TSG-12336,TSG-13086: 将L7 protocol字段与app_label字段整合为common_app_full_path字段,L7 protocol ID转字符串时取值策略OBJECT中Application Namev5.9.1

author: liuxueli <[email protected]> 2022-12-30 17:30:53 +0800
committer: liuxueli <[email protected]> 2022-12-30 17:30:53 +0800
commit: e0f6856189adc2f803380292462ea5311d87d42c (patch)
tree: c2d7df8cf8a9d1cc9fe5f7ee8574490de681450b
parent: 3bd6a5642f32b8d26739e6d34532e56cd60a408f (diff)
5 files changed, 83 insertions, 204 deletions
diff --git a/bin/tsg_l7_protocol.conf b/bin/tsg_l7_protocol.conf
index f7378e6..a2b04d1 100644
--- a/bin/tsg_l7_protocol.conf
+++ b/bin/tsg_l7_protocol.conf
@@ -41,7 +41,7 @@ STRING	ISAKMP		92
 STRING	MDNS		3835
 STRING	NETBIOS		129
 STRING	NETFLOW		130
-STRING	RDP		150
+STRING	RDP		159
 STRING	RTCP		174
 STRING	RTP		175
 STRING	SLP		8007
diff --git a/inc/app_label.h b/inc/app_label.h
index 0af4bc5..0c503ba 100644
--- a/inc/app_label.h
+++ b/inc/app_label.h
@@ -26,7 +26,8 @@ enum APP_IDENTIFY_ORIGIN
 	ORIGIN_QM_ENGINE,
 	ORIGIN_BUILT_IN,
 	ORIGIN_ANALYZE,
-	ORIGIN_UNKNOWN,		// unknown app ID=4
+	ORIGIN_UNKNOWN,		// unknown app ID=4	
+	ORIGIN_QM_ENGINE_L7,
 	ORIGIN_MAX
 };
 
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 8efc790..28eca47 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -991,14 +991,14 @@ static void copy_bypass_result(const struct streaminfo *a_stream, struct master_
 
 int copy_app_result(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence)
 {
-	int i=0;
-	for(i=0; (i < identify_result->app_id_num) && i<MAX_APP_ID_NUM && (gather_result->app_num < MAX_APP_ID_NUM); i++)
+	if(identify_result->app_id_num<=gather_result->app_num)
 	{
-		if(gather_result->attributes[i].app_id==identify_result->app_id[i] && gather_result->attributes[i].surrogate_id==identify_result->surrogate_id[i])
-		{
-			continue;
-		}
-		
+		return 0;
+	}
+	
+	gather_result->app_num=0;
+	for(int i=0; (i < identify_result->app_id_num) && i<MAX_APP_ID_NUM && (gather_result->app_num < MAX_APP_ID_NUM); i++)
+	{		
 		gather_result->origin=identify_result->origin;
 		gather_result->attributes[i].app_id=identify_result->app_id[i];
 		gather_result->attributes[i].surrogate_id=identify_result->surrogate_id[i];
diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp
index 238463b..45c204a 100644
--- a/src/tsg_send_log.cpp
+++ b/src/tsg_send_log.cpp
@@ -622,7 +622,7 @@ static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name,
 
 	for(i=ORIGIN_USER_DEFINE; i<ORIGIN_MAX; i++)
 	{
-		if(result[i].app_num<=0 || i==ORIGIN_QM_ENGINE)
+		if(result[i].app_num<=0 || i==ORIGIN_QM_ENGINE || i==ORIGIN_QM_ENGINE_L7)
 		{
 			continue;
 		}
@@ -712,34 +712,6 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
 	return 1;
 }
 
-static int get_l7_protocol(struct gather_app_result *result, char *protocol_list, int protocol_list_len,  int *flag)
-{
-	int i=0,offset=0;
-	char *name=NULL;
-
-	if((*flag)==1)
-	{
-		return 0;
-	}
-	
-	for(i=0; i<result->app_num; i++)
-	{
-		(*flag)=1;
-		name=tsg_l7_protocol_id2name(result->attributes[i].app_id);
-		if(name!=NULL)
-		{
-			if(i>0 && offset>0 && (protocol_list_len-offset)>0)
-			{
-				protocol_list[offset]='.';
-				offset++;
-			}
-			offset+=snprintf(protocol_list+offset, protocol_list_len-offset, "%s", name);
-		}
-	}
-
-	return 1;
-}
-
 static unsigned int get_userdefine_name(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
 {
 	if((*flag)==1 || result->app_num<=0)
@@ -765,20 +737,6 @@ static unsigned int get_userdefine_name(struct gather_app_result *result, char *
 	return max_app_id;
 }
 
-static int get_app_id(struct gather_app_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag)
-{
-	if(result->app_num>0 && (*flag)==0)
-	{
-		(*flag)=1;
-		(*app_id)=result->attributes[result->app_num-1].app_id;
-		(*surrogate_id)=result->attributes[result->app_num-1].surrogate_id;
-
-		return 1;
-	}
-
-	return 0;
-}
-
 static int get_app_name_list(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
 {
 	int i=0;
@@ -817,18 +775,22 @@ static int get_app_name_list(struct gather_app_result *result, char *app_name, i
 	L7(null), appSketch(null), Thrid(null) = unknown
 */
 
-static int get_QM_app_idx(struct gather_app_result *qm_result)
+static int split_l7_and_app(struct gather_app_result *qm_result, struct gather_app_result *qm_l7_result)
 {
 	int i=0;
-	for(i=0; i<qm_result->app_num; i++)
+	for(i=qm_result->app_num; i>0; i--)
 	{
-		if(tsg_l7_protocol_id2name(qm_result->attributes[i].app_id)==NULL)
+		if(tsg_l7_protocol_id2name(qm_result->attributes[i-1].app_id))
 		{
 			break;
 		}
 	}
 
-	return i;
+	qm_l7_result->app_num=i;
+	qm_l7_result->origin=ORIGIN_QM_ENGINE_L7;
+	memcpy(qm_l7_result->attributes, qm_result->attributes, sizeof(struct app_attributes)*i);
+
+	return 0;
 }
 
 /*
@@ -850,92 +812,39 @@ static int copy_app_id(struct app_attributes *result, int result_num, unsigned i
 
 	return i;
 }
-static int engine_result_combine(struct app_attributes *engine1_result, int engine1_result_num, struct app_attributes *engine2_result, int engine2_result_num, unsigned int *combined_array, int combined_array_num)
-{
-	int i=0,j=0,intersection_flag=0;
-
-	for(i=0; i<engine1_result_num; i++)
-	{
-		for(j=i+1; j<engine2_result_num; j++)
-		{
-			if(engine1_result[i].app_id==engine2_result[j].app_id)
-			{
-				intersection_flag=1;
-				break;
-			}
-		}
-	}
-
-
-/* ** Engine1 2   Engine2 1.2 -> 1.2 ** */
-	if(intersection_flag==1 || engine1_result_num==0)
-	{
-		return copy_app_id(engine2_result, engine2_result_num, combined_array, combined_array_num);
-	}
-
-/* 
-** Engine1 1.2 Engine2 1   -> 1.2
-** Engine1 1.2 Engine2 1.3 -> 1.2
-*/
-	if(engine1_result_num>=engine2_result_num || engine2_result_num==0)
-	{	
-		return copy_app_id(engine1_result, engine1_result_num, combined_array, combined_array_num);
-	}
-
-/*
-** Engine1 1   Engine2 1.2 -> 1.2
-*/
-	if(engine2_result_num>engine1_result_num && engine1_result[0].app_id==engine2_result[0].app_id)
-	{
-		return copy_app_id(engine2_result, engine2_result_num, combined_array, combined_array_num);
-	}
-
-/*
-** Engine1 1   Engine2 2   -> 1
-** Engine1 1   Engine2 2.3 -> 1
-*/
-	return copy_app_id(engine1_result, engine1_result_num, combined_array, combined_array_num);
-}
-
 
+#define	COMBINED_APP_ID_NUM	MAX_APP_ID_NUM*2
 int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result)
 {
 	int offset=0;
-	int qm_app_idx=0;
 	int combined_num=0;
 	char app_full_path[256]={0};
-	unsigned int combined_array[MAX_APP_ID_NUM*2]={0};
-
-	qm_app_idx=get_QM_app_idx(&(result[ORIGIN_QM_ENGINE]));
-	combined_num+=engine_result_combine(result[ORIGIN_BASIC_PROTOCOL].attributes,
-										result[ORIGIN_BASIC_PROTOCOL].app_num,
-										result[ORIGIN_QM_ENGINE].attributes,
-										qm_app_idx, 
-										combined_array+combined_num,
-										sizeof(combined_array)-combined_num
-									);
-
-	
+	unsigned int combined_array[COMBINED_APP_ID_NUM]={0};
 
-	if(result[ORIGIN_USER_DEFINE].app_num==0)
+	if(result[ORIGIN_BASIC_PROTOCOL].app_num>0)
 	{
-		combined_num+=engine_result_combine(result[ORIGIN_BUILT_IN].attributes,
-												result[ORIGIN_BUILT_IN].app_num,
-												(result[ORIGIN_QM_ENGINE].attributes)+qm_app_idx,
-												result[ORIGIN_QM_ENGINE].app_num-qm_app_idx,
-												combined_array+combined_num,
-												sizeof(combined_array)-combined_num
-											);
+		combined_num+=copy_app_id(result[ORIGIN_BASIC_PROTOCOL].attributes, result[ORIGIN_BASIC_PROTOCOL].app_num, combined_array, COMBINED_APP_ID_NUM);
 	}
 	else
 	{
-		combined_num+=engine_result_combine(result[ORIGIN_USER_DEFINE].attributes,
-												result[ORIGIN_USER_DEFINE].app_num,
-												NULL,
-												0,
-												combined_array+combined_num,
-												sizeof(combined_array)-combined_num
-											);
+		combined_num+=copy_app_id(result[ORIGIN_QM_ENGINE_L7].attributes, result[ORIGIN_QM_ENGINE_L7].app_num, combined_array, COMBINED_APP_ID_NUM);
+	}
+	
+	if(result[ORIGIN_USER_DEFINE].app_num>0)
+	{
+		combined_num+=copy_app_id(result[ORIGIN_USER_DEFINE].attributes, result[ORIGIN_USER_DEFINE].app_num, combined_array+combined_num, COMBINED_APP_ID_NUM-combined_num);
+	}
+	else if(result[ORIGIN_BUILT_IN].app_num>0)	
+	{
+		combined_num+=copy_app_id(result[ORIGIN_BUILT_IN].attributes, result[ORIGIN_BUILT_IN].app_num, combined_array+combined_num, COMBINED_APP_ID_NUM-combined_num);	
+	}
+	else if(result[ORIGIN_QM_ENGINE].app_num-result[ORIGIN_QM_ENGINE_L7].app_num > 0)
+	{
+		combined_num+=copy_app_id(  result[ORIGIN_QM_ENGINE].attributes + result[ORIGIN_QM_ENGINE_L7].app_num,
+									result[ORIGIN_QM_ENGINE].app_num - result[ORIGIN_QM_ENGINE_L7].app_num, 
+									combined_array+combined_num,
+									COMBINED_APP_ID_NUM-combined_num
+								);
 	}
 
 	if(combined_num==0)
@@ -971,12 +880,7 @@ int set_app_full_path(struct TLD_handle_t *_handle, char *field_name, struct gat
 static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
 	int app_id_flag=0;
-	int l7_protocol_flag=0;
 	char app_name[512]={0};
-	char protocol_list[256]={0};
-
-	unsigned int one_app_id=0;
-	unsigned int one_surrogate_id=0;
 	struct gather_app_result *gather_result=NULL;
 	
 	gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
@@ -987,80 +891,59 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING);
 		}
 		
-		TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
 		return 0;
 	}
-	
-	get_l7_protocol(&(gather_result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
-	if(l7_protocol_flag==1)
+
+	split_l7_and_app(&(gather_result[ORIGIN_QM_ENGINE]), &(gather_result[ORIGIN_QM_ENGINE_L7]));
+
+	set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]));
+
+	set_app_full_path(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, gather_result);
+
+	if(gather_result[ORIGIN_USER_DEFINE].app_num > 0)
 	{
-		TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
-	}
-	else
+		get_userdefine_name(&(gather_result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 0);
+	} 
+	else if(gather_result[ORIGIN_BUILT_IN].app_num > 0)
 	{
-		TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
+		get_app_name_list(&(gather_result[ORIGIN_BUILT_IN]), app_name, sizeof(app_name), &app_id_flag, 0);
 	}
-
-	if(_instance->app_id_type==0) // int
-	{
-		get_app_id(&(gather_result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
-		get_app_id(&(gather_result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag);
-		get_app_id(&(gather_result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
-		
-		if(app_id_flag==1)
-		{
-			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, (void *)(long)one_app_id, TLD_TYPE_LONG);		
-			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_SURROGATE_ID].name, (void *)(long)one_surrogate_id, TLD_TYPE_LONG);
-		}
+	else if(gather_result[ORIGIN_DKPT].app_num > 0)
+	{		
+		get_app_name_list(&(gather_result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0);
+	}
+	else if(gather_result[ORIGIN_QM_ENGINE].app_num - gather_result[ORIGIN_QM_ENGINE_L7].app_num > 0)
+	{			
+		get_app_name_list(&(gather_result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 0);			
 	}
-	else //string
+	else if(gather_result[ORIGIN_UNKNOWN].app_num > 0)
+	{			
+		get_app_name_list(&(gather_result[ORIGIN_UNKNOWN]), app_name, sizeof(app_name), &app_id_flag, 0);
+	}
+			
+	if(app_id_flag==1)
 	{
-		set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]));
-
-		set_app_full_path(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, gather_result);
-				
-		get_userdefine_name(&(gather_result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 0);
-		
-		if(app_id_flag!=1)
+		if(!(TLD_search(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name)))
 		{
-			get_app_name_list(&(gather_result[ORIGIN_BUILT_IN]), app_name, sizeof(app_name), &app_id_flag, 0);
+			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
 		}
+		
+		set_app_identify_info(_handle, _instance->id2field[LOG_COMMON_APP_IDENTIFY_INFO].name, gather_result);
+	}
 
-		if(app_id_flag!=1)
-		{		
-			get_app_name_list(&(gather_result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0);
-		}
-
-		if(app_id_flag!=1)
-		{		
-			get_app_name_list(&(gather_result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 0);
-		}
-
-		if(app_id_flag!=1)
-		{			
-			get_app_name_list(&(gather_result[ORIGIN_UNKNOWN]), app_name, sizeof(app_name), &app_id_flag, 0);
-		}
-				
-		if(app_id_flag==1)
-		{
-			if(!(TLD_search(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name)))
-			{
-				TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
-			}
-
-			if(_instance->send_app_id)
-			{
-				Value app_id_object(kObjectType);
-				get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(gather_result[ORIGIN_USER_DEFINE]));
-				get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(gather_result[ORIGIN_BUILT_IN]));
-				get_app_id_list(&app_id_object, _handle, "DKPT", &(gather_result[ORIGIN_DKPT]));
-				get_app_id_list(&app_id_object, _handle, "THIRD", &(gather_result[ORIGIN_QM_ENGINE]));
-				get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result[ORIGIN_UNKNOWN]));
-				TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
-			}
-			set_app_identify_info(_handle, _instance->id2field[LOG_COMMON_APP_IDENTIFY_INFO].name, gather_result);
-		}
+	if(_instance->send_app_id)
+	{
+		Value app_id_object(kObjectType);
+		get_app_id_list(&app_id_object, _handle, "LPI_L7", &(gather_result[ORIGIN_BASIC_PROTOCOL]));
+		get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(gather_result[ORIGIN_USER_DEFINE]));
+		get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(gather_result[ORIGIN_BUILT_IN]));
+		get_app_id_list(&app_id_object, _handle, "DKPT", &(gather_result[ORIGIN_DKPT]));
+		get_app_id_list(&app_id_object, _handle, "THIRD", &(gather_result[ORIGIN_QM_ENGINE]));
+		get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result[ORIGIN_UNKNOWN]));
+		get_app_id_list(&app_id_object, _handle, "QM_L7", &(gather_result[ORIGIN_QM_ENGINE_L7]));
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
 	}
+	
 
 	return 1;
 }
@@ -2040,9 +1923,6 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "VSYSTEM_ID", &(_instance->vsystem_id), 1);
 	MESA_load_profile_int_def(conffile, "SYSTEM","UNKNOWN_APP_ID", &_instance->unknown_app_id, 4);
 
-	MESA_load_profile_int_def(conffile, "TSG_LOG", "APP_ID_TYPE", &(_instance->app_id_type), 1);	//0: int, 1: string	
-	MESA_load_profile_string_def(conffile, "TSG_LOG", "L7_UNKNOWN_NAME", _instance->l7_unknown_name, sizeof(_instance->l7_unknown_name), "UNCATEGORIZED");
-
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "LINKINFO_FROM_MAC", bridge_name[LOG_BRIDGE_MAC_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_MAC_LINKINFO]), "mirror_linkinfo_from_mac");
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_C2S_LINKINFO", bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_C2S_LINKINFO]), "common_link_info_c2s");
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "NAT_S2C_LINKINFO", bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO], sizeof(bridge_name[LOG_BRIDGE_NAT_S2C_LINKINFO]), "common_link_info_s2c");
diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h
index 8dc60fa..f7dd452 100644
--- a/src/tsg_send_log_internal.h
+++ b/src/tsg_send_log_internal.h
@@ -199,7 +199,6 @@ struct tsg_log_instance_t
 	int mode;
 	int level;
 	int max_service;
-	int app_id_type;
 	int vsystem_id;
 	int unknown_app_id;
 	int send_user_region;
@@ -215,7 +214,6 @@ struct tsg_log_instance_t
 	int bridge_id[LOG_BRIDGE_MAX];
 	int fs2_column_id[LOG_COLUMN_STATUS_MAX];
 	int fs2_field_id[LOG_FS2_TYPE_MAX];
-	char l7_unknown_name[MAX_STRING_LEN];
 	char log_path[MAX_STRING_LEN*2];
 	char tcp_label[MAX_STRING_LEN];
 	char udp_label[MAX_STRING_LEN];
author	liuxueli <[email protected]>	2022-12-30 17:30:53 +0800
committer	liuxueli <[email protected]>	2022-12-30 17:30:53 +0800
commit	e0f6856189adc2f803380292462ea5311d87d42c (patch)
tree	c2d7df8cf8a9d1cc9fe5f7ee8574490de681450b
parent	3bd6a5642f32b8d26739e6d34532e56cd60a408f (diff)