summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/tsg_entry.cpp4357
1 files changed, 2178 insertions, 2179 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index f8ae18e..8a3624e 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1,2179 +1,2178 @@
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <sys/time.h>
-#include <unistd.h>
-
-#include <MESA/http.h>
-#include <MESA/ftp.h>
-#include <MESA/ssl.h>
-#include <MESA/mail.h>
-#include <MESA/quic.h>
-#include "MESA/sip.h"
-#include <MESA/stream.h>
-#include <MESA/MESA_prof_load.h>
-#include <MESA/MESA_handle_logger.h>
-#include <MESA/MESA_jump_layer.h>
-
-#include "app_label.h"
-#include "tsg_rule.h"
-#include "tsg_entry.h"
-#include "tsg_send_log.h"
-#include "tsg_statistic.h"
-#include "tsg_send_log_internal.h"
-#include "tsg_ssl_utils.h"
-#include "tsg_ssh_utils.h"
-#include "tsg_protocol_common.h"
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL
-#define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v)
-
-/* VERSION TAG */
-#ifdef GIT_VERSION
-GIT_VERSION_EXPEND(GIT_VERSION);
-#else
-static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL;
-#endif
-#undef GIT_VERSION_CATTER
-#undef GIT_VERSION_EXPEND
-
-#ifdef __cplusplus
-}
-#endif
-
-struct session_record_ctx
-{
- struct TLD_handle_t *log;
- tsg_protocol_t proto_type;
-};
-
-char TSG_MASTER_VERSION_20200805 = 0;
-const char *tsg_conffile="tsgconf/main.conf";
-g_tsg_para_t g_tsg_para;
-
-id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
- {0, TSG_FS2_UDP_LINKS, "udp_links"},
- {0, TSG_FS2_BYPASS, "bypass"},
- {0, TSG_FS2_HIT_ADDR, "hit_addr"},
- {0, TSG_FS2_HIT_SHARE, "hit_share"},
- {0, TSG_FS2_INTERCEPT, "intercept"},
- {0, TSG_FS2_EXCLUSION, "exclusion"},
- {0, TSG_FS2_SUCCESS_LOG, "success_log"},
- {0, TSG_FS2_FAILED_LOG, "failed_log"},
- {0, TSG_FS2_DROP_LOG, "drop_log"},
- {0, TSG_FS2_ABORT_ALLOW, "abort_allow"},
- {0, TSG_FS2_ABORT_DENY, "abort_deny"},
- {0, TSG_FS2_ABORT_MONITOR, "abort_monitor"},
- {0, TSG_FS2_ABORT_INTERCEPT, "abort_intercept"},
- {0, TSG_FS2_ABORT_UNKNOWN, "abort_unknown"},
- {0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
- {0, TSG_FS2_APP_Q_RESULT, "Q_result"},
- {0, TSG_FS2_APP_USER_RESULT, "U_result"},
- {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"},
- {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
- {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
- {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
- {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
- {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
- {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
- {0, TSG_FS2_DDOS_SUCCESS_LOG, "ddos_suc_log"},
- {0, TSG_FS2_DDOS_FAILED_LOG, "ddos_fai_log"},
- {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
- {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"},
- {0, TSG_FS2_CREATE_LOG_HANDLE, "create_log_cnt"},
- {0, TSG_FS2_DUP_LOG_HANDLE, "dup_log_cnt"},
- {0, TSG_FS2_APPEND_LOG_HANDLE, "append_log_cnt"},
- {0, TSG_FS2_FREE_LOG_HANDLE, "free_log_cnt"},
- {0, TSG_FS2_FREE_RAPID_SIZE, "free_rapid_size"},
- {0, TSG_FS2_FREE_RAPID_CAPACITY, "free_rapid_capacity"}
- };
-
-id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
- {PROTO_IPv4, 0, "IPV4"},
- {PROTO_IPv6, 0, "IPV6"},
- {PROTO_TCP, 0, "TCP"},
- {PROTO_UDP, 0, "UDP"},
- {PROTO_HTTP, 0, "HTTP"},
- {PROTO_MAIL, 0, "MAIL"},
- {PROTO_DNS, 0, "DNS"},
- {PROTO_FTP, 0, "FTP"},
- {PROTO_SSL, 0, "SSL"},
- {PROTO_SIP, 0, "SIP"},
- {PROTO_BGP, 0, "BGP"},
- {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
- {PROTO_QUIC, 0, "QUIC"},
- {PROTO_SSH, 0, "SSH"},
- {PROTO_SMTP, 0, "SMTP"},
- {PROTO_IMAP, 0, "IMAP"},
- {PROTO_POP3, 0, "POP3"},
- {PROTO_RTP, 0, "RTP"},
- {PROTO_APP, 0, "APP"},
- {PROTO_L2TP, 0, "L2TP"},
- {PROTO_PPTP, 0, "PPTP"}
- };
-
-#define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1
-
-static int init_context(void **pme, int thread_seq)
-{
- *pme=dictator_malloc(thread_seq, sizeof(struct master_context));
- memset(*pme, 0, sizeof(struct master_context));
-
- return 0;
-}
-
-static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
-{
- int ret=0,flags=0;
- char buff[4096]={0};
- cJSON *object=NULL;
-
- FILE *fp=fopen(filename, "rb");
- if(fp)
- {
- ret=fread(buff, sizeof(buff), 1, fp);
- if(ret<(int)sizeof(buff))
- {
- object=cJSON_Parse(buff);
- if(object)
- {
- cJSON *item=cJSON_GetObjectItem(object, "sn");
- if(item && item->valuestring!=NULL && device_sn_len>(int)strlen(item->valuestring))
- {
- flags=1;
- memcpy(device_sn, item->valuestring, strlen(item->valuestring));
- }
- cJSON_Delete(object);
- object=NULL;
- }
- }
-
- fclose(fp);
- fp=NULL;
- }
-
- return flags;
-}
-
-static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict *dict, unsigned short *timeout)
-{
- if(a_stream==NULL || dict==NULL)
- {
- return 0;
- }
-
- switch(a_stream->type)
- {
- case STREAM_TYPE_TCP:
- if((*timeout) >= dict->tcp_timeout)
- {
- return 0;
- }
-
- *timeout=dict->tcp_timeout;
- break;
- case STREAM_TYPE_UDP:
- if((*timeout) >= dict->udp_timeout)
- {
- return 0;
- }
-
- *timeout=dict->udp_timeout;
- break;
- default:
- return 0;
- }
-
- int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short));
- if(ret<0)
- {
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1);
- }
- else
- {
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1);
- }
-
- return 1;
-}
-
-static int get_device_id(char *command, int datacenter_id)
-{
- FILE *fp=NULL;
- char buffer[128]={0};
-
- fp=popen(command, "r");
- if(fp)
- {
- fgets(buffer,sizeof(buffer),fp);
- pclose(fp);
- }
-
- return (datacenter_id<<7)+(atoi(buffer)%128);
-}
-
-static int get_deploy_mode(void)
-{
- char s_mode[128]={0};
- int len=sizeof(s_mode);
- int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len);
- if(ret>=0)
- {
- if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0)
- {
- g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
- }
- else if((memcmp(s_mode, "inline", strlen(s_mode)))==0)
- {
- g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE;
- }
- else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0)
- {
- g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT;
- }
- else
- {
- g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
- }
- }
-
- return 0;
-}
-
-static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context)
-{
- if(g_tsg_para.hit_path_switch==0)
- {
- return 0;
- }
-
- char path_buff[1024*128]={0};
- int i=0, n_read=0, offset=0;
- struct Maat_hit_path_t hit_path[1024];
-
- n_read=Maat_get_scan_status(g_tsg_maat_feather, &(context->mid), MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
- for(i=0; i<n_read; i++)
- {
- if(i==0)
- {
- path_buff[offset++]='[';
- }
- offset+=snprintf(path_buff+offset,
- sizeof(path_buff)-offset,
- "{n:%d,v_id:%d,c_id:%d,t_id:%d,s_id:%d,r_id:%d},",
- hit_path[i].Nth_scan,
- hit_path[i].virtual_table_id,
- hit_path[i].compile_id,
- hit_path[i].top_group_id,
- hit_path[i].sub_group_id,
- hit_path[i].region_id
- );
- }
-
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "HIT_PATH", "Hit path: %s{}] addr: %s", path_buff, PRINTADDR(a_stream, g_tsg_para.level));
-
- return 1;
-}
-
-static void free_user_item(char *item)
-{
- if(item!=NULL)
- {
- free(item);
- item=NULL;
- }
-}
-
-static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt)
-{
- int i=0;
-
- for(i=0; i<hit_cnt; i++)
- {
- if(result[i].action==TSG_ACTION_BYPASS || result[i].action==TSG_ACTION_INTERCEPT || result[i].action==TSG_ACTION_DENY)
- {
- return 0;
- }
- }
-
- return 1;
-}
-
-static int is_hited_allow(struct Maat_rule_t *result, int hit_cnt)
-{
- int i=0;
-
- for(i=0; i<hit_cnt; i++)
- {
- if(result[i].action==TSG_ACTION_BYPASS)
- {
- return 1;
- }
- }
-
- return 0;
-}
-
-static int is_dns_protocol(const struct streaminfo *a_stream)
-{
- struct stream_tuple4_v4 *tpl4 = NULL;
- struct stream_tuple4_v6 *tpl6 = NULL;
-
- if(a_stream->pudpdetail==NULL || a_stream->pudpdetail->pdata==NULL || a_stream->pudpdetail->datalen<12)
- {
- return 0;
- }
-
- switch(a_stream->addr.addrtype)
- {
- case ADDR_TYPE_IPV4:
- tpl4=a_stream->addr.tuple4_v4;
- if((ntohs(tpl4->source)!=53) && (ntohs(tpl4->dest)!=53))
- {
- return 0;
- }
- break;
- case ADDR_TYPE_IPV6:
- tpl6=a_stream->addr.tuple4_v6;
- if((ntohs(tpl6->source)!=53) && (ntohs(tpl6->dest)!=53))
- {
- return 0;
- }
- break;
- default:
- return 0;
- break;
- }
-
- struct _dns_hdr *dns_hdr=(struct _dns_hdr *)(a_stream->pudpdetail->pdata);
- if(dns_hdr->qdcount==1 && dns_hdr->z==0)
- {
- return 1;
- }
-
- return 0;
-}
-
-int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data)
-{
- if(a_stream==NULL || project_id<0)
- {
- return 0;
- }
-
- int ret=project_req_add_struct((struct streaminfo *)a_stream, project_id, data);
- if(ret<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_FATAL,
- "PROJECT",
- "Add project failed, project_id: %d addr: %s",
- project_id,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
- return 0;
- }
-
- return 1;
-}
-
-const void *get_struct_project(const struct streaminfo *a_stream, int project_id)
-{
- if(a_stream==NULL || project_id<0)
- {
- return NULL;
- }
-
- return project_req_get_struct(a_stream, project_id);
-}
-static int get_table_id(tsg_protocol_t protocol)
-{
- switch(protocol)
- {
- case PROTO_HTTP:
- return g_tsg_para.table_id[TABLE_HTTP_HOST];
- case PROTO_SSL:
- return g_tsg_para.table_id[TABLE_SSL_SNI];
- case PROTO_QUIC:
- return g_tsg_para.table_id[TABLE_QUIC_SNI];
- default:
- break;
- }
-
- return -1;
-}
-
-static int get_raw_packet_len(const struct streaminfo *a_stream)
-{
- int raw_packet_len=0;
-
- if(a_stream->type==STREAM_TYPE_TCP)
- {
- if(a_stream->ptcpdetail==NULL || a_stream->ptcpdetail->pdata==NULL || a_stream->ptcpdetail->datalen<=0)
- {
- return 0;
- }
- }
-
- int ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_TOT_LEN, &raw_packet_len);
- if(ret<0)
- {
- return 0;
- }
-
- return raw_packet_len;
-}
-
-static int get_default_para(const struct streaminfo *a_stream, int compile_id)
-{
- int after_n_packets=0;
- struct Maat_rule_t p_result={0};
- struct compile_user_region *user_region=NULL;
-
- p_result.config_id=compile_id;
- user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
- if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
- {
- if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY)
- {
- switch(a_stream->type)
- {
- case STREAM_TYPE_TCP:
- after_n_packets=user_region->session_para->tcp.after_n_packets;
- break;
- case STREAM_TYPE_UDP:
- after_n_packets=user_region->session_para->udp.after_n_packets;
- break;
- default:
- break;
- }
- }
-
- security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
- }
-
- return after_n_packets;
-}
-
-static int get_default_policy(int compile_id, struct Maat_rule_t *result)
-{
- struct Maat_rule_t p_result={0};
- struct compile_user_region *user_region=NULL;
-
- p_result.config_id=compile_id;
- user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
- if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
- {
- if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY)
- {
- memcpy(result, &(user_region->session_para->result), sizeof(struct Maat_rule_t));
- }
-
- security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
- return 1;
- }
-
- return 0;
-}
-
-static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
-{
- if(after_n_packets<=0 || a_stream->pdetail==NULL)
- {
- return 0;
- }
-
- switch(a_stream->type)
- {
- case STREAM_TYPE_TCP:
- if((int)(a_stream->ptcpdetail->clientpktnum+a_stream->ptcpdetail->serverpktnum) >= after_n_packets)
- {
- return 1;
- }
- break;
- case STREAM_TYPE_UDP:
- if((int)(a_stream->pudpdetail->clientpktnum+a_stream->pudpdetail->serverpktnum) >= after_n_packets)
- {
- return 1;
- }
- break;
- default:
- break;
- }
-
- return 0;
-}
-
-static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct master_context *context, int thread_seq)
-{
- tsg_log_t log_msg;
- char quic_version[64]={0};
- char *domain_field_name=NULL;
- char *schema_field_name=NULL;
- char *quic_ua_field_name=NULL;
- char *quic_version_field_name=NULL;
- struct TLD_handle_t *TLD_handle=NULL;
- tsg_protocol_t proto=PROTO_UNKONWN;
- struct tsg_conn_sketch_notify_data *notify=NULL;
- if(context!=NULL)
- {
- proto=context->proto;
- }
-
- log_msg.a_stream=(struct streaminfo *)a_stream;
- log_msg.result=p_result;
- log_msg.result_num=result_num;
-
- if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0)
- {
- notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
- if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL)
- {
- TLD_handle = TLD_duplicate(notify->pdata.TLD_handle);
- if (TLD_handle!=NULL)
- {
- tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
- return 1;
- }
- }
- }
-
- TLD_handle=TLD_create(thread_seq);
- schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE);
-
- if(proto>PROTO_UNKONWN && proto<PROTO_MAX)
- {
- if(proto==PROTO_IMAP || proto==PROTO_SMTP || proto==PROTO_POP3)
- {
- TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_MAIL].name, TLD_TYPE_STRING);
- TLD_append(TLD_handle, (char *)"mail_protocol_type", (void *)g_tsg_proto_name2id[proto].name, TLD_TYPE_STRING);
- }
- else
- {
- TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[proto].name, TLD_TYPE_STRING);
- }
-
- if(context->domain!=NULL)
- {
- switch(proto)
- {
- case PROTO_HTTP:
- domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST);
- TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING);
- break;
- case PROTO_SSL:
- domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI);
- TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING);
- break;
- case PROTO_QUIC:
- domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI);
- TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING);
- break;
- default:
- break;
- }
- }
-
- if(context->quic_version>0)
- {
- if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version)))
- {
- quic_version_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_VERSION);
- TLD_append(TLD_handle, quic_version_field_name, (void *)quic_version, TLD_TYPE_STRING);
- }
-
- if(context->quic_ua!=NULL)
- {
- quic_ua_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_USER_AGENT);
- TLD_append(TLD_handle, quic_ua_field_name, (void *)context->quic_ua, TLD_TYPE_STRING);
- }
- }
- }
- else
- {
- TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING);
- }
-
- tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
-
- if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID)
- {
- tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq);
- }
-
- return 1;
-}
-
-
-static int tsg_proto_name2flag(char *proto_list, int *flag)
-{
- int i=0;
- char *s=NULL,*e=NULL;
-
- s=proto_list;
- while(s)
- {
- e=index(s, ';');
- if(!e)
- {
- break;
- }
-
- for(i=0; i< PROTO_MAX; i++)
- {
- if((memcmp(s, g_tsg_proto_name2id[i].name, e-s))==0)
- {
- *flag|=(1<<g_tsg_proto_name2id[i].type);
- break;
- }
- }
-
- s=e+1;
- }
-
- return 0;
-}
-
-static void free_context_label(int thread_seq, void *project_req_value)
-{
- struct master_context *context=(struct master_context *)project_req_value;
- if(context!=NULL)
- {
- if(context->domain!=NULL)
- {
- dictator_free(thread_seq, (void *)context->domain);
- context->domain=NULL;
- }
-
- if(context->quic_ua!=NULL)
- {
- dictator_free(thread_seq, (void *)context->quic_ua);
- context->quic_ua=NULL;
- }
-
- if(context->result!=NULL)
- {
- dictator_free(thread_seq, (void *)context->result);
- context->result=NULL;
- }
-
- if(context->mid!=NULL)
- {
- Maat_clean_status(&context->mid);
- context->mid=NULL;
- }
-
- dictator_free(thread_seq, (void *)context);
- context=NULL;
- }
-
- project_req_value=NULL;
-
- return ;
-}
-
-static void free_tcpall_label(int thread_seq, void *project_req_value)
-{
- if(project_req_value!=NULL)
- {
- struct tcpall_context *context=(struct tcpall_context *)project_req_value;
- if(context->para!=NULL)
- {
- switch(context->method_type)
- {
- case TSG_METHOD_TYPE_RATE_LIMIT:
- destroy_bucket(&(context->bucket), thread_seq);
- break;
- default:
- break;
- }
- }
-
- dictator_free(thread_seq, project_req_value);
- project_req_value=NULL;
- }
-
- return ;
-}
-
-static void free_policy_label(int thread_seq, void *project_req_value)
-{
- if(project_req_value!=NULL)
- {
- dictator_free(thread_seq, project_req_value);
- project_req_value=NULL;
- }
-}
-
-void free_gather_app_result(int thread_seq, void *project_req_value)
-{
- if(project_req_value!=NULL)
- {
- dictator_free(thread_seq, project_req_value);
- project_req_value=NULL;
- }
-}
-
-static void copy_monitor_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int result_num, int thread_seq)
-{
- int i=0;
-
- if(context->result==NULL)
- {
- context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)*MAX_RESULT_NUM);
-
- for(i=0; i<result_num && p_result[i].action!=TSG_ACTION_INTERCEPT && context->hit_cnt<MAX_RESULT_NUM; i++) // SSL Decryption Exclusion
- {
- memcpy(context->result+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t));
- context->hit_cnt+=1;
- }
- }
- else
- {
- if(context->result[0].action==TSG_ACTION_MONITOR)
- {
- for(i=0; i<result_num && p_result[i].action!=TSG_ACTION_INTERCEPT && context->hit_cnt<MAX_RESULT_NUM; i++) // SSL Decryption Exclusion
- {
- memcpy(context->result+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t));
- context->hit_cnt+=1;
- }
- }
- }
-
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "MONITOR",
- "Hit monitor policy, policy_id: %d service: %d action: %d addr: %s",
- p_result[0].config_id,
- p_result[0].service_id,
- (unsigned char)p_result[0].action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
-
-}
-
-static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq)
-{
- int ret=0;
- struct policy_priority_label *priority_label=NULL;
-
- priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
- if(priority_label==NULL)
- {
- priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));
- }
- else
- {
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "DUP_HIT_POLICY",
- "Hit policy, domain: %s policy_id: %d action: %d addr: %s",
- (domain!=NULL ? domain : ""),
- p_result->config_id,
- (unsigned char)p_result->action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
- }
-
- memset(priority_label, 0, sizeof(struct policy_priority_label));
-
- priority_label->proto=proto;
- if(domain!=NULL)
- {
- priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(domain));
- memcpy(priority_label->domain, domain, priority_label->domain_len);
- }
-
- priority_label->result_num=1;
- priority_label->result_type=result_type;
- memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
-
- ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
- if(ret<0)
- {
- free_policy_label(thread_seq, (void *)priority_label);
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_FATAL,
- "PROJECT_ADD",
- "Add policy_priority_label failed, policy, domain: %s policy_id: %d action: %d addr: %s",
- (domain!=NULL ? domain : ""),
- priority_label->result[0].config_id,
- (unsigned char)priority_label->result[0].action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
- }
-
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "COPY_RESULT",
- "Hit policy, domain: %s policy_id: %d action: %d addr: %s",
- (domain!=NULL ? domain : ""),
- priority_label->result[0].config_id,
- (unsigned char)priority_label->result[0].action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
-
- return ;
-}
-
-static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq)
-{
- if(context->result==NULL)
- {
- context->hit_cnt=1;
- context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t));
-
- memcpy(context->result, p_result, sizeof(struct Maat_rule_t));
- }
- else
- {
- if(context->result[0].action==TSG_ACTION_BYPASS)
- {
- if(p_result->config_id>context->result[0].config_id)
- {
- context->hit_cnt=1;
- memcpy(&(context->result[0]), p_result, sizeof(struct Maat_rule_t));
- }
- }
- else // hit monitor
- {
- context->hit_cnt=1;
- memcpy(context->result, p_result, sizeof(struct Maat_rule_t));
- }
- }
-
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "ALLOW",
- "Hit allow policy, policy_id: %d service: %d action: %d addr: %s",
- p_result[0].config_id,
- p_result[0].service_id,
- (unsigned char)p_result[0].action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
-
- return ;
-}
-
-static int l7_protocol_mapper(const char *filename)
-{
- int ret=0;
- FILE *fp=NULL;
- char line[1024]={0};
- char type_name[32]={0};
- struct l7_protocol *protocol=NULL;
-
- fp=fopen(filename, "r");
- if(fp==NULL)
- {
- printf("Open %s failed ...", filename);
- return -1;
- }
-
- memset(line, 0, sizeof(line));
-
- while((fgets(line, sizeof(line), fp))!=NULL)
- {
- if(line[0]=='#' || line[0]=='\n' || line[0]=='\r' ||line[0]=='\0')
- {
- continue;
- }
-
- protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol));
- ret=sscanf(line, "%s %s %d", type_name, protocol->name, &protocol->id);
- assert(ret==3);
-
- HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol);
- HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol);
-
- memset(line, 0, sizeof(line));
- }
-
- fclose(fp);
- fp=NULL;
-
- return 1;
-}
-
-char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
-{
- struct l7_protocol *l7_proto=NULL;
- HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto);
- if(l7_proto!=NULL)
- {
- return l7_proto->name;
- }
-
- return NULL;
-}
-
-unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
-{
- struct l7_protocol *l7_proto=NULL;
-
- HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto);
- if(l7_proto!=NULL)
- {
- return l7_proto->id;
- }
-
- return 0;
-}
-
-static int set_l7_protocol_to_pme(struct master_context *context, unsigned int app_id)
-{
- int i=0;
- char *l7_protocol_name=NULL;
- l7_protocol_name=tsg_l7_protocol_id2name(app_id);
- if(l7_protocol_name!=NULL)
- {
- for(i=PROTO_HTTP; i<PROTO_MAX; i++)
- {
- if((strcasecmp(g_tsg_proto_name2id[i].name, l7_protocol_name))==0)
- {
- context->proto=(tsg_protocol_t)g_tsg_proto_name2id[i].type;
- return 1;
- }
- }
- }
-
- context->proto=PROTO_APP;
-
- return 0;
-}
-
-int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq)
-{
- int ret=0;
- scan_status_t mid=NULL;
- Maat_rule_t tmp_result;
-
- if(domain!=NULL)
- {
- ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq);
- if(mid!=NULL)
- {
- Maat_clean_status(&mid);
- mid=NULL;
- }
-
- if(ret>0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "EXCLUSION_SSL_SNI",
- "Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s",
- domain,
- tmp_result.config_id,
- tmp_result.service_id,
- (unsigned char)tmp_result.action,
- p_result->config_id,
- p_result->service_id,
- (unsigned char)p_result->action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
-
- return 1;
- }
-
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "EXCLUSION_SSL_SNI",
- "Not hit %s stream_dir: %d addr: %s scan ret: %d",
- domain,
- a_stream->dir,
- PRINTADDR(a_stream, g_tsg_para.level),
- ret
- );
- }
-
- return 0;
-}
-
-static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq)
-{
- int scan_ret=0;
- struct session_attribute_label *attribute_label=NULL;
-
- attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
- if(attribute_label!=NULL && domain!=NULL && table_id>=0)
- {
- attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq);
- scan_ret=tsg_scan_fqdn_category_id(g_tsg_maat_feather, a_stream, result, result_num, mid, table_id, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num, thread_seq);
- }
-
- return scan_ret;
-}
-
-static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol_t protocol)
-{
- struct gather_app_result *gather_result=NULL;
-
- gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
- if(gather_result!=NULL)
- {
- return 0;
- }
-
- gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
- memset(gather_result, 0, sizeof(struct gather_app_result));
- set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
-
- int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
- if(app_id>0)
- {
- gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1;
- gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id;
- gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
- }
-
- return 0;
-}
-
-void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq)
-{
- unsigned long long create_time=0;
- unsigned long long current_time=0;
- int ret=0,size=sizeof(create_time);
- struct _ssl_ja3_info_t *ja3_info=NULL;
- struct session_attribute_label *attribute_label=NULL;
-
- attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
- if(attribute_label==NULL)
- {
- attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label));
- memset(attribute_label, 0, sizeof(struct session_attribute_label));
-
- ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label);
- if(ret<0)
- {
- dictator_free(thread_seq, (void *)attribute_label);
- attribute_label=NULL;
-
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_FATAL,
- "PROJECT_ADD",
- "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s",
- attribute_label->establish_latency_ms,
- attribute_label->proto,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
- return ;
- }
- }
-
- switch(type)
- {
- case TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY:
- ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size);
- if(ret<0)
- {
- break;
- }
-
- size=sizeof(current_time);
- ret=sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, (void *)&current_time, &size);
- if(ret<0)
- {
- break;
- }
-
- attribute_label->establish_latency_ms=current_time-create_time;
- break;
- case TSG_ATTRIBUTE_TYPE_PROTOCOL:
- attribute_label->proto=(tsg_protocol_t)(*(int *)value);
- break;
- case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE:
- attribute_label->http_action_file_size=(*(int *)value);
- break;
- case TSG_ATTRIBUTE_TYPE_JA3_HASH:
- ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
- if(ja3_info!=NULL)
- {
- if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0)
- {
- attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
- memset(attribute_label->ja3_fingerprint, 0, ja3_info->fp_len+1);
- memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
- }
- }
- break;
- case TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO:
- tsg_get_umts_user_info(a_stream, &(attribute_label->user_info));
- break;
- case TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID:
- tsg_get_subscribe_id(a_stream, &attribute_label->client_subscribe_id, &attribute_label->server_subscribe_id);
- break;
- case TSG_ATTRIBUTE_TYPE_ASN:
- tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn));
- tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn));
- break;
- case TSG_ATTRIBUTE_TYPE_LOCATION:
- tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
- tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
- break;
- case TSG_ATTRIBUTE_TYPE_CATEGORY_ID:
- if(value_len<=0 || value_len>MAX_CATEGORY_ID_NUM)
- {
- break;
- }
- memcpy(attribute_label->fqdn_category_id, value, sizeof(unsigned int)*value_len);
- attribute_label->fqdn_category_id_num=value_len;
- break;
- default:
- break;
- }
-
- return ;
-}
-
-static int set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr)
-{
- struct tcphdr *tcp=NULL;
-
- if(ip_hdr==NULL || a_tcp==NULL)
- {
- return 0;
- }
-
- switch(a_tcp->addr.addrtype)
- {
- case ADDR_TYPE_IPV4:
- tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP);
- break;
- case ADDR_TYPE_IPV6:
- tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V6, ADDR_TYPE_TCP);
- break;
- default:
- return 0;
- break;
- }
-
- if((tcp!=NULL) && !(tcp->syn))
- {
- set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY, NULL, 0, a_tcp->threadnum);
- return 1;
- }
-
- return 0;
-}
-
-int tsg_set_device_id_to_telegraf(char *device_sn)
-{
- char buff[128]={0};
- FILE *fp=NULL;
-
- if(device_sn)
- {
- fp=fopen("/etc/default/telegraf", "wb");
- if(fp)
- {
- snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn);
- fwrite(buff, strlen(buff), 1, fp);
- fclose(fp);
- fp=NULL;
- return 0;
- }
- }
-
- return -1;
-}
-
-static void free_session_attribute_label(int thread_seq, void *project_req_value)
-{
- struct session_attribute_label *label=(struct session_attribute_label *)project_req_value;
-
- if(label!=NULL)
- {
- if(label->client_asn!=NULL)
- {
- ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger);
- label->client_asn=NULL;
- }
-
- if(label->server_asn!=NULL)
- {
- ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger);
- label->server_asn=NULL;
- }
-
- if(label->client_location!=NULL)
- {
- location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger);
- label->client_location=NULL;
- }
-
- if(label->server_location!=NULL)
- {
- location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger);
- label->server_location=NULL;
- }
-
- if(label->client_subscribe_id!=NULL)
- {
- subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger);
- label->client_subscribe_id=NULL;
- }
-
- if(label->server_subscribe_id!=NULL)
- {
- subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger);
- label->server_subscribe_id=NULL;
- }
-
- if(label->ja3_fingerprint!=NULL)
- {
- dictator_free(thread_seq, (void *)label->ja3_fingerprint);
- label->ja3_fingerprint=NULL;
- }
-
- if(label->user_info!=NULL)
- {
- free_user_item(label->user_info->apn);
- free_user_item(label->user_info->imsi);
- free_user_item(label->user_info->imei);
- free_user_item(label->user_info->msisdn);
-
- dictator_free(thread_seq, (void *)label->user_info);
- label->user_info=NULL;
- }
-
- dictator_free(thread_seq, project_req_value);
- project_req_value=NULL;
- }
-}
-
-struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num)
-{
- int i=0;
- Maat_rule_t *p_result=NULL;
-
- for(i=0; i<result_num; i++)
- {
- if(p_result==NULL)
- {
- p_result=&result[i];
- continue;
- }
-
- if((unsigned char)result[i].action>(unsigned char)p_result->action)
- {
- p_result=&result[i];
- continue;
- }
-
- if(result[i].action==p_result->action)
- {
- if(result[i].config_id>p_result->config_id)
- {
- p_result=&result[i];
- }
- }
- }
-
- return p_result;
-}
-
-static int identify_application_protocol(const struct streaminfo *a_stream, struct master_context *context, void *a_packet)
-{
- int ret=0, length=0;
-
- switch(a_stream->type)
- {
- case STREAM_TYPE_TCP:
- if(g_tsg_para.proto_flag&(1<<PROTO_HTTP)) //http
- {
- char *host=NULL;
- length=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host);
- if(length>=0)
- {
- context->proto=PROTO_HTTP;
- if(length>0 && host!=NULL)
- {
- context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1);
- memset(context->domain, 0, length+1);
- memcpy(context->domain, host, length);
- }
- return 1;
- }
- }
-
- if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl
- {
- enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
- struct ssl_chello *chello = NULL;
-
- chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
- if(chello_status==CHELLO_PARSE_SUCCESS)
- {
- context->proto=PROTO_SSL;
- if(chello->sni!=NULL)
- {
- length=strlen(chello->sni);
- context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1);
- memset(context->domain, 0, length+1);
- memcpy(context->domain, chello->sni, length);
- }
-
- context->is_esni=(int)chello->is_encrypt_sni;
-
- ssl_chello_free(chello);
- return 1;
- }
-
- ssl_chello_free(chello);
- }
-
- if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp
- {
- ret=ftp_control_identify((struct streaminfo *)a_stream);
- if(ret>0)
- {
- context->proto=PROTO_FTP;
- return 1;
- }
- }
-
- if(g_tsg_para.proto_flag&(1<<PROTO_MAIL)) //mail
- {
- ret=mail_protocol_identify_by_first_payload((struct streaminfo *)a_stream,(char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum);
- if(ret>0)
- {
- switch(ret)
- {
- case SMTP_PROTOCOL:
- context->proto=PROTO_SMTP;
- return 1;
- break;
- case POP3_PROTOCOL:
- context->proto=PROTO_POP3;
- return 1;
- break;
- case IMAP_PROTOCOL:
- context->proto=PROTO_IMAP;
- return 1;
- break;
- default:
- break;
- }
- }
- }
-
- if(g_tsg_para.proto_flag&(1<<PROTO_SSH)) //ssh
- {
- ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger);
- if(ret > 0)
- {
- context->proto=PROTO_SSH;
- return 1;
- }
- }
-
- break;
- case STREAM_TYPE_UDP:
- if(g_tsg_para.proto_flag&(1<<PROTO_DNS)) //dns
- {
- if(is_dns_protocol(a_stream))
- {
- context->proto=PROTO_DNS;
- return 1;
- }
- }
-
- if(g_tsg_para.proto_flag&(1<<PROTO_QUIC)) //quic
- {
- char ua_buff[512]={0};
- char sni_buff[512]={0};
- int sni_len=sizeof(sni_buff),ua_len=sizeof(ua_buff);
- context->quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len);
- if(context->quic_version > 0)
- {
- context->proto=PROTO_QUIC;
- if(sni_len>0)
- {
- context->domain=(char *)dictator_malloc(a_stream->threadnum, sni_len+1);
- memcpy(context->domain, sni_buff, sni_len);
- context->domain[sni_len]='\0';
- }
-
- if(ua_len>0)
- {
- context->quic_ua=(char *)dictator_malloc(a_stream->threadnum, ua_len+1);
- memcpy(context->quic_ua, ua_buff, ua_len);
- context->quic_ua[ua_len]='\0';
- }
- return 1;
- }
- }
-
- if(g_tsg_para.proto_flag&(1<<PROTO_SIP))
- {
- unsigned char sip_ret=0;
- char *from=NULL, *to=NULL;
- unsigned int from_len=0, to_len=0;
- sip_ret=sip_identify_from_to((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &from, &from_len, &to, &to_len);
- if(sip_ret==SIP_TRUE)
- {
- context->proto=PROTO_SIP;
- }
-
- return 1;
- }
- break;
- default:
- break;
- }
-
- if(context->proto<PROTO_HTTP || context->proto>PROTO_MAX)
- {
- context->proto = PROTO_UNKONWN;
- }
-
- return ret;
-}
-
-int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq)
-{
- int i=0,hit_num=0;
- char *name=NULL;
- char app_id_buff[32]={0};
- struct app_id_dict *dict=NULL;
-
- for(i=0; i< identify_result->app_id_num; i++)
- {
- snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]);
- dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
- if(dict!=NULL)
- {
- hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->risk, (char *)"risk", thread_seq);
- hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->category, (char *)"category", thread_seq);
- hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->technology, (char *)"technology", thread_seq);
- hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq);
- hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
-
- hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq);
- //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq);
-
- set_app_timeout(a_stream, dict, &(context->timeout));
- app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
- }
- else
- {
- name=tsg_l7_protocol_id2name(identify_result->app_id[i]);
- hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq);
- }
- }
-
- return hit_num;
-}
-
-static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet)
-{
- Maat_rule_t *p_result=NULL;
- unsigned char state=APP_STATE_GIVEME;
- struct tcpall_context *tmp_tcpall_context=NULL;
-
- p_result=tsg_policy_decision_criteria(result, hit_num);
- if(p_result!=NULL)
- {
- print_hit_path(a_stream, context);
- switch((unsigned char)p_result->action)
- {
- case TSG_ACTION_DENY:
- state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet);
- if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER))
- {
- context->hit_cnt=0;
- master_send_log(a_stream, p_result, 1, context, a_stream->threadnum);
- copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum);
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- "DENY",
- "Hit deny policy, policy_id: %d service: %d action: %d addr: %s",
- p_result->config_id,
- p_result->service_id,
- (unsigned char)p_result->action,
- PRINTADDR(a_stream, g_tsg_para.level)
- );
- }
- break;
- case TSG_ACTION_MONITOR:
- if(context->proto==PROTO_RTP)
- {
- break;
- }
- copy_monitor_result(a_stream, context, result, hit_num, a_stream->threadnum);
- tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum);
- break;
- case TSG_ACTION_BYPASS:
- copy_bypass_result(a_stream, context, p_result, a_stream->threadnum);
- copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum);
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
- state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
-
- tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
- break;
- case TSG_ACTION_INTERCEPT:
- if(is_intercept_exclusion(a_stream, p_result, context->domain, a_stream->threadnum))
- {
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1);
- break;
- }
-
- copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_KNI_RESULT, a_stream->threadnum);
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
- state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
-
- tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
- break;
- default:
- break;
- }
- }
-
- return state;
-}
-
-static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)
-{
- int hit_num=0,app_id=-1;
- int is_parent_ssl=0;
- struct master_context *context=NULL;
- struct gather_app_result *gather_result=NULL;
- struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL;
- struct app_identify_result *identify_result=(struct app_identify_result *)data;
-
- if(data==NULL)
- {
- return 0;
- }
-
- context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id);
- if(context==NULL)
- {
- init_context((void **)(&context), a_stream->threadnum);
- set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context);
- }
-
- gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
- if(gather_result==NULL)
- {
- gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
- memset(gather_result, 0, sizeof(struct gather_app_result));
- set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
- }
-
- switch(identify_result->origin)
- {
- case ORIGIN_DKPT:
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1);
- break;
- case ORIGIN_QM_ENGINE:
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1);
- break;
- case ORIGIN_USER_DEFINE:
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1);
- break;
- case ORIGIN_BUILT_IN:
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1);
- break;
- case ORIGIN_BASIC_PROTOCOL:
- if(context->proto==PROTO_UNKONWN || context->proto==PROTO_APP)
- {
- set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]);
- }
-
- app_id=identify_result->app_id[identify_result->app_id_num-1];
- if(app_id==(int)tsg_l7_protocol_name2id("SMTPS") ||
- app_id==(int)tsg_l7_protocol_name2id("IMAPS") ||
- app_id==(int)tsg_l7_protocol_name2id("POP3S") ||
- app_id==(int)tsg_l7_protocol_name2id("FTPS") ||
- app_id==(int)tsg_l7_protocol_name2id("HTTPS")
- )
- {
- is_parent_ssl=1;
- }
- break;
- default:
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
- return 0;
- }
-
- memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
-
- if(context->mid==NULL)
- {
- return 0;
- }
-
- record_time_start(&(context->last_scan_time));
- hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum);
- p_result=tsg_policy_decision_criteria(scan_result, hit_num);
- if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
- {
- return 0;
- }
-
- master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL);
-
- return 0;
-}
-
-
-static int deal_pending_state(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int result_num, void *a_packet)
-{
- int i=0,table_id=0;
- int ret=0,hit_num=0;
- unsigned int protocol_id=0;
- struct gather_app_result *identify_result=NULL;
-
- ret=identify_application_protocol(a_stream, context, a_packet);
- if(ret==1)
- {
- set_l7_protocol_label(a_stream, context->proto);
- set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum);
-
- if(context->proto==PROTO_SSL)
- {
- set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, 0, a_stream->threadnum);
- }
-
- table_id=get_table_id(context->proto);
- hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum);
- hit_num+=scan_fqdn_category_id(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum);
- if(context->is_esni)
- {
- protocol_id=tsg_l7_protocol_name2id("ESNI");
- hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, (char *)"ESNI", protocol_id, a_stream->threadnum);
- }
- }
-
- ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, result+hit_num, MAX_RESULT_NUM-hit_num);
- if(ret>0)
- {
- hit_num+=ret;
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
- }
-
- identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
- for(i=0; i<ORIGIN_MAX && identify_result!=NULL; i++)
- {
- hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(identify_result->result[i]), a_stream->threadnum);
- }
-
-
- if((is_only_monitor(result, hit_num)) && context->proto!=PROTO_UNKONWN && context->proto!=PROTO_APP && context->proto!=PROTO_SSH) // business deal action of monitor
- {
- hit_num=0;
- }
-
- return hit_num;
-}
-
-
-static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet)
-{
- int i=0, ret=0, hit_num=0;
- unsigned char state=APP_STATE_GIVEME;
- Maat_rule_t scan_result[MAX_RESULT_NUM];
- Maat_rule_t *p_result=NULL;
- struct gather_app_result *identify_result=NULL;
- struct master_context *context=(struct master_context *)*pme;
-
- if(*pme==NULL)
- {
- context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id);
- if(context==NULL)
- {
- init_context(pme, thread_seq);
- context=(struct master_context *)*pme;
- set_struct_project(a_stream, g_tsg_para.context_project_id, *pme);
- }
- else
- {
- *pme=(void *)context;
- }
- record_time_start(&context->last_scan_time);
- }
-
- switch(a_stream->opstate)
- {
- case OP_STATE_PENDING:
- if(a_stream->type==STREAM_TYPE_TCP)
- {
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1);
- }
- else
- {
- FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1);
- }
-
- hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet);
- p_result=tsg_policy_decision_criteria(scan_result, hit_num);
- state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
- break;
- case OP_STATE_DATA:
- //case OP_STATE_CLOSE:
- if(is_hited_allow(context->result, context->hit_cnt))
- {
- break;
- }
-
- if(record_time_elapse_us(&context->last_scan_time) < (g_tsg_para.scan_time_interval*1000000))
- {
- break;
- }
-
- if(context->mid!=NULL)
- {
- Maat_clean_status(&context->mid);
- context->mid=NULL;
- }
-
- record_time_start(&context->last_scan_time);
- ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, scan_result+hit_num, MAX_RESULT_NUM-hit_num);
- if(ret>0)
- {
- hit_num+=ret;
- }
-
- identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
- for(i=0; i<ORIGIN_MAX && identify_result!=NULL; i++)
- {
- hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(identify_result->result[i]), thread_seq);
- }
-
- p_result=tsg_policy_decision_criteria(scan_result, hit_num);
- if(p_result!=NULL && p_result->action!=TSG_ACTION_MONITOR)
- {
- state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
- }
- break;
- default:
- break;
- }
-
- if(context->is_ratelimit==1 && a_stream->type==STREAM_TYPE_TCP)
- {
- state=APP_STATE_KILL_OTHER|APP_STATE_DROPME;
- }
-
- if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME)
- {
- if(context!=NULL && context->is_log==0 && context->hit_cnt>0 && context->result!=NULL)
- {
- context->is_log = 1;
- master_send_log(a_stream, context->result, context->hit_cnt, context, thread_seq);
- }
- *pme = NULL;
- }
-
- return state;
-}
-
-static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet)
-{
- int ret=0,hit_num=0;
- int eth_rawpkt_len=0;
- scan_status_t scan_mid=NULL;
- struct Maat_rule_t *p_result=NULL;
- unsigned char state=APP_STATE_GIVEME;
- struct Maat_rule_t result[MAX_RESULT_NUM]={0};
- struct tcpall_context *context=(struct tcpall_context *)(*pme);
-
- if(stream_state==OP_STATE_PENDING)
- {
- context->method_type=TSG_METHOD_TYPE_DEFAULT;
- context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id);
-
- hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM);
- if(hit_num>0)
- {
- p_result=tsg_policy_decision_criteria(result, hit_num);
- switch(p_result->action)
- {
- case TSG_ACTION_DENY:
- state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet);
- master_send_log(a_stream, p_result, 1, NULL, thread_seq);
- break;
- case TSG_ACTION_MONITOR:
- tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq);
- break;
- default:
- break;
- }
- }
-
- Maat_clean_status(&scan_mid);
- scan_mid=NULL;
- }
-
- switch(context->method_type)
- {
- case TSG_METHOD_TYPE_RATE_LIMIT:
- eth_rawpkt_len=get_raw_packet_len(a_stream);
- if(eth_rawpkt_len<=0)
- {
- break;
- }
-
- ret=is_permit_pass(eth_rawpkt_len*8, context->bucket, thread_seq);
- if(ret==0)
- {
- state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
- }
- break;
- case TSG_METHOD_TYPE_TAMPER:
- if(0 == send_tamper_xxx(a_stream, &context->tamper_count, a_packet)){
- state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
- }else{
- state=APP_STATE_GIVEME;
- }
- context->tamper_count += 1;
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_DEBUG,
- __FUNCTION__,
- "Addr: %s, send_tamper_xxx num %ld",
- PRINTADDR(a_stream, g_tsg_para.level),
- context->tamper_count);
- break;
- case TSG_METHOD_TYPE_DEFAULT:
- if(!is_do_default_policy(a_stream, context->after_n_packets) || stream_state==OP_STATE_CLOSE)
- {
- break;
- }
-
- if(get_default_policy(g_tsg_para.default_compile_id, &result[0]))
- {
- state=tsg_deal_deny_action(a_stream, &result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet);
- master_send_log(a_stream, &result[0], 1, NULL, thread_seq);
- }
- break;
- default:
- break;
- }
-
- return state;
-}
-
-extern "C" unsigned char TSG_MASTER_TCP_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
-{
- return tsg_master_data_entry(a_tcp, pme, thread_seq, a_packet);
-}
-
-struct udp_context
-{
- struct master_context *data_entry;
- struct tcpall_context *all_entry;
-};
-
-extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet)
-{
- unsigned char state1=APP_STATE_GIVEME;
- unsigned char state2=APP_STATE_GIVEME;
- struct udp_context *context=(struct udp_context *)(*pme);
-
- if(*pme==NULL)
- {
- *pme=dictator_malloc(thread_seq, sizeof(struct udp_context));
- memset(*pme, 0, sizeof(struct udp_context));
- context=(struct udp_context *)(*pme);
-
- context->all_entry=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
- memset(context->all_entry, 0, sizeof(struct tcpall_context));
- }
-
- state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet);
- if(context->all_entry==NULL || context->all_entry->method_type!=TSG_METHOD_TYPE_RATE_LIMIT)
- {
- state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet);
- }
-
- if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE)
- {
- dictator_free(thread_seq, *pme);
- *pme=NULL;
- }
-
- return (state1|state2);
-}
-
-extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq, const void *a_packet)
-{
- if(*pme==NULL)
- {
- *pme=(void *)get_struct_project(a_tcp, g_tsg_para.tcpall_project_id);
- if(*pme==NULL)
- {
- *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
- memset(*pme, 0, sizeof(struct tcpall_context));
- set_struct_project(a_tcp, g_tsg_para.tcpall_project_id, (void *)(*pme));
- }
- }
-
- struct tcpall_context *_context=(struct tcpall_context *)(*pme);
-
- if(_context->set_latency_flag==0)
- {
- _context->set_latency_flag=set_tcp_establish_latency_ms(a_tcp, thread_seq, a_packet);
- }
-
- return tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet);
-}
-
-extern "C" int TSG_MASTER_INIT()
-{
- int i=0,ret=0;
- char buff[128]={0};
- int value=0,cycle=0;
- int output_prometheus=0;
- unsigned short fs_server_port=0;
- char app_name[MAX_STRING_LEN]={0};
- char label_buff[MAX_STRING_LEN*4]={0};
- char fs_server_ip[MAX_IPV4_LEN]={0};
- char fs_output_path[MAX_STRING_LEN*4]={0};
- char device_sn_filename[MAX_STRING_LEN]={0};
- char identify_proto_name[MAX_STRING_LEN*4]={0};
-
- memset(&g_tsg_para, 0, sizeof(g_tsg_para));
-
- MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL);
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "tsglog/tsg_master");
-
- g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level);
- if(g_tsg_para.logger==NULL)
- {
- printf("MESA_create_runtime_log_handle failed ...\n");
- return -1;
- }
-
- srand(time(0));
- get_deploy_mode();
-
- MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1);
- MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535);
- MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13);
- MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14);
- MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE);
- MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1);
-
- MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0);
- MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0);
-
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;");
- tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
-
- MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);
- MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
- MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
-
- ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
- if(ret<0)
- {
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL);
- g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id);
- }
- else
- {
- g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128);
- }
-
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json");
- ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn));
- if(ret==0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename);
- }
-
- ret=tsg_set_device_id_to_telegraf(g_tsg_para.device_sn);
- if(ret<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf");
- }
-
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY");
- g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label);
- if(g_tsg_para.priority_project_id<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
- return -1;
- }
-
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL");
- g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label);
- if(g_tsg_para.session_attribute_project_id<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
- }
-
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE");
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT");
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_BEHAVIOR_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR");
-
- for(i=0; i<BRIDGE_TYPE_MAX; i++)
- {
- g_tsg_para.bridge_id[i]=stream_bridge_build(g_tsg_para.bridge_name[i], "w");
- if(g_tsg_para.bridge_id[i]<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge_name[i]);
- }
- }
-
- ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], app_identify_result_cb);
- if(ret<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger,
- RLOG_LV_FATAL,
- "APP_BRIDGE",
- "Register callback failed, bridge_name: %d",
- g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT]
- );
- return -1;
- }
-
- g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label);
- if(g_tsg_para.context_project_id<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "CONTEXT_LABEL", "project_customer_register is error, context label: %s","TSG_MASTER_CONTEXT");
- return -1;
- }
-
- g_tsg_para.tcpall_project_id=project_producer_register("TSG_TCPALL_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_tcpall_label);
- if(g_tsg_para.tcpall_project_id<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "CONTEXT_LABEL", "project_customer_register is error, context label: %s","TSG_TCPALL_CONTEXT");
- return -1;
- }
-
- g_tsg_para.gather_app_project_id=project_producer_register("APP_IDENTIFY_RESULT", PROJECT_VAL_TYPE_STRUCT, free_gather_app_result);
- if(g_tsg_para.gather_app_project_id<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_IDENTIFY_RESULT", "project_customer_register is error, context label: %s","APP_IDENTIFY_RESULT");
- return -1;
- }
-
- char page_path[256];
- memset(page_path, 0, sizeof(page_path));
- MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE403", page_path, sizeof(page_path), "./tsgconf/HTTP403.html");
- g_tsg_para.tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
-
- memset(page_path, 0, sizeof(page_path));
- MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE404", page_path, sizeof(page_path), "./tsgconf/HTTP404.html");
- g_tsg_para.tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
-
- memset(page_path, 0, sizeof(page_path));
- MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE200", page_path, sizeof(page_path), "./tsgconf/HTTP200.html");
- g_tsg_para.tpl_200 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
-
- memset(page_path, 0, sizeof(page_path));
- MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE204", page_path, sizeof(page_path), "./tsgconf/HTTP204.html");
- g_tsg_para.tpl_204 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
-
- ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger);
- if(ret<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ...");
- return -1;
- }
-
- g_tsg_log_instance=tsg_sendlog_init(tsg_conffile);
- if(g_tsg_log_instance==NULL)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ...");
- return -1;
- }
- g_tsg_log_instance->session_attribute_project_id=g_tsg_para.session_attribute_project_id;
-
- MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30);
- MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port));
- MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
- MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log");
- MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master");
- MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1);
-
- g_tsg_para.fs2_handle=FS_create_handle();
-
- value=1;//Rewrite
- FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value));
- value=1;//Do not create stat thread
- FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value));
-
- FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle));
- FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
- FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
-
- value=1;
- FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
-
- if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
- {
- FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1);
- FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
- }
-
- value=FS_OUTPUT_INFLUX_LINE;
- FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value));
-
- for(i=0; i<TSG_FS2_MAX; i++)
- {
- g_tsg_para.fs2_field_id[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_tsg_fs2_field[i].name);
- }
-
- int thread_num=get_thread_count();
- for(i=0; i<thread_num && g_tsg_log_instance!=NULL; i++)
- {
- snprintf(buff, sizeof(buff), "send_log_percent_%02d", i);
- g_tsg_log_instance->fs_status_ids[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_STATUS, FS_CALC_CURRENT, buff);
- }
-
- FS_start(g_tsg_para.fs2_handle);
-
- for(i=0; i<thread_num; i++)
- {
- FS_operate(g_tsg_para.fs2_handle, g_tsg_log_instance->fs_status_ids[i], 0, FS_OP_SET, g_tsg_log_instance->send_log_percent[i]);
- }
-
- ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger);
- if(ret<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ...");
- return -1;
- }
-
- MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf");
- l7_protocol_mapper(buff);
-
- ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger);
- if(ret<0)
- {
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ...");
- return -1;
- }
-
- return 0;
-}
-
-
-
-extern "C" int TSG_MASTER_UNLOAD()
-{
- Maat_burn_feather(g_tsg_maat_feather);
- g_tsg_maat_feather=NULL;
-
- if(g_tsg_para.dynamic_maat_switch==1)
- {
- Maat_burn_feather(g_tsg_dynamic_maat_feather);
- g_tsg_dynamic_maat_feather=NULL;
- }
-
- return 0;
-}
-
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/time.h>
+#include <unistd.h>
+
+#include <MESA/http.h>
+#include <MESA/ftp.h>
+#include <MESA/ssl.h>
+#include <MESA/mail.h>
+#include <MESA/quic.h>
+#include "MESA/sip.h"
+#include <MESA/stream.h>
+#include <MESA/MESA_prof_load.h>
+#include <MESA/MESA_handle_logger.h>
+#include <MESA/MESA_jump_layer.h>
+
+#include "app_label.h"
+#include "tsg_rule.h"
+#include "tsg_entry.h"
+#include "tsg_send_log.h"
+#include "tsg_statistic.h"
+#include "tsg_send_log_internal.h"
+#include "tsg_ssl_utils.h"
+#include "tsg_ssh_utils.h"
+#include "tsg_protocol_common.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL
+#define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v)
+
+/* VERSION TAG */
+#ifdef GIT_VERSION
+GIT_VERSION_EXPEND(GIT_VERSION);
+#else
+static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL;
+#endif
+#undef GIT_VERSION_CATTER
+#undef GIT_VERSION_EXPEND
+
+#ifdef __cplusplus
+}
+#endif
+
+struct session_record_ctx
+{
+ struct TLD_handle_t *log;
+ tsg_protocol_t proto_type;
+};
+
+char TSG_MASTER_VERSION_20200805 = 0;
+const char *tsg_conffile="tsgconf/main.conf";
+g_tsg_para_t g_tsg_para;
+
+id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
+ {0, TSG_FS2_UDP_LINKS, "udp_links"},
+ {0, TSG_FS2_BYPASS, "bypass"},
+ {0, TSG_FS2_HIT_ADDR, "hit_addr"},
+ {0, TSG_FS2_HIT_SHARE, "hit_share"},
+ {0, TSG_FS2_INTERCEPT, "intercept"},
+ {0, TSG_FS2_EXCLUSION, "exclusion"},
+ {0, TSG_FS2_SUCCESS_LOG, "success_log"},
+ {0, TSG_FS2_FAILED_LOG, "failed_log"},
+ {0, TSG_FS2_DROP_LOG, "drop_log"},
+ {0, TSG_FS2_ABORT_ALLOW, "abort_allow"},
+ {0, TSG_FS2_ABORT_DENY, "abort_deny"},
+ {0, TSG_FS2_ABORT_MONITOR, "abort_monitor"},
+ {0, TSG_FS2_ABORT_INTERCEPT, "abort_intercept"},
+ {0, TSG_FS2_ABORT_UNKNOWN, "abort_unknown"},
+ {0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
+ {0, TSG_FS2_APP_Q_RESULT, "Q_result"},
+ {0, TSG_FS2_APP_USER_RESULT, "U_result"},
+ {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"},
+ {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
+ {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
+ {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
+ {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
+ {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
+ {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
+ {0, TSG_FS2_DDOS_SUCCESS_LOG, "ddos_suc_log"},
+ {0, TSG_FS2_DDOS_FAILED_LOG, "ddos_fai_log"},
+ {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
+ {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"},
+ {0, TSG_FS2_CREATE_LOG_HANDLE, "create_log_cnt"},
+ {0, TSG_FS2_DUP_LOG_HANDLE, "dup_log_cnt"},
+ {0, TSG_FS2_APPEND_LOG_HANDLE, "append_log_cnt"},
+ {0, TSG_FS2_FREE_LOG_HANDLE, "free_log_cnt"},
+ {0, TSG_FS2_FREE_RAPID_SIZE, "free_rapid_size"},
+ {0, TSG_FS2_FREE_RAPID_CAPACITY, "free_rapid_capacity"}
+ };
+
+id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
+ {PROTO_IPv4, 0, "IPV4"},
+ {PROTO_IPv6, 0, "IPV6"},
+ {PROTO_TCP, 0, "TCP"},
+ {PROTO_UDP, 0, "UDP"},
+ {PROTO_HTTP, 0, "HTTP"},
+ {PROTO_MAIL, 0, "MAIL"},
+ {PROTO_DNS, 0, "DNS"},
+ {PROTO_FTP, 0, "FTP"},
+ {PROTO_SSL, 0, "SSL"},
+ {PROTO_SIP, 0, "SIP"},
+ {PROTO_BGP, 0, "BGP"},
+ {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
+ {PROTO_QUIC, 0, "QUIC"},
+ {PROTO_SSH, 0, "SSH"},
+ {PROTO_SMTP, 0, "SMTP"},
+ {PROTO_IMAP, 0, "IMAP"},
+ {PROTO_POP3, 0, "POP3"},
+ {PROTO_RTP, 0, "RTP"},
+ {PROTO_APP, 0, "APP"},
+ {PROTO_L2TP, 0, "L2TP"},
+ {PROTO_PPTP, 0, "PPTP"}
+ };
+
+#define DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID 1
+
+static int init_context(void **pme, int thread_seq)
+{
+ *pme=dictator_malloc(thread_seq, sizeof(struct master_context));
+ memset(*pme, 0, sizeof(struct master_context));
+
+ return 0;
+}
+
+static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
+{
+ int ret=0,flags=0;
+ char buff[4096]={0};
+ cJSON *object=NULL;
+
+ FILE *fp=fopen(filename, "rb");
+ if(fp)
+ {
+ ret=fread(buff, sizeof(buff), 1, fp);
+ if(ret<(int)sizeof(buff))
+ {
+ object=cJSON_Parse(buff);
+ if(object)
+ {
+ cJSON *item=cJSON_GetObjectItem(object, "sn");
+ if(item && item->valuestring!=NULL && device_sn_len>(int)strlen(item->valuestring))
+ {
+ flags=1;
+ memcpy(device_sn, item->valuestring, strlen(item->valuestring));
+ }
+ cJSON_Delete(object);
+ object=NULL;
+ }
+ }
+
+ fclose(fp);
+ fp=NULL;
+ }
+
+ return flags;
+}
+
+static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict *dict, unsigned short *timeout)
+{
+ if(a_stream==NULL || dict==NULL)
+ {
+ return 0;
+ }
+
+ switch(a_stream->type)
+ {
+ case STREAM_TYPE_TCP:
+ if((*timeout) >= dict->tcp_timeout)
+ {
+ return 0;
+ }
+
+ *timeout=dict->tcp_timeout;
+ break;
+ case STREAM_TYPE_UDP:
+ if((*timeout) >= dict->udp_timeout)
+ {
+ return 0;
+ }
+
+ *timeout=dict->udp_timeout;
+ break;
+ default:
+ return 0;
+ }
+
+ int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short));
+ if(ret<0)
+ {
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1);
+ }
+ else
+ {
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1);
+ }
+
+ return 1;
+}
+
+static int get_device_id(char *command, int datacenter_id)
+{
+ FILE *fp=NULL;
+ char buffer[128]={0};
+
+ fp=popen(command, "r");
+ if(fp)
+ {
+ fgets(buffer,sizeof(buffer),fp);
+ pclose(fp);
+ }
+
+ return (datacenter_id<<7)+(atoi(buffer)%128);
+}
+
+static int get_deploy_mode(void)
+{
+ char s_mode[128]={0};
+ int len=sizeof(s_mode);
+ int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len);
+ if(ret>=0)
+ {
+ if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0)
+ {
+ g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
+ }
+ else if((memcmp(s_mode, "inline", strlen(s_mode)))==0)
+ {
+ g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE;
+ }
+ else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0)
+ {
+ g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT;
+ }
+ else
+ {
+ g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
+ }
+ }
+
+ return 0;
+}
+
+static int print_hit_path(const struct streaminfo *a_stream, struct master_context *context)
+{
+ if(g_tsg_para.hit_path_switch==0)
+ {
+ return 0;
+ }
+
+ char path_buff[1024*128]={0};
+ int i=0, n_read=0, offset=0;
+ struct Maat_hit_path_t hit_path[1024];
+
+ n_read=Maat_get_scan_status(g_tsg_maat_feather, &(context->mid), MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+ for(i=0; i<n_read; i++)
+ {
+ if(i==0)
+ {
+ path_buff[offset++]='[';
+ }
+ offset+=snprintf(path_buff+offset,
+ sizeof(path_buff)-offset,
+ "{n:%d,v_id:%d,c_id:%d,t_id:%d,s_id:%d,r_id:%d},",
+ hit_path[i].Nth_scan,
+ hit_path[i].virtual_table_id,
+ hit_path[i].compile_id,
+ hit_path[i].top_group_id,
+ hit_path[i].sub_group_id,
+ hit_path[i].region_id
+ );
+ }
+
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "HIT_PATH", "Hit path: %s{}] addr: %s", path_buff, PRINTADDR(a_stream, g_tsg_para.level));
+
+ return 1;
+}
+
+static void free_user_item(char *item)
+{
+ if(item!=NULL)
+ {
+ free(item);
+ item=NULL;
+ }
+}
+
+static int is_only_monitor(struct Maat_rule_t *result, int hit_cnt)
+{
+ int i=0;
+
+ for(i=0; i<hit_cnt; i++)
+ {
+ if(result[i].action==TSG_ACTION_BYPASS || result[i].action==TSG_ACTION_INTERCEPT || result[i].action==TSG_ACTION_DENY)
+ {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+static int is_hited_allow(struct Maat_rule_t *result, int hit_cnt)
+{
+ int i=0;
+
+ for(i=0; i<hit_cnt; i++)
+ {
+ if(result[i].action==TSG_ACTION_BYPASS)
+ {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+static int is_dns_protocol(const struct streaminfo *a_stream)
+{
+ struct stream_tuple4_v4 *tpl4 = NULL;
+ struct stream_tuple4_v6 *tpl6 = NULL;
+
+ if(a_stream->pudpdetail==NULL || a_stream->pudpdetail->pdata==NULL || a_stream->pudpdetail->datalen<12)
+ {
+ return 0;
+ }
+
+ switch(a_stream->addr.addrtype)
+ {
+ case ADDR_TYPE_IPV4:
+ tpl4=a_stream->addr.tuple4_v4;
+ if((ntohs(tpl4->source)!=53) && (ntohs(tpl4->dest)!=53))
+ {
+ return 0;
+ }
+ break;
+ case ADDR_TYPE_IPV6:
+ tpl6=a_stream->addr.tuple4_v6;
+ if((ntohs(tpl6->source)!=53) && (ntohs(tpl6->dest)!=53))
+ {
+ return 0;
+ }
+ break;
+ default:
+ return 0;
+ break;
+ }
+
+ struct _dns_hdr *dns_hdr=(struct _dns_hdr *)(a_stream->pudpdetail->pdata);
+ if(dns_hdr->qdcount==1 && dns_hdr->z==0)
+ {
+ return 1;
+ }
+
+ return 0;
+}
+
+int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data)
+{
+ if(a_stream==NULL || project_id<0)
+ {
+ return 0;
+ }
+
+ int ret=project_req_add_struct((struct streaminfo *)a_stream, project_id, data);
+ if(ret<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_FATAL,
+ "PROJECT",
+ "Add project failed, project_id: %d addr: %s",
+ project_id,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+ return 0;
+ }
+
+ return 1;
+}
+
+const void *get_struct_project(const struct streaminfo *a_stream, int project_id)
+{
+ if(a_stream==NULL || project_id<0)
+ {
+ return NULL;
+ }
+
+ return project_req_get_struct(a_stream, project_id);
+}
+static int get_table_id(tsg_protocol_t protocol)
+{
+ switch(protocol)
+ {
+ case PROTO_HTTP:
+ return g_tsg_para.table_id[TABLE_HTTP_HOST];
+ case PROTO_SSL:
+ return g_tsg_para.table_id[TABLE_SSL_SNI];
+ case PROTO_QUIC:
+ return g_tsg_para.table_id[TABLE_QUIC_SNI];
+ default:
+ break;
+ }
+
+ return -1;
+}
+
+static int get_raw_packet_len(const struct streaminfo *a_stream)
+{
+ int raw_packet_len=0;
+
+ if(a_stream->type==STREAM_TYPE_TCP)
+ {
+ if(a_stream->ptcpdetail==NULL || a_stream->ptcpdetail->pdata==NULL || a_stream->ptcpdetail->datalen<=0)
+ {
+ return 0;
+ }
+ }
+
+ int ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_TOT_LEN, &raw_packet_len);
+ if(ret<0)
+ {
+ return 0;
+ }
+
+ return raw_packet_len;
+}
+
+static int get_default_para(const struct streaminfo *a_stream, int compile_id)
+{
+ int after_n_packets=0;
+ struct Maat_rule_t p_result={0};
+ struct compile_user_region *user_region=NULL;
+
+ p_result.config_id=compile_id;
+ user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
+ if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
+ {
+ if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY)
+ {
+ switch(a_stream->type)
+ {
+ case STREAM_TYPE_TCP:
+ after_n_packets=user_region->session_para->tcp.after_n_packets;
+ break;
+ case STREAM_TYPE_UDP:
+ after_n_packets=user_region->session_para->udp.after_n_packets;
+ break;
+ default:
+ break;
+ }
+ }
+
+ security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
+ }
+
+ return after_n_packets;
+}
+
+static int get_default_policy(int compile_id, struct Maat_rule_t *result)
+{
+ struct Maat_rule_t p_result={0};
+ struct compile_user_region *user_region=NULL;
+
+ p_result.config_id=compile_id;
+ user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
+ if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
+ {
+ if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY)
+ {
+ memcpy(result, &(user_region->session_para->result), sizeof(struct Maat_rule_t));
+ }
+
+ security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
+ return 1;
+ }
+
+ return 0;
+}
+
+static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
+{
+ if(after_n_packets<=0 || a_stream->pdetail==NULL)
+ {
+ return 0;
+ }
+
+ switch(a_stream->type)
+ {
+ case STREAM_TYPE_TCP:
+ if((int)(a_stream->ptcpdetail->clientpktnum+a_stream->ptcpdetail->serverpktnum) >= after_n_packets)
+ {
+ return 1;
+ }
+ break;
+ case STREAM_TYPE_UDP:
+ if((int)(a_stream->pudpdetail->clientpktnum+a_stream->pudpdetail->serverpktnum) >= after_n_packets)
+ {
+ return 1;
+ }
+ break;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int result_num, struct master_context *context, int thread_seq)
+{
+ tsg_log_t log_msg;
+ char quic_version[64]={0};
+ char *domain_field_name=NULL;
+ char *schema_field_name=NULL;
+ char *quic_ua_field_name=NULL;
+ char *quic_version_field_name=NULL;
+ struct TLD_handle_t *TLD_handle=NULL;
+ tsg_protocol_t proto=PROTO_UNKONWN;
+ struct tsg_conn_sketch_notify_data *notify=NULL;
+ if(context!=NULL)
+ {
+ proto=context->proto;
+ }
+
+ log_msg.a_stream=(struct streaminfo *)a_stream;
+ log_msg.result=p_result;
+ log_msg.result_num=result_num;
+
+ if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0)
+ {
+ notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
+ if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL)
+ {
+ TLD_handle = TLD_duplicate(notify->pdata.TLD_handle);
+ if (TLD_handle!=NULL)
+ {
+ tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
+ return 1;
+ }
+ }
+ }
+
+ TLD_handle=TLD_create(thread_seq);
+ schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE);
+
+ if(proto>PROTO_UNKONWN && proto<PROTO_MAX)
+ {
+ if(proto==PROTO_IMAP || proto==PROTO_SMTP || proto==PROTO_POP3)
+ {
+ TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_MAIL].name, TLD_TYPE_STRING);
+ TLD_append(TLD_handle, (char *)"mail_protocol_type", (void *)g_tsg_proto_name2id[proto].name, TLD_TYPE_STRING);
+ }
+ else
+ {
+ TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[proto].name, TLD_TYPE_STRING);
+ }
+
+ if(context->domain!=NULL)
+ {
+ switch(proto)
+ {
+ case PROTO_HTTP:
+ domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_HTTP_HOST);
+ TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING);
+ break;
+ case PROTO_SSL:
+ domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_SSL_SNI);
+ TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING);
+ break;
+ case PROTO_QUIC:
+ domain_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_SNI);
+ TLD_append(TLD_handle, domain_field_name, (void *)context->domain, TLD_TYPE_STRING);
+ break;
+ default:
+ break;
+ }
+ }
+
+ if(context->quic_version>0)
+ {
+ if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version)))
+ {
+ quic_version_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_VERSION);
+ TLD_append(TLD_handle, quic_version_field_name, (void *)quic_version, TLD_TYPE_STRING);
+ }
+
+ if(context->quic_ua!=NULL)
+ {
+ quic_ua_field_name=log_field_id2name(g_tsg_log_instance, LOG_QUIC_USER_AGENT);
+ TLD_append(TLD_handle, quic_ua_field_name, (void *)context->quic_ua, TLD_TYPE_STRING);
+ }
+ }
+ }
+ else
+ {
+ TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING);
+ }
+
+ tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
+
+ if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID)
+ {
+ tsg_set_policy_flow((struct streaminfo *)a_stream, p_result, thread_seq);
+ }
+
+ return 1;
+}
+
+
+static int tsg_proto_name2flag(char *proto_list, int *flag)
+{
+ int i=0;
+ char *s=NULL,*e=NULL;
+
+ s=proto_list;
+ while(s)
+ {
+ e=index(s, ';');
+ if(!e)
+ {
+ break;
+ }
+
+ for(i=0; i< PROTO_MAX; i++)
+ {
+ if((memcmp(s, g_tsg_proto_name2id[i].name, e-s))==0)
+ {
+ *flag|=(1<<g_tsg_proto_name2id[i].type);
+ break;
+ }
+ }
+
+ s=e+1;
+ }
+
+ return 0;
+}
+
+static void free_context_label(int thread_seq, void *project_req_value)
+{
+ struct master_context *context=(struct master_context *)project_req_value;
+ if(context!=NULL)
+ {
+ if(context->domain!=NULL)
+ {
+ dictator_free(thread_seq, (void *)context->domain);
+ context->domain=NULL;
+ }
+
+ if(context->quic_ua!=NULL)
+ {
+ dictator_free(thread_seq, (void *)context->quic_ua);
+ context->quic_ua=NULL;
+ }
+
+ if(context->result!=NULL)
+ {
+ dictator_free(thread_seq, (void *)context->result);
+ context->result=NULL;
+ }
+
+ if(context->mid!=NULL)
+ {
+ Maat_clean_status(&context->mid);
+ context->mid=NULL;
+ }
+
+ dictator_free(thread_seq, (void *)context);
+ context=NULL;
+ }
+
+ project_req_value=NULL;
+
+ return ;
+}
+
+static void free_tcpall_label(int thread_seq, void *project_req_value)
+{
+ if(project_req_value!=NULL)
+ {
+ struct tcpall_context *context=(struct tcpall_context *)project_req_value;
+ if(context->para!=NULL)
+ {
+ switch(context->method_type)
+ {
+ case TSG_METHOD_TYPE_RATE_LIMIT:
+ destroy_bucket(&(context->bucket), thread_seq);
+ break;
+ default:
+ break;
+ }
+ }
+
+ dictator_free(thread_seq, project_req_value);
+ project_req_value=NULL;
+ }
+
+ return ;
+}
+
+static void free_policy_label(int thread_seq, void *project_req_value)
+{
+ if(project_req_value!=NULL)
+ {
+ dictator_free(thread_seq, project_req_value);
+ project_req_value=NULL;
+ }
+}
+
+void free_gather_app_result(int thread_seq, void *project_req_value)
+{
+ if(project_req_value!=NULL)
+ {
+ dictator_free(thread_seq, project_req_value);
+ project_req_value=NULL;
+ }
+}
+
+static void copy_monitor_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int result_num, int thread_seq)
+{
+ int i=0;
+
+ if(context->result==NULL)
+ {
+ context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)*MAX_RESULT_NUM);
+
+ for(i=0; i<result_num && p_result[i].action!=TSG_ACTION_INTERCEPT && context->hit_cnt<MAX_RESULT_NUM; i++) // SSL Decryption Exclusion
+ {
+ memcpy(context->result+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t));
+ context->hit_cnt+=1;
+ }
+ }
+ else
+ {
+ if(context->result[0].action==TSG_ACTION_MONITOR)
+ {
+ for(i=0; i<result_num && p_result[i].action!=TSG_ACTION_INTERCEPT && context->hit_cnt<MAX_RESULT_NUM; i++) // SSL Decryption Exclusion
+ {
+ memcpy(context->result+context->hit_cnt, &p_result[i], sizeof(struct Maat_rule_t));
+ context->hit_cnt+=1;
+ }
+ }
+ }
+
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "MONITOR",
+ "Hit monitor policy, policy_id: %d service: %d action: %d addr: %s",
+ p_result[0].config_id,
+ p_result[0].service_id,
+ (unsigned char)p_result[0].action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+
+}
+
+static void copy_result_to_project(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, char *domain, tsg_protocol_t proto, PULL_RESULT_TYPE result_type, int thread_seq)
+{
+ int ret=0;
+ struct policy_priority_label *priority_label=NULL;
+
+ priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
+ if(priority_label==NULL)
+ {
+ priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));
+ }
+ else
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "DUP_HIT_POLICY",
+ "Hit policy, domain: %s policy_id: %d action: %d addr: %s",
+ (domain!=NULL ? domain : ""),
+ p_result->config_id,
+ (unsigned char)p_result->action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+ }
+
+ memset(priority_label, 0, sizeof(struct policy_priority_label));
+
+ priority_label->proto=proto;
+ if(domain!=NULL)
+ {
+ priority_label->domain_len=MIN(sizeof(priority_label->domain)-1 ,strlen(domain));
+ memcpy(priority_label->domain, domain, priority_label->domain_len);
+ }
+
+ priority_label->result_num=1;
+ priority_label->result_type=result_type;
+ memcpy(priority_label->result, p_result, sizeof(struct Maat_rule_t));
+
+ ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
+ if(ret<0)
+ {
+ free_policy_label(thread_seq, (void *)priority_label);
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_FATAL,
+ "PROJECT_ADD",
+ "Add policy_priority_label failed, policy, domain: %s policy_id: %d action: %d addr: %s",
+ (domain!=NULL ? domain : ""),
+ priority_label->result[0].config_id,
+ (unsigned char)priority_label->result[0].action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+ }
+
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "COPY_RESULT",
+ "Hit policy, domain: %s policy_id: %d action: %d addr: %s",
+ (domain!=NULL ? domain : ""),
+ priority_label->result[0].config_id,
+ (unsigned char)priority_label->result[0].action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+
+ return ;
+}
+
+static void copy_bypass_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int thread_seq)
+{
+ if(context->result==NULL)
+ {
+ context->hit_cnt=1;
+ context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t));
+
+ memcpy(context->result, p_result, sizeof(struct Maat_rule_t));
+ }
+ else
+ {
+ if(context->result[0].action==TSG_ACTION_BYPASS)
+ {
+ if(p_result->config_id>context->result[0].config_id)
+ {
+ context->hit_cnt=1;
+ memcpy(&(context->result[0]), p_result, sizeof(struct Maat_rule_t));
+ }
+ }
+ else // hit monitor
+ {
+ context->hit_cnt=1;
+ memcpy(context->result, p_result, sizeof(struct Maat_rule_t));
+ }
+ }
+
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "ALLOW",
+ "Hit allow policy, policy_id: %d service: %d action: %d addr: %s",
+ p_result[0].config_id,
+ p_result[0].service_id,
+ (unsigned char)p_result[0].action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+
+ return ;
+}
+
+static int l7_protocol_mapper(const char *filename)
+{
+ int ret=0;
+ FILE *fp=NULL;
+ char line[1024]={0};
+ char type_name[32]={0};
+ struct l7_protocol *protocol=NULL;
+
+ fp=fopen(filename, "r");
+ if(fp==NULL)
+ {
+ printf("Open %s failed ...", filename);
+ return -1;
+ }
+
+ memset(line, 0, sizeof(line));
+
+ while((fgets(line, sizeof(line), fp))!=NULL)
+ {
+ if(line[0]=='#' || line[0]=='\n' || line[0]=='\r' ||line[0]=='\0')
+ {
+ continue;
+ }
+
+ protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol));
+ ret=sscanf(line, "%s %s %d", type_name, protocol->name, &protocol->id);
+ assert(ret==3);
+
+ HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol);
+ HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol);
+
+ memset(line, 0, sizeof(line));
+ }
+
+ fclose(fp);
+ fp=NULL;
+
+ return 1;
+}
+
+char *tsg_l7_protocol_id2name(unsigned int l7_protocol_id)
+{
+ struct l7_protocol *l7_proto=NULL;
+ HASH_FIND(hh1, g_tsg_para.name_by_id, &l7_protocol_id, sizeof(l7_protocol_id), l7_proto);
+ if(l7_proto!=NULL)
+ {
+ return l7_proto->name;
+ }
+
+ return NULL;
+}
+
+unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
+{
+ struct l7_protocol *l7_proto=NULL;
+
+ HASH_FIND(hh2, g_tsg_para.id_by_name, l7_protocol_name, strlen(l7_protocol_name), l7_proto);
+ if(l7_proto!=NULL)
+ {
+ return l7_proto->id;
+ }
+
+ return 0;
+}
+
+static int set_l7_protocol_to_pme(struct master_context *context, unsigned int app_id)
+{
+ int i=0;
+ char *l7_protocol_name=NULL;
+ l7_protocol_name=tsg_l7_protocol_id2name(app_id);
+ if(l7_protocol_name!=NULL)
+ {
+ for(i=PROTO_HTTP; i<PROTO_MAX; i++)
+ {
+ if((strcasecmp(g_tsg_proto_name2id[i].name, l7_protocol_name))==0)
+ {
+ context->proto=(tsg_protocol_t)g_tsg_proto_name2id[i].type;
+ return 1;
+ }
+ }
+ }
+
+ context->proto=PROTO_APP;
+
+ return 0;
+}
+
+int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq)
+{
+ int ret=0;
+ scan_status_t mid=NULL;
+ Maat_rule_t tmp_result;
+
+ if(domain!=NULL)
+ {
+ ret=Maat_full_scan_string(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_EXCLUSION_SSL_SNI], CHARSET_UTF8, domain, strlen(domain), &tmp_result, NULL, 1, &mid,thread_seq);
+ if(mid!=NULL)
+ {
+ Maat_clean_status(&mid);
+ mid=NULL;
+ }
+
+ if(ret>0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "EXCLUSION_SSL_SNI",
+ "Hit %s policy_id: %d service: %d action: %d Decryption Exclusion: [ policy_id: %d service: %d action: %d ] addr: %s",
+ domain,
+ tmp_result.config_id,
+ tmp_result.service_id,
+ (unsigned char)tmp_result.action,
+ p_result->config_id,
+ p_result->service_id,
+ (unsigned char)p_result->action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+
+ return 1;
+ }
+
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "EXCLUSION_SSL_SNI",
+ "Not hit %s stream_dir: %d addr: %s scan ret: %d",
+ domain,
+ a_stream->dir,
+ PRINTADDR(a_stream, g_tsg_para.level),
+ ret
+ );
+ }
+
+ return 0;
+}
+
+static int scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq)
+{
+ int scan_ret=0;
+ struct session_attribute_label *attribute_label=NULL;
+
+ attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
+ if(attribute_label!=NULL && domain!=NULL && table_id>=0)
+ {
+ attribute_label->fqdn_category_id_num=tsg_get_fqdn_category_id(g_tsg_maat_feather, domain, attribute_label->fqdn_category_id, MAX_CATEGORY_ID_NUM, g_tsg_para.logger, thread_seq);
+ scan_ret=tsg_scan_fqdn_category_id(g_tsg_maat_feather, a_stream, result, result_num, mid, table_id, attribute_label->fqdn_category_id, attribute_label->fqdn_category_id_num, thread_seq);
+ }
+
+ return scan_ret;
+}
+
+static int set_l7_protocol_label(const struct streaminfo *a_stream, tsg_protocol_t protocol)
+{
+ struct gather_app_result *gather_result=NULL;
+
+ gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
+ if(gather_result!=NULL)
+ {
+ return 0;
+ }
+
+ gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
+ memset(gather_result, 0, sizeof(struct gather_app_result));
+ set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
+
+ int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
+ if(app_id>0)
+ {
+ gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id_num=1;
+ gather_result->result[ORIGIN_BASIC_PROTOCOL].app_id[0]=app_id;
+ gather_result->result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
+ }
+
+ return 0;
+}
+
+void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq)
+{
+ unsigned long long create_time=0;
+ unsigned long long current_time=0;
+ int ret=0,size=sizeof(create_time);
+ struct _ssl_ja3_info_t *ja3_info=NULL;
+ struct session_attribute_label *attribute_label=NULL;
+
+ attribute_label=(struct session_attribute_label *)project_req_get_struct(a_stream, g_tsg_para.session_attribute_project_id);
+ if(attribute_label==NULL)
+ {
+ attribute_label=(struct session_attribute_label *)dictator_malloc(thread_seq, sizeof(struct session_attribute_label));
+ memset(attribute_label, 0, sizeof(struct session_attribute_label));
+
+ ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.session_attribute_project_id, (const void *)attribute_label);
+ if(ret<0)
+ {
+ dictator_free(thread_seq, (void *)attribute_label);
+ attribute_label=NULL;
+
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_FATAL,
+ "PROJECT_ADD",
+ "Add internal_label failed, establish latency ms: %llu proto: %d addr: %s",
+ attribute_label->establish_latency_ms,
+ attribute_label->proto,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+ return ;
+ }
+ }
+
+ switch(type)
+ {
+ case TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY:
+ ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size);
+ if(ret<0)
+ {
+ break;
+ }
+
+ size=sizeof(current_time);
+ ret=sapp_get_platform_opt(SPO_CURTIME_TIMET_MS, (void *)&current_time, &size);
+ if(ret<0)
+ {
+ break;
+ }
+
+ attribute_label->establish_latency_ms=current_time-create_time;
+ break;
+ case TSG_ATTRIBUTE_TYPE_PROTOCOL:
+ attribute_label->proto=(tsg_protocol_t)(*(int *)value);
+ break;
+ case TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE:
+ attribute_label->http_action_file_size=(*(int *)value);
+ break;
+ case TSG_ATTRIBUTE_TYPE_JA3_HASH:
+ ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
+ if(ja3_info!=NULL)
+ {
+ if(attribute_label!=NULL && ja3_info->fp!=NULL && ja3_info->fp_len>0)
+ {
+ attribute_label->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
+ memset(attribute_label->ja3_fingerprint, 0, ja3_info->fp_len+1);
+ memcpy(attribute_label->ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
+ }
+ }
+ break;
+ case TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO:
+ tsg_get_umts_user_info(a_stream, &(attribute_label->user_info));
+ break;
+ case TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID:
+ tsg_get_subscribe_id(a_stream, &attribute_label->client_subscribe_id, &attribute_label->server_subscribe_id);
+ break;
+ case TSG_ATTRIBUTE_TYPE_ASN:
+ tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_USER_DEFINED], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn));
+ tsg_get_ip_asn(a_stream, g_tsg_para.table_id[TABLE_ASN_BUILT_IN], (void **)&(attribute_label->client_asn), (void **)&(attribute_label->server_asn));
+ break;
+ case TSG_ATTRIBUTE_TYPE_LOCATION:
+ tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_USER_DEFINED], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
+ tsg_get_ip_location(a_stream, g_tsg_para.table_id[TABLE_LOCATION_BUILT_IN], (void **)&(attribute_label->client_location), (void **)&(attribute_label->server_location));
+ break;
+ case TSG_ATTRIBUTE_TYPE_CATEGORY_ID:
+ if(value_len<=0 || value_len>MAX_CATEGORY_ID_NUM)
+ {
+ break;
+ }
+ memcpy(attribute_label->fqdn_category_id, value, sizeof(unsigned int)*value_len);
+ attribute_label->fqdn_category_id_num=value_len;
+ break;
+ default:
+ break;
+ }
+
+ return ;
+}
+
+static int set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr)
+{
+ struct tcphdr *tcp=NULL;
+
+ if(ip_hdr==NULL || a_tcp==NULL)
+ {
+ return 0;
+ }
+
+ switch(a_tcp->addr.addrtype)
+ {
+ case ADDR_TYPE_IPV4:
+ tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP);
+ break;
+ case ADDR_TYPE_IPV6:
+ tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V6, ADDR_TYPE_TCP);
+ break;
+ default:
+ return 0;
+ break;
+ }
+
+ if((tcp!=NULL) && !(tcp->syn))
+ {
+ set_session_attribute_label(a_tcp, TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY, NULL, 0, a_tcp->threadnum);
+ return 1;
+ }
+
+ return 0;
+}
+
+int tsg_set_device_id_to_telegraf(char *device_sn)
+{
+ char buff[128]={0};
+ FILE *fp=NULL;
+
+ if(device_sn)
+ {
+ fp=fopen("/etc/default/telegraf", "wb");
+ if(fp)
+ {
+ snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn);
+ fwrite(buff, strlen(buff), 1, fp);
+ fclose(fp);
+ fp=NULL;
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
+static void free_session_attribute_label(int thread_seq, void *project_req_value)
+{
+ struct session_attribute_label *label=(struct session_attribute_label *)project_req_value;
+
+ if(label!=NULL)
+ {
+ if(label->client_asn!=NULL)
+ {
+ ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_asn), 0, g_tsg_para.logger);
+ label->client_asn=NULL;
+ }
+
+ if(label->server_asn!=NULL)
+ {
+ ASN_number_free(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_asn), 0, g_tsg_para.logger);
+ label->server_asn=NULL;
+ }
+
+ if(label->client_location!=NULL)
+ {
+ location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->client_location), 0, g_tsg_para.logger);
+ label->client_location=NULL;
+ }
+
+ if(label->server_location!=NULL)
+ {
+ location_free_data(0, (MAAT_PLUGIN_EX_DATA *)&(label->server_location), 0, g_tsg_para.logger);
+ label->server_location=NULL;
+ }
+
+ if(label->client_subscribe_id!=NULL)
+ {
+ subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->client_subscribe_id, 0, g_tsg_para.logger);
+ label->client_subscribe_id=NULL;
+ }
+
+ if(label->server_subscribe_id!=NULL)
+ {
+ subscriber_id_free(0, (MAAT_PLUGIN_EX_DATA *)&label->server_subscribe_id, 0, g_tsg_para.logger);
+ label->server_subscribe_id=NULL;
+ }
+
+ if(label->ja3_fingerprint!=NULL)
+ {
+ dictator_free(thread_seq, (void *)label->ja3_fingerprint);
+ label->ja3_fingerprint=NULL;
+ }
+
+ if(label->user_info!=NULL)
+ {
+ free_user_item(label->user_info->apn);
+ free_user_item(label->user_info->imsi);
+ free_user_item(label->user_info->imei);
+ free_user_item(label->user_info->msisdn);
+
+ dictator_free(thread_seq, (void *)label->user_info);
+ label->user_info=NULL;
+ }
+
+ dictator_free(thread_seq, project_req_value);
+ project_req_value=NULL;
+ }
+}
+
+struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result_num)
+{
+ int i=0;
+ Maat_rule_t *p_result=NULL;
+
+ for(i=0; i<result_num; i++)
+ {
+ if(p_result==NULL)
+ {
+ p_result=&result[i];
+ continue;
+ }
+
+ if((unsigned char)result[i].action>(unsigned char)p_result->action)
+ {
+ p_result=&result[i];
+ continue;
+ }
+
+ if(result[i].action==p_result->action)
+ {
+ if(result[i].config_id>p_result->config_id)
+ {
+ p_result=&result[i];
+ }
+ }
+ }
+
+ return p_result;
+}
+
+static int identify_application_protocol(const struct streaminfo *a_stream, struct master_context *context, void *a_packet)
+{
+ int ret=0, length=0;
+
+ switch(a_stream->type)
+ {
+ case STREAM_TYPE_TCP:
+ if(g_tsg_para.proto_flag&(1<<PROTO_HTTP)) //http
+ {
+ char *host=NULL;
+ length=http_host_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir, &host);
+ if(length>=0)
+ {
+ context->proto=PROTO_HTTP;
+ if(length>0 && host!=NULL)
+ {
+ context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1);
+ memset(context->domain, 0, length+1);
+ memcpy(context->domain, host, length);
+ }
+ return 1;
+ }
+ }
+
+ if(g_tsg_para.proto_flag&(1<<PROTO_SSL)) //ssl
+ {
+ enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
+ struct ssl_chello *chello = NULL;
+
+ chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
+ if(chello_status==CHELLO_PARSE_SUCCESS)
+ {
+ context->proto=PROTO_SSL;
+ if(chello->sni!=NULL)
+ {
+ length=strlen(chello->sni);
+ context->domain=(char *)dictator_malloc(a_stream->threadnum, length+1);
+ memset(context->domain, 0, length+1);
+ memcpy(context->domain, chello->sni, length);
+ }
+
+ context->is_esni=(int)chello->is_encrypt_sni;
+
+ ssl_chello_free(chello);
+ return 1;
+ }
+
+ ssl_chello_free(chello);
+ }
+
+ if(g_tsg_para.proto_flag&(1<<PROTO_FTP)) //ftp
+ {
+ ret=ftp_control_identify((struct streaminfo *)a_stream);
+ if(ret>0)
+ {
+ context->proto=PROTO_FTP;
+ return 1;
+ }
+ }
+
+ if(g_tsg_para.proto_flag&(1<<PROTO_MAIL)) //mail
+ {
+ ret=mail_protocol_identify_by_first_payload((struct streaminfo *)a_stream,(char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum);
+ if(ret>0)
+ {
+ switch(ret)
+ {
+ case SMTP_PROTOCOL:
+ context->proto=PROTO_SMTP;
+ return 1;
+ break;
+ case POP3_PROTOCOL:
+ context->proto=PROTO_POP3;
+ return 1;
+ break;
+ case IMAP_PROTOCOL:
+ context->proto=PROTO_IMAP;
+ return 1;
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ if(g_tsg_para.proto_flag&(1<<PROTO_SSH)) //ssh
+ {
+ ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger);
+ if(ret > 0)
+ {
+ context->proto=PROTO_SSH;
+ return 1;
+ }
+ }
+
+ break;
+ case STREAM_TYPE_UDP:
+ if(g_tsg_para.proto_flag&(1<<PROTO_DNS)) //dns
+ {
+ if(is_dns_protocol(a_stream))
+ {
+ context->proto=PROTO_DNS;
+ return 1;
+ }
+ }
+
+ if(g_tsg_para.proto_flag&(1<<PROTO_QUIC)) //quic
+ {
+ char ua_buff[512]={0};
+ char sni_buff[512]={0};
+ int sni_len=sizeof(sni_buff),ua_len=sizeof(ua_buff);
+ context->quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len);
+ if(context->quic_version > 0)
+ {
+ context->proto=PROTO_QUIC;
+ if(sni_len>0)
+ {
+ context->domain=(char *)dictator_malloc(a_stream->threadnum, sni_len+1);
+ memcpy(context->domain, sni_buff, sni_len);
+ context->domain[sni_len]='\0';
+ }
+
+ if(ua_len>0)
+ {
+ context->quic_ua=(char *)dictator_malloc(a_stream->threadnum, ua_len+1);
+ memcpy(context->quic_ua, ua_buff, ua_len);
+ context->quic_ua[ua_len]='\0';
+ }
+ return 1;
+ }
+ }
+
+ if(g_tsg_para.proto_flag&(1<<PROTO_SIP))
+ {
+ unsigned char sip_ret=0;
+ char *from=NULL, *to=NULL;
+ unsigned int from_len=0, to_len=0;
+ sip_ret=sip_identify_from_to((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &from, &from_len, &to, &to_len);
+ if(sip_ret==SIP_TRUE)
+ {
+ context->proto=PROTO_SIP;
+ }
+
+ return 1;
+ }
+ break;
+ default:
+ break;
+ }
+
+ if(context->proto<PROTO_HTTP || context->proto>PROTO_MAX)
+ {
+ context->proto = PROTO_UNKONWN;
+ }
+
+ return ret;
+}
+
+int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq)
+{
+ int i=0,hit_num=0;
+ char *name=NULL;
+ char app_id_buff[32]={0};
+ struct app_id_dict *dict=NULL;
+
+ for(i=0; i< identify_result->app_id_num; i++)
+ {
+ snprintf(app_id_buff, sizeof(app_id_buff), "%d", identify_result->app_id[i]);
+ dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
+ if(dict!=NULL)
+ {
+ hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->risk, (char *)"risk", thread_seq);
+ hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->category, (char *)"category", thread_seq);
+ hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->technology, (char *)"technology", thread_seq);
+ hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->subcategroy, (char *)"subcategory", thread_seq);
+ hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq);
+
+ hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq);
+ //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq);
+
+ set_app_timeout(a_stream, dict, &(context->timeout));
+ app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
+ }
+ else
+ {
+ name=tsg_l7_protocol_id2name(identify_result->app_id[i]);
+ hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq);
+ }
+ }
+
+ return hit_num;
+}
+
+static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet)
+{
+ Maat_rule_t *p_result=NULL;
+ unsigned char state=APP_STATE_GIVEME;
+ struct tcpall_context *tmp_tcpall_context=NULL;
+
+ p_result=tsg_policy_decision_criteria(result, hit_num);
+ if(p_result!=NULL)
+ {
+ print_hit_path(a_stream, context);
+ switch((unsigned char)p_result->action)
+ {
+ case TSG_ACTION_DENY:
+ state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet);
+ if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER))
+ {
+ context->hit_cnt=0;
+ master_send_log(a_stream, p_result, 1, context, a_stream->threadnum);
+ copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum);
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ "DENY",
+ "Hit deny policy, policy_id: %d service: %d action: %d addr: %s",
+ p_result->config_id,
+ p_result->service_id,
+ (unsigned char)p_result->action,
+ PRINTADDR(a_stream, g_tsg_para.level)
+ );
+ }
+ break;
+ case TSG_ACTION_MONITOR:
+ if(context->proto==PROTO_RTP)
+ {
+ break;
+ }
+ copy_monitor_result(a_stream, context, result, hit_num, a_stream->threadnum);
+ tsg_notify_hited_monitor_result(a_stream, result, hit_num, a_stream->threadnum);
+ break;
+ case TSG_ACTION_BYPASS:
+ copy_bypass_result(a_stream, context, p_result, a_stream->threadnum);
+ copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum);
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
+ state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER;
+
+ tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
+ break;
+ case TSG_ACTION_INTERCEPT:
+ if(is_intercept_exclusion(a_stream, p_result, context->domain, a_stream->threadnum))
+ {
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_EXCLUSION], 0, FS_OP_ADD, 1);
+ break;
+ }
+
+ copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_KNI_RESULT, a_stream->threadnum);
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
+ state=APP_STATE_DROPME|APP_STATE_KILL_OTHER;
+
+ tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum);
+ break;
+ default:
+ break;
+ }
+ }
+
+ return state;
+}
+
+static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)
+{
+ int hit_num=0,app_id=-1;
+ int is_parent_ssl=0;
+ struct master_context *context=NULL;
+ struct gather_app_result *gather_result=NULL;
+ struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}, *p_result=NULL;
+ struct app_identify_result *identify_result=(struct app_identify_result *)data;
+
+ if(data==NULL)
+ {
+ return 0;
+ }
+
+ context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id);
+ if(context==NULL)
+ {
+ init_context((void **)(&context), a_stream->threadnum);
+ set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context);
+ }
+
+ gather_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
+ if(gather_result==NULL)
+ {
+ gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result));
+ memset(gather_result, 0, sizeof(struct gather_app_result));
+ set_struct_project(a_stream, g_tsg_para.gather_app_project_id, (void *)gather_result);
+ }
+
+ switch(identify_result->origin)
+ {
+ case ORIGIN_DKPT:
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_DPKT_RESULT], 0, FS_OP_ADD, 1);
+ break;
+ case ORIGIN_QM_ENGINE:
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1);
+ break;
+ case ORIGIN_USER_DEFINE:
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1);
+ break;
+ case ORIGIN_BUILT_IN:
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1);
+ break;
+ case ORIGIN_BASIC_PROTOCOL:
+ if(context->proto==PROTO_UNKONWN || context->proto==PROTO_APP)
+ {
+ set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]);
+ }
+
+ app_id=identify_result->app_id[identify_result->app_id_num-1];
+ if(app_id==(int)tsg_l7_protocol_name2id("SMTPS") ||
+ app_id==(int)tsg_l7_protocol_name2id("IMAPS") ||
+ app_id==(int)tsg_l7_protocol_name2id("POP3S") ||
+ app_id==(int)tsg_l7_protocol_name2id("FTPS") ||
+ app_id==(int)tsg_l7_protocol_name2id("HTTPS")
+ )
+ {
+ is_parent_ssl=1;
+ }
+ break;
+ default:
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
+ return 0;
+ }
+
+ memcpy(&(gather_result->result[identify_result->origin]), identify_result, sizeof(struct app_identify_result));
+
+ if(context->mid==NULL)
+ {
+ return 0;
+ }
+
+ record_time_start(&(context->last_scan_time));
+ hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, context, identify_result, a_stream->threadnum);
+ p_result=tsg_policy_decision_criteria(scan_result, hit_num);
+ if(p_result==NULL || (p_result->action==TSG_ACTION_MONITOR && is_parent_ssl==1))
+ {
+ return 0;
+ }
+
+ master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL);
+
+ return 0;
+}
+
+
+static int deal_pending_state(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int result_num, void *a_packet)
+{
+ int i=0,table_id=0;
+ int ret=0,hit_num=0;
+ unsigned int protocol_id=0;
+ struct gather_app_result *identify_result=NULL;
+
+ ret=identify_application_protocol(a_stream, context, a_packet);
+ if(ret==1)
+ {
+ set_l7_protocol_label(a_stream, context->proto);
+ set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_PROTOCOL, (void *)&(context->proto), sizeof(int), a_stream->threadnum);
+
+ if(context->proto==PROTO_SSL)
+ {
+ set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_JA3_HASH, NULL, 0, a_stream->threadnum);
+ }
+
+ table_id=get_table_id(context->proto);
+ hit_num+=tsg_scan_shared_policy(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum);
+ hit_num+=scan_fqdn_category_id(g_tsg_maat_feather, a_stream, context->domain, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, table_id, a_stream->threadnum);
+ if(context->is_esni)
+ {
+ protocol_id=tsg_l7_protocol_name2id("ESNI");
+ hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, &context->mid, (char *)"ESNI", protocol_id, a_stream->threadnum);
+ }
+ }
+
+ ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, result+hit_num, MAX_RESULT_NUM-hit_num);
+ if(ret>0)
+ {
+ hit_num+=ret;
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
+ }
+
+ identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
+ for(i=0; i<ORIGIN_MAX && identify_result!=NULL; i++)
+ {
+ hit_num+=scan_application_id_and_properties(a_stream, result+hit_num, MAX_RESULT_NUM-hit_num, context, &(identify_result->result[i]), a_stream->threadnum);
+ }
+
+
+ if((is_only_monitor(result, hit_num)) && context->proto!=PROTO_UNKONWN && context->proto!=PROTO_APP && context->proto!=PROTO_SSH) // business deal action of monitor
+ {
+ hit_num=0;
+ }
+
+ return hit_num;
+}
+
+
+static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet)
+{
+ int i=0, ret=0, hit_num=0;
+ unsigned char state=APP_STATE_GIVEME;
+ Maat_rule_t scan_result[MAX_RESULT_NUM];
+ Maat_rule_t *p_result=NULL;
+ struct gather_app_result *identify_result=NULL;
+ struct master_context *context=(struct master_context *)*pme;
+
+ if(*pme==NULL)
+ {
+ context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id);
+ if(context==NULL)
+ {
+ init_context(pme, thread_seq);
+ context=(struct master_context *)*pme;
+ set_struct_project(a_stream, g_tsg_para.context_project_id, *pme);
+ }
+ else
+ {
+ *pme=(void *)context;
+ }
+ record_time_start(&context->last_scan_time);
+ }
+
+ switch(a_stream->opstate)
+ {
+ case OP_STATE_PENDING:
+ if(a_stream->type==STREAM_TYPE_TCP)
+ {
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1);
+ }
+ else
+ {
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1);
+ }
+
+ hit_num+=deal_pending_state(a_stream, context, scan_result+hit_num, MAX_RESULT_NUM-hit_num, a_packet);
+ p_result=tsg_policy_decision_criteria(scan_result, hit_num);
+ state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
+ break;
+ case OP_STATE_DATA:
+ //case OP_STATE_CLOSE:
+ if(is_hited_allow(context->result, context->hit_cnt))
+ {
+ break;
+ }
+
+ if(record_time_elapse_us(&context->last_scan_time) < (g_tsg_para.scan_time_interval*1000000))
+ {
+ break;
+ }
+
+ if(context->mid!=NULL)
+ {
+ Maat_clean_status(&context->mid);
+ context->mid=NULL;
+ }
+
+ record_time_start(&context->last_scan_time);
+ ret=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, context->proto, &context->mid, scan_result+hit_num, MAX_RESULT_NUM-hit_num);
+ if(ret>0)
+ {
+ hit_num+=ret;
+ }
+
+ identify_result=(struct gather_app_result *)get_struct_project(a_stream, g_tsg_para.gather_app_project_id);
+ for(i=0; i<ORIGIN_MAX && identify_result!=NULL; i++)
+ {
+ hit_num+=scan_application_id_and_properties(a_stream, scan_result+hit_num, MAX_RESULT_NUM-hit_num, context, &(identify_result->result[i]), thread_seq);
+ }
+
+ p_result=tsg_policy_decision_criteria(scan_result, hit_num);
+ if(p_result!=NULL && p_result->action!=TSG_ACTION_MONITOR)
+ {
+ state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
+ }
+ break;
+ default:
+ break;
+ }
+
+ if(context->is_ratelimit==1 && a_stream->type==STREAM_TYPE_TCP)
+ {
+ state=APP_STATE_KILL_OTHER|APP_STATE_DROPME;
+ }
+
+ if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME)
+ {
+ if(context!=NULL && context->is_log==0 && context->hit_cnt>0 && context->result!=NULL)
+ {
+ context->is_log = 1;
+ master_send_log(a_stream, context->result, context->hit_cnt, context, thread_seq);
+ }
+ *pme = NULL;
+ }
+
+ return state;
+}
+
+static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet)
+{
+ int ret=0,hit_num=0;
+ int eth_rawpkt_len=0;
+ scan_status_t scan_mid=NULL;
+ struct Maat_rule_t *p_result=NULL;
+ unsigned char state=APP_STATE_GIVEME;
+ struct Maat_rule_t result[MAX_RESULT_NUM]={0};
+ struct tcpall_context *context=(struct tcpall_context *)(*pme);
+
+ if(stream_state==OP_STATE_PENDING)
+ {
+ context->method_type=TSG_METHOD_TYPE_DEFAULT;
+ context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id);
+
+ hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM);
+ if(hit_num>0)
+ {
+ p_result=tsg_policy_decision_criteria(result, hit_num);
+ switch(p_result->action)
+ {
+ case TSG_ACTION_DENY:
+ state=tsg_deal_deny_action(a_stream, p_result, PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet);
+ master_send_log(a_stream, p_result, 1, NULL, thread_seq);
+ break;
+ case TSG_ACTION_MONITOR:
+ tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq);
+ break;
+ default:
+ break;
+ }
+ }
+
+ Maat_clean_status(&scan_mid);
+ scan_mid=NULL;
+ }
+
+ switch(context->method_type)
+ {
+ case TSG_METHOD_TYPE_RATE_LIMIT:
+ eth_rawpkt_len=get_raw_packet_len(a_stream);
+ if(eth_rawpkt_len<=0)
+ {
+ break;
+ }
+
+ ret=is_permit_pass(eth_rawpkt_len*8, context->bucket, thread_seq);
+ if(ret==0)
+ {
+ state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
+ }
+ break;
+ case TSG_METHOD_TYPE_TAMPER:
+ if(0 == send_tamper_xxx(a_stream, &context->tamper_count, a_packet)){
+ state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
+ }else{
+ state=APP_STATE_GIVEME;
+ }
+ context->tamper_count += 1;
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_DEBUG,
+ __FUNCTION__,
+ "Addr: %s, send_tamper_xxx num %ld",
+ PRINTADDR(a_stream, g_tsg_para.level),
+ context->tamper_count);
+ break;
+ case TSG_METHOD_TYPE_DEFAULT:
+ if(!is_do_default_policy(a_stream, context->after_n_packets) || stream_state==OP_STATE_CLOSE)
+ {
+ break;
+ }
+
+ if(get_default_policy(g_tsg_para.default_compile_id, &result[0]))
+ {
+ state=tsg_deal_deny_action(a_stream, &result[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_APP, a_packet);
+ master_send_log(a_stream, &result[0], 1, NULL, thread_seq);
+ }
+ break;
+ default:
+ break;
+ }
+
+ return state;
+}
+
+extern "C" unsigned char TSG_MASTER_TCP_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
+{
+ return tsg_master_data_entry(a_tcp, pme, thread_seq, a_packet);
+}
+
+struct udp_context
+{
+ struct master_context *data_entry;
+ struct tcpall_context *all_entry;
+};
+
+extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet)
+{
+ unsigned char state1=APP_STATE_GIVEME;
+ unsigned char state2=APP_STATE_GIVEME;
+ struct udp_context *context=(struct udp_context *)(*pme);
+
+ if(*pme==NULL)
+ {
+ *pme=dictator_malloc(thread_seq, sizeof(struct udp_context));
+ memset(*pme, 0, sizeof(struct udp_context));
+ context=(struct udp_context *)(*pme);
+
+ context->all_entry=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
+ memset(context->all_entry, 0, sizeof(struct tcpall_context));
+ }
+
+ state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet);
+ if(context->all_entry==NULL || context->all_entry->method_type!=TSG_METHOD_TYPE_RATE_LIMIT)
+ {
+ state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet);
+ }
+
+ if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE)
+ {
+ dictator_free(thread_seq, *pme);
+ *pme=NULL;
+ }
+
+ return (state1|state2);
+}
+
+extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq, const void *a_packet)
+{
+ if(*pme==NULL)
+ {
+ *pme=(void *)get_struct_project(a_tcp, g_tsg_para.tcpall_project_id);
+ if(*pme==NULL)
+ {
+ *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context));
+ memset(*pme, 0, sizeof(struct tcpall_context));
+ set_struct_project(a_tcp, g_tsg_para.tcpall_project_id, (void *)(*pme));
+ }
+ }
+
+ struct tcpall_context *_context=(struct tcpall_context *)(*pme);
+
+ if(_context->set_latency_flag==0)
+ {
+ _context->set_latency_flag=set_tcp_establish_latency_ms(a_tcp, thread_seq, a_packet);
+ }
+
+ return tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet);
+}
+
+extern "C" int TSG_MASTER_INIT()
+{
+ int i=0,ret=0;
+ char buff[128]={0};
+ int value=0,cycle=0;
+ int output_prometheus=0;
+ unsigned short fs_server_port=0;
+ char app_name[MAX_STRING_LEN]={0};
+ char label_buff[MAX_STRING_LEN*4]={0};
+ char fs_server_ip[MAX_IPV4_LEN]={0};
+ char fs_output_path[MAX_STRING_LEN*4]={0};
+ char device_sn_filename[MAX_STRING_LEN]={0};
+ char identify_proto_name[MAX_STRING_LEN*4]={0};
+
+ memset(&g_tsg_para, 0, sizeof(g_tsg_para));
+
+ MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL);
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "tsglog/tsg_master");
+
+ g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level);
+ if(g_tsg_para.logger==NULL)
+ {
+ printf("MESA_create_runtime_log_handle failed ...\n");
+ return -1;
+ }
+
+ srand(time(0));
+ get_deploy_mode();
+
+ MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1);
+ MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535);
+ MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13);
+ MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14);
+ MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE);
+ MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1);
+
+ MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0);
+ MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0);
+
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;");
+ tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
+
+ MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);
+ MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
+ MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
+
+ ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
+ if(ret<0)
+ {
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL);
+ g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id);
+ }
+ else
+ {
+ g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128);
+ }
+
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json");
+ ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn));
+ if(ret==0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename);
+ }
+
+ ret=tsg_set_device_id_to_telegraf(g_tsg_para.device_sn);
+ if(ret<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf");
+ }
+
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "POLICY_PRIORITY_LABEL", label_buff, sizeof(label_buff), "POLICY_PRIORITY");
+ g_tsg_para.priority_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_policy_label);
+ if(g_tsg_para.priority_project_id<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
+ return -1;
+ }
+
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_INTERNAL_LABEL", label_buff, sizeof(label_buff), "TSG_MASTER_INTERNAL_LABEL");
+ g_tsg_para.session_attribute_project_id=project_producer_register(label_buff, PROJECT_VAL_TYPE_STRUCT, free_session_attribute_label);
+ if(g_tsg_para.session_attribute_project_id<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
+ }
+
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE");
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT");
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_BEHAVIOR_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR");
+
+ for(i=0; i<BRIDGE_TYPE_MAX; i++)
+ {
+ g_tsg_para.bridge_id[i]=stream_bridge_build(g_tsg_para.bridge_name[i], "w");
+ if(g_tsg_para.bridge_id[i]<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge_name[i]);
+ }
+ }
+
+ ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], app_identify_result_cb);
+ if(ret<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger,
+ RLOG_LV_FATAL,
+ "APP_BRIDGE",
+ "Register callback failed, bridge_name: %d",
+ g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT]
+ );
+ return -1;
+ }
+
+ g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label);
+ if(g_tsg_para.context_project_id<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "CONTEXT_LABEL", "project_customer_register is error, context label: %s","TSG_MASTER_CONTEXT");
+ return -1;
+ }
+
+ g_tsg_para.tcpall_project_id=project_producer_register("TSG_TCPALL_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_tcpall_label);
+ if(g_tsg_para.tcpall_project_id<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "CONTEXT_LABEL", "project_customer_register is error, context label: %s","TSG_TCPALL_CONTEXT");
+ return -1;
+ }
+
+ g_tsg_para.gather_app_project_id=project_producer_register("APP_IDENTIFY_RESULT", PROJECT_VAL_TYPE_STRUCT, free_gather_app_result);
+ if(g_tsg_para.gather_app_project_id<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_IDENTIFY_RESULT", "project_customer_register is error, context label: %s","APP_IDENTIFY_RESULT");
+ return -1;
+ }
+
+ char page_path[256];
+ memset(page_path, 0, sizeof(page_path));
+ MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE403", page_path, sizeof(page_path), "./tsgconf/HTTP403.html");
+ g_tsg_para.tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
+
+ memset(page_path, 0, sizeof(page_path));
+ MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE404", page_path, sizeof(page_path), "./tsgconf/HTTP404.html");
+ g_tsg_para.tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
+
+ memset(page_path, 0, sizeof(page_path));
+ MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE200", page_path, sizeof(page_path), "./tsgconf/HTTP200.html");
+ g_tsg_para.tpl_200 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
+
+ memset(page_path, 0, sizeof(page_path));
+ MESA_load_profile_string_def(tsg_conffile, "HTTP_PLUG", "PAGE204", page_path, sizeof(page_path), "./tsgconf/HTTP204.html");
+ g_tsg_para.tpl_204 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
+
+ ret=tsg_rule_init(tsg_conffile, g_tsg_para.logger);
+ if(ret<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_rule_init failed ...");
+ return -1;
+ }
+
+ g_tsg_log_instance=tsg_sendlog_init(tsg_conffile);
+ if(g_tsg_log_instance==NULL)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ...");
+ return -1;
+ }
+ g_tsg_log_instance->session_attribute_project_id=g_tsg_para.session_attribute_project_id;
+
+ MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "CYCLE", &cycle, 30);
+ MESA_load_profile_short_nodef(tsg_conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port));
+ MESA_load_profile_string_nodef(tsg_conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
+ MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log");
+ MESA_load_profile_string_def(tsg_conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master");
+ MESA_load_profile_int_def(tsg_conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1);
+
+ g_tsg_para.fs2_handle=FS_create_handle();
+
+ value=1;//Rewrite
+ FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value));
+ value=1;//Do not create stat thread
+ FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value));
+
+ FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle));
+ FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
+ FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
+
+ value=1;
+ FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
+
+ if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
+ {
+ FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1);
+ FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
+ }
+
+ value=FS_OUTPUT_INFLUX_LINE;
+ FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value));
+
+ for(i=0; i<TSG_FS2_MAX; i++)
+ {
+ g_tsg_para.fs2_field_id[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_tsg_fs2_field[i].name);
+ }
+
+ int thread_num=get_thread_count();
+ for(i=0; i<thread_num && g_tsg_log_instance!=NULL; i++)
+ {
+ snprintf(buff, sizeof(buff), "send_log_percent_%02d", i);
+ g_tsg_log_instance->fs_status_ids[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_STATUS, FS_CALC_CURRENT, buff);
+ }
+
+ FS_start(g_tsg_para.fs2_handle);
+
+ for(i=0; i<thread_num; i++)
+ {
+ FS_operate(g_tsg_para.fs2_handle, g_tsg_log_instance->fs_status_ids[i], 0, FS_OP_SET, g_tsg_log_instance->send_log_percent[i]);
+ }
+
+ ret=tsg_statistic_init(tsg_conffile, g_tsg_para.logger);
+ if(ret<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_statistic_init failed ...");
+ return -1;
+ }
+
+ MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "L7_PROTOCOL_FILE", buff, sizeof(buff), "./tsgconf/tsg_l7_protocol.conf");
+ l7_protocol_mapper(buff);
+
+ ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger);
+ if(ret<0)
+ {
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ...");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+
+extern "C" int TSG_MASTER_UNLOAD()
+{
+ Maat_burn_feather(g_tsg_maat_feather);
+ g_tsg_maat_feather=NULL;
+
+ if(g_tsg_para.dynamic_maat_switch==1)
+ {
+ Maat_burn_feather(g_tsg_dynamic_maat_feather);
+ g_tsg_dynamic_maat_feather=NULL;
+ }
+
+ return 0;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 22:00:29 +0000