gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

命中管控策略中的bypass动作时,发送json日志并记录本地日志。

Browse Source
This commit is contained in:
zhengchao
2019-06-17 20:12:37 +08:00
parent 1e3ce2bcb0
commit 03098bc2cf
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugin/business/pangu-http/src/pangu_http.cpp
View File

@@ -1178,6 +1178,12 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
if (prior_action == PG_ACTION_WHITELIST) if (prior_action == PG_ACTION_WHITELIST)
{ {
if(*n_enforce==0)
{
*enforce_rules=ALLOC(struct Maat_rule_t, 1);
}
*enforce_rules[0]=*prior_rule;
*n_enforce=1;
return PG_ACTION_WHITELIST; return PG_ACTION_WHITELIST;
} }
@@ -1908,8 +1914,12 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
if (hit_cnt > 0) if (hit_cnt > 0)
{ {
ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->param); ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->param);
if (ctx->action == PG_ACTION_WHITELIST) goto __out; if (ctx->action == PG_ACTION_WHITELIST)
{
TFE_LOG_INFO(g_pangu_rt->local_logger, "Bypass rules matched: url=%s policy id=%d.",
session->req->req_spec.url, ctx->enforce_rules[0].config_id);
goto __out;
}
if (hit_cnt > 1) if (hit_cnt > 1)
{ {
p = buff; p = buff;
@@ -2283,6 +2293,8 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
} }
if (ctx->action == PG_ACTION_WHITELIST) if (ctx->action == PG_ACTION_WHITELIST)
{ {
TFE_LOG_INFO(g_pangu_rt->local_logger, "Bypass rules matched on http begin: url=%s policy id=%d.",
session->req->req_spec.url, ctx->enforce_rules[0].config_id);
tfe_http_session_detach(session); tfe_http_session_detach(session);
} }

2
plugin/business/pangu-http/src/pangu_logger.cpp
View File

@@ -333,7 +333,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
per_hit_obj=cJSON_Duplicate(common_obj, 1); per_hit_obj=cJSON_Duplicate(common_obj, 1);
cJSON_AddNumberToObject(per_hit_obj, "policy_id", log_msg->result[i].config_id); cJSON_AddNumberToObject(per_hit_obj, "policy_id", log_msg->result[i].config_id);
cJSON_AddNumberToObject(per_hit_obj, "service", log_msg->result[i].service_id); cJSON_AddNumberToObject(per_hit_obj, "service", log_msg->result[i].service_id);
cJSON_AddNumberToObject(per_hit_obj, "action", log_msg->result[i].action); cJSON_AddNumberToObject(per_hit_obj, "action", (unsigned char)log_msg->result[i].action);
log_payload = cJSON_PrintUnformatted(per_hit_obj); log_payload = cJSON_PrintUnformatted(per_hit_obj);
TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload); TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload);