diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index 98c61bf..0aef968 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -42,9 +42,7 @@ target_link_libraries(test_key_keeper pthread dl curl MESA_htable wiredcfg MESA_field_stat) - -install(TARGETS test_key_keeper RUNTIME DESTINATION ./) - + ### test_tfe_rpc add_executable(test_tfe_rpc test/test_tfe_rpc.cpp src/key_keeper.cpp src/ssl_sess_cache.cpp src/ssl_utils.cc) @@ -64,9 +62,6 @@ target_link_libraries(test_tfe_rpc pthread dl curl MESA_field_stat) -install(TARGETS test_tfe_rpc RUNTIME DESTINATION ./) - - ### test_chello_parse add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cc) @@ -84,5 +79,3 @@ target_link_libraries(test_chello_parse pthread dl MESA_htable wiredcfg cjson MESA_field_stat) - -install(TARGETS test_chello_parse RUNTIME DESTINATION ./) diff --git a/plugin/business/pangu-http/pangu_http.cpp b/plugin/business/pangu-http/pangu_http.cpp index 1b0ead0..5244e52 100644 --- a/plugin/business/pangu-http/pangu_http.cpp +++ b/plugin/business/pangu-http/pangu_http.cpp @@ -36,7 +36,8 @@ enum pangu_action//Bigger action number is prior. PG_ACTION_RATELIMIT = 0x40, /* N/A */ PG_ACTION_REPLACE = 0x50, PG_ACTION_LOOP = 0x60, /* N/A */ - PG_ACTION_WHITELIST = 0x80 + PG_ACTION_WHITELIST = 0x80, + __PG_ACTION_MAX }; enum scan_table @@ -288,7 +289,17 @@ inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct ipaddr sapp_addr->paddr = (char *) tfe_addr->paddr; return; } - +int action_cmp(enum pangu_action a1, enum pangu_action a2) +{ + int weight[__PG_ACTION_MAX]; + memset(weight, 0, sizeof(weight)); + weight[PG_ACTION_MONIT] = 0; + weight[PG_ACTION_REPLACE] = 1; + weight[PG_ACTION_REDIRECT] = 2; + weight[PG_ACTION_REJECT] = 3; + weight[PG_ACTION_WHITELIST] = 4; + return weight[a1]-weight[a2]; +} //enforce_rules[0] contains execute action. static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit, struct Maat_rule_t ** enforce_rules, size_t * n_enforce) @@ -305,14 +316,14 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules memcpy(monit_rule + n_monit, hit_rules + i, sizeof(struct Maat_rule_t)); n_monit++; } - if ((enum pangu_action) hit_rules[i].action > prior_action) + if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action)>0) { prior_rule = hit_rules + i; prior_action = (enum pangu_action) hit_rules[i].action; } - else if ((enum pangu_action) hit_rules[i].action == prior_action) + else if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action) == 0) { - if (hit_rules[i].config_id < prior_rule->config_id) + if (hit_rules[i].config_id > prior_rule->config_id) { prior_rule = hit_rules + i; } @@ -749,8 +760,29 @@ void pangu_on_http_end(const struct tfe_stream * stream, const struct tfe_http_session * session, unsigned int thread_id, void ** pme) { struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme; - struct pangu_log log_msg = {.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce}; - if (ctx->action != PG_ACTION_NONE&& !(ctx->action == PG_ACTION_REPLACE && ctx->rep_ctx->actually_replaced==0)) + int i=0, j=0; + if(ctx->action == PG_ACTION_REPLACE && ctx->rep_ctx->actually_replaced==0) + { + for(i=0; i< ctx->n_enforce; i++) + { + if(ctx->enforce_rules[i].action == PG_ACTION_REPLACE) + { + if(i+1 > ctx->n_enforce) + { + memmove(ctx->enforce_rules+i, ctx->enforce_rules+i+1, sizeof(struct Maat_rule_t)); + } + j++; + } + } + ctx->n_enforce-=j; + if(ctx->n_enforce==0) + { + ctx->action = PG_ACTION_NONE; + FREE(&(ctx->enforce_rules)); + } + } + struct pangu_log log_msg = {.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce}; + if (ctx->action != PG_ACTION_NONE&& !(ctx->action == PG_ACTION_REPLACE && ctx->n_enforce==1 && ctx->rep_ctx->actually_replaced==0)) { pangu_send_log(g_pangu_rt->send_logger, &log_msg); }