diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index fed4164..3b63666 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -29,6 +29,7 @@ enum TSG_METHOD_TYPE TSG_METHOD_TYPE_MIRRORED, TSG_METHOD_TYPE_TAMPER, TSG_METHOD_TYPE_DEFAULT, + TSG_METHOD_TYPE_APP_DROP, TSG_METHOD_TYPE_MAX }; @@ -46,26 +47,6 @@ typedef enum _PULL_RESULT_TYPE PULL_ALL_RESULT }PULL_RESULT_TYPE; -struct app_id_dict -{ - int ref_cnt; - int app_id; - int parent_app_id; - int deny_action; - int continue_scanning; - unsigned short tcp_timeout; - unsigned short udp_timeout; - int tcp_time_wait; - int tcp_half_close; - char *risk; - char *app_name; - char *parent_app_name; - char *category; - char *subcategroy; - char *technology; - char *characteristics; -}; - extern Maat_feather_t g_tsg_maat_feather; int tsg_rule_init(const char *conffile, void *logger); diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index a5b147f..b321f87 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -803,24 +803,16 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M return STATE_DROPME|STATE_DROPPKT; } -unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) +static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struct compile_user_region *user_region, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) { unsigned char local_state=STATE_GIVEME; unsigned char state=0; int method_type=TSG_METHOD_TYPE_RESET; - struct compile_user_region *user_region=NULL; - - if(p_result->action==TSG_ACTION_BYPASS) - { - return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPME : APP_STATE_GIVEME); - } - - user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); if(user_region!=NULL) { method_type=user_region->method_type; } - + switch(method_type) { case TSG_METHOD_TYPE_DROP: @@ -850,20 +842,34 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_ case TSG_METHOD_TYPE_DEFAULT: local_state=do_action_default_xxx(a_stream, p_result, user_region, protocol, user_data); break; + case TSG_METHOD_TYPE_APP_DROP: + if(user_region->deny->type!=TSG_DENY_TYPE_APP_DROP) + { + break; + } + + local_state=0; + if(user_region->deny->app_para.send_icmp_enable==1) + { + local_state|=do_action_tamper(a_stream, p_result, user_region, protocol, user_data); + } + + if(user_region->deny->app_para.send_reset_enable==1) + { + local_state|=do_action_reset(a_stream, p_result, protocol); + } + break; default: break; } - + tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum); + if(method_type!=TSG_METHOD_TYPE_DEFAULT) { struct tcpall_context *context=NULL; tsg_set_method_to_tcpall(a_stream, &context, (enum TSG_METHOD_TYPE)method_type, a_stream->threadnum); } - - tsg_notify_hited_monitor_result(a_stream, p_result, 1, a_stream->threadnum); - - security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); state=((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME); state|=((type==ACTION_RETURN_TYPE_PROT) ? (local_state&STATE_DROPME ? PROT_STATE_DROPME : 0) : (local_state&STATE_DROPME ? APP_STATE_DROPME : 0)); @@ -874,3 +880,61 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_ return state; } +unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data) +{ + unsigned char state=0; + char app_id_buff[32]={0}; + struct app_id_dict *dict=NULL; + struct compile_user_region app_user_region={0}, *user_region=NULL; + + snprintf(app_id_buff, sizeof(app_id_buff), "%d", app_id); + dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff); + if(dict==NULL) + { + return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_GIVEME : APP_STATE_GIVEME); + } + + user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); + if(user_region!=NULL) + { + app_user_region.capture=user_region->capture; + security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + } + + switch(dict->deny_app_para.type) + { + case TSG_DENY_TYPE_APP_DROP: + app_user_region.method_type=TSG_METHOD_TYPE_APP_DROP; + app_user_region.deny=&(dict->deny_app_para); + break; + case TSG_DENY_TYPE_APP_RATELIMIT: + app_user_region.method_type=TSG_METHOD_TYPE_RATE_LIMIT; + app_user_region.deny=&(dict->deny_app_para); + break; + default: + break; + } + + state=tsg_do_deny_action(a_stream, &app_user_region, p_result, protocol, type, user_data); + app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); + + return state; +} + +unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, enum ACTION_RETURN_TYPE type, const void *user_data) +{ + unsigned char state=0; + struct compile_user_region *user_region=NULL; + + if(p_result->action==TSG_ACTION_BYPASS) + { + return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPME : APP_STATE_GIVEME); + } + + user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); + state=tsg_do_deny_action(a_stream, user_region, p_result, protocol, type, user_data); + security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); + + return state; +} + diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index c11f2e9..d96a247 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1488,9 +1488,12 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru int scan_application_id_and_properties(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, struct master_context *context, struct app_identify_result *identify_result, int thread_seq) { int i=0,hit_num=0; + int hited_app_id=0; + int after_n_packets=0; char *name=NULL; char app_id_buff[32]={0}; struct app_id_dict *dict=NULL; + struct Maat_rule_t *p_result, *d_result=NULL; for(i=0; i< identify_result->app_id_num; i++) { @@ -1505,12 +1508,8 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct hit_num+=tsg_scan_app_properties_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->characteristics, (char *)"characteristics", thread_seq); hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq); - //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq); - - if(context->hited_app_id==0 && hit_num>0 && identify_result->origin!=ORIGIN_BASIC_PROTOCOL) - { - context->hited_app_id=identify_result->app_id[i]; - } + after_n_packets=dict->deny_app_para.after_n_packets; + set_app_timeout(a_stream, dict, &(context->timeout)); app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); } @@ -1519,15 +1518,47 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct name=tsg_l7_protocol_id2name(identify_result->app_id[i]); hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), ((name==NULL) ? (char *)"" : name), identify_result->app_id[i], thread_seq); } + + p_result=tsg_fetch_deny_rule(result, hit_num); + if(d_result==NULL) + { + d_result=p_result; + hited_app_id=identify_result->app_id[i]; + continue; + } + + if(d_result->config_id!=p_result->config_id) + { + d_result=p_result; + hited_app_id=identify_result->app_id[i]; + } } + if(hit_num>0) + { + if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL) + { + context->hited_app_id=hited_app_id; + } + + context->hited_para.hited_app_id=hited_app_id; + context->hited_para.after_n_packets=after_n_packets; + } + + if(d_result!=NULL && d_result->action==TSG_ACTION_DENY) + { + copy_result_to_project(a_stream, context, d_result, NULL, context->proto, PULL_FW_RESULT, thread_seq); + } + return hit_num; } static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *result, int hit_num, const void *a_packet) { - Maat_rule_t *p_result=NULL; - unsigned char state=APP_STATE_GIVEME; + int ret=0; + unsigned char state=APP_STATE_GIVEME; + struct identify_info tmp_identify_info; + Maat_rule_t *p_result=NULL, app_result={0}; struct tcpall_context *tmp_tcpall_context=NULL; p_result=tsg_policy_decision_criteria(result, hit_num); @@ -1537,7 +1568,29 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, switch((unsigned char)p_result->action) { case TSG_ACTION_DENY: - state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet); + ret=tsg_pull_policy_result((struct streaminfo* )a_stream, PULL_FW_RESULT, &app_result, 1, &tmp_identify_info); + if(ret>0 && app_result.action==TSG_ACTION_DENY && app_result.config_id==p_result->config_id) + { + if(context->hited_para.after_n_packets>0) + { + ret=tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_APP_DROP, a_stream->threadnum); + if(ret>0) + { + tmp_tcpall_context->hited_para=context->hited_para; + } + state=APP_STATE_KILL_OTHER|APP_STATE_DROPME; + break; + } + else + { + state=tsg_deny_application(a_stream, p_result, context->proto, context->hited_para.hited_app_id, ACTION_RETURN_TYPE_APP, a_packet); + } + } + else + { + state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet); + } + if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER) || is_tamper_action(p_result)) { context->hit_cnt=0; @@ -1835,14 +1888,16 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns int eth_rawpkt_len=0; scan_status_t scan_mid=NULL; struct Maat_rule_t *p_result=NULL; - unsigned char state=APP_STATE_GIVEME; + unsigned char state=APP_STATE_GIVEME; + struct identify_info tmp_identify_info; struct Maat_rule_t result[MAX_RESULT_NUM]={0}; - struct tcpall_context *context=(struct tcpall_context *)(*pme); + struct master_context *data_context=NULL; + struct tcpall_context *all_context=(struct tcpall_context *)(*pme); if(stream_state==OP_STATE_PENDING) { - context->method_type=TSG_METHOD_TYPE_DEFAULT; - context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); + all_context->method_type=TSG_METHOD_TYPE_DEFAULT; + all_context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM); if(hit_num>0) @@ -1866,7 +1921,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns scan_mid=NULL; } - switch(context->method_type) + switch(all_context->method_type) { case TSG_METHOD_TYPE_RATE_LIMIT: eth_rawpkt_len=get_raw_packet_len(a_stream); @@ -1875,7 +1930,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns break; } - ret=is_permit_pass(eth_rawpkt_len*8, context->bucket, thread_seq); + ret=is_permit_pass(eth_rawpkt_len*8, all_context->bucket, thread_seq); if(ret==0) { state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; @@ -1883,13 +1938,13 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns break; case TSG_METHOD_TYPE_TAMPER: if(a_stream->opstate != OP_STATE_PENDING){ - if(0 == send_tamper_xxx(a_stream, &context->tamper_count, a_packet)){ + if(0 == send_tamper_xxx(a_stream, &all_context->tamper_count, a_packet)){ state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; } } break; case TSG_METHOD_TYPE_DEFAULT: - if(!is_do_default_policy(a_stream, context->after_n_packets) || stream_state==OP_STATE_CLOSE) + if(!is_do_default_policy(a_stream, all_context->after_n_packets) || stream_state==OP_STATE_CLOSE) { break; } @@ -1900,6 +1955,26 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns master_send_log(a_stream, &result[0], 1, NULL, thread_seq); } break; + case TSG_METHOD_TYPE_APP_DROP: + if((all_context->hited_para.after_n_packets-- > 0) || stream_state==OP_STATE_CLOSE) + { + break; + } + + ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &result[0], 1, &tmp_identify_info); + if(ret>0) + { + data_context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); + state=tsg_deny_application(a_stream, + &result[0], + (data_context==NULL ? PROTO_UNKONWN : data_context->proto), + all_context->hited_para.hited_app_id, + ACTION_RETURN_TYPE_APP, + a_packet + ); + master_send_log(a_stream, &result[0], 1, data_context, thread_seq); + } + break; default: break; } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 1ac1ddc..db4f0ff 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -17,6 +17,7 @@ #include "tsg_label.h" #include "tsg_statistic.h" #include "tsg_leaky_bucket.h" +#include "tsg_protocol_common.h" #if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411) #define atomic_inc(x) __sync_add_and_fetch((x),1) @@ -187,6 +188,31 @@ struct http_response_pages char *content; }; +struct app_id_dict +{ + int ref_cnt; + int app_id; + int parent_app_id; + int continue_scanning; + unsigned short tcp_timeout; + unsigned short udp_timeout; + int tcp_time_wait; + int tcp_half_close; + char *risk; + char *app_name; + char *parent_app_name; + char *category; + char *subcategroy; + char *technology; + char *characteristics; + struct deny_user_region deny_app_para; +}; + +struct hited_app_para +{ + int hited_app_id; + int after_n_packets; +}; struct master_context { @@ -202,6 +228,7 @@ struct master_context char *quic_ua; scan_status_t mid; struct Maat_rule_t *result; + struct hited_app_para hited_para; struct timespec last_scan_time; }; @@ -213,7 +240,8 @@ struct tcpall_context { struct leaky_bucket *bucket; long tamper_count; - int after_n_packets; + int after_n_packets; + struct hited_app_para hited_para; void *para; }; }; diff --git a/src/tsg_protocol_common.h b/src/tsg_protocol_common.h index a7d1959..1361837 100644 --- a/src/tsg_protocol_common.h +++ b/src/tsg_protocol_common.h @@ -23,6 +23,8 @@ enum TSG_DENY_TYPE TSG_DENY_TYPE_SEND_ICMP, TSG_DENY_TYPE_DEFAULT_RST, TSG_DENY_TYPE_DEFAULT_DROP, + TSG_DENY_TYPE_APP_DROP, + TSG_DENY_TYPE_APP_RATELIMIT, TSG_DENY_TYPE_MAX }; @@ -77,6 +79,12 @@ struct packet_capture int depth; }; +struct app_action_para +{ + int send_reset_enable; + int send_icmp_enable; +}; + struct deny_user_region { enum TSG_DENY_TYPE type; @@ -93,7 +101,8 @@ struct deny_user_region struct dns_user_region *records; int profile_id; int bps; - int send_icmp_enable; + int send_icmp_enable; + struct app_action_para app_para; void *para; }; }; @@ -137,5 +146,6 @@ unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rul unsigned char send_icmp_unreachable(const struct streaminfo *a_stream); int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt); +unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol, int app_id, enum ACTION_RETURN_TYPE type, const void *user_data); #endif diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 2454fa2..f7f89a7 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -317,6 +317,45 @@ static char *_malloc_field(const char *field_start, size_t field_len) return field; } +static int get_string_from_json(cJSON *object, const char *key, char **value) +{ + if(object==NULL || key==NULL) + { + return 0; + } + int len=0; + cJSON *item=cJSON_GetObjectItem(object, key); + if(item!=NULL) + { + len=strlen(item->valuestring); + (*value)=(char *)malloc(len+1); + memcpy((*value), item->valuestring, len); + (*value)[len]='\0'; + + return 1; + } + + return 0; +} + +static int get_integer_from_json(cJSON *object, const char *key, int *value) +{ + if(object==NULL || key==NULL || (value)==NULL) + { + return 0; + } + + cJSON *item=cJSON_GetObjectItem(object, key); + if(item!=NULL) + { + (*value)=item->valueint; + return 1; + } + + return 0; +} + + void ASN_number_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { if((*from)!=NULL) @@ -521,6 +560,49 @@ void subscriber_id_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* return; } +static int parse_deny_action(char *deny_action_str, struct deny_user_region *deny_app_para) +{ + if(deny_action_str==NULL) + { + return 0; + } + + cJSON *app_para=cJSON_Parse(deny_action_str); + if(app_para==NULL) + { + return 0; + } + + char *method=NULL; + int ret=get_string_from_json(app_para, "method", &method); + if(ret==1) + { + int method_type=tsg_get_method_id(method); + switch(method_type) + { + case TSG_METHOD_TYPE_DROP: + deny_app_para->type=TSG_DENY_TYPE_APP_DROP; + get_integer_from_json(app_para, "send_tcp_reset", &(deny_app_para->app_para.send_reset_enable)); + get_integer_from_json(app_para, "after_n_packets", &(deny_app_para->after_n_packets)); + get_integer_from_json(app_para, "send_icmp_unreachable", &(deny_app_para->app_para.send_icmp_enable)); + break; + case TSG_METHOD_TYPE_RATE_LIMIT: + deny_app_para->type=TSG_DENY_TYPE_APP_RATELIMIT; + get_integer_from_json(app_para, "bps", &(deny_app_para->bps)); + break; + default: + break; + } + + free(method); + method=NULL; + } + cJSON_Delete(app_para); + app_para=NULL; + + return 1; +} + static void app_id_dict_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp) { if((*from)!=NULL) @@ -535,9 +617,9 @@ static void app_id_dict_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_E static void app_id_dict_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp) { + char *deny_action_str=NULL; struct app_id_dict *dict=NULL; - switch(g_tsg_para.app_dict_field_num) { case 16: @@ -550,12 +632,13 @@ static void app_id_dict_new(int table_id, const char* key, const char* table_lin dict->technology=tsg_get_column_string_value(table_line, 5); dict->risk=tsg_get_column_string_value(table_line, 6); dict->characteristics=tsg_get_column_string_value(table_line, 7); - dict->deny_action=tsg_get_column_integer_value(table_line, 10); dict->continue_scanning=tsg_get_column_integer_value(table_line, 11); dict->tcp_timeout=(unsigned short)tsg_get_column_integer_value(table_line, 12); dict->udp_timeout=(unsigned short)tsg_get_column_integer_value(table_line, 13); dict->tcp_half_close=tsg_get_column_integer_value(table_line, 14); dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 15); + + deny_action_str=tsg_get_column_string_value(table_line, 10); break; case 18: dict=(struct app_id_dict *)calloc(1, sizeof(struct app_id_dict)); @@ -569,18 +652,23 @@ static void app_id_dict_new(int table_id, const char* key, const char* table_lin dict->technology=tsg_get_column_string_value(table_line, 7); dict->risk=tsg_get_column_string_value(table_line, 8); dict->characteristics=tsg_get_column_string_value(table_line, 9); - dict->deny_action=tsg_get_column_integer_value(table_line, 12); dict->continue_scanning=tsg_get_column_integer_value(table_line, 13); dict->tcp_timeout=tsg_get_column_integer_value(table_line, 14); dict->udp_timeout=tsg_get_column_integer_value(table_line, 15); dict->tcp_half_close=tsg_get_column_integer_value(table_line, 16); dict->tcp_time_wait=tsg_get_column_integer_value(table_line, 17); + + deny_action_str=tsg_get_column_string_value(table_line, 12); break; default: return ; break; } + parse_deny_action(deny_action_str, &(dict->deny_app_para)); + _free_field(deny_action_str); + deny_action_str=NULL; + str_unescape(dict->risk); str_unescape(dict->app_name); str_unescape(dict->parent_app_name); @@ -616,44 +704,6 @@ void app_id_dict_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* ar return; } -static int get_string_from_json(cJSON *object, const char *key, char **value) -{ - if(object==NULL || key==NULL) - { - return 0; - } - int len=0; - cJSON *item=cJSON_GetObjectItem(object, key); - if(item!=NULL) - { - len=strlen(item->valuestring); - (*value)=(char *)malloc(len+1); - memcpy((*value), item->valuestring, len); - (*value)[len]='\0'; - - return 1; - } - - return 0; -} - -static int get_integer_from_json(cJSON *object, const char *key, int *value) -{ - if(object==NULL || key==NULL || (value)==NULL) - { - return 0; - } - - cJSON *item=cJSON_GetObjectItem(object, key); - if(item!=NULL) - { - (*value)=item->valueint; - return 1; - } - - return 0; -} - static int parse_answer_ttl(struct dns_user_region *user_region_records, cJSON *one_record, int answer_type) { if(one_record==NULL || user_region_records==NULL) @@ -2781,8 +2831,10 @@ int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co case TSG_METHOD_TYPE_DEFAULT: case TSG_METHOD_TYPE_MIRRORED: _context->method_type=method_type; + *context=_context; break; default: + return 0; break; } @@ -2802,6 +2854,7 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co switch(_context->method_type) { case TSG_METHOD_TYPE_RATE_LIMIT: + *context=_context; return 1; break; case TSG_METHOD_TYPE_DEFAULT: @@ -2813,6 +2866,7 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co _context->method_type=TSG_METHOD_TYPE_RATE_LIMIT; _context->bucket=bucket; + *context=_context; return 1; }