TSG-8663: 安全日志中Application Label不包含策略中的Application

inc/tsg_send_log.h

@@ -33,6 +33,7 @@ extern struct tsg_log_instance_t *g_tsg_log_instance;
 
 struct TLD_handle_t *TLD_create(int thread_id);
 
+int TLD_search(struct TLD_handle_t *handle, char *key);
 int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE type);
 int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream);
 int TLD_cancel(struct TLD_handle_t *handle);

src/tsg_entry.cpp

@@ -559,7 +559,7 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
 			TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[proto].name, TLD_TYPE_STRING);
 		}
 
-		if(context->domain!=NULL)
+		if(context!=NULL && context->domain!=NULL)
 		{
 			switch(proto)
 			{
@@ -580,7 +580,7 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
 			}
 		}
 		
-		if(context->quic_version>0)
+		if(context!=NULL && context->quic_version>0)
 		{
 			if(quic_version_int2string(context->quic_version, quic_version, sizeof(quic_version)))
 			{
@@ -600,6 +600,14 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
 		TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING);
 	}
 
+	if(context!=NULL && context->hited_app_id>0)
+	{
+		char app_label_name[512]={0};
+		tsg_app_id2name(context->hited_app_id, app_label_name, sizeof(app_label_name), 0);
+		char *app_label_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_APP_LABEL);
+		TLD_append(TLD_handle, app_label_field_name, (void *)app_label_name, TLD_TYPE_STRING);
+	}
+	
 	tsg_send_log(g_tsg_log_instance, TLD_handle, &log_msg, thread_seq);
 	
 	if(p_result->config_id!=DECCRYPTION_EXCLUSION_ALLOW_POLICY_ID)
@@ -1460,6 +1468,10 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct
 			hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, &(context->mid), dict->app_name, identify_result->app_id[i], thread_seq);
 			//hit_num+=tsg_scan_app_id_policy(g_tsg_maat_feather, a_stream, result+hit_num, result_num-hit_num, mid, dict->parent_app_name, dict->parent_app_id, thread_seq);
 
+			if(context->hited_app_id==0 && hit_num>0 && identify_result->origin!=ORIGIN_BASIC_PROTOCOL)
+			{
+				context->hited_app_id=identify_result->app_id[i];
+			}
 			set_app_timeout(a_stream, dict, &(context->timeout));
 			app_id_dict_free(g_tsg_para.table_id[TABLE_APP_ID_DICT], (MAAT_PLUGIN_EX_DATA *)&dict, 0, NULL);
 		}

src/tsg_entry.h

@@ -195,6 +195,7 @@ struct master_context
 	int is_esni;
 	int is_log;
 	int is_ratelimit;
+	int hited_app_id;
 	unsigned int quic_version;
 	unsigned short timeout;
 	char *domain;

src/tsg_send_log.cpp

@@ -693,7 +693,10 @@ static int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 		
 		if(app_id_flag==1)
 		{
-			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
+			if(!(TLD_search(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name)))
+			{
+				TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_LABEL].name, (void *)app_name, TLD_TYPE_STRING);
+			}
 			
 			Value app_id_object(kObjectType);
 			get_app_id_list(&app_id_object, _handle, "USER_DEFINE", &(label->result[ORIGIN_USER_DEFINE]));
@@ -888,6 +891,20 @@ int TLD_cancel(struct TLD_handle_t *handle)
 	return 0;
 }
 
+int TLD_search(struct TLD_handle_t *handle, char *key)
+{
+	if (handle != NULL && handle->document != NULL && key != NULL)
+	{
+		Value::ConstMemberIterator itr = handle->document->FindMember(key);
+		if (itr!=handle->document->MemberEnd())
+		{
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
 static void TLD_delete(struct TLD_handle_t *handle, char *key)
 {
 	if (handle != NULL && handle->document != NULL && key != NULL)