From 5525e5a8e69b555381bd3ffdd2b28c723a472104 Mon Sep 17 00:00:00 2001 From: Lu Qiuwen Date: Thu, 25 Oct 2018 13:24:05 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3PANGU=E7=99=BD=E5=90=8D?= =?UTF-8?q?=E5=8D=95=E4=B8=9A=E5=8A=A1action=E7=BC=96=E5=8F=B7=E5=8F=8D?= =?UTF-8?q?=E8=BD=AC=E4=B8=BA=E8=B4=9F=E5=BC=95=E8=B5=B7=E7=9A=84=E7=99=BD?= =?UTF-8?q?=E5=90=8D=E5=8D=95=E4=BC=98=E5=85=88=E7=BA=A7=E5=80=92=E7=BD=AE?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=20*=20=E5=8E=9F=E5=AE=9E=E7=8E=B0?= =?UTF-8?q?=E5=9C=A8=E5=B0=86action(char=E7=B1=BB=E5=9E=8B)=E8=BD=AC?= =?UTF-8?q?=E6=8D=A2=E4=B8=BAenum=E6=97=B6=EF=BC=8C=E6=B2=A1=E6=9C=89?= =?UTF-8?q?=E5=85=88=E8=BD=AC=E6=8D=A2=E4=B8=BAunsigned=20char=EF=BC=8C?= =?UTF-8?q?=E5=AF=BC=E8=87=B4action=3D0x80=E6=97=B6=E5=8F=8D=E8=BD=AC?= =?UTF-8?q?=E4=B8=BA=E8=B4=9F=E5=80=BC=EF=BC=8C=E7=8E=B0=E4=BF=AE=E6=AD=A3?= =?UTF-8?q?=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/business/pangu-http/src/pangu_http.cpp | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index a1ef650..86d6f4f 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -417,17 +417,20 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules for (i = 0; i < n_hit; i++) { - if ((enum pangu_action) hit_rules[i].action == PG_ACTION_MONIT) + unsigned char __expand_action = (unsigned char) hit_rules[i].action; + enum pangu_action __action = (enum pangu_action) __expand_action; + + if (__action == PG_ACTION_MONIT) { memcpy(monit_rule + n_monit, hit_rules + i, sizeof(struct Maat_rule_t)); n_monit++; } - if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action)>0) + if (action_cmp(__action, prior_action) > 0) { prior_rule = hit_rules + i; - prior_action = (enum pangu_action) hit_rules[i].action; + prior_action = __action; } - else if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action) == 0) + else if (action_cmp(__action, prior_action) == 0) { if (hit_rules[i].config_id > prior_rule->config_id) { @@ -456,7 +459,6 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules } *enforce_rules = (struct Maat_rule_t *) realloc(*enforce_rules, sizeof(struct Maat_rule_t) * (*n_enforce)); - if (prior_action == PG_ACTION_MONIT) { memcpy(*enforce_rules + exist_enforce_num, monit_rule, n_monit * sizeof(struct Maat_rule_t)); @@ -847,6 +849,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht } } } + if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN)) { assert(ctx->sp == NULL); @@ -854,6 +857,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht ->scan_table_id[PXY_CTRL_HTTP_RES_BODY]; ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat, table_id, ctx->thread_id); } + if (body_frag != NULL) { scan_ret = Maat_stream_scan_string(&(ctx->sp), CHARSET_UTF8, (const char *) body_frag, (int) frag_size, @@ -863,6 +867,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht hit_cnt += scan_ret; } } + if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END)) { Maat_stream_scan_string_end(&(ctx->sp)); @@ -872,6 +877,8 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht if (hit_cnt > 0) { ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); + if (ctx->action == PG_ACTION_WHITELIST) goto __out; + size_t __serv_def_len = (size_t)ctx->enforce_rules[0].serv_def_len; ctx->enforce_para = ALLOC(char, __serv_def_len); @@ -895,11 +902,14 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht } *p = '\0'; + TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%lu ids=%s execute=%d.", session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id); } } + +__out: return ctx->action; } void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_http_session * session,