命中APP相关策略，用户自定义域不再指定子动作，TCP链接发送RST包+DROP包+DROP流；UDP链接：DROP包+DROP流

2021-06-10 10:27:37 +08:00
parent 1f24c96a95
commit 8d03091016
1 changed files with 47 additions and 45 deletions
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -585,11 +585,17 @@ static unsigned char deal_deny_action(const struct streaminfo *a_stream, struct
 	if(user_region!=NULL)
 	{
 		method_type=tsg_get_method_id(user_region->method);		
+		security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
+	}
+	else
+	{
+		method_type=TSG_METHOD_TYPE_RESET;
+	}
+	
 	switch(method_type)
 	{
 		case	TSG_METHOD_TYPE_DROP:
 			set_drop_stream(a_stream);
-				//copy_deny_result(a_stream, context, p_result, a_stream->threadnum);
 			state=APP_STATE_DROPPKT|APP_STATE_DROPME;
 			break;
 		case	TSG_METHOD_TYPE_RESET:
@@ -620,7 +626,6 @@ static unsigned char deal_deny_action(const struct streaminfo *a_stream, struct
 			}

 			set_drop_stream(a_stream);
-				//copy_deny_result(a_stream, context, p_result, a_stream->threadnum);
 			state=APP_STATE_DROPPKT|APP_STATE_DROPME;
 			break;
 		case	TSG_METHOD_TYPE_BLOCK:
@@ -631,9 +636,6 @@ static unsigned char deal_deny_action(const struct streaminfo *a_stream, struct
 			break;
 	}

-		security_compile_free(g_tsg_para.table_id[TABLE_SECURITY_COMPILE], p_result, NULL, (MAAT_RULE_EX_DATA *)&user_region, 0, NULL);
-	}
-
 	return state;
 }