1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
|
#ifndef __TSG_ENTRY_H__
#define __TSG_ENTRY_H__
#include <MESA/Maat_rule.h>
#include <MESA/field_stat2.h>
#include "uthash.h"
#include "tsg_rule.h"
#include "app_label.h"
#include "tsg_label.h"
#include "tsg_statistic.h"
#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
#define atomic_inc(x) __sync_add_and_fetch((x),1)
#define atomic_dec(x) __sync_sub_and_fetch((x),1)
#define atomic_add(x,y) __sync_add_and_fetch((x),(y))
#define atomic_sub(x,y) __sync_sub_and_fetch((x),(y))
typedef int atomic_t;
#define ATOMIC_INIT(i) { (i) }
#define atomic_read(x) __sync_add_and_fetch((x),0)
#define atomic_set(x,y) __sync_lock_test_and_set((x),y)
#else
#include <alsa/iatomic.h>
#endif
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#ifndef PRINTADDR
#define PRINTADDR(a, b) ((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
#endif
#define APP_SCAN_FLAG_STOP 0
#define APP_SCAN_FLAG_CONTINUE 1
enum MASTER_TABLE{
TABLE_SECURITY_COMPILE=0,
TABLE_IP_ADDR,
TABLE_SUBSCRIBER_ID,
TABLE_APP_ID,
TABLE_HTTP_HOST,
TABLE_SSL_SNI,
TABLE_EXCLUSION_SSL_SNI,
TABLE_SRC_ASN,
TABLE_DST_ASN,
TABLE_SRC_LOCATION,
TABLE_DST_LOCATION,
TABLE_ASN_USER_DEFINED,
TABLE_ASN_BUILT_IN,
TABLE_LOCATION_USER_DEFINED,
TABLE_LOCATION_BUILT_IN,
TABLE_QUIC_SNI,
TABLE_FQDN_CAT_ID,
TABLE_FQDN_CAT_USER_DEFINED,
TABLE_FQDN_CAT_BUILT_IN,
TABLE_APP_ID_DICT,
TABLE_SELECTOR_ID,
TABLE_SELECTOR_PROPERTIES,
TABLE_GTP_APN,
TABLE_GTP_IMSI,
TABLE_GTP_PHONE_NUMBER,
TABLE_MAX
};
enum TSG_FS2_TYPE{
TSG_FS2_TCP_LINKS=0,
TSG_FS2_UDP_LINKS,
TSG_FS2_BYPASS,
TSG_FS2_HIT_ADDR,
TSG_FS2_HIT_SHARE,
TSG_FS2_INTERCEPT,
TSG_FS2_EXCLUSION,
TSG_FS2_SUCCESS_LOG,
TSG_FS2_FAILED_LOG,
TSG_FS2_DROP_LOG,
TSG_FS2_ABORT_ALLOW,
TSG_FS2_ABORT_DENY,
TSG_FS2_ABORT_MONITOR,
TSG_FS2_ABORT_INTERCEPT,
TSG_FS2_ABORT_UNKNOWN,
TSG_FS2_APP_DPKT_RESULT,
TSG_FS2_APP_Q_RESULT,
TSG_FS2_APP_USER_RESULT,
TSG_FS2_APP_ONLY_DPKT_RESULT,
TSG_FS2_APP_ONLY_Q_RESULT,
TSG_FS2_APP_ONLY_USER_RESULT,
TSG_FS2_APP_DQ_SAME_RESULT,
TSG_FS2_APP_DQ_DIFF_RESULT,
TSG_FS2_APP_DU_SAME_RESULT,
TSG_FS2_APP_DU_DIFF_RESULT,
TSG_FS2_APP_QU_SAME_RESULT,
TSG_FS2_APP_QU_DIFF_RESULT,
TSG_FS2_APP_DQU_SAME_RESULT,
TSG_FS2_APP_DQU_DIFF_RESULT,
TSG_FS2_MAX
};
enum TSG_ATTRIBUTE_TYPE
{
TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
TSG_ATTRIBUTE_TYPE_PROTOCOL,
TSG_ATTRIBUTE_TYPE_JA3_HASH,
TSG_ATTRIBUTE_TYPE_MLTS_USER_INFO,
TSG_ATTRIBUTE_TYPE_LOCATION,
TSG_ATTRIBUTE_TYPE_ASN,
TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
_MAX_TSG_ATTRIBUTE_TYPE
};
struct _str2index
{
int index;
int len;
char *type;
};
struct gather_app_result
{
struct app_identify_result result[ORIGIN_MAX];
};
struct l7_protocol
{
int id; /* first key */
char name[32]; /* second key */
UT_hash_handle hh1; /* handle for first hash table */
UT_hash_handle hh2; /* handle for second hash table */
};
struct _fqdn_category_t
{
int ref_cnt;
unsigned int category_id;
int match_method;
char fqdn[MAX_DOAMIN_LEN/8];
};
struct master_context
{
tsg_protocol_t proto;
int hit_cnt;
int is_esni;
char *domain;
scan_status_t mid;
struct Maat_rule_t *result;
struct timespec last_scan_time;
};
#define _MAX_TABLE_NAME_LEN 64
typedef struct _tsg_para
{
int level;
unsigned short timeout;
int app_dict_field_num;
int device_id;
int entrance_id;
int hash_timeout;
int hash_slot_size;
int scan_time_interval;
int hit_path_switch;
int default_compile_switch;
int default_compile_id;
int table_id[TABLE_MAX];
int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
int priority_project_id;
int internal_project_id;
int context_project_id;
int gather_app_project_id;
int app_bridge_id;
int proto_flag; //tsg_protocol_t
int fs2_field_id[TSG_FS2_MAX];
char device_sn[MAX_DOAMIN_LEN/8];
char log_path[MAX_DOAMIN_LEN/8];
char device_id_command[MAX_DOAMIN_LEN/8];
char data_center[_MAX_TABLE_NAME_LEN];
char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
void *logger;
screen_stat_handle_t fs2_handle;
struct l7_protocol *name_by_id;
struct l7_protocol *id_by_name;
}g_tsg_para_t;
extern g_tsg_para_t g_tsg_para;
typedef enum _tsg_statis_field_id
{
STATIS_UNKNOWN=0,
STATIS_ENTRANCE_ID=1,
STATIS_TOTAL_CON_NUM,
STATIS_NEW_CON_NUM,
STATIS_ESTABLISHED_CON_NUM,
STATIS_CLOSE_CON_NUM,
STATIS_TOTAL_IN_BYTES,
STATIS_TOTAL_OUT_BYTES,
STATIS_TOTAL_IN_PACKETS,
STATIS_TOTAL_OUT_PACKETS,
STATIS_DEFAULT_CON_NUM,
STATIS_DEFAULT_IN_BYTES,
STATIS_DEFAULT_OUT_BYTES,
STATIS_DEFAULT_IN_PACKETS,
STATIS_DEFAULT_OUT_PACKETS,
STATIS_ALLOW_CON_NUM,
STATIS_ALLOW_IN_BYTES,
STATIS_ALLOW_OUT_BYTES,
STATIS_ALLOW_IN_PACKETS,
STATIS_ALLOW_OUT_PACKETS,
STATIS_DENY_CON_NUM,
STATIS_DENY_IN_BYTES,
STATIS_DENY_OUT_BYTES,
STATIS_DENY_IN_PACKETS,
STATIS_DENY_OUT_PACKETS,
STATIS_MONITOR_CON_NUM,
STATIS_MONITOR_IN_BYTES,
STATIS_MONITOR_OUT_BYTES,
STATIS_MONITOR_IN_PACKETS,
STATIS_MONITOR_OUT_PACKETS,
STATIS_INTERCEPT_CON_NUM,
STATIS_INTERCEPT_IN_BYTES,
STATIS_INTERCEPT_OUT_BYTES,
STATIS_INTERCEPT_IN_PACKETS,
STATIS_INTERCEPT_OUT_PACKETS,
STATIS_IPV4_IN_BYTES,
STATIS_IPV4_OUT_BYTES,
STATIS_IPV4_IN_PACKETS,
STATIS_IPV4_OUT_PACKETS,
STATIS_IPV6_IN_BYTES,
STATIS_IPV6_OUT_BYTES,
STATIS_IPV6_IN_PACKETS,
STATIS_IPV6_OUT_PACKETS,
STATIS_TCP_NEW_CON_NUM,
STATIS_TCP_IN_BYTES,
STATIS_TCP_OUT_BYTES,
STATIS_TCP_IN_PACKETS,
STATIS_TCP_OUT_PACKETS,
STATIS_UDP_NEW_CON_NUM,
STATIS_UDP_IN_BYTES,
STATIS_UDP_OUT_BYTES,
STATIS_UDP_IN_PACKETS,
STATIS_UDP_OUT_PACKETS,
STATIS_ALERT_BYTES,
STATIS_BLOCK_BYTES,
STATIS_PINNING_NUM,
STATIS_MAYBE_PINNING_NUM,
STATIS_NOT_PINNING_NUM,
STATIS_MAX
}tsg_statis_field_id_t;
enum TRAFFIC_INFO_IDX
{
TRAFFIC_INFO_ALLOW=0,
TRAFFIC_INFO_DENY,
TRAFFIC_INFO_MONITOR,
TRAFFIC_INFO_INTERCEPT,
TRAFFIC_INFO_MAX
};
typedef struct _tsg_statistic
{
int cycle;
int fs_line_id;
int fs_field_id[STATIS_MAX];
long long statistic_opt[_OPT_TYPE_MAX];
struct _traffic_info *traffic_info[TSG_ACTION_MAX+1];
struct _traffic_info default_total_info;
screen_stat_handle_t fs2_handle;
}tsg_statis_para_t;
int tsg_statistic_init(const char *conffile, void *logger);
int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
//parent_app_name.app_name
int tsg_app_id2name(int app_id, char *app_name, int app_name_len, int is_joint_parent);
void location_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void ASN_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void app_id_dict_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp);
void security_compile_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp);
struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_stream, Maat_rule_t *result, int result_num, int thread_seq);
int tsg_scan_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num);
int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, int thread_seq);
int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq);
int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, struct _subscribe_id_info_t *user_info, int thread_seq);
int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
int tsg_scan_gtp_phone_number_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *phone_number, int thread_seq);
int tsg_get_ip_location(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA *client_location, MAAT_PLUGIN_EX_DATA *server_location);
int tsg_get_ip_asn(const struct streaminfo *a_stream, int table_id, MAAT_PLUGIN_EX_DATA* client_asn, MAAT_PLUGIN_EX_DATA* server_asn);
int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct _subscribe_id_info_t **source_subscribe_id, struct _subscribe_id_info_t **dest_subscribe_id);
#endif
|
