From 7a7e5ee1315760a3d195eafee887cca2b9e05944 Mon Sep 17 00:00:00 2001 From: liuxueli Date: Sat, 2 Apr 2022 17:52:06 +0800 Subject: TSG-10056: DNS data_entry入口函数命中策略,并设置了ratelimit的标志,但是返回值为killother导致未进入all_entry函数入口,故未执行ratelimit的动作 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inc/tsg_rule.h | 1 + src/tsg_action.cpp | 6 +++--- src/tsg_entry.cpp | 27 +++++++++++++++++++-------- src/tsg_entry.h | 2 +- src/tsg_rule.cpp | 2 ++ 5 files changed, 26 insertions(+), 12 deletions(-) diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h index 3b63666..e3295b4 100644 --- a/inc/tsg_rule.h +++ b/inc/tsg_rule.h @@ -30,6 +30,7 @@ enum TSG_METHOD_TYPE TSG_METHOD_TYPE_TAMPER, TSG_METHOD_TYPE_DEFAULT, TSG_METHOD_TYPE_APP_DROP, + TSG_METHOD_TYPE_ALLOW, TSG_METHOD_TYPE_MAX }; diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp index 276e25e..32efbf6 100644 --- a/src/tsg_action.cpp +++ b/src/tsg_action.cpp @@ -56,12 +56,12 @@ static int set_drop_stream(const struct streaminfo *a_stream, tsg_protocol_t pro return STATE_DROPME|STATE_DROPPKT; } -static int set_ratelimit_flag(const struct streaminfo *a_stream) +static int set_dropme_flag(const struct streaminfo *a_stream) { struct master_context *_context=(struct master_context *)get_struct_project(a_stream, g_tsg_para.context_project_id); if(_context!=NULL) { - _context->is_ratelimit=1; + _context->is_dropme=1; } return 0; @@ -675,7 +675,7 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat bucket=NULL; } - set_ratelimit_flag(a_stream); + set_dropme_flag(a_stream); context=NULL; diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 0b33f3e..ee19c85 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1593,6 +1593,13 @@ int scan_application_id_and_properties(const struct streaminfo *a_stream, struct context->hited_para.hited_app_id=hited_app_id; context->hited_para.after_n_packets=after_n_packets; } + else + { + if(identify_result->origin==ORIGIN_BASIC_PROTOCOL && after_n_packets>0) //for tsg_protocol_t + { + context->hited_para.after_n_packets=after_n_packets; + } + } return hit_num; } @@ -1627,7 +1634,8 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, } copy_result_to_project(a_stream, context, p_result, context->domain, context->proto, PULL_FW_RESULT, a_stream->threadnum); - state=APP_STATE_KILL_OTHER|APP_STATE_DROPME; + context->is_dropme=1; //only tcp + state=APP_STATE_KILL_OTHER|APP_STATE_GIVEME; break; } else @@ -1671,7 +1679,7 @@ static unsigned char master_deal_scan_result(const struct streaminfo *a_stream, FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1); state=APP_STATE_GIVEME|APP_STATE_KILL_OTHER; - tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_UNKNOWN, a_stream->threadnum); + tsg_set_method_to_tcpall(a_stream, &tmp_tcpall_context, TSG_METHOD_TYPE_ALLOW, a_stream->threadnum); break; case TSG_ACTION_INTERCEPT: if(is_intercept_exclusion(a_stream, p_result, context->domain, a_stream->threadnum)) @@ -1938,7 +1946,7 @@ static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, vo break; } - if(context->is_ratelimit==1 && a_stream->type==STREAM_TYPE_TCP) + if(context->is_dropme==1 && a_stream->type==STREAM_TYPE_TCP) { state=APP_STATE_KILL_OTHER|APP_STATE_DROPME; } @@ -1968,10 +1976,13 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns struct master_context *data_context=NULL; struct tcpall_context *all_context=(struct tcpall_context *)(*pme); - if(stream_state==OP_STATE_PENDING) + if(stream_state==OP_STATE_PENDING && all_context->method_type!=TSG_METHOD_TYPE_ALLOW) { - all_context->method_type=TSG_METHOD_TYPE_DEFAULT; - all_context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); + if(all_context->method_type==TSG_METHOD_TYPE_UNKNOWN) + { + all_context->method_type=TSG_METHOD_TYPE_DEFAULT; + all_context->after_n_packets=get_default_para(a_stream, g_tsg_para.default_compile_id); + } hit_num=tsg_scan_nesting_addr(g_tsg_maat_feather, a_stream, PROTO_UNKONWN, &scan_mid, result, MAX_RESULT_NUM); if(hit_num>0) @@ -2085,7 +2096,7 @@ extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, vo } state2=tsg_master_data_entry(a_udp, (void **)&(context->data_entry), thread_seq, a_packet); - if(state2==APP_STATE_GIVEME) + if(!(state2&APP_STATE_DROPME)) { state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(context->all_entry), thread_seq, a_packet); } @@ -2107,7 +2118,7 @@ extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, if(*pme==NULL) { *pme=(struct tcpall_context *)dictator_malloc(thread_seq, sizeof(struct tcpall_context)); - memset(*pme, 0, sizeof(struct tcpall_context)); + memset(*pme, 0, sizeof(struct tcpall_context)); set_struct_project(a_tcp, g_tsg_para.tcpall_project_id, (void *)(*pme)); } } diff --git a/src/tsg_entry.h b/src/tsg_entry.h index 739ba0e..89ada10 100644 --- a/src/tsg_entry.h +++ b/src/tsg_entry.h @@ -228,7 +228,7 @@ struct master_context { unsigned char is_esni; unsigned char is_log; - unsigned char is_ratelimit; + unsigned char is_dropme; unsigned char deal_pkt_num; unsigned char is_app_link; unsigned char pad; diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp index 5b0ec37..f0989ee 100644 --- a/src/tsg_rule.cpp +++ b/src/tsg_rule.cpp @@ -2846,6 +2846,7 @@ int tsg_set_method_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co switch(_context->method_type) { + case TSG_METHOD_TYPE_UNKNOWN: case TSG_METHOD_TYPE_DEFAULT: case TSG_METHOD_TYPE_MIRRORED: _context->method_type=method_type; @@ -2876,6 +2877,7 @@ int tsg_set_bucket_to_tcpall(const struct streaminfo *a_stream, struct tcpall_co return 1; break; case TSG_METHOD_TYPE_DEFAULT: + case TSG_METHOD_TYPE_UNKNOWN: break; default: return 0; -- cgit v1.2.3