From 0776cb3ec8c7173a20cf0f31a9a3ff56d48e8457 Mon Sep 17 00:00:00 2001 From: Lu Qiuwen Date: Sun, 23 Sep 2018 20:02:07 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3Pangu=E8=BE=93=E5=87=BA?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=91=BD=E4=B8=AD=E7=BB=93=E6=9E=9C=E5=8A=9F?= =?UTF-8?q?=E8=83=BD=E4=B8=AD=E7=9A=84=E8=B6=8A=E7=95=8C=E5=86=99=E9=97=AE?= =?UTF-8?q?=E9=A2=98=EF=BC=8CHTTP=E7=9B=91=E6=B5=8B=E5=8A=9F=E8=83=BD?= =?UTF-8?q?=E5=88=9D=E6=AD=A5=E8=B0=83=E9=80=9A=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/business/pangu-http/pangu_http.cpp | 941 ++++++++++---------- plugin/business/pangu-http/pangu_logger.cpp | 15 +- 2 files changed, 482 insertions(+), 474 deletions(-) diff --git a/plugin/business/pangu-http/pangu_http.cpp b/plugin/business/pangu-http/pangu_http.cpp index 650520a..bd1b8b2 100644 --- a/plugin/business/pangu-http/pangu_http.cpp +++ b/plugin/business/pangu-http/pangu_http.cpp @@ -22,21 +22,21 @@ #include #include -#define MAX_SCAN_RESULT 16 -#define MAX_EDIT_ZONE_NUM 64 -#define MAX_EDIT_MATCHES 16 +#define MAX_SCAN_RESULT 16 +#define MAX_EDIT_ZONE_NUM 64 +#define MAX_EDIT_MATCHES 16 enum pangu_action//Bigger action number is prior. { - PG_ACTION_NONE = 0x00, - PG_ACTION_MONIT = 0x01, - PG_ACTION_FORWARD = 0x02, /* N/A */ - PG_ACTION_REJECT = 0x10, - PG_ACTION_DROP = 0x20, /* N/A */ - PG_ACTION_REDIRECT = 0x30, - PG_ACTION_RATELIMIT = 0x40, /* N/A */ - PG_ACTION_REPLACE = 0x50, - PG_ACTION_LOOP = 0x60, /* N/A */ - PG_ACTION_WHITELIST = 0x80 + PG_ACTION_NONE = 0x00, + PG_ACTION_MONIT = 0x01, + PG_ACTION_FORWARD = 0x02, /* N/A */ + PG_ACTION_REJECT = 0x10, + PG_ACTION_DROP = 0x20, /* N/A */ + PG_ACTION_REDIRECT = 0x30, + PG_ACTION_RATELIMIT = 0x40, /* N/A */ + PG_ACTION_REPLACE = 0x50, + PG_ACTION_LOOP = 0x60, /* N/A */ + PG_ACTION_WHITELIST = 0x80 }; enum scan_table { @@ -51,79 +51,75 @@ enum scan_table struct pangu_rt { Maat_feather_t maat; - struct pangu_logger* send_logger; - void* local_logger; + struct pangu_logger * send_logger; + void * local_logger; int log_level; int thread_num; int scan_table_id[__SCAN_TABLE_MAX]; - ctemplate::Template* tpl_403,*tpl_404,*tpl_451; - char* reject_page; + ctemplate::Template * tpl_403, * tpl_404, * tpl_451; + char * reject_page; int page_size; }; -struct pangu_rt *g_pangu_rt; -#define MAAT_INPUT_JSON 0 -#define MAAT_INPUT_REDIS 1 -#define MAAT_INPUT_FILE 2 +struct pangu_rt * g_pangu_rt; +#define MAAT_INPUT_JSON 0 +#define MAAT_INPUT_REDIS 1 +#define MAAT_INPUT_FILE 2 -static Maat_feather_t create_maat_feather(const char* profile, const char* section,int max_thread, void* logger) +static Maat_feather_t create_maat_feather(const char * profile, const char * section, int max_thread, void * logger) { Maat_feather_t target; - int input_mode=0,maat_stat_on=0,maat_perf_on=0; - int ret=0,scan_detail=0,effect_interval=60; - char table_info[TFE_STRING_MAX]={0},inc_cfg_dir[TFE_STRING_MAX]={0},ful_cfg_dir[TFE_STRING_MAX]={0}; - char redis_server[TFE_STRING_MAX]={0}; - int redis_port=0; - int redis_db_idx=0; - char json_cfg_file[TFE_STRING_MAX]={0},maat_stat_file[TFE_STRING_MAX]={0}; - const char* instance_name="pangu"; - MESA_load_profile_int_def(profile, section,"MAAT_INPUT_MODE", &(input_mode),0); - MESA_load_profile_int_def(profile, section,"STAT_SWITCH", &(maat_stat_on),1); - MESA_load_profile_int_def(profile, section,"PERF_SWITCH", &(maat_perf_on),1); + int input_mode = 0, maat_stat_on = 0, maat_perf_on = 0; + int ret = 0, scan_detail = 0, effect_interval = 60; + char table_info[TFE_STRING_MAX] = {0}, inc_cfg_dir[TFE_STRING_MAX] = {0}, ful_cfg_dir[TFE_STRING_MAX] = {0}; + char redis_server[TFE_STRING_MAX] = {0}; + int redis_port = 0; + int redis_db_idx = 0; + char json_cfg_file[TFE_STRING_MAX] = {0}, maat_stat_file[TFE_STRING_MAX] = {0}; + const char * instance_name = "pangu"; + MESA_load_profile_int_def(profile, section, "MAAT_INPUT_MODE", &(input_mode), 0); + MESA_load_profile_int_def(profile, section, "STAT_SWITCH", &(maat_stat_on), 1); + MESA_load_profile_int_def(profile, section, "PERF_SWITCH", &(maat_perf_on), 1); - MESA_load_profile_string_def(profile,section,"TABLE_INFO",table_info, sizeof(table_info),""); - - MESA_load_profile_string_def(profile,section,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); + MESA_load_profile_string_def(profile, section, "TABLE_INFO", table_info, sizeof(table_info), ""); - MESA_load_profile_string_def(profile,section,"MAAT_REDIS_SERVER",redis_server, sizeof(redis_server),""); - MESA_load_profile_int_def(profile,section,"MAAT_REDIS_PORT", &(redis_port),6379); - MESA_load_profile_int_def(profile,section,"MAAT_REDIS_DB_INDEX", &(redis_db_idx),0); - + MESA_load_profile_string_def(profile, section, "JSON_CFG_FILE", json_cfg_file, sizeof(json_cfg_file), ""); - MESA_load_profile_string_def(profile,section,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),""); - MESA_load_profile_string_def(profile,section,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); - - MESA_load_profile_string_def(profile,section,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file),""); - MESA_load_profile_int_def(profile,section,"EFFECT_INTERVAL_S", &(effect_interval),60); + MESA_load_profile_string_def(profile, section, "MAAT_REDIS_SERVER", redis_server, sizeof(redis_server), ""); + MESA_load_profile_int_def(profile, section, "MAAT_REDIS_PORT", &(redis_port), 6379); + MESA_load_profile_int_def(profile, section, "MAAT_REDIS_DB_INDEX", &(redis_db_idx), 0); - effect_interval*=1000;//convert s to ms - assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0); + MESA_load_profile_string_def(profile, section, "INC_CFG_DIR", inc_cfg_dir, sizeof(inc_cfg_dir), ""); + MESA_load_profile_string_def(profile, section, "FULL_CFG_DIR", ful_cfg_dir, sizeof(ful_cfg_dir), ""); - target=Maat_feather(max_thread,table_info, logger); - Maat_set_feather_opt(target,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); - switch(input_mode) + MESA_load_profile_string_def(profile, section, "STAT_FILE", maat_stat_file, sizeof(maat_stat_file), ""); + MESA_load_profile_int_def(profile, section, "EFFECT_INTERVAL_S", &(effect_interval), 60); + + effect_interval *= 1000;//convert s to ms + assert(strlen(inc_cfg_dir) != 0 && strlen(ful_cfg_dir) != 0); + + target = Maat_feather(max_thread, table_info, logger); + Maat_set_feather_opt(target, MAAT_OPT_INSTANCE_NAME, instance_name, strlen(instance_name) + 1); + switch (input_mode) { - case MAAT_INPUT_JSON: - Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); + case MAAT_INPUT_JSON: + Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file) + 1); break; - case MAAT_INPUT_REDIS: - Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP,redis_server, strlen(redis_server)+1); - Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port, sizeof(redis_port)); - Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx)); + case MAAT_INPUT_REDIS: Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP, redis_server, strlen(redis_server) + 1); + Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port, sizeof(redis_port)); + Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx)); break; - case MAAT_INPUT_FILE: - Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); - Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); + case MAAT_INPUT_FILE: Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir) + 1); + Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir) + 1); break; - default: - TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode); + default: TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode); goto error_out; break; } - if(maat_stat_on) + if (maat_stat_on) { - Maat_set_feather_opt(target, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1); + Maat_set_feather_opt(target, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file) + 1); Maat_set_feather_opt(target, MAAT_OPT_STAT_ON, NULL, 0); - if(maat_perf_on) + if (maat_perf_on) { Maat_set_feather_opt(target, MAAT_OPT_PERF_ON, NULL, 0); } @@ -132,8 +128,8 @@ static Maat_feather_t create_maat_feather(const char* profile, const char* secti Maat_set_feather_opt(target, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval)); Maat_set_feather_opt(target, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail)); - ret=Maat_initiate_feather(target); - if(ret<0) + ret = Maat_initiate_feather(target); + if (ret < 0) { TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__); goto error_out; @@ -145,54 +141,57 @@ error_out: } int pangu_http_init(struct tfe_proxy * proxy) { - const char* profile="./pangu_conf/pangu_pxy.conf"; - const char* logfile="./log/pangu_pxy.log"; - g_pangu_rt=ALLOC(struct pangu_rt,1); - g_pangu_rt->thread_num=16; - MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level),0); - g_pangu_rt->local_logger=MESA_create_runtime_log_handle(logfile, g_pangu_rt->log_level); - g_pangu_rt->send_logger=pangu_log_handle_create(profile, "LOG", g_pangu_rt->local_logger); - if(!g_pangu_rt->send_logger) + const char * profile = "./pangu_conf/pangu_pxy.conf"; + const char * logfile = "./log/pangu_pxy.log"; + g_pangu_rt = ALLOC(struct pangu_rt, 1); + g_pangu_rt->thread_num = 16; + MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level), 0); + g_pangu_rt->local_logger = MESA_create_runtime_log_handle(logfile, g_pangu_rt->log_level); + g_pangu_rt->send_logger = pangu_log_handle_create(profile, "LOG", g_pangu_rt->local_logger); + if (!g_pangu_rt->send_logger) { goto error_out; } - g_pangu_rt->maat=create_maat_feather(profile, "MAAT", g_pangu_rt->thread_num, g_pangu_rt->local_logger); - if(!g_pangu_rt->maat) + g_pangu_rt->maat = create_maat_feather(profile, "MAAT", g_pangu_rt->thread_num, g_pangu_rt->local_logger); + if (!g_pangu_rt->maat) { goto error_out; } - const char* table_name[__SCAN_TABLE_MAX]; - table_name[PXY_CTRL_IP]="PXY_CTRL_IP"; - table_name[PXY_CTRL_HTTP_URL]="PXY_CTRL_HTTP_URL"; - table_name[PXY_CTRL_HTTP_REQ_HDR]="PXY_CTRL_HTTP_REQ_HDR"; - table_name[PXY_CTRL_HTTP_REQ_BODY]="PXY_CTRL_HTTP_REQ_BODY"; - table_name[PXY_CTRL_HTTP_RES_HDR]="PXY_CTRL_HTTP_RES_HDR"; - table_name[PXY_CTRL_HTTP_RES_BODY]="PXY_CTRL_HTTP_RES_BODY"; - for(int i=0;i<__SCAN_TABLE_MAX;i++) + const char * table_name[__SCAN_TABLE_MAX]; + table_name[PXY_CTRL_IP] = "PXY_CTRL_IP"; + table_name[PXY_CTRL_HTTP_URL] = "PXY_CTRL_HTTP_URL"; + table_name[PXY_CTRL_HTTP_REQ_HDR] = "PXY_CTRL_HTTP_REQ_HDR"; + table_name[PXY_CTRL_HTTP_REQ_BODY] = "PXY_CTRL_HTTP_REQ_BODY"; + table_name[PXY_CTRL_HTTP_RES_HDR] = "PXY_CTRL_HTTP_RES_HDR"; + table_name[PXY_CTRL_HTTP_RES_BODY] = "PXY_CTRL_HTTP_RES_BODY"; + for (int i = 0; i < __SCAN_TABLE_MAX; i++) { - - g_pangu_rt->scan_table_id[i]=Maat_table_register(g_pangu_rt->maat, table_name[i]); - if(g_pangu_rt->scan_table_id[i]<0) + + g_pangu_rt->scan_table_id[i] = Maat_table_register(g_pangu_rt->maat, table_name[i]); + if (g_pangu_rt->scan_table_id[i] < 0) { TFE_LOG_ERROR(NULL, "Pangu HTTP Maat table %s register failed.", table_name[i]); goto error_out; } } - + char page_path[256]; memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path,sizeof(page_path), "./pangu_conf/template/HTTP403.html"); - g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP); + MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path, sizeof(page_path), + "./pangu_conf/template/HTTP403.html"); + g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path,sizeof(page_path), "./pangu_conf/template/HTTP404.html"); - g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP); + MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path, sizeof(page_path), + "./pangu_conf/template/HTTP404.html"); + g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); memset(page_path, 0, sizeof(page_path)); - MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path,sizeof(page_path), "./pangu_conf/template/HTTP451.html"); - g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP); - + MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path, sizeof(page_path), + "./pangu_conf/template/HTTP451.html"); + g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP); + TFE_LOG_INFO(NULL, "Pangu HTTP init success."); return 0; - + error_out: TFE_LOG_ERROR(NULL, "Pangu HTTP init failed."); return -1; @@ -200,25 +199,25 @@ error_out: static void _wrap_std_field_write(struct tfe_http_half * half, enum tfe_http_std_field field_id, const char * value) { struct http_field_name tmp_name; - tmp_name.field_id=field_id; - tmp_name.field_name=NULL; + tmp_name.field_id = field_id; + tmp_name.field_name = NULL; tfe_http_field_write(half, &tmp_name, value); return; } #if 0 static void _wrap_non_std_field_write(struct tfe_http_half * half, const char* field_name, const char * value) { - struct http_field_name tmp_name; - tmp_name.field_id=TFE_HTTP_UNKNOWN_FIELD; - //todo remove force convert after tfe_http.h improved. - tmp_name.field_name=(char*)field_name; - tfe_http_field_write(half, &tmp_name, value); - return; + struct http_field_name tmp_name; + tmp_name.field_id=TFE_HTTP_UNKNOWN_FIELD; + //todo remove force convert after tfe_http.h improved. + tmp_name.field_name=(char*)field_name; + tfe_http_field_write(half, &tmp_name, value); + return; } #endif enum replace_zone { - kZoneRequestUri=0, + kZoneRequestUri = 0, kZoneRequestHeaders, kZoneRequestBody, kZoneResponseHeader, @@ -228,158 +227,167 @@ enum replace_zone struct replace_rule { enum replace_zone zone; - char* find; - char* replace_with; + char * find; + char * replace_with; }; struct replace_ctx { - struct replace_rule* rule; + struct replace_rule * rule; size_t n_rule; struct tfe_http_half * replacing; - struct evbuffer* http_body; + struct evbuffer * http_body; size_t body_size; }; + struct pangu_http_ctx { enum pangu_action action; - char* action_para; + char * action_para; scan_status_t mid; stream_para_t sp; - - struct Maat_rule_t* enforce_rules; + + struct Maat_rule_t * enforce_rules; size_t n_enforce; - char* enforce_para; - - struct replace_ctx *rep_ctx; + char * enforce_para; + + struct replace_ctx * rep_ctx; int thread_id; }; -static struct pangu_http_ctx* pangu_http_ctx_new(unsigned int thread_id) +static struct pangu_http_ctx * pangu_http_ctx_new(unsigned int thread_id) { - struct pangu_http_ctx* ctx=ALLOC(struct pangu_http_ctx,1); - ctx->mid=NULL; - ctx->thread_id=(int)thread_id; + struct pangu_http_ctx * ctx = ALLOC(struct pangu_http_ctx, 1); + ctx->mid = NULL; + ctx->thread_id = (int) thread_id; return ctx; } -static void pangu_http_ctx_free(struct pangu_http_ctx* ctx) + +static void pangu_http_ctx_free(struct pangu_http_ctx * ctx) { - if(ctx->rep_ctx!=NULL) + if (ctx->rep_ctx != NULL) { - for(size_t i=0;irep_ctx->n_rule;i++) + for (size_t i = 0; i < ctx->rep_ctx->n_rule; i++) { FREE(&(ctx->rep_ctx->rule[i].find)); FREE(&(ctx->rep_ctx->rule[i].replace_with)); } evbuffer_free(ctx->rep_ctx->http_body); - ctx->rep_ctx->http_body=NULL; + ctx->rep_ctx->http_body = NULL; //todo destroy http_half; - assert(ctx->rep_ctx->replacing==NULL); + assert(ctx->rep_ctx->replacing == NULL); FREE(&ctx->rep_ctx); } FREE(&ctx->enforce_rules); FREE(&ctx->enforce_para); Maat_clean_status(&(ctx->mid)); - assert(ctx->sp==NULL); - ctx->mid=NULL; + assert(ctx->sp == NULL); + ctx->mid = NULL; FREE(&ctx); } -inline void addr_tfe2sapp(const struct tfe_stream_addr* tfe_addr, struct ipaddr* sapp_addr) + +inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct ipaddr * sapp_addr) { - sapp_addr->addrtype=tfe_addr->addrtype; - sapp_addr->paddr=(char*)tfe_addr->paddr; + sapp_addr->addrtype = tfe_addr->addrtype; + sapp_addr->paddr = (char *) tfe_addr->paddr; return; } //enforce_rules[0] contains execute action. -static enum pangu_action decide_ctrl_action(const struct Maat_rule_t* hit_rules,size_t n_hit, - struct Maat_rule_t**enforce_rules, size_t* n_enforce) +static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit, + struct Maat_rule_t ** enforce_rules, size_t * n_enforce) { - size_t n_monit=0, exist_enforce_num=0,i=0; - const struct Maat_rule_t* prior_rule=hit_rules; + size_t n_monit = 0, exist_enforce_num = 0, i = 0; + const struct Maat_rule_t * prior_rule = hit_rules; struct Maat_rule_t monit_rule[n_hit]; - enum pangu_action prior_action=PG_ACTION_NONE; - for(i=0;iprior_action) + if ((enum pangu_action) hit_rules[i].action > prior_action) { - prior_rule=hit_rules+i; - prior_action=(enum pangu_action)hit_rules[i].action; + prior_rule = hit_rules + i; + prior_action = (enum pangu_action) hit_rules[i].action; } - else if((enum pangu_action)hit_rules[i].action==prior_action) + else if ((enum pangu_action) hit_rules[i].action == prior_action) { - if(hit_rules[i].config_idconfig_id) + if (hit_rules[i].config_id < prior_rule->config_id) { - prior_rule=hit_rules+i; + prior_rule = hit_rules + i; } - } else { continue; } } - if(prior_action==PG_ACTION_WHITELIST) + + if (prior_action == PG_ACTION_WHITELIST) { return PG_ACTION_WHITELIST; } - - exist_enforce_num=*n_enforce; - if(prior_action==PG_ACTION_MONIT) + + exist_enforce_num = *n_enforce; + if (prior_action == PG_ACTION_MONIT) { - *n_enforce+=n_monit; - + *n_enforce += n_monit; } else { - *n_enforce+=n_monit+1; + *n_enforce += n_monit + 1; } - *enforce_rules=(struct Maat_rule_t*)realloc(*enforce_rules, sizeof(struct Maat_rule_t)*(*n_enforce)); - memcpy(*enforce_rules+exist_enforce_num, prior_rule, sizeof(struct Maat_rule_t)); - memcpy(*enforce_rules+exist_enforce_num+1, monit_rule, n_monit*sizeof(struct Maat_rule_t)); - + + *enforce_rules = (struct Maat_rule_t *) realloc(*enforce_rules, sizeof(struct Maat_rule_t) * (*n_enforce)); + + if (prior_action == PG_ACTION_MONIT) + { + memcpy(*enforce_rules + exist_enforce_num, monit_rule, n_monit * sizeof(struct Maat_rule_t)); + } + else + { + memcpy(*enforce_rules + exist_enforce_num, prior_rule, sizeof(struct Maat_rule_t)); + memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct Maat_rule_t)); + } + return prior_action; } //https://github.com/AndiDittrich/HttpErrorPages static void html_generate(int cfg_id, int status_code, - char** page_buff,size_t *page_size) + char ** page_buff, size_t * page_size) { ctemplate::TemplateDictionary dict("pg_page_dict"); dict.SetIntValue("cfg_id", cfg_id); std::string output; - ctemplate::Template* tpl=NULL; - switch(status_code) + ctemplate::Template * tpl = NULL; + switch (status_code) { - case 403: - tpl=g_pangu_rt->tpl_403; + case 403: tpl = g_pangu_rt->tpl_403; break; - case 404: - tpl=g_pangu_rt->tpl_404; + case 404: tpl = g_pangu_rt->tpl_404; break; - case 451: - tpl=g_pangu_rt->tpl_451; + case 451: tpl = g_pangu_rt->tpl_451; break; - default: - return; + default: return; } tpl->Expand(&output, &dict); //todo: do I need to delete dict? - *page_size=output.length(); - *page_buff=ALLOC(char, *page_size); - memcpy(*page_buff,output.c_str(), *page_size); + *page_size = output.length(); + *page_buff = ALLOC(char, *page_size); + memcpy(*page_buff, output.c_str(), *page_size); } -static void html_free(char** page_buff) +static void html_free(char ** page_buff) { FREE(page_buff); return; } static int is_http_request(enum tfe_http_event events) { - if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_REQ_BODY_CONT)) + if ((events & EV_HTTP_REQ_HDR) | (events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_REQ_BODY_END) + | (events & EV_HTTP_REQ_BODY_CONT)) { return 1; } @@ -389,41 +397,41 @@ static int is_http_request(enum tfe_http_event events) } } -enum replace_zone zone_name_to_id(const char* name) +enum replace_zone zone_name_to_id(const char * name) { - const char* std_name[]={"http_req_uri", - "http_req_header", - "http_req_body", - "http_resp_header", - "http_resp_body", - "http_resp_body"}; - size_t i=0; - for(i=0; ireplace_with); - - status=regcomp(®, zone->find, REG_EXTENDED|REG_NEWLINE); - if(status!=0) + size_t replace_len = strlen(zone->replace_with); + + status = regcomp(®, zone->find, REG_EXTENDED | REG_NEWLINE); + if (status != 0) { char error_message[TFE_STRING_MAX]; - regerror (status, ®, error_message, sizeof(error_message)); - TFE_LOG_ERROR(g_pangu_rt->local_logger,"Regex error compiling '%s': %s\n", - zone->find, error_message); + regerror(status, ®, error_message, sizeof(error_message)); + TFE_LOG_ERROR(g_pangu_rt->local_logger, "Regex error compiling '%s': %s\n", + zone->find, error_message); regfree(®); return NULL; } - + /* "p" is a pointer into the string which points to the end of the previous match. */ - const char *p = in; + const char * p = in; /* "pre_sub_expr_end" is a pointer into the string which points to the end of the previous sub expression match. */ - const char *pre_sub_expr_end=NULL; - + const char * pre_sub_expr_end = NULL; + /* "N_matches" is the maximum number of matches allowed. */ const int n_matches = MAX_EDIT_MATCHES; /* "M" contains the matches found. */ regmatch_t m[n_matches]; int i = 0; - while (1) { - int nomatch = regexec (®, p, n_matches, m, 0); + while (1) + { + int nomatch = regexec(®, p, n_matches, m, 0); if (nomatch) { break; } - if(is_replaced==0) + if (is_replaced == 0) { - out=evbuffer_new(); - is_replaced=1; + out = evbuffer_new(); + is_replaced = 1; } - assert(m[0].rm_so!=-1); - pre_sub_expr_end=p; - if(m[1].rm_so == -1)//no sub expr, replace the entire expr. + assert(m[0].rm_so != -1); + pre_sub_expr_end = p; + if (m[1].rm_so == -1)//no sub expr, replace the entire expr. { - evbuffer_add(out, pre_sub_expr_end, m[0].rm_so-(pre_sub_expr_end-p)); + evbuffer_add(out, pre_sub_expr_end, m[0].rm_so - (pre_sub_expr_end - p)); evbuffer_add(out, zone->replace_with, replace_len); - pre_sub_expr_end=p + m[0].rm_eo; + pre_sub_expr_end = p + m[0].rm_eo; } - else //have sub expr, replace the sub expr. + else //have sub expr, replace the sub expr. { - for (i = 1, pre_sub_expr_end=p; i < n_matches; i++) + for (i = 1, pre_sub_expr_end = p; i < n_matches; i++) { - if (m[i].rm_so == -1) + if (m[i].rm_so == -1) { break; - } - evbuffer_add(out, pre_sub_expr_end, m[i].rm_so-(pre_sub_expr_end-p)); + } + evbuffer_add(out, pre_sub_expr_end, m[i].rm_so - (pre_sub_expr_end - p)); evbuffer_add(out, zone->replace_with, replace_len); pre_sub_expr_end = p + m[i].rm_eo; } } p += m[0].rm_eo; } - if(is_replaced) + if (is_replaced) { - evbuffer_add(out, pre_sub_expr_end, in_sz-(pre_sub_expr_end-p)); + evbuffer_add(out, pre_sub_expr_end, in_sz - (pre_sub_expr_end - p)); } - regfree(®); + regfree(®); return out; - + } -struct evbuffer* execute_replace_rule(const char* in, size_t in_sz, - enum replace_zone zone, const struct replace_rule* rules, size_t n_rule) +struct evbuffer * execute_replace_rule(const char * in, size_t in_sz, + enum replace_zone zone, const struct replace_rule * rules, size_t n_rule) { - const struct replace_rule* todo[MAX_EDIT_ZONE_NUM]; - size_t n_todo=0, i=0; - struct evbuffer* out=NULL; - const char* interator=NULL; - struct evbuffer* new_out=NULL, *pre_out=NULL; - if(in==0) + const struct replace_rule * todo[MAX_EDIT_ZONE_NUM]; + size_t n_todo = 0, i = 0; + struct evbuffer * out = NULL; + const char * interator = NULL; + struct evbuffer * new_out = NULL, * pre_out = NULL; + if (in == 0) { return NULL; } //Do not process buffer that contains '\0'. - if(0!=memchr(in, '\0', in_sz)) - { + if (0 != memchr(in, '\0', in_sz)) + { return NULL; } - n_todo=select_replace_rule(zone, rules, n_rule, todo, MAX_EDIT_ZONE_NUM); - interator=in; - for(i=0; ireq->req_spec.uri); + TFE_STREAM_LOG_INFO(stream, "tfe_http_session_allow_write() %s failed.", session->req->req_spec.uri); tfe_http_session_detach(session); return; } - if(ctx->rep_ctx==NULL) + if (ctx->rep_ctx == NULL) { - ctx->rep_ctx=rep_ctx=ALLOC(struct replace_ctx, 1); - rep_ctx->rule=ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM); - rep_ctx->n_rule=format_replace_rule(ctx->enforce_para, rep_ctx->rule, MAX_EDIT_ZONE_NUM); + ctx->rep_ctx = rep_ctx = ALLOC(struct replace_ctx, 1); + rep_ctx->rule = ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM); + rep_ctx->n_rule = format_replace_rule(ctx->enforce_para, rep_ctx->rule, MAX_EDIT_ZONE_NUM); } - if(events&EV_HTTP_REQ_HDR) + if (events & EV_HTTP_REQ_HDR) { - rewrite_url=execute_replace_rule(session->req->req_spec.uri, strlen(session->req->req_spec.uri), + rewrite_url = execute_replace_rule(session->req->req_spec.uri, strlen(session->req->req_spec.uri), kZoneRequestUri, rep_ctx->rule, rep_ctx->n_rule); } - if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_RESP_HDR)) + if ((events & EV_HTTP_REQ_HDR) | (events & EV_HTTP_RESP_HDR)) { - - if(events&EV_HTTP_REQ_HDR) + + if (events & EV_HTTP_REQ_HDR) { - rep_ctx->replacing=tfe_http_session_request_create(to_write_sess, session->req->req_spec.method, - rewrite_url!=NULL ? (char*)evbuffer_pullup(rewrite_url,-1) : session->req->req_spec.uri); + rep_ctx->replacing = tfe_http_session_request_create(to_write_sess, session->req->req_spec.method, + rewrite_url != NULL ? (char *) evbuffer_pullup(rewrite_url, -1) : session->req->req_spec.uri); evbuffer_free(rewrite_url); - rewrite_url=NULL; + rewrite_url = NULL; } else { - rep_ctx->replacing=tfe_http_session_response_create(to_write_sess, session->resp->resp_spec.resp_code); + rep_ctx->replacing = tfe_http_session_response_create(to_write_sess, session->resp->resp_spec.resp_code); } - while(1) + while (1) { - buff_in=tfe_http_field_iterate(session->req, &interator, &tmp_name); - if(tmp_name.field_id==TFE_HTTP_CONT_LENGTH) + buff_in = tfe_http_field_iterate(session->req, &interator, &tmp_name); + if (tmp_name.field_id == TFE_HTTP_CONT_LENGTH) { continue; } - if(buff_in!=NULL) + if (buff_in != NULL) { - rewrite_buff=execute_replace_rule(buff_in, strlen(buff_in), - events&EV_HTTP_REQ_HDR?kZoneRequestHeaders:kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule); - tfe_http_field_write(rep_ctx->replacing, &tmp_name, - rewrite_buff!=NULL ? (char*)evbuffer_pullup(rewrite_buff, -1) : buff_in); + rewrite_buff = execute_replace_rule(buff_in, strlen(buff_in), + events & EV_HTTP_REQ_HDR ? kZoneRequestHeaders : kZoneResponseHeader, rep_ctx->rule, + rep_ctx->n_rule); + tfe_http_field_write(rep_ctx->replacing, &tmp_name, + rewrite_buff != NULL ? (char *) evbuffer_pullup(rewrite_buff, -1) : buff_in); evbuffer_free(rewrite_buff); - rewrite_buff=NULL; + rewrite_buff = NULL; } else @@ -678,32 +689,32 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio } } } - if((events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_RESP_BODY_BEGIN)) + if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN)) { - assert(rep_ctx->http_body==NULL); - assert(rep_ctx->body_size=0); - rep_ctx->http_body=evbuffer_new(); + assert(rep_ctx->http_body == NULL); + assert(rep_ctx->body_size = 0); + rep_ctx->http_body = evbuffer_new(); } - if(body_frag!=NULL) + if (body_frag != NULL) { evbuffer_add(rep_ctx->http_body, body_frag, frag_size); rep_ctx->body_size++; } - if((events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_RESP_BODY_END)) + if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END)) { - - assert(rep_ctx->body_size==evbuffer_get_length(rep_ctx->http_body)); - buff_in=(char*)evbuffer_pullup(rep_ctx->http_body, -1); - rewrite_buff=execute_replace_rule(buff_in, rep_ctx->body_size, - events&EV_HTTP_REQ_HDR?kZoneRequestHeaders:kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule); + + assert(rep_ctx->body_size == evbuffer_get_length(rep_ctx->http_body)); + buff_in = (char *) evbuffer_pullup(rep_ctx->http_body, -1); + rewrite_buff = execute_replace_rule(buff_in, rep_ctx->body_size, + events & EV_HTTP_REQ_HDR ? kZoneRequestHeaders : kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule); char cont_len_str[TFE_SYMBOL_MAX]; snprintf(cont_len_str, sizeof(cont_len_str), "%lu", evbuffer_get_length(rewrite_buff)); _wrap_std_field_write(rep_ctx->replacing, TFE_HTTP_CONT_LENGTH, cont_len_str); tfe_http_half_append_body(rep_ctx->replacing, - (char*)evbuffer_pullup(rewrite_buff, -1), evbuffer_get_length(rewrite_buff),0); + (char *) evbuffer_pullup(rewrite_buff, -1), evbuffer_get_length(rewrite_buff), 0); evbuffer_free(rewrite_buff); - rewrite_buff=NULL; - if(is_http_request(events)) + rewrite_buff = NULL; + if (is_http_request(events)) { tfe_http_session_request_set(to_write_sess, rep_ctx->replacing); } @@ -711,158 +722,166 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio { tfe_http_session_response_set(to_write_sess, rep_ctx->replacing); } - rep_ctx->replacing=NULL;//http half's ownership has been transfered to session. - + rep_ctx->replacing = NULL;//http half's ownership has been transfered to session. + evbuffer_free(rep_ctx->http_body); - rep_ctx->http_body=NULL; - rep_ctx->body_size=0; + rep_ctx->http_body = NULL; + rep_ctx->body_size = 0; } return; - - -} -static void http_reject(const struct tfe_http_session * session, enum tfe_http_event events, struct pangu_http_ctx* ctx) -{ - - int resp_code=0,ret=0; - struct tfe_http_half* response=NULL; - char* page_buff=NULL; - size_t page_size=0; - char cont_len_str[TFE_STRING_MAX]; - struct tfe_http_session* to_write_sess=NULL; - ret=sscanf(ctx->enforce_para,"code=%d;",&resp_code); - if(ret!=1) +} +static void http_reject(const struct tfe_http_session * session, enum tfe_http_event events, + struct pangu_http_ctx * ctx) +{ + + int resp_code = 0, ret = 0; + struct tfe_http_half * response = NULL; + char * page_buff = NULL; + size_t page_size = 0; + char cont_len_str[TFE_STRING_MAX]; + struct tfe_http_session * to_write_sess = NULL; + + ret = sscanf(ctx->enforce_para, "code=%d;", &resp_code); + if (ret != 1) { - TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid reject rule %d paramter %s", - ctx->enforce_rules[0].config_id, ctx->enforce_para); + TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid reject rule %d paramter %s", + ctx->enforce_rules[0].config_id, ctx->enforce_para); goto error_out; } - to_write_sess=tfe_http_session_allow_write(session); - response=tfe_http_session_response_create(to_write_sess, resp_code); - + to_write_sess = tfe_http_session_allow_write(session); + response = tfe_http_session_response_create(to_write_sess, resp_code); + html_generate(ctx->enforce_rules[0].config_id, resp_code, &page_buff, &page_size); _wrap_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8"); - snprintf(cont_len_str,sizeof(cont_len_str), "%lu", page_size); + snprintf(cont_len_str, sizeof(cont_len_str), "%lu", page_size); _wrap_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str); tfe_http_half_append_body(response, page_buff, page_size, 0); tfe_http_session_response_set(to_write_sess, response); - response=NULL; + response = NULL; error_out: html_free(&page_buff); return; } -static void http_redirect(const struct tfe_http_session * session, enum tfe_http_event events, struct pangu_http_ctx* ctx) +static void http_redirect(const struct tfe_http_session * session, enum tfe_http_event events, + struct pangu_http_ctx * ctx) { - int resp_code=0,ret=0; - char* url=NULL; - struct tfe_http_half* response=NULL; - struct tfe_http_session* to_write=NULL; - url=ALLOC(char, ctx->enforce_rules[0].serv_def_len); - ret=sscanf(ctx->enforce_para,"code=%d%[^;];url=%*[^;];",&resp_code,url); - if(ret!=2) + int resp_code = 0, ret = 0; + char * url = NULL; + struct tfe_http_half * response = NULL; + struct tfe_http_session * to_write = NULL; + url = ALLOC(char, ctx->enforce_rules[0].serv_def_len); + ret = sscanf(ctx->enforce_para, "code=%d%[^;];url=%*[^;];", &resp_code, url); + if (ret != 2) { - TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid redirect rule %d paramter %s", - ctx->enforce_rules[0].config_id, ctx->enforce_para); + TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid redirect rule %d paramter %s", + ctx->enforce_rules[0].config_id, ctx->enforce_para); goto error_out; } - - to_write=tfe_http_session_allow_write(session); - response=tfe_http_session_response_create(to_write, resp_code); + + to_write = tfe_http_session_allow_write(session); + response = tfe_http_session_response_create(to_write, resp_code); _wrap_std_field_write(response, TFE_HTTP_LOCATION, url); tfe_http_session_response_set(to_write, response); - response=NULL; - + response = NULL; + error_out: free(url); return; } -enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_http_event events, - const unsigned char* body_frag, size_t frag_size, struct pangu_http_ctx* ctx) +enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_http_event events, + const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx) { - void * interator=NULL; - const char* field_val=NULL; + void * interator = NULL; + const char * field_val = NULL; struct http_field_name field_name; struct Maat_rule_t result[MAX_SCAN_RESULT]; - char buff[TFE_STRING_MAX], *p=NULL; - int scan_ret=0, table_id=0, read_rule_ret=0; - size_t hit_cnt=0, i=0; - if(events&EV_HTTP_REQ_HDR) + char buff[TFE_STRING_MAX], * p = NULL; + int scan_ret = 0, table_id = 0, read_rule_ret = 0; + size_t hit_cnt = 0, i = 0; + + if (events & EV_HTTP_REQ_HDR) { - scan_ret=Maat_full_scan_string(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_URL], - CHARSET_UTF8, session->req->req_spec.url, strlen(session->req->req_spec.url), - result, NULL, MAX_SCAN_RESULT, &(ctx->mid), ctx->thread_id); - if(scan_ret>0) + const char * str_url = session->req->req_spec.url; + int str_url_length = (int) (strlen(session->req->req_spec.url)); + + scan_ret = Maat_full_scan_string(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_URL], + CHARSET_UTF8, str_url, str_url_length, result, NULL, MAX_SCAN_RESULT, &(ctx->mid), ctx->thread_id); + + if (scan_ret > 0) { - hit_cnt+=scan_ret; + hit_cnt += scan_ret; } } - if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_RESP_HDR)) + + if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR)) { - table_id=events&EV_HTTP_REQ_HDR?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_HDR]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_HDR]; - while(hit_cntscan_table_id[PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt + ->scan_table_id[PXY_CTRL_HTTP_RES_HDR]; + while (hit_cnt < MAX_SCAN_RESULT) { - field_val=tfe_http_field_iterate(session->req, &interator, &field_name); - if(field_val==NULL) + field_val = tfe_http_field_iterate(session->req, &interator, &field_name); + if (field_val == NULL) { break; } const char * str_field_name = http_field_to_string(&field_name); - scan_ret=Maat_set_scan_status(g_pangu_rt->maat, &(ctx->mid), MAAT_SET_SCAN_DISTRICT, - str_field_name,strlen(str_field_name)); + scan_ret = Maat_set_scan_status(g_pangu_rt->maat, &(ctx->mid), MAAT_SET_SCAN_DISTRICT, + str_field_name, strlen(str_field_name)); - assert(scan_ret==0); - scan_ret=Maat_full_scan_string(g_pangu_rt->maat, table_id, - CHARSET_UTF8, field_val, strlen(field_val), - result+hit_cnt, NULL, MAX_SCAN_RESULT-hit_cnt, &(ctx->mid), ctx->thread_id); - if(scan_ret>0) + assert(scan_ret == 0); + scan_ret = Maat_full_scan_string(g_pangu_rt->maat, table_id, + CHARSET_UTF8, field_val, strlen(field_val), + result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->mid), ctx->thread_id); + if (scan_ret > 0) { - hit_cnt+=scan_ret; + hit_cnt += scan_ret; } } } - if((events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_RESP_BODY_BEGIN)) + if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN)) { - assert(ctx->sp==NULL); - table_id=events&EV_HTTP_REQ_BODY_BEGIN?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_BODY]; - ctx->sp=Maat_stream_scan_string_start(g_pangu_rt->maat, table_id, ctx->thread_id); + assert(ctx->sp == NULL); + table_id = events & EV_HTTP_REQ_BODY_BEGIN ? g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY] : g_pangu_rt + ->scan_table_id[PXY_CTRL_HTTP_RES_BODY]; + ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat, table_id, ctx->thread_id); } - if(body_frag!=NULL) + if (body_frag != NULL) { - scan_ret=Maat_stream_scan_string(&(ctx->sp),CHARSET_UTF8, (const char*)body_frag, (int)frag_size - ,result+hit_cnt, NULL, MAX_SCAN_RESULT-hit_cnt, &(ctx->mid)); - if(scan_ret>0) + scan_ret = Maat_stream_scan_string(&(ctx->sp), CHARSET_UTF8, (const char *) body_frag, (int) frag_size, + result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->mid)); + if (scan_ret > 0) { - hit_cnt+=scan_ret; + hit_cnt += scan_ret; } } - if((events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_RESP_BODY_END)) + if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END)) { Maat_stream_scan_string_end(&(ctx->sp)); - ctx->sp=NULL; + ctx->sp = NULL; } - if(hit_cnt>0) + if (hit_cnt > 0) { - ctx->action=decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); - if(ctx->enforce_rules[0].serv_def_len>MAX_SERVICE_DEFINE_LEN) + ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); + if (ctx->enforce_rules[0].serv_def_len > MAX_SERVICE_DEFINE_LEN) { - ctx->enforce_para=ALLOC(char, ctx->enforce_rules->serv_def_len); - read_rule_ret=Maat_read_rule(g_pangu_rt->maat, ctx->enforce_rules+0, + ctx->enforce_para = ALLOC(char, ctx->enforce_rules->serv_def_len); + read_rule_ret = Maat_read_rule(g_pangu_rt->maat, ctx->enforce_rules + 0, MAAT_RULE_SERV_DEFINE, ctx->enforce_para, ctx->enforce_rules[0].serv_def_len); - assert(read_rule_ret== ctx->enforce_rules[0].serv_def_len); + assert(read_rule_ret == ctx->enforce_rules[0].serv_def_len); } - if(hit_cnt>1) + if (hit_cnt > 1) { - p=buff; - for(i=0;ilocal_logger, "Multiple rules matched: url=%s num=%lu ids=%s execute=%d.", - session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id); + *p = '\0'; + TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%lu ids=%s execute=%d.", + session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id); } } return ctx->action; @@ -870,95 +889,87 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht void pangu_on_http_begin(const struct tfe_stream * stream, const struct tfe_http_session * session, unsigned int thread_id, void ** pme) - { - struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme; + struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme; struct Maat_rule_t result[MAX_SCAN_RESULT]; struct ipaddr sapp_addr; - int hit_cnt=0; - assert(ctx==NULL); - ctx=pangu_http_ctx_new(thread_id); + int hit_cnt = 0; + assert(ctx == NULL); + ctx = pangu_http_ctx_new(thread_id); addr_tfe2sapp(stream->addr, &sapp_addr); - hit_cnt=Maat_scan_proto_addr(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_IP], &sapp_addr, 0, - result, MAX_SCAN_RESULT, &(ctx->mid), (int)thread_id); - if(hit_cnt>0) + hit_cnt = Maat_scan_proto_addr(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_IP], &sapp_addr, 0, + result, MAX_SCAN_RESULT, &(ctx->mid), (int) thread_id); + + if (hit_cnt > 0) { - ctx->action=decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); + ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); } - if(ctx->action==PG_ACTION_WHITELIST) + if (ctx->action == PG_ACTION_WHITELIST) { tfe_http_session_detach(session); } - *pme=ctx; + *pme = ctx; return; } - void pangu_on_http_end(const struct tfe_stream * stream, const struct tfe_http_session * session, unsigned int thread_id, void ** pme) - { - struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme; - struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce}; - if(ctx->action!=PG_ACTION_NONE) + struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme; + struct pangu_log log_msg = {.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce}; + if (ctx->action != PG_ACTION_NONE) { pangu_send_log(g_pangu_rt->send_logger, &log_msg); } pangu_http_ctx_free(ctx); - *pme=NULL; + *pme = NULL; return; } -void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_session * session, - enum tfe_http_event events, const unsigned char * body_frag, size_t frag_size, unsigned int thread_id, void ** pme) +void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_session * session, + enum tfe_http_event events, const unsigned char * body_frag, size_t frag_size, unsigned int thread_id, void ** pme) { - struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme; - enum pangu_action hit_action=PG_ACTION_NONE; + struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme; + enum pangu_action hit_action = PG_ACTION_NONE; Re_Enter: - switch(ctx->action) + switch (ctx->action) { - case PG_ACTION_NONE: - hit_action=http_scan(session, events, body_frag, frag_size, ctx); - if(hit_action!=PG_ACTION_NONE) + case PG_ACTION_NONE: hit_action = http_scan(session, events, body_frag, frag_size, ctx); + if (hit_action != PG_ACTION_NONE) { //ctx->action changed in http_scan. goto Re_Enter; } break; - case PG_ACTION_MONIT: + case PG_ACTION_MONIT: //send log on close. break; - case PG_ACTION_REJECT: - http_reject(session, events, ctx); + case PG_ACTION_REJECT: http_reject(session, events, ctx); break; - case PG_ACTION_REDIRECT: - http_redirect(session, events, ctx); - case PG_ACTION_REPLACE: - http_replace(stream, session, events, body_frag, frag_size,ctx); + case PG_ACTION_REDIRECT: http_redirect(session, events, ctx); + case PG_ACTION_REPLACE: http_replace(stream, session, events, body_frag, frag_size, ctx); break; - case PG_ACTION_WHITELIST: - tfe_http_session_detach(session); + case PG_ACTION_WHITELIST: tfe_http_session_detach(session); break; - default: - assert(0); + default: assert(0); break; } return; } -struct tfe_plugin pangu_http_spec={ - .symbol=NULL, - .type = TFE_PLUGIN_TYPE_BUSINESS, - .on_init = pangu_http_init, - .on_deinit = NULL, - .on_open = NULL, - .on_data = NULL, - .on_close = NULL, - .on_session_begin=pangu_on_http_begin, - .on_session_data=pangu_on_http_data, - .on_session_end=pangu_on_http_end - }; +struct tfe_plugin pangu_http_spec = { + .symbol=NULL, + .type = TFE_PLUGIN_TYPE_BUSINESS, + .on_init = pangu_http_init, + .on_deinit = NULL, + .on_open = NULL, + .on_data = NULL, + .on_close = NULL, + .on_session_begin=pangu_on_http_begin, + .on_session_data=pangu_on_http_data, + .on_session_end=pangu_on_http_end +}; TFE_PLUGIN_REGISTER(pangu_http, pangu_http_spec) diff --git a/plugin/business/pangu-http/pangu_logger.cpp b/plugin/business/pangu-http/pangu_logger.cpp index eef2cf6..3a01c9c 100644 --- a/plugin/business/pangu-http/pangu_logger.cpp +++ b/plugin/business/pangu-http/pangu_logger.cpp @@ -1,5 +1,3 @@ -#include "pangu_logger.h" -#include #include #include @@ -15,6 +13,9 @@ #include #include +#include +#include "pangu_logger.h" + struct json_spec { const char *log_filed_name; @@ -42,8 +43,6 @@ struct pangu_logger char local_log_path[TFE_STRING_MAX]; }; - - static unsigned int get_ip_by_eth_name(const char *ifname) { int sockfd; @@ -99,8 +98,6 @@ static rd_kafka_t * create_kafka_handle(const char* brokerlist) return handle; } - - struct pangu_logger* pangu_log_handle_create(const char* profile, const char* section, void* local_logger) { int ret=-1; @@ -218,7 +215,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) } for(size_t i=0;ireq, resp_fields[i].field_id); + tmp_val=_wrap_std_field_read(http->resp, resp_fields[i].field_id); if(tmp_val!=NULL) { cJSON_AddStringToObject(common_obj,resp_fields[i].log_filed_name, tmp_val); @@ -234,6 +231,8 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) cJSON_AddNumberToObject(per_hit_obj, "cfg_id", log_msg->result[i].config_id); cJSON_AddNumberToObject(per_hit_obj, "service", log_msg->result[i].service_id); log_payload = cJSON_Print(per_hit_obj); + + fprintf(stderr, "%s\n", log_payload); kafka_status = rd_kafka_produce(handle->kafka_topic, RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, log_payload, strlen(log_payload), NULL, 0, NULL); free(log_payload); @@ -247,5 +246,3 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) cJSON_free(common_obj); return 0; } - -