TSG-10101: 增加tamper功能开关，默认关闭v5.6.0

3 files changed, 9 insertions, 0 deletions

diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp
index c300851..276e25e 100644
--- a/src/tsg_action.cpp
+++ b/src/tsg_action.cpp
@@ -576,6 +576,12 @@ static unsigned char do_action_drop(const struct streaminfo *a_stream, Maat_rule
 
 static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region, tsg_protocol_t protocol, const void *user_data)
 {
+	if(g_tsg_para.feature_tamper==0)
+	{
+		do_action_drop(a_stream, p_result, user_region, protocol, user_data);
+		return STATE_DROPME|STATE_DROPPKT;
+	}
+	
 	if(user_region==NULL)
 	{
         return do_action_drop(a_stream, p_result, user_region, protocol, user_data);
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index d580059..0b33f3e 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -2172,6 +2172,8 @@ extern "C" int TSG_MASTER_INIT()
 	MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "IENTIFY_APP_MAX_PKT_NUM", &g_tsg_para.identify_app_max_pkt_num, 20);
+	
+	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "FEATURE_TAMPER", &g_tsg_para.feature_tamper, 0);
 
 	ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
 	if(ret<0)
diff --git a/src/tsg_entry.h b/src/tsg_entry.h
index 710a567..739ba0e 100644
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -282,6 +282,7 @@ typedef	struct tsg_para
 	int datacenter_id;
 	int hash_timeout;
 	int hash_slot_size;
+	int feature_tamper;
 	enum DEPLOY_MODE deploy_mode;
 	int scan_time_interval;
 	int identify_app_max_pkt_num;