1.修改http2无法发送策略日志

2.修改命中hjack无法处理
2019-06-05 11:44:26 +08:00
parent b5ec503583
commit a3bba9f5e2
3 changed files with 59 additions and 30 deletions
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -728,6 +728,7 @@ int maat_table_ex_init(int profile_idx,
 					   Maat_plugin_EX_dup_func_t* dup_func)
 {
 	int table_id = 0;
+
 	const char *table_name_map[] = {"PXY_PROFILE_RESPONSE_PAGES",
 									"PXY_PROFILE_INSERT_SCRIPTS",
 									"PXY_PROFILE_HIJACK_FILES"};
@@ -1189,7 +1190,15 @@ static void template_generate(int status_code, int cfg_id, const char* msg, char
 {
 	ctemplate::TemplateDictionary dict("pg_page_dict");	//dict is automatically finalized after function returned.
 	dict.SetIntValue("cfg_id", cfg_id);
-	dict.SetValue("msg", msg);
+
+	if (NULL == msg)
+	{
+		dict.SetValue("msg", "NULL");
+	}
+	else
+	{
+		dict.SetValue("msg", msg);
+	}
 	std::string output;
 	ctemplate::Template * tpl = NULL;

@@ -1418,7 +1427,7 @@ static void http_reject(const struct tfe_http_session * session, enum tfe_http_e

 	resp_code = param->status_code;
 	msg = param->message;
-	if (resp_code <= 0 || msg != NULL){
+	if (resp_code <= 0){
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id);
 		ctx->action = PG_ACTION_NONE;
 		return;
@@ -1644,7 +1653,7 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 			int ret=format_insert_rule(param->profile_id, param->position, ins_ctx->rule);
 			if (ret<0)
 			{
-				TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", param->profile_id);
+				TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, profile_id = %d", param->profile_id);
 				ctx->action = PG_ACTION_NONE;
 				return;
 			}
--- a/plugin/business/pangu-http/src/pangu_logger.cpp
+++ b/plugin/business/pangu-http/src/pangu_logger.cpp
@@ -31,7 +31,7 @@ struct pangu_logger
 	unsigned int en_sendlog;
 	unsigned int en_sendlog_meta;
 	unsigned int en_sendlog_body;
-	
+
 	unsigned int local_ip_nr;
 	void* global_logger;
 	rd_kafka_t *kafka_handle;
@@ -56,7 +56,7 @@ static unsigned int get_ip_by_eth_name(const char *ifname)
    unsigned int ip;

    sockfd = socket(AF_INET, SOCK_DGRAM, 0);
-    if (-1 == sockfd) 
+    if (-1 == sockfd)
 	{
        goto error;
    }
@@ -81,7 +81,7 @@ error:
 static rd_kafka_t * create_kafka_handle(const char* brokerlist)
 {
 	char kafka_errstr[1024];
-	rd_kafka_t *handle=NULL; 
+	rd_kafka_t *handle=NULL;
 	rd_kafka_conf_t *rdkafka_conf = NULL;

 	rdkafka_conf = rd_kafka_conf_new();
@@ -133,7 +133,7 @@ struct pangu_logger*  pangu_log_handle_create(const char* profile, const char* s
 	{
 		return instance;
 	}
-	
+
 	MESA_load_profile_string_def(profile, section, "NIC_NAME",nic_name,sizeof(nic_name),"eth0");
 	instance->local_ip_nr=get_ip_by_eth_name(nic_name);
 	if(instance->local_ip_nr==INADDR_NONE)
@@ -143,7 +143,7 @@ struct pangu_logger*  pangu_log_handle_create(const char* profile, const char* s
 	}

 	inet_ntop(AF_INET,&(instance->local_ip_nr),instance->local_ip_str,sizeof(instance->local_ip_str));
-	
+
 	MESA_load_profile_int_def(profile, section, "ENTRANCE_ID",&(instance->entry_id),0);
 	ret=MESA_load_profile_string_def(profile, section,"KAFKA_BROKERLIST", instance->brokerlist, sizeof(instance->brokerlist), NULL);
 	if(ret<0)
@@ -155,17 +155,21 @@ struct pangu_logger*  pangu_log_handle_create(const char* profile, const char* s
 	instance->kafka_handle=create_kafka_handle(instance->brokerlist);
 	if(instance->kafka_handle==NULL)
 	{
-		TFE_LOG_ERROR(local_logger,"Pangu log init failed. Cannot create lafka handle with brokerlist: %s.", instance->brokerlist);	
+		TFE_LOG_ERROR(local_logger,"Pangu log init failed. Cannot create lafka handle with brokerlist: %s.", instance->brokerlist);
 		goto error_out;
-	}	
+	}

 	MESA_load_profile_string_def(profile, section,"KAFKA_TOPIC", instance->topic_name, sizeof(instance->topic_name), "POLICY-EVENT-LOG");
+
+	TFE_LOG_INFO(local_logger, "Pangu kafka brokerlist	 : %s", instance->brokerlist);
+	TFE_LOG_INFO(local_logger, "Pangu kafka topic        : %s", instance->topic_name);
+
 	instance->kafka_topic = rd_kafka_topic_new(instance->kafka_handle,instance->topic_name, NULL);
 	log_file_upload_para=cache_evbase_parameter_new(profile, section, local_logger);
 	instance->log_file_upload_instance=cache_evbase_instance_new(log_file_upload_para, local_logger);
 	pthread_mutex_init(&(instance->mutex), NULL);
 	return instance;
-	
+
 error_out:
 	free(instance);
 	return NULL;
@@ -185,11 +189,12 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 	char src_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};
 	char dst_ip_str[MAX(INET6_ADDRSTRLEN,INET_ADDRSTRLEN)] = {0};

+	const char *app_proto[]= {"unkonw","http1.0", "http2.0"};

-	struct json_spec req_fields[]={	{"cookie", TFE_HTTP_COOKIE}, 
+	struct json_spec req_fields[]={	{"cookie", TFE_HTTP_COOKIE},
 									{"referer", TFE_HTTP_REFERER},
 									{"user_agent", TFE_HTTP_USER_AGENT} };
-	
+
 	struct json_spec resp_fields[]={	{"content_type", TFE_HTTP_CONT_TYPE},
 										{"content_len", TFE_HTTP_CONT_LENGTH} };

@@ -203,7 +208,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)

 	cJSON_AddNumberToObject(common_obj, "start_time", cur_time);
 	cJSON_AddNumberToObject(common_obj, "end_time", cur_time);
-	cJSON_AddNumberToObject(common_obj, "recv_time", cur_time);
+	cJSON_AddStringToObject(common_obj, "app_proto", app_proto[http->major_version]);

 	switch(addr->addrtype)
 	{
@@ -237,6 +242,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 	cJSON_AddNumberToObject(common_obj, "entrance_id", handle->entry_id);
 	cJSON_AddNumberToObject(common_obj, "device_id", 0);
 	cJSON_AddStringToObject(common_obj, "url", http->req->req_spec.url);
+	cJSON_AddStringToObject(common_obj, "host", http->req->req_spec.host);
 	for(size_t i=0;i<sizeof(req_fields)/sizeof(struct json_spec);i++)
 	{
 		tmp_val=tfe_http_std_field_read(http->req, req_fields[i].field_id);
@@ -268,9 +274,9 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 			snprintf(cont_type_whole, sizeof(cont_type_whole), "Content-Type:%s", cont_type_val);
 			meta.std_hdr[0]=cont_type_whole;
 		}
-		tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL, 
-														log_msg->req_body, 
-														&meta, 
+		tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL,
+														log_msg->req_body,
+														&meta,
 														log_file_upload_path, sizeof(log_file_upload_path));
 		if(tmp==0)
 		{
@@ -293,9 +299,9 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 			snprintf(cont_type_whole, sizeof(cont_type_whole), "Content-Type:%s", cont_type_val);
 			meta.std_hdr[0]=cont_type_whole;
 		}
-		tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL, 
-														log_msg->resp_body, 
-														&meta, 
+		tmp=cache_evbase_upload_once_evbuf(handle->log_file_upload_instance, NULL,
+														log_msg->resp_body,
+														&meta,
 														log_file_upload_path, sizeof(log_file_upload_path));

 		if(tmp==0)
@@ -312,7 +318,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)

 	for(size_t i=0; i<log_msg->result_num; i++)
 	{
-	
+
 		TFE_LOG_DEBUG(handle->local_logger, "URL: %s , hit cfg_id: %d service: %d",
 						http->req->req_spec.url,
 						log_msg->result[i].config_id,
@@ -331,7 +337,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)

 		TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload);

-		kafka_status = rd_kafka_produce(handle->kafka_topic, RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, 
+		kafka_status = rd_kafka_produce(handle->kafka_topic, RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY,
 						log_payload, strlen(log_payload), NULL, 0, NULL);
 		free(log_payload);
 		cJSON_Delete(per_hit_obj);
@@ -340,7 +346,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 			TFE_LOG_ERROR(handle->local_logger, "Kafka produce failed: %s", rd_kafka_err2name(rd_kafka_last_error()));
 		}
 		send_cnt++;
-	}	
+	}

 	cJSON_Delete(common_obj);
 	return send_cnt;
--- a/plugin/protocol/http2/src/http2_stream.cpp
+++ b/plugin/protocol/http2/src/http2_stream.cpp
@@ -584,14 +584,13 @@ tfe_half_private_init(enum tfe_http_direction direction, int32_t stream_id,
 	struct tfe_h2_half_private *half_private = ALLOC(struct tfe_h2_half_private, 1);
 	assert(half_private);

-	memset(half_private, 0, sizeof(struct tfe_h2_half_private));
-
 	half_private->half_public.direction = direction;
-	half_private->half_public.major_version = 2;
 	half_private->half_public.ops = &h2_half_ops;

 	headers_init(&half_private->header);
 	headers_init(&half_private->promised);
+	half_private->h2_payload.inflate = NULL;
+	half_private->h2_payload.deflate = NULL;
 	half_private->h2_payload.evbuf_body = evbuffer_new();
 	half_private->h2_payload.gzip = HTTP2_CONTENT_ENCODING_NONE;
 	half_private->h2_payload.padlen = 0;
@@ -963,7 +962,7 @@ nghttp2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_fram
 {
 	int xret = -1;
 	enum tfe_stream_action stream_action = ACTION_DROP_DATA;
-	char error[1024] = {0};
+	char *error = NULL; size_t eroro_len=0;

 	const nghttp2_goaway *goaway = &frame->goaway;
 	nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir);
@@ -983,10 +982,12 @@ nghttp2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_fram
 													  dir, nghttp2_strerror(xret));
 	}
 finish:
-	snprintf(error, goaway->opaque_data_len, "%s", goaway->opaque_data);
+	eroro_len = goaway->opaque_data_len;
+	error = ALLOC(char, eroro_len + 1);
+	snprintf(error, eroro_len, "%s", goaway->opaque_data);
 	TFE_LOG_DEBUG(logger()->handle, "%s, %d, submit goaway, stream_id:%d, action:%d, errod_code:%d, data:%s", connection->tf_stream->str_stream_info,
 				  dir, goaway->last_stream_id, connection->stream_action, goaway->error_code, goaway->opaque_data);
-
+	FREE(&error);
 	connection->goaway = 1;
 	connection->stream_action = stream_action;
 	return 0;
@@ -1129,6 +1130,7 @@ static int tfe_half_session_init(struct tfe_h2_session *h2_session, int32_t stre
 {
 	struct tfe_http_session *tfe_session = &h2_session->tfe_session;

+	tfe_session->major_version = 2;
 	if (direction == TFE_HTTP_REQUEST){
 		struct tfe_h2_half_private *req = h2_session->req;
 		tfe_session->ops = &nghttp2_session_ops;
@@ -1791,9 +1793,14 @@ nghttp2_on_stream_close(nghttp2_session *session, const nghttp2_frame *frame, co
 			h2_stream_info->stream_action != ACTION_DEFER_DATA)
 			nghttp2_submit_end_header(h2_stream_info, h2_session);
 		goto end;
-	}
+	}	
 finish:
 	TAILQ_REMOVE(&h2_stream_info->h2_session_list, h2_session, next);
+	if (h2_session->frame_ctx){
+		http_frame_raise_session_end(h2_session->frame_ctx, h2_session->tf_stream, &h2_session->tfe_session,
+										 h2_stream_info->thread_id);
+		h2_session->frame_ctx = NULL;
+	}
 	delete_http2_stream_data(h2_session, h2_stream_info->tf_stream, 1);
 	free(h2_session);
 	h2_session = NULL;
@@ -1870,6 +1877,9 @@ nghttp2_client_on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
 		if (((ret == Z_STREAM_END) || (ret == Z_OK)) && uncompr > 0){
 			input      = (const uint8_t*)uncompr;
 			input_len  = uncompr_len;
+		}else
+		{
+			if (uncompr_len)	FREE(&uncompr);
 		}
 	}
 	data = input;
@@ -2186,6 +2196,10 @@ nghttp2_server_on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
 			input      = (const uint8_t*)uncompr;
 			input_len  = uncompr_len;
 		}
+		else
+		{
+			if (uncompr_len)	FREE(&uncompr);
+		}
 	}
 	data = input;
 	len  = input_len;