diff options
| author | liuxueli <[email protected]> | 2023-06-07 14:42:07 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2023-06-07 18:05:20 +0800 |
| commit | 4b023ef2305b676ae9932d4f644d42de98f108ce (patch) | |
| tree | 1c111583aa6af27a5da0b9e7a83020e5f2f9912f | |
| parent | 78f9aa6601f8f09979b8001397526d0f33b7a36b (diff) | |
OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略
| -rw-r--r-- | src/tsg_entry.cpp | 22 | ||||
| -rw-r--r-- | src/tsg_rule.cpp | 6 |
2 files changed, 16 insertions, 12 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index f26f705..6a4a932 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -313,11 +313,11 @@ static char get_direction(const struct streaminfo *a_stream) case DIR_C2S: if(i_or_e=='E' || i_or_e=='e') { - direction='E'; + direction='E'; //Internal to External } else { - direction='I'; + direction='I'; //External to Internal } break; case DIR_S2C: @@ -1920,6 +1920,17 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru { unsigned char state=APP_STATE_GIVEME; + struct maat_rule security_rules[MAX_RESULT_NUM]={0}; + size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); + if(n_security_rules>0) + { + state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum); + if(state&APP_STATE_KILL_OTHER) + { + return state; + } + } + struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0}; size_t n_s_chaining_rules=tsg_select_rules_by_service_id(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING); if(n_s_chaining_rules>0) @@ -1941,13 +1952,6 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum); } - struct maat_rule security_rules[MAX_RESULT_NUM]={0}; - size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY); - if(n_security_rules>0) - { - state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum); - } - return state; } diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 7fe3784..da6f06b 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -1940,9 +1940,9 @@ struct maat *init_maat_feather(const char* conffile, char* instance_name, char * MESA_load_profile_int_def(conffile, module,"DEFERRED_LOAD", &(deferred_load), 0); MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), ""); MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), ""); - MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_MS", &(effect_interval_ms), 60000); - MESA_load_profile_int_def(conffile, module,"RULE_UPDATE_CHECK_INTERVAL_MS", &(rule_update_interval_ms), 60000); - MESA_load_profile_int_def(conffile, module,"GARBAGE_COLLECT_MS", &(garbage_collect_ms), 60000); + MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_MS", &(effect_interval_ms), 1000); // + MESA_load_profile_int_def(conffile, module,"RULE_UPDATE_CHECK_INTERVAL_MS", &(rule_update_interval_ms), 1000); //check redis + MESA_load_profile_int_def(conffile, module,"GARBAGE_COLLECT_MS", &(garbage_collect_ms), 60000); // struct maat_options *opts=maat_options_new(); size_t thread_max=(size_t)get_thread_count(); |