TSG-16060: 支持statistics policyv6.1.0

author: 刘学利 <[email protected]> 2023-08-06 10:45:19 +0000
committer: 刘学利 <[email protected]> 2023-08-06 10:45:19 +0000
commit: 79ca2d2ac4150af89807928370e79a4d84a016f7 (patch)
tree: f05b637477aa53a9d77c3decce87a85f913e2852 /src
parent: e089f98c5a01532fc4c72536fbce55455969ed06 (diff)
6 files changed, 150 insertions, 24 deletions
diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp
index 42610f2..70ab915 100644
--- a/src/tsg_bridge.cpp
+++ b/src/tsg_bridge.cpp
@@ -10,6 +10,7 @@
 #include "tsg_variable.h"
 #include "tsg_sync_state.h"
 #include "tsg_rule_internal.h"
+#include "statistics_metrics.h"
 
 extern int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data);
 extern int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data);
@@ -1002,6 +1003,75 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE
 	return ;
 }
 
+int session_dimension_server_fqdn_sync(const struct streaminfo *a_stream, char *server_fqdn)
+{
+	if(server_fqdn==NULL)
+	{
+		return 0;
+	}
+
+	struct statistics_dimensions dimension;
+	dimension.type=DIMENSION_FQDN;
+	dimension.server_fqdn=server_fqdn;
+	return stream_bridge_sync_data_put(a_stream, g_tsg_bridge_para[BRIDGE_TYPE_STATISTICS_DIMENSION].id, (void *)&(dimension));
+}
+
+int session_dimension_application_sync(const struct streaminfo *a_stream, char *application)
+{
+	if(application==NULL)
+	{
+		return 0;
+	}
+
+	struct statistics_dimensions dimension;
+	dimension.type=DIMENSION_APPLICATION;
+	dimension.application=application;
+	return stream_bridge_sync_data_put(a_stream, g_tsg_bridge_para[BRIDGE_TYPE_STATISTICS_DIMENSION].id, (void *)&(dimension));
+}
+
+int session_dimension_maat_state_sync(const struct streaminfo *a_stream, struct maat_state *state)
+{
+	if(state==NULL)
+	{
+		return 0;
+	}
+
+	struct statistics_dimensions dimension;
+	dimension.type=DIMENSION_MAAT_STATE;
+	dimension.maat_state=state;
+	return stream_bridge_sync_data_put(a_stream, g_tsg_bridge_para[BRIDGE_TYPE_STATISTICS_DIMENSION].id, (void *)&(dimension));
+}
+
+int session_dimension_maat_rule_sync(const struct streaminfo *a_stream, struct matched_policy_rules *policy)
+{
+	if(policy==NULL)
+	{
+		return 0;
+	}
+
+	struct statistics_dimensions dimension;
+	dimension.type=DIMENSION_MAAT_RULE;
+	dimension.policy=policy;
+	return stream_bridge_sync_data_put(a_stream, g_tsg_bridge_para[BRIDGE_TYPE_STATISTICS_DIMENSION].id, (void *)&(dimension));
+}
+
+int session_dimension_category_id_sync(const struct streaminfo *a_stream, unsigned int *category_id, int n_category_id)
+{
+	if(category_id==NULL || n_category_id==0)
+	{
+		return 0;
+	}
+	
+	struct server_fqdn_category category;
+	category.n_ids=MIN(n_category_id, MAX_CATEGORY_ID_NUM);
+	memcpy(category.ids, category_id, category.n_ids*sizeof(unsigned int));
+
+	struct statistics_dimensions dimension;
+	dimension.type=DIMENSION_CATEGORY_ID;
+	dimension.category=&category;
+	return stream_bridge_sync_data_put(a_stream, g_tsg_bridge_para[BRIDGE_TYPE_STATISTICS_DIMENSION].id, (void *)&(dimension));
+}
+
 void *session_mac_linkinfo_get(const struct streaminfo *a_stream)
 {
 	return session_async_bridge_get_data(a_stream, g_tsg_bridge_para[BRIDGE_TYPE_MAC_LINKINFO].id);
@@ -1161,6 +1231,9 @@ int tsg_bridge_init(const char *conffile)
 	MESA_load_profile_string_def(conffile, "BRIDGE", "PROXY_LOG_UPDATE_BRIDGE_NAME", g_tsg_bridge_para[BRIDGE_TYPE_LOG_UPDATE_PROXY].name, MAX_BRIDGE_NAME_LEN, "PROXY_LOG_UPDATE");
 	g_tsg_bridge_para[BRIDGE_TYPE_LOG_UPDATE_PROXY].free_cb = session_proxy_log_update_free;
 
+	// statistics dimensions
+    MESA_load_profile_string_def(conffile, "BRIDGE", "STATISTICS_DIMENSIONS", g_tsg_bridge_para[BRIDGE_TYPE_STATISTICS_DIMENSION].name, MAX_BRIDGE_NAME_LEN, "STATISTICS_DIMENSIONS");
+
 	for(int i=0; i<BRIDGE_TYPE_MAX; i++)
 	{
 		g_tsg_bridge_para[i].id=stream_bridge_build(g_tsg_bridge_para[i].name, "w");
diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h
index 8e2d754..54d4733 100644
--- a/src/tsg_bridge.h
+++ b/src/tsg_bridge.h
@@ -8,6 +8,8 @@
 #include "tsg_leaky_bucket.h"
 #include "tsg_send_log_internal.h"
 #include "tsg_statistic.h"
+#include "statistics_metrics.h"
+
 
 #ifndef	MAX_BRIDGE_NAME_LEN
 #define	MAX_BRIDGE_NAME_LEN	64
@@ -40,7 +42,7 @@ enum BRIDGE_TYPE
 	BRIDGE_TYPE_LOG_UPDATE_SCE,
 	BRIDGE_TYPE_LOG_UPDATE_SHAPER,
 	BRIDGE_TYPE_LOG_UPDATE_PROXY,
-
+	BRIDGE_TYPE_STATISTICS_DIMENSION,
 	BRIDGE_TYPE_MAX
 };
 
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index c082489..0a08e84 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -36,6 +36,7 @@
 #include "tsg_proxy.h"
 #include "tsg_bridge.h"
 #include "uthash.h"
+#include "statistics_metrics.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -1656,19 +1657,6 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi
 	return ret;
 }
 
-
-static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *matched_rules, size_t n_matched_rules)
-{
-	struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
-	if(srt_attribute!=NULL && domain!=NULL && table_idx>=0)
-	{
-		srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM);
-		return tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids, table_idx, s_mid, matched_rules, n_matched_rules);
-	}
-
-	return 0;
-}
-
 size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, struct maat_rule *matched_rules, size_t n_matched_rules, struct session_runtime_process_context *srt_process_context, struct app_attributes *app_attribute, char app_attribute_num, APP_IDENTIFY_ORIGIN origin, int thread_seq)
 {
 	size_t matched_cnt=0;
@@ -1832,6 +1820,18 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre
 	return state;
 }
 
+int matched_statistics_rules_deal(const struct streaminfo *a_stream, struct maat_rule *statistics_rules, size_t n_statistics_rules, int thread_seq)
+{
+	struct matched_policy_rules policy;
+	policy.n_rules=MIN(MAX_RESULT_NUM, n_statistics_rules);
+	memcpy(policy.rules, statistics_rules, (policy.n_rules)*sizeof(struct maat_rule));
+	session_dimension_maat_rule_sync(a_stream, &policy);
+
+	srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);
+
+	return 0;
+}
+
 int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq)
 {
 	session_state_sync_in_activing(a_stream, TSG_SERVICE_SHAPING, shaping_rules, n_shaping_rules, thread_seq);
@@ -1860,13 +1860,14 @@ int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struc
 
 unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *matched_rules, size_t n_matched_rules, const void *a_packet)
 {
+	int thread_seq=a_stream->threadnum;
 	unsigned char state=APP_STATE_GIVEME;
 
 	struct maat_rule security_rules[MAX_RESULT_NUM]={0};
 	size_t n_security_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
 	if(n_security_rules>0)
 	{
-		state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum);
+		state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet,thread_seq);
 		if(state&APP_STATE_KILL_OTHER)
 		{
 			return state;
@@ -1877,21 +1878,28 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru
 	size_t n_s_chaining_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING);
 	if(n_s_chaining_rules>0)
 	{
-		matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum);
+		matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, thread_seq);
 	}
 	
 	struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
 	size_t n_shaping_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
 	if(n_shaping_rules>0)
 	{
-		matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum);
+		matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, thread_seq);
 	}
 
 	struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
 	size_t n_intercept_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
 	if(n_intercept_rules>0)
 	{
-		matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
+		matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, thread_seq);
+	}
+
+	struct maat_rule statistics_rules[MAX_RESULT_NUM];
+	size_t n_statistics_rules=tsg_select_rules_by_service_id(matched_rules, n_matched_rules, statistics_rules, MAX_RESULT_NUM, TSG_SERVICE_STATISTICS);
+	if(n_shaping_rules>0)
+	{
+		matched_statistics_rules_deal(a_stream, statistics_rules, n_statistics_rules, thread_seq);
 	}
 
 	return state;
@@ -2019,6 +2027,13 @@ int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge
 			return 0;
 	}
 
+	char app_full_path[256]={0};
+	session_application_full_path_update(a_stream, app_full_path, sizeof(app_full_path));
+	if(strlen(app_full_path)>0)
+	{
+		session_dimension_application_sync(a_stream, app_full_path);
+	}
+	
 	if(srt_process_context->mid==NULL)
 	{
 		return 0;
@@ -2094,11 +2109,32 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
 			session_ssl_ja3_fingerprint_generate(a_stream);
 		}
 		
-		int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
-		matched_cnt+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
-		
-		table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto);
-		matched_cnt+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+		if(srt_process_context->domain!=NULL)
+		{
+			int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
+			matched_cnt+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+			
+			struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
+			srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, srt_process_context->domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM);
+
+			session_dimension_server_fqdn_sync(a_stream, srt_process_context->domain);
+			session_dimension_category_id_sync(a_stream, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids);
+
+			table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto);
+			if(srt_attribute!=NULL && table_idx>=0)
+			{
+				matched_cnt+=tsg_scan_fqdn_category_id(a_stream,
+														g_tsg_maat_feather,
+														srt_attribute->fqdn_category_ids,
+														srt_attribute->n_fqdn_category_ids,
+														table_idx,
+														srt_process_context->mid,
+														matched_rules+matched_cnt,
+														n_matched_rules-matched_cnt
+													);
+			}
+		}
+
 		if(srt_process_context->is_esni)
 		{
 			protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
@@ -2121,7 +2157,7 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
 
 		if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL)
 		{
-			table_idx=tsg_http_url_table_idx_get();
+			int table_idx=tsg_http_url_table_idx_get();
 			matched_cnt+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->http_url, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
 		}
 
@@ -2243,6 +2279,8 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 			state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, matched_cnt, a_packet);
 			break;
 	}
+	
+	session_dimension_maat_state_sync(a_stream, srt_process_context->mid);
 		
 	if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME)
 	{
@@ -2303,8 +2341,16 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
 			{
 				matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, thread_seq);
 			}
+
+			struct maat_rule statistics_rules[MAX_RESULT_NUM];
+			size_t n_statistics_rules=tsg_select_rules_by_service_id(matched_rules, matched_cnt, statistics_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
+			if(state==APP_STATE_GIVEME && n_statistics_rules>0)
+			{
+				matched_statistics_rules_deal(a_stream, statistics_rules, n_statistics_rules, thread_seq);
+			}
 		}
 		
+		session_dimension_maat_state_sync(a_stream, scan_mid);
 		maat_state_free(scan_mid);
 		scan_mid=NULL;
 	}
diff --git a/src/tsg_stat.cpp b/src/tsg_stat.cpp
index 65bfa89..cdbe848 100644
--- a/src/tsg_stat.cpp
+++ b/src/tsg_stat.cpp
@@ -290,6 +290,8 @@ int tsg_stat_init(void)
 	fieldstat_register_table_row(g_rt_stat_para.fs_instance, g_rt_stat_para.exdata.table_id, "tunnel_catalog", NULL, 0, g_rt_stat_para.exdata.column_id[SYNC_EXDATA_ROW_TUNNEL_CATALOG]);
 	fieldstat_register_table_row(g_rt_stat_para.fs_instance, g_rt_stat_para.exdata.table_id, "tunnel_endpoint", NULL, 0, g_rt_stat_para.exdata.column_id[SYNC_EXDATA_ROW_TUNNEL_ENDPOINT]);
 	fieldstat_register_table_row(g_rt_stat_para.fs_instance, g_rt_stat_para.exdata.table_id, "tunnel_label", NULL, 0, g_rt_stat_para.exdata.column_id[SYNC_EXDATA_ROW_TUNNEL_LABEL]);
+	fieldstat_register_table_row(g_rt_stat_para.fs_instance, g_rt_stat_para.exdata.table_id, "statistics_template", NULL, 0, g_rt_stat_para.exdata.column_id[SYNC_EXDATA_ROW_STATISTICS_TEMPLATE]);
+	fieldstat_register_table_row(g_rt_stat_para.fs_instance, g_rt_stat_para.exdata.table_id, "statistics_chart", NULL, 0, g_rt_stat_para.exdata.column_id[SYNC_EXDATA_ROW_STATISTICS_CHART]);
 
 	enum field_type flow_column_type[FLOW_STAT_MAX]={FIELD_TYPE_GAUGE, FIELD_TYPE_GAUGE, FIELD_TYPE_GAUGE, FIELD_TYPE_GAUGE, FIELD_TYPE_GAUGE};
 	const char *flow_column_name[FLOW_STAT_MAX]={"inject", "mirror_pkts", "mirror_bytes", "set_timeout", "tamper"};
diff --git a/src/tsg_stat.h b/src/tsg_stat.h
index 29f798a..72a98f4 100644
--- a/src/tsg_stat.h
+++ b/src/tsg_stat.h
@@ -45,6 +45,8 @@ enum SYNC_EXDATA_ROW
 	SYNC_EXDATA_ROW_TUNNEL_CATALOG,
 	SYNC_EXDATA_ROW_TUNNEL_ENDPOINT,
 	SYNC_EXDATA_ROW_TUNNEL_LABEL,
+	SYNC_EXDATA_ROW_STATISTICS_TEMPLATE,
+	SYNC_EXDATA_ROW_STATISTICS_CHART,
 	SYNC_EXDATA_ROW_MAX
 };
 
diff --git a/src/version.map b/src/version.map
index 03fb92e..bfd9ce7 100644
--- a/src/version.map
+++ b/src/version.map
@@ -16,6 +16,7 @@ global:
 		*session_matched_rules_notify*;
 		*session_matched_rules_copy*;
 		*session_packet_capture_by_rules_notify*;
+		*session_dimension_*;
 		*GIT*;
 	};
   local: *;
author	刘学利 <[email protected]>	2023-08-06 10:45:19 +0000
committer	刘学利 <[email protected]>	2023-08-06 10:45:19 +0000
commit	79ca2d2ac4150af89807928370e79a4d84a016f7 (patch)
tree	f05b637477aa53a9d77c3decce87a85f913e2852 /src
parent	e089f98c5a01532fc4c72536fbce55455969ed06 (diff)