1.修改http2无法发送策略日志
2.修改命中hjack无法处理
This commit is contained in:
fengweihao
@@ -728,6 +728,7 @@ int maat_table_ex_init(int profile_idx,
|
|||||||
Maat_plugin_EX_dup_func_t* dup_func)
|
Maat_plugin_EX_dup_func_t* dup_func)
|
||||||
{
|
{
|
||||||
int table_id = 0;
|
int table_id = 0;
|
||||||
|
|
||||||
const char *table_name_map[] = {"PXY_PROFILE_RESPONSE_PAGES",
|
const char *table_name_map[] = {"PXY_PROFILE_RESPONSE_PAGES",
|
||||||
"PXY_PROFILE_INSERT_SCRIPTS",
|
"PXY_PROFILE_INSERT_SCRIPTS",
|
||||||
"PXY_PROFILE_HIJACK_FILES"};
|
"PXY_PROFILE_HIJACK_FILES"};
|
||||||
@@ -1189,7 +1190,15 @@ static void template_generate(int status_code, int cfg_id, const char* msg, char
|
|||||||
{
|
{
|
||||||
ctemplate::TemplateDictionary dict("pg_page_dict"); //dict is automatically finalized after function returned.
|
ctemplate::TemplateDictionary dict("pg_page_dict"); //dict is automatically finalized after function returned.
|
||||||
dict.SetIntValue("cfg_id", cfg_id);
|
dict.SetIntValue("cfg_id", cfg_id);
|
||||||
|
|
||||||
|
if (NULL == msg)
|
||||||
|
{
|
||||||
|
dict.SetValue("msg", "NULL");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
dict.SetValue("msg", msg);
|
dict.SetValue("msg", msg);
|
||||||
|
}
|
||||||
std::string output;
|
std::string output;
|
||||||
ctemplate::Template * tpl = NULL;
|
ctemplate::Template * tpl = NULL;
|
||||||
|
|
||||||
@@ -1418,7 +1427,7 @@ static void http_reject(const struct tfe_http_session * session, enum tfe_http_e
|
|||||||
|
|
||||||
resp_code = param->status_code;
|
resp_code = param->status_code;
|
||||||
msg = param->message;
|
msg = param->message;
|
||||||
if (resp_code <= 0 || msg != NULL){
|
if (resp_code <= 0){
|
||||||
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id);
|
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id);
|
||||||
ctx->action = PG_ACTION_NONE;
|
ctx->action = PG_ACTION_NONE;
|
||||||
return;
|
return;
|
||||||
@@ -1644,7 +1653,7 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
|
|||||||
int ret=format_insert_rule(param->profile_id, param->position, ins_ctx->rule);
|
int ret=format_insert_rule(param->profile_id, param->position, ins_ctx->rule);
|
||||||
if (ret<0)
|
if (ret<0)
|
||||||
{
|
{
|
||||||
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", param->profile_id);
|
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, profile_id = %d", param->profile_id);
|
||||||
ctx->action = PG_ACTION_NONE;
|
ctx->action = PG_ACTION_NONE;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -160,6 +160,10 @@ struct pangu_logger* pangu_log_handle_create(const char* profile, const char* s
|
|||||||
}
|
}
|
||||||
|
|
||||||
MESA_load_profile_string_def(profile, section,"KAFKA_TOPIC", instance->topic_name, sizeof(instance->topic_name), "POLICY-EVENT-LOG");
|
MESA_load_profile_string_def(profile, section,"KAFKA_TOPIC", instance->topic_name, sizeof(instance->topic_name), "POLICY-EVENT-LOG");
|
||||||
|
|
||||||
|
TFE_LOG_INFO(local_logger, "Pangu kafka brokerlist : %s", instance->brokerlist);
|
||||||
|
TFE_LOG_INFO(local_logger, "Pangu kafka topic : %s", instance->topic_name);
|
||||||
|
|
||||||
instance->kafka_topic = rd_kafka_topic_new(instance->kafka_handle,instance->topic_name, NULL);
|
instance->kafka_topic = rd_kafka_topic_new(instance->kafka_handle,instance->topic_name, NULL);
|
||||||
log_file_upload_para=cache_evbase_parameter_new(profile, section, local_logger);
|
log_file_upload_para=cache_evbase_parameter_new(profile, section, local_logger);
|
||||||
instance->log_file_upload_instance=cache_evbase_instance_new(log_file_upload_para, local_logger);
|
instance->log_file_upload_instance=cache_evbase_instance_new(log_file_upload_para, local_logger);
|
||||||
@@ -185,6 +189,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
|
|||||||
char src_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
|
char src_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
|
||||||
char dst_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
|
char dst_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
|
||||||
|
|
||||||
|
const char *app_proto[]= {"unkonw","http1.0", "http2.0"};
|
||||||
|
|
||||||
struct json_spec req_fields[]={ {"cookie", TFE_HTTP_COOKIE},
|
struct json_spec req_fields[]={ {"cookie", TFE_HTTP_COOKIE},
|
||||||
{"referer", TFE_HTTP_REFERER},
|
{"referer", TFE_HTTP_REFERER},
|
||||||
@@ -203,7 +208,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
|
|||||||
|
|
||||||
cJSON_AddNumberToObject(common_obj, "start_time", cur_time);
|
cJSON_AddNumberToObject(common_obj, "start_time", cur_time);
|
||||||
cJSON_AddNumberToObject(common_obj, "end_time", cur_time);
|
cJSON_AddNumberToObject(common_obj, "end_time", cur_time);
|
||||||
cJSON_AddNumberToObject(common_obj, "recv_time", cur_time);
|
cJSON_AddStringToObject(common_obj, "app_proto", app_proto[http->major_version]);
|
||||||
|
|
||||||
switch(addr->addrtype)
|
switch(addr->addrtype)
|
||||||
{
|
{
|
||||||
@@ -237,6 +242,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
|
|||||||
cJSON_AddNumberToObject(common_obj, "entrance_id", handle->entry_id);
|
cJSON_AddNumberToObject(common_obj, "entrance_id", handle->entry_id);
|
||||||
cJSON_AddNumberToObject(common_obj, "device_id", 0);
|
cJSON_AddNumberToObject(common_obj, "device_id", 0);
|
||||||
cJSON_AddStringToObject(common_obj, "url", http->req->req_spec.url);
|
cJSON_AddStringToObject(common_obj, "url", http->req->req_spec.url);
|
||||||
|
cJSON_AddStringToObject(common_obj, "host", http->req->req_spec.host);
|
||||||
for(size_t i=0;i<sizeof(req_fields)/sizeof(struct json_spec);i++)
|
for(size_t i=0;i<sizeof(req_fields)/sizeof(struct json_spec);i++)
|
||||||
{
|
{
|
||||||
tmp_val=tfe_http_std_field_read(http->req, req_fields[i].field_id);
|
tmp_val=tfe_http_std_field_read(http->req, req_fields[i].field_id);
|
||||||
|
|||||||
@@ -584,14 +584,13 @@ tfe_half_private_init(enum tfe_http_direction direction, int32_t stream_id,
|
|||||||
struct tfe_h2_half_private *half_private = ALLOC(struct tfe_h2_half_private, 1);
|
struct tfe_h2_half_private *half_private = ALLOC(struct tfe_h2_half_private, 1);
|
||||||
assert(half_private);
|
assert(half_private);
|
||||||
|
|
||||||
memset(half_private, 0, sizeof(struct tfe_h2_half_private));
|
|
||||||
|
|
||||||
half_private->half_public.direction = direction;
|
half_private->half_public.direction = direction;
|
||||||
half_private->half_public.major_version = 2;
|
|
||||||
half_private->half_public.ops = &h2_half_ops;
|
half_private->half_public.ops = &h2_half_ops;
|
||||||
|
|
||||||
headers_init(&half_private->header);
|
headers_init(&half_private->header);
|
||||||
headers_init(&half_private->promised);
|
headers_init(&half_private->promised);
|
||||||
|
half_private->h2_payload.inflate = NULL;
|
||||||
|
half_private->h2_payload.deflate = NULL;
|
||||||
half_private->h2_payload.evbuf_body = evbuffer_new();
|
half_private->h2_payload.evbuf_body = evbuffer_new();
|
||||||
half_private->h2_payload.gzip = HTTP2_CONTENT_ENCODING_NONE;
|
half_private->h2_payload.gzip = HTTP2_CONTENT_ENCODING_NONE;
|
||||||
half_private->h2_payload.padlen = 0;
|
half_private->h2_payload.padlen = 0;
|
||||||
@@ -963,7 +962,7 @@ nghttp2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_fram
|
|||||||
{
|
{
|
||||||
int xret = -1;
|
int xret = -1;
|
||||||
enum tfe_stream_action stream_action = ACTION_DROP_DATA;
|
enum tfe_stream_action stream_action = ACTION_DROP_DATA;
|
||||||
char error[1024] = {0};
|
char *error = NULL; size_t eroro_len=0;
|
||||||
|
|
||||||
const nghttp2_goaway *goaway = &frame->goaway;
|
const nghttp2_goaway *goaway = &frame->goaway;
|
||||||
nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir);
|
nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir);
|
||||||
@@ -983,10 +982,12 @@ nghttp2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_fram
|
|||||||
dir, nghttp2_strerror(xret));
|
dir, nghttp2_strerror(xret));
|
||||||
}
|
}
|
||||||
finish:
|
finish:
|
||||||
snprintf(error, goaway->opaque_data_len, "%s", goaway->opaque_data);
|
eroro_len = goaway->opaque_data_len;
|
||||||
|
error = ALLOC(char, eroro_len + 1);
|
||||||
|
snprintf(error, eroro_len, "%s", goaway->opaque_data);
|
||||||
TFE_LOG_DEBUG(logger()->handle, "%s, %d, submit goaway, stream_id:%d, action:%d, errod_code:%d, data:%s", connection->tf_stream->str_stream_info,
|
TFE_LOG_DEBUG(logger()->handle, "%s, %d, submit goaway, stream_id:%d, action:%d, errod_code:%d, data:%s", connection->tf_stream->str_stream_info,
|
||||||
dir, goaway->last_stream_id, connection->stream_action, goaway->error_code, goaway->opaque_data);
|
dir, goaway->last_stream_id, connection->stream_action, goaway->error_code, goaway->opaque_data);
|
||||||
|
FREE(&error);
|
||||||
connection->goaway = 1;
|
connection->goaway = 1;
|
||||||
connection->stream_action = stream_action;
|
connection->stream_action = stream_action;
|
||||||
return 0;
|
return 0;
|
||||||
@@ -1129,6 +1130,7 @@ static int tfe_half_session_init(struct tfe_h2_session *h2_session, int32_t stre
|
|||||||
{
|
{
|
||||||
struct tfe_http_session *tfe_session = &h2_session->tfe_session;
|
struct tfe_http_session *tfe_session = &h2_session->tfe_session;
|
||||||
|
|
||||||
|
tfe_session->major_version = 2;
|
||||||
if (direction == TFE_HTTP_REQUEST){
|
if (direction == TFE_HTTP_REQUEST){
|
||||||
struct tfe_h2_half_private *req = h2_session->req;
|
struct tfe_h2_half_private *req = h2_session->req;
|
||||||
tfe_session->ops = &nghttp2_session_ops;
|
tfe_session->ops = &nghttp2_session_ops;
|
||||||
@@ -1794,6 +1796,11 @@ nghttp2_on_stream_close(nghttp2_session *session, const nghttp2_frame *frame, co
|
|||||||
}
|
}
|
||||||
finish:
|
finish:
|
||||||
TAILQ_REMOVE(&h2_stream_info->h2_session_list, h2_session, next);
|
TAILQ_REMOVE(&h2_stream_info->h2_session_list, h2_session, next);
|
||||||
|
if (h2_session->frame_ctx){
|
||||||
|
http_frame_raise_session_end(h2_session->frame_ctx, h2_session->tf_stream, &h2_session->tfe_session,
|
||||||
|
h2_stream_info->thread_id);
|
||||||
|
h2_session->frame_ctx = NULL;
|
||||||
|
}
|
||||||
delete_http2_stream_data(h2_session, h2_stream_info->tf_stream, 1);
|
delete_http2_stream_data(h2_session, h2_stream_info->tf_stream, 1);
|
||||||
free(h2_session);
|
free(h2_session);
|
||||||
h2_session = NULL;
|
h2_session = NULL;
|
||||||
@@ -1870,6 +1877,9 @@ nghttp2_client_on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
|
|||||||
if (((ret == Z_STREAM_END) || (ret == Z_OK)) && uncompr > 0){
|
if (((ret == Z_STREAM_END) || (ret == Z_OK)) && uncompr > 0){
|
||||||
input = (const uint8_t*)uncompr;
|
input = (const uint8_t*)uncompr;
|
||||||
input_len = uncompr_len;
|
input_len = uncompr_len;
|
||||||
|
}else
|
||||||
|
{
|
||||||
|
if (uncompr_len) FREE(&uncompr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
data = input;
|
data = input;
|
||||||
@@ -2186,6 +2196,10 @@ nghttp2_server_on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
|
|||||||
input = (const uint8_t*)uncompr;
|
input = (const uint8_t*)uncompr;
|
||||||
input_len = uncompr_len;
|
input_len = uncompr_len;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (uncompr_len) FREE(&uncompr);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
data = input;
|
data = input;
|
||||||
len = input_len;
|
len = input_len;
|
||||||
|
|||||||
Reference in New Issue
Block a user