diff options
| author | liuxueli <[email protected]> | 2021-05-17 11:09:16 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2021-05-17 11:09:16 +0800 |
| commit | 51d977c1e8fb1e0f5e622974bd45cc7a4dcfec29 (patch) | |
| tree | 191febe0396833661b5dcaa76b01e003595329be | |
| parent | e696c35c81386f86ab100c3836543bb892cb042e (diff) | |
填写正确的common_schema_typev4.1.5
| -rw-r--r-- | src/tsg_entry.cpp | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 09e7a8d..26736f8 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -271,10 +271,10 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t struct TLD_handle_t *TLD_handle=NULL; TLD_handle=TLD_create(thread_seq); + schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); + if(proto>PROTO_UNKONWN && proto<PROTO_MAX) { - schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); - if(proto==PROTO_IMAP || proto==PROTO_SMTP || proto==PROTO_POP3) { TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_MAIL].name, TLD_TYPE_STRING); @@ -306,6 +306,10 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t } } } + else + { + TLD_append(TLD_handle, schema_field_name, (void *)g_tsg_proto_name2id[PROTO_APP].name, TLD_TYPE_STRING); + } log_msg.a_stream=(struct streaminfo *)a_stream; log_msg.result=p_result; @@ -654,6 +658,27 @@ unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name) return 0; } +static int set_l7_protocol_to_context(struct master_context *context, unsigned int app_id) +{ + int i=0; + char *l7_protocol_name=NULL; + l7_protocol_name=tsg_l7_protocol_id2name(app_id); + if(l7_protocol_name!=NULL) + { + for(i=PROTO_HTTP; i<PROTO_MAX; i++) + { + if((strcasecmp(g_tsg_proto_name2id[i].name, l7_protocol_name))==0) + { + context->proto=(tsg_protocol_t)g_tsg_proto_name2id[i].type; + return 1; + } + } + } + + context->proto=PROTO_APP; + + return 0; +} int is_intercept_exclusion(const struct streaminfo *a_stream, Maat_rule_t *p_result, char *domain, int thread_seq) { @@ -1173,7 +1198,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data) { - int hit_num=0; + int hit_num=0; struct master_context *context=NULL; struct Maat_rule_t scan_result[MAX_RESULT_NUM]; struct gather_app_result *gather_result=NULL; @@ -1211,7 +1236,11 @@ static int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_ init_context((void **)(&context), a_stream->threadnum); set_struct_project(a_stream, g_tsg_para.context_project_id, (void *)context); } - + + if(identify_result->origin==ORIGIN_BASIC_PROTOCOL) + { + set_l7_protocol_to_context(context, identify_result->app_id[identify_result->app_id_num-1]); + } record_time_start(&(context->last_scan_time)); hit_num=scan_application_id_and_properties((struct streaminfo *)a_stream, scan_result, MAX_RESULT_NUM, &(context->mid), identify_result, a_stream->threadnum); |