diff options
| author | yangwenlin <[email protected]> | 2022-01-29 11:01:54 +0800 |
|---|---|---|
| committer | yangwenlin <[email protected]> | 2022-01-29 11:01:54 +0800 |
| commit | 7cf9e45d6211305c45b598cc24e060a54e98ed4e (patch) | |
| tree | 8b19fce8980c78d44bac97e6a92c498ba89a02ff | |
| parent | 1f2176c209e1516e7e6da459d88f9080faf0fa1a (diff) | |
TSG-9525:添加tamper动作拷贝日志结果函数接口v5.4.31
| -rw-r--r-- | src/tsg_action.cpp | 4 | ||||
| -rw-r--r-- | src/tsg_entry.cpp | 42 |
2 files changed, 43 insertions, 3 deletions
diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index ee05eba..a5b147f 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -591,7 +591,7 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru }else{ if(_context->method_type != TSG_METHOD_TYPE_TAMPER) { - _context->method_type=TSG_METHOD_TYPE_TAMPER; + _context->method_type = TSG_METHOD_TYPE_TAMPER; _context->tamper_count = -1; } else @@ -607,7 +607,7 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru if(a_stream->type != STREAM_TYPE_TCP){ if(0 == send_tamper_xxx(a_stream, &_context->tamper_count, user_data)){ - return STATE_DROPPKT; + return STATE_GIVEME|STATE_DROPPKT; } } return STATE_GIVEME; diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 08f3138..c11f2e9 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -728,6 +728,45 @@ void free_gather_app_result(int thread_seq, void *project_req_value) } } +static int is_tamper_action(struct Maat_rule_t *p_result){ + struct compile_user_region *user_region=NULL; + user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]); + if(user_region == NULL){ + return 0; + }else if(user_region->method_type != TSG_METHOD_TYPE_TAMPER){ + return 0 ; + } + return 1; +} + +static void copy_tamper_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, struct Maat_rule_t *result, int result_num, int thread_seq) +{ + int i=0; + + if(!is_tamper_action(p_result)){ + return; + } + + if(context->result==NULL){ + context->result=(struct Maat_rule_t *)dictator_malloc(thread_seq, sizeof(struct Maat_rule_t)*MAX_RESULT_NUM); + } + + for(i=0; i<result_num && context->hit_cnt<MAX_RESULT_NUM; i++){ + memcpy(context->result+context->hit_cnt, &result[i], sizeof(struct Maat_rule_t)); + context->hit_cnt+=1; + } + + MESA_handle_runtime_log(g_tsg_para.logger, + RLOG_LV_DEBUG, + "TAMPER", + "Hit tamper policy, policy_id: %d service: %d action: %d addr: %s", + result[0].config_id, + result[0].service_id, + (unsigned char)result[0].action, + PRINTADDR(a_stream, g_tsg_para.level)); + return; +} + static void copy_monitor_result(const struct streaminfo *a_stream, struct master_context *context, struct Maat_rule_t *p_result, int result_num, int thread_seq) { int i=0; @@ -1499,10 +1538,11 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, { case TSG_ACTION_DENY: state=tsg_deal_deny_action(a_stream, p_result, context->proto, ACTION_RETURN_TYPE_APP, a_packet); - if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER)) + if((state&APP_STATE_DROPPKT)==APP_STATE_DROPPKT || (state&APP_STATE_KILL_OTHER) || is_tamper_action(p_result)) { context->hit_cnt=0; master_send_log(a_stream, p_result, 1, context, a_stream->threadnum); + copy_tamper_result(a_stream, context, p_result, result, hit_num, a_stream->threadnum); copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum); MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, |