From f7cbaf52c805ad62cc2af2013ed198adc1d666bc Mon Sep 17 00:00:00 2001
From: liuxueli <liuxueli@iie.ac.cn>
Date: Wed, 16 Feb 2022 18:12:22 +0800
Subject: TSG-9596: 执行Deny Action时未执行DROP的动作导致未阻断成功
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/tsg_action.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/tsg_action.cpp b/src/tsg_action.cpp
index d5017fc..1a3ff3d 100644
--- a/src/tsg_action.cpp
+++ b/src/tsg_action.cpp
@@ -848,7 +848,12 @@ static unsigned char tsg_do_deny_action(const struct streaminfo *a_stream, struc
 				break;
 			}
 			
-			local_state=0;
+			local_state=do_action_drop(a_stream, p_result, user_region, protocol, user_data);
+			if(protocol==PROTO_DNS && type==ACTION_RETURN_TYPE_APP)
+			{
+				local_state=set_drop_stream(a_stream, protocol);
+			}
+			
 			if(user_region->deny->app_para.send_icmp_enable==1)
 			{
 				 local_state|=send_icmp_unreachable(a_stream);
-- 
cgit v1.2.3