TSG-9289: 修复Deny策略未执行捕包动作的问题

src/tsg_action.cpp

@@ -862,6 +862,8 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
 		tsg_set_method_to_tcpall(a_stream, &context, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum);
 	}
 
+	tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum);
+
 	security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
 	
 	state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME);

src/tsg_entry.cpp

@@ -1966,6 +1966,9 @@ extern "C" int TSG_MASTER_INIT()
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","DEFAULT_POLICY_ID", &g_tsg_para.default_compile_id, 0);
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","HIT_PATH_SWITCH", &g_tsg_para.hit_path_switch, 0);
 
+	g_tsg_para.default_vlan.num=1;
+	MESA_load_profile_int_def(tsg_conffile, "TRAFFIC_MIRROR","DEFAULT_VLAN_ID", &(g_tsg_para.default_vlan.id[0]), 2);
+
 	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;");
 	tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
 

src/tsg_entry.h

@@ -263,6 +263,7 @@ typedef	struct tsg_para
 	void *logger;
 	void *maat_logger;
 	struct reset_argv reset;
+	struct mirrored_vlan default_vlan;
 	screen_stat_handle_t fs2_handle;
 	struct l7_protocol *name_by_id;
 	struct l7_protocol *id_by_name;

src/tsg_rule.cpp

@@ -654,33 +654,6 @@ static int get_integer_from_json(cJSON *object, const char *key, int *value)
 	return 0;
 }
 
-static struct compile_user_region *parse_monitor_user_region(cJSON *monitor_user_region_object)
-{
-	int ret=0;
-	cJSON *mirror_item=NULL;
-	struct compile_user_region *user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region));
-	mirror_item=cJSON_GetObjectItem(monitor_user_region_object, "traffic_mirror");
-	if(mirror_item==NULL)
-	{		
-		return user_region;
-	}
-
-	user_region->mirror=(struct monitor_user_region *)calloc(1, sizeof(struct monitor_user_region));
-	ret=get_integer_from_json(mirror_item, "enable", &(user_region->mirror->enabled));		
-	if(ret!=1)
-	{
-		return user_region;
-	}
-	
-	ret=get_integer_from_json(mirror_item, "mirror_profile", &(user_region->mirror->profile_id));
-	if(ret==1)
-	{
-		user_region->method_type=TSG_METHOD_TYPE_MIRRORED;
-	}
-
-	return user_region;
-}
-
 static int parse_answer_ttl(struct dns_user_region *user_region_records, cJSON *one_record, int answer_type)
 {
 	if(one_record==NULL || user_region_records==NULL)
@@ -922,6 +895,7 @@ static int parse_default_para(cJSON *deny_user_region_object, struct compile_use
 	return 1;
 }
 
+
 static int parse_packet_capture(cJSON *packet_capture_object, struct compile_user_region *user_region)
 {
 	if(packet_capture_object==NULL || user_region==NULL)
@@ -944,6 +918,33 @@ static int parse_packet_capture(cJSON *packet_capture_object, struct compile_use
 	return 0;
 }
 
+static int parse_packet_mirrored(cJSON *user_region_object, struct compile_user_region *user_region)
+{
+	if(user_region_object==NULL || user_region==NULL)
+	{
+		return 0;
+	}
+		
+	cJSON *mirror_item=NULL;
+	mirror_item=cJSON_GetObjectItem(user_region_object, "traffic_mirror");
+	if(mirror_item==NULL)
+	{		
+		return 0;
+	}
+	
+	user_region->mirror=(struct monitor_user_region *)calloc(1, sizeof(struct monitor_user_region));
+	int ret=get_integer_from_json(mirror_item, "enable", &(user_region->mirror->enabled));		
+	if(ret!=1)
+	{
+		return 0;
+	}
+	
+	user_region->method_type=TSG_METHOD_TYPE_MIRRORED;
+	get_integer_from_json(mirror_item, "mirror_profile", &(user_region->mirror->profile_id));	
+
+	return 1;
+}
+
 static struct compile_user_region *parse_deny_user_region(cJSON *deny_user_region_object)
 {
 	int ret=0;
@@ -1062,11 +1063,13 @@ void security_compile_new(int idx, const struct Maat_rule_t* rule, const char* s
 				case	TSG_ACTION_DENY:
 					user_region=parse_deny_user_region(user_region_object);					
 					parse_packet_capture(packet_capture_object, user_region);
+					parse_packet_mirrored(user_region_object,user_region);
 					atomic_inc(&user_region->ref_cnt);
 					break;
 				case	TSG_ACTION_MONITOR:
-					user_region=parse_monitor_user_region(user_region_object);
+					user_region=(struct compile_user_region *)calloc(1, sizeof(struct compile_user_region));
 					parse_packet_capture(packet_capture_object, user_region);					
+					parse_packet_mirrored(user_region_object,user_region);
 					atomic_inc(&user_region->ref_cnt);
 					break; 
 				default:
@@ -2715,7 +2718,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 
 	for(i=0; i<result_num; i++)
 	{
-		if(result[i].action!=TSG_ACTION_MONITOR)
+		if(result[i].action!=TSG_ACTION_MONITOR && result[i].action!=TSG_ACTION_DENY)
 		{
 			continue;
 		}
@@ -2739,6 +2742,13 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
 				mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL);
 			}
+			else
+			{
+				notify_data.compile_id=result[i].config_id;
+				notify_data.type=NOTIFY_TYPE_MIRRORED;
+				notify_data.vlan=&(g_tsg_para.default_vlan);				
+				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
+			}
 		}
 
 		if(user_region->capture.enabled==1)

src/tsg_send_log.cpp

@@ -1288,6 +1288,7 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
 
 	if(execution_result->capture_packet_path!=NULL)
 	{		
+		TLD_delete(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_PACKET_CAPTURE_FILE].name, (void *)(execution_result->capture_packet_path), TLD_TYPE_STRING);
 	}