From c387b3f2d202a7fa080d45bd46c25ffc2cd6d6ea Mon Sep 17 00:00:00 2001
From: liuxueli <liuxueli@iieac.cn>
Date: Fri, 24 Mar 2023 16:25:49 +0800
Subject: [PATCH] =?UTF-8?q?TSG-14338:=20LTS22.11=E7=89=88=E6=9C=AC=20?=
 =?UTF-8?q?=E5=8A=9F=E8=83=BD=E7=AB=AF=E5=AE=89=E5=85=A8=E7=AD=96=E7=95=A5?=
 =?UTF-8?q?Deny=E5=8A=A8=E4=BD=9C=E6=94=AF=E6=8C=81=E2=80=9C=E7=94=9F?=
 =?UTF-8?q?=E6=95=88=E6=96=B9=E5=90=91=E2=80=9D=E5=8A=A8=E4=BD=9C=E5=8F=82?=
 =?UTF-8?q?=E6=95=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/fw_dns_plug.cpp | 51 +++++++++++++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 11 deletions(-)

diff --git a/src/fw_dns_plug.cpp b/src/fw_dns_plug.cpp
index a87d68c..86268f0 100644
--- a/src/fw_dns_plug.cpp
+++ b/src/fw_dns_plug.cpp
@@ -136,6 +136,22 @@ static int fw_dns_send_log(struct streaminfo *a_stream, dns_info_t *dns_info, st
 	return 0;
 }
 
+int fw_dns_select_monitor_result(struct streaminfo *a_stream, dns_info_t *dns_info, struct Maat_rule_t *result, int result_num, int thread_seq)
+{
+	for(int i=0; i<result_num; i++)
+	{
+		if(result[i].action!=TSG_ACTION_MONITOR)
+		{
+			continue;
+		}
+		
+		tsg_notify_hited_monitor_result(a_stream, &(result[i]), 1, thread_seq);
+		fw_dns_send_log(a_stream, dns_info, &(result[i]), 1, thread_seq);
+	}
+
+	return 0;
+}
+
 extern "C" char FW_DNS_PLUG_ENTRY(stSessionInfo* session_info,  void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet)
 {
 	int ret=0,hit_num=0;
@@ -239,19 +255,32 @@ extern "C" char FW_DNS_PLUG_ENTRY(stSessionInfo* session_info,  void **pme, int
 	hit_num+=tsg_scan_fqdn_category_id(g_tsg_maat_feather, a_stream, result+hit_num,MAX_RESULT_NUM-hit_num, &mid, g_fw_dns_plug_info.table_qname_id, category_id, category_id_num, thread_seq);
 	if(hit_num>0)
 	{
-		p_result=tsg_fetch_deny_rule(result, hit_num);
-		if(p_result!=NULL)
+		p_result=tsg_policy_decision_criteria(result, hit_num);
+		switch(p_result->action)
 		{
-			state=tsg_deal_deny_action(a_stream, p_result, PROTO_DNS, ACTION_RETURN_TYPE_PROT, (const void *)dns_info);
-			if(state!=PROT_STATE_GIVEME)
-			{
+			case	TSG_ACTION_BYPASS:
 				fw_dns_send_log(a_stream, dns_info, p_result, 1, thread_seq);
-			}
-		}
-		else
-		{
-			tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq);
-			fw_dns_send_log(a_stream, dns_info, result, hit_num, thread_seq);
+				break;
+			case	TSG_ACTION_DENY:
+				ret=tsg_is_do_deny_action_by_enforce_direction(a_stream, p_result);
+				if(ret==0)
+				{
+					fw_dns_select_monitor_result(a_stream, dns_info, result, hit_num, thread_seq);
+					break;
+				}
+				
+				state=tsg_deal_deny_action(a_stream, p_result, PROTO_DNS, ACTION_RETURN_TYPE_PROT, (const void *)dns_info);
+				if(state!=PROT_STATE_GIVEME)
+				{
+					fw_dns_send_log(a_stream, dns_info, p_result, 1, thread_seq);
+				}
+				break;
+			case	TSG_ACTION_MONITOR:
+				tsg_notify_hited_monitor_result(a_stream, result, hit_num, thread_seq);
+				fw_dns_send_log(a_stream, dns_info, result, hit_num, thread_seq);
+				break;
+			default:
+				break;
 		}
 	}