From 31d9a05c2dfa20875e77a11d3f23abbf434e0ae3 Mon Sep 17 00:00:00 2001
From: liuxueli <liuxueli@iie.ac.cn>
Date: Thu, 3 Mar 2022 09:48:11 +0800
Subject: TSG-9722: 为保证阻断效果，设置丢弃整个流
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/tsg_action.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp
index 3617ce5..c300851 100644
--- a/src/tsg_action.cpp
+++ b/src/tsg_action.cpp
@@ -902,6 +902,7 @@ unsigned char tsg_deny_application(const struct streaminfo *a_stream, Maat_rule_
 	dict=(struct app_id_dict *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_APP_ID_DICT], (const char *)app_id_buff);
 	if(dict==NULL)
 	{
+		set_drop_stream(a_stream, protocol);
 		return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT);
 	}
 	
@@ -945,6 +946,7 @@ unsigned char tsg_deal_deny_action(const struct streaminfo *a_stream, Maat_rule_
 	user_region=(struct compile_user_region *)Maat_rule_get_ex_data(g_tsg_maat_feather, p_result, g_tsg_para.table_id[TABLE_SECURITY_COMPILE]);
 	if(user_region==NULL)
 	{
+		set_drop_stream(a_stream, protocol);
 		return ((type==ACTION_RETURN_TYPE_PROT) ? PROT_STATE_DROPPKT|PROT_STATE_DROPME: APP_STATE_DROPME|APP_STATE_DROPPKT);
 	}
 
-- 
cgit v1.2.3