diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 5545fb5..9d5c42e 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -862,6 +862,8 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_ tsg_set_method_to_tcpall(a_stream, &context, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum); } + tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum); + security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME); diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 8a3624e..5d1146d 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1966,6 +1966,9 @@ extern "C" int TSG_MASTER_INIT() MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0); MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0); + g_tsg_para.default_vlan.num=1; + MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2); + MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;"); tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag); diff --git a/src/tsg_entry.h b/src/tsg_entry.h index c409682..8f16f0d 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -263,6 +263,7 @@ typedef struct tsg_para void *logger; void *maat_logger; struct reset_argv reset; + struct mirrored_vlan default_vlan; screen_stat_handle_t fs2_handle; struct l7_protocol *name_by_id; struct l7_protocol *id_by_name; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 6fe7eee..2454fa2 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -654,33 +654,6 @@ static int get_integer_from_json(cJSON *object, const char *key, int *value) return 0; } -static struct compile_user_region *parse_monitor_user_region(cJSON *monitor_user_region_object) -{ - int ret=0; - cJSON *mirror_item=NULL; - struct compile_user_region *user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region)); - mirror_item=cJSON_GetObjectItem(monitor_user_region_object, "traffic_mirror"); - if(mirror_item==NULL) - { - return user_region; - } - - user_region->mirror=(struct monitor_user_region *)calloc(1, sizeof(struct monitor_user_region)); - ret=get_integer_from_json(mirror_item, "enable", &(user_region->mirror->enabled)); - if(ret!=1) - { - return user_region; - } - - ret=get_integer_from_json(mirror_item, "mirror_profile", &(user_region->mirror->profile_id)); - if(ret==1) - { - user_region->method_type=TSG_METHOD_TYPE_MIRRORED; - } - - return user_region; -} - static int parse_answer_ttl(struct dns_user_region *user_region_records, cJSON *one_record, int answer_type) { if(one_record==NULL || user_region_records==NULL) @@ -922,6 +895,7 @@ static int parse_default_para(cJSON *deny_user_region_object, struct compile_use return 1; } + static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region) { if(packet_capture_object==NULL || user_region==NULL) @@ -944,6 +918,33 @@ static int parse_packet_capture(cJSON *packet_capture_object, struct compile_use return 0; } +static int parse_packet_mirrored(cJSON *user_region_object, struct compile_user_region *user_region) +{ + if(user_region_object==NULL || user_region==NULL) + { + return 0; + } + + cJSON *mirror_item=NULL; + mirror_item=cJSON_GetObjectItem(user_region_object, "traffic_mirror"); + if(mirror_item==NULL) + { + return 0; + } + + user_region->mirror=(struct monitor_user_region *)calloc(1, sizeof(struct monitor_user_region)); + int ret=get_integer_from_json(mirror_item, "enable", &(user_region->mirror->enabled)); + if(ret!=1) + { + return 0; + } + + user_region->method_type=TSG_METHOD_TYPE_MIRRORED; + get_integer_from_json(mirror_item, "mirror_profile", &(user_region->mirror->profile_id)); + + return 1; +} + static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_region_object) { int ret=0; @@ -1062,11 +1063,13 @@ void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* s case TSG_ACTION_DENY: user_region=parse_deny_user_region(user_region_object); parse_packet_capture(packet_capture_object, user_region); + parse_packet_mirrored(user_region_object,user_region); atomic_inc(&user_region->ref_cnt); break; case TSG_ACTION_MONITOR: - user_region=parse_monitor_user_region(user_region_object); - parse_packet_capture(packet_capture_object, user_region); + user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region)); + parse_packet_capture(packet_capture_object, user_region); + parse_packet_mirrored(user_region_object,user_region); atomic_inc(&user_region->ref_cnt); break; default: @@ -2715,7 +2718,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma for(i=0; icapture.enabled==1) diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index be22c9e..98e7010 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -1287,7 +1287,8 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD } if(execution_result->capture_packet_path!=NULL) - { + { + TLD_delete(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name); TLD_append(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name, (void *)(execution_result->capture_packet_path), TLD_TYPE_STRING); }