From 4b023ef2305b676ae9932d4f644d42de98f108ce Mon Sep 17 00:00:00 2001 From: liuxueli Date: Wed, 7 Jun 2023 14:42:07 +0800 Subject: [PATCH] =?UTF-8?q?OMPUB-941:=20=E5=90=8C=E6=97=B6=E5=91=BD?= =?UTF-8?q?=E4=B8=ADsecurity(shunt)=E5=92=8Cintercept=E7=AD=96=E7=95=A5?= =?UTF-8?q?=EF=BC=8C=E4=BC=98=E5=85=88=E6=89=A7=E8=A1=8Csecurity=E7=AD=96?= =?UTF-8?q?=E7=95=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/tsg_entry.cpp | 22 +++++++++++++--------- src/tsg_rule.cpp | 6 +++--- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index f26f705..6a4a932 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -313,11 +313,11 @@ static char get_direction(const struct streaminfo *a_stream) case DIR_C2S: if(i_or_e=='E' || i_or_e=='e') { - direction='E'; + direction='E'; //Internal to External } else { - direction='I'; + direction='I'; //External to Internal } break; case DIR_S2C: @@ -1920,6 +1920,17 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru { unsigned char state=APP_STATE_GIVEME; + struct maat_rule security_rules[MAX_RESULT_NUM]={0}; + size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); + if(n_security_rules>0) + { + state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum); + if(state&APP_STATE_KILL_OTHER) + { + return state; + } + } + struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0}; size_t n_s_chaining_rules=tsg_select_rules_by_service_id(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING); if(n_s_chaining_rules>0) @@ -1941,13 +1952,6 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum); } - struct maat_rule security_rules[MAX_RESULT_NUM]={0}; - size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); - if(n_security_rules>0) - { - state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum); - } - return state; } diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 7fe3784..da6f06b 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -1940,9 +1940,9 @@ struct maat *init_maat_feather(const char* conffile, char* instance_name, char * MESA_load_profile_int_def(conffile, module,"DEFERRED_LOAD", &(deferred_load), 0); MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), ""); MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), ""); - MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_MS", &(effect_interval_ms), 60000); - MESA_load_profile_int_def(conffile, module,"RULE_UPDATE_CHECK_INTERVAL_MS", &(rule_update_interval_ms), 60000); - MESA_load_profile_int_def(conffile, module,"GARBAGE_COLLECT_MS", &(garbage_collect_ms), 60000); + MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_MS", &(effect_interval_ms), 1000); // + MESA_load_profile_int_def(conffile, module,"RULE_UPDATE_CHECK_INTERVAL_MS", &(rule_update_interval_ms), 1000); //check redis + MESA_load_profile_int_def(conffile, module,"GARBAGE_COLLECT_MS", &(garbage_collect_ms), 60000); // struct maat_options *opts=maat_options_new(); size_t thread_max=(size_t)get_thread_count();