feat: parse NetSign protocol

Author: lzf575

agent/crates/enterprise-utils/src/lib.rs

@@ -357,6 +357,55 @@ pub mod l7 {
     }
 
     pub mod rpc {
+        pub mod net_sign {
+            use public::l7_protocol::LogMessageType;
+
+            pub const PROCESSOR_SIGN: &str = "RAWSignProcessor";
+            pub const PROCESSOR_VERIFY: &str = "PBCRAWVerifyProcessor";
+
+            #[derive(Default, Debug, Clone)]
+            pub struct NetSignFields {
+                pub processor_name: String,
+                pub operation: String,
+                pub result_code: String,
+                pub biz_data_parts: Vec<String>,
+                pub sig_present: bool,
+                pub sig_len: u32,
+                pub cert_id: String,
+                pub cert_serial: String,
+                pub cert_validity: String,
+                pub issuer_dn_ca: String,
+                pub app_ver: String,
+            }
+
+            impl NetSignFields {
+                pub fn trace_id(&self) -> &str {
+                    self.biz_data_parts.get(0).map(|s| s.as_str()).unwrap_or("")
+                }
+                pub fn biz_data(&self) -> String {
+                    self.biz_data_parts.join("|")
+                }
+                pub fn biz_system(&self) -> &str {
+                    self.biz_data_parts.get(6).map(|s| s.as_str()).unwrap_or("")
+                }
+                pub fn signer_id(&self) -> String {
+                    String::new()
+                }
+            }
+
+            #[derive(Default)]
+            pub struct NetSignParser;
+
+            impl NetSignParser {
+                pub fn check_payload(&self, _: &[u8]) -> Option<LogMessageType> {
+                    unimplemented!()
+                }
+                pub fn parse_payload(&self, _: &[u8]) -> Option<NetSignFields> {
+                    unimplemented!()
+                }
+            }
+        }
+
         pub mod iso8583 {
             use public::bitmap::Bitmap;
 

agent/crates/public/src/l7_protocol.rs

@@ -63,6 +63,7 @@ pub enum L7Protocol {
     SomeIp = 47,
     Iso8583 = 48,
     Triple = 49,
+    NetSign = 50,
 
     // SQL
     MySQL = 60,
@@ -149,6 +150,7 @@ impl From<String> for L7Protocol {
             "tls" => Self::TLS,
             "ping" => Self::Ping,
             "some/ip" | "someip" => Self::SomeIp,
+            "netsign" | "net-sign" | "net_sign" => Self::NetSign,
             _ => Self::Unknown,
         }
     }

agent/src/common/l7_protocol_info.rs

@@ -131,6 +131,7 @@ cfg_if::cfg_if! {
             PingInfo(PingInfo),
             CustomInfo(CustomInfo),
             Iso8583Info(crate::flow_generator::protocol_logs::rpc::Iso8583Info),
+            NetSignInfo(crate::flow_generator::protocol_logs::rpc::NetSignInfo),
             // add new protocol info below
         );
     }

agent/src/common/l7_protocol_log.rs

@@ -34,7 +34,7 @@ use super::l7_protocol_info::L7ProtocolInfo;
 use super::MetaPacket;
 
 use crate::common::meta_packet::{IcmpData, ProtocolData};
-use crate::config::config::{Iso8583ParseConfig, WebSphereMqParseConfig};
+use crate::config::config::{Iso8583ParseConfig, NetSignParseConfig, WebSphereMqParseConfig};
 use crate::config::handler::LogParserConfig;
 use crate::config::OracleConfig;
 use crate::flow_generator::flow_map::FlowMapCounter;
@@ -103,6 +103,8 @@ macro_rules! impl_protocol_parser {
                     #[cfg(feature = "enterprise")]
                     "ISO-8583"=>Ok(Self::Iso8583(Default::default())),
                     #[cfg(feature = "enterprise")]
+                    "NetSign"|"netsign"|"net_sign"=>Ok(Self::NetSign(Default::default())),
+                    #[cfg(feature = "enterprise")]
                     "WebSphereMQ"=>Ok(Self::WebSphereMq(Default::default())),
                     $(
                         stringify!($proto) => Ok(Self::$proto(Default::default())),
@@ -202,6 +204,7 @@ cfg_if::cfg_if! {
                 Tars(TarsLog),
                 Oracle(crate::flow_generator::protocol_logs::OracleLog),
                 Iso8583(crate::flow_generator::protocol_logs::Iso8583Log),
+                NetSign(crate::flow_generator::protocol_logs::NetSignLog),
                 MQTT(MqttLog),
                 AMQP(AmqpLog),
                 NATS(NatsLog),
@@ -691,6 +694,7 @@ pub struct ParseParam<'a> {
     pub oracle_parse_conf: OracleConfig,
     pub iso8583_parse_conf: Iso8583ParseConfig,
     pub web_sphere_mq_parse_conf: WebSphereMqParseConfig,
+    pub net_sign_parse_conf: NetSignParseConfig,
 }
 
 impl<'a> fmt::Debug for ParseParam<'a> {
@@ -723,6 +727,7 @@ impl<'a> fmt::Debug for ParseParam<'a> {
             .field("oracle_parse_conf", &self.oracle_parse_conf)
             .field("iso8583_parse_conf", &self.iso8583_parse_conf)
             .field("web_sphere_mq_parse_conf", &self.web_sphere_mq_parse_conf)
+            .field("net_sign_parse_conf", &self.net_sign_parse_conf)
             .finish()
     }
 }
@@ -796,6 +801,7 @@ impl<'a> ParseParam<'a> {
             oracle_parse_conf: OracleConfig::default(),
             iso8583_parse_conf: Iso8583ParseConfig::default(),
             web_sphere_mq_parse_conf: WebSphereMqParseConfig::default(),
+            net_sign_parse_conf: NetSignParseConfig::default(),
         }
     }
 }
@@ -841,6 +847,10 @@ impl<'a> ParseParam<'a> {
         self.web_sphere_mq_parse_conf = conf.clone();
     }
 
+    pub fn set_net_sign_conf(&mut self, conf: &NetSignParseConfig) {
+        self.net_sign_parse_conf = *conf;
+    }
+
     pub fn reversed(&self) -> Self {
         Self {
             ip_src: self.ip_dst,
@@ -858,6 +868,7 @@ impl<'a> ParseParam<'a> {
             stats_counter: self.stats_counter.clone(),
             iso8583_parse_conf: self.iso8583_parse_conf.clone(),
             web_sphere_mq_parse_conf: self.web_sphere_mq_parse_conf.clone(),
+            net_sign_parse_conf: self.net_sign_parse_conf,
             ..*self
         }
     }

agent/src/config/config.rs

@@ -1900,6 +1900,20 @@ impl Default for WebSphereMqConfig {
     }
 }
 
+#[derive(Clone, Copy, Debug, Deserialize, PartialEq, Eq)]
+#[serde(default)]
+pub struct NetSignConfig {
+    pub extract_biz_data_enabled: bool,
+}
+
+impl Default for NetSignConfig {
+    fn default() -> Self {
+        Self {
+            extract_biz_data_enabled: false,
+        }
+    }
+}
+
 #[derive(Clone, Copy, Debug, Deserialize, PartialEq, Eq)]
 #[serde(default)]
 pub struct MysqlConfig {
@@ -1978,6 +1992,7 @@ pub struct ProtocolSpecialConfig {
     pub oracle: OracleConfig,
     pub iso8583: Iso8583Config,
     pub web_sphere_mq: WebSphereMqConfig,
+    pub net_sign: NetSignConfig,
     pub mysql: MysqlConfig,
     pub grpc: GrpcConfig,
 }
@@ -2048,6 +2063,7 @@ impl Default for Filters {
                 ("Tars".to_string(), "1-65535".to_string()),
                 ("SomeIP".to_string(), "1-65535".to_string()),
                 ("ISO8583".to_string(), "1-65535".to_string()),
+                ("NetSign".to_string(), "1-65535".to_string()),
                 ("Triple".to_string(), "1-65535".to_string()),
                 ("MySQL".to_string(), "1-65535".to_string()),
                 ("PostgreSQL".to_string(), "1-65535".to_string()),
@@ -2080,6 +2096,7 @@ impl Default for Filters {
                 ("Tars".to_string(), vec![]),
                 ("SomeIP".to_string(), vec![]),
                 ("ISO8583".to_string(), vec![]),
+                ("NetSign".to_string(), vec![]),
                 ("Triple".to_string(), vec![]),
                 ("MySQL".to_string(), vec![]),
                 ("PostgreSQL".to_string(), vec![]),
@@ -3713,6 +3730,11 @@ impl Default for WebSphereMqParseConfig {
     }
 }
 
+#[derive(Clone, Copy, Default, Debug, PartialEq, Eq)]
+pub struct NetSignParseConfig {
+    pub extract_biz_data_enabled: bool,
+}
+
 #[derive(Clone, Default, Debug, Deserialize, PartialEq, Eq)]
 #[serde(default, rename_all = "kebab-case")]
 pub struct BondGroup {

agent/src/config/handler.rs

@@ -58,9 +58,9 @@ use super::config::{Ebpf, EbpfFileIoEvent, ProcessMatcher, SymbolTable};
 use super::{
     config::{
         ApiResources, Config, DpdkSource, ExtraLogFields, ExtraLogFieldsInfo, HttpEndpoint,
-        HttpEndpointMatchRule, Iso8583ParseConfig, OracleConfig, PcapStream, PortConfig,
-        ProcessorsFlowLogTunning, RequestLogTunning, SessionTimeout, TagFilterOperator, Timeouts,
-        UserConfig, WebSphereMqParseConfig, GRPC_BUFFER_SIZE_MIN,
+        HttpEndpointMatchRule, Iso8583ParseConfig, NetSignParseConfig, OracleConfig, PcapStream,
+        PortConfig, ProcessorsFlowLogTunning, RequestLogTunning, SessionTimeout, TagFilterOperator,
+        Timeouts, UserConfig, WebSphereMqParseConfig, GRPC_BUFFER_SIZE_MIN,
     },
     ConfigError, KubernetesPollerType, TrafficOverflowAction,
 };
@@ -529,6 +529,7 @@ pub struct FlowConfig {
     pub oracle_parse_conf: OracleConfig,
     pub iso8583_parse_conf: Iso8583ParseConfig,
     pub web_sphere_mq_parse_conf: WebSphereMqParseConfig,
+    pub net_sign_parse_conf: NetSignParseConfig,
 
     pub obfuscate_enabled_protocols: L7ProtocolBitmap,
     pub server_ports: Vec<u16>,
@@ -787,6 +788,15 @@ impl From<&UserConfig> for FlowConfig {
                     .web_sphere_mq
                     .filter_attributes_enabled,
             },
+            net_sign_parse_conf: NetSignParseConfig {
+                extract_biz_data_enabled: conf
+                    .processors
+                    .request_log
+                    .application_protocol_inference
+                    .protocol_special_config
+                    .net_sign
+                    .extract_biz_data_enabled,
+            },
             obfuscate_enabled_protocols: L7ProtocolBitmap::from(
                 conf.processors
                     .request_log

agent/src/ebpf/kernel/include/common.h

@@ -77,6 +77,8 @@ enum traffic_protocol {
 	PROTO_TARS = 46,
 	PROTO_SOME_IP = 47,
 	PROTO_ISO8583 = 48,
+	PROTO_TRIPLE = 49,
+	PROTO_NET_SIGN = 50,
 	PROTO_MYSQL = 60,
 	PROTO_POSTGRESQL = 61,
 	PROTO_ORACLE = 62,