From 5c04ba23aa312b174e6707d2cf62b4b7e48f7a03 Mon Sep 17 00:00:00 2001 From: liuxueli Date: Wed, 20 Nov 2019 18:00:35 +0800 Subject: [PATCH] =?UTF-8?q?SSL=5FSNI=E5=92=8CHTTP=5FHOST=E7=9A=84deny?= =?UTF-8?q?=E5=8A=A8=E4=BD=9C=E7=94=B1=E6=80=BB=E6=8E=A7=E8=B4=9F=E8=B4=A3?= =?UTF-8?q?=E5=A4=84=E7=90=86=20=E4=BF=AE=E5=A4=8D=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E5=85=A8=E5=B1=80=E6=B5=81ID=E6=97=B6=E7=9A=84=E9=94=99?= =?UTF-8?q?=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/tsg_entry.cpp | 23 +++++++++-------------- src/tsg_send_log.cpp | 7 +++++-- src/version.map | 2 +- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 51c6592..37a3030 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -113,7 +113,7 @@ static Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int result extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet) { int send_log=0,identify_flag=0; - int ret=0,hit_num=0,ip_policy=0; + int ret=0,hit_num=0; int state=APP_STATE_DROPME; scan_status_t mid=NULL; char *domain_field_name=NULL; @@ -160,23 +160,19 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t p_result=tsg_policy_decision_criteria(all_result, hit_num); if(p_result!=NULL) - { - if(q_result!=NULL && (p_result==q_result)) - { - ip_policy=1; - send_log=1; - } - + { switch((unsigned char)p_result->action) { case TSG_ACTION_DENY: - if(ip_policy==1) - { - MESA_kill_tcp(a_tcp, a_packet); - state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; - } + send_log=1; + MESA_kill_tcp(a_tcp, a_packet); + state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER; break; case TSG_ACTION_MONITOR: + if(q_result!=NULL && (p_result==q_result)) + { + send_log=1; + } break; case TSG_ACTION_BYPASS: send_log=1; @@ -184,7 +180,6 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); break; case TSG_ACTION_INTERCEPT: - send_log=0; FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1); priority_label=(policy_priority_label_t *)dictator_malloc(thread_seq, sizeof(policy_priority_label_t)); diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 4f8cbe3..7a83299 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -37,7 +37,7 @@ unsigned long long tsg_get_stream_id(struct streaminfo * a_stream) int device_id_size=sizeof(unsigned long long); unsigned long long device_id=(unsigned long long)g_tsg_para.device_id; - ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)device_id, &device_id_size); + ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size); if(ret==0) { return device_id; @@ -134,6 +134,7 @@ int TLD_append_streaminfo(struct _tsg_log_instance *_instance, struct _tld_handl unsigned short tunnel_type=0; char nest_addr_buf[1024]; char *addr_proto=NULL; + unsigned long long stream_id=0; unsigned short c_port=0, s_port=0; int tunnel_type_size=sizeof(tunnel_type); struct layer_addr_ipv4 *ipv4=NULL; @@ -181,7 +182,9 @@ int TLD_append_streaminfo(struct _tsg_log_instance *_instance, struct _tld_handl TLD_append((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_S2C_PKT_NUM].name, (void *)(long)a_stream->ptcpdetail->serverpktnum, TLD_TYPE_LONG); TLD_append((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_S2C_BYTE_NUM].name, (void *)(long)a_stream->ptcpdetail->serverbytes, TLD_TYPE_LONG); - + stream_id=tsg_get_stream_id(a_stream); + TLD_append((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)(long)stream_id, TLD_TYPE_LONG); + addr_proto=(char *)layer_addr_prefix_ntop(a_stream); TLD_append((TLD_handle_t)_handle, _instance->id2field[LOG_COMMON_L4_PROTOCOL].name, (void *)addr_proto, TLD_TYPE_STRING); diff --git a/src/version.map b/src/version.map index 5b10f26..ceb1542 100644 --- a/src/version.map +++ b/src/version.map @@ -3,7 +3,7 @@ global: extern "C++" { g_*; *TSG_MASTER_INIT*; - *TSG_MASTER_TCPALL_ENTRY*; + *TSG_MASTER_TCP_ENTRY*; *TSG_MASTER_UNLOAD*; *tsg_scan_nesting_addr*; *tsg_pull_policy_result*;