1、kni_replace.c:116当该数据包中没有待替换内容，则转发该数据包；2、kni_replace.c:253，当发生替换动作后再发送日志，避免误命中；3、kni_entry.c:901 扫描IP后可以再次扫描负载内容

2018-12-30 15:43:31 +08:00
parent 8d88fe1569
commit c8a8bfe1d9
2 changed files with 19 additions and 3 deletions
--- a/kni_replace.c
+++ b/kni_replace.c
@@ -113,6 +113,10 @@ int kni_build_send_ipv4(unsigned char dir,int thread_seq,struct ip* a_packet,str
 		free(sendbuf);
 		sendbuf = NULL;
 	}
+	else
+	{
+		ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
+	}

 	return ret;
 	
@@ -183,6 +187,11 @@ int kni_build_send_ipv6(unsigned char dir,int thread_seq,struct kni_ipv6_hdr* ip
 		free(sendbuf);
 		sendbuf = NULL;
 	}
+	else
+	{
+		ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
+	}
+	
 	return ret;
 	

@@ -230,8 +239,6 @@ char kni_process_replace(unsigned char dir,int thread_seq,const struct streaminf
 		return APP_STATE_DROPME;
 	}

-	kni_log_debug(RLOG_LV_FATAL,(char*)"REPLACE",a_packet,(char*)"config id:%d,original:%s,replace:%s",pmeinfo->cfg_id,replace_info.find,replace_info.replace);
-	replace_sendlog(pstream, pmeinfo, replace_info.find,replace_info.replace);
 	
 	if(*(char*)a_packet == 0x45)
 	{
@@ -242,6 +249,14 @@ char kni_process_replace(unsigned char dir,int thread_seq,const struct streaminf
 		ret = kni_build_send_ipv6(dir,thread_seq,(struct kni_ipv6_hdr*)a_packet,pmeinfo,&replace_info);
 	}

+
+	if(ret & APP_STATE_DROPPKT)
+	{
+		kni_log_debug(RLOG_LV_FATAL,(char*)"REPLACE",a_packet,(char*)"config id:%d,original:%s,replace:%s",pmeinfo->cfg_id,replace_info.find,replace_info.replace);
+		replace_sendlog(pstream, pmeinfo, replace_info.find,replace_info.replace);
+	}
+
+
 //20181030 modify for muti replace
 	Maat_clean_status(&(pmeinfo->mid));
 	pmeinfo->ipsscan_action = KNI_ACTION_NONE;