diff options
| author | liuxueli <[email protected]> | 2021-08-07 17:27:55 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2021-08-07 17:27:55 +0800 |
| commit | 4904515a11de64b42ea2aabeed8f83dfc7df1917 (patch) | |
| tree | 87254f6080f1dab1ebe278c9f8915b4dfa3f8999 | |
| parent | 34aee7ab311cb23707b20d1deed35356be571ba5 (diff) | |
DNS的DENY动作由总控统一处理v5.2.0
TSG-7250: tsg_master统一设置RST包特征
TSG-7051: 功能端支持按连接执行ratelimit动作
| -rw-r--r-- | bin/main.conf | 10 | ||||
| -rw-r--r-- | bin/tsg_log_field.conf | 4 | ||||
| -rw-r--r-- | inc/tsg_label.h | 60 | ||||
| -rw-r--r-- | inc/tsg_rule.h | 70 | ||||
| -rw-r--r-- | inc/tsg_send_log.h | 4 | ||||
| -rw-r--r-- | src/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/tsg_action.cpp | 134 | ||||
| -rw-r--r-- | src/tsg_dns.cpp | 273 | ||||
| -rw-r--r-- | src/tsg_entry.cpp | 103 | ||||
| -rw-r--r-- | src/tsg_entry.h | 66 | ||||
| -rw-r--r-- | src/tsg_protocol_common.h | 114 | ||||
| -rw-r--r-- | src/tsg_rule.cpp | 1098 | ||||
| -rw-r--r-- | src/tsg_send_log.cpp | 134 | ||||
| -rw-r--r-- | src/tsg_send_log_internal.h | 4 |
14 files changed, 1495 insertions, 581 deletions
diff --git a/bin/main.conf b/bin/main.conf index 1c4a557..a904352 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -43,4 +43,12 @@ DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'" TRAFFIC_MIRROR_ENABLE=1 NIC_NAME="eth_vf_mirr" APP_NAME="TSG_MIRROR" -DEFAULT_VLAN_ID=1023
\ No newline at end of file +DEFAULT_VLAN_ID=1023 + +[RESET] +NUM=1 +SEED1=65535 +SEED2=13 +FLAGS=20 +DIR=3 +REMEDY=0
\ No newline at end of file diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index ac55efe..fbde0f4 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -90,3 +90,7 @@ STRING common_imsi 76 STRING common_imei 77 STRING common_phone_number 78 STRING common_userdefine_app_name 79 +LONG common_mirrored_pkts 80 +LONG common_mirrored_bytes 81 +STRING common_subscriber_id 82 +LONG http_action_file_size 83
\ No newline at end of file diff --git a/inc/tsg_label.h b/inc/tsg_label.h index de84e0f..969dcfe 100644 --- a/inc/tsg_label.h +++ b/inc/tsg_label.h @@ -5,7 +5,7 @@ #define MAX_STR_FIELD_LEN 64 #define MAX_RESULT_NUM 8 -#define MAX_DOAMIN_LEN 2048 +#define MAX_DOMAIN_LEN 2048 typedef enum _tsg_protocol { @@ -33,44 +33,25 @@ typedef enum _tsg_protocol }tsg_protocol_t; -struct _asn_info_t +struct asn_info { int ref_cnt; - int addr_type; - int table_id; - char start_ip[MAX_STR_FIELD_LEN]; - char end_ip[MAX_STR_FIELD_LEN]; - char asn[MAX_STR_FIELD_LEN]; - char organization[MAX_STR_FIELD_LEN*4]; + char *asn_id; + char *organization; }; -struct _location_info_t +struct location_info { - int geoname_id; - int table_id; int ref_cnt; - int addr_type; - double latitude; - double longitude; - double coords; - char start_ip[MAX_STR_FIELD_LEN]; - char end_ip[MAX_STR_FIELD_LEN]; - char language[MAX_STR_FIELD_LEN]; - char continent_abbr[MAX_STR_FIELD_LEN*4]; - char continent_full[MAX_STR_FIELD_LEN*4]; - char country_abbr[MAX_STR_FIELD_LEN*4]; - char country_full[MAX_STR_FIELD_LEN*4]; - char province_abbr[MAX_STR_FIELD_LEN*4]; - char province_full[MAX_STR_FIELD_LEN*4]; - char city_full[MAX_STR_FIELD_LEN*4]; - char time_zone[MAX_STR_FIELD_LEN*4]; + char *country_full; + char *province_full; + char *city_full; }; -struct _subscribe_id_info_t +struct subscribe_id_info { int ref_cnt; - int table_id; - char subscribe_id[MAX_STR_FIELD_LEN*4]; + char *subscribe_id; }; struct umts_user_info @@ -81,30 +62,31 @@ struct umts_user_info char *msisdn; //MSISDN: phone number }; -struct _session_attribute_label_t +struct session_attribute_label { + int http_action_file_size; int fqdn_category_id_num; tsg_protocol_t proto; long establish_latency_ms; - struct _asn_info_t *client_asn; - struct _asn_info_t *server_asn; - struct _location_info_t *client_location; - struct _location_info_t *server_location; - struct _subscribe_id_info_t *client_subscribe_id; - struct _subscribe_id_info_t *server_subscribe_id; + struct asn_info *client_asn; + struct asn_info *server_asn; + struct location_info *client_location; + struct location_info *server_location; + struct subscribe_id_info *client_subscribe_id; + struct subscribe_id_info *server_subscribe_id; char *ja3_fingerprint; unsigned int fqdn_category_id[MAX_CATEGORY_ID_NUM]; struct umts_user_info *user_info; }; -typedef struct _policy_priority_label +struct policy_priority_label { tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) int domain_len; int result_type; //enum _PULL_RESULT_TYPE (tsg_rule.h) int result_num; - char domain[MAX_DOAMIN_LEN]; + char domain[MAX_DOMAIN_LEN]; Maat_rule_t result[MAX_RESULT_NUM]; -}policy_priority_label_t; +}; #endif diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 21b1b6a..60b24ad 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -29,51 +29,11 @@ enum TSG_METHOD_TYPE TSG_METHOD_TYPE_MAX }; -enum TSG_DENY_TYPE -{ - TSG_DENY_TYPE_MESSAGE=0, - TSG_DENY_TYPE_PROFILE, - TSG_DENY_TYPE_REDIRECT_TO, - TSG_DENY_TYPE_MAX -}; struct identify_info { tsg_protocol_t proto; //enum _tsg_protocol (tsg_types.h) int domain_len; - char domain[MAX_DOAMIN_LEN]; -}; - -struct deny_user_region -{ - int code; - enum TSG_DENY_TYPE type; - union - { - char *message; - char *redirect_url_to; - int profile_id; - int bps; - void *para; - }; -}; - -struct monitor_user_region -{ - int enabled; - int vlan_id; -}; - -struct compile_user_region -{ - int ref_cnt; - enum TSG_METHOD_TYPE method_type; - union - { - struct deny_user_region *deny; - struct monitor_user_region *mirror; - struct Maat_rule_t *result; //XJ default policy - void *user_region_para; - }; + char domain[MAX_DOMAIN_LEN]; }; typedef enum _PULL_RESULT_TYPE @@ -83,7 +43,7 @@ typedef enum _PULL_RESULT_TYPE PULL_ALL_RESULT }PULL_RESULT_TYPE; -struct app_id_dict_table +struct app_id_dict { int ref_cnt; int app_id; @@ -94,16 +54,13 @@ struct app_id_dict_table int udp_timeout; int tcp_time_wait; int tcp_half_close; - int is_valid; - char risk[MAX_APP_ID_PROPERTY_LEN*4]; - char app_name[MAX_APP_ID_PROPERTY_LEN]; - char parent_app_name[MAX_APP_ID_PROPERTY_LEN]; - char category[MAX_APP_ID_PROPERTY_LEN*4]; - char subcategroy[MAX_APP_ID_PROPERTY_LEN*4]; - char technology[MAX_APP_ID_PROPERTY_LEN*4]; - char characteristics[MAX_APP_ID_PROPERTY_LEN*4]; - char depends_on_app_ids[MAX_APP_ID_PROPERTY_LEN]; - char implicitly_uses_app_ids[MAX_APP_ID_PROPERTY_LEN]; + char *risk; + char *app_name; + char *parent_app_name; + char *category; + char *subcategroy; + char *technology; + char *characteristics; }; extern Maat_feather_t g_tsg_maat_feather; @@ -121,13 +78,20 @@ enum ACTION_RETURN_TYPE ACTION_RETURN_TYPE_PROT=0, ACTION_RETURN_TYPE_APP }; -unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *a_packet); +unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data); int tsg_get_method_id(char *method); int tsg_free_compile_user_region(const struct Maat_rule_t *rule, struct compile_user_region *user_region); struct compile_user_region *tsg_get_compile_user_region(const Maat_feather_t maat_feather, struct Maat_rule_t *result); + +////return -1 if none exists otherwise return >=0 +int tsg_get_column_integer_value(const char* line, int column_seq); + +//return NULL if none exists, otherwise return value; +char *tsg_get_column_string_value(const char* line, int column_seq); + int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq); int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *name, unsigned int id, int thread_seq); int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq); diff --git a/inc/tsg_send_log.h b/inc/tsg_send_log.h index 50b2090..fad9b83 100644 --- a/inc/tsg_send_log.h +++ b/inc/tsg_send_log.h @@ -3,6 +3,10 @@ #include <MESA/Maat_rule.h> +#ifndef PRINTADDR +#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "") +#endif + typedef struct _tsg_log { diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 24bba12..4bc9a00 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8) add_definitions(-fPIC) -set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_traffic_mirror.cpp tsg_send_raw_packet.cpp tsg_action.cpp tsg_leaky_bucket.cpp) +set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_traffic_mirror.cpp tsg_send_raw_packet.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp) include_directories(${CMAKE_SOURCE_DIR}/inc) include_directories(/opt/MESA/include/MESA/) diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 9e58291..e2d95cc 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -21,6 +21,7 @@ #include "tsg_rule.h" #include "tsg_entry.h" #include "tsg_statistic.h" +#include "tsg_protocol_common.h" extern "C" int sendpacket_do_checksum(unsigned char *buf, int protocol, int len); @@ -301,17 +302,14 @@ static int copy_ip_tcp_header(const struct streaminfo *a_stream, const void *a_p return 0; } - -static unsigned char send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len) +int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir) { int ret=0; - unsigned char raw_route_dir=0; if(payload==NULL || payload_len<=0) { return -1; } - raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; ret=sapp_inject_pkt((struct streaminfo *)a_stream, sio, payload, payload_len, raw_route_dir); if(ret<=0) { @@ -324,11 +322,12 @@ static unsigned char send_inject_packet(const struct streaminfo *a_stream, enum return 0; } -static int send_reponse_packet(const struct streaminfo *a_stream, char *packet, int payload_len, int v4_or_v6, int ip_tcp_hdr_len, int http_hdr_len) +static int http_send_reponse_packet(const struct streaminfo *a_stream, char *packet, int payload_len, int v4_or_v6, int ip_tcp_hdr_len, int http_hdr_len) { struct iphdr *ipv4=NULL; struct ip6_hdr *ipv6=NULL; struct tcphdr *tcp=NULL; + unsigned char raw_route_dir=0; tcp=(struct tcphdr *)(packet+(ip_tcp_hdr_len-20)); // tcp header=20 bytes @@ -345,15 +344,16 @@ static int send_reponse_packet(const struct streaminfo *a_stream, char *packet, ipv6->ip6_ctlun.ip6_un1.ip6_un1_plen=htons(20+http_hdr_len+payload_len); //tcp_hdr_len=20 sendpacket_do_checksum((unsigned char *)packet, IPPROTO_TCP, tcp->doff*4 + http_hdr_len+payload_len); } - - send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, packet, ip_tcp_hdr_len+http_hdr_len+payload_len); + + raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; + tsg_send_inject_packet(a_stream, SIO_EXCLUDE_THIS_LAYER_HDR, packet, ip_tcp_hdr_len+http_hdr_len+payload_len, raw_route_dir); tcp->seq=htonl(ntohl(tcp->seq)+http_hdr_len+payload_len); return ip_tcp_hdr_len+http_hdr_len+payload_len; } -static int build_response_pages(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet) +static int http_build_response_packet(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet) { char *payload=NULL; char message[1024*64]={0}; @@ -378,7 +378,8 @@ static int build_response_pages(const struct streaminfo *a_stream, struct Maat_r http_hdr_len=get_http_header(message+ip_tcp_hdr_len, sizeof(message)-ip_tcp_hdr_len, user_region->deny->code, NULL); payload_len=get_response_pages(p_result, user_region, &payload, a_stream->threadnum); - //TLD_append(TLD_handle, (char *)"http_action_file_size", (void *)(long)payload_len, TLD_TYPE_LONG); + + set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, (void *)&payload_len, a_stream->threadnum); get_tcp_mss_option(a_stream, TCP_OPT_MSS, (void *)&max_segment_size); @@ -387,7 +388,7 @@ static int build_response_pages(const struct streaminfo *a_stream, struct Maat_r one_payload_len=MIN(payload_len-i, max_segment_size-http_hdr_len); memcpy((char *)message+ip_tcp_hdr_len+http_hdr_len, payload+i, one_payload_len); - send_pkt_len+=send_reponse_packet(a_stream, message, one_payload_len, v4_or_v6, ip_tcp_hdr_len, http_hdr_len); + send_pkt_len+=http_send_reponse_packet(a_stream, message, one_payload_len, v4_or_v6, ip_tcp_hdr_len, http_hdr_len); http_hdr_len=0; } @@ -398,28 +399,28 @@ static int build_response_pages(const struct streaminfo *a_stream, struct Maat_r } set_tcp_flags(message, ip_tcp_hdr_len); - send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin + http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin reverse_ip_tcp_header(message, ip_tcp_hdr_len, v4_or_v6); - send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin + http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin return send_pkt_len; } -static int get_content_303(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, char *http_hdr, int http_hdr_len) +static int http_get_content_303(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, char *url, char *http_hdr, int http_hdr_len) { int used_len=0; char *tmp_buff=NULL; char ip_str[128]={0}; std::string output; - struct _session_attribute_label_t *attr_label=NULL; + struct session_attribute_label *attr_label=NULL; ctemplate::Template *tpl_303=ctemplate::Template::StringToTemplate(url, strlen(url), ctemplate::DO_NOT_STRIP); ctemplate::TemplateDictionary dict_303("url_dict"); //dict is automatically finalized after function returned. dict_303.SetIntValue("tsg_policy_id", p_result->config_id); - attr_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id); + attr_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); if(attr_label!=NULL && attr_label->client_subscribe_id!=NULL) { dict_303.SetFormattedValue("tsg_subscriber_id", "%s", attr_label->client_subscribe_id->subscribe_id); @@ -460,19 +461,30 @@ static int get_content_303(const struct streaminfo *a_stream, struct Maat_rule_t return used_len; } -static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result) +static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol) +{ + if(protocol==PROTO_DNS) + { + return STATE_GIVEME|STATE_DROPPKT; + } + + set_drop_stream(a_stream); + + return STATE_DROPME|STATE_DROPPKT; +} +static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol) { int ret=0,opt_value=0; struct rst_tcp_para rst_paras={0}; if(a_stream->type==STREAM_TYPE_TCP) { - rst_paras.rst_pkt_num=1; - rst_paras.signature_seed1=65535; - rst_paras.signature_seed2=13; - rst_paras.th_flags=4; + rst_paras.rst_pkt_num=g_tsg_para.reset.pkt_num; + rst_paras.signature_seed1=g_tsg_para.reset.seed1; + rst_paras.signature_seed2=g_tsg_para.reset.seed2; + rst_paras.th_flags=g_tsg_para.reset.th_flags; rst_paras.__pad_no_use=0; - rst_paras.dir=DIR_DOUBLE; + rst_paras.dir=g_tsg_para.reset.dir; ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras)); if(ret<0) { @@ -487,13 +499,14 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul ); } - opt_value=1; - MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value)); + if(g_tsg_para.reset.remedy==1) + { + opt_value=1; + MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value)); + } } - set_drop_stream(a_stream); - - return APP_STATE_DROPPKT|APP_STATE_DROPME; + return STATE_DROPPKT|STATE_DROPME; } static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region) @@ -504,12 +517,13 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat context=NULL; - return PROT_STATE_DROPME; + return STATE_GIVEME; } static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region) { char *payload=NULL; + unsigned char raw_route_dir=0; switch(user_region->deny->code) { @@ -524,11 +538,12 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa } if(payload!=NULL) - { - send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload)); + { + raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; + tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload), raw_route_dir); } - return PROT_STATE_DROPME|PROT_STATE_DROPPKT; + return STATE_DROPME|STATE_DROPPKT; } static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet) @@ -541,21 +556,21 @@ static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maa case 204: case 403: case 404: - send_pkt_len=build_response_pages(a_stream, p_result, user_region, a_packet); + send_pkt_len=http_build_response_packet(a_stream, p_result, user_region, a_packet); tsg_set_statistic_opt(send_pkt_len, ((user_region->method_type==TSG_METHOD_TYPE_ALERT) ? OPT_TYPE_ALERT_BYTES : OPT_TYPE_BLOCK_BYTES), a_stream->threadnum); break; default: break; } - return PROT_STATE_DROPME|PROT_STATE_DROPPKT; + return STATE_DROPME|STATE_DROPPKT; } static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet) { if(user_region==NULL || user_region->deny==NULL) { - return do_action_reset(a_stream, p_result); + return do_action_drop(a_stream, p_result, protocol); } switch(protocol) @@ -575,55 +590,61 @@ static unsigned char do_action_block_xxx(const struct streaminfo *a_stream, Maat set_drop_stream(a_stream); - return PROT_STATE_DROPME|PROT_STATE_DROPPKT; + return STATE_DROPME|STATE_DROPPKT; } static unsigned char do_action_redirect_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region) { int used_http_hdr_len=0; char http_hdr[1024]={0}; + unsigned char raw_route_dir=0; switch(user_region->deny->code) { case 302: - used_http_hdr_len=get_http_header(http_hdr, sizeof(http_hdr), user_region->deny->code, user_region->deny->redirect_url_to); - send_inject_packet( a_stream, SIO_DEFAULT, http_hdr, used_http_hdr_len); + used_http_hdr_len=get_http_header(http_hdr, sizeof(http_hdr), user_region->deny->code, user_region->deny->redirect_url_to); break; case 303: - used_http_hdr_len=get_content_303(a_stream, p_result, user_region->deny->redirect_url_to, http_hdr, sizeof(http_hdr)); - send_inject_packet( a_stream, SIO_DEFAULT, http_hdr, used_http_hdr_len); + used_http_hdr_len=http_get_content_303(a_stream, p_result, user_region->deny->redirect_url_to, http_hdr, sizeof(http_hdr)); break; default: + return STATE_DROPME|STATE_DROPPKT; break; } - return PROT_STATE_DROPME|PROT_STATE_DROPPKT; + raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; + tsg_send_inject_packet( a_stream, SIO_DEFAULT, http_hdr, used_http_hdr_len, raw_route_dir); + + return STATE_DROPME|STATE_DROPPKT; } -static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol) +static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) { if(user_region==NULL || user_region->deny==NULL) { - return do_action_reset(a_stream, p_result); + return do_action_drop(a_stream, p_result, protocol); } switch(protocol) { + case PROTO_DNS: + return do_action_redirect_dns(a_stream, p_result, user_region, user_data); + break; case PROTO_HTTP: do_action_redirect_http(a_stream, p_result, user_region); + set_drop_stream(a_stream); break; default: break; } - set_drop_stream(a_stream); - - return PROT_STATE_DROPME|PROT_STATE_DROPPKT; + return STATE_DROPME|STATE_DROPPKT; } -unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *a_packet) +unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) { - unsigned char state=APP_STATE_GIVEME; + unsigned char local_state=STATE_GIVEME; + unsigned char state=0; int method_type=TSG_METHOD_TYPE_RESET; struct compile_user_region *user_region=NULL; @@ -636,27 +657,36 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_ switch(method_type) { case TSG_METHOD_TYPE_DROP: + local_state=do_action_drop(a_stream, p_result, protocol); + if(g_tsg_para.deploy_mode==DEPLOY_MODE_MIRROR) + { + local_state=do_action_reset(a_stream, p_result, protocol); + } + break; case TSG_METHOD_TYPE_RESET: - state=do_action_reset(a_stream, p_result); + local_state=do_action_reset(a_stream, p_result, protocol); break; case TSG_METHOD_TYPE_BLOCK: case TSG_METHOD_TYPE_ALERT: - state=do_action_block_xxx(a_stream, p_result, user_region, protocol, a_packet); + local_state=do_action_block_xxx(a_stream, p_result, user_region, protocol, user_data); break; case TSG_METHOD_TYPE_REDIRECTION: - state=do_action_redirect_xxx( a_stream, p_result, user_region, protocol); + local_state=do_action_redirect_xxx( a_stream, p_result, user_region, protocol, user_data); break; case TSG_METHOD_TYPE_RATE_LINIT: - state=do_action_ratelimit(a_stream, p_result, user_region); + local_state=do_action_ratelimit(a_stream, p_result, user_region); break; default: break; } security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); - - state= ((type==ACTION_RETURN_TYPE_PROT) ? (PROT_STATE_DROPME|PROT_STATE_DROPPKT) : (PROT_STATE_DROPME|PROT_STATE_DROPPKT)); + state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME); + state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_DROPME ? PROT_STATE_DROPME : 0) : (local_state&STATE_DROPME ? APP_STATE_DROPME : 0)); + state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_GIVEME ? PROT_STATE_GIVEME: 0) : (local_state&STATE_GIVEME ? APP_STATE_GIVEME: 0)); + state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_DROPPKT ? PROT_STATE_DROPPKT : 0) : (local_state&STATE_DROPPKT ? APP_STATE_DROPPKT: 0)); + return state; } diff --git a/src/tsg_dns.cpp b/src/tsg_dns.cpp new file mode 100644 index 0000000..af331c7 --- /dev/null +++ b/src/tsg_dns.cpp @@ -0,0 +1,273 @@ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <MESA/dns.h> + +#include "tsg_entry.h" +#include "tsg_protocol_common.h" + +static int random_integer(int max, int min) +{ + if(max>min) + { + return (rand()%(max-min+1)); + } + + return 0; +} + +static int record_set_uint32(char *payload, unsigned int value) +{ + *(unsigned int *)payload=(unsigned int)(value); + return 4; +} + +static int record_hton_uint16(char *payload, unsigned short value) +{ + *(unsigned short *)payload=(unsigned short)htons(value); + return 2; +} + +static int record_hton_uint32(char *payload, unsigned int value) +{ + *(unsigned int *)payload=(unsigned int)htonl(value); + return 4; +} + +static int compress_domain_record(unsigned char *domain, int domain_len, u_char *result) +{ + int section_len = 0; + int result_pos = 1; + int domain_pos = 0; + + if(domain_len < 0 || domain_len > DNS_MAX_NAME+1 || '.' == domain[0] || '.' == domain[domain_len - 1]) + { + return -1; + } + + while((domain[domain_pos] != '\n')||(domain[domain_pos] != '\0')) + { + section_len = 0; + while((domain[domain_pos] != '.') &&(domain[domain_pos] != '\n')&&(domain[domain_pos] != '\0')) + { + result[result_pos] = domain[domain_pos]; + result_pos++; + domain_pos++; + section_len++; + } + result[result_pos - section_len -1] = section_len; + + if((domain[domain_pos] == '\n')||(domain[domain_pos] == '\0')) + break; + result_pos++; + domain_pos++; + } + + result[result_pos]= '\0'; + + if(result_pos >= domain_len) + { + return result_pos+1; + } + else + { + return result_pos; + } + + return 0; +} + +int dns_set_response_header(dns_hdr_t *dns_hdr) +{ + dns_hdr->qr = 1; // 1bit: Response + dns_hdr->opcode = 0; // 4bits: Query + dns_hdr->aa = 0; // 1bit: authoritative answer + dns_hdr->tc = 0; // 1bit: Not truncated + dns_hdr->rd = 1; // 1bit: Recursion Desired + dns_hdr->ra = 1; // 1bit: Recursion Available + dns_hdr->z = 0; // 3bits: Reserved for future use: Must be zero in all queries and responses + dns_hdr->rcode = 0; // 4bits: 0: No error condition + + dns_hdr->id = htons(dns_hdr->id); + dns_hdr->qdcount = htons(dns_hdr->qdcount); // 16bits: QDCOUNT: number of questions + dns_hdr->ancount = htons(dns_hdr->ancount); // 16bits: ANCOUNT: number of answer resource records + dns_hdr->aucount = htons(dns_hdr->aucount); // 16bits: NSCOUNT: number of authority resource records + dns_hdr->adcount = htons(dns_hdr->adcount); // 16bits: ARCOUNT: number of additional resource records + + return 0; +} + + +int dns_set_response_question(char *payload, int payload_len, dns_query_question_t *query_question) +{ + int compress_len=0, used_len=0; + u_char compress_name[DNS_MAX_NAME+1]; + + /* ֻ����һ������ */ + + memset(compress_name, 0, sizeof(compress_name)); + compress_len=compress_domain_record(query_question->qname,strlen((char *)(query_question->qname)), compress_name); + if(compress_len<=0) + { + return -1; + } + + memcpy(payload, compress_name, compress_len); + used_len+=compress_len; + used_len+=record_hton_uint16(payload+used_len, query_question->qtype); + used_len+=record_hton_uint16(payload+used_len, query_question->qclass); + + return used_len; +} + +int dns_set_response_records(char *payload, int payload_len, struct dns_record_val *record_val, int record_val_num, int max_ttl, int min_ttl) +{ + int i=0,ttl=0,used_len=0; + unsigned short compress_len=0; + unsigned char compress_name[DNS_MAX_NAME+1]={0}; + + for(i=0; i<record_val_num; i++) + { + used_len+=record_hton_uint16(payload+used_len, (unsigned short)0xc00c); + used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].answer_type));//type + used_len+=record_hton_uint16(payload+used_len, (unsigned short)1); //class + + ttl=random_integer(max_ttl, min_ttl)+min_ttl; + used_len+=record_hton_uint32(payload+used_len, (unsigned int)ttl);//ttl + + switch(record_val[i].answer_type) + { + case DNS_TYPE_A: + used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len + used_len+=record_set_uint32(payload+used_len, (unsigned int)(record_val[i].v4_addr.s_addr)); //IPv4 + break; + case DNS_TYPE_AAAA: + used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].len)); //len + memcpy(payload+used_len, record_val[i].v6_addr.s6_addr, record_val[i].len); //IPv6 + used_len+=record_val[i].len; + break; + case DNS_TYPE_CNAME: + compress_len=compress_domain_record((unsigned char *)record_val[i].cname, record_val[i].len, compress_name); + used_len+=record_hton_uint16(payload+used_len, (unsigned short)(compress_len)); //len + memcpy(payload+used_len, compress_name, compress_len); + used_len+=compress_len; + break; + default: + break; + } + } + + return used_len; +} + + +static int dns_set_header(struct _dns_info *dns_info, struct _dns_hdr *dns_hdr, int record_num) +{ + dns_hdr->id = dns_info->hdr_info.id; + dns_hdr->qdcount = 1; + dns_hdr->ancount = record_num; + dns_set_response_header(dns_hdr); + + return 0; +} + +static struct dns_user_region *dns_get_user_records(struct dns_user_region *user_region_records, int user_region_records_num, int qtype) +{ + int i=0; + for(i=0; i<user_region_records_num; i++) + { + if(user_region_records[i].query_type==qtype) + { + return &(user_region_records[i]); + } + } + + return NULL; +} + +static int dns_set_answer_records(char *payload, int payload_len, struct dns_answer_records *answer_records, int *answer_record_num) +{ + if(answer_records==NULL) + { + return 0; + } + + char profile_id[128]={0}; + int idx=0, used_len=0, record_num=0; + struct dns_profile_records *profile_records=NULL; + + if(answer_records->record_val.selected_flag==1) + { + snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id); + profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id); + if(profile_records==NULL) + { + return 0; + } + + record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num); + idx=random_integer(profile_records->record_num, record_num); + used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl); + + (*answer_record_num)+=record_num; + dns_profile_records_free(0, (MAAT_PLUGIN_EX_DATA *)&profile_records, 0, NULL); + } + else + { + (*answer_record_num)++; + used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, &(answer_records->record_val), 1, answer_records->max_ttl, answer_records->min_ttl); + } + + + return used_len; +} + +unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data) +{ + int ret=0,used_len=0,record_num=0; + unsigned char raw_route_dir=0; + char payload[1024]={0}; + int payload_len=sizeof(payload); + int header_len=sizeof(struct _dns_hdr); + struct dns_user_region *user_region_record=NULL; + struct _dns_info *dns_info=(struct _dns_info *)user_data; + + if(dns_info->hdr_info.qr==1 && g_tsg_para.deploy_mode==DEPLOY_MODE_MIRROR) //mirror + { + return STATE_GIVEME; + } + + if(dns_info->hdr_info.qr==0 && (g_tsg_para.deploy_mode==DEPLOY_MODE_INLINE || g_tsg_para.deploy_mode==DEPLOY_MODE_TRANSPARENT)) //inline or transparent + { + return STATE_GIVEME; + } + + user_region_record=dns_get_user_records(user_region->deny->records, user_region->deny->records_num, dns_info->query_question.qtype); + if(user_region_record==NULL) + { + return STATE_GIVEME; + } + + used_len+=header_len; + ret=dns_set_response_question(payload+used_len, payload_len-used_len, &(dns_info->query_question)); + if(ret==-1) + { + return STATE_GIVEME|STATE_DROPPKT; + } + + used_len+=ret; + used_len+=dns_set_answer_records(payload+used_len, payload_len-used_len, user_region_record->a, &record_num); + used_len+=dns_set_answer_records(payload+used_len, payload_len-used_len, user_region_record->aaaa, &record_num); + used_len+=dns_set_answer_records(payload+used_len, payload_len-used_len, user_region_record->cname, &record_num); + if(record_num<=0) + { + return STATE_GIVEME; + } + + dns_set_header(dns_info, (struct _dns_hdr *)payload, record_num); + raw_route_dir=(dns_info->hdr_info.qr==0) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir; + tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, used_len, raw_route_dir); + + return STATE_GIVEME|STATE_DROPPKT; +} + diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index f382fe7..c56be74 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -4,7 +4,6 @@ #include <assert.h> #include <sys/time.h> #include <unistd.h> -#include <netinet/ip6.h> #include <MESA/http.h> #include <MESA/ftp.h> @@ -24,6 +23,7 @@ #include "tsg_send_log_internal.h" #include "tsg_ssl_utils.h" #include "tsg_ssh_utils.h" +#include "tsg_protocol_common.h" #ifdef __cplusplus extern "C" @@ -73,8 +73,8 @@ id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"}, {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"}, {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"}, {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"}, - {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"}, {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"}, + {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"}, {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"} }; @@ -158,6 +158,34 @@ static int get_device_id(char *command, int entrance_id) return (entrance_id<<7)+(atoi(buffer)%128); } +static int get_deploy_mode(void) +{ + char s_mode[128]={0}; + int len=sizeof(s_mode); + int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len); + if(ret>=0) + { + if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0) + { + g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR; + } + else if((memcmp(s_mode, "inline", strlen(s_mode)))==0) + { + g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE; + } + else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0) + { + g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT; + } + else + { + g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR; + } + } + + return 0; +} + static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context) { if(g_tsg_para.hit_path_switch==0) @@ -537,12 +565,12 @@ static void copy_monitor_result(const struct streaminfo *a_stream, struct master static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq) { int ret=0; - policy_priority_label_t *priority_label=NULL; + struct policy_priority_label *priority_label=NULL; - priority_label=(policy_priority_label_t *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); + priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id); if(priority_label==NULL) { - priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); + priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label)); } else { @@ -557,7 +585,7 @@ static void copy_result_to_project(const struct streaminfo *a_stream, struct mas ); } - memset(priority_label, 0, sizeof(policy_priority_label_t)); + memset(priority_label, 0, sizeof(struct policy_priority_label)); priority_label->proto=proto; if(domain!=NULL) @@ -775,9 +803,9 @@ int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_res static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq) { int scan_ret=0; - struct _session_attribute_label_t *attribute_label=NULL; + struct session_attribute_label *attribute_label=NULL; - attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id); + attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); if(attribute_label!=NULL && domain!=NULL && table_id>=0) { attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq); @@ -793,15 +821,15 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT unsigned long long current_time=0; int ret=0,size=sizeof(create_time); struct _ssl_ja3_info_t *ja3_info=NULL; - struct _session_attribute_label_t *attribute_label=NULL; + struct session_attribute_label *attribute_label=NULL; - attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id); + attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); if(attribute_label==NULL) { - attribute_label=(struct _session_attribute_label_t *)dictator_malloc(thread_seq, sizeof(struct _session_attribute_label_t)); - memset(attribute_label, 0, sizeof(struct _session_attribute_label_t)); + attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label)); + memset(attribute_label, 0, sizeof(struct session_attribute_label)); - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (const void *)attribute_label); + ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label); if(ret<0) { dictator_free(thread_seq, (void *)attribute_label); @@ -840,6 +868,9 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT case TSG_ATTRIBUTE_TYPE_PROTOCOL: attribute_label->proto=(tsg_protocol_t)(*(int *)value); break; + case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE: + attribute_label->http_action_file_size=(*(int *)value); + break; case TSG_ATTRIBUTE_TYPE_JA3_HASH: ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum); if(ja3_info!=NULL) @@ -896,43 +927,43 @@ int tsg_set_device_id_to_telegraf(char *device_sn) static void free_session_attribute_label(int thread_seq, void *project_req_value) { - struct _session_attribute_label_t *label=(struct _session_attribute_label_t *)project_req_value; + struct session_attribute_label *label=(struct session_attribute_label *)project_req_value; if(label!=NULL) { if(label->client_asn!=NULL) { - ASN_free_data(label->client_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); + ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger); label->client_asn=NULL; } if(label->server_asn!=NULL) { - ASN_free_data(label->server_asn->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); + ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger); label->server_asn=NULL; } if(label->client_location!=NULL) { - location_free_data(label->client_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); + location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger); label->client_location=NULL; } if(label->server_location!=NULL) { - location_free_data(label->server_location->table_id, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); + location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger); label->server_location=NULL; } if(label->client_subscribe_id!=NULL) { - subscribe_id_free_data(label->client_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); + subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger); label->client_subscribe_id=NULL; } if(label->server_subscribe_id!=NULL) { - subscribe_id_free_data(label->server_subscribe_id->table_id, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); + subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger); label->server_subscribe_id=NULL; } @@ -1162,12 +1193,12 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct int i=0,hit_num=0; char *name=NULL; char app_id_buff[32]={0}; - struct app_id_dict_table *dict=NULL; + struct app_id_dict *dict=NULL; for(i=0; i< identify_result->app_id_num; i++) { snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]); - dict=(struct app_id_dict_table *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); if(dict!=NULL) { hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->risk, (char *)"risk", thread_seq); @@ -1179,7 +1210,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->app_name, identify_result->app_id[i], thread_seq); //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq); - app_id_dict_free_data(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); } else { @@ -1613,7 +1644,16 @@ extern "C" int TSG_MASTER_INIT() return -1; } - + srand(time(0)); + get_deploy_mode(); + + MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1); + MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535); + MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13); + MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14); + MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE); + MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 0); + MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_SWITCH", &g_tsg_para.default_compile_switch, 0); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0); @@ -1650,8 +1690,8 @@ extern "C" int TSG_MASTER_INIT() } MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL"); - g_tsg_para.internal_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); - if(g_tsg_para.internal_project_id<0) + g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label); + if(g_tsg_para.session_attribute_project_id<0) { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff); } @@ -1728,7 +1768,7 @@ extern "C" int TSG_MASTER_INIT() MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ..."); return -1; } - g_tsg_log_instance->internal_project_id=g_tsg_para.internal_project_id; + g_tsg_log_instance->session_attribute_project_id=g_tsg_para.session_attribute_project_id; MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30); MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port)); @@ -1801,6 +1841,7 @@ extern "C" int TSG_MASTER_INIT() { return -1; } + return 0; } @@ -1808,7 +1849,13 @@ extern "C" int TSG_MASTER_INIT() extern "C" int TSG_MASTER_UNLOAD() { - sleep(5); + Maat_burn_feather(g_tsg_maat_feather); + g_tsg_maat_feather=NULL; + + Maat_burn_feather(g_tsg_dynamic_maat_feather); + g_tsg_dynamic_maat_feather=NULL; + + return 0; } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index b89f460..412ff2b 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -1,6 +1,12 @@ #ifndef __TSG_ENTRY_H__ #define __TSG_ENTRY_H__ +#include <sys/socket.h> +#include <netinet/in.h> +#include <netinet/ip6.h> + +#include <MESA/dns.h> + #include <MESA/Maat_rule.h> #include <MESA/field_stat2.h> #include <ctemplate/template.h> @@ -37,6 +43,14 @@ typedef int atomic_t; #define APP_SCAN_FLAG_STOP 0 #define APP_SCAN_FLAG_CONTINUE 1 +enum DEPLOY_MODE +{ + DEPLOY_MODE_MIRROR, + DEPLOY_MODE_INLINE, + DEPLOY_MODE_TRANSPARENT, + DEPLOY_MODE_MAX +}; + enum MASTER_TABLE{ TABLE_SECURITY_COMPILE=0, TABLE_IP_ADDR, @@ -64,6 +78,7 @@ enum MASTER_TABLE{ TABLE_GTP_IMSI, TABLE_GTP_PHONE_NUMBER, TABLE_RESPONSE_PAGES, + TABLE_DNS_PROFILE_RECORD, TABLE_MAX }; @@ -90,9 +105,9 @@ enum TSG_FS2_TYPE{ TSG_FS2_APP_BUILT_IN_RESULT, TSG_FS2_INJECT_PKT_SUCCESS, TSG_FS2_INJECT_PKT_FAILED, - TSG_FS2_MIRRORED_PKT_SUCCESS, - TSG_FS2_MIRRORED_PKT_FAILED, + TSG_FS2_MIRRORED_PKT_SUCCESS, TSG_FS2_MIRRORED_BYTE_SUCCESS, + TSG_FS2_MIRRORED_PKT_FAILED, TSG_FS2_MIRRORED_BYTE_FAILED, TSG_FS2_MAX }; @@ -106,6 +121,7 @@ enum TSG_ATTRIBUTE_TYPE TSG_ATTRIBUTE_TYPE_LOCATION, TSG_ATTRIBUTE_TYPE_ASN, TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID, + TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE, _MAX_TSG_ATTRIBUTE_TYPE }; @@ -135,12 +151,10 @@ struct l7_protocol UT_hash_handle hh2; /* handle for second hash table */ }; -struct _fqdn_category_t +struct fqdn_category { int ref_cnt; unsigned int category_id; - int match_method; - char fqdn[MAX_DOAMIN_LEN/8]; }; struct http_response_pages @@ -186,8 +200,18 @@ struct tcpall_context }; }; +struct reset_argv +{ + int pkt_num; + int seed1; + int seed2; + int th_flags; + int dir; + int remedy; +}; + #define _MAX_TABLE_NAME_LEN 64 -typedef struct _tsg_para +typedef struct tsg_para { int level; short mirror_switch; @@ -197,6 +221,7 @@ typedef struct _tsg_para int entrance_id; int hash_timeout; int hash_slot_size; + enum DEPLOY_MODE deploy_mode; int scan_time_interval; int hit_path_switch; int default_compile_switch; @@ -204,7 +229,7 @@ typedef struct _tsg_para int table_id[TABLE_MAX]; int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP int priority_project_id; - int internal_project_id; + int session_attribute_project_id; int context_project_id; int tcpall_project_id; int linkinfo_project_id; @@ -212,12 +237,13 @@ typedef struct _tsg_para int app_bridge_id; int proto_flag; //tsg_protocol_t int fs2_field_id[TSG_FS2_MAX]; - char device_sn[MAX_DOAMIN_LEN/8]; - char log_path[MAX_DOAMIN_LEN/8]; - char device_id_command[MAX_DOAMIN_LEN/8]; + char device_sn[MAX_DOMAIN_LEN/8]; + char log_path[MAX_DOMAIN_LEN/8]; + char device_id_command[MAX_DOMAIN_LEN/8]; char data_center[_MAX_TABLE_NAME_LEN]; char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN]; - void *logger; + void *logger; + struct reset_argv reset; screen_stat_handle_t fs2_handle; struct l7_protocol *name_by_id; struct l7_protocol *id_by_name; @@ -228,8 +254,9 @@ typedef struct _tsg_para }g_tsg_para_t; extern g_tsg_para_t g_tsg_para; +extern Maat_feather_t g_tsg_dynamic_maat_feather; -typedef enum _tsg_statis_field_id +typedef enum tsg_statis_field_id { STATIS_UNKNOWN=0, STATIS_ENTRANCE_ID=1, @@ -301,7 +328,7 @@ enum TRAFFIC_INFO_IDX TRAFFIC_INFO_MAX }; -typedef struct _tsg_statistic +typedef struct tsg_statistic { int cycle; int fs_line_id; @@ -324,10 +351,13 @@ const void *get_struct_project(const struct streaminfo *a_stream, int project_id int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent); void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); -void app_id_dict_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); +void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); +void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); +void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp); +void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp); +void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int thread_seq); + int tsg_set_vlan_id_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct mirrored_vlan *vlan_id, int vlan_num, int thread_seq); int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq); void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp); @@ -336,14 +366,14 @@ struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Ma int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num); int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq); int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq); -int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq); +int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq); int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info); int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq); int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq); int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq); int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location); int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn); -int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id_info_t **source_subscribe_id, struct _subscribe_id_info_t **dest_subscribe_id); +int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id); int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq); int tsg_get_vlan_id_by_monitor_rule(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, struct mirrored_vlan *vlan, int vlan_num); diff --git a/src/tsg_protocol_common.h b/src/tsg_protocol_common.h new file mode 100644 index 0000000..4cdff39 --- /dev/null +++ b/src/tsg_protocol_common.h @@ -0,0 +1,114 @@ +#ifndef __TSG_PROTOCOL_COMMON_H__ +#define __TSG_PROTOCOL_COMMON_H__ + +#include <MESA/stream.h> +#include "tsg_rule.h" + +#include <sys/socket.h> +#include <netinet/in.h> + +#define STATE_GIVEME 1 +#define STATE_DROPME 2 +#define STATE_DROPPKT 4 +#define STATE_KILL_OTHER 8 + + +enum TSG_DENY_TYPE +{ + TSG_DENY_TYPE_MESSAGE=0, + TSG_DENY_TYPE_PROFILE, + TSG_DENY_TYPE_REDIRECT_TO, + TSG_DENY_TYPE_REDIRECT_URL, + TSG_DENY_TYPE_REDIRECT_RECORD, + TSG_DENY_TYPE_MAX +}; + +struct selected_record +{ + int profile_id; + int selected_num; +}; + +struct dns_record_val +{ + int answer_type; + int selected_flag; + int len; + union + { + void *value; + char *cname; + struct in_addr v4_addr; + struct in6_addr v6_addr; + struct selected_record selected; + }; +}; + +struct dns_answer_records +{ + int max_ttl; + int min_ttl; + struct dns_record_val record_val; +}; + + +struct dns_profile_records +{ + int ref_cnt; + int record_id; + int record_num; + int answer_type; + struct dns_record_val *record_val; +}; + +struct dns_user_region +{ + int query_type; //dns.h + struct dns_answer_records *a; + struct dns_answer_records *aaaa; + struct dns_answer_records *cname; +}; + +struct deny_user_region +{ + enum TSG_DENY_TYPE type; + union + { + int code; + int records_num; + }; + union + { + char *message; + char *redirect_url_to; + struct dns_user_region *records; + int profile_id; + int bps; + void *para; + }; +}; + +struct monitor_user_region +{ + int enabled; + int vlan_id; +}; + +struct compile_user_region +{ + int ref_cnt; + enum TSG_METHOD_TYPE method_type; + union + { + struct deny_user_region *deny; + struct monitor_user_region *mirror; + struct Maat_rule_t *result; //XJ default policy + void *user_region_para; + }; +}; + +int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir); +unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data); + + +#endif diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index bbcadd5..32aa4af 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -16,6 +16,7 @@ #include "tsg_entry.h" #include "tsg_send_log.h" #include "tsg_send_log_internal.h" +#include "tsg_protocol_common.h" Maat_feather_t g_tsg_maat_feather; Maat_feather_t g_tsg_dynamic_maat_feather; @@ -41,8 +42,50 @@ const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={ {TSG_METHOD_TYPE_UNK {TSG_METHOD_TYPE_RATE_LINIT, 10, (char *)"rate_limit"} }; +//functioned as strdup, for dictator compatible. +static char* tsg_strdup(const char* s) +{ + char*d=NULL; + if(s==NULL) + { + return NULL; + } + d=(char*)malloc(strlen(s)+1); + memcpy(d,s,strlen(s)+1); + return d; +} + +static int get_column_pos(const char* line, int column_seq, size_t *offset, size_t *len) +{ + const char* seps=" \t"; + char* saveptr=NULL, *subtoken=NULL, *str=NULL; + char* dup_line=tsg_strdup(line); + int i=0, ret=-1; + for (str = dup_line; ; str = NULL) + { + subtoken = strtok_r(str, seps, &saveptr); + if (subtoken == NULL) + break; + if(i==column_seq-1) + { + *offset=subtoken-dup_line; + *len=strlen(subtoken); + ret=0; + break; + } + i++; + } + free(dup_line); + return ret; +} + static char* str_unescape(char* s) { + if(s==NULL) + { + return NULL; + } + int i=0,j=0; int len=strlen(s); for(i=0,j=0;i<len;i++) @@ -78,6 +121,35 @@ static char* str_unescape(char* s) return s; } +static int get_dns_qtype(char *qtype, int qtype_len) +{ + switch(qtype_len) + { + case 1: + if(qtype[0]=='A') + { + return DNS_TYPE_A; + } + break; + case 4: + if((strcasecmp(qtype, "AAAA"))==0) + { + return DNS_TYPE_AAAA; + } + break; + case 5: + if((strcasecmp(qtype, "CNAME"))==0) + { + return DNS_TYPE_CNAME; + } + break; + default: + break; + } + + return -1; +} + static int get_fqdn_len(char *domain) { char *p=NULL; @@ -98,9 +170,13 @@ static int get_fqdn_len(char *domain) static int copy_id(int *dst_id, int dst_id_num, int *src_id, int src_id_num) { - int num=MIN(dst_id_num, src_id_num); - memcpy(dst_id, src_id, num); + int i=0,num=0; + for(i=0; i<src_id_num && num<dst_id_num; i++) + { + dst_id[num++]=src_id[i]; + } + return num; } @@ -125,8 +201,8 @@ static int copy_vlan_id(struct mirrored_vlan *vlan, int vlan_num, int vlan_id, i static int sort_category_id(const void * a, const void * b) { - struct _fqdn_category_t *x = (struct _fqdn_category_t *) a; - struct _fqdn_category_t *y = (struct _fqdn_category_t *) b; + struct fqdn_category *x = (struct fqdn_category *) a; + struct fqdn_category *y = (struct fqdn_category *) b; return (int)(x->category_id - y->category_id); } @@ -170,20 +246,39 @@ static int get_data_center(char *accept_tag, char *effective_tag_key, char *data return 0; } -static void eliminate_default_value(char *value) +static void _free_field(char *field) { - if(value!=NULL && (memcmp(value, "null", 4))==0) + if(field!=NULL) { - value[0]='\0'; + free(field); + field=NULL; } } -void ASN_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +static char *_malloc_field(const char *field_start, size_t field_len) { - struct _asn_info_t *asn=(struct _asn_info_t *)(*from); + if(field_start==NULL || field_len<=0) + { + return NULL; + } + + if(field_len==4 && (memcmp(field_start, "null", 4))==0) + { + return NULL; + } + + char *field=(char *)malloc(field_len+1); + memcpy(field, field_start, field_len); + field[field_len]='\0'; + + return field; +} - if(asn!=NULL) +void ASN_number_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +{ + if((*from)!=NULL) { + struct asn_info *asn=(struct asn_info *)(*from); atomic_inc(&asn->ref_cnt); *to=*from; } @@ -191,54 +286,54 @@ void ASN_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *fr return; } -void ASN_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ASN_number_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - int ret=0,id=0,is_valid=0; + int asn_field=5; + int organization_field=6; + + struct asn_info *asn=(struct asn_info *)calloc(1, sizeof(struct asn_info)); - struct _asn_info_t *asn=NULL; - asn=(struct _asn_info_t *)calloc(1, sizeof(struct _asn_info_t)); + asn->asn_id=tsg_get_column_string_value(table_line, asn_field); + asn->organization=tsg_get_column_string_value(table_line, organization_field); - ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%d", &id, &asn->addr_type, asn->start_ip, asn->end_ip, asn->asn, asn->organization, &is_valid); - if(ret!=7) + if(asn->asn_id==NULL && asn->organization==NULL) { - free(asn); + _free_field((char *)asn); asn=NULL; - return; + return ; } - + + str_unescape(asn->asn_id); str_unescape(asn->organization); - eliminate_default_value(asn->organization); atomic_inc(&asn->ref_cnt); - asn->table_id=table_id; *ad=(MAAT_PLUGIN_EX_DATA)asn; return; } -void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - struct _asn_info_t *asn=(struct _asn_info_t *)(*ad); - - if(asn!=NULL) + if(*ad!=NULL) { - atomic_dec(&asn->ref_cnt); - - if(asn->ref_cnt<=0) + struct asn_info *asn=(struct asn_info *)(*ad); + if((__sync_sub_and_fetch(&asn->ref_cnt, 1) == 0)) { - free(*ad); + _free_field(asn->asn_id); + _free_field(asn->organization); + _free_field((char *)(*ad)); *ad=NULL; } } + return; } void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - struct _location_info_t *location=(struct _location_info_t *)(*from); - - if(location!=NULL) + if((*from)!=NULL) { + struct location_info *location=(struct location_info *)(*from); atomic_inc(&location->ref_cnt); *to=*from; } @@ -248,64 +343,25 @@ void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT void location_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - int ret=0,id=0,is_valid=0; - struct _location_info_t *location=NULL; - - location=(struct _location_info_t *)calloc(1, sizeof(struct _location_info_t)); - - ret=sscanf(table_line, - "%d\t%d\t%d\t%s\t%s\t%lf\t%lf\t%lf\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d", - &id, - &location->geoname_id, - &location->addr_type, - location->start_ip, - location->end_ip, - &location->latitude, - &location->longitude, - &location->coords, - location->language, - location->continent_abbr, - location->continent_full, - location->country_abbr, - location->country_full, - location->province_abbr, - location->province_full, - location->city_full, - location->time_zone, - &is_valid); - if(ret!=18) - { - free(location); + int country_full=13,province_full=15,city_full=16; + struct location_info *location=(struct location_info *)calloc(1, sizeof(struct location_info)); + + location->country_full=tsg_get_column_string_value(table_line, country_full); + location->province_full=tsg_get_column_string_value(table_line, province_full); + location->city_full=tsg_get_column_string_value(table_line, city_full); + + if(location->country_full==NULL && location->province_full==NULL && location->city_full==NULL) + { + _free_field((char *)location); location=NULL; - - MESA_handle_runtime_log(logger, - RLOG_LV_FATAL, - "IP_LOCATION", - "Parse ip location failed, ret: %d table_id: %d table_line: %s", - ret, - table_id, - table_line - ); - return; + return ; } - str_unescape(location->continent_full); str_unescape(location->country_full); str_unescape(location->province_full); str_unescape(location->city_full); - eliminate_default_value(location->language); - eliminate_default_value(location->continent_abbr); - eliminate_default_value(location->continent_full); - eliminate_default_value(location->country_abbr); - eliminate_default_value(location->country_full); - eliminate_default_value(location->province_abbr); - eliminate_default_value(location->province_full); - eliminate_default_value(location->city_full); - eliminate_default_value(location->time_zone); atomic_inc(&location->ref_cnt); - location->table_id=table_id; *ad=(MAAT_PLUGIN_EX_DATA)location; return; @@ -313,15 +369,15 @@ void location_new_data(int table_id, const char* key, const char* table_line, MA void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - struct _location_info_t *location=(struct _location_info_t *)(*ad); - - if(location!=NULL) + if(*ad!=NULL) { - atomic_dec(&location->ref_cnt); - - if(location->ref_cnt<=0) + struct location_info *location=(struct location_info *)(*ad); + if((__sync_sub_and_fetch(&location->ref_cnt, 1) == 0)) { - free(*ad); + _free_field(location->country_full); + _free_field(location->province_full); + _free_field(location->city_full); + _free_field((char *)(*ad)); *ad=NULL; } } @@ -329,48 +385,28 @@ void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* return; } -void fqdn_cat_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void fqdn_category_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - struct _fqdn_category_t *fqdn_cat=(struct _fqdn_category_t *)(*from); - - if(fqdn_cat!=NULL) + if((*from)!=NULL) { + struct fqdn_category *fqdn_cat=(struct fqdn_category *)(*from); atomic_inc(&fqdn_cat->ref_cnt); *to=*from; } return; } -void fqdn_cat_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void fqdn_category_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - int ret=0,id=0,is_valid=0; - struct _fqdn_category_t *fqdn_cat=NULL; + int category_id=2; - fqdn_cat=(struct _fqdn_category_t *)calloc(1, sizeof(struct _fqdn_category_t)); - - ret=sscanf(table_line, - "%d\t%u\t%s\t\t%d\t%d", - &id, - &fqdn_cat->category_id, - fqdn_cat->fqdn, - &fqdn_cat->match_method, - &is_valid - ); - if(ret!=5) + struct fqdn_category * fqdn_cat=(struct fqdn_category *)calloc(1, sizeof(struct fqdn_category)); + fqdn_cat->category_id=(unsigned int)tsg_get_column_integer_value(table_line, category_id); + if(fqdn_cat->category_id==((unsigned int)-1)) { - free(fqdn_cat); + _free_field((char *)fqdn_cat); fqdn_cat=NULL; - - MESA_handle_runtime_log(logger, - RLOG_LV_FATAL, - "FQDN_CAT", - "Parse fqdn category failed, ret: %d table_id: %d table_line: %s", - ret, - table_id, - table_line - ); - return; + return ; } atomic_inc(&fqdn_cat->ref_cnt); @@ -379,30 +415,26 @@ void fqdn_cat_new_data(int table_id, const char* key, const char* table_line, MA return; } -void fqdn_cat_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void fqdn_category_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - struct _fqdn_category_t *fqdn_cat=(struct _fqdn_category_t *)(*ad); - - if(fqdn_cat!=NULL) + if((*ad)!=NULL) { - atomic_dec(&fqdn_cat->ref_cnt); - - if(fqdn_cat->ref_cnt<=0) + struct fqdn_category *fqdn_cat=(struct fqdn_category *)(*ad); + if((__sync_sub_and_fetch(&fqdn_cat->ref_cnt, 1) == 0)) { - free(*ad); + _free_field((char *)(*ad)); *ad=NULL; } } + return; } - -void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +void subscriber_id_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - struct _subscribe_id_info_t *subscribe_id=(struct _subscribe_id_info_t *)(*from); - - if(subscribe_id!=NULL) + if((*from)!=NULL) { + struct subscribe_id_info *subscribe_id=(struct subscribe_id_info *)(*from); atomic_inc(&subscribe_id->ref_cnt); *to=*from; } @@ -410,52 +442,35 @@ void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX return; } -void subscribe_id_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void subscriber_id_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - int ret=0,id=0,type=0,is_valid=0; - char ip_addr[MAX_IPV6_ADDR_LEN]={0}; - struct _subscribe_id_info_t *subscribe_id=NULL; + int subscribe_id=4; + struct subscribe_id_info *subscriber=(struct subscribe_id_info *)calloc(1, sizeof(struct subscribe_id_info)); + subscriber->subscribe_id=tsg_get_column_string_value(table_line, subscribe_id); - subscribe_id=(struct _subscribe_id_info_t *)calloc(1, sizeof(struct _subscribe_id_info_t)); - - ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%d", &id, &type, ip_addr, subscribe_id->subscribe_id, &is_valid); - if(ret!=5) + if(subscriber->subscribe_id==NULL) { - free(subscribe_id); - subscribe_id=NULL; + _free_field((char *)subscriber); + subscriber=NULL; - MESA_handle_runtime_log(logger, - RLOG_LV_FATAL, - "SUBSCRIBE_ID", - "Parse subscribe_id failed, ret: %d table_id: %d table_line: %s", - ret, - table_id, - table_line - ); return; } - - - atomic_inc(&subscribe_id->ref_cnt); - subscribe_id->table_id=table_id; - *ad=(MAAT_PLUGIN_EX_DATA)subscribe_id; + atomic_inc(&subscriber->ref_cnt); + *ad=(MAAT_PLUGIN_EX_DATA)subscriber; return; } -void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - struct _subscribe_id_info_t *subscribe_id=(struct _subscribe_id_info_t *)(*ad); - - if(subscribe_id!=NULL) + if((*ad)!=NULL) { - atomic_dec(&subscribe_id->ref_cnt); - - if(subscribe_id->ref_cnt<=0) + struct subscribe_id_info *subscriber=(struct subscribe_id_info *)(*ad); + if((__sync_sub_and_fetch(&subscriber->ref_cnt, 1) == 0)) { - free(*ad); + _free_field(subscriber->subscribe_id); + _free_field((char *)(*ad)); *ad=NULL; } } @@ -463,121 +478,95 @@ void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, vo return; } -static void app_id_dict_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) +static void app_id_dict_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - struct app_id_dict_table *app_id_dict=(struct app_id_dict_table *)(*from); - - if(*from!=NULL) + if((*from)!=NULL) { - atomic_inc(&app_id_dict->ref_cnt); + struct app_id_dict *dict=(struct app_id_dict *)(*from); + atomic_inc(&dict->ref_cnt); *to=*from; } + return; } -static void app_id_dict_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +static void app_id_dict_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - void *logger=argp; - int ret=0; + struct app_id_dict *dict=NULL; - struct app_id_dict_table *app_id_dict=NULL; - app_id_dict=(struct app_id_dict_table *)calloc(1, sizeof(struct app_id_dict_table)); - if(g_tsg_para.app_dict_field_num==18) - { - ret=sscanf(table_line, - "%d\t%s\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d", - &app_id_dict->app_id, - app_id_dict->app_name, - &app_id_dict->parent_app_id, - app_id_dict->parent_app_name, - app_id_dict->category, - app_id_dict->subcategroy, - app_id_dict->technology, - app_id_dict->risk, - app_id_dict->characteristics, - app_id_dict->depends_on_app_ids, - app_id_dict->implicitly_uses_app_ids, - &app_id_dict->deny_action, - &app_id_dict->continue_scanning, - &app_id_dict->tcp_timeout, - &app_id_dict->udp_timeout, - &app_id_dict->tcp_half_close, - &app_id_dict->tcp_time_wait, - &app_id_dict->is_valid); - } - else + + switch(g_tsg_para.app_dict_field_num) { - ret=sscanf(table_line, - "%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d", - &app_id_dict->app_id, - app_id_dict->app_name, - app_id_dict->category, - app_id_dict->subcategroy, - app_id_dict->technology, - app_id_dict->risk, - app_id_dict->characteristics, - app_id_dict->depends_on_app_ids, - app_id_dict->implicitly_uses_app_ids, - &app_id_dict->deny_action, - &app_id_dict->continue_scanning, - &app_id_dict->tcp_timeout, - &app_id_dict->udp_timeout, - &app_id_dict->tcp_half_close, - &app_id_dict->tcp_time_wait, - &app_id_dict->is_valid); - } - - if(ret!=g_tsg_para.app_dict_field_num) - { - free(app_id_dict); - app_id_dict=NULL; - - MESA_handle_runtime_log(logger, - RLOG_LV_FATAL, - "APP_ID_DICT", - "Parse app_id_dict failed, ret: %d table_id: %d table_line: %s", - ret, - table_id, - table_line - ); - return; + case 16: + dict=(struct app_id_dict *)calloc(1, sizeof(struct app_id_dict)); + + dict->app_id=tsg_get_column_integer_value(table_line, 1); + dict->app_name=tsg_get_column_string_value(table_line, 2); + dict->category=tsg_get_column_string_value(table_line, 3); + dict->subcategroy=tsg_get_column_string_value(table_line, 4); + dict->technology=tsg_get_column_string_value(table_line, 5); + dict->risk=tsg_get_column_string_value(table_line, 6); + dict->characteristics=tsg_get_column_string_value(table_line, 7); + dict->deny_action=tsg_get_column_integer_value(table_line, 10); + dict->continue_scanning=tsg_get_column_integer_value(table_line, 11); + dict->tcp_timeout=tsg_get_column_integer_value(table_line, 12); + dict->udp_timeout=tsg_get_column_integer_value(table_line, 13); + dict->tcp_half_close=tsg_get_column_integer_value(table_line, 14); + dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 15); + break; + case 18: + dict=(struct app_id_dict *)calloc(1, sizeof(struct app_id_dict)); + + dict->app_id=tsg_get_column_integer_value(table_line, 1); + dict->app_name=tsg_get_column_string_value(table_line, 2); + dict->parent_app_id=tsg_get_column_integer_value(table_line, 3); + dict->parent_app_name=tsg_get_column_string_value(table_line, 4); + dict->category=tsg_get_column_string_value(table_line, 5); + dict->subcategroy=tsg_get_column_string_value(table_line, 6); + dict->technology=tsg_get_column_string_value(table_line, 7); + dict->risk=tsg_get_column_string_value(table_line, 8); + dict->characteristics=tsg_get_column_string_value(table_line, 9); + dict->deny_action=tsg_get_column_integer_value(table_line, 12); + dict->continue_scanning=tsg_get_column_integer_value(table_line, 13); + dict->tcp_timeout=tsg_get_column_integer_value(table_line, 14); + dict->udp_timeout=tsg_get_column_integer_value(table_line, 15); + dict->tcp_half_close=tsg_get_column_integer_value(table_line, 16); + dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 17); + break; + default: + return ; + break; } - str_unescape(app_id_dict->app_name); - str_unescape(app_id_dict->parent_app_name); - str_unescape(app_id_dict->category); - str_unescape(app_id_dict->subcategroy); - str_unescape(app_id_dict->technology); - str_unescape(app_id_dict->characteristics); - str_unescape(app_id_dict->depends_on_app_ids); - str_unescape(app_id_dict->implicitly_uses_app_ids); - - atomic_inc(&app_id_dict->ref_cnt); - eliminate_default_value(app_id_dict->app_name); - eliminate_default_value(app_id_dict->parent_app_name); - eliminate_default_value(app_id_dict->category); - eliminate_default_value(app_id_dict->subcategroy); - eliminate_default_value(app_id_dict->technology); - eliminate_default_value(app_id_dict->risk); - eliminate_default_value(app_id_dict->characteristics); - eliminate_default_value(app_id_dict->depends_on_app_ids); - eliminate_default_value(app_id_dict->implicitly_uses_app_ids); - - *ad=(MAAT_PLUGIN_EX_DATA)app_id_dict; + str_unescape(dict->risk); + str_unescape(dict->app_name); + str_unescape(dict->parent_app_name); + str_unescape(dict->category); + str_unescape(dict->subcategroy); + str_unescape(dict->technology); + str_unescape(dict->characteristics); + + atomic_inc(&dict->ref_cnt); + *ad=(MAAT_PLUGIN_EX_DATA)dict; return; } -void app_id_dict_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) +void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - struct app_id_dict_table *app_id_dict=(struct app_id_dict_table *)(*ad); - - if(app_id_dict!=NULL) + if((*ad)!=NULL) { - atomic_dec(&app_id_dict->ref_cnt); - if(app_id_dict->ref_cnt<=0) + struct app_id_dict *dict=(struct app_id_dict *)(*ad); + if((__sync_sub_and_fetch(&dict->ref_cnt, 1) == 0)) { - free(*ad); + _free_field(dict->app_name); + _free_field(dict->parent_app_name); + _free_field(dict->category); + _free_field(dict->subcategroy); + _free_field(dict->technology); + _free_field(dict->risk); + _free_field(dict->characteristics); + _free_field((char *)(*ad)); *ad=NULL; } } @@ -638,10 +627,191 @@ static struct compile_user_region *parse_monitor_user_region(cJSON *object) return user_region; } +static int parse_answer_ttl(struct dns_user_region *user_region_records, cJSON *one_record, int answer_type) +{ + if(one_record==NULL || user_region_records==NULL) + { + return 0; + } + + cJSON *ttl=cJSON_GetObjectItem(one_record, "ttl"); + if(ttl==NULL) + { + return 0; + } + + struct dns_answer_records *answer_record_tmp=NULL; + + switch(answer_type) + { + case DNS_TYPE_A: + answer_record_tmp=user_region_records->a; + break; + case DNS_TYPE_AAAA: + answer_record_tmp=user_region_records->aaaa; + break; + case DNS_TYPE_CNAME: + answer_record_tmp=user_region_records->cname; + break; + default: + return 0; + } + + get_integer_from_json(ttl, "min", &(answer_record_tmp->min_ttl)); + get_integer_from_json(ttl, "max", &(answer_record_tmp->max_ttl)); + + return 1; +} + +static int parse_answer_profile(struct dns_user_region *user_region_records, cJSON *record_profile, int answer_type) +{ + struct dns_answer_records *answer_records=(struct dns_answer_records *)calloc(1, sizeof(struct dns_answer_records)); + answer_records->record_val.answer_type=answer_type; + + get_integer_from_json(record_profile, "record_id", &(answer_records->record_val.selected.profile_id)); + get_integer_from_json(record_profile, "selected_num", &(answer_records->record_val.selected.selected_num)); + + answer_records->record_val.selected_flag=1; + + switch(answer_type) + { + case DNS_TYPE_A: + user_region_records->a=answer_records; + break; + case DNS_TYPE_AAAA: + user_region_records->aaaa=answer_records; + break; + case DNS_TYPE_CNAME: + user_region_records->cname=answer_records; + break; + default: + return 0; + } + + return 1; +} + +static int parse_answer_value(struct dns_user_region *user_region_records, cJSON *record_value, int answer_type) +{ + switch(answer_type) + { + case DNS_TYPE_A: + user_region_records->a=(struct dns_answer_records *)calloc(1, sizeof(struct dns_answer_records)); + user_region_records->a->record_val.answer_type=answer_type; + user_region_records->a->record_val.len=sizeof(struct in_addr); + inet_pton(AF_INET, record_value->valuestring, (void *)&(user_region_records->a->record_val.v4_addr.s_addr)); + break; + case DNS_TYPE_AAAA: + user_region_records->aaaa=(struct dns_answer_records *)calloc(1, sizeof(struct dns_answer_records)); + user_region_records->aaaa->record_val.answer_type=answer_type; + user_region_records->aaaa->record_val.len=sizeof(struct in6_addr); + inet_pton(AF_INET6, record_value->valuestring, (void *)(user_region_records->aaaa->record_val.v6_addr.s6_addr)); + break; + case DNS_TYPE_CNAME: + user_region_records->cname=(struct dns_answer_records *)calloc(1, sizeof(struct dns_answer_records)); + user_region_records->cname->record_val.answer_type=answer_type; + user_region_records->cname->record_val.len=strlen(record_value->valuestring); + user_region_records->cname->record_val.cname=(char *)calloc(1, user_region_records->cname->record_val.len+1); + memcpy(user_region_records->cname->record_val.cname, record_value->valuestring, user_region_records->cname->record_val.len); + break; + default: + return -1; + } + + return 1; +} + +static int parse_answer_records(struct dns_user_region *user_region_records, cJSON *answer_array) +{ + int answer_type=-1; + int i=0,ret=0,answer_size=0; + cJSON *a_item=NULL, *one_record=NULL; + + if(answer_array==NULL || user_region_records==NULL) + { + return -1; + } + + answer_size=cJSON_GetArraySize(answer_array); + for(i=0; i<answer_size; i++) + { + one_record=cJSON_GetArrayItem(answer_array, i); + a_item=cJSON_GetObjectItem(one_record, "atype"); + if(a_item==NULL || a_item->valuestring==NULL) + { + continue; + } + + answer_type=get_dns_qtype(a_item->valuestring, strlen(a_item->valuestring)); + switch(answer_type==-1) + { + continue; + } + + a_item=cJSON_GetObjectItem(one_record, "value"); + if(a_item!=NULL) + { + ret=parse_answer_value(user_region_records, a_item, answer_type); + } + else + { + ret=parse_answer_profile(user_region_records, one_record, answer_type); + } + + if(ret>0) + { + parse_answer_ttl(user_region_records, one_record, answer_type); + } + } + + return 0; +} + +static struct dns_user_region *parse_dns_user_region(cJSON *resolution_array, int arrary_num) +{ + int i=0; + cJSON *resolution=NULL,*qtype=NULL; + cJSON *answer_array=NULL; + struct dns_user_region *records=NULL; + + records=(struct dns_user_region *)calloc(1, sizeof(struct dns_user_region)*arrary_num); + for(i=0; i<arrary_num; i++) + { + resolution=cJSON_GetArrayItem(resolution_array, i); + if(resolution==NULL) + { + continue; + } + + qtype=cJSON_GetObjectItem(resolution, "qtype"); + if(qtype==NULL || qtype->valuestring==NULL) + { + continue; + } + + records[i].query_type=get_dns_qtype(qtype->valuestring, strlen(qtype->valuestring)); + if(records[i].query_type==-1) + { + continue; + } + + answer_array=cJSON_GetObjectItem(resolution, "answer"); + if(answer_array==NULL) + { + continue; + } + + parse_answer_records(&(records[i]), answer_array); + } + + return records; +} + static struct compile_user_region *parse_deny_user_region(cJSON *object) { int ret=0; - cJSON *item=NULL; + cJSON *item=NULL; + cJSON *resolution_array=NULL; struct compile_user_region *user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region)); item=cJSON_GetObjectItem(object, "method"); @@ -681,12 +851,29 @@ static struct compile_user_region *parse_deny_user_region(cJSON *object) user_region->deny->type=TSG_DENY_TYPE_REDIRECT_TO; break; } + ret=get_string_from_json(object, "to", &(user_region->deny->redirect_url_to)); if(ret==1) { user_region->deny->type=TSG_DENY_TYPE_REDIRECT_TO; break; } + + resolution_array=cJSON_GetObjectItem(object, "resolution"); + if(resolution_array!=NULL) + { + user_region->deny->records_num=cJSON_GetArraySize(resolution_array); + if(user_region->deny->records_num<=0) + { + break; + } + user_region->deny->records=parse_dns_user_region(resolution_array, user_region->deny->records_num); + if(user_region->deny->records!=NULL) + { + user_region->deny->type=TSG_DENY_TYPE_REDIRECT_RECORD; + break; + } + } break; case TSG_METHOD_TYPE_RATE_LINIT: user_region->deny=(struct deny_user_region *)calloc(1, sizeof(struct deny_user_region)); @@ -764,9 +951,33 @@ void security_compile_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *fro } } +static void free_dns_records_val(struct dns_record_val *record_val, int record_val_num) +{ + int i=0; + for(i=0; i<record_val_num; i++) + { + _free_field(record_val[i].cname); + record_val[i].cname=NULL; + } +} + +static void free_dns_answer_records(struct dns_answer_records *answer_records) +{ + if(answer_records!=NULL) + { + if(answer_records->record_val.answer_type==DNS_TYPE_CNAME && answer_records->record_val.selected_flag==0) + { + free_dns_records_val(&(answer_records->record_val), 1); + } + + _free_field((char *)answer_records); + answer_records=NULL; + } +} + static void free_deny_user_region(struct deny_user_region *deny) { - if(deny==NULL) + if(deny==NULL || deny->para==NULL) { return ; } @@ -775,11 +986,16 @@ static void free_deny_user_region(struct deny_user_region *deny) { case TSG_DENY_TYPE_MESSAGE: case TSG_DENY_TYPE_REDIRECT_TO: - if(deny->para) - { - free(deny->para); - deny->para=NULL; - } + case TSG_DENY_TYPE_REDIRECT_URL: + _free_field(deny->message); + deny->message=NULL; + break; + case TSG_DENY_TYPE_REDIRECT_RECORD: + free_dns_answer_records(deny->records->a); + free_dns_answer_records(deny->records->aaaa); + free_dns_answer_records(deny->records->cname); + _free_field(deny->message); + deny->message=NULL; break; default: break; @@ -795,32 +1011,29 @@ void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* return ; } - atomic_dec(&user_region->ref_cnt); - if(user_region->ref_cnt>0) + if((__sync_sub_and_fetch(&user_region->ref_cnt, 1) == 0)) { - return ; - } - - switch(user_region->method_type) - { - case TSG_METHOD_TYPE_ALERT: - case TSG_METHOD_TYPE_BLOCK: - case TSG_METHOD_TYPE_RATE_LINIT: - case TSG_METHOD_TYPE_REDIRECTION: - free_deny_user_region(user_region->deny); - break; - default: - break; - } - - if(user_region->user_region_para!=NULL) - { - free(user_region->user_region_para); - user_region->user_region_para=NULL; + switch(user_region->method_type) + { + case TSG_METHOD_TYPE_ALERT: + case TSG_METHOD_TYPE_BLOCK: + case TSG_METHOD_TYPE_RATE_LINIT: + case TSG_METHOD_TYPE_REDIRECTION: + free_deny_user_region(user_region->deny); + break; + default: + break; + } + + if(user_region->user_region_para!=NULL) + { + _free_field((char *)(user_region->user_region_para)); + user_region->user_region_para=NULL; + } + + _free_field((char *)(*ad)); + *ad=NULL; } - - free(*ad); - *ad=NULL; } @@ -874,10 +1087,9 @@ cleanup: void http_response_pages_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { - struct http_response_pages *res_pages=(struct http_response_pages *)*from; - - if(*from!=NULL) + if((*from)!=NULL) { + struct http_response_pages *res_pages=(struct http_response_pages *)(*from); *to=*from; atomic_inc(&res_pages->ref_cnt); } @@ -885,33 +1097,17 @@ void http_response_pages_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_ void http_response_pages_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - int ret=0; - void *logger=argp; - int is_valid; - char format[256]={0}; - char path[1024]={0}; - char profile_name[256]={0}; - struct http_response_pages *res_pages=NULL; + char *path=NULL, *format=NULL; + struct http_response_pages *res_pages=(struct http_response_pages *)calloc(1, sizeof(struct http_response_pages)); + res_pages->profile_id=tsg_get_column_integer_value(table_line, 1); - res_pages=(struct http_response_pages *)calloc(1, sizeof(struct http_response_pages)); - - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%d", &res_pages->profile_id, profile_name, format, path, &is_valid); - if(ret!=5) + format=tsg_get_column_string_value(table_line, 3); + path=tsg_get_column_string_value(table_line, 4); + + if(format==NULL && path==NULL) { - free(res_pages); + _free_field((char *)res_pages); res_pages=NULL; - if(logger!=NULL) - { - MESA_handle_runtime_log(logger, - RLOG_LV_FATAL, - "RESPONSE_PAGES", - "Parse response pages failed, ret: %d table_id: %d key: %s table_line: %s", - ret, - table_id, - key, - table_line - ); - } return; } @@ -923,34 +1119,157 @@ void http_response_pages_new(int table_id, const char* key, const char* table_li { res_pages->format=HTTP_RESPONSE_FORMAT_HTML; } + + _free_field(format); + format=NULL; - atomic_inc(&res_pages->ref_cnt); res_pages->content=get_pages_content(path, &res_pages->content_len); - *ad=(MAAT_PLUGIN_EX_DATA)res_pages; + _free_field(path); + path=NULL; + + if(res_pages->content!=NULL && res_pages->content_len>0) + { + atomic_inc(&res_pages->ref_cnt); + *ad=(MAAT_PLUGIN_EX_DATA)res_pages; + } + else + { + _free_field(res_pages->content); + _free_field((char *)res_pages); + res_pages=NULL; + } } void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { - struct http_response_pages *res_pages=(struct http_response_pages *)*ad; + if((*ad)!=NULL) + { + struct http_response_pages *res_pages=(struct http_response_pages *)(*ad); + if((__sync_sub_and_fetch(&res_pages->ref_cnt, 1) == 0)) + { + _free_field(res_pages->content); + _free_field((char *)(*ad)); + *ad=NULL; + } + } +} - atomic_dec(&res_pages->ref_cnt); - if(res_pages->ref_cnt<=0) +void dns_profile_records_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +{ + int i=0; + cJSON *one_record=NULL,*pSub=NULL; + struct dns_profile_records *profile_records=(struct dns_profile_records *)calloc(1, sizeof(struct dns_profile_records)); + profile_records->record_id=tsg_get_column_integer_value(table_line, 1); + char *answer_type=tsg_get_column_string_value(table_line, 3); + char *json_record=tsg_get_column_string_value(table_line, 4); + + cJSON *records_array=cJSON_Parse(json_record); + if(records_array!=NULL) { - free(res_pages->content); - free(*ad); - *ad=NULL; + profile_records->record_num=cJSON_GetArraySize(records_array); + profile_records->record_val=(struct dns_record_val *)calloc(1, profile_records->record_num*sizeof(struct dns_record_val)); + profile_records->answer_type=get_dns_qtype(answer_type, strlen(answer_type)); + + for(i=0; i<profile_records->record_num; i++) + { + one_record=cJSON_GetArrayItem(records_array, i); + if(one_record==NULL) + { + continue; + } + + pSub=cJSON_GetObjectItem(one_record, "value"); + if(NULL==pSub ) + { + continue; + } + + switch(profile_records->answer_type) + { + case DNS_TYPE_A: + profile_records->record_val[i].answer_type=profile_records->answer_type; + profile_records->record_val[i].len=sizeof(struct in_addr); + inet_pton(AF_INET, pSub->valuestring, &(profile_records->record_val[i].v4_addr.s_addr)); + break; + case DNS_TYPE_AAAA: + profile_records->record_val[i].answer_type=profile_records->answer_type; + profile_records->record_val[i].len=sizeof(struct in6_addr); + inet_pton(AF_INET6, pSub->valuestring, (profile_records->record_val[i].v6_addr.s6_addr)); + break; + case DNS_TYPE_CNAME: + profile_records->record_val[i].answer_type=profile_records->answer_type; + profile_records->record_val[i].len=strlen(pSub->valuestring); + profile_records->record_val[i].cname=(char *)calloc(1, profile_records->record_val[i].len+1); + memcpy(profile_records->record_val[i].cname, pSub->valuestring, profile_records->record_val[i].len); + break; + default: + continue; + } + } + + atomic_inc(&profile_records->ref_cnt); + (*ad)=(MAAT_PLUGIN_EX_DATA)profile_records; + + cJSON_Delete(records_array); + records_array=NULL; + + _free_field(json_record); + json_record=NULL; + + _free_field(answer_type); + answer_type=NULL; + } + else + { + _free_field((char *)profile_records); + profile_records=NULL; + } + + return ; +} + +void dns_profile_records_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp) +{ + if((*from)!=NULL) + { + struct dns_profile_records *profile_records=(struct dns_profile_records *)(*from); + atomic_inc(&profile_records->ref_cnt); + (*to)=(*from); + } + + return ; +} + +void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp) +{ + if((*ad)!=NULL) + { + struct dns_profile_records *profile_records=(struct dns_profile_records *)*ad; + if((__sync_sub_and_fetch(&profile_records->ref_cnt, 1) == 0)) + { + if(profile_records->answer_type==DNS_TYPE_CNAME) + { + free_dns_records_val(profile_records->record_val, profile_records->record_num); + } + + _free_field((char *)(profile_records->record_val)); + profile_records->record_val=NULL; + + _free_field((char *)(*ad)); + *ad=NULL; + } } } static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq) { int i=0,j=0,ret=0; - struct _fqdn_category_t *ex_data_array[8]={0}; + struct fqdn_category *ex_data_array[8]={0}; ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8); if(ret>0) { - qsort(ex_data_array, ret, sizeof(struct _fqdn_category_t *), sort_category_id); + qsort(ex_data_array, ret, sizeof(struct fqdn_category *), sort_category_id); for(i=0; i<ret; i++) { @@ -966,7 +1285,7 @@ static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char } } - fqdn_cat_free_data(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger); + fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger); } return j; @@ -1136,6 +1455,7 @@ int tsg_rule_init(const char* conffile, void *logger) MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER"); MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], _MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES"); + MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS"); //init static maat feather g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger); @@ -1179,9 +1499,9 @@ int tsg_rule_init(const char* conffile, void *logger) { ret=Maat_ip_plugin_EX_register(g_tsg_maat_feather, g_tsg_para.table_id[i], - ASN_new_data, - ASN_free_data, - ASN_dup_data, + ASN_number_new, + ASN_number_free, + ASN_number_dup, 0, logger); if(ret<0) @@ -1222,9 +1542,9 @@ int tsg_rule_init(const char* conffile, void *logger) { ret=Maat_fqdn_plugin_EX_register(g_tsg_maat_feather, g_tsg_para.table_id[i], - fqdn_cat_new_data, - fqdn_cat_free_data, - fqdn_cat_dup_data, + fqdn_category_new, + fqdn_category_free, + fqdn_category_dup, 0, logger ); @@ -1242,9 +1562,9 @@ int tsg_rule_init(const char* conffile, void *logger) ret=Maat_plugin_EX_register(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], - app_id_dict_new_data, - app_id_dict_free_data, - app_id_dict_dup_data, + app_id_dict_new, + app_id_dict_free, + app_id_dict_dup, NULL, 0, logger); @@ -1278,6 +1598,21 @@ int tsg_rule_init(const char* conffile, void *logger) return -1; } + ret=Maat_plugin_EX_register(g_tsg_maat_feather, + g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], + dns_profile_records_new, + dns_profile_records_free, + dns_profile_records_dup, + NULL, + 0, + NULL); + + if(ret<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "REGISTER_TABLE", "Maat_plugin_EX_register failed, table_name: %s", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD]); + return -1; + } + //init dynamic maat feather g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger); if(g_tsg_maat_feather==NULL) @@ -1301,9 +1636,9 @@ int tsg_rule_init(const char* conffile, void *logger) } ret=Maat_plugin_EX_register(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, - subscribe_id_new_data, - subscribe_id_free_data, - subscribe_id_dup_data, + subscriber_id_new, + subscriber_id_free, + subscriber_id_dup, NULL, 0, logger); @@ -1319,9 +1654,9 @@ int tsg_rule_init(const char* conffile, void *logger) int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info) { int num=0; - policy_priority_label_t *label=NULL; + struct policy_priority_label *label=NULL; - label=(policy_priority_label_t *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id); + label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id); if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL) { if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT)) @@ -1420,7 +1755,7 @@ int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PL return 0; } -int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id_info_t **source_subscribe_id, struct _subscribe_id_info_t **dest_subscribe_id) +int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id) { char source_ip[MAX_IPV6_ADDR_LEN]={0}; char dest_ip[MAX_IPV6_ADDR_LEN]={0}; @@ -1445,34 +1780,34 @@ int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id if(strlen(dest_ip)>0 && *dest_subscribe_id==NULL) { - *dest_subscribe_id = (struct _subscribe_id_info_t *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip); + *dest_subscribe_id = (struct subscribe_id_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip); } if(strlen(source_ip)>0 && *source_subscribe_id==NULL) { - *source_subscribe_id = (struct _subscribe_id_info_t *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip); + *source_subscribe_id = (struct subscribe_id_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip); } return 0; } -int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct _asn_info_t *asn, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) +int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct asn_info *asn, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) { int ret=0; - if(asn==NULL || result==NULL || result_num==0) + if(asn==NULL || asn->asn_id==NULL|| result==NULL || result_num==0) { return 0; } - ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[idx], CHARSET_GBK, asn->asn, strlen(asn->asn), result, NULL, result_num, mid, a_stream->threadnum); + ret=Maat_full_scan_string(maat_feather, g_tsg_para.table_id[idx], CHARSET_GBK, asn->asn_id, strlen(asn->asn_id), result, NULL, result_num, mid, a_stream->threadnum); if(ret > 0) { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP_ASN", "Hit IP_ASN: %s scan ret: %d table_name: %s policy_id: %d service: %d action: %d addr: %s", - asn->asn, + asn->asn_id, ret, g_tsg_para.table_name[idx], result[0].config_id, @@ -1488,7 +1823,7 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre RLOG_LV_DEBUG, "SCAN_IP_ASN", "No hit IP_ASN: %s scan ret: %d table_name: %s addr: %s", - asn->asn, + asn->asn_id, ret, g_tsg_para.table_name[idx], PRINTADDR(a_stream, g_tsg_para.level) @@ -1497,12 +1832,12 @@ int tsg_scan_ip_asn(Maat_feather_t maat_feather, const struct streaminfo *a_stre } -int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct _location_info_t *location, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) +int tsg_scan_ip_location(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct location_info *location, enum MASTER_TABLE idx, scan_status_t *mid, Maat_rule_t*result, int result_num) { int ret=0; char buff[1024]={0}; - if(location==NULL || result==NULL || result_num==0) + if(location==NULL || location->country_full==NULL || location->city_full==NULL || result==NULL || result_num==0) { return 0; } @@ -1621,7 +1956,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * int ret=0; unsigned int proto_id=0; int hit_num=0; - struct _session_attribute_label_t *attribute_label=NULL; + struct session_attribute_label *attribute_label=NULL; if(result==NULL || result_num<=0 || a_stream==NULL || maat_feather==NULL) { @@ -1642,11 +1977,11 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * } } - attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, g_tsg_para.internal_project_id); + attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id); if(attribute_label==NULL) { - attribute_label=(struct _session_attribute_label_t *)dictator_malloc(a_stream->threadnum, sizeof(struct _session_attribute_label_t)); - memset(attribute_label, 0, sizeof(struct _session_attribute_label_t)); + attribute_label=(struct session_attribute_label *)dictator_malloc(a_stream->threadnum, sizeof(struct session_attribute_label)); + memset(attribute_label, 0, sizeof(struct session_attribute_label)); } if(hit_num<result_num) @@ -1685,7 +2020,7 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo * } } - ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.internal_project_id, (void *)attribute_label); + ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (void *)attribute_label); if(ret<0) { MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "ADD_INTERNAL_LABEL", "Add internal label failed, ret: %d addr: %s", ret, PRINTADDR(a_stream, g_tsg_para.level)); @@ -1866,18 +2201,16 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct str { int i=0,ret=0; int ret2=0, hit_num=0; - int district_len=strlen(district); - int property_len=strlen(property); struct Maat_rule_t property_result[MAX_RESULT_NUM]={0}; - if(property!=NULL && property_len>0 && district_len>0) + if(property!=NULL && district!=NULL) { - Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, district_len); + Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, strlen(district)); ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_PROPERTIES], CHARSET_UTF8, property, - property_len, + strlen(property), property_result, NULL, MAX_RESULT_NUM, @@ -1916,11 +2249,11 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct str return hit_num; } -int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq) +int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq) { int maat_ret=0; - if(user_info==NULL || result==NULL || result_num==0) + if(user_info==NULL || user_info->subscribe_id==NULL || result==NULL || result_num==0) { return 0; } @@ -2048,7 +2381,7 @@ int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_p { int offset=0; char app_id_buff[128]={0}; - struct app_id_dict_table *dict=NULL; + struct app_id_dict *dict=NULL; if(app_id<=0 || app_name==NULL || app_name_len<=0) { @@ -2056,7 +2389,7 @@ int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_p } snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id); - dict=(struct app_id_dict_table *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); if(dict!=NULL) { if(dict->parent_app_id!=0 && is_joint_parent==1) @@ -2068,7 +2401,7 @@ int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_p offset=snprintf(app_name, app_name_len, "%s", dict->app_name); } - app_id_dict_free_data(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); return offset; } @@ -2173,4 +2506,33 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co return 0; } +char *tsg_get_column_string_value(const char* line, int column_seq) +{ + int ret=0; + size_t offset=0; + size_t length=0; + + ret=get_column_pos(line, column_seq, &offset, &length); + if(ret>=0) + { + return _malloc_field(line+offset, length); + } + + return NULL; +} + +int tsg_get_column_integer_value(const char* line, int column_seq) +{ + int ret=0; + size_t offset=0; + size_t length=0; + + ret=get_column_pos(line, column_seq, &offset, &length); + if(ret>=0) + { + return atoi(line+offset); + } + + return -1; +} diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 1f53bb0..eae0a3f 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -34,6 +34,16 @@ const id2field_t tld_type[TLD_TYPE_MAX]={{TLD_TYPE_UNKNOWN, TLD_TYPE_UNKNOWN, " extern "C" int MESA_get_dev_ipv4(const char *device, int *ip_add); +static int string_cat(char *dst, int dst_len, char *src) +{ + if(dst==NULL || dst_len<=0 || src==NULL) + { + return 0; + } + + return snprintf(dst, dst_len, "%s", src); +} + static int is_tunnels(struct streaminfo *a_stream) { const struct streaminfo *ptmp = a_stream; @@ -151,26 +161,39 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_ return 0; } -static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct _asn_info_t *asn_info) +static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info) { + int len=0; char buff[1024]={0}; + int buff_len=sizeof(buff); if(asn_info!=NULL) { - snprintf(buff, sizeof(buff), "%s(%s)", asn_info->asn, asn_info->organization); + len+=string_cat(buff, buff_len-len, asn_info->asn_id); + buff[len++]='('; + len+=string_cat(buff, buff_len-len, asn_info->organization); + buff[len++]=')'; TLD_append(_handle, field_name, (void *)buff, TLD_TYPE_STRING); } return 1; } -static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct _location_info_t *location_info) +static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info) { + int len=0; char buff[1024]={0}; + int buff_len=sizeof(buff); if(location_info!=NULL) { - snprintf(buff, sizeof(buff), "%s,%s,%s", location_info->city_full, location_info->province_full, location_info->country_full); + len+=string_cat(buff, buff_len-len, location_info->city_full); + buff[len++]=','; + len+=string_cat(buff, buff_len-len, location_info->province_full); + buff[len++]=','; + len+=string_cat(buff, buff_len-len, location_info->country_full); + buff[len++]=','; + TLD_append(_handle, field_name, (void *)buff, TLD_TYPE_STRING); } @@ -322,6 +345,17 @@ static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle return 1; } +static int set_subscriber_id(struct TLD_handle_t *_handle, char *field_name, struct subscribe_id_info *subscriber) +{ + if(subscriber!=NULL && subscriber->subscribe_id!=NULL) + { + TLD_append(_handle, field_name, (void *)subscriber->subscribe_id, TLD_TYPE_STRING); + return 1; + } + + return 0; +} + static int set_fqdn_category(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, unsigned int *category_id, int category_id_num) { int i=0; @@ -835,6 +869,28 @@ struct TLD_handle_t *TLD_create(int thread_id) return _handle; } +static int set_user_region(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct Maat_rule_t *p_result, int thread_seq) +{ + int ret=0; + char *user_region=NULL; + + if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0) + { + user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1); + ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1); + if(ret==p_result->serv_def_len) + { + user_region[p_result->serv_def_len]='\0'; + TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)user_region, TLD_TYPE_STRING); + } + + dictator_free(thread_seq, user_region); + user_region=NULL; + } + + return 0; +} + static int get_gtp_ipv4v6_port(struct tsg_log_instance_t *_instance, struct streaminfo *a_stream, cJSON *object) { char ip_buff[64]={0}; @@ -1051,20 +1107,63 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name, return 0; } +int set_mirrored_pkt_bytes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct mirrored_vlan *vlan, int compile_id) +{ + int i=0; + for(i=0; i<vlan->compile_id_num; i++) + { + if(vlan->compile_id[i]==compile_id) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_PKTS].name, (void *)(long)(vlan->mirrored_pkts), TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_MIRRORED_BYTES].name, (void *)(long)(vlan->mirrored_bytes), TLD_TYPE_LONG); + return 1; + } + } + + return 0; +} + +int set_mirrored_session(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result) +{ + int i=0,ret=0; + struct tcpall_context *context=(struct tcpall_context *)project_req_get_struct(a_stream, g_tsg_para.tcpall_project_id); + if(context!=NULL && context->method_type==TSG_METHOD_TYPE_MIRRORED) + { + for(i=0; i<context->vlan_num; i++) + { + ret=set_mirrored_pkt_bytes(_instance, _handle, &(context->vlan[i]), p_result->config_id); + if(ret==1) + { + return 1; + } + } + } + + return 0; +} + int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { - struct _session_attribute_label_t *attribute_label=NULL; + int ret=0; + struct session_attribute_label *attribute_label=NULL; - attribute_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id); + attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, _instance->session_attribute_project_id); if(attribute_label!=NULL) { TLD_append(_handle, _instance->id2field[LOG_COMMON_ESTABLISH_LATENCY_MS].name, (void *)attribute_label->establish_latency_ms, TLD_TYPE_LONG); + TLD_append(_handle, _instance->id2field[LOG_COMMON_HTTP_ACTION_FILESIZE].name, (void *)(long)attribute_label->http_action_file_size, TLD_TYPE_LONG); set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_ASN].name, attribute_label->client_asn); set_asn(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_ASN].name, attribute_label->server_asn); set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_CLINET_LOCATION].name, attribute_label->client_location); set_location(_handle, a_stream, _instance->id2field[LOG_COMMON_SERVER_LOCATION].name, attribute_label->server_location); + + ret=set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->client_subscribe_id); + if(ret==0) + { + set_subscriber_id(_handle, _instance->id2field[LOG_COMMON_SUBSCRIBER_ID].name, attribute_label->server_subscribe_id); + } set_fqdn_category(_instance, _handle, a_stream, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num); @@ -1107,7 +1206,7 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle set_duraction(_instance, _handle, a_stream); set_packet_bytes(_instance, _handle, a_stream); set_session_attributes(_instance, _handle, a_stream); - + if(is_tunnels(a_stream)) { set_common_tunnels(_instance, _handle, a_stream); @@ -1353,10 +1452,9 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id) { - int ret=0,fs_id=0; + int fs_id=0; int i=0,status=0; char *payload=NULL; - char *user_agent=NULL; int repeat_cnt=0; struct timespec cur_time; int policy_id[MAX_RESULT_NUM]={0}; @@ -1446,18 +1544,14 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG); TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG); - if(_instance->send_user_region==1 && log_msg->result[i].action!=TSG_ACTION_NONE && log_msg->result[i].serv_def_len>0) + if(log_msg->result[i].action==TSG_ACTION_MONITOR) { - user_agent=(char *)dictator_malloc(thread_id, log_msg->result[i].serv_def_len+1); - ret=Maat_read_rule(g_tsg_maat_feather, &(log_msg->result[i]), MAAT_RULE_SERV_DEFINE, user_agent, log_msg->result[i].serv_def_len+1); - if(ret==log_msg->result[i].serv_def_len) - { - user_agent[log_msg->result[i].serv_def_len]='\0'; - TLD_append(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name, (void *)user_agent, TLD_TYPE_STRING); - } - - dictator_free(thread_id, user_agent); - user_agent=NULL; + set_mirrored_session(_instance, _handle, log_msg->a_stream, &(log_msg->result[i])); + } + + if(_instance->send_user_region==1) + { + set_user_region(_instance, _handle, &log_msg->result[i], thread_id); } if(log_msg->result[i].action==TSG_ACTION_DENY) diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index 5414a95..a31e886 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -107,6 +107,8 @@ typedef enum _tsg_log_field_id LOG_COMMON_USERDEFINE_APP, LOG_COMMON_MIRRORED_PKTS, LOG_COMMON_MIRRORED_BYTES, + LOG_COMMON_SUBSCRIBER_ID, + LOG_COMMON_HTTP_ACTION_FILESIZE, LOG_COMMON_MAX }tsg_log_field_id_t; @@ -131,7 +133,7 @@ struct tsg_log_instance_t int app_id_type; int send_user_region; int recovery_interval; - int internal_project_id; + int session_attribute_project_id; int tcp_flow_project_id; int udp_flow_project_id; int *send_log_percent; |