src/tsg_protocol_common.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

#ifndef	__TSG_PROTOCOL_COMMON_H__
#define	__TSG_PROTOCOL_COMMON_H__

#include <MESA/stream.h>
#include "tsg_rule.h"
#include "tsg_label.h"

#include <sys/socket.h>
#include <netinet/in.h>

#define	STATE_GIVEME		1
#define	STATE_DROPME		2
#define	STATE_DROPPKT		4
#define	STATE_KILL_OTHER	8

enum TSG_DENY_TYPE
{
	TSG_DENY_TYPE_MESSAGE=0,
	TSG_DENY_TYPE_PROFILE,
	TSG_DENY_TYPE_REDIRECT_TO,
	TSG_DENY_TYPE_REDIRECT_URL,
	TSG_DENY_TYPE_REDIRECT_RECORD,
	TSG_DENY_TYPE_SEND_ICMP,
	TSG_DENY_TYPE_DEFAULT_RST,
	TSG_DENY_TYPE_DEFAULT_DROP,
	TSG_DENY_TYPE_APP_DROP,
	TSG_DENY_TYPE_APP_RATELIMIT,
	TSG_DENY_TYPE_MAX
};

struct selected_record
{
	int profile_id;
	int selected_num;
};

struct dns_record_val
{
	int answer_type;
	int selected_flag;
	int len;
	union
	{
		void *value;
		char *cname;
		struct in_addr v4_addr;
		struct in6_addr v6_addr;
		struct selected_record selected;
	};
};

struct dns_answer_records
{
	int max_ttl;
	int min_ttl;
	struct dns_record_val record_val;
};

struct dns_profile_records
{
	int ref_cnt;
	int record_id;
	int record_num;
	int answer_type;
	struct dns_record_val *record_val;
};

struct dns_user_region
{
	int query_type;	//dns.h
	struct dns_answer_records	*a;
	struct dns_answer_records	*aaaa;
	struct dns_answer_records	*cname;
};

struct packet_capture
{
	int enabled;
	int depth;
};

struct sub_action
{
	union
	{
		int bps;				// override or app default ratelimit
		int send_icmp_enable;	// override or app default drop
	};
	union 
	{
		int send_reset_enable;	// app default drop
		int enforce_direction;	// override drop and ratelimit
	};
};

struct deny_user_region
{
	enum TSG_DENY_TYPE type;
	union
	{
		int code;
		int records_num;
		int after_n_packets;
	};
	union
	{
		char *message;
		char *redirect_url_to;
		struct dns_user_region *records;
		int profile_id;
		int send_icmp_enable;
		struct sub_action action;
		void *para;
	};
};

struct traffic_mirror_profile
{
	int profile_id;
	int ref_cnt;
	struct mirrored_vlan vlan;
};

struct monitor_user_region
{
	int enabled;
	int profile_id;
};

struct default_session_para
{
	struct Maat_rule_t result; 			//XJ default policy
	struct deny_user_region tcp;
	struct deny_user_region udp;
};

struct compile_user_region
{	
	int ref_cnt;
	enum TSG_METHOD_TYPE method_type;
	union	
	{
		struct deny_user_region *deny;		
		struct monitor_user_region *mirror;		
		struct default_session_para *session_para;		
		void *user_region_para;		
	};	
	struct packet_capture capture;
};

int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_opt sio, char *payload, int payload_len, unsigned char raw_route_dir);
unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data);

unsigned char send_icmp_unreachable(const struct streaminfo *a_stream);
int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt);
unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data);

#endif