1.修改http2无法发送策略日志
2.修改命中hjack无法处理
This commit is contained in:
fengweihao
@@ -728,6 +728,7 @@ int maat_table_ex_init(int profile_idx,
|
||||
Maat_plugin_EX_dup_func_t* dup_func)
|
||||
{
|
||||
int table_id = 0;
|
||||
|
||||
const char *table_name_map[] = {"PXY_PROFILE_RESPONSE_PAGES",
|
||||
"PXY_PROFILE_INSERT_SCRIPTS",
|
||||
"PXY_PROFILE_HIJACK_FILES"};
|
||||
@@ -1189,7 +1190,15 @@ static void template_generate(int status_code, int cfg_id, const char* msg, char
|
||||
{
|
||||
ctemplate::TemplateDictionary dict("pg_page_dict"); //dict is automatically finalized after function returned.
|
||||
dict.SetIntValue("cfg_id", cfg_id);
|
||||
|
||||
if (NULL == msg)
|
||||
{
|
||||
dict.SetValue("msg", "NULL");
|
||||
}
|
||||
else
|
||||
{
|
||||
dict.SetValue("msg", msg);
|
||||
}
|
||||
std::string output;
|
||||
ctemplate::Template * tpl = NULL;
|
||||
|
||||
@@ -1418,7 +1427,7 @@ static void http_reject(const struct tfe_http_session * session, enum tfe_http_e
|
||||
|
||||
resp_code = param->status_code;
|
||||
msg = param->message;
|
||||
if (resp_code <= 0 || msg != NULL){
|
||||
if (resp_code <= 0){
|
||||
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id);
|
||||
ctx->action = PG_ACTION_NONE;
|
||||
return;
|
||||
@@ -1644,7 +1653,7 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
|
||||
int ret=format_insert_rule(param->profile_id, param->position, ins_ctx->rule);
|
||||
if (ret<0)
|
||||
{
|
||||
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", param->profile_id);
|
||||
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, profile_id = %d", param->profile_id);
|
||||
ctx->action = PG_ACTION_NONE;
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -160,6 +160,10 @@ struct pangu_logger* pangu_log_handle_create(const char* profile, const char* s
|
||||
}
|
||||
|
||||
MESA_load_profile_string_def(profile, section,"KAFKA_TOPIC", instance->topic_name, sizeof(instance->topic_name), "POLICY-EVENT-LOG");
|
||||
|
||||
TFE_LOG_INFO(local_logger, "Pangu kafka brokerlist : %s", instance->brokerlist);
|
||||
TFE_LOG_INFO(local_logger, "Pangu kafka topic : %s", instance->topic_name);
|
||||
|
||||
instance->kafka_topic = rd_kafka_topic_new(instance->kafka_handle,instance->topic_name, NULL);
|
||||
log_file_upload_para=cache_evbase_parameter_new(profile, section, local_logger);
|
||||
instance->log_file_upload_instance=cache_evbase_instance_new(log_file_upload_para, local_logger);
|
||||
@@ -185,6 +189,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
|
||||
char src_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
|
||||
char dst_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
|
||||
|
||||
const char *app_proto[]= {"unkonw","http1.0", "http2.0"};
|
||||
|
||||
struct json_spec req_fields[]={ {"cookie", TFE_HTTP_COOKIE},
|
||||
{"referer", TFE_HTTP_REFERER},
|
||||
@@ -203,7 +208,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
|
||||
|
||||
cJSON_AddNumberToObject(common_obj, "start_time", cur_time);
|
||||
cJSON_AddNumberToObject(common_obj, "end_time", cur_time);
|
||||
cJSON_AddNumberToObject(common_obj, "recv_time", cur_time);
|
||||
cJSON_AddStringToObject(common_obj, "app_proto", app_proto[http->major_version]);
|
||||
|
||||
switch(addr->addrtype)
|
||||
{
|
||||
@@ -237,6 +242,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
|
||||
cJSON_AddNumberToObject(common_obj, "entrance_id", handle->entry_id);
|
||||
cJSON_AddNumberToObject(common_obj, "device_id", 0);
|
||||
cJSON_AddStringToObject(common_obj, "url", http->req->req_spec.url);
|
||||
cJSON_AddStringToObject(common_obj, "host", http->req->req_spec.host);
|
||||
for(size_t i=0;i<sizeof(req_fields)/sizeof(struct json_spec);i++)
|
||||
{
|
||||
tmp_val=tfe_http_std_field_read(http->req, req_fields[i].field_id);
|
||||
|
||||
@@ -584,14 +584,13 @@ tfe_half_private_init(enum tfe_http_direction direction, int32_t stream_id,
|
||||
struct tfe_h2_half_private *half_private = ALLOC(struct tfe_h2_half_private, 1);
|
||||
assert(half_private);
|
||||
|
||||
memset(half_private, 0, sizeof(struct tfe_h2_half_private));
|
||||
|
||||
half_private->half_public.direction = direction;
|
||||
half_private->half_public.major_version = 2;
|
||||
half_private->half_public.ops = &h2_half_ops;
|
||||
|
||||
headers_init(&half_private->header);
|
||||
headers_init(&half_private->promised);
|
||||
half_private->h2_payload.inflate = NULL;
|
||||
half_private->h2_payload.deflate = NULL;
|
||||
half_private->h2_payload.evbuf_body = evbuffer_new();
|
||||
half_private->h2_payload.gzip = HTTP2_CONTENT_ENCODING_NONE;
|
||||
half_private->h2_payload.padlen = 0;
|
||||
@@ -963,7 +962,7 @@ nghttp2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_fram
|
||||
{
|
||||
int xret = -1;
|
||||
enum tfe_stream_action stream_action = ACTION_DROP_DATA;
|
||||
char error[1024] = {0};
|
||||
char *error = NULL; size_t eroro_len=0;
|
||||
|
||||
const nghttp2_goaway *goaway = &frame->goaway;
|
||||
nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir);
|
||||
@@ -983,10 +982,12 @@ nghttp2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_fram
|
||||
dir, nghttp2_strerror(xret));
|
||||
}
|
||||
finish:
|
||||
snprintf(error, goaway->opaque_data_len, "%s", goaway->opaque_data);
|
||||
eroro_len = goaway->opaque_data_len;
|
||||
error = ALLOC(char, eroro_len + 1);
|
||||
snprintf(error, eroro_len, "%s", goaway->opaque_data);
|
||||
TFE_LOG_DEBUG(logger()->handle, "%s, %d, submit goaway, stream_id:%d, action:%d, errod_code:%d, data:%s", connection->tf_stream->str_stream_info,
|
||||
dir, goaway->last_stream_id, connection->stream_action, goaway->error_code, goaway->opaque_data);
|
||||
|
||||
FREE(&error);
|
||||
connection->goaway = 1;
|
||||
connection->stream_action = stream_action;
|
||||
return 0;
|
||||
@@ -1129,6 +1130,7 @@ static int tfe_half_session_init(struct tfe_h2_session *h2_session, int32_t stre
|
||||
{
|
||||
struct tfe_http_session *tfe_session = &h2_session->tfe_session;
|
||||
|
||||
tfe_session->major_version = 2;
|
||||
if (direction == TFE_HTTP_REQUEST){
|
||||
struct tfe_h2_half_private *req = h2_session->req;
|
||||
tfe_session->ops = &nghttp2_session_ops;
|
||||
@@ -1794,6 +1796,11 @@ nghttp2_on_stream_close(nghttp2_session *session, const nghttp2_frame *frame, co
|
||||
}
|
||||
finish:
|
||||
TAILQ_REMOVE(&h2_stream_info->h2_session_list, h2_session, next);
|
||||
if (h2_session->frame_ctx){
|
||||
http_frame_raise_session_end(h2_session->frame_ctx, h2_session->tf_stream, &h2_session->tfe_session,
|
||||
h2_stream_info->thread_id);
|
||||
h2_session->frame_ctx = NULL;
|
||||
}
|
||||
delete_http2_stream_data(h2_session, h2_stream_info->tf_stream, 1);
|
||||
free(h2_session);
|
||||
h2_session = NULL;
|
||||
@@ -1870,6 +1877,9 @@ nghttp2_client_on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
|
||||
if (((ret == Z_STREAM_END) || (ret == Z_OK)) && uncompr > 0){
|
||||
input = (const uint8_t*)uncompr;
|
||||
input_len = uncompr_len;
|
||||
}else
|
||||
{
|
||||
if (uncompr_len) FREE(&uncompr);
|
||||
}
|
||||
}
|
||||
data = input;
|
||||
@@ -2186,6 +2196,10 @@ nghttp2_server_on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
|
||||
input = (const uint8_t*)uncompr;
|
||||
input_len = uncompr_len;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (uncompr_len) FREE(&uncompr);
|
||||
}
|
||||
}
|
||||
data = input;
|
||||
len = input_len;
|
||||
|
||||
Reference in New Issue
Block a user