TSG-15999: 第三方识别结果包含基础协议, 扫描命中时需判断命中APPID是否为基础协议v6.0.36v6.0.35

3 files changed, 99 insertions, 15 deletions

diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 691820e..823b4c0 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1036,6 +1036,17 @@ int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream
 
 int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_stream, unsigned int matched_app_id)
 {
+	if(matched_app_id==0)
+	{
+		return 0;
+	}
+
+	const char *app_name=tsg_l7_protocol_id2name(matched_app_id);
+	if(app_name!=NULL)
+	{
+		return 0;
+	}
+
 	struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
 	if(gather_result==NULL)
 	{
@@ -1662,8 +1673,6 @@ size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, str
 			after_n_packets=dict->deny_app_para.after_n_packets;
 			
 			set_app_timeout(a_stream, dict, &(srt_process_context->timeout));
-
-			//plugin_ex_data_app_id_dict_free(dict);
 		}
 		else
 		{
@@ -1690,6 +1699,7 @@ size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, str
 		if(origin!=ORIGIN_BASIC_PROTOCOL)
 		{
 			srt_process_context->matched_app_id=matched_app_id;
+			session_app_gather_results_update_matched_app_id(a_stream, matched_app_id);
 		}
 		
 		srt_process_context->hited_para.matched_app_id=matched_app_id;
@@ -1703,11 +1713,6 @@ size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, str
 		}
 	}
 
-	if(srt_process_context!=NULL && srt_process_context->matched_app_id>0)
-	{		
-		session_app_gather_results_update_matched_app_id(a_stream, srt_process_context->matched_app_id);
-	}
-
 	return matched_cnt;
 }
 
@@ -1725,9 +1730,9 @@ size_t session_app_gather_results_scan(const struct streaminfo *a_stream, struct
 		matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, &(gather_result->unknown), 1, ORIGIN_UNKNOWN, thread_seq);
 	}
 	
-	matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->built_in, gather_result->built_in_num, ORIGIN_BUILT_IN, thread_seq);
 	matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->l7_protocol, gather_result->l7_protocol_num, ORIGIN_BASIC_PROTOCOL, thread_seq);
 	matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->qm_engine, gather_result->qm_engine_num, ORIGIN_QM_ENGINE, thread_seq);
+	matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->built_in, gather_result->built_in_num, ORIGIN_BUILT_IN, thread_seq);
 	matched_cnt+=session_app_id_and_properties_scan(a_stream, rules+matched_cnt, n_rules-matched_cnt, srt_process_context, gather_result->user_define, gather_result->user_define_num, ORIGIN_USER_DEFINE, thread_seq);
 
 	return matched_cnt;
@@ -2045,7 +2050,11 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
 	{
 		int n_offset=0;
 		unsigned int app_id[4]={0,0,0,0};
-		app_id[n_offset++]=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name, g_tsg_proto_name2id[srt_process_context->proto].len);
+		unsigned int protocol_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name, g_tsg_proto_name2id[srt_process_context->proto].len);
+		if(protocol_id!=0)
+		{
+			app_id[n_offset++]=protocol_id;
+		}
 		srt_process_context->is_app_link=FLAG_TRUE;
 		srt_attribute_set_protocol(a_stream, srt_process_context->proto);
 
@@ -2071,16 +2080,22 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
 		matched_cnt+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
 		if(srt_process_context->is_esni)
 		{
-			unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
-			app_id[n_offset++]=protocol_id;
-			matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+			protocol_id=tsg_l7_protocol_name2id("ESNI", 4);
+			if(protocol_id!=0)
+			{
+				app_id[n_offset++]=protocol_id;
+				matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+			}
 		}
 		
 		if(srt_process_context->is_ech)
 		{
-			unsigned int protocol_id=tsg_l7_protocol_name2id("ECH", 3);
-			app_id[n_offset++]=protocol_id;
-			matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+			protocol_id=tsg_l7_protocol_name2id("ECH", 3);
+			if(protocol_id!=0)
+			{
+				app_id[n_offset++]=protocol_id;
+				matched_cnt+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), matched_rules+matched_cnt, n_matched_rules-matched_cnt);
+			}
 		}
 
 		if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL)
diff --git a/test/bin/gtest_maat.json b/test/bin/gtest_maat.json
index c2c3833..71ec6e4 100644
--- a/test/bin/gtest_maat.json
+++ b/test/bin/gtest_maat.json
@@ -2302,6 +2302,32 @@
                     ]
                 }
             ]
+        },
+        {
+            "compile_id": 78,
+            "service": 2,
+            "action": 16,
+            "do_blacklist": 0,
+            "do_log": 1,
+            "tags": "{}",
+            "user_region": "{}",
+            "is_valid": "yes",
+            "evaluation_order": "10.0",
+            "groups": [
+                {
+                    "group_name": "HTTPS_APP_ID",
+                    "regions": [
+                        {
+                            "table_name": "TSG_OBJ_APP_ID",
+                            "table_type": "interval",
+                            "table_content": {
+                                "low_boundary": 68,
+                                "up_boundary": 68
+                            }
+                        }
+                    ]
+                }
+            ]
         }
     ],
     "plugin_table": [
diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp
index e7499d1..06ac779 100644
--- a/test/src/gtest_master.cpp
+++ b/test/src/gtest_master.cpp
@@ -1153,6 +1153,49 @@ TEST(TSGMaster, SessionApplicationFullPathTSG15999)
 	session_gather_app_results_async(&a_stream, NULL);
 }
 
+
+
+size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, struct maat_rule *matched_rules, size_t n_matched_rules, struct session_runtime_process_context *srt_process_context, struct app_attributes *app_attribute, char app_attribute_num, APP_IDENTIFY_ORIGIN origin, int thread_seq);
+TEST(TSGMaster, SessionApplicationFullPathTSG15999_MatchedRuleQM)
+{
+	const struct streaminfo a_stream={0};
+	char out_full_path[256]={0};
+	int out_full_path_len=sizeof(out_full_path);
+	struct gather_app_result *gather_result=(struct gather_app_result *)calloc(1, sizeof(struct gather_app_result));
+
+	gather_result->l7_protocol_num=1;
+	gather_result->l7_protocol=(struct app_attributes *)calloc(1, sizeof(struct app_attributes));
+	gather_result->l7_protocol->app_id=68;
+	gather_result->l7_protocol->surrogate_id=0;
+	gather_result->l7_protocol->packet_sequence=4;
+
+	gather_result->qm_engine_num=2;
+	gather_result->qm_engine=(struct app_attributes *)calloc(1, sizeof(struct app_attributes)*2);
+	gather_result->qm_engine[0].app_id=199;
+	gather_result->qm_engine[0].surrogate_id=0;
+	gather_result->qm_engine[0].packet_sequence=6;
+	gather_result->qm_engine[1].app_id=68;
+	gather_result->qm_engine[1].surrogate_id=0;
+	gather_result->qm_engine[1].packet_sequence=4;
+	session_gather_app_results_async(&a_stream, (void *)gather_result);
+	
+	struct maat_rule matched_rules[8]={0};
+	struct session_runtime_process_context srt_process_context={0};
+	srt_process_context.mid=maat_state_new(g_tsg_maat_feather, 0);
+
+	session_app_id_and_properties_scan(&a_stream, matched_rules, 8, &srt_process_context, gather_result->qm_engine, gather_result->qm_engine_num, ORIGIN_QM_ENGINE, 0);
+	session_app_id_and_properties_scan(&a_stream, matched_rules, 8, &srt_process_context, gather_result->l7_protocol, gather_result->l7_protocol_num, ORIGIN_BASIC_PROTOCOL, 0);
+	maat_state_free(srt_process_context.mid);
+
+	session_application_full_path_update(&a_stream, out_full_path, out_full_path_len);
+	EXPECT_STREQ("ssl.https", out_full_path);
+
+	free(gather_result->l7_protocol);
+	free(gather_result->qm_engine);
+	free(gather_result);
+	session_gather_app_results_async(&a_stream, NULL);
+}
+
 int session_app_gather_results_update(struct app_attributes **update_result, char update_result_num, struct app_identify_result *identify_result, int packet_sequence, int thread_seq);
 
 TEST(TSGMaster, SessionApplicationFullPathTSG13811)