From 71a57b826fe99f8cef112e920e81484c7c660890 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E5=AD=A6=E5=88=A9?= Date: Fri, 26 May 2023 05:37:16 +0000 Subject: [PATCH] =?UTF-8?q?TSG-15130:=20=E5=A2=9E=E5=8A=A0=E6=8E=A7?= =?UTF-8?q?=E5=88=B6=E6=98=AF=E5=90=A6=E5=8F=91=E9=80=81=E6=8B=A6=E6=88=AA?= =?UTF-8?q?=E6=97=A5=E5=BF=97=E7=9A=84=E5=BC=80=E5=85=B3(=E9=BB=98?= =?UTF-8?q?=E8=AE=A4=E5=85=B3=E9=97=AD)=EF=BC=8C7400/9140=E8=AE=BE?= =?UTF-8?q?=E5=A4=87=E7=94=B1KNI=E6=A8=A1=E5=9D=97=E8=B0=83=E7=94=A8?= =?UTF-8?q?=E5=8F=91=E9=80=81=E6=97=A5=E5=BF=97=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/main.conf | 1 + inc/tsg_send_log.h | 2 +- src/tsg_entry.cpp | 3 +-- src/tsg_send_log.cpp | 44 +++++++++++++++++++++++-------------- src/tsg_send_log_internal.h | 1 + 5 files changed, 31 insertions(+), 20 deletions(-) diff --git a/bin/main.conf b/bin/main.conf index 55fba42..a0877bf 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -17,6 +17,7 @@ SEND_DATA_CENTER_SWITCH=0 SEND_APP_ID_SWITCH=1 SEND_NAT_LINKINFO_SWITCH=0 RAPIDJSON_CHUNK_CAPACITY=8192 +SEND_INTERCEPT_LOG=1 [SECURITY_HITS] CYCLE=1000 diff --git a/inc/tsg_send_log.h b/inc/tsg_send_log.h index 5ba273a..517a5da 100644 --- a/inc/tsg_send_log.h +++ b/inc/tsg_send_log.h @@ -29,7 +29,7 @@ enum LOG_TYPE LOG_TYPE_TRANSACTION_RECORD, LOG_TYPE_GTPC_RECORD, LOG_TYPE_BGP_RECORD, - LOG_TYPE_INTERCEPT_ENEVT + LOG_TYPE_INTERCEPT_EVENT }; struct TLD_handle_t; diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index bdca16e..3b00af0 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1903,8 +1903,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo if(srt_process_context->mid!=NULL) { - maat_state_free(srt_process_context->mid); - srt_process_context->mid=NULL; + maat_state_reset(srt_process_context->mid); } srt_process_context->last_scan_time=tsg_get_current_time_ms(); diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index a12e49e..7278af7 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -1944,6 +1944,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_USER_REGION", &(_instance->send_user_region), 0); MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_DATA_CENTER_SWITCH", &(_instance->send_data_center), 0); MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_APP_ID_SWITCH", &(_instance->send_app_id), 0); + MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_INTERCEPT_LOG", &(_instance->send_intercept_log), 0); MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_NAT_LINKINFO_SWITCH", &(_instance->send_nat_linkinfo), 0); MESA_load_profile_int_def(conffile, "TSG_LOG", "RAPIDJSON_CHUNK_CAPACITY", &(_instance->rapidjson_chunk_capacity), 8192); @@ -2202,6 +2203,26 @@ int send_event_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_h return 0; } +int deal_event_rules(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, const struct streaminfo *a_stream, LOG_TYPE log_type, TSG_SERVICE service, int thread_id) +{ + struct matched_policy_rules *matched_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, service); + if(matched_rules==NULL || matched_rules->n_rules==0) + { + return 0; + } + + if(service==TSG_SERVICE_INTERCEPT) + { + set_intercept_info(_instance, _handle, a_stream); + } + + send_event_log(_instance, _handle, a_stream, log_type, matched_rules->rules, matched_rules->n_rules, thread_id); + session_matched_rules_free(a_stream, service, (void *)matched_rules); + session_matched_rules_async(a_stream, service, NULL); + + return 1; +} + int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, const struct streaminfo *a_stream, enum LOG_TYPE log_type, struct maat_rule *rules, size_t n_rules, int thread_id) { if(instance==NULL || handle==NULL || rules==NULL || n_rules==0) @@ -2238,32 +2259,21 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl set_application_behavior(_instance, _handle, a_stream); - struct matched_policy_rules *matched_rules=NULL; - switch(log_type) { case LOG_TYPE_SECURITY_EVENT: send_event_log(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, rules, n_rules, thread_id); break; + case LOG_TYPE_INTERCEPT_EVENT: + send_event_log(_instance, _handle, a_stream, LOG_TYPE_INTERCEPT_EVENT, rules, n_rules, thread_id); + break; case LOG_TYPE_SESSION_RECORD: case LOG_TYPE_TRANSACTION_RECORD: - matched_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_SECURITY); - if(matched_rules!=NULL && matched_rules->n_rules>0) - { - send_event_log(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, matched_rules->rules, matched_rules->n_rules, thread_id); - session_matched_rules_free(a_stream, TSG_SERVICE_SECURITY, (void *)matched_rules); - session_matched_rules_async(a_stream, TSG_SERVICE_SECURITY, NULL); - matched_rules=NULL; - } + deal_event_rules(_instance, _handle, a_stream, LOG_TYPE_SECURITY_EVENT, TSG_SERVICE_SECURITY, thread_id); - matched_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_INTERCEPT); - if(matched_rules!=NULL && matched_rules->n_rules>0) + if(_instance->send_intercept_log==1) { - set_intercept_info(instance, handle, a_stream); - send_event_log(_instance, _handle, a_stream, LOG_TYPE_INTERCEPT_ENEVT, matched_rules->rules, matched_rules->n_rules, thread_id); - session_matched_rules_free(a_stream, TSG_SERVICE_INTERCEPT, (void *)matched_rules); - session_matched_rules_async(a_stream, TSG_SERVICE_INTERCEPT, NULL); - matched_rules=NULL; + deal_event_rules(_instance, _handle, a_stream, LOG_TYPE_INTERCEPT_EVENT, TSG_SERVICE_INTERCEPT, thread_id); } // no break; case LOG_TYPE_INTERIM_SESSION_RECORD: diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index fc1d241..bbadd9e 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -205,6 +205,7 @@ struct tsg_log_instance_t int unknown_app_id; int send_user_region; int send_app_id; + int send_intercept_log; int send_nat_linkinfo; int send_data_center; int recovery_interval;