - struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(_context==NULL) { _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); } _context->protocol=protocol; @@ -1293,12 +1045,12 @@ int set_protocol_to_tcpall(const struct streaminfo *a_stream, tsg_protocol_t pro int set_method_to_tcpall(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq) { - struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(_context==NULL) { _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); } switch(_context->method_type) @@ -1318,18 +1070,18 @@ int set_method_to_tcpall(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE int set_bucket_to_tcpall(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq) { - struct tcpall_context *_context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context *_context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(_context==NULL) { _context=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); - set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context); } switch(_context->method_type) { case TSG_METHOD_TYPE_RATE_LIMIT: - return 1; + return 1; break; case TSG_METHOD_TYPE_DEFAULT: case TSG_METHOD_TYPE_UNKNOWN: @@ -1347,7 +1099,7 @@ int set_bucket_to_tcpall(const struct streaminfo *a_stream, struct leaky_bucket char get_direction_from_tcpall(const struct streaminfo *a_stream) { - struct tcpall_context *context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); + struct tcpall_context *context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(context!=NULL) { return context->direction; @@ -1356,20 +1108,6 @@ char get_direction_from_tcpall(const struct streaminfo *a_stream) return -1; } -int get_shaping_result(struct Maat_rule_t *hit_result, int hit_num, struct Maat_rule_t *shaping_result, int shaping_result_num) -{ - int shaping_cnt=0; - for(int i=0; i<hit_num; i++) - { - if(hit_result[i].action==TSG_ACTION_SHAPING && shaping_cnt<shaping_result_num) - { - memcpy(&shaping_result[shaping_cnt++], &hit_result[i], sizeof(struct Maat_rule_t)); - } - } - - return shaping_cnt; -} - static void set_shaping_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_seq) { if(p_result==NULL || p_result_num==0) @@ -1377,10 +1115,10 @@ static void set_shaping_result_to_project(const struct streaminfo *a_stream, str return ; } - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get((struct streaminfo *)a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); if(shaping_label==NULL) { - shaping_label=(struct notify_shaping_policy *)dictator_malloc(thread_seq, sizeof(struct notify_shaping_policy)); + shaping_label=(struct notify_shaping_policy *)dictator_malloc(thread_seq, sizeof(struct notify_shaping_policy)); memset(shaping_label, 0, sizeof(struct notify_shaping_policy)); } @@ -1408,13 +1146,13 @@ static void set_shaping_result_to_project(const struct streaminfo *a_stream, str struct notify_shaping_policy sync_result={0, {0}}; sync_result.shaping_result_num=inc_result_num; memcpy(sync_result.shaping_result, inc_result, inc_result_num*sizeof(struct Maat_rule_t)); - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)&sync_result); + stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)&sync_result); shaping_label->shaping_result_num+=inc_result_num; - int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); if(ret<0) { - free_shaping_result(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); + free_shaping_result(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); return ; } } @@ -1425,86 +1163,91 @@ int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Ma return 0; } - -static void set_security_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq) +int set_log_field_to_project(const struct streaminfo * a_stream, char *domain, void *para, tsg_protocol_t proto, int thread_seq) { - if(p_result==NULL || p_result_num==0) + struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + if(priority_label==NULL) { - return ; + priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); + memset(priority_label, 0, sizeof(struct policy_priority_label)); + + int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); + if(ret<0) + { + free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); + } } - struct policy_priority_label *priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); - if(priority_label==NULL) + priority_label->proto=proto; + if(domain!=NULL) { - priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); - memset(priority_label, 0, sizeof(struct policy_priority_label)); + priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(domain)); + memcpy(priority_label->domain, domain, priority_label->domain_len); } - else + + if(para!=NULL) { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "DUP_HIT_POLICY", - "Hit policy, domain: %s policy_id: %d action: %d addr: %s", - (context->domain!=NULL ? context->domain : ""), - p_result->config_id, - (unsigned char)p_result->action, - PRINTADDR(a_stream, g_tsg_para.level) - ); + int length=strlen((const char*)para); + priority_label->para=dictator_malloc(thread_seq,length+1); + memcpy(priority_label->para, para, length); + ((char *)priority_label->para)[length]='\0'; } - priority_label->proto=context->proto; - if(context->domain!=NULL) + return 0; +} + +static void set_security_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq) +{ + if(p_result==NULL || p_result_num==0) { - priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(context->domain)); - memcpy(priority_label->domain, context->domain, priority_label->domain_len); + return ; } - if(context->para!=NULL) + struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + if(priority_label==NULL) { - int length=strlen(context->http_url); - priority_label->para=dictator_malloc(thread_seq,length+1); - memcpy(priority_label->para, context->para, length); - ((char *)priority_label->para)[length]='\0'; + priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); + memset(priority_label, 0, sizeof(struct policy_priority_label)); + + int ret=tsg_set_xxx_to_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); + if(ret<0) + { + free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); + } } - if(priority_label->security_result_num<=0 || (priority_label->security_result[0].action < p_result->action)) + if(priority_label->security_result_num>0 && priority_label->security_result[0].action!=p_result[0].action) { - priority_label->security_result_num=1; - priority_label->result_type=result_type; - memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t)); } - int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); - if(ret<0) + int num=MIN(MAX_RESULT_NUM-priority_label->security_result_num, p_result_num); + for(int i=0; i<num; i++) { - free_policy_label(thread_seq, (void *)priority_label); - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT_ADD", - "Add policy_priority_label failed, policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s", - (context->domain!=NULL ? context->domain : ""), - (context->para!=NULL ? context->http_url : ""), - priority_label->security_result[0].config_id, - (unsigned char)priority_label->security_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return ; + int repeat_result=0; + for(int j=0; j<priority_label->security_result_num; j++) + { + if(p_result[i].config_id==priority_label->security_result[j].config_id) + { + repeat_result=1; + break; + } + } + + if(repeat_result==0) + { + memcpy(&(priority_label->security_result[priority_label->security_result_num++]), &(p_result[i]), sizeof(struct Maat_rule_t)); + } } - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - "COPY_RESULT", - "Hit policy, domain: %s para(url/ua): %s policy_id: %d action: %d addr: %s", - (context->domain!=NULL ? context->domain : ""), - (context->para!=NULL ? context->http_url : ""), - priority_label->security_result[0].config_id, - (unsigned char)priority_label->security_result[0].action, - PRINTADDR(a_stream, g_tsg_para.level) - ); - return ; } +int tsg_notify_hited_security_result(const struct streaminfo * a_stream, struct Maat_rule_t * p_result, int p_result_num, int thread_seq) +{ + set_security_result_to_project(a_stream, p_result, p_result_num, PULL_FW_RESULT, thread_seq); + return 0; +} + void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) { @@ -1525,15 +1268,6 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT { dictator_free(thread_seq, (void *)attribute_label); attribute_label=NULL; - - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "PROJECT_ADD", - "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s", - attribute_label->establish_latency_ms, - attribute_label->proto, - PRINTADDR(a_stream, g_tsg_para.level) - ); return ; } } @@ -1639,14 +1373,12 @@ static char set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thr int tsg_set_device_id_to_telegraf(char *device_sn) { - char buff[128]={0}; - FILE *fp=NULL; - if(device_sn) { - fp=fopen("/etc/default/telegraf", "wb"); + FILE *fp=fopen("/etc/default/telegraf", "wb"); if(fp) { + char buff[128]={0}; snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn); fwrite(buff, strlen(buff), 1, fp); fclose(fp); @@ -1735,11 +1467,6 @@ struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result for(i=0; i<result_num; i++) { - if((unsigned char)result[i].action==TSG_ACTION_SHAPING) - { - continue; - } - if(p_result==NULL) { p_result=&result[i]; @@ -1766,7 +1493,7 @@ struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result static int identify_application_protocol(const struct streaminfo *a_stream, struct master_context *context, void *a_packet) { - int ret=0, length=0; + int ret=0; switch(a_stream->type) { @@ -1779,7 +1506,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru { context->proto=PROTO_HTTP; - length=http_get_filed_result(parser_result, HTTP_HOST, &host); + int length=http_get_filed_result(parser_result, HTTP_HOST, &host); context->domain=malloc_copy_string(host, length, a_stream->threadnum); length=http_get_filed_result(parser_result, HTTP_MESSAGE_URL, &url); context->http_url=malloc_copy_string(url, length, a_stream->threadnum); @@ -1935,11 +1662,11 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru if (g_tsg_para.proto_flag&(1<<PROTO_DTLS)) //DTLS { - char sni_buff[512] = {0}; - int sni_len = 512; bool is_dtls = dtls_identifyStream((streaminfo *)a_stream); if (is_dtls) { + char sni_buff[512]={0}; + int sni_len=sizeof(sni_buff); context->proto = PROTO_DTLS; ret = dtls_parse_sni((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, sni_buff, sni_len); if (ret == 0 && strlen(sni_buff) > 0) @@ -1949,7 +1676,6 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru } } } - break; default: break; @@ -1975,7 +1701,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct for(i=0; i< identify_result->app_num; i++) { - snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->attributes[i].app_id); + snprintf(app_id_buff, sizeof(app_id_buff), "%u", identify_result->attributes[i].app_id); dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); if(dict!=NULL) { @@ -2033,11 +1759,9 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct return hit_num; } -static int master_deal_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int hit_num) +static int master_deal_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *shaping_result, int shaping_result_num) { //get shaping rule - struct Maat_rule_t shaping_result[hit_num]; - int shaping_result_num=get_shaping_result(result, hit_num, shaping_result, hit_num); set_shaping_result_to_project(a_stream, shaping_result, shaping_result_num, a_stream->threadnum); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1); @@ -2048,10 +1772,13 @@ static int master_deal_shaping_result(const struct streaminfo *a_stream, struct static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet) { - Maat_rule_t *p_result=NULL; + struct Maat_rule_t *p_result=NULL; unsigned char state=APP_STATE_GIVEME; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; + struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; - p_result=tsg_policy_decision_criteria(result, hit_num); + int security_result_num=tsg_fetch_hited_security_result(result, hit_num, security_result, MAX_RESULT_NUM); + p_result=tsg_policy_decision_criteria(security_result, hit_num); if(p_result!=NULL) { print_hit_path(a_stream, context); @@ -2075,8 +1802,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER)) { - copy_deny_result(a_stream, context, p_result, a_stream->threadnum); - set_security_result_to_project(a_stream, context, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); + set_security_result_to_project(a_stream, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", @@ -2086,19 +1812,20 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, (unsigned char)p_result->action, PRINTADDR(a_stream, g_tsg_para.level) ); - } + } + set_security_result_to_project(a_stream, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); break; case TSG_ACTION_MONITOR: if(context->proto==PROTO_RTP) { break; } - copy_monitor_result(a_stream, context, result, hit_num, a_stream->threadnum); tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum); + set_security_result_to_project(a_stream, security_result, security_result_num, PULL_FW_RESULT, a_stream->threadnum); break; case TSG_ACTION_BYPASS: - copy_bypass_result(a_stream, context, p_result, a_stream->threadnum); - set_security_result_to_project(a_stream, context, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); + context->is_hited_allow=1; + set_security_result_to_project(a_stream, p_result, 1, PULL_FW_RESULT, a_stream->threadnum); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; @@ -2111,7 +1838,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, break; } - set_security_result_to_project(a_stream, context, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum); + set_security_result_to_project(a_stream, p_result, 1, PULL_KNI_RESULT, a_stream->threadnum); FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); state=APP_STATE_DROPME|APP_STATE_KILL_OTHER; @@ -2120,23 +1847,24 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, default: break; } + + set_log_field_to_project(a_stream, context->domain, context->para, context->proto, a_stream->threadnum); } - if(state==APP_STATE_GIVEME) - { - master_deal_shaping_result(a_stream, result, hit_num); + int shaping_result_num=tsg_fetch_hited_shaping_result(result, hit_num, shaping_result, MAX_RESULT_NUM); + if(state==APP_STATE_GIVEME && shaping_result_num>0) + { + master_deal_shaping_result(a_stream, shaping_result, shaping_result_num); } return state; } -static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) +int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { - int hit_num=0,app_id=-1; - int is_parent_ssl=0; struct master_context *context=NULL; struct gather_app_result *gather_result=NULL; - struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL; + struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}; struct app_identify_result *identify_result=(struct app_identify_result *)data; if(data==NULL) @@ -2144,19 +1872,19 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_ return 0; } - context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); + context=(struct master_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id); if(context==NULL) { init_context((void **)(&context), a_stream->threadnum); - set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id, (void *)context); } - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); if(gather_result==NULL) { gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX); memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX); - set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result); } switch(identify_result->origin) @@ -2180,17 +1908,6 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_ { set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]); } - - app_id=identify_result->app_id[identify_result->app_id_num-1]; - if(app_id==(int)tsg_l7_protocol_name2id("SMTPS") || - app_id==(int)tsg_l7_protocol_name2id("IMAPS") || - app_id==(int)tsg_l7_protocol_name2id("POP3S") || - app_id==(int)tsg_l7_protocol_name2id("FTPS") || - app_id==(int)tsg_l7_protocol_name2id("HTTPS") - ) - { - is_parent_ssl=1; - } break; case ORIGIN_UNKNOWN: context->is_app_link=FLAG_TRUE; @@ -2208,18 +1925,13 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_ } context->last_scan_time=get_current_time_ms(); - hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, &(gather_result[identify_result->origin]), a_stream->threadnum); - p_result=tsg_policy_decision_criteria(scan_result, hit_num); - if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1) || is_alone_business(context->proto, context->hited_para.hited_app_id)) - { - return 0; - } + int hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, &(gather_result[identify_result->origin]), a_stream->threadnum); context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL); return 0; } -static int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) +int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { if(data==NULL) { @@ -2229,11 +1941,11 @@ static int session_flags_identify_result_cb(const struct streaminfo *a_stream, i struct master_context *context=NULL; struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}; - context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); + context=(struct master_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id); if(context==NULL) { init_context((void **)(&context), a_stream->threadnum); - set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id, (void *)context); } context->session_flag=*(unsigned long *)(data); @@ -2249,12 +1961,9 @@ static int session_flags_identify_result_cb(const struct streaminfo *a_stream, i static int deal_pending_state(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int result_num, void *a_packet) { - int i=0,table_id=0; - int ret=0,hit_num=0; - unsigned int protocol_id=0; - struct gather_app_result *gather_result=NULL; + int hit_num=0; - ret=identify_application_protocol(a_stream, context, a_packet); + int ret=identify_application_protocol(a_stream, context, a_packet); if(ret==1) { set_l7_protocol_label(a_stream, context->proto); @@ -2265,12 +1974,12 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, 0, a_stream->threadnum); } - table_id=get_table_id(context->proto); + int table_id=get_table_id(context->proto); hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum); hit_num+=scan_fqdn_category_id(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum); if(context->is_esni) { - protocol_id=tsg_l7_protocol_name2id("ESNI"); + unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI"); hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, (char *)"ESNI", protocol_id, a_stream->threadnum); } @@ -2287,8 +1996,8 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1); } - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); - for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++) + struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); + for(int i=0; i<ORIGIN_MAX && gather_result!=NULL; i++) { if(i==ORIGIN_HITED_APP || i==ORIGIN_QM_ENGINE_L7) { @@ -2296,40 +2005,27 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c } hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), a_stream->threadnum); } - - - if((is_only_monitor(result, hit_num)) && - context->proto!=PROTO_UNKONWN && - context->proto!=PROTO_APP && - context->proto!=PROTO_SSH && - context->proto!=PROTO_STRATUM && - context->proto!=PROTO_RDP) // business deal action of monitor - { - hit_num=0; - } return hit_num; } - static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet) { - int i=0, ret=0, hit_num=0; + int i=0,ret=0,hit_num=0; unsigned char state=APP_STATE_GIVEME; - Maat_rule_t scan_result[MAX_RESULT_NUM]; - Maat_rule_t *p_result=NULL; + Maat_rule_t hited_result[MAX_RESULT_NUM]; struct gather_app_result *gather_result=NULL; struct master_context *context=(struct master_context *)*pme; struct app_identify_result unknown_result; if(*pme==NULL) { - context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); + context=(struct master_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id); if(context==NULL) { init_context(pme, thread_seq); context=(struct master_context *)*pme; - set_struct_project(a_stream, g_tsg_para.context_project_id, *pme); + tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].id, *pme); } else { @@ -2350,8 +2046,8 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1); } - hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet); - state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); + hit_num+=deal_pending_state(a_stream, context, hited_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet); + state=master_deal_scan_result(a_stream, context, hited_result, hit_num, a_packet); context->deal_pkt_num++; break; case OP_STATE_DATA: @@ -2362,10 +2058,10 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo unknown_result.origin=ORIGIN_UNKNOWN; unknown_result.app_id[0]=g_tsg_para.unknown_app_id; - app_identify_result_cb(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], (void *)&unknown_result); + app_identify_result_cb(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].id, (void *)&unknown_result); } - if(is_hited_allow(context->result, context->hit_cnt)) + if(context->is_hited_allow) { state=APP_STATE_KILL_OTHER|APP_STATE_GIVEME; break; @@ -2390,27 +2086,27 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo } context->last_scan_time=get_current_time_ms(); - ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, scan_result+hit_num, MAX_RESULT_NUM-hit_num); + ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, hited_result+hit_num, MAX_RESULT_NUM-hit_num); if(ret>0) { hit_num+=ret; } - gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id); + gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++) { if(i==ORIGIN_HITED_APP || i==ORIGIN_QM_ENGINE_L7) { continue; } - hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq); + hit_num+=scan_application_id_and_properties(a_stream, hited_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq); } if(context->session_flag>0) { hit_num+=tsg_scan_session_flags(g_tsg_maat_feather, a_stream, - scan_result+hit_num, + hited_result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, g_tsg_para.table_id[TABLE_SESSION_FLAGS], @@ -2419,11 +2115,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo ); } - p_result=tsg_policy_decision_criteria(scan_result, hit_num); - if(p_result!=NULL && p_result->action!=TSG_ACTION_MONITOR) - { - state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet); - } + state=master_deal_scan_result(a_stream, context, hited_result, hit_num, a_packet); break; default: break; @@ -2431,11 +2123,6 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME) { - if(context!=NULL && context->is_log==0 && context->hit_cnt>0 && context->result!=NULL) - { - context->is_log = 1; - master_send_log(a_stream, context->result, context->hit_cnt, context, thread_seq); - } *pme = NULL; } @@ -2444,13 +2131,15 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet) { - int ret=0,hit_num=0; + int ret=0; int eth_rawpkt_len=0; scan_status_t scan_mid=NULL; - struct Maat_rule_t *p_result=NULL; - unsigned char state=APP_STATE_GIVEME; - struct identify_info tmp_identify_info; + struct Maat_rule_t *p_result=NULL; + unsigned char state=APP_STATE_GIVEME; + struct identify_info tmp_identify_info; + struct Maat_rule_t hited_result[MAX_TSG_ALL_RESULT_NUM]={0}; struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; + struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; struct tcpall_context *all_context=(struct tcpall_context *)(*pme); if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW && !(all_context->udp_data_dropme)) @@ -2461,29 +2150,32 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns all_context->default_policy_after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); } - hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, security_result, MAX_RESULT_NUM); + int hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, hited_result, MAX_TSG_ALL_RESULT_NUM); if(hit_num>0) { - p_result=tsg_policy_decision_criteria(security_result, hit_num); + int security_result_num=tsg_fetch_hited_security_result(hited_result, hit_num, security_result, MAX_RESULT_NUM); + p_result=tsg_policy_decision_criteria(security_result, security_result_num); if(p_result!=NULL) { switch(p_result->action) { case TSG_ACTION_DENY: state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); - master_send_log(a_stream, p_result, 1, NULL, thread_seq); + set_security_result_to_project(a_stream, p_result, 1, PULL_FW_RESULT,thread_seq); break; case TSG_ACTION_MONITOR: tsg_notify_hited_monitor_result(a_stream, security_result, hit_num, thread_seq); + set_security_result_to_project(a_stream, security_result, security_result_num, PULL_FW_RESULT,thread_seq); break; default: break; } } - if(state==APP_STATE_GIVEME) + int shaping_result_num=tsg_fetch_hited_security_result(hited_result, hit_num, shaping_result, MAX_RESULT_NUM); + if(state==APP_STATE_GIVEME && shaping_result_num>0) { - master_deal_shaping_result(a_stream, security_result, hit_num); + master_deal_shaping_result(a_stream, shaping_result, shaping_result_num); } } @@ -2521,7 +2213,6 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns if(get_default_policy(g_tsg_para.default_compile_id, &security_result[0])) { state=tsg_deal_deny_action(a_stream, &security_result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet); - master_send_log(a_stream, &security_result[0], 1, NULL, thread_seq); } break; case TSG_METHOD_TYPE_DROP: @@ -2584,7 +2275,7 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo context->all_entry=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(context->all_entry, 0, sizeof(struct tcpall_context)); - set_struct_project(a_udp, g_tsg_para.tcpall_project_id, (void *)(context->all_entry)); + tsg_set_xxx_to_bridge(a_udp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)(context->all_entry)); context->all_entry->direction=get_direction(a_udp); } @@ -2620,12 +2311,12 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, if(*pme==NULL) { - *pme=(void *)get_struct_project(a_tcp, g_tsg_para.tcpall_project_id); + *pme=(void *)tsg_get_xxx_from_bridge(a_tcp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id); if(*pme==NULL) { *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); memset(*pme, 0, sizeof(struct tcpall_context)); - set_struct_project(a_tcp, g_tsg_para.tcpall_project_id, (void *)(*pme)); + tsg_set_xxx_to_bridge(a_tcp, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)(*pme)); } _context=(struct tcpall_context *)(*pme); @@ -2642,22 +2333,15 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, extern "C" int TSG_MASTER_INIT() { - int i=0,ret=0; - char buff[128]={0}; - int value=0,cycle=0; - int output_prometheus=0; - unsigned short fs_server_port=0; - char app_name[MAX_STRING_LEN]={0}; - char label_buff[MAX_STRING_LEN*4]={0}; - char fs_server_ip[MAX_IPV4_LEN]={0}; - char fs_output_path[MAX_STRING_LEN*4]={0}; - char device_sn_filename[MAX_STRING_LEN]={0}; - char identify_proto_name[MAX_STRING_LEN*4]={0}; + int ret=0; + char label_buff[128]={0}; + char device_sn_filename[128]={0}; + char identify_proto_name[256]={0}; memset(&g_tsg_para, 0, sizeof(g_tsg_para)); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "tsglog/tsg_master"); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "log/tsg_master"); g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level); if(g_tsg_para.logger==NULL) @@ -2673,7 +2357,7 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535); MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13); MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14); - MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE); + MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE); MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0); @@ -2716,14 +2400,6 @@ extern "C" int TSG_MASTER_INIT() { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf"); } - - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY"); - g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label); - if(g_tsg_para.priority_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); - return -1; - } MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL"); g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); @@ -2732,129 +2408,14 @@ extern "C" int TSG_MASTER_INIT() MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); } - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA"); - MESA_load_profile_string_def(tsg_conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_FLAGS],_MAX_TABLE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA"); - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT],_MAX_TABLE_NAME_LEN, "NOTIFY_SHAPING_RESULT"); - - for(i=0; i<BRIDGE_TYPE_MAX; i++) - { - g_tsg_para.bridge_id[i]=stream_bridge_build(g_tsg_para.bridge_name[i], "w"); - if(g_tsg_para.bridge_id[i]<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge_name[i]); - } - } - - ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], app_identify_result_cb); + ret=tsg_init_bridge(tsg_conffile); if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "APP_BRIDGE", - "Register callback failed, bridge_name: %d", - g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT] - ); - return -1; - } - - ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_FLAGS], session_flags_identify_result_cb); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "APP_BRIDGE", - "Register callback failed, bridge_name: %d", - g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_FLAGS] - ); - return -1; - } - - ret=stream_bridge_register_data_free_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], free_shaping_result); - if(ret<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_FATAL, - "APP_BRIDGE", - "Register async free callback failed, bridge_name: %d", - g_tsg_para.bridge_name[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT] - ); - return -1; - } - - g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label); - if(g_tsg_para.context_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "CONTEXT_LABEL", "project_producer_register is error, context label: %s","TSG_MASTER_CONTEXT"); - return -1; - } - - g_tsg_para.tcpall_project_id=project_producer_register("TSG_TCPALL_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_tcpall_label); - if(g_tsg_para.tcpall_project_id<0) - { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "CONTEXT_LABEL", "project_producer_register is error, context label: %s","TSG_TCPALL_CONTEXT"); - return -1; - } - - g_tsg_para.gather_app_project_id=project_producer_register("APP_IDENTIFY_RESULT", PROJECT_VAL_TYPE_STRUCT, free_gather_app_result); - if(g_tsg_para.gather_app_project_id<0) { - MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_IDENTIFY_RESULT", "project_producer_register is error, context label: %s","APP_IDENTIFY_RESULT"); return -1; } - char page_path[256]; - memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE403", page_path, sizeof(page_path), "./tsgconf/HTTP403.html"); - g_tsg_para.tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); - - memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE404", page_path, sizeof(page_path), "./tsgconf/HTTP404.html"); - g_tsg_para.tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); - - memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE200", page_path, sizeof(page_path), "./tsgconf/HTTP200.html"); - g_tsg_para.tpl_200 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); - - memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE204", page_path, sizeof(page_path), "./tsgconf/HTTP204.html"); - g_tsg_para.tpl_204 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); - - MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); - MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); - MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip)); - MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log"); - MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master"); - MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1); - - g_tsg_para.fs2_handle=FS_create_handle(); - - value=1;//Rewrite - FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value)); - value=1;//Do not create stat thread - FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value)); - - FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle)); - FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); - - value=1; - FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); - - if(fs_server_port > 0 && strlen(fs_server_ip) > 0) - { - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1); - FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); - } - - value=FS_OUTPUT_INFLUX_LINE; - FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value)); - - for(i=0; i<TSG_FS2_MAX; i++) - { - g_tsg_para.fs2_field_id[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_tsg_fs2_field[i].name); - } + init_page_template(tsg_conffile); + init_fs2_handle(tsg_conffile); ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger); if(ret<0) @@ -2870,9 +2431,9 @@ extern "C" int TSG_MASTER_INIT() return -1; } g_tsg_log_instance->session_attribute_project_id=g_tsg_para.session_attribute_project_id; - - FS_start(g_tsg_para.fs2_handle); + FS_start(g_tsg_para.fs2_handle); + ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger); if(ret<0) { @@ -2880,8 +2441,7 @@ extern "C" int TSG_MASTER_INIT() return -1; } - MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf"); - l7_protocol_mapper(buff); + l7_protocol_mapper(tsg_conffile); ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger); if(ret<0) diff --git a/src/tsg_entry.h b/src/tsg_entry.h index c1fd5a2..0418031 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -9,12 +9,13 @@ #include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
-#include <ctemplate/template.h>
#include "uthash.h"
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_label.h"
+#include "tsg_bridge.h"
+#include "tsg_variable.h"
#include "tsg_statistic.h"
#include "tsg_leaky_bucket.h"
#include "tsg_protocol_common.h"
@@ -33,14 +34,6 @@ typedef int atomic_t; #include <alsa/iatomic.h>
#endif
-#ifndef MIN
-#define MIN(a, b) (((a) < (b)) ? (a) : (b))
-#endif
-
-#ifndef PRINTADDR
-#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
-#endif
-
#ifndef FLAG_FALSE
#define FLAG_FALSE 0
#endif
@@ -52,112 +45,6 @@ typedef int atomic_t; #define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
-enum DEPLOY_MODE
-{
- DEPLOY_MODE_MIRROR,
- DEPLOY_MODE_INLINE,
- DEPLOY_MODE_TRANSPARENT,
- DEPLOY_MODE_MAX
-};
-
-enum MASTER_STATIC_TABLE{
- TABLE_SECURITY_COMPILE=0,
- TABLE_IP_ADDR,
- TABLE_SUBSCRIBER_ID,
- TABLE_APP_ID,
- TABLE_HTTP_HOST,
- TABLE_SSL_SNI,
- TABLE_EXCLUSION_SSL_SNI,
- TABLE_SRC_ASN,
- TABLE_DST_ASN,
- TABLE_SRC_LOCATION,
- TABLE_DST_LOCATION,
- TABLE_ASN_USER_DEFINED,
- TABLE_ASN_BUILT_IN,
- TABLE_LOCATION_USER_DEFINED,
- TABLE_LOCATION_BUILT_IN,
- TABLE_QUIC_SNI,
- TABLE_FQDN_CAT_ID,
- TABLE_FQDN_CAT_USER_DEFINED,
- TABLE_FQDN_CAT_BUILT_IN,
- TABLE_APP_ID_DICT,
- TABLE_SELECTOR_ID,
- TABLE_SELECTOR_PROPERTIES,
- TABLE_GTP_APN,
- TABLE_GTP_IMSI,
- TABLE_GTP_PHONE_NUMBER,
- TABLE_RESPONSE_PAGES,
- TABLE_DNS_PROFILE_RECORD,
- TABLE_PROFILE_MIRROR,
- TABLE_HTTP_URL,
- TABLE_DTLS_SNI,
- TABLE_TUNNEL_ID,
- TABLE_TUNNEL_CATALOG,
- TABLE_TUNNEL_ENDPOINT,
- TABLE_TUNNEL_LABEL,
- TABLE_SESSION_FLAGS,
- TABLE_MAX
-};
-
-enum MASTER_DYNAMIC_TABLE{
- DYN_TABLE_SUBSCRIBER_IP=0,
- DYN_TABLE_GTP_SIGNALING,
- DYN_TABLE_MAX
-};
-
-enum TSG_FS2_TYPE{
- TSG_FS2_TCP_LINKS=0,
- TSG_FS2_UDP_LINKS,
- TSG_FS2_BYPASS,
- TSG_FS2_HIT_ADDR,
- TSG_FS2_HIT_SHARE,
- TSG_FS2_INTERCEPT,
- TSG_FS2_SHAPING,
- TSG_FS2_EXCLUSION,
- TSG_FS2_APP_DPKT_RESULT,
- TSG_FS2_APP_Q_RESULT,
- TSG_FS2_APP_USER_RESULT,
- TSG_FS2_APP_BUILT_IN_RESULT,
- TSG_FS2_INJECT_PKT_SUCCESS,
- TSG_FS2_INJECT_PKT_FAILED,
- TSG_FS2_MIRRORED_PKT_SUCCESS,
- TSG_FS2_MIRRORED_BYTE_SUCCESS,
- TSG_FS2_MIRRORED_PKT_FAILED,
- TSG_FS2_MIRRORED_BYTE_FAILED,
- TSG_FS2_SET_TIMOUT_SUCCESS,
- TSG_FS2_SET_TIMOUT_FAILED,
- TSG_FS2_SUCESS_TAMPER,
- TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
- TSG_FS2_TAMPER_FAILED_NOSWAP,
- TSG_FS2_ASN_ADD,
- TSG_FS2_ASN_DEL,
- TSG_FS2_GTPC_ADD,
- TSG_FS2_GTPC_DEL,
- TSG_FS2_LOCATION_ADD,
- TSG_FS2_LOCATION_DEL,
- TSG_FS2_FQDN_ADD,
- TSG_FS2_FQDN_DEL,
- TSG_FS2_SUBSCRIBER_ADD,
- TSG_FS2_SUBSCRIBER_DEL,
- TSG_FS2_SECURIRY_ADD,
- TSG_FS2_SECURIRY_DEL,
- TSG_FS2_MIRRORED_ADD,
- TSG_FS2_MIRRORED_DEL,
- TSG_FS2_HTTP_RES_ADD,
- TSG_FS2_HTTP_RES_DEL,
- TSG_FS2_DNS_RES_ADD,
- TSG_FS2_DNS_RES_DEL,
- TSG_FS2_APP_ID_ADD,
- TSG_FS2_APP_ID_DEL,
- TSG_FS2_TUNNEL_CATALOG_ADD,
- TSG_FS2_TUNNEL_CATALOG_DEL,
- TSG_FS2_TUNNEL_ENDPOINT_ADD,
- TSG_FS2_TUNNEL_ENDPOINT_DEL,
- TSG_FS2_TUNNEL_LABEL_ADD,
- TSG_FS2_TUNNEL_LABEL_DEL,
- TSG_FS2_MAX
-};
-
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
@@ -179,37 +66,6 @@ enum HTTP_RESPONSE_FORMAT HTTP_RESPONSE_FORMAT_HTML
};
-enum BRIDGE_TYPE
-{
- BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
- BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
- BRIDGE_TYPE_APP_IDENTIFY_RESULT,
- BRIDGE_TYPE_NOTIFY_FLAGS,
- BRIDGE_TYPE_NOTIFY_SHAPING_RESULT,
- BRIDGE_TYPE_MAX
-};
-
-struct _str2index
-{
- int index;
- int len;
- char *type;
-};
-
-struct app_attributes
-{
- unsigned int app_id;
- unsigned int surrogate_id;
- unsigned int packet_sequence;
-};
-
-struct gather_app_result
-{
- int app_num;
- enum APP_IDENTIFY_ORIGIN origin;
- struct app_attributes attributes[MAX_APP_ID_NUM];
-};
-
struct l7_protocol
{
int id; /* first key */
@@ -218,22 +74,6 @@ struct l7_protocol UT_hash_handle hh2; /* handle for second hash table */
};
-struct policy_priority_label
-{
- tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h)
- int domain_len;
- int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h)
- int security_result_num;
- union
- {
- char *http_url;
- char *quic_ua;
- void *para;
- };
- char domain[MAX_DOMAIN_LEN];
- Maat_rule_t security_result[MAX_RESULT_NUM];
-};
-
struct fqdn_category
{
int ref_cnt;
@@ -269,130 +109,6 @@ struct app_id_dict struct deny_user_region deny_app_para;
};
-struct hited_app_para
-{
- int hited_app_id;
- int after_n_packets;
-};
-
-struct master_context
-{
- unsigned char is_esni;
- unsigned char is_log;
- unsigned char deal_pkt_num;
- unsigned char is_app_link;
- unsigned char sync_cb_state;
- unsigned short timeout;
- tsg_protocol_t proto;
- int hit_cnt;
- int hited_app_id; // only app
- unsigned int quic_version;
- unsigned long session_flag;
- char *domain;
- union
- {
- char *http_url;
- char *quic_ua;
- void *para;
- };
- scan_status_t mid;
- struct Maat_rule_t *result;
- struct hited_app_para hited_para; // l7 protocol and app
- long long last_scan_time;
-};
-
-struct tcpall_context
-{
- char udp_data_dropme;
- char set_latency_flag;
- char direction;
- char padding[5];
- enum TSG_METHOD_TYPE method_type;
- tsg_protocol_t protocol;
- union
- {
- struct leaky_bucket *bucket;
- long tamper_count;
- int default_policy_after_n_packets;
- struct hited_app_para hited_para;
- void *para;
- };
-};
-
-struct udp_context
-{
- struct master_context *data_entry;
- struct tcpall_context *all_entry;
-};
-
-struct reset_argv
-{
- int pkt_num;
- int seed1;
- int seed2;
- int th_flags;
- int dir;
- int remedy;
-};
-
-#define _MAX_TABLE_NAME_LEN 64
-typedef struct tsg_para
-{
- int level;
- short mirror_switch;
- unsigned short timeout;
- int dynamic_maat_switch;
- int location_field_num;
- int app_dict_field_num;
- int device_seq_in_dc;
- int datacenter_id;
- int scan_signaling_switch;
- int hash_timeout;
- int hash_slot_size;
- int hash_thread_safe;
- int feature_tamper;
- enum DEPLOY_MODE deploy_mode;
- int scan_time_interval;
- int identify_app_max_pkt_num;
- int unknown_app_id;
- int hit_path_switch;
- int default_compile_id;
- int table_id[TABLE_MAX];
- int dyn_table_id[DYN_TABLE_MAX];
- int priority_project_id;
- int shaping_project_id;
- int session_attribute_project_id;
- int context_project_id;
- int tcpall_project_id;
- int gather_app_project_id;
- int bridge_id[BRIDGE_TYPE_MAX];
- int proto_flag; //tsg_protocol_t
- int fs2_field_id[TSG_FS2_MAX];
- char device_sn[MAX_DOMAIN_LEN/8];
- char log_path[MAX_DOMAIN_LEN/8];
- char device_id_command[MAX_DOMAIN_LEN/8];
- char data_center[_MAX_TABLE_NAME_LEN];
- char device_tag[MAX_DOMAIN_LEN/2];
- char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
- char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
- char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
- void *logger;
- void *maat_logger;
- struct reset_argv reset;
- struct mirrored_vlan default_vlan;
- screen_stat_handle_t fs2_handle;
- struct l7_protocol *name_by_id;
- struct l7_protocol *id_by_name;
- struct traffic_mirror *mirror_handle;
- ctemplate::Template *tpl_403,*tpl_404;
- ctemplate::Template *tpl_200,*tpl_204;
- ctemplate::Template *tpl_303;
-}g_tsg_para_t;
-
-extern g_tsg_para_t g_tsg_para;
-extern Maat_feather_t g_tsg_dynamic_maat_feather;
-extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
-
typedef enum tsg_statis_field_id
{
STATIS_UNKNOWN=0,
@@ -483,9 +199,6 @@ void tsg_statistic_destroy(void); int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
-int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
-const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
-
long long get_current_time_ms(void);
//parent_app_name.app_name
@@ -521,7 +234,6 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
-void free_policy_label(int thread_seq, void *project_req_value);
int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
@@ -532,4 +244,8 @@ int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_ int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned long flag, int thread_seq);
+int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
+int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
+
+
#endif
diff --git a/src/tsg_gtp_signaling.cpp b/src/tsg_gtp_signaling.cpp index a6f9d79..40a6482 100644 --- a/src/tsg_gtp_signaling.cpp +++ b/src/tsg_gtp_signaling.cpp @@ -35,7 +35,7 @@ static int is_gtp_tunnel(const struct streaminfo *a_stream) static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink, unsigned int *downlink) { - const struct streaminfo *p=a_stream, *q=a_stream->pfather; + const struct streaminfo *p=a_stream; while(p) { @@ -47,8 +47,7 @@ static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink, return 1; } - p=q; - q=q->pfather; + p=p->pfather; } return 0; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index e9b336d..a56e13d 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -30,10 +30,17 @@ enum kni_scan_table{ SCAN_TABLE_MAX }; +struct str2index +{ + int index; + int len; + char *type; +}; + const char *g_kni_scan_table_name[SCAN_TABLE_MAX]; int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0}; -extern id2field_t g_tsg_proto_name2id[PROTO_MAX]; -const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"}, +extern struct id2field g_tsg_proto_name2id[PROTO_MAX]; +const struct str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"}, {TSG_METHOD_TYPE_DROP, 4, (char *)"drop"}, {TSG_METHOD_TYPE_REDIRECTION, 8, (char *)"redirect"}, {TSG_METHOD_TYPE_BLOCK, 5, (char *)"block"}, @@ -63,8 +70,7 @@ static char* tsg_strdup(const char* s) unsigned short get_redis_port(char *redis_port_range) { - int i=0,ret=0; - int idx=0,port_num=0; + int port_num=0; int range_len=0,used_len=0; char buf[256]={0}; unsigned short s_port=0,e_port=0; @@ -109,11 +115,11 @@ unsigned short get_redis_port(char *redis_port_range) } else { - ret=sscanf(buf, "%hu-%hu", &s_port, &e_port); + int ret=sscanf(buf, "%hu-%hu", &s_port, &e_port); assert(ret==2); } - for(i=s_port; i<=e_port && port_num<32; i++) + for(int i=s_port; i<=e_port && port_num<32; i++) { redis_port[port_num++]=i; } @@ -125,7 +131,7 @@ unsigned short get_redis_port(char *redis_port_range) } srand((unsigned int)time(NULL)); - idx=rand()%port_num; + int idx=rand()%port_num; return redis_port[idx]; } @@ -253,14 +259,13 @@ static int sort_category_id(const void * a, const void * b) static int get_data_center(char *accept_tag, char *effective_tag_key, char *data_center, int data_center_len) { - int i=0,len; cJSON *object=cJSON_Parse(accept_tag); if(object!=NULL) { cJSON *array=cJSON_GetObjectItem(object, "tags"); if(array!=NULL) { - for(i=0; i<cJSON_GetArraySize(array); i++) + for(int i=0; i<cJSON_GetArraySize(array); i++) { cJSON *item=cJSON_GetArrayItem(array, i); if(item!=NULL) @@ -271,7 +276,7 @@ static int get_data_center(char *accept_tag, char *effective_tag_key, char *data cJSON *v_item=cJSON_GetObjectItem(item, "value"); if(v_item!=NULL && v_item->valuestring!=NULL) { - len=strlen(v_item->valuestring); + int len=strlen(v_item->valuestring); memcpy(data_center, v_item->valuestring, (len>data_center_len-1 ? data_center_len-1 : len)); } @@ -301,7 +306,7 @@ static void _free_field(char *field) static char *_malloc_field(const char *field_start, size_t field_len) { - if(field_start==NULL || field_len<=0) + if(field_start==NULL || field_len==0) { return NULL; } @@ -324,11 +329,10 @@ static int get_string_from_json(cJSON *object, const char *key, char **value) { return 0; } - int len=0; cJSON *item=cJSON_GetObjectItem(object, key); if(item!=NULL) { - len=strlen(item->valuestring); + int len=strlen(item->valuestring); (*value)=(char *)malloc(len+1); memcpy((*value), item->valuestring, len); (*value)[len]='\0'; @@ -485,19 +489,18 @@ void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT void location_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - int country_full=13,province_full=15,city_full=16,subdivision_addr=17; struct location_info *location=(struct location_info *)calloc(1, sizeof(struct location_info)); - location->country_full=tsg_get_column_string_value(table_line, country_full); - location->province_full=tsg_get_column_string_value(table_line, province_full); - location->city_full=tsg_get_column_string_value(table_line, city_full); + location->country_full=tsg_get_column_string_value(table_line, 13); // country_full + location->province_full=tsg_get_column_string_value(table_line, 15); // province_full + location->city_full=tsg_get_column_string_value(table_line, 16); // city_full str_unescape(location->country_full); str_unescape(location->province_full); str_unescape(location->city_full); if(g_tsg_para.location_field_num==19) { - location->subdivision_addr=tsg_get_column_string_value(table_line, subdivision_addr); + location->subdivision_addr=tsg_get_column_string_value(table_line, 17); // subdivision_addr str_unescape(location->subdivision_addr); } @@ -1423,29 +1426,27 @@ void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void dns_profile_records_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) { - int i=0; - cJSON *one_record=NULL,*pSub=NULL; struct dns_profile_records *profile_records=(struct dns_profile_records *)calloc(1, sizeof(struct dns_profile_records)); profile_records->record_id=tsg_get_column_integer_value(table_line, 1); char *answer_type=tsg_get_column_string_value(table_line, 3); char *json_record=tsg_get_column_string_value(table_line, 4); - cJSON *records_array=cJSON_Parse(json_record); + cJSON *records_array=cJSON_Parse(json_record); if(records_array!=NULL) { profile_records->record_num=cJSON_GetArraySize(records_array); profile_records->record_val=(struct dns_record_val *)calloc(1, profile_records->record_num*sizeof(struct dns_record_val)); profile_records->answer_type=get_dns_qtype(answer_type, strlen(answer_type)); - for(i=0; i<profile_records->record_num; i++) + for(int i=0; i<profile_records->record_num; i++) { - one_record=cJSON_GetArrayItem(records_array, i); + cJSON *one_record=cJSON_GetArrayItem(records_array, i); if(one_record==NULL) { continue; } - pSub=cJSON_GetObjectItem(one_record, "value"); + cJSON *pSub=cJSON_GetObjectItem(one_record, "value"); if(NULL==pSub ) { continue; @@ -1534,8 +1535,6 @@ void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void mirrored_profile_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) { - int i=0,vlan_id_num=0; - cJSON *one_vlan=NULL; struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)calloc(1, sizeof(struct traffic_mirror_profile)); mirror_profile->profile_id=tsg_get_column_integer_value(table_line, 1); @@ -1544,10 +1543,10 @@ void mirrored_profile_new(int table_id, const char* key, const char* table_line, cJSON *vlan_ids_object=cJSON_Parse(vlan_ids_str); if(vlan_ids_object!=NULL) { - vlan_id_num=cJSON_GetArraySize(vlan_ids_object); - for(i=0; i<vlan_id_num; i++) + int vlan_id_num=cJSON_GetArraySize(vlan_ids_object); + for(int i=0; i<vlan_id_num; i++) { - one_vlan=cJSON_GetArrayItem(vlan_ids_object, i); + cJSON *one_vlan=cJSON_GetArrayItem(vlan_ids_object, i); if(one_vlan==NULL) { continue; @@ -1677,7 +1676,7 @@ void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void { _free_field(t_endpoint->description); _free_field((char *)(*ad)); - *ad=NULL; + *ad=NULL; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TUNNEL_ENDPOINT_DEL], 0, FS_OP_ADD, 1); } } @@ -1694,11 +1693,7 @@ void tunnel_label_new(int table_id, const char* key, const char* table_line, MAA void tunnel_label_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) { - if((*from)!=NULL) - { - (*to)=(*from); - } - + (*to)=(*from); return ; } @@ -1709,18 +1704,15 @@ void tunnel_label_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *a static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *maat_logger) { - int redis_index=0,deferred_load=0; - unsigned short redis_port=0; - int ret=0,scan_detail=0,effect_interval=60; + int deferred_load=0; + int scan_detail=0,effect_interval=60; Maat_feather_t _maat_feather=NULL; - char redis_port_range[256]={0}; - char effective_tag_key[128]={0}; char effective_range_filename[1024]={0}; - char redis_ip[16]={0}, effective_flag[1024]={0}; + char effective_flag[1024]={0}; int output_prometheus=0; int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0; - char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0}; - char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0}; + char maat_stat_file[MAX_PATH_LEN]={0}; + char table_info[MAX_PATH_LEN]={0}; memset(effective_flag, 0, sizeof(effective_flag)); MESA_load_profile_string_def(conffile, module, "EFFECTIVE_RANGE_FILE", effective_range_filename, sizeof(effective_range_filename),"./tsgconf/maat.conf"); @@ -1737,11 +1729,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam if(strlen(g_tsg_para.device_tag)==0 && strlen(effective_flag)>0) { + memcpy(g_tsg_para.device_tag, effective_flag, MIN(strlen(effective_flag), sizeof(g_tsg_para.device_tag)-1)); } if(strlen(g_tsg_para.data_center)==0 && strlen(effective_flag)>0) { + char effective_tag_key[128]={0}; MESA_load_profile_string_def(conffile, module, "EFFECTIVE_TAG_KEY", effective_tag_key, sizeof(effective_tag_key),"data_center"); get_data_center(effective_flag, effective_tag_key, g_tsg_para.data_center, sizeof(g_tsg_para.data_center)); } @@ -1762,10 +1756,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam if(maat_mode==2) { + int redis_index=0; + char redis_ip[16]={0}; + char redis_port_range[256]={0}; MESA_load_profile_string_def(conffile,module,"REDIS_IP", redis_ip, sizeof(redis_ip),""); MESA_load_profile_int_def(conffile, module,"REDIS_INDEX", &redis_index, 0); MESA_load_profile_string_def(conffile,module,"REDIS_PORT", redis_port_range, sizeof(redis_port_range), "6379;"); - redis_port=get_redis_port(redis_port_range); + unsigned short redis_port=get_redis_port(redis_port_range); if(strlen(effective_flag)!=0) { @@ -1791,7 +1788,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam { if(strlen(effective_flag)!=0) { - ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); + int ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1); assert(ret>=0); } else @@ -1802,11 +1799,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); if(maat_mode==1) { + char json_cfg_file[MAX_PATH_LEN]={0}; MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); } else { + char inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0}; MESA_load_profile_string_def(conffile,module,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),""); MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0); @@ -1833,7 +1832,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam } } - ret=Maat_initiate_feather(_maat_feather); + int ret=Maat_initiate_feather(_maat_feather); if(ret<0) { return NULL; @@ -1853,52 +1852,52 @@ int tsg_rule_init(const char* conffile, void *logger) MESA_load_profile_int_def(conffile, "MAAT","LOCATION_TABLE_TYPE", &g_tsg_para.location_field_num, 18); MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf"); - MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE"); - MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR"); - MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST"); - MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL"); - MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI"); - MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE"); + MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR"); + MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST"); + MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL"); + MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI"); - MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN"); - MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN"); - MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION"); - MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION"); + MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN"); + MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN"); + MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION"); + MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION"); - MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN"); - MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED"); - MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN"); - MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED"); + MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN"); + MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED"); + MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN"); + MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED"); - MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI"); - MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT"); - MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN"); - MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED"); + MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT"); + MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN"); + MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED"); - MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], _MAX_TABLE_NAME_LEN, "APP_ID_DICT"); - MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID"); - MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES"); + MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], MAX_TABLE_NAME_LEN, "APP_ID_DICT"); + MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID"); + MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES"); - MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN"); - MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI"); - MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI"); + MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); - MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], _MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES"); - MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS"); - MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR"); + MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES"); + MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS"); + MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR"); - MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI"); + MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT"); - MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL"); + MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL"); + MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG"); + MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT"); + MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL"); - MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG"); + MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG"); MESA_load_profile_int_def(conffile, "MAAT","LOG_LEVEL", &log_level, 30); MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/maat/tsg_maat.log"); @@ -2203,32 +2202,31 @@ int tsg_rule_init(const char* conffile, void *logger) static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq) { - int i=0,j=0,ret=0; struct fqdn_category *ex_data_array[8]={0}; - - ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8); + int ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8); if(ret>0) - { + { + int cnt=0; qsort(ex_data_array, ret, sizeof(struct fqdn_category *), sort_category_id); - for(i=0; i<ret; i++) + for(int i=0; i<ret; i++) { - if(j==0) + if(cnt==0) { - category_id[j++]=ex_data_array[i]->category_id; + category_id[cnt++]=ex_data_array[i]->category_id; } else { - if(j<category_id_num && ex_data_array[i]->category_id!=category_id[j-1]) + if(cnt<category_id_num && ex_data_array[i]->category_id!=category_id[cnt-1]) { - category_id[j++]=ex_data_array[i]->category_id; + category_id[cnt++]=ex_data_array[i]->category_id; } } fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger); } - return j; + return cnt; } return 0; @@ -2238,7 +2236,7 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re { struct policy_priority_label *priority_label=NULL; - priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); + priority_label=(struct policy_priority_label *)stream_bridge_async_data_get((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); if(priority_label==NULL) { priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); @@ -2251,10 +2249,10 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re priority_label->result_type=result_type; memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t)); - int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label); + int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); if(ret<0) { - free_policy_label(thread_seq, (void *)priority_label); + free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_ADD", @@ -2280,7 +2278,7 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num) { - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); if(shaping_label!=NULL && result!=NULL && result_num>0) { int num=MIN(shaping_label->shaping_result_num, result_num); @@ -2293,15 +2291,12 @@ int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info) { - int num=0; - struct policy_priority_label *label=NULL; - - label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id); + struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL) { if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT)) { - num=MIN(label->security_result_num, result_num); + int num=MIN(label->security_result_num, result_num); memcpy(result, label->security_result, num*sizeof(Maat_rule_t)); if(label->domain_len>0) @@ -2321,7 +2316,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re char *tsg_pull_quic_ua(struct streaminfo *a_stream) { - struct policy_priority_label *label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id); + struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); if(label!=NULL) { return label->quic_ua; @@ -2332,7 +2327,7 @@ char *tsg_pull_quic_ua(struct streaminfo *a_stream) char *tsg_pull_http_url(struct streaminfo *a_stream) { - struct policy_priority_label *label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id); + struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); if(label!=NULL) { return label->http_url; @@ -2687,13 +2682,12 @@ int tsg_get_vlan_label_id(struct single_layer_vlan_addr *vlan_array, int vlan_ar int tsg_scan_tunnel_id(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, scan_status_t *mid, unsigned long long *bool_id_array, int bool_id_array_idx, int thread_seq) { - int i=0,ret=0; - int maat_ret=0, hit_num=0; + int hit_num=0; struct tunnel_catalog *t_catalog[TUNNEL_CATALOG_MAX]; - ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX); - for(i=0; i<ret; i++) + int ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX); + for(int i=0; i<ret; i++) { - maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result+hit_num, result_num-hit_num, mid, thread_seq); + int maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result+hit_num, result_num-hit_num, mid, thread_seq); if(maat_ret>0) { hit_num+=maat_ret; @@ -2880,15 +2874,13 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * //return value: -1: failed, 0: not hit, >0: hit count int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq) { - int ret=0,fqdn_len=0; - if(table_id<0 || domain==NULL) { return 0; } - fqdn_len=get_fqdn_len(domain); - ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq); + int fqdn_len=get_fqdn_len(domain); + int ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq); if(ret>0) { FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1); @@ -2968,9 +2960,7 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num) int tsg_get_method_id(char *method) { - int i=0; - - for(i=0; i<TSG_METHOD_TYPE_MAX; i++) + for(int i=0; i<TSG_METHOD_TYPE_MAX; i++) { if(method2index[i].len==(int)strlen(method) && (strncasecmp(method2index[i].type, method, method2index[i].len))==0) { @@ -2983,11 +2973,9 @@ int tsg_get_method_id(char *method) int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq) { - int ret=0; - if(category_id!=NULL && category_id_num>0) { - ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq); + int ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq); if(ret>0) { return ret; @@ -3005,16 +2993,16 @@ int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned i int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq) { - int i=0,ret=0,hit_num=0; - if(table_id<0 || result_num<=0 || category_id==NULL || category_id_num <=0) { return 0; } + + int hit_num=0; - for(i=0; i<category_id_num; i++) + for(int i=0; i<category_id_num; i++) { - ret=Maat_scan_intval(g_tsg_maat_feather, table_id, (unsigned int)category_id[i], result+hit_num, result_num-hit_num, mid, thread_seq); + int ret=Maat_scan_intval(g_tsg_maat_feather, table_id, (unsigned int)category_id[i], result+hit_num, result_num-hit_num, mid, thread_seq); if(ret>0) { MESA_handle_runtime_log(g_tsg_para.logger, @@ -3069,14 +3057,13 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq) { - int i=0,ret=0; - int ret2=0, hit_num=0; + int hit_num=0; struct Maat_rule_t property_result[MAX_RESULT_NUM]={0}; if(property!=NULL && district!=NULL) { Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, strlen(district)); - ret=Maat_full_scan_string(g_tsg_maat_feather, + int ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_PROPERTIES], CHARSET_UTF8, property, @@ -3087,9 +3074,9 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct str mid, thread_seq ); - for(i=0; i<ret; i++) + for(int i=0; i<ret; i++) { - ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result+hit_num, result_num-hit_num, mid, thread_seq); + int ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result+hit_num, result_num-hit_num, mid, thread_seq); if(ret2>0) { MESA_handle_runtime_log(g_tsg_para.logger, @@ -3327,15 +3314,15 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma notify_data.type=NOTIFY_TYPE_MIRRORED; notify_data.vlan=&(mirror_profile->vlan); - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data)); + stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL); } else { notify_data.compile_id=result[i].config_id; notify_data.type=NOTIFY_TYPE_MIRRORED; - notify_data.vlan=&(g_tsg_para.default_vlan); - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data)); + notify_data.vlan=&(g_tsg_para.default_vlan); + stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); } } @@ -3344,7 +3331,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma notify_data.compile_id=result[i].config_id; notify_data.type=NOTIFY_TYPE_CAPTURE; notify_data.capture_depth=user_region->capture.depth; - stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data)); + stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data)); } tsg_free_compile_user_region(&(result[i]), user_region); @@ -3402,7 +3389,60 @@ int tsg_get_location_type(void) struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid) { char teid_str[32]={0}; - snprintf(teid_str, sizeof(teid_str), "%d", teid); + snprintf(teid_str, sizeof(teid_str), "%u", teid); return (struct umts_user_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_table_id[DYN_TABLE_GTP_SIGNALING], (const char *)teid_str); } +int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *shaping_result, int shaping_result_num) +{ + if(hited_result==NULL || hited_result_num<=0 || shaping_result==NULL || shaping_result_num<=0) + { + return 0; + } + + int result_cnt=0; + for(int i=0; i<hited_result_num; i++) + { + if(hited_result[i].action!=TSG_ACTION_SHAPING) + { + continue; + } + + if(result_cnt>=shaping_result_num) + { + break; + } + + memcpy(&(shaping_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t)); + } + + return result_cnt; + +} + +int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num) +{ + if(hited_result==NULL || hited_result_num<=0 || security_result==NULL || security_result_num<=0) + { + return 0; + } + + int result_cnt=0; + for(int i=0; i<hited_result_num; i++) + { + if(hited_result[i].action==TSG_ACTION_SHAPING) + { + continue; + } + + if(result_cnt>=security_result_num) + { + break; + } + + memcpy(&(security_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t)); + } + + return result_cnt; +} + diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index bd654a7..4ef17b3 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -117,7 +117,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat topic_conf=rd_kafka_topic_conf_new(); topic->status=1; - topic->topic_rkt=(rd_kafka_topic_t *)calloc(1, sizeof(rd_kafka_topic_t*)); + //topic->topic_rkt=(rd_kafka_topic_t *)calloc(1, sizeof(rd_kafka_topic_t*)); topic->topic_rkt=rd_kafka_topic_new(_instance->kafka_handle, topic->name, topic_conf); int thread_num=get_thread_count(); @@ -242,12 +242,9 @@ static int is_tunnels(struct streaminfo *a_stream) static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, enum MESA_stream_opt type) { - int ret=0; unsigned int isn=0; - int size=sizeof(unsigned long long); - - size=sizeof(unsigned int); - ret=MESA_get_stream_opt(a_stream, type, &isn, &size); + int size=sizeof(isn); + int ret=MESA_get_stream_opt(a_stream, type, &isn, &size); if(ret==0) { TLD_append(_handle, field_name, (void *)(long)isn, TLD_TYPE_LONG); @@ -282,7 +279,7 @@ static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - const char *linkinfo=(const char *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]); + const char *linkinfo=(const char *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]); if(linkinfo==NULL) { return 0; @@ -320,13 +317,13 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_ } static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info) -{ - int len=0; - char buff[1024]={0}; - int buff_len=sizeof(buff); - +{ if(asn_info!=NULL) { + int len=0; + char buff[1024]={0}; + int buff_len=sizeof(buff); + len+=string_cat(buff+len, buff_len-len, asn_info->asn_id); buff[len++]='('; len+=string_cat(buff+len, buff_len-len, asn_info->organization); @@ -339,24 +336,23 @@ static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info) { - int len=0; - char buff[1024]={0}; - int buff_len=sizeof(buff); - if(location_info==NULL) { return 0; } - + + int len=0; + char buff[1024]={0}; + int buff_len=sizeof(buff); int location_type=tsg_get_location_type(); switch(location_type) { - case 18: + case 18: len+=string_cat(buff+len, buff_len-len, location_info->city_full); buff[len++]=','; len+=string_cat(buff+len, buff_len-len, location_info->province_full); buff[len++]=','; - len+=string_cat(buff+len, buff_len-len, location_info->country_full); + string_cat(buff+len, buff_len-len, location_info->country_full); break; case 19: len+=string_cat(buff+len, buff_len-len, location_info->country_full); @@ -368,7 +364,7 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea if(location_info->subdivision_addr!=NULL) { buff[len++]='.'; - len+=string_cat(buff+len, buff_len-len, location_info->subdivision_addr); + string_cat(buff+len, buff_len-len, location_info->subdivision_addr); } break; default: @@ -462,17 +458,16 @@ static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - int ret=0; long common_con_duration_ms=0; - unsigned long long create_time=0,last_time=0; int size=sizeof(unsigned long long); + unsigned long long create_time=0,last_time=0; if(a_stream->ptcpdetail!=NULL) { TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(a_stream->ptcpdetail->createtime), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG); - ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size); + int ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size); if(ret>=0) { ret=MESA_get_stream_opt(a_stream, MSO_STREAM_LASTUPDATE_TIMESTAMP_MS, (void *)&last_time, &size); @@ -631,19 +626,17 @@ static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result) { - int i=0,ret=0; - char app_name[512]={0}; - if(result->app_num==0) { return 0; } Value array(kArrayType); - for(i=0; i<result->app_num; i++) - { - Value object(kObjectType); - ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1); + for(int i=0; i<result->app_num; i++) + { + char app_name[512]={0}; + Value object(kObjectType); + int ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1); if(ret>0) { add_str_member(_handle, &object, "app_name", app_name); @@ -849,13 +842,10 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - char app_name[512]={0}; - - struct gather_app_result *gather_result=NULL; - - gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id); + struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); if(gather_result==NULL) - { + { + char app_name[512]={0}; if(tsg_app_id2name(_instance->unknown_app_id, app_name, sizeof(app_name), 0)) { TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING); @@ -1137,36 +1127,36 @@ int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE typ int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, TLD_TYPE type) { - if(handle==NULL || key==NULL || array_num<=0 || array==NULL || type!=TLD_TYPE_LONG || type!=TLD_TYPE_STRING) - { - return -1; - } + if(handle==NULL || key==NULL || array_num<=0 || array==NULL || (type!=TLD_TYPE_LONG && type!=TLD_TYPE_STRING)) + { + return -1; + } - int i=0; - Value obj_array(kArrayType); - - switch(type) - { - case TLD_TYPE_LONG: - for(i=0; i<array_num; i++) - { - obj_array.PushBack((long)(array[i]), handle->document->GetAllocator()); - } - break; - case TLD_TYPE_STRING: - for(i=0; i<array_num; i++) - { - Value str_value(StringRef((char *)(array[i]), strlen((char *)array[i]))); - obj_array.PushBack(str_value, handle->document->GetAllocator()); - } - break; - default: - return -1; - } + int i=0; + Value obj_array(kArrayType); + + switch(type) + { + case TLD_TYPE_LONG: + for(i=0; i<array_num; i++) + { + obj_array.PushBack((long)(array[i]), handle->document->GetAllocator()); + } + break; + case TLD_TYPE_STRING: + for(i=0; i<array_num; i++) + { + Value str_value(StringRef((char *)(array[i]), strlen((char *)array[i]))); + obj_array.PushBack(str_value, handle->document->GetAllocator()); + } + break; + default: + return -1; + } - add_object_member(handle, handle->document, key, obj_array); + add_object_member(handle, handle->document, key, obj_array); - return 1; + return 1; } struct TLD_handle_t *TLD_duplicate(struct TLD_handle_t *handle) @@ -1221,7 +1211,7 @@ int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]); + struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id); if(notify_mail!=NULL && notify_mail->pdata.mail_eml_filename!=NULL && notify_mail->protocol==PROTO_MAIL) { TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name); @@ -1235,7 +1225,7 @@ static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_ static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - struct business_notify_data *bnd_label=(struct business_notify_data *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]); + struct business_notify_data *bnd_label=(struct business_notify_data *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]); if(bnd_label==NULL || bnd_label->pdata==NULL) { return 0; @@ -1338,7 +1328,7 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); if(shaping_label==NULL) { return 0; @@ -1351,10 +1341,14 @@ int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle offset+=snprintf(shaping_rule_ids+offset, sizeof(shaping_rule_ids)-offset, "%d,", shaping_label->shaping_result[i].config_id); } - shaping_rule_ids[offset-1]='\0'; - TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING); - - return 1; + if(offset>0) + { + shaping_rule_ids[offset-1]='\0'; + TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING); + return 1; + } + + return 0; } static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) @@ -1445,7 +1439,7 @@ static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h break; } - ptmp = pfather;; + ptmp=pfather; tunnel_array.PushBack(tunnel_object, _handle->document->GetAllocator()); } @@ -1499,7 +1493,6 @@ int is_multi_hit_same_policy(struct Maat_rule_t *result, int *policy_id, int *po static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct Maat_rule_t *p_result, int thread_seq) { - int ret=0; cJSON *item=NULL; cJSON *object=NULL; char *user_region=NULL; @@ -1511,7 +1504,7 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0) { user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1); - ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1); + int ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1); if(ret==p_result->serv_def_len) { user_region[p_result->serv_def_len]='\0'; @@ -1567,7 +1560,7 @@ int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_ha } struct application_behavior *behavior_result=NULL; - behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]); + behavior_result=(struct application_behavior *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]); if(behavior_result==NULL) { return 0; @@ -1587,7 +1580,7 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD int i=0; struct tsg_notify_execution_result *execution_result=NULL; - execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]); + execution_result=(struct tsg_notify_execution_result *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]); if(execution_result==NULL) { return 0; @@ -1681,13 +1674,12 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - int i=0; - struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]); + struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]); if(uda_label!=NULL) { Value array(kArrayType); - for(i=0; i<uda_label->attribute_num; i++) + for(int i=0; i<uda_label->attribute_num; i++) { Value object(kObjectType); switch(uda_label->attribute[i].type) @@ -1715,20 +1707,19 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream) { - int ret=0; - char *addr_proto=NULL; - char stream_id_buff[128]={0}; - unsigned long long stream_id=0; - struct TLD_handle_t *_handle=handle; - struct tsg_log_instance_t *_instance=instance; - - if(_instance==NULL || _handle==NULL || a_stream==NULL) - { - MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TLD_APPEND_STREAM", "instance==NULL || TLD_handle==NULL || addr==NULL"); + if(instance==NULL || handle==NULL || a_stream==NULL) + { + if(instance) + { + MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TLD_APPEND_STREAM", "TLD_handle==NULL || addr==NULL"); + } return -1; } + + struct TLD_handle_t *_handle=handle; + struct tsg_log_instance_t *_instance=instance; - ret=set_linkinfo(_instance, _handle, a_stream); + int ret=set_linkinfo(_instance, _handle, a_stream); if(ret==0) { set_direction(_instance, _handle, a_stream); @@ -1748,11 +1739,12 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle set_common_tunnels(_instance, _handle, a_stream); } - stream_id=tsg_get_stream_id(a_stream); + unsigned long long stream_id=tsg_get_stream_id(a_stream); + char stream_id_buff[128]={0}; snprintf(stream_id_buff, sizeof(stream_id_buff), "%llu", stream_id); TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)stream_id_buff, TLD_TYPE_STRING); - addr_proto=(char *)layer_addr_prefix_ntop(a_stream); + char *addr_proto=(char *)layer_addr_prefix_ntop(a_stream); TLD_append(_handle, _instance->id2field[LOG_COMMON_L4_PROTOCOL].name, (void *)addr_proto, TLD_TYPE_STRING); return 0; @@ -1784,7 +1776,7 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top continue; } memset(type_name, 0, sizeof(type_name)); - ret=sscanf(line, "%s %s %d", type_name, field_name, &id); + ret=sscanf(line, "%31s %63s %d", type_name, field_name, &id); assert(ret==3); for(i=0; i<TLD_TYPE_MAX; i++) @@ -1863,19 +1855,19 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle) { - int i=0,ret=0; - char nic_name[32]={0}; char override_sled_ip[32]={0}; char kafka_errstr[1024]={0}; unsigned int local_ip_nr=0; char bridge_name[LOG_BRIDGE_MAX][128]={0}; - rd_kafka_conf_t *rdkafka_conf = NULL; + rd_kafka_conf_t *rdkafka_conf = NULL; + char broker_list[1024]={0}; struct tsg_log_instance_t *_instance=NULL; - + char common_field_file[128]={0}; + char log_path[128]={0}; _instance=(struct tsg_log_instance_t *)calloc(1, sizeof(struct tsg_log_instance_t)); _instance->fs2_handle=fs2_handle; - for(i=0; i<LOG_FS2_TYPE_MAX; i++) + for(int i=0; i<LOG_FS2_TYPE_MAX; i++) { _instance->fs2_field_id[i]=FS_register(_instance->fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_log_fs2_field[i].name); } @@ -1891,7 +1883,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha _instance->sum_line_id=FS_register(_instance->fs2_handle, FS_STYLE_LINE, FS_CALC_SPEED, "SUM"); MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30); - MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog"); + MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", log_path, sizeof(log_path), "./log/tsglog"); MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_USER_REGION", &(_instance->send_user_region), 0); MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_DATA_CENTER_SWITCH", &(_instance->send_data_center), 0); MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_APP_ID_SWITCH", &(_instance->send_app_id), 0); @@ -1909,7 +1901,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha MESA_load_profile_string_def(conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT]), "TSG_APPLICATION_BEHAVIOR"); MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT], sizeof(bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]), "TSG_NOTIFICATION_EXECUTION_RESULT"); - for(i=0; i<LOG_BRIDGE_MAX; i++) + for(int i=0; i<LOG_BRIDGE_MAX; i++) { _instance->bridge_id[i]=stream_bridge_build(bridge_name[i], "w"); if(_instance->bridge_id[i]<0) @@ -1918,10 +1910,10 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha } } - _instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level); + _instance->logger=MESA_create_runtime_log_handle(log_path, _instance->level); if(_instance->logger==NULL) { - printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", _instance->log_path, _instance->level); + printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", log_path, _instance->level); return NULL; } @@ -1934,8 +1926,8 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha MESA_load_profile_int_def(conffile, "TSG_LOG", "RECOVERY_INTERVEL_S", &(_instance->recovery_interval), 30); - MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL); - MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL); + MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", common_field_file, sizeof(common_field_file), NULL); + MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", broker_list, sizeof(broker_list), NULL); MESA_load_profile_string_def(conffile, "TSG_LOG", "SASL_USERNAME", _instance->sasl_username, sizeof(_instance->sasl_username), ""); //admin MESA_load_profile_string_def(conffile, "TSG_LOG", "SASL_PASSWD", _instance->sasl_passwd, sizeof(_instance->sasl_passwd), ""); @@ -1963,8 +1955,9 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha char *sled_ip=getenv(override_sled_ip); if(sled_ip==NULL) { + char nic_name[32]={0}; MESA_load_profile_string_def(conffile, "SYSTEM", "NIC_NAME", nic_name, sizeof(nic_name), "lo"); - ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr); + int ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr); if(ret<0) { MESA_handle_runtime_log(_instance->logger, @@ -1987,7 +1980,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", _instance->refresh_interval_ms, kafka_errstr, sizeof(kafka_errstr)); rd_kafka_conf_set(rdkafka_conf, "request.required.acks", _instance->require_ack, kafka_errstr, sizeof(kafka_errstr)); rd_kafka_conf_set(rdkafka_conf, "socket.keepalive.enable", "true", kafka_errstr, sizeof(kafka_errstr)); - rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", _instance->broker_list, kafka_errstr, sizeof(kafka_errstr)); + rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", broker_list, kafka_errstr, sizeof(kafka_errstr)); if(strlen(_instance->sasl_username)> 0 && strlen(_instance->sasl_passwd)>0) { @@ -2003,11 +1996,11 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha return NULL; } - load_log_common_field(_instance->common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service)); + load_log_common_field(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service)); if(_instance->service2topic!=NULL) { - for(i=0; i<_instance->max_service; i++) + for(int i=0; i<_instance->max_service; i++) { if(_instance->service2topic[i].type==TLD_TYPE_MAX && strlen(_instance->service2topic[i].name)>0) { @@ -2022,12 +2015,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha } else { - MESA_handle_runtime_log(_instance->logger, - RLOG_LV_FATAL, - "KAFKA_INIT", - "load_log_common_field is error, please check %s", - _instance->common_field_file - ); + MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "load_log_common_field is error, please check %s", common_field_file); } return _instance; @@ -2096,96 +2084,52 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance) return ; } -int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id) +int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_id) { - int fs_id=0,ret=0; - int i=0,repeat_cnt=0; + int fs_id=0,ret=0,repeat_cnt=0; int policy_id[MAX_RESULT_NUM]={0}; - struct TLD_handle_t *_handle=handle; - struct tsg_log_instance_t *_instance=instance; - - if(_instance==NULL || _handle==NULL || log_msg==NULL) - { - TLD_cancel(handle); - MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL "); - return -1; - } - if(_instance->mode==CLOSE) + for(int i=0;i<p_result_num; i++) { - TLD_cancel(handle); - FS_operate(_instance->fs2_handle, _instance->sum_line_id, _instance->fs2_field_id[LOG_COLUMN_STATUS_DROP], FS_OP_ADD, 1); - MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log."); - return 0; - } - - TLD_append_streaminfo(instance, handle, log_msg->a_stream); - TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING); - if(strlen(g_tsg_para.device_sn)>0) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_ID].name, (void *)(g_tsg_para.device_sn), TLD_TYPE_STRING); - } - - if(strlen(g_tsg_para.data_center)>0 && _instance->send_data_center==1) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)(g_tsg_para.data_center), TLD_TYPE_STRING); - } - - if(strlen(g_tsg_para.device_tag)>0) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING); - } - - TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); - - set_application_behavior(_instance, _handle, log_msg->a_stream); - - if(log_msg->result[i].service_id==2 && log_msg->a_stream!=NULL) // stream of intercept is NULL - { - set_shaping_rule_ids(_instance, _handle, log_msg->a_stream); - } - - for(i=0;i<log_msg->result_num; i++) - { - if(is_multi_hit_same_policy(&(log_msg->result[i]), policy_id, &repeat_cnt)) + if(is_multi_hit_same_policy(&(p_result[i]), policy_id, &repeat_cnt)) { MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", "tsg same log:cfg_id=%d service=%d addr=%s", - log_msg->result[i].config_id, - log_msg->result[i].service_id, - (log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level)) + p_result[i].config_id, + p_result[i].service_id, + (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) ); continue; } - switch(log_msg->result[i].do_log) + switch(p_result[i].do_log) { case LOG_ABORT: MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", "tsg abort log:cfg_id=%d service=%d addr=%s", - log_msg->result[i].config_id, - log_msg->result[i].service_id, - (log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level)) + p_result[i].config_id, + p_result[i].service_id, + (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) ); - fs_id=action2fs_id((int)log_msg->result[i].action); + fs_id=action2fs_id((int)p_result[i].action); FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1); continue; break; case LOG_ALL: - if(log_msg->result[i].action==TSG_ACTION_MONITOR) + if(p_result[i].action==TSG_ACTION_MONITOR) { - set_s3_filename(_instance, _handle, log_msg->a_stream); - set_mail_eml(_instance, _handle, log_msg->a_stream); + set_s3_filename(_instance, _handle, a_stream); + set_mail_eml(_instance, _handle, a_stream); } break; case LOG_NOFILE: - if(log_msg->result[i].action==TSG_ACTION_MONITOR) + if(p_result[i].action==TSG_ACTION_MONITOR) { TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name); - TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name); + TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name); } break; @@ -2193,39 +2137,39 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl break; } - ret=update_percent(_instance, log_msg->result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id); + ret=update_percent(_instance, p_result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id); if(ret==1) { MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", "tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s", - log_msg->result[i].config_id, - log_msg->result[i].service_id, - _instance->service2topic[log_msg->result[i].service_id].send_log_percent[thread_id], - (log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level)) + p_result[i].config_id, + p_result[i].service_id, + _instance->service2topic[p_result[i].service_id].send_log_percent[thread_id], + (a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level)) ); continue; } - TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(log_msg->result[i].config_id), TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG); - TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(p_result[i].config_id), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(p_result[i].service_id), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)p_result[i].action), TLD_TYPE_LONG); - set_notify_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i])); + set_notify_execution_result(_instance, _handle, a_stream, &(p_result[i])); - if(_instance->send_nat_linkinfo && log_msg->result[i].config_id==0 && log_msg->a_stream!=NULL) + if(_instance->send_nat_linkinfo &&p_result[i].config_id==0 && a_stream!=NULL) { - set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]); - set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]); + set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]); + set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]); } - set_xxxx_from_user_region(_handle, _instance, &(log_msg->result[i]), thread_id); + set_xxxx_from_user_region(_handle, _instance, &(p_result[i]), thread_id); StringBuffer sb(0, 2048); Writer<StringBuffer> writer(sb); _handle->document->Accept(writer); - tsg_send_payload(_instance, log_msg->result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id); + tsg_send_payload(_instance, p_result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id); TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name); TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name); @@ -2233,6 +2177,69 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name); } + return 0; +} + +int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id) +{ + if(instance==NULL || handle==NULL || log_msg==NULL) + { + TLD_cancel(handle); + if(instance!=NULL) + { + MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL "); + } + return -1; + } + + struct TLD_handle_t *_handle=handle; + struct tsg_log_instance_t *_instance=instance; + + if(_instance->mode==CLOSE) + { + TLD_cancel(handle); + FS_operate(_instance->fs2_handle, _instance->sum_line_id, _instance->fs2_field_id[LOG_COLUMN_STATUS_DROP], FS_OP_ADD, 1); + MESA_handle_runtime_log(_instance->logger, RLOG_LV_INFO, "TSG_SEND_LOG", "Disable tsg_send_log."); + return 0; + } + + TLD_append_streaminfo(instance, handle, log_msg->a_stream); + TLD_append(_handle, _instance->id2field[LOG_COMMON_SLED_IP].name, (void *)(_instance->local_ip_str), TLD_TYPE_STRING); + if(strlen(g_tsg_para.device_sn)>0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_ID].name, (void *)(g_tsg_para.device_sn), TLD_TYPE_STRING); + } + + if(strlen(g_tsg_para.data_center)>0 && _instance->send_data_center==1) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_DATA_CENTER].name, (void *)(g_tsg_para.data_center), TLD_TYPE_STRING); + } + + if(strlen(g_tsg_para.device_tag)>0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING); + } + + TLD_append(_handle, _instance->id2field[LOG_COMMON_TRAFFIC_VSYSTEM_ID].name, (void *)(long)_instance->vsystem_id, TLD_TYPE_LONG); + + set_application_behavior(_instance, _handle, log_msg->a_stream); + + if(log_msg->result[0].service_id==2 && log_msg->a_stream!=NULL) // stream of intercept is NULL + { + set_shaping_rule_ids(_instance, _handle, log_msg->a_stream); + } + + send_log(_instance, _handle, log_msg->a_stream, log_msg->result, log_msg->result_num, thread_id); + + //fetch firewall result + struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + if(priority_label!=NULL && priority_label->security_result_num>0) + { + send_log(_instance, _handle, log_msg->a_stream, priority_label->security_result, priority_label->security_result_num, thread_id); + free_policy_label(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); + tsg_set_xxx_to_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL); + } + TLD_cancel(handle); return 0; @@ -2248,8 +2255,8 @@ int tsg_register_topic(struct tsg_log_instance_t *instance, char *topic_name) _instance->service2topic=(struct topic_stat *)realloc(_instance->service2topic, (_instance->max_service+1)*sizeof(struct topic_stat)); _instance->service2topic[_instance->max_service].type=TLD_TYPE_MAX; - memset(_instance->service2topic[_instance->max_service].name, 0, MAX_STRING_LEN); - memcpy(_instance->service2topic[_instance->max_service].name, topic_name, MIN(MAX_STRING_LEN-1, strlen(topic_name))); + memset(_instance->service2topic[_instance->max_service].name, 0, MAX_STRING_LEN32); + memcpy(_instance->service2topic[_instance->max_service].name, topic_name, MIN(MAX_STRING_LEN32-1, strlen(topic_name))); register_topic(_instance, &(_instance->service2topic[_instance->max_service])); _instance->max_service++; @@ -2308,9 +2315,6 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa ); } - - - update_percent(_instance, topic_id, LOG_COLUMN_STATUS_MAX, thread_id); return 0; diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index aeef081..f881845 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -11,7 +11,10 @@ #define MAX_L7_PROTO_ID 150 #define MAX_IPV4_LEN 16 -#define MAX_STRING_LEN 32 + +#ifndef MAX_STRING_LEN32 +#define MAX_STRING_LEN32 32 +#endif enum _SEND_MODE { @@ -181,7 +184,7 @@ typedef struct _id2field { int type; int id; - char name[MAX_STRING_LEN]; + char name[MAX_STRING_LEN32]; }id2field_t; struct topic_stat @@ -190,7 +193,7 @@ struct topic_stat int type; int fs2_line_id; int *send_log_percent; - char name[MAX_STRING_LEN]; + char name[MAX_STRING_LEN32]; long long *drop_start; rd_kafka_topic_t *topic_rkt; }; @@ -215,18 +218,14 @@ struct tsg_log_instance_t int bridge_id[LOG_BRIDGE_MAX]; int fs2_column_id[LOG_COLUMN_STATUS_MAX]; int fs2_field_id[LOG_FS2_TYPE_MAX]; - char log_path[MAX_STRING_LEN*2]; - char tcp_label[MAX_STRING_LEN]; - char udp_label[MAX_STRING_LEN]; - char common_field_file[MAX_STRING_LEN*4]; - char broker_list[MAX_STRING_LEN*8]; - char sasl_username[MAX_STRING_LEN]; - char sasl_passwd[MAX_STRING_LEN]; - char send_queue_max_msg[MAX_STRING_LEN]; - char require_ack[MAX_STRING_LEN]; - char refresh_interval_ms[MAX_STRING_LEN]; + char tcp_label[MAX_STRING_LEN32]; + char udp_label[MAX_STRING_LEN32]; + char sasl_username[MAX_STRING_LEN32]; + char sasl_passwd[MAX_STRING_LEN32]; + char send_queue_max_msg[MAX_STRING_LEN32]; + char require_ack[MAX_STRING_LEN32]; + char refresh_interval_ms[MAX_STRING_LEN32]; char local_ip_str[MAX_IPV4_LEN]; - char l7_proto_id_file[MAX_STRING_LEN*4]; id2field_t id2field[LOG_COMMON_MAX]; rd_kafka_t *kafka_handle; struct topic_stat *service2topic; diff --git a/src/tsg_ssl_utils.cpp b/src/tsg_ssl_utils.cpp index 66cabc2..ca1b3e2 100644 --- a/src/tsg_ssl_utils.cpp +++ b/src/tsg_ssl_utils.cpp @@ -174,13 +174,12 @@ static char* parse_alpn_extension(const unsigned char* buff, size_t buff_len, en static char* parse_server_name_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result) { - size_t pos = 2; /* skip server name list length */ - size_t len; + size_t pos = 2; /* skip server name list length */ char* sni = NULL; - while (pos + 3 < buff_len) + while (pos + 3 < buff_len) { - len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2]; - if (pos + 3 + len > buff_len) + size_t len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2]; + if (pos + 3 + len > buff_len) { *result = CHELLO_PARSE_INVALID_FORMAT; return NULL; @@ -366,7 +365,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, *result = CHELLO_PARSE_NOT_ENOUGH_BUFF; return NULL; } - if(buff[1] != 3 || buff[2] > 4 || buff[2] < 0) + if(buff[1] != 3 || buff[2] > 4) { *result = CHELLO_PARSE_INVALID_FORMAT; return NULL; diff --git a/src/tsg_statistic.cpp b/src/tsg_statistic.cpp index 6abfc6b..3372faa 100644 --- a/src/tsg_statistic.cpp +++ b/src/tsg_statistic.cpp @@ -203,9 +203,6 @@ static int _set_traffic_info(struct _traffic_info *from, struct _traffic_info *t } static void *tsg_statistic_thread(void *arg) { - long long value=0; - long long total_value=0; - int value_len=sizeof(long long); int thread_num=get_thread_count(); struct _traffic_info policy_traffic_info; struct _traffic_info total_traffic_info; @@ -215,6 +212,10 @@ static void *tsg_statistic_thread(void *arg) while(g_tsg_statis_para.thread_alive) { + long long value=0; + long long total_value=0; + int value_len=sizeof(long long); + memset(&policy_traffic_info, 0, sizeof(policy_traffic_info)); memset(&total_traffic_info, 0, sizeof(total_traffic_info)); memset(&default_traffic_info, 0, sizeof(default_traffic_info)); @@ -344,9 +345,9 @@ int tsg_statistic_init(const char *conffile, void *logger) int output_prometheus=0; int i=0,value=0,thread_num=0; unsigned short fs_server_port=0; - char app_name[MAX_STRING_LEN]={0}; + char app_name[128]={0}; char fs_server_ip[MAX_IPV4_LEN]={0}; - char fs_output_path[MAX_STRING_LEN*4]={0}; + char fs_output_path[128]={0}; memset(&g_tsg_statis_para, 0, sizeof(g_tsg_statis_para)); @@ -381,7 +382,6 @@ int tsg_statistic_init(const char *conffile, void *logger) FS_set_para(g_tsg_statis_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1); FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1); - value=1; FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus)); if(fs_server_port > 0 && strlen(fs_server_ip) > 0) @@ -390,8 +390,8 @@ int tsg_statistic_init(const char *conffile, void *logger) FS_set_para(g_tsg_statis_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port)); } - value=FS_OUTPUT_INFLUX_LINE; - FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &value, sizeof(value)); + int output_influx_line=FS_OUTPUT_INFLUX_LINE; + FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &output_influx_line, sizeof(output_influx_line)); g_tsg_statis_para.fs_field_id[STATIS_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"new_conn_num"); g_tsg_statis_para.fs_field_id[STATIS_ESTABLISHED_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, (char *)"established_conn_num"); diff --git a/src/tsg_tamper.cpp b/src/tsg_tamper.cpp index 9ddd027..f5f169e 100644 --- a/src/tsg_tamper.cpp +++ b/src/tsg_tamper.cpp @@ -34,8 +34,6 @@ int swap_payload2byte(char *str, int endlen) { - int i = 0; - int j = 0; char temp; if(endlen<4){ //最少满足2个16bit的长度,即最小4字节。 @@ -43,8 +41,8 @@ int swap_payload2byte(char *str, int endlen) } //这样交换是别面校验和不对的问题 - for(i=1; i<endlen; i=i+2){ - for (j=i+2; j<endlen; j=j+2){ + for(int i=1; i<endlen; i=i+2){ + for (int j=i+2; j<endlen; j=j+2){ if(str[i] != str[j]){ temp = str[i]; str[i] = str[j]; diff --git a/src/tsg_variable.cpp b/src/tsg_variable.cpp deleted file mode 100644 index 8a6d55b..0000000 --- a/src/tsg_variable.cpp +++ /dev/null @@ -1,89 +0,0 @@ -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <assert.h> -#include <sys/time.h> -#include <unistd.h> - -#include "tsg_variable.h" - -g_tsg_para_t g_tsg_para; - -id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, - {0, TSG_FS2_UDP_LINKS, "udp_links"}, - {0, TSG_FS2_BYPASS, "bypass"}, - {0, TSG_FS2_HIT_ADDR, "hit_addr"}, - {0, TSG_FS2_HIT_SHARE, "hit_share"}, - {0, TSG_FS2_INTERCEPT, "intercept"}, - {0, TSG_FS2_SHAPING, "shaping"}, - {0, TSG_FS2_EXCLUSION, "exclusion"}, - {0, TSG_FS2_APP_DPKT_RESULT, "D_result"}, - {0, TSG_FS2_APP_Q_RESULT, "Q_result"}, - {0, TSG_FS2_APP_USER_RESULT, "U_result"}, - {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"}, - {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"}, - {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"}, - {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"}, - {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"}, - {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"}, - {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"}, - {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"}, - {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"}, - {0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"}, - {0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"}, - {0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"}, - {0, TSG_FS2_ASN_ADD, "asn_add"}, - {0, TSG_FS2_ASN_DEL, "asn_del"}, - {0, TSG_FS2_GTPC_ADD, "gtpc_add"}, - {0, TSG_FS2_GTPC_DEL, "gtpc_del"}, - {0, TSG_FS2_LOCATION_ADD, "location_add"}, - {0, TSG_FS2_LOCATION_DEL, "location_del"}, - {0, TSG_FS2_FQDN_ADD, "fqdn_add"}, - {0, TSG_FS2_FQDN_DEL, "fqdn_del"}, - {0, TSG_FS2_SUBSCRIBER_ADD, "subscriber_add"}, - {0, TSG_FS2_SUBSCRIBER_DEL, "subscriber_del"}, - {0, TSG_FS2_SECURIRY_ADD, "security_add"}, - {0, TSG_FS2_SECURIRY_DEL, "security_del"}, - {0, TSG_FS2_MIRRORED_ADD, "mirrored_add"}, - {0, TSG_FS2_MIRRORED_DEL, "mirrored_del"}, - {0, TSG_FS2_HTTP_RES_ADD, "http_res_add"}, - {0, TSG_FS2_HTTP_RES_DEL, "http_res_del"}, - {0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"}, - {0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"}, - {0, TSG_FS2_APP_ID_ADD, "app_id_add"}, - {0, TSG_FS2_APP_ID_DEL, "app_id_del"}, - {0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"}, - {0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"}, - {0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"}, - {0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"}, - {0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"}, - {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"} - }; - -id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, - {PROTO_IPv4, 0, "IPV4"}, - {PROTO_IPv6, 0, "IPV6"}, - {PROTO_TCP, 0, "TCP"}, - {PROTO_UDP, 0, "UDP"}, - {PROTO_HTTP, 0, "HTTP"}, - {PROTO_MAIL, 0, "MAIL"}, - {PROTO_DNS, 0, "DNS"}, - {PROTO_FTP, 0, "FTP"}, - {PROTO_SSL, 0, "SSL"}, - {PROTO_SIP, 0, "SIP"}, - {PROTO_BGP, 0, "BGP"}, - {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"}, - {PROTO_QUIC, 0, "QUIC"}, - {PROTO_SSH, 0, "SSH"}, - {PROTO_SMTP, 0, "SMTP"}, - {PROTO_IMAP, 0, "IMAP"}, - {PROTO_POP3, 0, "POP3"}, - {PROTO_RTP, 0, "RTP"}, - {PROTO_APP, 0, "BASE"}, - {PROTO_L2TP, 0, "L2TP"}, - {PROTO_PPTP, 0, "PPTP"}, - {PROTO_STRATUM, 0, "Stratum"}, - {PROTO_RDP, 0, "RDP"}, - {PROTO_DTLS, 0, "DTLS"} - }; - diff --git a/src/tsg_variable.h b/src/tsg_variable.h index 0e4a433..7cff894 100644 --- a/src/tsg_variable.h +++ b/src/tsg_variable.h @@ -1,5 +1,142 @@ #pragma once +#include <MESA/stream.h> +#include <MESA/field_stat2.h> +#include <ctemplate/template.h> + +enum TSG_FS2_TYPE +{ + TSG_FS2_TCP_LINKS=0, + TSG_FS2_UDP_LINKS, + TSG_FS2_BYPASS, + TSG_FS2_HIT_ADDR, + TSG_FS2_HIT_SHARE, + TSG_FS2_INTERCEPT, + TSG_FS2_SHAPING, + TSG_FS2_EXCLUSION, + TSG_FS2_APP_DPKT_RESULT, + TSG_FS2_APP_Q_RESULT, + TSG_FS2_APP_USER_RESULT, + TSG_FS2_APP_BUILT_IN_RESULT, + TSG_FS2_INJECT_PKT_SUCCESS, + TSG_FS2_INJECT_PKT_FAILED, + TSG_FS2_MIRRORED_PKT_SUCCESS, + TSG_FS2_MIRRORED_BYTE_SUCCESS, + TSG_FS2_MIRRORED_PKT_FAILED, + TSG_FS2_MIRRORED_BYTE_FAILED, + TSG_FS2_SET_TIMOUT_SUCCESS, + TSG_FS2_SET_TIMOUT_FAILED, + TSG_FS2_SUCESS_TAMPER, + TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, + TSG_FS2_TAMPER_FAILED_NOSWAP, + TSG_FS2_ASN_ADD, + TSG_FS2_ASN_DEL, + TSG_FS2_GTPC_ADD, + TSG_FS2_GTPC_DEL, + TSG_FS2_LOCATION_ADD, + TSG_FS2_LOCATION_DEL, + TSG_FS2_FQDN_ADD, + TSG_FS2_FQDN_DEL, + TSG_FS2_SUBSCRIBER_ADD, + TSG_FS2_SUBSCRIBER_DEL, + TSG_FS2_SECURIRY_ADD, + TSG_FS2_SECURIRY_DEL, + TSG_FS2_MIRRORED_ADD, + TSG_FS2_MIRRORED_DEL, + TSG_FS2_HTTP_RES_ADD, + TSG_FS2_HTTP_RES_DEL, + TSG_FS2_DNS_RES_ADD, + TSG_FS2_DNS_RES_DEL, + TSG_FS2_APP_ID_ADD, + TSG_FS2_APP_ID_DEL, + TSG_FS2_TUNNEL_CATALOG_ADD, + TSG_FS2_TUNNEL_CATALOG_DEL, + TSG_FS2_TUNNEL_ENDPOINT_ADD, + TSG_FS2_TUNNEL_ENDPOINT_DEL, + TSG_FS2_TUNNEL_LABEL_ADD, + TSG_FS2_TUNNEL_LABEL_DEL, + TSG_FS2_MAX +}; + + +enum DEPLOY_MODE +{ + DEPLOY_MODE_MIRROR, + DEPLOY_MODE_INLINE, + DEPLOY_MODE_TRANSPARENT, + DEPLOY_MODE_MAX +}; + +enum MASTER_STATIC_TABLE +{ + TABLE_SECURITY_COMPILE=0, + TABLE_IP_ADDR, + TABLE_SUBSCRIBER_ID, + TABLE_APP_ID, + TABLE_HTTP_HOST, + TABLE_SSL_SNI, + TABLE_EXCLUSION_SSL_SNI, + TABLE_SRC_ASN, + TABLE_DST_ASN, + TABLE_SRC_LOCATION, + TABLE_DST_LOCATION, + TABLE_ASN_USER_DEFINED, + TABLE_ASN_BUILT_IN, + TABLE_LOCATION_USER_DEFINED, + TABLE_LOCATION_BUILT_IN, + TABLE_QUIC_SNI, + TABLE_FQDN_CAT_ID, + TABLE_FQDN_CAT_USER_DEFINED, + TABLE_FQDN_CAT_BUILT_IN, + TABLE_APP_ID_DICT, + TABLE_SELECTOR_ID, + TABLE_SELECTOR_PROPERTIES, + TABLE_GTP_APN, + TABLE_GTP_IMSI, + TABLE_GTP_PHONE_NUMBER, + TABLE_RESPONSE_PAGES, + TABLE_DNS_PROFILE_RECORD, + TABLE_PROFILE_MIRROR, + TABLE_HTTP_URL, + TABLE_DTLS_SNI, + TABLE_TUNNEL_ID, + TABLE_TUNNEL_CATALOG, + TABLE_TUNNEL_ENDPOINT, + TABLE_TUNNEL_LABEL, + TABLE_SESSION_FLAGS, + TABLE_MAX +}; + +enum MASTER_DYNAMIC_TABLE +{ + DYN_TABLE_SUBSCRIBER_IP=0, + DYN_TABLE_GTP_SIGNALING, + DYN_TABLE_MAX +}; + +#ifndef MIN +#define MIN(a, b) (((a) < (b)) ? (a) : (b)) +#endif + +#ifndef PRINTADDR +#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "") +#endif + +#ifndef MAX_TSG_ALL_RESULT_NUM +#define MAX_TSG_ALL_RESULT_NUM MAX_RESULT_NUM*2 +#endif + +#ifndef MAX_STRING_LEN32 +#define MAX_STRING_LEN32 32 +#endif + +struct id2field +{ + int type; + int id; + char name[MAX_STRING_LEN32]; +}; + struct reset_argv { int pkt_num; @@ -10,7 +147,14 @@ struct reset_argv int remedy; }; -#define _MAX_TABLE_NAME_LEN 64 +#ifndef MAX_TABLE_NAME_LEN +#define MAX_TABLE_NAME_LEN 64 +#endif + +#ifndef MAX_STRING_LEN128 +#define MAX_STRING_LEN128 128 +#endif + typedef struct tsg_para { int level; @@ -32,25 +176,19 @@ typedef struct tsg_para int unknown_app_id; int hit_path_switch; int default_compile_id; - int table_id[TABLE_MAX]; + int table_id[TABLE_MAX]; int dyn_table_id[DYN_TABLE_MAX]; - int priority_project_id; - int shaping_project_id; int session_attribute_project_id; - int context_project_id; - int tcpall_project_id; - int gather_app_project_id; - int bridge_id[BRIDGE_TYPE_MAX]; int proto_flag; //tsg_protocol_t int fs2_field_id[TSG_FS2_MAX]; - char device_sn[MAX_DOMAIN_LEN/8]; - char log_path[MAX_DOMAIN_LEN/8]; - char device_id_command[MAX_DOMAIN_LEN/8]; - char data_center[_MAX_TABLE_NAME_LEN]; - char device_tag[MAX_DOMAIN_LEN/2]; - char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; - char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN]; - char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN]; + char device_sn[MAX_STRING_LEN128]; + char log_path[MAX_STRING_LEN128]; + char device_id_command[MAX_STRING_LEN128]; + char data_center[MAX_STRING_LEN128]; + char device_tag[MAX_STRING_LEN128]; + char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN]; + char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN]; + struct bridge_info bridge[BRIDGE_TYPE_MAX]; void *logger; void *maat_logger; struct reset_argv reset; @@ -66,4 +204,5 @@ typedef struct tsg_para extern g_tsg_para_t g_tsg_para; extern Maat_feather_t g_tsg_dynamic_maat_feather; -extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
\ No newline at end of file +extern struct id2field g_tsg_proto_name2id[PROTO_MAX]; + diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt deleted file mode 100644 index 7554d2f..0000000 --- a/test/CMakeLists.txt +++ /dev/null @@ -1,25 +0,0 @@ -cmake_minimum_required(VERSION 2.8) - - -include_directories(${CMAKE_SOURCE_DIR}/inc) -include_directories(/opt/MESA/include/MESA/) -include_directories(/opt/MESA/include) -include_directories(/usr/include/) - -set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) - -add_library(tsg_master_gtest SHARED src/tsg_master_gtest_protocol.cpp src/tsg_master_gtest_entry.cpp) -set_target_properties(tsg_master_gtest PROPERTIES PREFIX "") - -add_definitions(-std=c++11) -LINK_DIRECTORIES(/opt/MESA/lib) - -add_executable(master_gtest "src/tsg_master_gtest_main.cpp") -target_compile_options(master_gtest PUBLIC ${MEM_POOL_DEFINITIONS}) -target_link_libraries(master_gtest pthread dl m pcap systemd cjson MESA_prof_load MESA_htable MESA_handle_logger MESA_jump_layer breakpad_mini MESA_field_stat2) -target_link_libraries(master_gtest /home/mesasoft/sapp_run/lib/libsapp_devel.so) -target_link_libraries(master_gtest gtest-static ctemplate-static) - -install(TARGETS master_gtest DESTINATION ${CMAKE_INSTALL_PREFIX}/ COMPONENT EXECUTABLE) - - diff --git a/test/bin/conflist.inf b/test/bin/conflist.inf deleted file mode 100644 index a776f9f..0000000 --- a/test/bin/conflist.inf +++ /dev/null @@ -1,4 +0,0 @@ -[platform] -./plug/platform/tsg_master/tsg_master.inf -[protocol] -[business] diff --git a/test/bin/etc/asymmetric_addr_layer.conf b/test/bin/etc/asymmetric_addr_layer.conf deleted file mode 100644 index 1799588..0000000 --- a/test/bin/etc/asymmetric_addr_layer.conf +++ /dev/null @@ -1,6 +0,0 @@ -vlan[*] -mpls[*] -gre[*] -gtp[*] - - diff --git a/test/bin/etc/asymmetric_presence_layer.conf b/test/bin/etc/asymmetric_presence_layer.conf deleted file mode 100644 index 8fa2136..0000000 --- a/test/bin/etc/asymmetric_presence_layer.conf +++ /dev/null @@ -1,2 +0,0 @@ -# - diff --git a/test/bin/etc/entrylist.conf b/test/bin/etc/entrylist.conf deleted file mode 100644 index 6ec4088..0000000 --- a/test/bin/etc/entrylist.conf +++ /dev/null @@ -1,27 +0,0 @@ -IP -IPV6 -IPV6_RAW -TCP_ALL -TCP -UDP -HTTP -SSL -MAIL -FTP -PHONY -POLLING -IPSEC -L2TP -PPTP -RTP -DNS -GTP -STRATUM -RADIUS -QUIC -RDP -SSH -SOCKS -BGP -DTLS -SIP diff --git a/test/bin/etc/gdev.conf b/test/bin/etc/gdev.conf deleted file mode 100644 index 2441e11..0000000 --- a/test/bin/etc/gdev.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Module] -pcapdevice=ens1f0 -sendto_gdev_card=ens1f0 -sendto_gdev_ip=10.252.20.1 -gdev_status_switch=1 diff --git a/test/bin/etc/gdev_block.conf b/test/bin/etc/gdev_block.conf deleted file mode 100644 index dc5c9e2..0000000 --- a/test/bin/etc/gdev_block.conf +++ /dev/null @@ -1,14 +0,0 @@ -[main] -nfs_proto_stat_path=./log -nfs_ddos_flow_detail_path=./log - -[gdev] -service_type=1 -rule_scope=1 -durable=0 -auth_data=B9840E2442951834 -#phony server -c3_list=10.0.6.201:22; - -c3_server_ip=10.0.6.201 -c3_server_port=22 diff --git a/test/bin/etc/necessary_plug_list.conf b/test/bin/etc/necessary_plug_list.conf deleted file mode 100644 index 5546eee..0000000 --- a/test/bin/etc/necessary_plug_list.conf +++ /dev/null @@ -1,4 +0,0 @@ -#以下插件如果加载,初始化失败, sapp平台会退出; -#插件的路径来自配置文件 ./plug/conflist.inf, 不需要加段落标识[platform],[protocol],[business]等. -#If the following plugins fail to initialize, the sapp platform will exit. -#The name of the plugin comes from the configuration ./plug/conflist.inf, section identification is not required.
\ No newline at end of file diff --git a/test/bin/etc/plugin.conf b/test/bin/etc/plugin.conf deleted file mode 100644 index 10ae034..0000000 --- a/test/bin/etc/plugin.conf +++ /dev/null @@ -1,5 +0,0 @@ -[PLUGIN] -platform_config = ./plug/platform/conflist_platform.inf -protocol_config = ./plug/protocol/conflist_protocol.inf -business_config = ./plug/business/conflist_business.inf -entrylist_config = ./etc/entrylist.conf diff --git a/test/bin/etc/project_list.conf b/test/bin/etc/project_list.conf deleted file mode 100644 index 22bfafb..0000000 --- a/test/bin/etc/project_list.conf +++ /dev/null @@ -1,18 +0,0 @@ -tcp_flow_stat struct -udp_flow_stat struct -tcp_deduce_flow_stat struct -POLICY_PRIORITY struct -ESTABLISH_LATENCY long -MAIL_IDENTIFY int -TSG_MASTER_INTERNAL_LABEL struct -BASIC_PROTO_LABEL struct -SKETCH_TRANS_LAYER_CTX_LABEL struct -SKETCH_PROTO_CTX_LABEL struct -common_link_info_c2s struct -common_link_info_s2c struct -common_link_info struct -JA3_FINGERPRINT_LABEL struct -DKPT_PRO_V2 struct -DPKT_PROJECT_V2 struct -PPROJECT_PRO_V2 struct -DPKT_BHSTAT_PROJECT struct diff --git a/test/bin/etc/sapp.toml b/test/bin/etc/sapp.toml deleted file mode 100644 index 0dafbf6..0000000 --- a/test/bin/etc/sapp.toml +++ /dev/null @@ -1,266 +0,0 @@ -################################################################################################### -# NOTE: # -# The format of this file is toml (https://github.com/cktan/tomlc99) # -# to make vim editor display colorful and human readable, # -# you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini # -################################################################################################### - -[SYSTEM] - instance_name = "sapp_v4.2" - -[CPU] -worker_threads=1 - send_only_threads_max=0 -### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] -### there are two different grammars: -### toml array format: bind_mask=[1,2,3,4,5,11,12,13,14,15] -### MESA_load_profile range format: bind_mask="1-5,11-15" - bind_mask=[] - -[MEM] - dictator_enable=1 - -[PACKET_IO] - [overlay_tunnel_definition] -### note, since 2020-10-01, L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) is process and offload by mrtunnat, -### after 2020-10-01, sapp support L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) without mrtunnat. -l2_l3_tunnel_support=0 - -### note, optional value is [none, vxlan] -overlay_mode=none - - [packet_io.feature] - destroy_all_plug_enabled=0 -### note, used to represent inbound or outbound direction value, -### because it comes from Third party device, so it needs to be specified manually, -### if inbound_route_dir=1, then outbound_route_dir=0, vice versa, -### in other words, outbound_route_dir = 1 ^ inbound_route_dir; - inbound_route_dir=1 - -### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as "" - BSD_packet_filter="" - -### note, same as tcpdump -Q/-P arg, possible values are `in', `out' and `inout', default is "in" - pcap_capture_direction="in" - -### note, support two mode: "inner_tuple2", "outer_tuple2" - pcap_distmode="inner_tuple2" - -### note, depolyment.mode options: [sys_route, vxlan_by_inline_device, raw_ethernet_single_gateway, raw_ethernet_multi_gateway] -### sys_route: send ip(ipv6) packet by system route table, this is default mode in mirror mode; -### vxlan_by_inline_device: encapsulation inject packet with vxlan, and then send to inline device by udp socket. -### raw_ethernet_single_gateway: send layer2 ethernet packet to specific gateway in same broadcast domain. -### raw_ethernet_multi_gateway: send layer2 ethernet packet to multiple gateway in same broadcast domain. - inject_pkt_mode=sys_route - -### note, this config is valid if inject_pkt_mode==vxlan_by_inline_device, means udp socket src port. - inject_mode_inline_device_sport=54789 - -### note, this config is valid if inject_pkt_mode==raw_ethernet_single_gateway. - inject_mode_single_gateway_device="eth1" -### inject_mode_single_gateway_src_mac has lower priority than get smac from inject_mode_single_gateway_device - inject_mode_single_gateway_src_mac="00:11:22:77:88:99" - inject_mode_single_gateway_dst_mac="00:11:22:33:44:55" - -dumpfile_sleep_time_before_exit=0 - -### note, for example, dst mac is 01:12:34:56:78:90, src src is 02:AA:BB:CC:DD:EE:FF, -### ether[0] is 0x01, dst mac first octet, ether[1] is 0x12, dst mac second octet, -### ether[6] is 0x02, src mac first octet, ether[11] is 0xFF, src mac sixth octet. -### the bit field is from 0 to 7, the 0 is least significant bit, the 7 is most significant bit. - ##extract_linkdir_from_mac_in_mirror_mode="ether[4]:0" ## for Xj example - extract_linkdir_from_mac_in_mirror_mode="" - -### note, depolyment.mode options: [mirror, inline, transparent] - [packet_io.depolyment] - mode=mirror - -### note, interface.type options: [pag, pcap, marsio, tun] -### receive from internal interface, route dir is 0, -### receive from external interface, route dir is 1. - [packet_io.internal.interface] - type=pcap - name="lo" - - [packet_io.external.interface] - type=pcap - name=lo - - [packet_io.polling] - enabled=1 -### note, polling_priority = call sapp_recv_pkt every call polling_entry times, - polling_priority=1 - - [packet_io.under_ddos] -### note, to reduce impact of ddos attack,set some stream bypass, all plugins will not process these streams - stream_bypass_enabled=0 -### note, cpu usage value is percent, for example, config value is 85, means 85%, valid range: [1,100] -### sapp change to bypass state immediately when realtime cpu usage > bypass_trigger_cpu_usage - bypass_trigger_cpu_usage=85 -### note, unit of get_cpu_usage_interval is milliseconds(ms) - get_cpu_usage_interval=500 -### note, use the average of the last $smooth_avg_window times as current realtime value - smooth_avg_window=2 - - decrease_ratio="0.95" - increase_ratio="1.005" -### note, unit of bypass_observe_time is second(s) - recovery_observe_time=30 - - -[PROTOCOL_FEATURE] - ipv6_decapsulation_enabled=1 - ipv6_send_packet_enabled=1 - tcp_drop_pure_ack_pkt=0 - tcp_syn_option_parse_enabled=1 -skip_not_ip_layer_over_eth=0 - skip_gtp_S_PN_E_field_for_inject=0 - -[DUPLICATE_PKT] -[dup_pkt.traffic.original] - original_ipv4_tcp_enabled=1 - original_ipv4_udp_enabled=0 -### note, can't distinguish between duplicate traffic and application retransmit traffic for IPv6 packets, -### so not support IPv6 original duplicate traffic check. - -[dup_pkt.traffic.inject] - inject_all_enabled=1 - -[dup_pkt.parameters] - bloom_capacity=1000000 - bloom_error_rate=0.00001 - bloom_timeout=10 - - -[STREAM] -### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S" - stream_id_base_time="2021-01-01 00:00:00" - [stream.tcp] -max=1000 -timeout=0 - syn_mandatory=1 -reorder_pkt_max=5 - analyse_option_enabled=1 - tuple4_reuse_time_interval=30 - - meaningful_statistics_minimum_pkt=3 - meaningful_statistics_minimum_byte=5 - special_timeout_ratio=10 - - [stream.tcp.inject] - link_mss=1460 - - [stream.tcp.inject.rst] - auto_remedy=1 - number=1 - signature_enabled=1 - signature_seed1=65535 - signature_seed2=13 - remedy_kill_tcp_by_inline_device=0 - - [stream.udp] -max=1000 -timeout=0 - meaningful_statistics_minimum_pkt=3 - meaningful_statistics_minimum_byte=5 - special_timeout_ratio=20 - -[PROFILING] -[profiling.pkt_latency] - enabled=0 - accurate_enable=0 -### note, threshold unit is microseconds (us) - threshold=100000 - - [profiling.sanity_check] - raw_pkt_broken_enabled=0 - symbol_conflict_enabled=0 - - [profiling.log] - level=20 - interval=1 - - [profiling.log.local] - enabled=1 -### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending. - file_truncate_enabled = 1 - - [profiling.log.remote] - enabled=0 - server_ip="127.0.0.1" - server_port=8126 - - [profiling.log.remote.field_stat2] -### note, is valid when "remote_send_out_type=field_stat2" -### note, metric_type option value: [default, json] - metric_type = default - app_name=sapp - - [profiling.log.prometheus] - prometheus_enabled=0 - prometheus_port=9273 - prometheus_url_path="/metrics" - -[TOOLS] - [tools.pkt_dump] - enabled=0 -### note, mode options value:[storage, udp_socket] - mode=udp_socket - BSD_packet_filter="" - - [tools.pkt_dump.threads] -### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=0 -### if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index. - all_threads_enabled=1 - -### note, dump_thread_id start from 0, max is CPU.worker_threads-1 - dump_thread_id=[0,1,2,3,4] - - [tools.pkt_dump.udp] - command_port=12345 - pkt_dump_ratio=30 - - [tools.pkt_dump.storage] -### note, file path must be double quotation mark extension, for example, path="/dev/shm/pkt_dump" - path="/dev/shm/pkt_dump" -### note, file size unit: MB - file_size_max_per_thread=10000 - -[breakpad] - disable_coredump=0 - enable_breakpad=0 - breakpad_minidump_dir="/tmp/crashreport" - enable_breakpad_upload=0 - breakpad_upload_url="http://127.0.0.1/" - breakpad_upload_tools="/opt/MESA/bin/minidump_upload" - - -### note: -### These configurations format is complex and difficult to describe with toml grammar, -### so, create a independent secondary config file to description specific information. - -[SECONDARY_CONFIG_LINK] -cfg_file_sapp_log="etc/sapp_log.conf" -cfg_file_plug_list="plug/conflist.inf" - cfg_file_project_list="etc/project_list.conf" - cfg_file_entrylist="etc/entrylist.conf" - cfg_file_send_raw_pkt="etc/send_raw_pkt.conf" - cfg_file_vxlan_sport_map="etc/vxlan_sport_service_map.conf" - cfg_file_inline_device="etc/gdev.conf" - cfg_file_necessary_plug_list="etc/necessary_plug_list.conf" - cfg_file_stream_compare_layer="etc/stream_compare_layer.conf" - cfg_file_vlan_flipping="etc/vlan_flipping_map.conf" - cfg_file_asymmetric_addr_layer="etc/asymmetric_addr_layer.conf" - cfg_file_well_known_port="etc/well_known_port.conf" - -[SECONDARY_DATA_LINK] -data_file_sysinfo_log="sysinfo.log" - data_file_field_stat_log="fs2_sysinfo.log" - data_file_inline_keepalive_log="gdev_keeplive_status.log" - data_file_load_plugin_stat_log="load_plugin_stat.log" - data_file_under_ddos_stat_log="under_ddos_stat.log" - data_file_memory_stat_log="memory_used_stat.log" - -[LIBRARY_LINK] - marsio_library_path="/opt/mrzcpd/lib/libmarsio.so" - diff --git a/test/bin/etc/sapp_log.conf b/test/bin/etc/sapp_log.conf deleted file mode 100644 index a0be07f..0000000 --- a/test/bin/etc/sapp_log.conf +++ /dev/null @@ -1,16 +0,0 @@ -[global] -default format = "%d(%c), %V, %U, %m%n" -[levels] -DEBUG=10 -INFO=20 -FATAL=30 -STOP=40 -[formats] -other = "%d(%c), %V, %F, %U, %m%n" -plugin = "%d(%c), %m%n" -[rules] -__log_runtimelog.info "./log/runtimelog.%d(%F)" -__log_runtimelog_plugin.fatal >stdout; plugin -__log_runtimelog_plugin.fatal "./log/plugin.log"; plugin -__log_http_runtime.stop "./log/%c.%d(%F)"; other -!.* "./log/%c.%d(%F)"; other diff --git a/test/bin/etc/send_gdev.conf b/test/bin/etc/send_gdev.conf deleted file mode 100644 index 54b7a0f..0000000 --- a/test/bin/etc/send_gdev.conf +++ /dev/null @@ -1,2 +0,0 @@ -3 10.3.127.1 - diff --git a/test/bin/etc/send_raw_pkt.conf b/test/bin/etc/send_raw_pkt.conf deleted file mode 100644 index a2845b2..0000000 --- a/test/bin/etc/send_raw_pkt.conf +++ /dev/null @@ -1,16 +0,0 @@ -#����ԭʼ��������, -#��ƽ̨���������ڲ�ͬ������, �ײ��������Ҳ��ͬ, -#����ͨģʽ��ʹ����������, DPDKģʽ��ʹ�ö˿ں�, PFRINGģʽ��ʹ��index��, ��������������ģʽ. -#target_id���ڱ�ʾ���ĸ����ն˷���, -#���ڷ��͵����ݰ��ײ�MAC��Ŀ��IP��, ���ϲ����������, ƽֻ̨����������ԭʼ��. -#target_id�൱�����ݿ������� - -#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec, -##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio - -#target_id -#0 pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 vxlan_user smith dpdk dpdk pag -#1 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag -#2 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag -#3 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag -#4 pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag diff --git a/test/bin/etc/send_route.conf b/test/bin/etc/send_route.conf deleted file mode 100644 index f1186c7..0000000 --- a/test/bin/etc/send_route.conf +++ /dev/null @@ -1,3 +0,0 @@ -#dev_id link_id mac_addr -3 2 00:50:56:f3:59:5c - diff --git a/test/bin/etc/stream_compare_layer.conf b/test/bin/etc/stream_compare_layer.conf deleted file mode 100644 index 8fa2136..0000000 --- a/test/bin/etc/stream_compare_layer.conf +++ /dev/null @@ -1,2 +0,0 @@ -# - diff --git a/test/bin/etc/vlan_flipping_map.conf b/test/bin/etc/vlan_flipping_map.conf deleted file mode 100644 index dc637a3..0000000 --- a/test/bin/etc/vlan_flipping_map.conf +++ /dev/null @@ -1,12 +0,0 @@ -#for inline a device vlan flipping -#数据包来自C路由器端, 即C2I(I2E)方向, -#数据包来自I路由器端, 即I2C(E2I)方向, -#平台会根据vlan_id,设置当前包route_dir的值, 以便上层业务插件做两个方向的流量统计, -#如果一对vlan_id写反了, 网络是通的, 但是I2E,E2I的流量统计就颠倒了. -#配置文件格式, pattern: -#来自C路由器vlan_id 来自I路由器vlan_id 是否开启mac地址翻转 -#C_router_vlan_id I_router_vlan_id mac_flipping_enable - -#1001 1002 1 -#1003 1004 1 -#4000 4001 0 diff --git a/test/bin/etc/vxlan_sport_service_map.conf b/test/bin/etc/vxlan_sport_service_map.conf deleted file mode 100644 index 8a48052..0000000 --- a/test/bin/etc/vxlan_sport_service_map.conf +++ /dev/null @@ -1,86 +0,0 @@ -#service-id vpn-id sport-dport -1 101 50000-50016 -2 102 50064-50080 -3 103 50128-50144 -4 104 50192-50208 -5 105 50256-50272 -6 106 50320-50336 -7 107 50384-50384 -8 108 50448-50464 -9 109 50512-50512 -10 110 50576-50592 -11 111 50640-50656 -12 112 50704-50720 -13 113 50768-50784 -14 114 50832-50848 -15 115 50896-50912 -16 116 50960-50960 -17 117 51024-51024 -18 118 51088-51088 -19 119 51152-51168 -20 120 51216-51232 -21 121 51280-51296 -22 122 51344-51360 -23 123 51408-51408 -24 124 51472-51472 -25 125 51536-51536 -26 126 51600-51600 -27 127 51664-51664 -28 128 51728-51728 -29 129 51792-51792 -30 130 51856-51856 -31 131 51920-51920 -32 132 51984-51984 -33 133 52048-52064 -34 134 52112-52128 -35 135 52176-52192 -36 136 52240-52256 -37 137 52304-52320 -38 138 52368-52384 -39 139 52432-52448 -40 140 52496-52512 -41 141 52560-52576 -42 142 52624-52640 -43 143 52688-52704 -44 144 52752-52768 -45 145 52816-52832 -46 146 52880-52896 -47 147 52944-52960 -48 148 53008-53024 -49 149 53072-53088 -50 150 53136-53152 -51 151 53200-53216 -52 152 53264-53280 -53 153 53328-53344 -54 154 53392-53408 -55 155 53456-53472 -56 156 53520-53536 -57 157 53584-53600 -58 158 53648-53664 -59 159 53712-53712 -60 160 53776-53776 -61 161 53840-53840 -62 162 53904-53904 -63 163 53968-53968 -64 164 54032-54032 -65 165 54096-54096 -66 166 54160-54176 -67 167 54224-54240 -68 168 54288-54304 -69 169 54352-54368 -70 170 54416-54432 -71 171 54480-54496 -72 172 54544-54560 -73 173 54608-54624 -74 174 54672-54688 -75 175 54736-54736 -76 176 54800-54800 -77 177 54864-54864 -78 178 54928-54928 -79 179 54992-54992 -80 180 55056-55056 -81 181 55120-55120 -82 182 55184-55184 -83 183 55248-55248 -84 184 55312-55312 -85 185 55376-55376 diff --git a/test/bin/etc/well_known_port.conf b/test/bin/etc/well_known_port.conf deleted file mode 100644 index 5021aef..0000000 --- a/test/bin/etc/well_known_port.conf +++ /dev/null @@ -1,2 +0,0 @@ -[TCP] -[UDP] diff --git a/test/bin/tsg_master_gtest.inf b/test/bin/tsg_master_gtest.inf deleted file mode 100644 index 4337ca6..0000000 --- a/test/bin/tsg_master_gtest.inf +++ /dev/null @@ -1,9 +0,0 @@ -[PLUGINFO] -PLUGNAME=GTEST_MASTER -SO_PATH=./plug/platform/tsg_master_gtest/tsg_master_gtest.so -INIT_FUNC=GTEST_INIT -DESTROY_FUNC=GTEST_UNLOAD - -[TCP_ALL] -FUNC_FLAG=ALL -FUNC_NAME=GTEST_APP_FULL_PATH_1_ENTRY diff --git a/test/src/CMakeLists.txt b/test/src/CMakeLists.txt index 40e398d..b7cba97 100644 --- a/test/src/CMakeLists.txt +++ b/test/src/CMakeLists.txt @@ -9,7 +9,7 @@ include_directories(${PROJECT_SOURCE_DIR}/src/) add_definitions(-std=c++11) LINK_DIRECTORIES(/opt/MESA/lib) -add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp gtest_common.cpp gtest_rule.cpp) +add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp gtest_common.cpp gtest_rule.cpp) target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe) set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp @@ -24,7 +24,8 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp ${PROJECT_SOURCE_DIR}/src/tsg_dns.cpp ${PROJECT_SOURCE_DIR}/src/tsg_icmp.cpp ${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp + ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ) -add_executable(gtest_master ${TSG_MASTER_SRC} gtest_common.cpp gtest_master.cpp) -target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe rdkafka MESA_htable) +add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp) +target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe MESA_htable) diff --git a/test/src/gtest_kafka.cpp b/test/src/gtest_kafka.cpp new file mode 100644 index 0000000..641e2b3 --- /dev/null +++ b/test/src/gtest_kafka.cpp @@ -0,0 +1,76 @@ +#include <string.h> +#include <librdkafka/rdkafka.h> + +#ifndef MIN +#define MIN(a,b) ((a)>(b) ? (b) : (a)) +#endif + +int g_kafka_sendlog_cnt=0; +char g_kafka_sendlog[16][1024]={0,0}; + +rd_kafka_conf_t *rd_kafka_conf_new(void) +{ + return (rd_kafka_conf_t *)0x1; +} + +rd_kafka_conf_res_t rd_kafka_conf_set(rd_kafka_conf_t *conf, const char *name, const char *value, char *errstr, size_t errstr_size) +{ + return (rd_kafka_conf_res_t)0x1; +} + +rd_kafka_t *rd_kafka_new(rd_kafka_type_t type, rd_kafka_conf_t *conf, char *errstr, size_t errstr_size) +{ + return (rd_kafka_t *)0x2; +} + +rd_kafka_topic_conf_t* rd_kafka_topic_conf_new(void) +{ + return (rd_kafka_topic_conf_t*)0x3; +} + +rd_kafka_topic_t* rd_kafka_topic_new(rd_kafka_t *rk, const char *topic, rd_kafka_topic_conf_t * conf) +{ + return (rd_kafka_topic_t*)0x4; +} + +void rd_kafka_topic_destroy (rd_kafka_topic_t *rkt) +{ +} + +void rd_kafka_destroy (rd_kafka_t *rk) +{ +} + +rd_kafka_resp_err_t rd_kafka_last_error(void) +{ + return (rd_kafka_resp_err_t)0x5; +} +const char *rd_kafka_err2name(rd_kafka_resp_err_t err) +{ + return "err2name"; +} +const char *rd_kafka_err2str(rd_kafka_resp_err_t err) +{ + return "err2str"; +} + +int rd_kafka_produce(rd_kafka_topic_t *rkt, int32_t partitition, int msgflags, void *payload, size_t len, const void *key, size_t keylen, void *msg_opaque) +{ + int length=MIN(len, sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt])); + memcpy((void *)(g_kafka_sendlog[g_kafka_sendlog_cnt++]), payload, length); + return 0; +} + +int rd_kafka_get_sendlog_cnt(void) +{ + return g_kafka_sendlog_cnt; +} + +const char *rd_kafka_get_sendlog_payload(int idx) +{ + if(idx>g_kafka_sendlog_cnt || idx <0) + { + return NULL; + } + return (const char *)g_kafka_sendlog[idx]; +} diff --git a/test/src/gtest_kafka.h b/test/src/gtest_kafka.h new file mode 100644 index 0000000..45dcbb0 --- /dev/null +++ b/test/src/gtest_kafka.h @@ -0,0 +1,3 @@ +#pragma once + + diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp index b281b0c..af24f7b 100644 --- a/test/src/gtest_master.cpp +++ b/test/src/gtest_master.cpp @@ -7,6 +7,9 @@ #include "tsg_entry.h" #include <gtest/gtest.h> +extern int rd_kafka_get_sendlog_cnt(void); +extern const char *rd_kafka_get_sendlog_payload(int idx); + TEST(TSGMaster, SetAPPIDHttp) { struct streaminfo a_stream={0}; @@ -16,8 +19,8 @@ TEST(TSGMaster, SetAPPIDHttp) gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL; gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67; //HTTP - project_req_add_struct(&a_stream, g_tsg_para.gather_app_project_id, (const void *)gather_result); - struct gather_app_result *get_result=(struct gather_app_result *)project_req_get_struct(&a_stream, g_tsg_para.gather_app_project_id); + tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result); + struct gather_app_result *get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); EXPECT_NE(nullptr, get_result); EXPECT_EQ(1, get_result[ORIGIN_BASIC_PROTOCOL].app_num); EXPECT_EQ(67, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id); @@ -32,8 +35,8 @@ TEST(TSGMaster, SetAPPIDHttp) EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\"}", app_ids); - project_req_add_struct(&a_stream, g_tsg_para.gather_app_project_id, NULL); - get_result=(struct gather_app_result *)project_req_get_struct(&a_stream, g_tsg_para.gather_app_project_id); + tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, NULL); + get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id); EXPECT_EQ(nullptr, get_result); } @@ -68,7 +71,7 @@ TEST(TSGMaster, ShapingSetRuleIds) TLD_convert_json(handle, shaping_rule_ids, sizeof(shaping_rule_ids)); EXPECT_STREQ("{\"common_shaping_rule_ids\":\"32,33,34,35,36,37,38,39\"}", shaping_rule_ids); - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); EXPECT_NE(nullptr, shaping_label); EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num); for(int i=0; i<shaping_label->shaping_result_num; i++) @@ -77,9 +80,9 @@ TEST(TSGMaster, ShapingSetRuleIds) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); + free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); } int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data) @@ -107,7 +110,7 @@ TEST(TSGMaster, ShapingPolicyNotify) shaping_result[i].config_id=TSG_ACTION_SHAPING+i; } - stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_policy_notify_cb); + stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_cb); tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0); int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM); @@ -118,7 +121,7 @@ TEST(TSGMaster, ShapingPolicyNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); } - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); EXPECT_NE(nullptr, shaping_label); EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num); for(int i=0; i<shaping_label->shaping_result_num; i++) @@ -127,9 +130,9 @@ TEST(TSGMaster, ShapingPolicyNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); + free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); } int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id, void *data) @@ -143,10 +146,10 @@ TEST(TSGMaster, ShapingPolicyNotifyNULL) const struct streaminfo a_stream={0}; struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0}; - stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_policy_notify_null_cb); + stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_null_cb); tsg_notify_hited_shaping_result(&a_stream, shaping_result, 0, 0); - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); EXPECT_EQ(nullptr, shaping_label); } @@ -175,7 +178,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyNotify) shaping_result[i].config_id=TSG_ACTION_SHAPING+(i%4); } - stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_duplicate_policy_notify_cb); + stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_duplicate_policy_notify_cb); tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0); int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM); @@ -186,7 +189,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); } - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); EXPECT_NE(nullptr, shaping_label); EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); for(int i=0; i<shaping_label->shaping_result_num; i++) @@ -195,9 +198,9 @@ TEST(TSGMaster, ShapingDuplicatePolicyNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); + free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); } TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) @@ -211,7 +214,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) shaping_result[i].config_id=TSG_ACTION_SHAPING+i; } - stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_duplicate_policy_notify_cb); + stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_duplicate_policy_notify_cb); // First notify tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0); @@ -223,7 +226,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); } - struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); EXPECT_NE(nullptr, shaping_label); EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); for(int i=0; i<shaping_label->shaping_result_num; i++) @@ -242,7 +245,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id); } - shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]); + shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id); EXPECT_NE(nullptr, shaping_label); EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num); for(int i=0; i<shaping_label->shaping_result_num; i++) @@ -251,9 +254,94 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify) EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id); } - free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label); - stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL); - EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT])); + free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id)); +} + +TEST(TSGMaster, SecurityPolicySendlog) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; + + for(int i=0; i<MAX_RESULT_NUM; i++) + { + security_result[i].do_log=1; + security_result[i].action=TSG_ACTION_MONITOR; + security_result[i].config_id=TSG_ACTION_MONITOR+i; + } + + // First notify + tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM, 0); + + struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + EXPECT_NE(nullptr, priority_label); + EXPECT_EQ(MAX_RESULT_NUM, priority_label->security_result_num); + for(int i=0; i<priority_label->security_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action); + EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id); + } + + struct TLD_handle_t * handle=TLD_create(0); + struct Maat_rule_t session_record={0, 2, 1, 0, 0, 0, 0, {0}}; + tsg_log_t log_msg={1, &session_record, (struct streaminfo*)&a_stream}; + tsg_send_log(g_tsg_log_instance, handle, &log_msg, 0); + + int sendlog_cnt=rd_kafka_get_sendlog_cnt(); + EXPECT_EQ(9, sendlog_cnt); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(0)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(1)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(2)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(3)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(4)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(5)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(6)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(7)); + //EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(8)); + + priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + EXPECT_EQ(nullptr, priority_label); +} + +TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify) +{ + const struct streaminfo a_stream={0}; + struct Maat_rule_t security_result[MAX_RESULT_NUM]={0}; + + for(int i=0; i<MAX_RESULT_NUM/2; i++) + { + security_result[i].action=TSG_ACTION_MONITOR; + security_result[i].config_id=TSG_ACTION_MONITOR+i; + } + + // First notify + tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0); + + struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + EXPECT_NE(nullptr, priority_label); + EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num); + for(int i=0; i<priority_label->security_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action); + EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id); + } + + // Second notify + tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0); + + priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id); + EXPECT_NE(nullptr, priority_label); + EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num); + for(int i=0; i<priority_label->security_result_num; i++) + { + EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action); + EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id); + } + + free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label); + stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL); + EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id)); } int main(int argc, char *argv[]) diff --git a/test/src/gtest_rule.cpp b/test/src/gtest_rule.cpp index 9b346ab..3394a62 100644 --- a/test/src/gtest_rule.cpp +++ b/test/src/gtest_rule.cpp @@ -8,7 +8,7 @@ #include <gtest/gtest.h> g_tsg_para_t g_tsg_para; -id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, +struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, {PROTO_IPv4, 0, "IPV4"}, {PROTO_IPv6, 0, "IPV6"}, {PROTO_TCP, 0, "TCP"}, @@ -35,13 +35,19 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, {PROTO_DTLS, 0, "DTLS"} }; -unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) +int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { return 0; } -void free_policy_label(int thread_seq, void *project_req_value) +int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { + return 0; +} + +unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) +{ + return 0; } void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq) |