diff options
| author | liuxueli <[email protected]> | 2021-08-24 20:29:18 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2021-08-24 20:29:18 +0800 |
| commit | ac265ec46b41f23fb8212547945bffb8bc388e1c (patch) | |
| tree | 28f2f53944c56e25777e59162ec905c72b666108 | |
| parent | e41a8c3c58838c2acb14c767d704e3ab5a333778 (diff) | |
TSG-7549: 安全事件日志中SMTPS、POPS、IMAPS出现重复日志v5.3.1
| -rw-r--r-- | src/tsg_entry.cpp | 19 | ||||
| -rw-r--r-- | src/tsg_entry.h | 1 |
2 files changed, 16 insertions, 4 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 80b8c78..b43950d 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1262,7 +1262,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, } break; case TSG_ACTION_MONITOR: - if(context->proto==PROTO_RTP) + if(context->proto==PROTO_RTP || context->is_parent_ssl==1) { break; } @@ -1296,10 +1296,10 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { - int hit_num=0; - struct master_context *context=NULL; - struct Maat_rule_t scan_result[MAX_RESULT_NUM]; + int hit_num=0,app_id=-1; + struct master_context *context=NULL; struct gather_app_result *gather_result=NULL; + struct Maat_rule_t scan_result[MAX_RESULT_NUM]={0}; struct app_identify_result *identify_result=(struct app_identify_result *)data; if(data==NULL) @@ -1341,6 +1341,17 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_ { set_l7_protocol_to_pme(context, identify_result->app_id[identify_result->app_id_num-1]); } + + app_id=identify_result->app_id[identify_result->app_id_num-1]; + if(app_id==(int)tsg_l7_protocol_name2id("SMTPS") || + app_id==(int)tsg_l7_protocol_name2id("IMAPS") || + app_id==(int)tsg_l7_protocol_name2id("POP3S") || + app_id==(int)tsg_l7_protocol_name2id("FTPS") || + app_id==(int)tsg_l7_protocol_name2id("HTTPS") + ) + { + context->is_parent_ssl=1; + } break; default: MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level)); diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 62cdbaa..a53e8ba 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -177,6 +177,7 @@ struct master_context int is_esni; int is_log; int is_ratelimit; + int is_parent_ssl; char *domain; scan_status_t mid; struct Maat_rule_t *result; |