summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorliuxueli <[email protected]>2022-06-02 16:57:11 +0800
committerliuxueli <[email protected]>2022-06-02 16:57:11 +0800
commit0d47ea1fa23771ea80330afce970b57dd7a4c407 (patch)
treefdf7e61fa5867d8a5c547b9f414d17a557b82775 /src
parent0af47e8a4921cad71c999b27c956ca2c9f5aa55f (diff)
TSG-10533: 增加日志公共字段common_app_identify_info,用于展示APP识别的过程
Diffstat (limited to 'src')
-rw-r--r--src/tsg_entry.cpp87
-rw-r--r--src/tsg_entry.h892
-rw-r--r--src/tsg_send_log.cpp185
-rw-r--r--src/tsg_send_log_internal.h1
4 files changed, 626 insertions, 539 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index d62e7e6..5aab3ad 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -494,6 +494,23 @@ static int get_default_policy(int compile_id, struct Maat_rule_t *result)
return 0;
}
+static int get_packet_sequence(const struct streaminfo *a_stream)
+{
+ unsigned int packet_sequence=0;
+ unsigned long long value=0;
+ int value_len=sizeof(unsigned long long);
+
+ value=0;
+ MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len);
+ packet_sequence+=(unsigned int)value;
+
+ value=0;
+ MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
+ packet_sequence+=(unsigned int)value;
+
+ return packet_sequence;
+}
+
static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
{
if(after_n_packets<=0 || a_stream->pdetail==NULL)
@@ -935,6 +952,26 @@ static void copy_bypass_result(const struct streaminfo *a_stream, struct master_
return ;
}
+int copy_app_result(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence)
+{
+ int i=0;
+ for(i=0; (i < identify_result->app_id_num) && i<MAX_APP_ID_NUM && (gather_result->app_num < MAX_APP_ID_NUM); i++)
+ {
+ if(gather_result->attributes[i].app_id==identify_result->app_id[i] && gather_result->attributes[i].surrogate_id==identify_result->surrogate_id[i])
+ {
+ continue;
+ }
+
+ gather_result->origin=identify_result->origin;
+ gather_result->attributes[i].app_id=identify_result->app_id[i];
+ gather_result->attributes[i].surrogate_id=identify_result->surrogate_id[i];
+ gather_result->attributes[i].packet_sequence=packet_sequence;
+ gather_result->app_num++;
+ }
+
+ return 0;
+}
+
static int l7_protocol_mapper(const char *filename)
{
int ret=0;
@@ -1095,16 +1132,18 @@ static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol
return 0;
}
- gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
- memset(gather_result, 0, sizeof(struct gather_app_result));
+ gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
+ memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
if(app_id>0)
{
- gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1;
- gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id;
- gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
+ gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1;
+ gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
+ gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=app_id;
+ gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id=0;
+ gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence=get_packet_sequence(a_stream);
}
return 0;
@@ -1509,9 +1548,8 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
if(sip_ret==SIP_TRUE)
{
context->proto=PROTO_SIP;
- }
-
- return 1;
+ return 1;
+ }
}
if(g_tsg_para.proto_flag&(1<<PROTO_RDP)) //RDP
@@ -1537,7 +1575,7 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru
return ret;
}
-int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq)
+int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct gather_app_result *identify_result, int thread_seq)
{
int i=0,hit_num=0;
int hited_app_id=0;
@@ -1547,9 +1585,9 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
struct app_id_dict *dict=NULL;
struct Maat_rule_t *p_result, *d_result=NULL;
- for(i=0; i< identify_result->app_id_num; i++)
+ for(i=0; i< identify_result->app_num; i++)
{
- snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]);
+ snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->attributes[i].app_id);
dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
if(dict!=NULL)
{
@@ -1559,7 +1597,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq);
hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
- hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq);
+ hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->attributes[i].app_id, thread_seq);
after_n_packets=dict->deny_app_para.after_n_packets;
set_app_timeout(a_stream, dict, &(context->timeout));
@@ -1567,22 +1605,22 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
}
else
{
- name=tsg_l7_protocol_id2name(identify_result->app_id[i]);
- hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq);
+ name=tsg_l7_protocol_id2name(identify_result->attributes[i].app_id);
+ hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->attributes[i].app_id, thread_seq);
}
p_result=tsg_fetch_deny_rule(result, hit_num);
if(d_result==NULL)
{
d_result=p_result;
- hited_app_id=identify_result->app_id[i];
+ hited_app_id=identify_result->attributes[i].app_id;
continue;
}
if(d_result->config_id!=p_result->config_id)
{
d_result=p_result;
- hited_app_id=identify_result->app_id[i];
+ hited_app_id=identify_result->attributes[i].app_id;
}
}
@@ -1590,7 +1628,7 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
{
if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL)
{
- context->hited_app_id=hited_app_id;
+ context->hited_app_id=hited_app_id;
}
context->hited_para.hited_app_id=hited_app_id;
@@ -1728,10 +1766,9 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
if(gather_result==NULL)
{
- gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
- memset(gather_result, 0, sizeof(struct gather_app_result));
+ gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
+ memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
- gather_result->origin=ORIGIN_MAX;
}
switch(identify_result->origin)
@@ -1777,9 +1814,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
return 0;
}
- gather_result->origin=identify_result->origin;
-
- memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
+ copy_app_result(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream));
if(context->mid==NULL)
{
@@ -1787,7 +1822,7 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
}
record_time_start(&(context->last_scan_time));
- hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum);
+ hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, &(gather_result[identify_result->origin]), a_stream->threadnum);
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
{
@@ -1843,7 +1878,7 @@ static int deal_pending_state(const struct streaminfo *a_stream, struct master_c
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
{
- hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result->result[i]), a_stream->threadnum);
+ hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), a_stream->threadnum);
}
@@ -1941,7 +1976,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
{
- hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result->result[i]), thread_seq);
+ hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(gather_result[i]), thread_seq);
}
p_result=tsg_policy_decision_criteria(scan_result, hit_num);
diff --git a/src/tsg_entry.h b/src/tsg_entry.h
index 9ac1276..f94f989 100644
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -1,442 +1,450 @@
-#ifndef __TSG_ENTRY_H__
-#define __TSG_ENTRY_H__
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netinet/ip6.h>
-
-#include <MESA/dns.h>
-
-#include <MESA/Maat_rule.h>
-#include <MESA/field_stat2.h>
-#include <ctemplate/template.h>
-
-#include "uthash.h"
-#include "tsg_rule.h"
-#include "app_label.h"
-#include "tsg_label.h"
-#include "tsg_statistic.h"
-#include "tsg_leaky_bucket.h"
-#include "tsg_protocol_common.h"
-#include "tsg_send_log_internal.h"
-
-#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
-#define atomic_inc(x) __sync_add_and_fetch((x),1)
-#define atomic_dec(x) __sync_sub_and_fetch((x),1)
-#define atomic_add(x,y) __sync_add_and_fetch((x),(y))
-#define atomic_sub(x,y) __sync_sub_and_fetch((x),(y))
-typedef int atomic_t;
-#define ATOMIC_INIT(i) { (i) }
-#define atomic_read(x) __sync_add_and_fetch((x),0)
-#define atomic_set(x,y) __sync_lock_test_and_set((x),y)
-#else
-#include <alsa/iatomic.h>
-#endif
-
-#ifndef MIN
-#define MIN(a, b) (((a) < (b)) ? (a) : (b))
-#endif
-
-#ifndef PRINTADDR
-#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
-#endif
-
-#ifndef FLAG_FALSE
-#define FLAG_FALSE 0
-#endif
-
-#ifndef FLAG_TRUE
-#define FLAG_TRUE 1
-#endif
-
-#define APP_SCAN_FLAG_STOP 0
-#define APP_SCAN_FLAG_CONTINUE 1
-
-enum DEPLOY_MODE
-{
- DEPLOY_MODE_MIRROR,
- DEPLOY_MODE_INLINE,
- DEPLOY_MODE_TRANSPARENT,
- DEPLOY_MODE_MAX
-};
-
-enum MASTER_TABLE{
- TABLE_SECURITY_COMPILE=0,
- TABLE_IP_ADDR,
- TABLE_SUBSCRIBER_ID,
- TABLE_APP_ID,
- TABLE_HTTP_HOST,
- TABLE_SSL_SNI,
- TABLE_EXCLUSION_SSL_SNI,
- TABLE_SRC_ASN,
- TABLE_DST_ASN,
- TABLE_SRC_LOCATION,
- TABLE_DST_LOCATION,
- TABLE_ASN_USER_DEFINED,
- TABLE_ASN_BUILT_IN,
- TABLE_LOCATION_USER_DEFINED,
- TABLE_LOCATION_BUILT_IN,
- TABLE_QUIC_SNI,
- TABLE_FQDN_CAT_ID,
- TABLE_FQDN_CAT_USER_DEFINED,
- TABLE_FQDN_CAT_BUILT_IN,
- TABLE_APP_ID_DICT,
- TABLE_SELECTOR_ID,
- TABLE_SELECTOR_PROPERTIES,
- TABLE_GTP_APN,
- TABLE_GTP_IMSI,
- TABLE_GTP_PHONE_NUMBER,
- TABLE_RESPONSE_PAGES,
- TABLE_DNS_PROFILE_RECORD,
- TABLE_PROFILE_MIRROR,
- TABLE_HTTP_URL,
- TABLE_MAX
-};
-
-enum TSG_FS2_TYPE{
- TSG_FS2_TCP_LINKS=0,
- TSG_FS2_UDP_LINKS,
- TSG_FS2_BYPASS,
- TSG_FS2_HIT_ADDR,
- TSG_FS2_HIT_SHARE,
- TSG_FS2_INTERCEPT,
- TSG_FS2_EXCLUSION,
- TSG_FS2_APP_DPKT_RESULT,
- TSG_FS2_APP_Q_RESULT,
- TSG_FS2_APP_USER_RESULT,
- TSG_FS2_APP_BUILT_IN_RESULT,
- TSG_FS2_INJECT_PKT_SUCCESS,
- TSG_FS2_INJECT_PKT_FAILED,
- TSG_FS2_MIRRORED_PKT_SUCCESS,
- TSG_FS2_MIRRORED_BYTE_SUCCESS,
- TSG_FS2_MIRRORED_PKT_FAILED,
- TSG_FS2_MIRRORED_BYTE_FAILED,
- TSG_FS2_SET_TIMOUT_SUCCESS,
- TSG_FS2_SET_TIMOUT_FAILED,
- TSG_FS2_SUCESS_TAMPER,
- TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
- TSG_FS2_TAMPER_FAILED_NOSWAP,
- TSG_FS2_MAX
-};
-
-enum TSG_ATTRIBUTE_TYPE
-{
- TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
- TSG_ATTRIBUTE_TYPE_PROTOCOL,
- TSG_ATTRIBUTE_TYPE_JA3_HASH,
- TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
- TSG_ATTRIBUTE_TYPE_LOCATION,
- TSG_ATTRIBUTE_TYPE_ASN,
- TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
- TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
- TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
- _MAX_TSG_ATTRIBUTE_TYPE
-};
-
-enum HTTP_RESPONSE_FORMAT
-{
- HTTP_RESPONSE_FORMAT_TEMPLATE=0,
- HTTP_RESPONSE_FORMAT_HTML
-};
-
-enum BRIDGE_TYPE
-{
- BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
- BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
- BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT,
- BRIDGE_TYPE_APP_IDENTIFY_RESULT,
- BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
- BRIDGE_TYPE_MAX
-};
-
-struct _str2index
-{
- int index;
- int len;
- char *type;
-};
-
-struct gather_app_result
-{
- enum APP_IDENTIFY_ORIGIN origin;
- struct app_identify_result result[ORIGIN_MAX];
-};
-
-struct l7_protocol
-{
- int id; /* first key */
- char name[32]; /* second key */
- UT_hash_handle hh1; /* handle for first hash table */
- UT_hash_handle hh2; /* handle for second hash table */
-};
-
-struct fqdn_category
-{
- int ref_cnt;
- unsigned int category_id;
-};
-
-struct http_response_pages
-{
- int profile_id;
- int content_len;
- int ref_cnt;
- enum HTTP_RESPONSE_FORMAT format;
- char *content;
-};
-
-struct app_id_dict
-{
- int ref_cnt;
- int app_id;
- int parent_app_id;
- int continue_scanning;
- unsigned short tcp_timeout;
- unsigned short udp_timeout;
- int tcp_time_wait;
- int tcp_half_close;
- char *risk;
- char *app_name;
- char *parent_app_name;
- char *category;
- char *subcategroy;
- char *technology;
- char *characteristics;
- struct deny_user_region deny_app_para;
-};
-
-struct hited_app_para
-{
- int hited_app_id;
- int after_n_packets;
-};
-
-struct master_context
-{
- unsigned char is_esni;
- unsigned char is_log;
- unsigned char is_dropme;
- unsigned char deal_pkt_num;
- unsigned char is_app_link;
- unsigned char pad;
- unsigned short timeout;
- tsg_protocol_t proto;
- int hit_cnt;
- int hited_app_id;
- unsigned int quic_version;
- char *domain;
- union
- {
- char *http_url;
- char *quic_ua;
- void *para;
- };
- scan_status_t mid;
- struct Maat_rule_t *result;
- struct hited_app_para hited_para;
- struct timespec last_scan_time;
-};
-
-struct tcpall_context
-{
- int set_latency_flag;
- enum TSG_METHOD_TYPE method_type;
- union
- {
- struct leaky_bucket *bucket;
- long tamper_count;
- int after_n_packets;
- struct hited_app_para hited_para;
- void *para;
- };
-};
-
-struct reset_argv
-{
- int pkt_num;
- int seed1;
- int seed2;
- int th_flags;
- int dir;
- int remedy;
-};
-
-#define _MAX_TABLE_NAME_LEN 64
-typedef struct tsg_para
-{
- int level;
- short mirror_switch;
- unsigned short timeout;
- int dynamic_maat_switch;
- int location_field_num;
- int app_dict_field_num;
- int device_seq_in_dc;
- int datacenter_id;
- int hash_timeout;
- int hash_slot_size;
- int feature_tamper;
- enum DEPLOY_MODE deploy_mode;
- int scan_time_interval;
- int identify_app_max_pkt_num;
- int unknown_app_id;
- int hit_path_switch;
- int default_compile_id;
- int table_id[TABLE_MAX];
- int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
- int priority_project_id;
- int session_attribute_project_id;
- int context_project_id;
- int tcpall_project_id;
- int gather_app_project_id;
- int bridge_id[BRIDGE_TYPE_MAX];
- int proto_flag; //tsg_protocol_t
- int fs2_field_id[TSG_FS2_MAX];
- char device_sn[MAX_DOMAIN_LEN/8];
- char log_path[MAX_DOMAIN_LEN/8];
- char device_id_command[MAX_DOMAIN_LEN/8];
- char data_center[_MAX_TABLE_NAME_LEN];
- char device_tag[MAX_DOMAIN_LEN/2];
- char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
- char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
- void *logger;
- void *maat_logger;
- struct reset_argv reset;
- struct mirrored_vlan default_vlan;
- screen_stat_handle_t fs2_handle;
- struct l7_protocol *name_by_id;
- struct l7_protocol *id_by_name;
- struct traffic_mirror *mirror_handle;
- ctemplate::Template *tpl_403,*tpl_404;
- ctemplate::Template *tpl_200,*tpl_204;
- ctemplate::Template *tpl_303;
-}g_tsg_para_t;
-
-extern g_tsg_para_t g_tsg_para;
-extern Maat_feather_t g_tsg_dynamic_maat_feather;
-extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
-
-typedef enum tsg_statis_field_id
-{
- STATIS_UNKNOWN=0,
- STATIS_ENTRANCE_ID=1,
- STATIS_TOTAL_CON_NUM,
- STATIS_NEW_CON_NUM,
- STATIS_ESTABLISHED_CON_NUM,
- STATIS_CLOSE_CON_NUM,
- STATIS_TOTAL_IN_BYTES,
- STATIS_TOTAL_OUT_BYTES,
- STATIS_TOTAL_IN_PACKETS,
- STATIS_TOTAL_OUT_PACKETS,
- STATIS_DEFAULT_CON_NUM,
- STATIS_DEFAULT_IN_BYTES,
- STATIS_DEFAULT_OUT_BYTES,
- STATIS_DEFAULT_IN_PACKETS,
- STATIS_DEFAULT_OUT_PACKETS,
- STATIS_ALLOW_CON_NUM,
- STATIS_ALLOW_IN_BYTES,
- STATIS_ALLOW_OUT_BYTES,
- STATIS_ALLOW_IN_PACKETS,
- STATIS_ALLOW_OUT_PACKETS,
- STATIS_DENY_CON_NUM,
- STATIS_DENY_IN_BYTES,
- STATIS_DENY_OUT_BYTES,
- STATIS_DENY_IN_PACKETS,
- STATIS_DENY_OUT_PACKETS,
- STATIS_MONITOR_CON_NUM,
- STATIS_MONITOR_IN_BYTES,
- STATIS_MONITOR_OUT_BYTES,
- STATIS_MONITOR_IN_PACKETS,
- STATIS_MONITOR_OUT_PACKETS,
- STATIS_INTERCEPT_CON_NUM,
- STATIS_INTERCEPT_IN_BYTES,
- STATIS_INTERCEPT_OUT_BYTES,
- STATIS_INTERCEPT_IN_PACKETS,
- STATIS_INTERCEPT_OUT_PACKETS,
- STATIS_IPV4_IN_BYTES,
- STATIS_IPV4_OUT_BYTES,
- STATIS_IPV4_IN_PACKETS,
- STATIS_IPV4_OUT_PACKETS,
- STATIS_IPV6_IN_BYTES,
- STATIS_IPV6_OUT_BYTES,
- STATIS_IPV6_IN_PACKETS,
- STATIS_IPV6_OUT_PACKETS,
- STATIS_TCP_NEW_CON_NUM,
- STATIS_TCP_IN_BYTES,
- STATIS_TCP_OUT_BYTES,
- STATIS_TCP_IN_PACKETS,
- STATIS_TCP_OUT_PACKETS,
- STATIS_UDP_NEW_CON_NUM,
- STATIS_UDP_IN_BYTES,
- STATIS_UDP_OUT_BYTES,
- STATIS_UDP_IN_PACKETS,
- STATIS_UDP_OUT_PACKETS,
- STATIS_ALERT_BYTES,
- STATIS_BLOCK_BYTES,
- STATIS_PINNING_NUM,
- STATIS_MAYBE_PINNING_NUM,
- STATIS_NOT_PINNING_NUM,
- STATIS_MAX
-}tsg_statis_field_id_t;
-
-enum TRAFFIC_INFO_IDX
-{
- TRAFFIC_INFO_ALLOW=0,
- TRAFFIC_INFO_DENY,
- TRAFFIC_INFO_MONITOR,
- TRAFFIC_INFO_INTERCEPT,
- TRAFFIC_INFO_MAX
-};
-
-typedef struct tsg_statistic
-{
- int cycle;
- int fs_line_id;
- int thread_alive;
- pthread_t stat_thread_id;
- int fs_field_id[STATIS_MAX];
- long long statistic_opt[_OPT_TYPE_MAX];
- struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
- struct _traffic_info default_total_info;
- screen_stat_handle_t fs2_handle;
-}tsg_statis_para_t;
-
-int tsg_statistic_init(const char *conffile, void *logger);
-void tsg_statistic_destroy(void);
-
-int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
-
-int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
-const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
-
-
-//parent_app_name.app_name
-int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
-
-//return 18 or 19: subdivision_addr
-int tsg_get_location_type(void);
-void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
-void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
-void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
-void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
-void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
-void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
-void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
-int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq);
-int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
-void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
-
-struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
-int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
-int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
-int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
-int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
-int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
-int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
-int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
-int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
-int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
-int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
-int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
-int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
-
-#endif
+#ifndef __TSG_ENTRY_H__
+#define __TSG_ENTRY_H__
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/ip6.h>
+
+#include <MESA/dns.h>
+
+#include <MESA/Maat_rule.h>
+#include <MESA/field_stat2.h>
+#include <ctemplate/template.h>
+
+#include "uthash.h"
+#include "tsg_rule.h"
+#include "app_label.h"
+#include "tsg_label.h"
+#include "tsg_statistic.h"
+#include "tsg_leaky_bucket.h"
+#include "tsg_protocol_common.h"
+#include "tsg_send_log_internal.h"
+
+#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
+#define atomic_inc(x) __sync_add_and_fetch((x),1)
+#define atomic_dec(x) __sync_sub_and_fetch((x),1)
+#define atomic_add(x,y) __sync_add_and_fetch((x),(y))
+#define atomic_sub(x,y) __sync_sub_and_fetch((x),(y))
+typedef int atomic_t;
+#define ATOMIC_INIT(i) { (i) }
+#define atomic_read(x) __sync_add_and_fetch((x),0)
+#define atomic_set(x,y) __sync_lock_test_and_set((x),y)
+#else
+#include <alsa/iatomic.h>
+#endif
+
+#ifndef MIN
+#define MIN(a, b) (((a) < (b)) ? (a) : (b))
+#endif
+
+#ifndef PRINTADDR
+#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
+#endif
+
+#ifndef FLAG_FALSE
+#define FLAG_FALSE 0
+#endif
+
+#ifndef FLAG_TRUE
+#define FLAG_TRUE 1
+#endif
+
+#define APP_SCAN_FLAG_STOP 0
+#define APP_SCAN_FLAG_CONTINUE 1
+
+enum DEPLOY_MODE
+{
+ DEPLOY_MODE_MIRROR,
+ DEPLOY_MODE_INLINE,
+ DEPLOY_MODE_TRANSPARENT,
+ DEPLOY_MODE_MAX
+};
+
+enum MASTER_TABLE{
+ TABLE_SECURITY_COMPILE=0,
+ TABLE_IP_ADDR,
+ TABLE_SUBSCRIBER_ID,
+ TABLE_APP_ID,
+ TABLE_HTTP_HOST,
+ TABLE_SSL_SNI,
+ TABLE_EXCLUSION_SSL_SNI,
+ TABLE_SRC_ASN,
+ TABLE_DST_ASN,
+ TABLE_SRC_LOCATION,
+ TABLE_DST_LOCATION,
+ TABLE_ASN_USER_DEFINED,
+ TABLE_ASN_BUILT_IN,
+ TABLE_LOCATION_USER_DEFINED,
+ TABLE_LOCATION_BUILT_IN,
+ TABLE_QUIC_SNI,
+ TABLE_FQDN_CAT_ID,
+ TABLE_FQDN_CAT_USER_DEFINED,
+ TABLE_FQDN_CAT_BUILT_IN,
+ TABLE_APP_ID_DICT,
+ TABLE_SELECTOR_ID,
+ TABLE_SELECTOR_PROPERTIES,
+ TABLE_GTP_APN,
+ TABLE_GTP_IMSI,
+ TABLE_GTP_PHONE_NUMBER,
+ TABLE_RESPONSE_PAGES,
+ TABLE_DNS_PROFILE_RECORD,
+ TABLE_PROFILE_MIRROR,
+ TABLE_HTTP_URL,
+ TABLE_MAX
+};
+
+enum TSG_FS2_TYPE{
+ TSG_FS2_TCP_LINKS=0,
+ TSG_FS2_UDP_LINKS,
+ TSG_FS2_BYPASS,
+ TSG_FS2_HIT_ADDR,
+ TSG_FS2_HIT_SHARE,
+ TSG_FS2_INTERCEPT,
+ TSG_FS2_EXCLUSION,
+ TSG_FS2_APP_DPKT_RESULT,
+ TSG_FS2_APP_Q_RESULT,
+ TSG_FS2_APP_USER_RESULT,
+ TSG_FS2_APP_BUILT_IN_RESULT,
+ TSG_FS2_INJECT_PKT_SUCCESS,
+ TSG_FS2_INJECT_PKT_FAILED,
+ TSG_FS2_MIRRORED_PKT_SUCCESS,
+ TSG_FS2_MIRRORED_BYTE_SUCCESS,
+ TSG_FS2_MIRRORED_PKT_FAILED,
+ TSG_FS2_MIRRORED_BYTE_FAILED,
+ TSG_FS2_SET_TIMOUT_SUCCESS,
+ TSG_FS2_SET_TIMOUT_FAILED,
+ TSG_FS2_SUCESS_TAMPER,
+ TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
+ TSG_FS2_TAMPER_FAILED_NOSWAP,
+ TSG_FS2_MAX
+};
+
+enum TSG_ATTRIBUTE_TYPE
+{
+ TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
+ TSG_ATTRIBUTE_TYPE_PROTOCOL,
+ TSG_ATTRIBUTE_TYPE_JA3_HASH,
+ TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
+ TSG_ATTRIBUTE_TYPE_LOCATION,
+ TSG_ATTRIBUTE_TYPE_ASN,
+ TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
+ TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
+ TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
+ _MAX_TSG_ATTRIBUTE_TYPE
+};
+
+enum HTTP_RESPONSE_FORMAT
+{
+ HTTP_RESPONSE_FORMAT_TEMPLATE=0,
+ HTTP_RESPONSE_FORMAT_HTML
+};
+
+enum BRIDGE_TYPE
+{
+ BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
+ BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
+ BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT,
+ BRIDGE_TYPE_APP_IDENTIFY_RESULT,
+ BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
+ BRIDGE_TYPE_MAX
+};
+
+struct _str2index
+{
+ int index;
+ int len;
+ char *type;
+};
+
+struct app_attributes
+{
+ unsigned int app_id;
+ unsigned int surrogate_id;
+ unsigned int packet_sequence;
+};
+
+struct gather_app_result
+{
+ int app_num;
+ enum APP_IDENTIFY_ORIGIN origin;
+ struct app_attributes attributes[MAX_APP_ID_NUM];
+};
+
+struct l7_protocol
+{
+ int id; /* first key */
+ char name[32]; /* second key */
+ UT_hash_handle hh1; /* handle for first hash table */
+ UT_hash_handle hh2; /* handle for second hash table */
+};
+
+struct fqdn_category
+{
+ int ref_cnt;
+ unsigned int category_id;
+};
+
+struct http_response_pages
+{
+ int profile_id;
+ int content_len;
+ int ref_cnt;
+ enum HTTP_RESPONSE_FORMAT format;
+ char *content;
+};
+
+struct app_id_dict
+{
+ int ref_cnt;
+ int app_id;
+ int parent_app_id;
+ int continue_scanning;
+ unsigned short tcp_timeout;
+ unsigned short udp_timeout;
+ int tcp_time_wait;
+ int tcp_half_close;
+ char *risk;
+ char *app_name;
+ char *parent_app_name;
+ char *category;
+ char *subcategroy;
+ char *technology;
+ char *characteristics;
+ struct deny_user_region deny_app_para;
+};
+
+struct hited_app_para
+{
+ int hited_app_id;
+ int after_n_packets;
+};
+
+struct master_context
+{
+ unsigned char is_esni;
+ unsigned char is_log;
+ unsigned char is_dropme;
+ unsigned char deal_pkt_num;
+ unsigned char is_app_link;
+ unsigned char pad;
+ unsigned short timeout;
+ tsg_protocol_t proto;
+ int hit_cnt;
+ int hited_app_id;
+ unsigned int quic_version;
+ char *domain;
+ union
+ {
+ char *http_url;
+ char *quic_ua;
+ void *para;
+ };
+ scan_status_t mid;
+ struct Maat_rule_t *result;
+ struct hited_app_para hited_para;
+ struct timespec last_scan_time;
+};
+
+struct tcpall_context
+{
+ int set_latency_flag;
+ enum TSG_METHOD_TYPE method_type;
+ union
+ {
+ struct leaky_bucket *bucket;
+ long tamper_count;
+ int after_n_packets;
+ struct hited_app_para hited_para;
+ void *para;
+ };
+};
+
+struct reset_argv
+{
+ int pkt_num;
+ int seed1;
+ int seed2;
+ int th_flags;
+ int dir;
+ int remedy;
+};
+
+#define _MAX_TABLE_NAME_LEN 64
+typedef struct tsg_para
+{
+ int level;
+ short mirror_switch;
+ unsigned short timeout;
+ int dynamic_maat_switch;
+ int location_field_num;
+ int app_dict_field_num;
+ int device_seq_in_dc;
+ int datacenter_id;
+ int hash_timeout;
+ int hash_slot_size;
+ int feature_tamper;
+ enum DEPLOY_MODE deploy_mode;
+ int scan_time_interval;
+ int identify_app_max_pkt_num;
+ int unknown_app_id;
+ int hit_path_switch;
+ int default_compile_id;
+ int table_id[TABLE_MAX];
+ int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
+ int priority_project_id;
+ int session_attribute_project_id;
+ int context_project_id;
+ int tcpall_project_id;
+ int gather_app_project_id;
+ int bridge_id[BRIDGE_TYPE_MAX];
+ int proto_flag; //tsg_protocol_t
+ int fs2_field_id[TSG_FS2_MAX];
+ char device_sn[MAX_DOMAIN_LEN/8];
+ char log_path[MAX_DOMAIN_LEN/8];
+ char device_id_command[MAX_DOMAIN_LEN/8];
+ char data_center[_MAX_TABLE_NAME_LEN];
+ char device_tag[MAX_DOMAIN_LEN/2];
+ char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
+ char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
+ void *logger;
+ void *maat_logger;
+ struct reset_argv reset;
+ struct mirrored_vlan default_vlan;
+ screen_stat_handle_t fs2_handle;
+ struct l7_protocol *name_by_id;
+ struct l7_protocol *id_by_name;
+ struct traffic_mirror *mirror_handle;
+ ctemplate::Template *tpl_403,*tpl_404;
+ ctemplate::Template *tpl_200,*tpl_204;
+ ctemplate::Template *tpl_303;
+}g_tsg_para_t;
+
+extern g_tsg_para_t g_tsg_para;
+extern Maat_feather_t g_tsg_dynamic_maat_feather;
+extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
+
+typedef enum tsg_statis_field_id
+{
+ STATIS_UNKNOWN=0,
+ STATIS_ENTRANCE_ID=1,
+ STATIS_TOTAL_CON_NUM,
+ STATIS_NEW_CON_NUM,
+ STATIS_ESTABLISHED_CON_NUM,
+ STATIS_CLOSE_CON_NUM,
+ STATIS_TOTAL_IN_BYTES,
+ STATIS_TOTAL_OUT_BYTES,
+ STATIS_TOTAL_IN_PACKETS,
+ STATIS_TOTAL_OUT_PACKETS,
+ STATIS_DEFAULT_CON_NUM,
+ STATIS_DEFAULT_IN_BYTES,
+ STATIS_DEFAULT_OUT_BYTES,
+ STATIS_DEFAULT_IN_PACKETS,
+ STATIS_DEFAULT_OUT_PACKETS,
+ STATIS_ALLOW_CON_NUM,
+ STATIS_ALLOW_IN_BYTES,
+ STATIS_ALLOW_OUT_BYTES,
+ STATIS_ALLOW_IN_PACKETS,
+ STATIS_ALLOW_OUT_PACKETS,
+ STATIS_DENY_CON_NUM,
+ STATIS_DENY_IN_BYTES,
+ STATIS_DENY_OUT_BYTES,
+ STATIS_DENY_IN_PACKETS,
+ STATIS_DENY_OUT_PACKETS,
+ STATIS_MONITOR_CON_NUM,
+ STATIS_MONITOR_IN_BYTES,
+ STATIS_MONITOR_OUT_BYTES,
+ STATIS_MONITOR_IN_PACKETS,
+ STATIS_MONITOR_OUT_PACKETS,
+ STATIS_INTERCEPT_CON_NUM,
+ STATIS_INTERCEPT_IN_BYTES,
+ STATIS_INTERCEPT_OUT_BYTES,
+ STATIS_INTERCEPT_IN_PACKETS,
+ STATIS_INTERCEPT_OUT_PACKETS,
+ STATIS_IPV4_IN_BYTES,
+ STATIS_IPV4_OUT_BYTES,
+ STATIS_IPV4_IN_PACKETS,
+ STATIS_IPV4_OUT_PACKETS,
+ STATIS_IPV6_IN_BYTES,
+ STATIS_IPV6_OUT_BYTES,
+ STATIS_IPV6_IN_PACKETS,
+ STATIS_IPV6_OUT_PACKETS,
+ STATIS_TCP_NEW_CON_NUM,
+ STATIS_TCP_IN_BYTES,
+ STATIS_TCP_OUT_BYTES,
+ STATIS_TCP_IN_PACKETS,
+ STATIS_TCP_OUT_PACKETS,
+ STATIS_UDP_NEW_CON_NUM,
+ STATIS_UDP_IN_BYTES,
+ STATIS_UDP_OUT_BYTES,
+ STATIS_UDP_IN_PACKETS,
+ STATIS_UDP_OUT_PACKETS,
+ STATIS_ALERT_BYTES,
+ STATIS_BLOCK_BYTES,
+ STATIS_PINNING_NUM,
+ STATIS_MAYBE_PINNING_NUM,
+ STATIS_NOT_PINNING_NUM,
+ STATIS_MAX
+}tsg_statis_field_id_t;
+
+enum TRAFFIC_INFO_IDX
+{
+ TRAFFIC_INFO_ALLOW=0,
+ TRAFFIC_INFO_DENY,
+ TRAFFIC_INFO_MONITOR,
+ TRAFFIC_INFO_INTERCEPT,
+ TRAFFIC_INFO_MAX
+};
+
+typedef struct tsg_statistic
+{
+ int cycle;
+ int fs_line_id;
+ int thread_alive;
+ pthread_t stat_thread_id;
+ int fs_field_id[STATIS_MAX];
+ long long statistic_opt[_OPT_TYPE_MAX];
+ struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
+ struct _traffic_info default_total_info;
+ screen_stat_handle_t fs2_handle;
+}tsg_statis_para_t;
+
+int tsg_statistic_init(const char *conffile, void *logger);
+void tsg_statistic_destroy(void);
+
+int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
+
+int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
+const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
+
+
+//parent_app_name.app_name
+int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
+
+//return 18 or 19: subdivision_addr
+int tsg_get_location_type(void);
+void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
+void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
+void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
+void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
+void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
+void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
+void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
+int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq);
+int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
+void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
+
+struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
+int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
+int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
+int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
+int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
+int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
+int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
+int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
+int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
+int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
+int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
+int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
+int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
+
+#endif
diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp
index 89dff63..52120f3 100644
--- a/src/tsg_send_log.cpp
+++ b/src/tsg_send_log.cpp
@@ -617,9 +617,75 @@ static int set_packet_bytes(struct tsg_log_instance_t *_instance, struct TLD_han
return 1;
}
-static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct app_identify_result *result, TLD_TYPE type)
+static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result)
+{
+ int i=0,j=0,ret=0;
+ char app_name[512]={0};
+ Value array(kArrayType);
+
+ for(i=ORIGIN_USER_DEFINE; i<ORIGIN_MAX; i++)
+ {
+ if(result[i].app_num<=0)
+ {
+ continue;
+ }
+
+ Value object(kObjectType);
+ for(j=0; j<result[i].app_num; j++)
+ {
+ ret=tsg_app_id2name(result[i].attributes[j].app_id, app_name, sizeof(app_name), 0);
+ if(ret>0)
+ {
+ add_str_member(_handle, &object, "app_name", app_name);
+ }
+ else
+ {
+ object.AddMember("app_name", result[i].attributes[j].app_id, _handle->document->GetAllocator());
+ }
+ object.AddMember("packet_sequence",result[i].attributes[j].packet_sequence, _handle->document->GetAllocator());
+ }
+
+ array.PushBack(object, _handle->document->GetAllocator());
+ }
+
+ TLD_append(_handle, field_name, &array, TLD_TYPE_OBJECT);
+
+ return 1;
+}
+
+static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result)
+{
+ int i=0,ret=0;
+ char app_name[512]={0};
+
+ if(result->app_num==0)
+ {
+ return 0;
+ }
+
+ Value array(kArrayType);
+ for(i=0; i<result->app_num; i++)
+ {
+ Value object(kObjectType);
+ ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
+ if(ret>0)
+ {
+ add_str_member(_handle, &object, "app_name", app_name);
+ }
+ object.AddMember("app_id", result->attributes[i].app_id, _handle->document->GetAllocator());
+ object.AddMember("surrogate_id", result->attributes[i].surrogate_id, _handle->document->GetAllocator());
+ object.AddMember("packet_sequence",result->attributes[i].packet_sequence, _handle->document->GetAllocator());
+ array.PushBack(object, _handle->document->GetAllocator());
+ }
+ add_object_member(_handle, app_id_object, field_name, array);
+
+ return 1;
+}
+
+
+static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, struct gather_app_result *result, TLD_TYPE type)
{
- if(result==NULL || result->app_id_num<=0)
+ if(result==NULL || result->app_num<=0)
{
return 0;
}
@@ -628,10 +694,10 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
char app_name[256]={0};
Value array(kArrayType);
- for(i=0; i<result->app_id_num; i++)
+ for(i=0; i<result->app_num; i++)
{
memset(app_name, 0, sizeof(app_name));
- tsg_app_id2name(result->app_id[i], app_name, sizeof(app_name), 1);
+ tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
if(strnlen(app_name, sizeof(app_name)) > 0)
{
Value app_name_str;
@@ -645,7 +711,7 @@ static int set_userdefine_app(struct TLD_handle_t *_handle, char *field_name, st
return 1;
}
-static int get_l7_protocol(struct app_identify_result *result, char *protocol_list, int protocol_list_len, int *flag)
+static int get_l7_protocol(struct gather_app_result *result, char *protocol_list, int protocol_list_len, int *flag)
{
int i=0,offset=0;
char *name=NULL;
@@ -655,10 +721,10 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
return 0;
}
- for(i=0; i<result->app_id_num; i++)
+ for(i=0; i<result->app_num; i++)
{
(*flag)=1;
- name=tsg_l7_protocol_id2name(result->app_id[i]);
+ name=tsg_l7_protocol_id2name(result->attributes[i].app_id);
if(name!=NULL)
{
if(i>0 && offset>0 && (protocol_list_len-offset)>0)
@@ -673,35 +739,38 @@ static int get_l7_protocol(struct app_identify_result *result, char *protocol_li
return 1;
}
-static unsigned int get_max_app_id(unsigned int *app_id_array, int app_id_num)
+static unsigned int get_userdefine_name(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
{
- if(app_id_num<=0)
+ if((*flag)==1 || result->app_num<=0)
{
return 0;
}
+
int i=0;
- unsigned int max_app_id=app_id_array[0];
+ unsigned int max_app_id=0;
- for(i=1; i< app_id_num; i++)
+ for(i=0; i< result->app_num; i++)
{
- if(max_app_id<app_id_array[i])
+ if(max_app_id < result->attributes[i].app_id)
{
- max_app_id=app_id_array[i];
+ max_app_id=result->attributes[i].app_id;
}
}
+ (*flag)=1;
+ tsg_app_id2name(max_app_id, app_name, app_name_len, is_joint_parent);
return max_app_id;
}
-static int get_app_id(struct app_identify_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag)
+static int get_app_id(struct gather_app_result *result, unsigned int *app_id, unsigned int *surrogate_id, int *flag)
{
- if(result->app_id_num>0 && (*flag)==0)
+ if(result->app_num>0 && (*flag)==0)
{
(*flag)=1;
- (*app_id)=result->app_id[result->app_id_num-1];
- (*surrogate_id)=result->surrogate_id[result->app_id_num-1];
+ (*app_id)=result->attributes[result->app_num-1].app_id;
+ (*surrogate_id)=result->attributes[result->app_num-1].surrogate_id;
return 1;
}
@@ -709,40 +778,17 @@ static int get_app_id(struct app_identify_result *result, unsigned int *app_id,
return 0;
}
-static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct app_identify_result *result)
-{
- int i=0;
-
- if(result->app_id_num==0)
- {
- return 0;
- }
-
- Value array(kArrayType);
- for(i=0; i<result->app_id_num; i++)
- {
- Value object(kObjectType);
- object.AddMember("app_id", result->app_id[i], _handle->document->GetAllocator());
- object.AddMember("surrogate_id", result->surrogate_id[i], _handle->document->GetAllocator());
- array.PushBack(object, _handle->document->GetAllocator());
- }
- add_object_member(_handle, app_id_object, field_name, array);
-
- return 1;
-}
-
-static int get_app_name_list(unsigned int *app_id_array, int app_id_num, char *app_name, int app_name_len, int *flag, int is_joint_parent)
+static int get_app_name_list(struct gather_app_result *result, char *app_name, int app_name_len, int *flag, int is_joint_parent)
{
int i=0;
int offset=0;
- if((*flag)==1 || app_id_num<=0)
+ if((*flag)==1 || result->app_num<=0)
{
return 0;
}
- //for(i=0; i<app_id_num; i++)
- for(i=app_id_num-1; i<app_id_num; i++)
+ for(i=result->app_num-1; i<result->app_num; i++)
{
(*flag)=1;
@@ -752,7 +798,7 @@ static int get_app_name_list(unsigned int *app_id_array, int app_id_num, char *a
offset++;
}
- offset+=tsg_app_id2name(app_id_array[i], app_name+offset, app_name_len-offset, is_joint_parent);
+ offset+=tsg_app_id2name(result->attributes[i].app_id, app_name+offset, app_name_len-offset, is_joint_parent);
}
return 1;
@@ -763,21 +809,20 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
int app_id_flag=0;
int l7_protocol_flag=0;
char app_name[512]={0};
- unsigned int max_app_id=0;
char protocol_list[256]={0};
unsigned int one_app_id=0;
unsigned int one_surrogate_id=0;
- struct gather_app_result *label=NULL;
+ struct gather_app_result *gather_result=NULL;
- label=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
- if(label==NULL)
+ gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
+ if(gather_result==NULL)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)_instance->l7_unknown_name, TLD_TYPE_STRING);
return 0;
}
- get_l7_protocol(&(label->result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
+ get_l7_protocol(&(gather_result[ORIGIN_BASIC_PROTOCOL]), protocol_list, sizeof(protocol_list), &l7_protocol_flag);
if(l7_protocol_flag==1)
{
TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)protocol_list, TLD_TYPE_STRING);
@@ -789,9 +834,9 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
if(_instance->app_id_type==0) // int
{
- get_app_id(&(label->result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
- get_app_id(&(label->result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag);
- get_app_id(&(label->result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
+ get_app_id(&(gather_result[ORIGIN_USER_DEFINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
+ get_app_id(&(gather_result[ORIGIN_DKPT]), &one_app_id, &one_surrogate_id, &app_id_flag);
+ get_app_id(&(gather_result[ORIGIN_QM_ENGINE]), &one_app_id, &one_surrogate_id, &app_id_flag);
if(app_id_flag==1)
{
@@ -801,32 +846,28 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
}
else //string
{
- set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(label->result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG);
-
- max_app_id=get_max_app_id(label->result[ORIGIN_USER_DEFINE].app_id, label->result[ORIGIN_USER_DEFINE].app_id_num);
- if(max_app_id>0)
- {
- get_app_name_list(&max_app_id, 1, app_name, sizeof(app_name), &app_id_flag, 0);
- }
+ set_userdefine_app(_handle, _instance->id2field[LOG_COMMON_USERDEFINE_APP].name, &(gather_result[ORIGIN_USER_DEFINE]), TLD_TYPE_LONG);
+
+ get_userdefine_name(&(gather_result[ORIGIN_USER_DEFINE]), app_name, sizeof(app_name), &app_id_flag, 0);
if(app_id_flag!=1)
{
- get_app_name_list(label->result[ORIGIN_BUILT_IN].app_id, label->result[ORIGIN_BUILT_IN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
+ get_app_name_list(&(gather_result[ORIGIN_BUILT_IN]), app_name, sizeof(app_name), &app_id_flag, 0);
}
if(app_id_flag!=1)
- {
- get_app_name_list(label->result[ORIGIN_DKPT].app_id, label->result[ORIGIN_DKPT].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
+ {
+ get_app_name_list(&(gather_result[ORIGIN_DKPT]), app_name, sizeof(app_name), &app_id_flag, 0);
}
if(app_id_flag!=1)
- {
- get_app_name_list(label->result[ORIGIN_QM_ENGINE].app_id, label->result[ORIGIN_QM_ENGINE].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
+ {
+ get_app_name_list(&(gather_result[ORIGIN_QM_ENGINE]), app_name, sizeof(app_name), &app_id_flag, 0);
}
if(app_id_flag!=1)
- {
- get_app_name_list(label->result[ORIGIN_UNKNOWN].app_id, label->result[ORIGIN_UNKNOWN].app_id_num, app_name, sizeof(app_name), &app_id_flag, 0);
+ {
+ get_app_name_list(&(gather_result[ORIGIN_UNKNOWN]), app_name, sizeof(app_name), &app_id_flag, 0);
}
if(app_id_flag==1)
@@ -837,12 +878,14 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
}
Value app_id_object(kObjectType);
- get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(label->result[ORIGIN_USER_DEFINE]));
- get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(label->result[ORIGIN_BUILT_IN]));
- get_app_id_list(&app_id_object, _handle, "DKPT", &(label->result[ORIGIN_DKPT]));
- get_app_id_list(&app_id_object, _handle, "THIRD", &(label->result[ORIGIN_QM_ENGINE]));
- get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(label->result[ORIGIN_UNKNOWN]));
+ get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(gather_result[ORIGIN_USER_DEFINE]));
+ get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(gather_result[ORIGIN_BUILT_IN]));
+ get_app_id_list(&app_id_object, _handle, "DKPT", &(gather_result[ORIGIN_DKPT]));
+ get_app_id_list(&app_id_object, _handle, "THIRD", &(gather_result[ORIGIN_QM_ENGINE]));
+ get_app_id_list(&app_id_object, _handle, "UNKNOWN", &(gather_result[ORIGIN_UNKNOWN]));
TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_ID].name, &app_id_object, TLD_TYPE_OBJECT);
+
+ set_app_identify_info(_handle, _instance->id2field[LOG_COMMON_APP_IDENTIFY_INFO].name, gather_result);
}
}
diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h
index 52b11b0..1140d85 100644
--- a/src/tsg_send_log_internal.h
+++ b/src/tsg_send_log_internal.h
@@ -126,6 +126,7 @@ typedef enum _tsg_log_field_id
LOG_COMMON_PACKET_CAPTURE_FILE,
LOG_COMMON_APPLICATION_BEHAVIOR,
LOG_HTTP_URL,
+ LOG_COMMON_APP_IDENTIFY_INFO,
LOG_COMMON_MAX
}tsg_log_field_id_t;
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:16:13 +0000