From 5fddc673480beaeced13e6576b6113523a30b999 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E5=AD=A6=E5=88=A9?= <liuxueli@geedgenetworks.com>
Date: Mon, 15 May 2023 04:08:18 +0000
Subject: [PATCH] =?UTF-8?q?TCP=20ENTRY=20PENDING=E7=8A=B6=E6=80=81?=
 =?UTF-8?q?=E6=97=B6=E6=94=B6=E5=88=B0SCE=E7=9A=84LOG=20UPDATE=E6=8E=A7?=
 =?UTF-8?q?=E5=88=B6=E6=8A=A5=E6=96=87=EF=BC=8C=E5=AF=BC=E8=87=B4=E6=9C=AA?=
 =?UTF-8?q?=E8=A7=A3=E6=9E=90=E7=9C=9F=E6=AD=A3=E7=9A=84=E7=AC=AC=E4=B8=80?=
 =?UTF-8?q?=E4=B8=AA=E5=B8=A6=E8=B4=9F=E8=BD=BD=E5=8E=9F=E5=A7=8B=E5=8C=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/tsg_bridge.h  |  1 +
 src/tsg_entry.cpp | 50 ++++++++++++++++++++++++++++-------------------
 2 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h
index be5862d..bbbf0fc 100644
--- a/src/tsg_bridge.h
+++ b/src/tsg_bridge.h
@@ -69,6 +69,7 @@ struct session_runtime_process_context
 	unsigned char deal_pkt_num;
 	unsigned char is_app_link;
 	unsigned char sync_cb_state;
+	unsigned char first_origin_pkt;
 	unsigned short timeout;
 	enum TSG_PROTOCOL proto;
 	int hited_app_id;		// only app
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 9314ff5..cf03d1b 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1226,7 +1226,7 @@ struct maat_rule *matched_rules_decision_criteria(struct maat_rule *rules, size_
 	return p_result;
 }
 
-static int session_l7_protocol_idnetify(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, void *a_packet)
+static int session_l7_protocol_identify(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, void *a_packet)
 {
 	int ret=0;
 
@@ -1746,7 +1746,7 @@ int session_flags_identify_result_cb(const struct streaminfo *a_stream, int brid
 static size_t session_pending_state_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *results, int n_results, void *a_packet)
 {
 	size_t hit_num=0;
-	int ret=session_l7_protocol_idnetify(a_stream, srt_process_context, a_packet);
+	int ret=session_l7_protocol_identify(a_stream, srt_process_context, a_packet);
 	if(ret==1)
 	{
 		session_app_gather_results_set_l7_protocol(a_stream, srt_process_context->proto);
@@ -1842,27 +1842,31 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo
 			srt_process_context->mid=maat_state_new(g_tsg_maat_feather, thread_seq);
 		}
 	}
+
+	if(srt_process_context->first_origin_pkt==0)
+	{
+		srt_process_context->first_origin_pkt=1;
+
+		if(a_stream->type==STREAM_TYPE_TCP)
+		{
+			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1);
+		}
+		else
+		{
+			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1);
+		}
+		
+		hit_num+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet);
+		if (a_stream->type == STREAM_TYPE_TCP && a_packet != NULL)
+		{
+			tsg_proxy_tcp_options_parse(a_stream, a_packet);
+		}
+		state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet);
+		srt_process_context->deal_pkt_num++;
+	}
 	
 	switch(a_stream->opstate)
 	{
-		case	OP_STATE_PENDING:
-			if(a_stream->type==STREAM_TYPE_TCP)
-			{
-				FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1);
-			}
-			else
-			{
-				FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1);
-			}
-			
-			hit_num+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet);
-			if (a_stream->type == STREAM_TYPE_TCP && a_packet != NULL)
-			{
-				tsg_proxy_tcp_options_parse(a_stream, a_packet);
-			}
-			state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet);
-			srt_process_context->deal_pkt_num++;
-			break;
 		case	OP_STATE_DATA:
 			if(srt_process_context->is_app_link==FLAG_FALSE && (srt_process_context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1))
 			{
@@ -2075,6 +2079,12 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
 
 extern "C" unsigned char TSG_MASTER_TCP_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
 {
+	int is_ctrl_pkt=session_state_control_packet(a_tcp, a_tcp->pudpdetail->pdata, a_tcp->pudpdetail->datalen);
+	if(is_ctrl_pkt==1)
+	{
+		return APP_STATE_DROPPKT;
+	}
+
 	return tsg_master_data_entry(a_tcp, pme, thread_seq, a_packet);
 }