TSG-6332 日志字段增加common_service_category
TSG-6438 策略优先级修复
This commit is contained in:
fengweihao
@@ -945,6 +945,8 @@ struct pangu_http_ctx
|
||||
int magic_num;
|
||||
enum pangu_action action;
|
||||
char * action_para;
|
||||
int hit_cnt;
|
||||
struct Maat_rule_t result[MAX_SCAN_RESULT];
|
||||
scan_status_t scan_mid;
|
||||
stream_para_t sp;
|
||||
struct cache_mid* cmid;
|
||||
@@ -1931,10 +1933,10 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
const char * field_val = NULL;
|
||||
struct http_field_name field_name;
|
||||
struct tfe_http_half * http_half;
|
||||
struct Maat_rule_t result[MAX_SCAN_RESULT];
|
||||
struct Maat_rule_t *result = ctx->result;
|
||||
char buff[TFE_STRING_MAX], * p = NULL;
|
||||
int scan_ret = 0, table_id = 0;
|
||||
size_t hit_cnt = 0, i = 0;
|
||||
size_t hit_cnt = ctx->hit_cnt, i = 0;
|
||||
|
||||
if (events & EV_HTTP_REQ_HDR)
|
||||
{
|
||||
@@ -1943,7 +1945,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
{
|
||||
int str_host_length = (int) (strlen(session->req->req_spec.host));
|
||||
scan_ret = Maat_full_scan_string(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN],
|
||||
CHARSET_UTF8, str_host, str_host_length, result, NULL, MAX_SCAN_RESULT, &(ctx->scan_mid), ctx->thread_id);
|
||||
CHARSET_UTF8, str_host, str_host_length, result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
|
||||
if (scan_ret > 0)
|
||||
{
|
||||
hit_cnt += scan_ret;
|
||||
@@ -2338,7 +2340,6 @@ void cache_write(const struct tfe_http_session * session, enum tfe_http_event ev
|
||||
{
|
||||
ctx->cache_wirte_result=web_cache_write_end(ctx->cache_write_ctx);
|
||||
ctx->cache_write_ctx=NULL;
|
||||
//printf("cache update success: %s\n", ctx->ref_session->req->req_spec.url);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2351,12 +2352,12 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
|
||||
}
|
||||
|
||||
struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme;
|
||||
struct Maat_rule_t result[MAX_SCAN_RESULT];
|
||||
struct ipaddr sapp_addr;
|
||||
int hit_cnt = 0, scan_ret=0;
|
||||
assert(ctx == NULL);
|
||||
ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_SESSION]));
|
||||
ctx = pangu_http_ctx_new(thread_id);
|
||||
struct Maat_rule_t *result = ctx->result;
|
||||
|
||||
scan_ret = tfe_scan_subscribe_id(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger);
|
||||
if(scan_ret>0)
|
||||
@@ -2388,16 +2389,10 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
|
||||
{
|
||||
hit_cnt+=scan_ret;
|
||||
}
|
||||
if (hit_cnt > 0)
|
||||
|
||||
if(hit_cnt > 0)
|
||||
{
|
||||
ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->param);
|
||||
}
|
||||
if (ctx->action == PG_ACTION_WHITELIST)
|
||||
{
|
||||
ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_WHITELSIT]));
|
||||
TFE_LOG_INFO(g_pangu_rt->local_logger, "Bypass rules matched on http begin: url=%s policy id=%d.",
|
||||
session->req->req_spec.url, ctx->enforce_rules[0].config_id);
|
||||
tfe_http_session_detach(session);
|
||||
ctx->hit_cnt = hit_cnt;
|
||||
}
|
||||
|
||||
*pme = ctx;
|
||||
|
||||
Reference in New Issue
Block a user