diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 97fefbd..4fb7258 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -724,42 +724,37 @@ static unsigned char do_action_redirect_xxx(const struct streaminfo *a_stream, M static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data) { - if(user_region==NULL) - { + if(user_region==NULL){ return do_action_drop(a_stream, p_result, user_region, protocol, user_data); } struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id); - if(_context==NULL) - { + if(_context==NULL){ _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context)); memset(_context, 0, sizeof(struct tcpall_context)); set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context); _context->method_type=TSG_METHOD_TYPE_TAMPER; - _context->tamper_count = 1; + _context->tamper_count = -1; }else{ - if(_context->method_type != TSG_METHOD_TYPE_TAMPER) - { + if(_context->method_type == TSG_METHOD_TYPE_UNKNOWN){ _context->method_type=TSG_METHOD_TYPE_TAMPER; - _context->tamper_count = 1; - } - else - { - //to do error log - //_context->method_type + _context->tamper_count = -1; + }else if (_context->method_type == TSG_METHOD_TYPE_TAMPER){ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, __FUNCTION__, - "_context->method_type : %d", + "Tamper is been processed, _context->method_type : %d", _context->method_type); - return STATE_GIVEME; } } - - if(0 == send_tamper_xxx(a_stream, user_data)){ - return STATE_DROPPKT; + + if(a_stream->type != STREAM_TYPE_TCP){ + if(0 == send_tamper_xxx(a_stream, &_context->tamper_count, user_data)){ + return STATE_DROPPKT; + } } + return STATE_GIVEME; } diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 7705810..87f9725 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1806,18 +1806,11 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns } break; case TSG_METHOD_TYPE_TAMPER: - if(0 == send_tamper_xxx(a_stream, a_packet)){ - state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; - }else{ - state=APP_STATE_GIVEME; + if(a_stream->opstate != OP_STATE_PENDING){ + if(0 == send_tamper_xxx(a_stream, &context->tamper_count, a_packet)){ + state|=APP_STATE_GIVEME|APP_STATE_DROPPKT; + } } - context->tamper_count += 1; - MESA_handle_runtime_log(g_tsg_para.logger, - RLOG_LV_DEBUG, - __FUNCTION__, - "Addr: %s, send_tamper_xxx num %ld", - PRINTADDR(a_stream, g_tsg_para.level), - context->tamper_count); break; default: break; diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 99e1e2f..20e1745 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -212,7 +212,7 @@ struct tcpall_context { struct mirrored_vlan *vlan; struct leaky_bucket *bucket; - long tamper_count; + long tamper_count; void *para; }; }; diff --git a/src/tsg_protocol_common.h b/src/tsg_protocol_common.h index 4d50578..1bd7866 100644 --- a/src/tsg_protocol_common.h +++ b/src/tsg_protocol_common.h @@ -12,7 +12,6 @@ #define STATE_DROPPKT 4 #define STATE_KILL_OTHER 8 - enum TSG_DENY_TYPE { TSG_DENY_TYPE_MESSAGE=0, @@ -117,7 +116,6 @@ int tsg_send_inject_packet(const struct streaminfo *a_stream, enum sapp_inject_o unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *user_data); unsigned char send_icmp_unreachable(const struct streaminfo *a_stream, const void *raw_pkt); -int send_tamper_xxx(const struct streaminfo *a_stream, const void *raw_pkt); - +int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt); #endif diff --git a/src/tsg_tamper.cpp b/src/tsg_tamper.cpp index 879b0a0..80f5ef6 100644 --- a/src/tsg_tamper.cpp +++ b/src/tsg_tamper.cpp @@ -55,7 +55,7 @@ int tamper_calc(char *str, int endlen) return 0; } -int send_tamper_xxx(const struct streaminfo *a_stream, const void *raw_pkt) +int send_tamper_xxx(const struct streaminfo *a_stream, long *tamper_count, const void *raw_pkt) { const char *p_trans_payload = NULL; int trans_layload_len = 0; @@ -63,18 +63,29 @@ int send_tamper_xxx(const struct streaminfo *a_stream, const void *raw_pkt) int tamper_index = 0; int ret = -1; - if(a_stream==NULL){ + if(a_stream==NULL || raw_pkt==NULL){ return -1; } + if(*tamper_count == -1){ + *tamper_count = 1; + }else{ + *tamper_count = *tamper_count + 1; + } + p_trans_payload = (char *)a_stream->ptcpdetail->pdata; trans_layload_len = a_stream->ptcpdetail->datalen; + if((p_trans_payload==NULL)||(trans_layload_len<=4)){ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, __FUNCTION__, - "Addr: %s Packet is not tamper because the payload is too short or there is no payload", - PRINTADDR(a_stream, g_tsg_para.level)); + "Addr: %s, try send num %ld ptcpdetail->pdata %p, ptcpdetail->datalen %d rawpkt %p , but packet is not tamper because the payload is too short or there is no payload", + PRINTADDR(a_stream, g_tsg_para.level), + *tamper_count, + p_trans_payload, + trans_layload_len, + raw_pkt); return -1; } @@ -84,8 +95,12 @@ int send_tamper_xxx(const struct streaminfo *a_stream, const void *raw_pkt) MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, __FUNCTION__, - "Addr: %s,modify the index(%d) position of the payload:(old: %02x %02x %02x %02x, new: %02x %02x %02x %02x)", + "Addr: %s, try send num %ld ptcpdetail->pdata %p, ptcpdetail->datalen %d rawpkt %p, modify the index(%d) position of the payload:(old: %02x %02x %02x %02x, new: %02x %02x %02x %02x)", PRINTADDR(a_stream, g_tsg_para.level), + *tamper_count, + p_trans_payload, + trans_layload_len, + raw_pkt, tamper_index, (uint8_t)p_trans_payload[tamper_index-1], (uint8_t)p_trans_payload[tamper_index], (uint8_t)p_trans_payload[tamper_index+1], (uint8_t)p_trans_payload[tamper_index+2], (uint8_t)tamper_buf[tamper_index-1], (uint8_t)tamper_buf[tamper_index], (uint8_t)tamper_buf[tamper_index+1], (uint8_t)tamper_buf[tamper_index+2]); @@ -97,8 +112,12 @@ int send_tamper_xxx(const struct streaminfo *a_stream, const void *raw_pkt) MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, __FUNCTION__, - "Addr: %s num , payload tamper failed because payload data same", - PRINTADDR(a_stream, g_tsg_para.level)); + "Addr: %s, try send num %ld ptcpdetail->pdata %p, ptcpdetail->datalen %d rawpkt %p, payload tamper failed because payload data same", + PRINTADDR(a_stream, g_tsg_para.level), + *tamper_count, + p_trans_payload, + trans_layload_len, + raw_pkt); } return ret;