TSG-13303,TSG-13304: 发送默认安全策略日志时访问空指针导致应用重启

inc/tsg_label.h

@@ -104,6 +104,7 @@ struct session_attribute_label
 	struct umts_user_info *user_info;	
 	struct tunnel_endpoint *client_endpoint;	
 	struct tunnel_endpoint *server_endpoint;
+	unsigned long session_flags;
 };
 
 struct policy_priority_label

src/tsg_action.cpp

@@ -577,21 +577,12 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
 
 static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *a_packet)
 {
-    if(user_region!=NULL && user_region->deny!=NULL)
-	{
-		send_icmp_unreachable(a_stream);
-    }
-
 	switch(protocol)
     {		
 		case	PROTO_DNS:
 			return STATE_GIVEME|STATE_DROPPKT;
 		default:			
 			set_drop_stream(a_stream, protocol);
-			if(g_tsg_para.deploy_mode==DEPLOY_MODE_MIRROR)
-			{
-				return do_action_reset(a_stream, p_result, protocol);
-			}
 			break;
 	}
 	
@@ -870,7 +861,16 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
 			{
 				set_protocol_to_tcpall(a_stream, protocol, a_stream->threadnum);
 				set_method_to_tcpall(a_stream, user_region->method_type, a_stream->threadnum);
-				set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets, a_stream->threadnum);
+
+				if(a_stream->type==STREAM_TYPE_UDP && type!=ACTION_RETURN_TYPE_PROT)
+				{
+					set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets+1, a_stream->threadnum);				
+				}
+				else
+				{
+					set_after_n_packet_to_tcpall(a_stream, user_region->deny->after_n_packets, a_stream->threadnum);
+				}
+				
 				tsg_set_policy_result(a_stream, PULL_FW_RESULT, p_result, protocol, a_stream->threadnum);
 				local_state=((type==ACTION_RETURN_TYPE_PROT) ? (STATE_DROPME) : (STATE_DROPME|STATE_KILL_OTHER));
 				break;

src/tsg_entry.cpp

@@ -505,23 +505,27 @@ static int get_default_para(const struct streaminfo *a_stream, int compile_id)
 
 static int get_default_policy(int compile_id, struct Maat_rule_t *result)
 {
+	int ret=0;
 	struct Maat_rule_t p_result={0};
 	struct compile_user_region *user_region=NULL;
 
 	p_result.config_id=compile_id;
 	user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, &p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
-	if(user_region!=NULL && user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
+	if(user_region!=NULL)
 	{
-		if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY)
+		if(user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
 		{
-			memcpy(result, &(user_region->session_para->result), sizeof(struct Maat_rule_t));
+			if(user_region->session_para!=NULL && user_region->session_para->result.action==TSG_ACTION_DENY)
+			{
+				memcpy(result, &(user_region->session_para->result), sizeof(struct Maat_rule_t));
+			}
+			
+			ret=1;
 		}
-		
 		security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], &p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
-		return 1;
 	}
 
-	return 0;
+	return ret;
 }
 
 static int get_packet_sequence(const struct streaminfo *a_stream)
@@ -684,10 +688,7 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
 	else
 	{
 		TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING);
-	}
+	}	
-
-	char *flags_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_FLAGS);
-	TLD_append(TLD_handle, flags_field_name, (void *)context->session_flag, TLD_TYPE_LONG);
 
 	if(context!=NULL && context->hited_app_id>0)
 	{
@@ -1375,6 +1376,9 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT
 			memcpy(attribute_label->fqdn_category_id, value, sizeof(unsigned int)*value_len);
 			attribute_label->fqdn_category_id_num=value_len;
 			break;
+		case	TSG_ATTRIBUTE_TYPE_SESSION_FLAGS:
+			attribute_label->session_flags=*(unsigned long *)(value);
+			break;
 		default:
 			break;
 	}
@@ -1382,7 +1386,7 @@ void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATT
 	return ;
 }
 
-static int set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr)
+static char set_tcp_establish_latency_ms(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr)
 {
 	struct tcphdr *tcp=NULL;
 
@@ -1973,7 +1977,6 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_
 	}
 
 	context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL);
-	
 	return 0;
 }
 
@@ -1995,11 +1998,13 @@ static int session_flags_identify_result_cb(const struct streaminfo *a_stream, i
 	}
 
 	context->session_flag=*(unsigned long *)(data);
+	set_session_attribute_label(a_stream, TSG_ATTRIBUTE_TYPE_SESSION_FLAGS, data, sizeof(unsigned long), a_stream->threadnum);
 
 	int hit_num=tsg_scan_session_flags(g_tsg_maat_feather, a_stream, scan_result, MAX_RESULT_NUM, &context->mid, g_tsg_para.table_id[TABLE_SESSION_FLAGS], context->session_flag, a_stream->threadnum);
 
 	context->sync_cb_state=master_deal_scan_result(a_stream, context, scan_result, hit_num, NULL);
 
+
 	return 0;
 }
 
@@ -2108,22 +2113,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 			state=master_deal_scan_result(a_stream, context, scan_result, hit_num, a_packet);
 			context->deal_pkt_num++;
 			break;
-		case	OP_STATE_DATA:
+		case	OP_STATE_DATA:						
-			if(context->sync_cb_state&APP_STATE_KILL_OTHER || context->sync_cb_state&APP_STATE_DROPPKT)
-			{
-				if(a_stream->type==STREAM_TYPE_TCP)	//tcpall
-				{
-					state=context->sync_cb_state|APP_STATE_DROPME;
-					break;
-				}
-
-				if(a_stream->type==STREAM_TYPE_UDP)  // allow, Deny(after drop N packets)
-				{
-					state=context->sync_cb_state&(~(APP_STATE_DROPME));
-					break;
-				}
-			}
-			
 			if(context->is_app_link==FLAG_FALSE && (context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1))
 			{
 				unknown_result.app_id_num=1;
@@ -2139,6 +2129,13 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 				state=APP_STATE_KILL_OTHER|APP_STATE_GIVEME;
 				break;
 			}
+
+			if(context->sync_cb_state&APP_STATE_KILL_OTHER || context->sync_cb_state&APP_STATE_DROPPKT)
+			{
+				//tcpall, udp -> allow, Deny(after drop N packets)
+				state=context->sync_cb_state|APP_STATE_DROPME;
+				break;
+			}
 			
 			if(get_current_time_ms()-context->last_scan_time < (g_tsg_para.scan_time_interval*1000))
 			{
@@ -2186,7 +2183,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 		default:
 			break;
 	}
-	
+		
 	if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME)
 	{
 		if(context!=NULL && context->is_log==0 && context->hit_cnt>0 && context->result!=NULL)
@@ -2211,12 +2208,12 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
 	struct Maat_rule_t result[MAX_RESULT_NUM]={0};	
 	struct tcpall_context *all_context=(struct tcpall_context *)(*pme);
 		
-	if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW)
+	if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW && !(all_context->udp_data_dropme))
 	{
 		if(all_context->method_type==TSG_METHOD_TYPE_UNKNOWN)
 		{			
 			all_context->method_type=TSG_METHOD_TYPE_DEFAULT;
-			all_context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id);
+			all_context->default_policy_after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id);
 		}
 		
 		hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM);
@@ -2262,7 +2259,7 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
             }
             break;
 		case	TSG_METHOD_TYPE_DEFAULT:
-			if(!is_do_default_policy(a_stream, all_context->after_n_packets) || stream_state==OP_STATE_CLOSE)
+			if(!is_do_default_policy(a_stream, all_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE)
 			{
 				break;
 			}
@@ -2275,16 +2272,28 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
 			break;
 		case	TSG_METHOD_TYPE_DROP:
 		case	TSG_METHOD_TYPE_APP_DROP:
-			if((all_context->hited_para.after_n_packets-- > 0) || stream_state==OP_STATE_CLOSE)
+			// contain hited current packet, platform calls tcp first and tcpall secondary.
-			{
+			if(((all_context->hited_para.after_n_packets >= 0) && a_stream->type==STREAM_TYPE_TCP) ||
+				((all_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_UDP)
+				|| stream_state==OP_STATE_CLOSE)
+			{			
+				all_context->hited_para.after_n_packets--;
 				break;
 			}
 
 			ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &result[0], 1, &tmp_identify_info);
-			if(ret>0)
+			if(ret<=0)
+			{
+				break;
+			}
+
+			if(all_context->hited_para.hited_app_id<=0)
+			{
+				state=tsg_deal_deny_action(a_stream, &result[0], all_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet);
+			}
+			else
 			{
 				state=tsg_deny_application(a_stream, &result[0], all_context->protocol, all_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet);
-				//master_send_log(a_stream, &result[0], 1, data_context, thread_seq);
 			}
 			break;
 		default:
@@ -2323,10 +2332,20 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo
 		memset(context->all_entry, 0, sizeof(struct tcpall_context));
 		set_struct_project(a_udp, g_tsg_para.tcpall_project_id, (void *)(context->all_entry));
 	}
-	
+
-	state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet);	
+	if(context->all_entry->udp_data_dropme==0)
-	if(!(state2&APP_STATE_DROPME))
 	{
+		state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet);	
+	}
+	
+	if(!(state2&APP_STATE_DROPME) || context->all_entry->hited_para.after_n_packets>0)
+	{
+		if(state2&APP_STATE_DROPME)
+		{
+			context->all_entry->udp_data_dropme=1;
+			state2=state2&(~(APP_STATE_DROPME));
+		}
+		
 		state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet);
 	}
 

src/tsg_entry.h

@@ -168,6 +168,7 @@ enum TSG_ATTRIBUTE_TYPE
 	TSG_ATTRIBUTE_TYPE_SUBSCRIBER_ID,
 	TSG_ATTRIBUTE_TYPE_HTTP_ACTION_FILESIZE,
 	TSG_ATTRIBUTE_TYPE_CATEGORY_ID,
+	TSG_ATTRIBUTE_TYPE_SESSION_FLAGS,
 	_MAX_TSG_ATTRIBUTE_TYPE
 };
 
@@ -284,14 +285,16 @@ struct master_context
 
 struct tcpall_context
 {
-	int set_latency_flag;
+	char udp_data_dropme;
+	char set_latency_flag;
+	char padding[6];
 	enum TSG_METHOD_TYPE method_type; 
 	tsg_protocol_t protocol;
 	union
 	{
 		struct leaky_bucket *bucket;
 		long tamper_count;		
-		int after_n_packets;		
+		int default_policy_after_n_packets;		
 		struct hited_app_para hited_para;
 		void *para;
 	};

src/tsg_send_log.cpp

@@ -1698,6 +1698,11 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_TUNNELS_ENDPOINT_B_DESC].name, (void *)attribute_label->server_endpoint->description, TLD_TYPE_STRING);
 	}
 
+	if(attribute_label->session_flags>0 && !(TLD_search(_handle, _instance->id2field[LOG_COMMON_FLAGS].name)))
+	{
+		TLD_append(_handle, _instance->id2field[LOG_COMMON_FLAGS].name, (void *)attribute_label->session_flags, TLD_TYPE_LONG);
+	}
+
 	return 1;
 }