From 70da6223932d305a536f0405ca1a603535167128 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Mon, 2 Dec 2019 16:56:51 +0800 Subject: [PATCH] =?UTF-8?q?TSG-304=20tfe=E6=97=A5=E5=BF=97=E4=B8=AD?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0common=5Fsub=5Faction=E5=AD=97=E6=AE=B5=201)?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6tfe.conf,?= =?UTF-8?q?kni=E5=9F=9F=202)=E6=9B=B4=E6=96=B0table=5Finfo=E5=85=B3?= =?UTF-8?q?=E9=94=AE=E5=AD=97=E8=A1=A8=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/tfe/tfe.conf | 8 ++++---- plugin/business/pangu-http/src/pangu_http.cpp | 7 ++++++- plugin/business/pangu-http/src/pangu_logger.cpp | 6 ++++++ plugin/business/pangu-http/src/pangu_logger.h | 1 + resource/pangu/table_info.conf | 6 +++--- 5 files changed, 20 insertions(+), 8 deletions(-) diff --git a/conf/tfe/tfe.conf b/conf/tfe/tfe.conf index fe27597..8314239 100644 --- a/conf/tfe/tfe.conf +++ b/conf/tfe/tfe.conf @@ -4,10 +4,10 @@ enable_kni_v1=0 enable_kni_v2=1 [kni] -uxdomain=/home/server_unixsocket_file -ip=127.0.0.1 -scm_port=8888 -send_switch=1 +ip=192.168.100.1 +cmsg_port=2475 +watchdog_switch=1 +watchdog_port=2476 [ssl] ssl_max_version=tls13 diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index 0a69f04..75516ab 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -2462,7 +2462,12 @@ void pangu_on_http_end(const struct tfe_stream * stream, } } struct pangu_log log_msg = {.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce, - .req_body= ctx->log_req_body, .resp_body=ctx->log_resp_body}; + .req_body= ctx->log_req_body, .resp_body=ctx->log_resp_body, .action=5}; + + if(ctx->action == PG_ACTION_MANIPULATE) + { + log_msg.action = ctx->param->action; + } if ((ctx->action != PG_ACTION_NONE&& !(ctx_actually_replaced(ctx))) || diff --git a/plugin/business/pangu-http/src/pangu_logger.cpp b/plugin/business/pangu-http/src/pangu_logger.cpp index 449b44a..9c0cce9 100644 --- a/plugin/business/pangu-http/src/pangu_logger.cpp +++ b/plugin/business/pangu-http/src/pangu_logger.cpp @@ -191,6 +191,8 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) const char *app_proto[]= {"unkonw","http1", "http2"}; + const char *clue_action_map[]= {"redirect","block","replace","hijack","insert"}; + struct json_spec req_fields[]={ {"http_cookie", TFE_HTTP_COOKIE}, {"http_referer", TFE_HTTP_REFERER}, {"http_user_agent", TFE_HTTP_USER_AGENT} }; @@ -347,6 +349,10 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) cJSON_AddNumberToObject(per_hit_obj, "common_policy_id", log_msg->result[i].config_id); cJSON_AddNumberToObject(per_hit_obj, "common_service", log_msg->result[i].service_id); cJSON_AddNumberToObject(per_hit_obj, "common_action", (unsigned char)log_msg->result[i].action); + if(log_msg->action<5) + { + cJSON_AddStringToObject(per_hit_obj, "common_sub_action", clue_action_map[log_msg->action]); + } log_payload = cJSON_PrintUnformatted(per_hit_obj); TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload); diff --git a/plugin/business/pangu-http/src/pangu_logger.h b/plugin/business/pangu-http/src/pangu_logger.h index 5d02c52..2da32fb 100644 --- a/plugin/business/pangu-http/src/pangu_logger.h +++ b/plugin/business/pangu-http/src/pangu_logger.h @@ -11,6 +11,7 @@ struct pangu_log const Maat_rule_t*result; size_t result_num; struct evbuffer* req_body, *resp_body; + unsigned char action; }; struct pangu_logger; struct pangu_logger* pangu_log_handle_create(const char* profile, const char* section, void* local_logger); diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 0dc105e..a922eb4 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -26,9 +26,9 @@ 7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff 8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- 9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- -10 TSG_OBJ_CONTENT expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff -11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_CONTENT -- -12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_CONTENT -- +10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff +11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- +12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- 13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon 14 PXY_CACHE_COMPILE compile escape -- 14 PXY_CACHE_GROUP group --