gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

命中APP相关策略,用户自定义域不再指定子动作,TCP链接发送RST包+DROP包+DROP流;UDP链接:DROP包+DROP流

Browse Source
This commit is contained in:
liuxueli
2021-06-10 10:27:37 +08:00
parent 1f24c96a95
commit 8d03091016
1 changed files with 47 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
src/tsg_entry.cpp
View File

@@ -584,54 +584,56 @@ static unsigned char deal_deny_action(const struct streaminfo *a_stream, struct
user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
if(user_region!=NULL) if(user_region!=NULL)
{ {
method_type=tsg_get_method_id(user_region->method); method_type=tsg_get_method_id(user_region->method);
switch(method_type) security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
{ }
case TSG_METHOD_TYPE_DROP: else
set_drop_stream(a_stream); {
//copy_deny_result(a_stream, context, p_result, a_stream->threadnum); method_type=TSG_METHOD_TYPE_RESET;
state=APP_STATE_DROPPKT|APP_STATE_DROPME; }
break;
case TSG_METHOD_TYPE_RESET: switch(method_type)
if(a_stream->type==STREAM_TYPE_TCP) {
case TSG_METHOD_TYPE_DROP:
set_drop_stream(a_stream);
state=APP_STATE_DROPPKT|APP_STATE_DROPME;
break;
case TSG_METHOD_TYPE_RESET:
if(a_stream->type==STREAM_TYPE_TCP)
{
rst_paras.rst_pkt_num=1;
rst_paras.signature_seed1=65535;
rst_paras.signature_seed2=13;
rst_paras.th_flags=4;
rst_paras.__pad_no_use=0;
rst_paras.dir=DIR_DOUBLE;
ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras));
if(ret<0)
{ {
rst_paras.rst_pkt_num=1; MESA_handle_runtime_log(g_tsg_para.logger,
rst_paras.signature_seed1=65535; RLOG_LV_FATAL,
rst_paras.signature_seed2=13; "RST_TCP",
rst_paras.th_flags=4; "Send RST failed policy_id: %d service: %d action: %d addr: %s",
rst_paras.__pad_no_use=0; p_result->config_id,
rst_paras.dir=DIR_DOUBLE; p_result->service_id,
ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras)); (unsigned char)p_result->action,
if(ret<0) PRINTADDR(a_stream, g_tsg_para.level)
{ );
MESA_handle_runtime_log(g_tsg_para.logger,
RLOG_LV_FATAL,
"RST_TCP",
"Send RST failed policy_id: %d service: %d action: %d addr: %s",
p_result->config_id,
p_result->service_id,
(unsigned char)p_result->action,
PRINTADDR(a_stream, g_tsg_para.level)
);
}
opt_value=1;
MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value));
} }
set_drop_stream(a_stream); opt_value=1;
//copy_deny_result(a_stream, context, p_result, a_stream->threadnum); MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value));
state=APP_STATE_DROPPKT|APP_STATE_DROPME; }
break;
case TSG_METHOD_TYPE_BLOCK: set_drop_stream(a_stream);
case TSG_METHOD_TYPE_ALERT: state=APP_STATE_DROPPKT|APP_STATE_DROPME;
case TSG_METHOD_TYPE_REDIRECTION: break;
break; case TSG_METHOD_TYPE_BLOCK:
default: case TSG_METHOD_TYPE_ALERT:
break; case TSG_METHOD_TYPE_REDIRECTION:
} break;
default:
security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL); break;
} }
return state; return state;