TSG-10595 Proxy-Deny中Subscriber ID替换修复，TSG-10601 上传文件窗口限制问题修复

2022-05-20 17:14:01 +08:00
parent e0126b7d32
commit 1c59946096
3 changed files with 100 additions and 108 deletions
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -1585,54 +1585,63 @@ static void http_get_subscriber_id(const struct tfe_stream * stream, char *repla
            TFE_LOG_ERROR(g_pangu_rt->local_logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", ret, stream->str_stream_info);
        }
    }
 	if(strlen(source_subscribe_id) > 0)
 	{
 		snprintf(replace_regex, TFE_SYMBOL_MAX, "%s", source_subscribe_id);
 	}
 	else
 	{
 		snprintf(replace_regex, TFE_SYMBOL_MAX, "%s", " ");
 	}
 }
-static int http_regex_replace_message(const struct tfe_stream * stream, char *message, int profile_id, char **rewrite_message)
+static int http_regex_replace(const struct tfe_stream * stream, char *message, int profile_id, char **rewrite_message)
 {
 	int i=0, n_rule=0;
 	char replace_with[TFE_SYMBOL_MAX]={0};
-	struct replace_rule *rule;
+
 	struct replace_rule rule[3];
 	memset(rule, 0, sizeof(struct replace_rule));
 	if(message == NULL)
 	{
 		return 0;
 	}
-	if(strstr(message, "tsg_policy_id")==NULL && strstr(message, "tsg_subscriber_id")==NULL && strstr(message, "tsg_client_ip")==NULL)
+	if(strcasestr(message,"{{tsg_policy_id}}") != NULL)
 	{
 		return 0;
 	}
 	rule = ALLOC(struct replace_rule, 3);
 	n_rule=0;
 		rule[n_rule].zone = kZoneRequestUri;
 		rule[n_rule].find = tfe_strdup("{{tsg_policy_id}}");
 		snprintf(replace_with, TFE_SYMBOL_MAX, "%d", profile_id);
 		rule[n_rule].replace_with = tfe_strdup(replace_with);
-
+		n_rule++;
-	n_rule=1;
+	}
 	if(strcasestr(message,"tsg_subscriber_id") != NULL)
 	{
 		memset(replace_with, TFE_SYMBOL_MAX, 0);
 		rule[n_rule].zone = kZoneRequestUri;
 		rule[n_rule].find = tfe_strdup("{{tsg_subscriber_id}}");
 		http_get_subscriber_id(stream, replace_with);
 		rule[n_rule].replace_with = tfe_strdup(replace_with);
-
+		n_rule++;
-	n_rule=2;
+	}
 	if(strcasestr(message,"tsg_client_ip") != NULL)
 	{
 		memset(replace_with, TFE_SYMBOL_MAX, 0);
 		rule[n_rule].zone = kZoneRequestUri;
 		rule[n_rule].find = tfe_strdup("{{tsg_client_ip}}");
 		http_get_client_id(stream, replace_with);
 		rule[n_rule].replace_with = tfe_strdup(replace_with);
 		n_rule++;
 	}
-	size_t rewrite_uri_sz = execute_replace_rule(message, strlen(message), kZoneRequestUri, rule, n_rule+1, rewrite_message, 1);
+	size_t rewrite_uri_sz = execute_replace_rule(message, strlen(message), kZoneRequestUri, rule, n_rule, rewrite_message, 1);
-	for(i=0; i<n_rule+1; i++)
+	for(i=0; i<n_rule; i++)
 	{
 		FREE(&(rule[i].find));
 		FREE(&(rule[i].replace_with));
 	}
 	FREE(&rule);
 	return rewrite_uri_sz;
 }
@@ -1680,7 +1689,7 @@ static void http_redirect(const struct tfe_stream * stream, const struct tfe_htt
    response = tfe_http_session_response_create(to_write, resp_code);
-	rewrite_uri_sz = http_regex_replace_message(stream, rd_url, ctx->enforce_rules[0].config_id, &rewrite_uri);
+	rewrite_uri_sz = http_regex_replace(stream, rd_url, ctx->enforce_rules[0].config_id, &rewrite_uri);
 	if(rewrite_uri_sz>0 && rewrite_uri!= NULL)
 	{
 		tfe_http_std_field_write(response, TFE_HTTP_LOCATION, rewrite_uri);
@@ -1732,11 +1741,12 @@ static void http_block(const struct tfe_stream * stream, const struct tfe_http_s
 		ret = html_generate(profile_id, message, &page_buff, &page_size);
 		if (ret != 0)
 		{
-			rewrite_message_sz = http_regex_replace_message(stream, message, ctx->enforce_rules[0].config_id, &rewrite_message);
+			rewrite_message_sz = http_regex_replace(stream, message, ctx->enforce_rules[0].config_id, &rewrite_message);
 			if(rewrite_message_sz>0 && rewrite_message!= NULL)
 			{
 				message = rewrite_message;
 			}
 			/*read local configuration**/
 			template_generate(resp_code, message, &page_buff, &page_size);
 			if(rewrite_message_sz>0 && rewrite_message!= NULL)
--- a/plugin/business/pangu-http/src/test_pattern_replace.cpp
+++ b/plugin/business/pangu-http/src/test_pattern_replace.cpp
@@ -181,44 +181,45 @@ TEST(PatternReplace, UrlReplace)
 {
 	int i=0, n_rule=0;
 	char replace_with[TFE_SYMBOL_MAX]={0};
 	struct replace_rule *rule;
 	char *rewrite_uri=NULL;
 	const char *rd_url = "http://www.example.com/query?pageid=12345&policy_id={{tsg_policy_id}}&user_id={{tsg_subscriber_id}}&source_ip={{tsg_client_ip}}";
-	if(strstr(rd_url, "tsg_policy_id")==NULL && strstr(rd_url, "tsg_subscriber_id")==NULL && strstr(rd_url, "tsg_client_ip")==NULL)
+	struct replace_rule rule[3];
-	{
+	memset(rule, 0, sizeof(struct replace_rule));
 		return;
 	}
-	rule = ALLOC(struct replace_rule, 3);
+	if(strcasestr(rd_url,"{{tsg_policy_id}}") != NULL)
-	n_rule=0;
+	{
 		rule[n_rule].zone = kZoneRequestUri;
 		rule[n_rule].find = tfe_strdup("{{tsg_policy_id}}");
 		snprintf(replace_with, TFE_SYMBOL_MAX, "%d", 23);
 		rule[n_rule].replace_with = tfe_strdup(replace_with);
-
+		n_rule++;
-	n_rule=1;
+	}
 	if(strcasestr(rd_url,"tsg_subscriber_id") != NULL)
 	{
 		memset(replace_with, TFE_SYMBOL_MAX, 0);
 		rule[n_rule].zone = kZoneRequestUri;
 		rule[n_rule].find = tfe_strdup("{{tsg_subscriber_id}}");
-	rule[n_rule].replace_with = tfe_strdup("te&st01");
+		rule[n_rule].replace_with = tfe_strdup(" ");
-
+		n_rule++;
-	n_rule=2;
+	}
 	if(strcasestr(rd_url,"tsg_client_ip") != NULL)
 	{
 		memset(replace_with, TFE_SYMBOL_MAX, 0);
 		rule[n_rule].zone = kZoneRequestUri;
 		rule[n_rule].find = tfe_strdup("{{tsg_client_ip}}");
 		rule[n_rule].replace_with = tfe_strdup("192.168.50.71");
 		n_rule++;
 	}
 	size_t rewrite_uri_sz = execute_replace_rule(rd_url, strlen(rd_url), kZoneRequestUri, rule, n_rule+1, &rewrite_uri, 1);
-	for(i=0; i<n_rule+1; i++)
+	for(i=0; i<n_rule; i++)
 	{
 		FREE(&(rule[i].find));
 		FREE(&(rule[i].replace_with));
 	}
 	FREE(&rule);
 	if(rewrite_uri_sz > 0 && rewrite_uri != NULL)
 	{
 		printf("rewrite_uri = %s\n", rewrite_uri);
--- a/plugin/protocol/http2/src/http2_stream.cpp
+++ b/plugin/protocol/http2/src/http2_stream.cpp
@@ -63,45 +63,6 @@ struct user_event_dispatch
 	unsigned int thread_id;
 };
 static uint32_t hash(int32_t key, uint32_t mod)
 {
 	uint32_t h = (uint32_t)key;
 	h ^= (h >> 20) ^ (h >> 12);
 	h ^= (h >> 7) ^ (h >> 4);
 	return h & (mod - 1);
 }
 nghttp2_map_entry *http2_map_find(nghttp2_map *map, key_type key)
 {
 	uint32_t h;
 	nghttp2_map_entry *entry;
 	h = hash(key, map->tablelen);
 	for (entry = map->table[h]; entry; entry = entry->next)
 	{
 		if (entry->key == key)
 		{
 			return entry;
 		}
 	}
 	return NULL;
 }
 nghttp2_stream *http2_get_stream_by_stream_id(nghttp2_session *session, int32_t stream_id)
 {
 	nghttp2_stream *stream;
 	stream = (nghttp2_stream *)http2_map_find(&session->streams, stream_id);
 	if (stream == NULL || (stream->flags & NGHTTP2_STREAM_FLAG_CLOSED) || stream->state == NGHTTP2_STREAM_IDLE)
 	{
 		return NULL;
 	}
  return stream;
 }
 /*up stream */
 static struct tfe_h2_session *TAILQ_LIST_FIND(struct tfe_h2_stream *h2_stream_info, int32_t stream_id)
 {
@@ -726,7 +687,7 @@ static ssize_t upstream_read_callback(nghttp2_session *session, int32_t stream_i
 static int http_session_update_window_size(struct tfe_h2_stream *h2_stream_info, struct tfe_h2_session *h2_session, int32_t buffer_length)
 {
-	nghttp2_stream *stream = http2_get_stream_by_stream_id(h2_stream_info->http2_server_handle, h2_session->ngh2_stream_id);
+	nghttp2_stream *stream = nghttp2_session_find_stream(h2_stream_info->http2_server_handle, h2_session->ngh2_stream_id);
 	if(stream == NULL)
 	{
 		return 0;
@@ -911,8 +872,13 @@ static enum tfe_stream_action http2_submit_data_by_h2_half(struct tfe_h2_stream
 		upstream_data_provider.source.ptr    = (void *)body;
 		upstream_data_provider.read_callback = upstream_read_callback;
-		rv = nghttp2_submit_data(ngh2_session, body->flags,
+		int remote_window_size = nghttp2_session_get_stream_remote_window_size(ngh2_session, h2_session->ngh2_stream_id);
-		                       h2_session->ngh2_stream_id, &upstream_data_provider);
+		if(remote_window_size == 0)
 		{
 			stream_action = ACTION_DROP_DATA;
 			return stream_action;
 		}
 		rv = nghttp2_submit_data(ngh2_session, body->flags, h2_session->ngh2_stream_id, &upstream_data_provider);
 		if (rv != 0)
 		{
 			stream_action = ACTION_FORWARD_DATA;
@@ -1139,15 +1105,33 @@ finish:
 	return 0;
 }
 /* If the data sent by the client is deferred, After receive the WINDOW_UPDATE frame, it resumes and needs to resend the data that you deferred last time**/
 static int nghttp2_send_resumes_data(struct tfe_h2_stream *connection, int32_t stream_id, enum tfe_conn_dir dir)
 {
 	int xret = -1;
 	nghttp2_session *session = tfe_h2_stream_get_http2_peer_session(connection, dir);
 	nghttp2_stream *stream = nghttp2_session_find_stream(session, stream_id);
 	if(stream->item)
 	{
 		xret = nghttp2_session_send(session);
 		if (xret != 0)
 		{
 			TFE_LOG_ERROR(logger()->handle, "dir(%d), Fatal send error: %s\n", dir, nghttp2_strerror(xret));
 		}
 	}
 	return 0;
 }
 static int http2_submit_frame_window_update(struct tfe_h2_stream *connection,const nghttp2_frame *frame, enum tfe_conn_dir dir)
 {
 	int xret = -1;
 	enum tfe_stream_action stream_action = ACTION_DROP_DATA;
 	const nghttp2_window_update *window_update = &(frame->window_update);
 	nghttp2_session *ngh2_session = tfe_h2_stream_get_http2_session(connection, dir);
 	nghttp2_send_resumes_data(connection, window_update->hd.stream_id, dir);
 	int rv = nghttp2_submit_window_update(ngh2_session, window_update->hd.flags,window_update->hd.stream_id,
 								 	      window_update->window_size_increment);
 	if (rv != 0) {
@@ -1159,8 +1143,7 @@ static int http2_submit_frame_window_update(struct tfe_h2_stream *connection,con
 	xret = nghttp2_session_send(ngh2_session);
 	if (xret != 0) {
 		stream_action = ACTION_FORWARD_DATA;
-		TFE_LOG_ERROR(logger()->handle, "dir(%d), Fatal send error: %s\n",
+		TFE_LOG_ERROR(logger()->handle, "dir(%d), Fatal send error: %s\n", dir, nghttp2_strerror(xret));
 													  dir, nghttp2_strerror(xret));
 	}
 	connection->stream_action = stream_action;
 	return 0;
@@ -1270,7 +1253,8 @@ static int http2_submit_frame_data(struct tfe_h2_stream *h2_stream_info,const ng
 		if (dir == CONN_DIR_UPSTREAM)
 			h2_half->h2_payload.padlen = frame->data.padlen;
-		if (h2_half->body_state != H2_READ_STATE_COMPLETE){
+		if (h2_half->body_state != H2_READ_STATE_COMPLETE)
 		{
 			http2_submit_complete_data(h2_stream_info, h2_session, dir);
 		}
 	}
@@ -1765,8 +1749,7 @@ static enum tfe_stream_action http2_client_frame_submit_header(struct tfe_h2_str
 									  headers->nvlen, h2_session);
 	if (stream_id < 0){
-		TFE_LOG_ERROR(logger()->handle, "Could not submit request: %s",
+		TFE_LOG_ERROR(logger()->handle, "Could not submit request: %s", nghttp2_strerror(stream_id));
 					  nghttp2_strerror(stream_id));
        stream_action = ACTION_FORWARD_DATA;
        goto finish;
    }
@@ -1806,8 +1789,7 @@ static int http2_client_submit_header(struct tfe_h2_stream *h2_stream_info, int3
 		xret = nghttp2_session_send(h2_stream_info->http2_client_handle);
 		if (xret != 0) {
 			stream_action = ACTION_FORWARD_DATA;
-			TFE_LOG_ERROR(logger()->handle, "Fatal downstream send error: %s\n",
+			TFE_LOG_ERROR(logger()->handle, "Fatal downstream send error: %s\n", nghttp2_strerror(xret));
 						  nghttp2_strerror(xret));
 		}
 	}
 	if (stream_action == ACTION_USER_DATA)
@@ -2403,8 +2385,7 @@ static int http2_server_on_data_chunk_recv(nghttp2_session *session, uint8_t fla
 	struct tfe_h2_session *h2_session = (struct tfe_h2_session *)nghttp2_session_get_stream_user_data(session, stream_id);
 	if (!h2_session){
-		TFE_LOG_ERROR(logger()->handle, "On data callback can't get downstream information, id = %d",
+		TFE_LOG_ERROR(logger()->handle, "On data callback can't get downstream information, id = %d", stream_id);
 					  stream_id);
 		goto finish;
 	}
 	req = h2_session->req;