diff --git a/inc/tsg_send_log.h b/inc/tsg_send_log.h index e61a4c4..b9703a0 100644 --- a/inc/tsg_send_log.h +++ b/inc/tsg_send_log.h @@ -33,6 +33,7 @@ extern struct tsg_log_instance_t *g_tsg_log_instance; struct TLD_handle_t *TLD_create(int thread_id); +int TLD_search(struct TLD_handle_t *handle, char *key); int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type); int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream); int TLD_cancel(struct TLD_handle_t *handle); diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 5d1146d..2a38481 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -559,7 +559,7 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[proto].name, TLD_TYPE_STRING); } - if(context->domain!=NULL) + if(context!=NULL && context->domain!=NULL) { switch(proto) { @@ -580,7 +580,7 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t } } - if(context->quic_version>0) + if(context!=NULL && context->quic_version>0) { if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version))) { @@ -599,6 +599,14 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t { TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING); } + + if(context!=NULL && context->hited_app_id>0) + { + char app_label_name[512]={0}; + tsg_app_id2name(context->hited_app_id, app_label_name, sizeof(app_label_name), 0); + char *app_label_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_APP_LABEL); + TLD_append(TLD_handle, app_label_field_name, (void *)app_label_name, TLD_TYPE_STRING); + } tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq); @@ -1460,6 +1468,10 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq); //hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq); + if(context->hited_app_id==0 && hit_num>0 && identify_result->origin!=ORIGIN_BASIC_PROTOCOL) + { + context->hited_app_id=identify_result->app_id[i]; + } set_app_timeout(a_stream, dict, &(context->timeout)); app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL); } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 8f16f0d..1ac1ddc 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -195,6 +195,7 @@ struct master_context int is_esni; int is_log; int is_ratelimit; + int hited_app_id; unsigned int quic_version; unsigned short timeout; char *domain; diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 98e7010..9eb814c 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -693,8 +693,11 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t if(app_id_flag==1) { - TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING); - + if(!(TLD_search(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name))) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING); + } + Value app_id_object(kObjectType); get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(label->result[ORIGIN_USER_DEFINE])); get_app_id_list(&app_id_object, _handle, "BUILT_IN", &(label->result[ORIGIN_BUILT_IN])); @@ -888,6 +891,20 @@ int TLD_cancel(struct TLD_handle_t *handle) return 0; } +int TLD_search(struct TLD_handle_t *handle, char *key) +{ + if (handle != NULL && handle->document != NULL && key != NULL) + { + Value::ConstMemberIterator itr = handle->document->FindMember(key); + if (itr!=handle->document->MemberEnd()) + { + return 1; + } + } + + return 0; +} + static void TLD_delete(struct TLD_handle_t *handle, char *key) { if (handle != NULL && handle->document != NULL && key != NULL)