修改deal_tcp.c:2118, 如果ret=stream_process_tcp返回值是DROP, tcp_deal_unorder()返回值是PASS, 当前包就是PASS, 结果就CT了

3 files changed, 94 insertions, 3 deletions

diff --git a/bin/etc/vxlan_sport_service_map.conf b/bin/etc/vxlan_sport_service_map.conf
new file mode 100644
index 0000000..8a48052
--- /dev/null
+++ b/bin/etc/vxlan_sport_service_map.conf
@@ -0,0 +1,86 @@
+#service-id  	vpn-id  sport-dport
+1		101	50000-50016
+2		102	50064-50080
+3		103	50128-50144
+4		104	50192-50208
+5		105	50256-50272
+6		106	50320-50336
+7		107	50384-50384
+8		108	50448-50464
+9		109	50512-50512
+10		110	50576-50592
+11		111	50640-50656
+12		112	50704-50720
+13		113	50768-50784
+14		114	50832-50848
+15		115	50896-50912
+16		116	50960-50960
+17		117	51024-51024
+18		118	51088-51088
+19		119	51152-51168
+20		120	51216-51232
+21		121	51280-51296
+22		122	51344-51360
+23		123	51408-51408
+24		124	51472-51472
+25		125	51536-51536
+26		126	51600-51600
+27		127	51664-51664
+28		128	51728-51728
+29		129	51792-51792
+30		130	51856-51856
+31		131	51920-51920
+32		132	51984-51984
+33		133	52048-52064
+34		134	52112-52128
+35		135	52176-52192
+36	136	52240-52256
+37	137	52304-52320
+38	138	52368-52384
+39	139	52432-52448
+40	140	52496-52512
+41	141	52560-52576
+42	142	52624-52640
+43	143	52688-52704
+44	144	52752-52768
+45	145	52816-52832
+46	146	52880-52896
+47	147	52944-52960
+48	148	53008-53024
+49	149	53072-53088
+50	150	53136-53152
+51	151	53200-53216
+52	152	53264-53280
+53	153	53328-53344
+54	154	53392-53408
+55	155	53456-53472
+56	156	53520-53536
+57	157	53584-53600
+58	158	53648-53664
+59	159	53712-53712
+60	160	53776-53776
+61	161	53840-53840
+62	162	53904-53904
+63	163	53968-53968
+64	164	54032-54032
+65	165	54096-54096
+66	166	54160-54176
+67	167	54224-54240
+68	168	54288-54304
+69	169	54352-54368
+70	170	54416-54432
+71	171	54480-54496
+72	172	54544-54560
+73	173	54608-54624
+74	174	54672-54688
+75	175	54736-54736
+76	176	54800-54800
+77	177	54864-54864
+78	178	54928-54928
+79	179	54992-54992
+80	180	55056-55056
+81	181	55120-55120
+82	182	55184-55184
+83	183	55248-55248
+84	184	55312-55312
+85	185	55376-55376
diff --git a/src/dealpkt/deal_tcp.c b/src/dealpkt/deal_tcp.c
index a8398f0..eb93696 100644
--- a/src/dealpkt/deal_tcp.c
+++ b/src/dealpkt/deal_tcp.c
@@ -2081,6 +2081,7 @@ static int tcp_deal_data(struct streamindex *pindex,const void *this_iphdr,const
 	struct half_tcpstream *snd=NULL,*rcv=NULL;
 	u_int this_seq = ntohl (this_tcphdr->th_seq);
 	int ret=PASS;
+	int ret_unorder = PASS;
 	
 	if(pstream->curdir==DIR_S2C)
 	{
@@ -2114,8 +2115,12 @@ static int tcp_deal_data(struct streamindex *pindex,const void *this_iphdr,const
 				
 			}
 #else
-			ret = tcp_deal_unorder(pindex,pstream,rcv,snd,CHECK_ORDER_DATA);
+		/* 2020-04-24 lijia modify, ���ret=stream_process_tcp����ֵ��DROP,   tcp_deal_unorder()����ֵ��PASS, ��ǰ������PASS, �����CT��! */
+			ret_unorder = tcp_deal_unorder(pindex,pstream,rcv,snd,CHECK_ORDER_DATA);
 #endif			
+			if((DROP == ret_unorder) || (DROP == ret)){
+				ret = DROP;
+			}
 			return ret;			
 		}
 		//����ԭ����������ݰ��Ƿ��Ѿ����򣬽��д���
diff --git a/test/Makefile b/test/Makefile
index 712c7ac..dff6d4e 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -9,7 +9,7 @@ MODULES	=
 BIN_PATH = ../bin/
 
 TARGET	= test_app_sapp.so
-#TARGET += wangyan_gdev_measurement.so
+TARGET += wangyan_gdev_measurement.so
 #TARGET  += test_anti_flood_hijack
 #TARGET  += sapp_so_run
 
@@ -51,7 +51,7 @@ test_anti_flood_hijack:test_anti_flood_hijack.c ../lib/libavltree.a
 
 wangyan_gdev_measurement.so:wangyan_gdev_measurement.c
 	$(CC) -o $@ -shared -fPIC $(INCS) $(CFLAGS) -DIOMODE_MARSIO=1 $^ $(MODULES)
-	cp $@ ../bin/plug/business/wangyan_gdev_measurement/$@
+	#cp $@ ../bin/plug/business/wangyan_gdev_measurement/$@
 
 
 sapp_so_run:test_sapp_so.o