1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
|
#ifndef __TSG_ENTRY_H__
#define __TSG_ENTRY_H__
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip6.h>
#include <MESA/dns.h>
#include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
#include <ctemplate/template.h>
#include "uthash.h"
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_label.h"
#include "tsg_statistic.h"
#include "tsg_leaky_bucket.h"
#include "tsg_protocol_common.h"
#include "tsg_send_log_internal.h"
#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
#define atomic_inc(x) __sync_add_and_fetch((x),1)
#define atomic_dec(x) __sync_sub_and_fetch((x),1)
#define atomic_add(x,y) __sync_add_and_fetch((x),(y))
#define atomic_sub(x,y) __sync_sub_and_fetch((x),(y))
typedef int atomic_t;
#define ATOMIC_INIT(i) { (i) }
#define atomic_read(x) __sync_add_and_fetch((x),0)
#define atomic_set(x,y) __sync_lock_test_and_set((x),y)
#else
#include <alsa/iatomic.h>
#endif
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#ifndef FLAG_FALSE
#define FLAG_FALSE 0
#endif
#ifndef FLAG_TRUE
#define FLAG_TRUE 1
#endif
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum DEPLOY_MODE
{
DEPLOY_MODE_MIRROR,
DEPLOY_MODE_INLINE,
DEPLOY_MODE_TRANSPARENT,
DEPLOY_MODE_MAX
};
enum MASTER_STATIC_TABLE{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN,
TABLE_DST_ASN,
TABLE_SRC_LOCATION,
TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN,
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_RESPONSE_PAGES,
TABLE_DNS_PROFILE_RECORD,
TABLE_PROFILE_MIRROR,
TABLE_HTTP_URL,
TABLE_DTLS_SNI,
TABLE_TUNNEL_ID,
TABLE_TUNNEL_CATALOG,
TABLE_TUNNEL_ENDPOINT,
TABLE_TUNNEL_LABEL,
TABLE_MAX
};
enum MASTER_DYNAMIC_TABLE{
DYN_TABLE_SUBSCRIBER_IP=0,
DYN_TABLE_GTP_SIGNALING,
DYN_TABLE_MAX
};
enum TSG_FS2_TYPE{
TSG_FS2_TCP_LINKS=0,
TSG_FS2_UDP_LINKS,
TSG_FS2_BYPASS,
TSG_FS2_HIT_ADDR,
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_EXCLUSION,
TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT,
TSG_FS2_APP_USER_RESULT,
TSG_FS2_APP_BUILT_IN_RESULT,
TSG_FS2_INJECT_PKT_SUCCESS,
TSG_FS2_INJECT_PKT_FAILED,
TSG_FS2_MIRRORED_PKT_SUCCESS,
TSG_FS2_MIRRORED_BYTE_SUCCESS,
TSG_FS2_MIRRORED_PKT_FAILED,
TSG_FS2_MIRRORED_BYTE_FAILED,
TSG_FS2_SET_TIMOUT_SUCCESS,
TSG_FS2_SET_TIMOUT_FAILED,
TSG_FS2_SUCESS_TAMPER,
TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
TSG_FS2_TAMPER_FAILED_NOSWAP,
TSG_FS2_ASN_ADD,
TSG_FS2_ASN_DEL,
TSG_FS2_GTPC_ADD,
TSG_FS2_GTPC_DEL,
TSG_FS2_LOCATION_ADD,
TSG_FS2_LOCATION_DEL,
TSG_FS2_FQDN_ADD,
TSG_FS2_FQDN_DEL,
TSG_FS2_SUBSCRIBER_ADD,
TSG_FS2_SUBSCRIBER_DEL,
TSG_FS2_SECURIRY_ADD,
TSG_FS2_SECURIRY_DEL,
TSG_FS2_MIRRORED_ADD,
TSG_FS2_MIRRORED_DEL,
TSG_FS2_HTTP_RES_ADD,
TSG_FS2_HTTP_RES_DEL,
TSG_FS2_DNS_RES_ADD,
TSG_FS2_DNS_RES_DEL,
TSG_FS2_APP_ID_ADD,
TSG_FS2_APP_ID_DEL,
TSG_FS2_TUNNEL_CATALOG_ADD,
TSG_FS2_TUNNEL_CATALOG_DEL,
TSG_FS2_TUNNEL_ENDPOINT_ADD,
TSG_FS2_TUNNEL_ENDPOINT_DEL,
TSG_FS2_TUNNEL_LABEL_ADD,
TSG_FS2_TUNNEL_LABEL_DEL,
TSG_FS2_MAX
};
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
TSG_ATTRIBUTE_TYPE_PROTOCOL,
TSG_ATTRIBUTE_TYPE_JA3_HASH,
TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
TSG_ATTRIBUTE_TYPE_LOCATION,
TSG_ATTRIBUTE_TYPE_ASN,
TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
_MAX_TSG_ATTRIBUTE_TYPE
};
enum HTTP_RESPONSE_FORMAT
{
HTTP_RESPONSE_FORMAT_TEMPLATE=0,
HTTP_RESPONSE_FORMAT_HTML
};
enum BRIDGE_TYPE
{
BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
BRIDGE_TYPE_APP_IDENTIFY_RESULT,
BRIDGE_TYPE_MAX
};
struct _str2index
{
int index;
int len;
char *type;
};
struct app_attributes
{
unsigned int app_id;
unsigned int surrogate_id;
unsigned int packet_sequence;
};
struct gather_app_result
{
int app_num;
enum APP_IDENTIFY_ORIGIN origin;
struct app_attributes
attributes[MAX_APP_ID_NUM];
};
struct l7_protocol
{
int id; /* first key */
char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
};
struct fqdn_category
{
int ref_cnt;
unsigned int category_id;
};
struct http_response_pages
{
int profile_id;
int content_len;
int ref_cnt;
enum HTTP_RESPONSE_FORMAT format;
char *content;
};
struct app_id_dict
{
int ref_cnt;
int app_id;
int parent_app_id;
int continue_scanning;
unsigned short tcp_timeout;
unsigned short udp_timeout;
int tcp_time_wait;
int tcp_half_close;
char *risk;
char *app_name;
char *parent_app_name;
char *category;
char *subcategroy;
char *technology;
char *characteristics;
struct deny_user_region deny_app_para;
};
struct hited_app_para
{
int hited_app_id;
int after_n_packets;
};
struct master_context
{
unsigned char is_esni;
unsigned char is_log;
unsigned char is_dropme;
unsigned char deal_pkt_num;
unsigned char is_app_link;
unsigned char pad;
unsigned short timeout;
tsg_protocol_t proto;
int hit_cnt;
int hited_app_id;
unsigned int quic_version;
char *domain;
union
{
char *http_url;
char *quic_ua;
void *para;
};
scan_status_t mid;
struct Maat_rule_t *result;
struct hited_app_para hited_para;
long long last_scan_time;
};
struct tcpall_context
{
int set_latency_flag;
enum TSG_METHOD_TYPE method_type;
union
{
struct leaky_bucket *bucket;
long tamper_count;
int after_n_packets;
struct hited_app_para hited_para;
void *para;
};
struct Maat_rule_t *enforce_direction_result;
};
struct reset_argv
{
int pkt_num;
int seed1;
int seed2;
int th_flags;
int dir;
int remedy;
};
#define _MAX_TABLE_NAME_LEN 64
typedef struct tsg_para
{
int level;
short mirror_switch;
unsigned short timeout;
int dynamic_maat_switch;
int location_field_num;
int app_dict_field_num;
int device_seq_in_dc;
int datacenter_id;
int scan_signaling_switch;
int hash_timeout;
int hash_slot_size;
int hash_thread_safe;
int feature_tamper;
enum DEPLOY_MODE deploy_mode;
int scan_time_interval;
int identify_app_max_pkt_num;
int unknown_app_id;
int hit_path_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int dyn_table_id[DYN_TABLE_MAX];
int priority_project_id;
int session_attribute_project_id;
int context_project_id;
int tcpall_project_id;
int gather_app_project_id;
int bridge_id[BRIDGE_TYPE_MAX];
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOMAIN_LEN/8];
char log_path[MAX_DOMAIN_LEN/8];
char device_id_command[MAX_DOMAIN_LEN/8];
char data_center[_MAX_TABLE_NAME_LEN];
char device_tag[MAX_DOMAIN_LEN/2];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
void *logger;
void *maat_logger;
struct reset_argv reset;
struct mirrored_vlan default_vlan;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
struct traffic_mirror *mirror_handle;
ctemplate::Template *tpl_403,*tpl_404;
ctemplate::Template *tpl_200,*tpl_204;
ctemplate::Template *tpl_303;
}g_tsg_para_t;
extern g_tsg_para_t g_tsg_para;
extern Maat_feather_t g_tsg_dynamic_maat_feather;
extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
typedef enum tsg_statis_field_id
{
STATIS_UNKNOWN=0,
STATIS_ENTRANCE_ID=1,
STATIS_TOTAL_CON_NUM,
STATIS_NEW_CON_NUM,
STATIS_ESTABLISHED_CON_NUM,
STATIS_CLOSE_CON_NUM,
STATIS_TOTAL_IN_BYTES,
STATIS_TOTAL_OUT_BYTES,
STATIS_TOTAL_IN_PACKETS,
STATIS_TOTAL_OUT_PACKETS,
STATIS_DEFAULT_CON_NUM,
STATIS_DEFAULT_IN_BYTES,
STATIS_DEFAULT_OUT_BYTES,
STATIS_DEFAULT_IN_PACKETS,
STATIS_DEFAULT_OUT_PACKETS,
STATIS_ALLOW_CON_NUM,
STATIS_ALLOW_IN_BYTES,
STATIS_ALLOW_OUT_BYTES,
STATIS_ALLOW_IN_PACKETS,
STATIS_ALLOW_OUT_PACKETS,
STATIS_DENY_CON_NUM,
STATIS_DENY_IN_BYTES,
STATIS_DENY_OUT_BYTES,
STATIS_DENY_IN_PACKETS,
STATIS_DENY_OUT_PACKETS,
STATIS_MONITOR_CON_NUM,
STATIS_MONITOR_IN_BYTES,
STATIS_MONITOR_OUT_BYTES,
STATIS_MONITOR_IN_PACKETS,
STATIS_MONITOR_OUT_PACKETS,
STATIS_INTERCEPT_CON_NUM,
STATIS_INTERCEPT_IN_BYTES,
STATIS_INTERCEPT_OUT_BYTES,
STATIS_INTERCEPT_IN_PACKETS,
STATIS_INTERCEPT_OUT_PACKETS,
STATIS_IPV4_IN_BYTES,
STATIS_IPV4_OUT_BYTES,
STATIS_IPV4_IN_PACKETS,
STATIS_IPV4_OUT_PACKETS,
STATIS_IPV6_IN_BYTES,
STATIS_IPV6_OUT_BYTES,
STATIS_IPV6_IN_PACKETS,
STATIS_IPV6_OUT_PACKETS,
STATIS_TCP_NEW_CON_NUM,
STATIS_TCP_IN_BYTES,
STATIS_TCP_OUT_BYTES,
STATIS_TCP_IN_PACKETS,
STATIS_TCP_OUT_PACKETS,
STATIS_UDP_NEW_CON_NUM,
STATIS_UDP_IN_BYTES,
STATIS_UDP_OUT_BYTES,
STATIS_UDP_IN_PACKETS,
STATIS_UDP_OUT_PACKETS,
STATIS_ALERT_BYTES,
STATIS_BLOCK_BYTES,
STATIS_PINNING_NUM,
STATIS_MAYBE_PINNING_NUM,
STATIS_NOT_PINNING_NUM,
STATIS_MAX
}tsg_statis_field_id_t;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
typedef struct tsg_statistic
{
int cycle;
int fs_line_id;
int thread_alive;
pthread_t stat_thread_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
}tsg_statis_para_t;
int tsg_statistic_init(const char *conffile, void *logger);
void tsg_statistic_destroy(void);
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
long long get_current_time_ms(void);
//parent_app_name.app_name
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
//return 18 or 19: subdivision_addr
int tsg_get_location_type(void);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_number_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void gtp_c_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void tunnel_endpoint_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq);
int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, enum TSG_METHOD_TYPE method_type, int thread_seq);
int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct leaky_bucket *bucket, int thread_seq);
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct subscribe_id_info *user_info, int thread_seq);
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_info **source_subscribe_id, struct subscribe_id_info **dest_subscribe_id);
int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
int tsg_set_enforce_direction_deny_rule_to_tcpall(const struct streaminfo *a_stream, struct tcpall_context **context, struct Maat_rule_t *p_result, int thread_seq);
#endif
|
