From b9c38066a1c0e5a96da01bdb6625e88a6ce339df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E5=AD=A6=E5=88=A9?= <liuxueli@iie.ac.cn>
Date: Wed, 6 Oct 2021 12:25:15 +0000
Subject: [PATCH] =?UTF-8?q?TSG-7835:=20=E5=91=BD=E4=B8=ADblock=E3=80=81ale?=
 =?UTF-8?q?rt=E5=8A=A8=E4=BD=9C=EF=BC=8C=E5=8F=91=E9=80=81=E5=BA=94?=
 =?UTF-8?q?=E7=AD=94=E9=A1=B5=E9=9D=A2=E5=90=8E=E8=BF=BD=E5=8A=A0RST?=
 =?UTF-8?q?=E5=8C=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/tsg_action.cpp | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp
index 5c163c6..b1c0f34 100644
--- a/src/tsg_action.cpp
+++ b/src/tsg_action.cpp
@@ -226,7 +226,7 @@ static int set_tcp_flags(char *packet, int ip_tcp_hdr_len)
 {	
 	struct tcphdr *tcp=(struct tcphdr *)(packet+(ip_tcp_hdr_len-20));  // tcp header=20 bytes
 
-	tcp->fin=1;
+	tcp->rst=1;
 	tcp->psh=0;
 	tcp->ack=1;
 
@@ -429,10 +429,10 @@ static int http_build_response_packet(const struct streaminfo *a_stream, struct
 	}	
 	
 	set_tcp_flags(message, ip_tcp_hdr_len);
-	http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin
+	http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //rst
 	
 	reverse_ip_tcp_header(message, ip_tcp_hdr_len, v4_or_v6);
-	http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //fin
+	http_send_reponse_packet(a_stream, message, 0, v4_or_v6, ip_tcp_hdr_len, 0); //rst
 	
 	return send_pkt_len;
 }
@@ -594,6 +594,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa
 
 static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, const void *a_packet)
 {
+	int opt_value=0;
 	int send_pkt_len=0;
 
 	switch(user_region->deny->code)
@@ -608,6 +609,12 @@ static unsigned char do_action_block_http(const struct streaminfo *a_stream, Maa
 		default:
 			break;
 	}
+
+	if(g_tsg_para.reset.remedy==1)
+	{
+		opt_value=1;
+		MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value));
+	}
 	
 	return STATE_DROPME|STATE_DROPPKT;
 }