审计日志异步+批量入库

2025-08-08 15:18:31 +08:00 · 2022-09-27 16:30:05 +08:00
parent 10ca7c9c85
commit 3c5acd31fb
9 changed files with 393 additions and 92 deletions
--- a/server/handler/payload.go
+++ b/server/handler/payload.go
@@ -1,24 +1,12 @@
 package handler

 import (
-	"crypto/md5"
-	"encoding/binary"
-	"encoding/hex"
-
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
-	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/bjdgyc/anylink/sessdata"
 	"github.com/songgao/water/waterutil"
 )

-const (
-	acc_proto_udp = iota + 1
-	acc_proto_tcp
-	acc_proto_https
-	acc_proto_http
-)
-
 func payloadIn(cSess *sessdata.ConnSession, pl *sessdata.Payload) bool {
 	if pl.LType == sessdata.LTypeIPData && pl.PType == 0x00 {
 		// 进行Acl规则判断
@@ -27,8 +15,11 @@ func payloadIn(cSess *sessdata.ConnSession, pl *sessdata.Payload) bool {
 			// 校验不通过直接丢弃
 			return false
 		}
-
-		logAudit(cSess, pl)
+		if base.Cfg.AuditInterval >= 0 {
+			cSess.IpAuditPool.JobQueue <- func() {
+				logAudit(cSess, pl)
+			}
+		}
 	}

 	closed := false
@@ -106,68 +97,3 @@ func checkLinkAcl(group *dbdata.Group, pl *sessdata.Payload) bool {

 	return false
 }
-
-// 访问日志审计
-func logAudit(cSess *sessdata.ConnSession, pl *sessdata.Payload) {
-	if base.Cfg.AuditInterval < 0 {
-		return
-	}
-
-	ipProto := waterutil.IPv4Protocol(pl.Data)
-	// 访问协议
-	var accessProto uint8
-	// 只统计 tcp和udp 的访问
-	switch ipProto {
-	case waterutil.TCP:
-		accessProto = acc_proto_tcp
-	case waterutil.UDP:
-		accessProto = acc_proto_udp
-	default:
-		return
-	}
-
-	ipSrc := waterutil.IPv4Source(pl.Data)
-	ipDst := waterutil.IPv4Destination(pl.Data)
-	ipPort := waterutil.IPv4DestinationPort(pl.Data)
-
-	b := getByte51()
-	key := *b
-	copy(key[:16], ipSrc)
-	copy(key[16:32], ipDst)
-	binary.BigEndian.PutUint16(key[32:34], ipPort)
-
-	info := ""
-	if ipProto == waterutil.TCP {
-		accessProto, info = onTCP(waterutil.IPv4Payload(pl.Data))
-	}
-	key[34] = byte(accessProto)
-	if info != "" {
-		md5Sum := md5.Sum([]byte(info))
-		copy(key[35:51], hex.EncodeToString(md5Sum[:]))
-	}
-	s := utils.BytesToString(key)
-	nu := utils.NowSec().Unix()
-
-	// 判断已经存在，并且没有过期
-	v, ok := cSess.IpAuditMap.Get(s)
-	if ok && nu-v.(int64) < int64(base.Cfg.AuditInterval) {
-		// 回收byte对象
-		putByte51(b)
-		return
-	}
-
-	cSess.IpAuditMap.Set(s, nu)
-
-	audit := dbdata.AccessAudit{
-		Username:    cSess.Sess.Username,
-		Protocol:    uint8(ipProto),
-		Src:         ipSrc.String(),
-		Dst:         ipDst.String(),
-		DstPort:     ipPort,
-		CreatedAt:   utils.NowSec(),
-		AccessProto: accessProto,
-		Info:        info,
-	}
-
-	_ = dbdata.Add(audit)
-}