diff --git a/common/include/tfe_utils.h b/common/include/tfe_utils.h index 7c33f52..8f1a1b6 100644 --- a/common/include/tfe_utils.h +++ b/common/include/tfe_utils.h @@ -15,7 +15,7 @@ #endif #define ALLOC(type, number) ((type *)calloc(sizeof(type), number)) -#define FREE(p) {free(*p);*p=NULL} +#define FREE(p) {free(*p);*p=NULL;} #define TFE_STRUCT_ALLOC(struct_type) __extension__ \ ({ \ diff --git a/plugin/business/decrypt-mirroring/src/mirror_stream.cpp b/plugin/business/decrypt-mirroring/src/mirror_stream.cpp index cec661e..b19bc3f 100644 --- a/plugin/business/decrypt-mirroring/src/mirror_stream.cpp +++ b/plugin/business/decrypt-mirroring/src/mirror_stream.cpp @@ -119,10 +119,12 @@ void* deliver_filestat2(void* arg) int deliver_debug_log_v6(int level,char* module,struct deliver_pme_info* pmeinfo,int flag,int recv_len) -{ +{ +#if 0 + struct deliver_session_info* session_info=&(pmeinfo->session_info); struct deliver_pkt_info* pkt_info=&(pmeinfo->pkt_info); -#if 0 + struct sockaddr_in6* client_addr=(struct sockaddr_in6*)&(pmeinfo->addr_info.client); struct sockaddr_in6* server_addr=(struct sockaddr_in6*)&(pmeinfo->addr_info.server); @@ -159,10 +161,11 @@ int deliver_debug_log_v6(int level,char* module,struct deliver_pme_info* pmeinfo int deliver_debug_log_v4(int level,char* module,struct deliver_pme_info* pmeinfo,int flag,int recv_len) -{ +{ +#if 0 struct deliver_session_info* session_info=&(pmeinfo->session_info); struct deliver_pkt_info* pkt_info=&(pmeinfo->pkt_info); -#if 0 + struct sockaddr_in* client_addr=(struct sockaddr_in*)&(pmeinfo->addr_info.client); struct sockaddr_in* server_addr=(struct sockaddr_in*)&(pmeinfo->addr_info.server); @@ -385,7 +388,7 @@ int deliver_send_syn(int thread_seq,struct deliver_pme_info* pmeinfo) pmeinfo->pkt_info.win = deliver_rand_range(1460, 65500); pmeinfo->pkt_info.ipid = deliver_rand() % 65535; pmeinfo->pkt_info.ttl=deliver_rand_range(32,65); - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_send_v4(thread_seq,pmeinfo,0,NULL); deliver_debug_log_v4(RLOG_LV_INFO,(char*)DELIVER_SENDPKT_START,pmeinfo,DELIVER_FLAG_SENDPKT,0); @@ -407,7 +410,7 @@ int deliver_send_syn_ack(int thread_seq,struct deliver_pme_info* pmeinfo) pmeinfo->pkt_info.seq= deliver_rand(); pmeinfo->pkt_info.flag=TH_SYN|TH_ACK; - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_send_v4(thread_seq,pmeinfo,0,NULL); } @@ -432,7 +435,7 @@ int deliver_send_ack(int thread_seq,struct deliver_pme_info* pmeinfo) pmeinfo->pkt_info.flag=TH_ACK; - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_send_v4(thread_seq,pmeinfo,0,NULL); } @@ -473,7 +476,7 @@ int deliver_set_pktinfo(struct deliver_pme_info* pmeinfo,int flag, int cur_dir,i int deliver_send_rst(int thread_seq,struct deliver_pme_info* pmeinfo) { deliver_set_pktinfo(pmeinfo,TH_RST,CONN_DIR_DOWNSTREAM,0); - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_send_v4(thread_seq,pmeinfo,0,NULL); } @@ -484,7 +487,7 @@ int deliver_send_rst(int thread_seq,struct deliver_pme_info* pmeinfo) deliver_set_pktinfo(pmeinfo,TH_RST,CONN_DIR_UPSTREAM,0); - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_send_v4(thread_seq,pmeinfo,0,NULL); deliver_debug_log_v4(RLOG_LV_INFO,(char*)DELIVER_SENDPKT_END,pmeinfo,DELIVER_FLAG_ENT,0); @@ -530,7 +533,7 @@ int mirror_stream_write(int cur_dir,const unsigned char * data, size_t len, void pmeinfo->session_info.recv_pkt++; pmeinfo->session_info.recv_byte+=len; - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_debug_log_v4(RLOG_LV_DEBUG,(char*)DELIVER_RECVPKT_DEBUG,pmeinfo,DELIVER_FLAG_RECVPKT,len); } @@ -546,7 +549,7 @@ int mirror_stream_write(int cur_dir,const unsigned char * data, size_t len, void remain_len-=g_deliver_globle_info.sendinfo.mtu; deliver_set_pktinfo(pmeinfo,TH_ACK,cur_dir,payload_len); - if(pmeinfo->addr_info->addrtype==ADDR_TYPE_IPV4) + if(pmeinfo->addr_info->addrtype==TFE_ADDR_IPV4) { deliver_send_v4(thread_id,pmeinfo,payload_len,payload); } @@ -615,7 +618,7 @@ int deliver_profile_init(const char* filepath,int* logger_level,char* logger_fil MESA_load_profile_int_def(filepath,(char*)DELIVER_CONF_MODE,(char*)"receiver_num",&(g_deliver_globle_info.sendinfo.receiver_num),1); MESA_load_profile_string_nodef(filepath,(char*)DELIVER_CONF_MODE,(char*)"senddevice",g_deliver_globle_info.sendinfo.senddevice,DELIVER_CARDNAME_LEN); - g_deliver_globle_info.sendinfo.receiver_info=(struct deliver_recver_info*)malloc(g_deliver_globle_info.sendinfo.receiver_num*sizeof(struct deliver_recver_info)); + g_deliver_globle_info.sendinfo.receiver_info=(struct deliver_recver_info*)ALLOC(struct deliver_recver_info,g_deliver_globle_info.sendinfo.receiver_num); for(i=1;i<=g_deliver_globle_info.sendinfo.receiver_num;i++) { memset(mac_addr_str,0,DELIVER_MACADDR_STR_LEN); diff --git a/plugin/business/pangu-http/CMakeLists.txt b/plugin/business/pangu-http/CMakeLists.txt index a559d93..49c48f9 100644 --- a/plugin/business/pangu-http/CMakeLists.txt +++ b/plugin/business/pangu-http/CMakeLists.txt @@ -1,3 +1,3 @@ add_library(pangu-http pangu_logger.cpp pangu_http.cpp) -target_link_libraries(pangu-http common http) +target_link_libraries(pangu-http common http librdkafka-static) target_link_libraries(pangu-http cjson) \ No newline at end of file diff --git a/plugin/business/pangu-http/pangu_http.cpp b/plugin/business/pangu-http/pangu_http.cpp index 6302aed..99f8e4e 100644 --- a/plugin/business/pangu-http/pangu_http.cpp +++ b/plugin/business/pangu-http/pangu_http.cpp @@ -1,4 +1,4 @@ -#include +#include "pangu_logger.h" #include #include @@ -25,16 +25,16 @@ #define MAX_EDIT_MATCHES 16 enum pangu_action//Bigger action number is prior. { - PG_ACTION_NONE = 0x00, - PG_ACTION_MONIT = 0x01, + PG_ACTION_NONE = 0x00, + PG_ACTION_MONIT = 0x01, PG_ACTION_FORWARD = 0x02, /* N/A */ PG_ACTION_REJECT = 0x10, - PG_ACTION_DROP = 0x20, /* N/A */ - PG_ACTION_REDIRECT = 0x30, - PG_ACTION_RATELIMIT= 0x40, /* N/A */ + PG_ACTION_DROP = 0x20, /* N/A */ + PG_ACTION_REDIRECT = 0x30, + PG_ACTION_RATELIMIT = 0x40, /* N/A */ PG_ACTION_REPLACE = 0x50, - PG_ACTION_LOOP = 0x60, /* N/A */ - PG_ACTION_WHITELIST= 0x80 + PG_ACTION_LOOP = 0x60, /* N/A */ + PG_ACTION_WHITELIST = 0x80 }; enum scan_table { @@ -119,7 +119,7 @@ void pangu_http_init(struct tfe_proxy * proxy) g_pangu_rt=ALLOC(struct pangu_rt,1); MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level),0); g_pangu_rt->local_logger=MESA_create_runtime_log_handle(logfile, g_pangu_rt->log_level); - g_pangu_rt->send_logger=pangu_send_log_init(profile, "LOG", g_pangu_rt->local_logger); + g_pangu_rt->send_logger=pangu_log_handle_create(profile, "LOG", g_pangu_rt->local_logger); if(!g_pangu_rt->send_logger) { goto error_out; @@ -142,15 +142,15 @@ void pangu_http_init(struct tfe_proxy * proxy) g_pangu_rt->scan_table_id[i]=Maat_table_register(g_pangu_rt->maat, table_name[i]); if(g_pangu_rt->scan_table_id[i]<0) { - TFE_LOG_ERROR(proxy->logger, "Pangu HTTP Maat table %s register failed.", table_name[i]); + TFE_LOG_ERROR(NULL, "Pangu HTTP Maat table %s register failed.", table_name[i]); goto error_out; } } - TFE_LOG_INFO(proxy->logger, "Pangu HTTP init success."); + TFE_LOG_INFO(NULL, "Pangu HTTP init success."); return; error_out: - TFE_LOG_ERROR(proxy->logger, "Pangu HTTP init failed."); + TFE_LOG_ERROR(NULL, "Pangu HTTP init failed."); return; } static void _wrap_std_field_write(struct tfe_http_half * half, enum tfe_http_std_field field_id, const char * value) @@ -158,17 +158,20 @@ static void _wrap_std_field_write(struct tfe_http_half * half, enum tfe_http_std struct http_field_name tmp_name; tmp_name.field_id=field_id; tmp_name.field_name=NULL; - tfe_http_field_write(half, tmp_name, value); + tfe_http_field_write(half, &tmp_name, value); return; } +#if 0 static void _wrap_non_std_field_write(struct tfe_http_half * half, const char* field_name, const char * value) { struct http_field_name tmp_name; tmp_name.field_id=TFE_HTTP_UNKNOWN_FIELD; - tmp_name.field_name=field_name; - tfe_http_field_write(half, tmp_name, value); + //todo remove force convert after tfe_http.h improved. + tmp_name.field_name=(char*)field_name; + tfe_http_field_write(half, &tmp_name, value); return; } +#endif enum replace_zone { kZoneRequestUri=0, @@ -236,7 +239,7 @@ static void pangu_http_ctx_free(struct pangu_http_ctx* ctx) inline void addr_tfe2sapp(const struct tfe_stream_addr* tfe_addr, struct ipaddr* sapp_addr) { sapp_addr->addrtype=tfe_addr->addrtype; - sapp_addr->paddr=tfe_addr->paddr; + sapp_addr->paddr=(char*)tfe_addr->paddr; return; } @@ -260,18 +263,17 @@ inline void addr_tfe2sapp(const struct tfe_stream_addr* tfe_addr, struct ipaddr* static enum pangu_action decide_ctrl_action(const Maat_rule_t* hit_result,int cnt,const Maat_rule_t**enforce_rule) { int i=0; - int idx=0; const Maat_rule_t* tmp_rule=hit_result; enum pangu_action tmp_action=PG_ACTION_NONE; for(i=0;itmp_action) + if((enum pangu_action)hit_result[i].action>tmp_action) { tmp_rule=hit_result+i; - tmp_action=hit_result[i].action; + tmp_action=(enum pangu_action)hit_result[i].action; } - else if(hit_result[i].action==tmp_action) + else if((enum pangu_action)hit_result[i].action==tmp_action) { if(hit_result[i].config_idconfig_id) { @@ -287,6 +289,7 @@ static enum pangu_action decide_ctrl_action(const Maat_rule_t* hit_result,int cn *enforce_rule=tmp_rule; return tmp_action; } +//https://github.com/AndiDittrich/HttpErrorPages static void html_generate(const char* enforce_para, char** page_buff,size_t *page_size) { *page_buff=g_pangu_rt->reject_page; @@ -296,7 +299,7 @@ static void html_free(char** page_buff) { return; } -static int is_http_request(uint64 events) +static int is_http_request(uint64_t events) { if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_REQ_BODY_CONT)) { @@ -316,7 +319,7 @@ enum replace_zone zone_name_to_id(const char* name) "http_resp_header", "http_resp_body", "http_resp_body"}; - int i=0; + size_t i=0; for(i=0;i< sizeof(std_name)/sizeof(const char*);i++) { if(0==strcasecmp(name,std_name[i])) @@ -384,7 +387,7 @@ size_t format_replace_rule(const char* exec_para, struct replace_rule* replace, sub_token= strtok_r(token,";", &saveptr); if (sub_token == NULL) break; - if(0=strncasecmp(sub_token,str_zone,strlen(str_zone))) + if(0==strncasecmp(sub_token,str_zone,strlen(str_zone))) { replace[idx].zone=zone_name_to_id(sub_token+strlen(str_zone)); if(replace[idx].zone==kZoneMax) @@ -394,9 +397,9 @@ size_t format_replace_rule(const char* exec_para, struct replace_rule* replace, } if(0==strncasecmp(sub_token,str_subs,strlen(str_subs))) { - sub_token=+=strlen(str_subs); - replace[idx].find=tfe_strdup(strtok_r_esc(sub_token,"/", &saveptr2)); - replace[idx].replace_with==tfe_strdup(strtok_r_esc(NULL,"/", &saveptr2)); + sub_token+=strlen(str_subs); + replace[idx].find=tfe_strdup(strtok_r_esc(sub_token,'/', &saveptr2)); + replace[idx].replace_with=tfe_strdup(strtok_r_esc(NULL, '/', &saveptr2)); idx++; if(idx==n_replace) { @@ -408,7 +411,7 @@ size_t format_replace_rule(const char* exec_para, struct replace_rule* replace, tmp=NULL; return idx; } -size_t select_replace_rule(enum replace_zone zone, struct replace_rule* replace, size_t n_replace, +size_t select_replace_rule(enum replace_zone zone, const struct replace_rule* replace, size_t n_replace, const struct replace_rule** selected, size_t n_selected) { size_t i=0,j=0; @@ -437,10 +440,11 @@ static struct evbuffer* replace_string(const char* in, const struct replace_rule if(status!=0) { char error_message[TFE_STRING_MAX]; - regerror (status, reg, error_message, sizeof(error_message)); + regerror (status, ®, error_message, sizeof(error_message)); TFE_LOG_ERROR(g_pangu_rt->local_logger,"Regex error compiling '%s': %s\n", zone->find, error_message); - goto error_out; + regfree(®); + return NULL; } /* "p" is a pointer into the string which points to the end of the previous match. */ @@ -455,7 +459,7 @@ static struct evbuffer* replace_string(const char* in, const struct replace_rule int i = 0; while (1) { - int nomatch = regexec (reg, p, n_matches, m, 0); + int nomatch = regexec (®, p, n_matches, m, 0); if (nomatch) { break; @@ -493,7 +497,6 @@ static struct evbuffer* replace_string(const char* in, const struct replace_rule evbuffer_add(out, pre_sub_expr_end, in_sz-(pre_sub_expr_end-p)); } -error_out: regfree(®); return out; @@ -501,13 +504,10 @@ error_out: struct evbuffer* execute_replace_rule(const char* in, size_t in_sz, enum replace_zone zone, const struct replace_rule* rules, size_t n_rule) { - const struct replace_rule** todo[MAX_EDIT_ZONE_NUM]; - enum replace_zone zone; - int ret=0, is_replaced=0; - size_t n_todo=0, i=0, tmp_size=0; + const struct replace_rule* todo[MAX_EDIT_ZONE_NUM]; + size_t n_todo=0, i=0; struct evbuffer* out=NULL; const char* interator=NULL; - size_t interator_sz=0; struct evbuffer* new_out=NULL, *pre_out=NULL; if(in==0) { @@ -528,7 +528,7 @@ struct evbuffer* execute_replace_rule(const char* in, size_t in_sz, { pre_out=out; out=new_out; - interator=evbuffer_pullup(out, -1); + interator=(char*)evbuffer_pullup(out, -1); evbuffer_free(pre_out); pre_out=NULL; } @@ -538,22 +538,25 @@ struct evbuffer* execute_replace_rule(const char* in, size_t in_sz, void http_replace(const struct tfe_stream * stream, const struct tfe_http_session * session, uint64_t events, const char* body_frag, size_t frag_size,struct pangu_http_ctx* ctx) { - struct replace_rule* ctx->rep_ctx=ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM); - struct tfe_http_half * req=NULL; void* interator=NULL; struct http_field_name tmp_name; - const struct replace_rule** todo[MAX_EDIT_ZONE_NUM]; - size_t n_todo=0,i=0, out_size=0; - char* buff_in=NULL, buff_out=NULL; + const char* buff_in=NULL; struct evbuffer* rewrite_url=NULL, *rewrite_buff=NULL; struct replace_ctx* rep_ctx=NULL; - int is_replaced=0; + struct tfe_http_session *to_write_sess=NULL; + + to_write_sess=tfe_http_session_allow_write(session); + if(to_write_sess==NULL) //fail to wirte, abandon. + { + TFE_STREAM_LOG_INFO(stream, "tfe_http_session_allow_write() %s failed.",session->req->req_spec.uri); + tfe_http_session_detach(session); + return; + } if(ctx->rep_ctx==NULL) { ctx->rep_ctx=rep_ctx=ALLOC(struct replace_ctx, 1); - + rep_ctx->rule=ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM); rep_ctx->n_rule=format_replace_rule(ctx->exec_para, rep_ctx->rule, MAX_EDIT_ZONE_NUM); - } if(events&EV_HTTP_REQ_HDR) { @@ -562,23 +565,22 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio } if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_RESP_HDR)) { + if(events&EV_HTTP_REQ_HDR) { - rep_ctx->replacing=tfe_http_session_request_create(session, session->req->req_spec.method, - rewrite_url!=NULL ? evbuffer_pullup(rewrite_url,-1) : session->req->req_spec.uri); + rep_ctx->replacing=tfe_http_session_request_create(to_write_sess, session->req->req_spec.method, + rewrite_url!=NULL ? (char*)evbuffer_pullup(rewrite_url,-1) : session->req->req_spec.uri); evbuffer_free(rewrite_url); rewrite_url=NULL; - tfe_http_allow_write(session->req); } else { - rep_ctx->replacing=tfe_http_session_response_create(session, session->resp->resp_spec.resp_code); - tfe_http_allow_write(session->resp); + rep_ctx->replacing=tfe_http_session_response_create(to_write_sess, session->resp->resp_spec.resp_code); } while(1) { buff_in=tfe_http_field_iterate(session->req, &interator, &tmp_name); - if(tmp_name->field_id==TFE_HTTP_CONT_LENGTH) + if(tmp_name.field_id==TFE_HTTP_CONT_LENGTH) { continue; } @@ -586,8 +588,8 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio { rewrite_buff=execute_replace_rule(buff_in, strlen(buff_in), events&EV_HTTP_REQ_HDR?kZoneRequestHeaders:kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule); - tfe_http_field_write(rep_ctx->replacing, tmp_name, - rewrite_buff!=NULL ? evbuffer_pullup(rewrite_buff) : buff_in); + tfe_http_field_write(rep_ctx->replacing, &tmp_name, + rewrite_buff!=NULL ? (char*)evbuffer_pullup(rewrite_buff, -1) : buff_in); evbuffer_free(rewrite_buff); rewrite_buff=NULL; @@ -613,23 +615,23 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio { assert(rep_ctx->body_size==evbuffer_get_length(rep_ctx->http_body)); - buff_in=evbuffer_pullup(rep_ctx->http_body, -1); + buff_in=(char*)evbuffer_pullup(rep_ctx->http_body, -1); rewrite_buff=execute_replace_rule(buff_in, rep_ctx->body_size, events&EV_HTTP_REQ_HDR?kZoneRequestHeaders:kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule); char cont_len_str[TFE_SYMBOL_MAX]; - snprintf(cont_len_str, "%llu", evbuffer_get_length(rewrite_buff)); + snprintf(cont_len_str, sizeof(cont_len_str), "%lu", evbuffer_get_length(rewrite_buff)); _wrap_std_field_write(rep_ctx->replacing, TFE_HTTP_CONT_LENGTH, cont_len_str); tfe_http_half_append_body(rep_ctx->replacing, - evbuffer_pullup(rewrite_buff, -1), evbuffer_get_length(rewrite_buff),0); + (char*)evbuffer_pullup(rewrite_buff, -1), evbuffer_get_length(rewrite_buff),0); evbuffer_free(rewrite_buff); rewrite_buff=NULL; if(is_http_request(events)) { - tfe_http_session_request_set(session, rep_ctx->replacing); + tfe_http_session_request_set(to_write_sess, rep_ctx->replacing); } else { - tfe_http_session_response_set(session, rep_ctx->replacing); + tfe_http_session_response_set(to_write_sess, rep_ctx->replacing); } rep_ctx->replacing=NULL;//http half's ownership has been transfered to session. @@ -637,42 +639,40 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio rep_ctx->http_body=NULL; rep_ctx->body_size=0; } - + return; } static void http_reject(const struct tfe_http_session * session, uint64_t events, struct pangu_http_ctx* ctx) { - enum tfe_bussiness_action plugin_ret=BIZ_ACTION_FORWARD; int resp_code=0,ret=0; struct tfe_http_half* response=NULL; - struct http_field_name tmp_name; char* page_buff=NULL; size_t page_size=0; char cont_len_str[TFE_STRING_MAX]; - struct tfe_http_session* to_write=NULL; + struct tfe_http_session* to_write_sess=NULL; - ret=sscanf(ctx->exec_para,"code=%d%[^;];",&resp_code); + ret=sscanf(ctx->exec_para,"code=%d;",&resp_code); if(ret!=1) { TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid reject rule %d paramter %s", ctx->exec_rule->config_id, ctx->exec_para); goto error_out; } - to_write=tfe_http_session_allow_write(session); - response=tfe_http_session_response_create(to_write, resp_code); + to_write_sess=tfe_http_session_allow_write(session); + response=tfe_http_session_response_create(to_write_sess, resp_code); html_generate(ctx->exec_para, &page_buff, &page_size); _wrap_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8"); - snprinf(cont_len_str,sizeof(cont_len_str), "%llu", page_size); + snprintf(cont_len_str,sizeof(cont_len_str), "%lu", page_size); _wrap_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str); tfe_http_half_append_body(response, page_buff, page_size, 0); - tfe_http_session_response_set(session, response); + tfe_http_session_response_set(to_write_sess, response); response=NULL; error_out: - html_free(page_buff); - return plugin_ret; + html_free(&page_buff); + return; } static void http_redirect(const struct tfe_http_session * session, uint64_t events, struct pangu_http_ctx* ctx) { @@ -706,7 +706,8 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev void * interator=NULL; const char* field_val=NULL; struct http_field_name field_name; - struct Maat_rule_t result[MAX_SCAN_RESULT], *choosen=NULL; + struct Maat_rule_t result[MAX_SCAN_RESULT]; + const struct Maat_rule_t* choosen=NULL; char buff[TFE_STRING_MAX], *p=NULL; int scan_ret=0, hit_cnt=0, table_id=0, read_rule_ret=0; unsigned int i=0; @@ -723,10 +724,14 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_RESP_HDR)) { table_id=events&EV_HTTP_REQ_HDR?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_HDR]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_HDR]; - for(i=0; ireq->field_cnt && hit_cntreq, &interator, &field_name); - scan_ret=Maat_set_scan_status(g_pangu_rt->maat, ctx->mid, MAAT_SET_SCAN_DISTRICT, + if(field_val==NULL) + { + break; + } + scan_ret=Maat_set_scan_status(g_pangu_rt->maat, &(ctx->mid), MAAT_SET_SCAN_DISTRICT, field_name.field_name,strlen(field_name.field_name)); assert(scan_ret==0); scan_ret=Maat_full_scan_string(g_pangu_rt->maat, table_id, @@ -735,13 +740,13 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev if(scan_ret>0) { hit_cnt+=scan_ret; - } + } } } if((events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_RESP_BODY_BEGIN)) { assert(ctx->sp==NULL); - table_id=events&EV_HTTP_REQ_BODY_BEGIN?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_BODY] + table_id=events&EV_HTTP_REQ_BODY_BEGIN?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_BODY]; ctx->sp=Maat_stream_scan_string_start(g_pangu_rt->maat, table_id, ctx->thread_id); } if(body_frag!=NULL) @@ -755,7 +760,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev } if((events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_RESP_BODY_END)) { - Maat_stream_scan_string_end(&(ctx->sp); + Maat_stream_scan_string_end(&(ctx->sp)); ctx->sp=NULL; } if(hit_cnt>0) @@ -763,12 +768,12 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev ctx->action=decide_ctrl_action(result, hit_cnt, &choosen); ctx->exec_rule=ALLOC(struct Maat_rule_t, 1); memcpy(ctx->exec_rule, choosen, sizeof(struct Maat_rule_t)); - if(ctx->exec_rule.serv_def_len>MAX_SERVICE_DEFINE_LEN) + if(ctx->exec_rule->serv_def_len>MAX_SERVICE_DEFINE_LEN) { - ctx->exec_para=ALLOC(char, ctx->exec_rule.serv_def_len); + ctx->exec_para=ALLOC(char, ctx->exec_rule->serv_def_len); read_rule_ret=Maat_read_rule(g_pangu_rt->maat, ctx->exec_rule, - MAAT_RULE_SERV_DEFINE, ctx->exec_para, ctx->exec_rule.serv_def_len); - assert(read_rule_ret== ctx->exec_rule.serv_def_len); + MAAT_RULE_SERV_DEFINE, ctx->exec_para, ctx->exec_rule->serv_def_len); + assert(read_rule_ret== ctx->exec_rule->serv_def_len); } if(hit_cnt>1) { @@ -778,26 +783,26 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev p+=snprintf(p, sizeof(buff)-(p-buff), "%d:", result[i].config_id); } *p='\0'; - TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%d ids=%s enforce=%d .", - session->req->req_spec.url, buff, hit_cnt, ctx->exec_rule->config_id); + TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%d ids=%s execute=%d.", + session->req->req_spec.url, hit_cnt, buff, ctx->exec_rule->config_id); } } return ctx->action; } - enum tfe_bussiness_action pangu_on_http_begin(const struct tfe_stream * stream, +void pangu_on_http_begin(const struct tfe_stream * stream, const struct tfe_http_session * session, unsigned int thread_id, void ** pme) { struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme; struct Maat_rule_t result[MAX_SCAN_RESULT]; - struct Maat_rule_t* choosen=NULL; + const struct Maat_rule_t* choosen=NULL; struct ipaddr sapp_addr; int hit_cnt=0; assert(ctx==NULL); ctx=pangu_http_ctx_new(thread_id); - addr_tfe2sapp(stream->addr, sapp_addr); - hit_cnt=Maat_scan_proto_addr(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_IP], sapp_addr, 0, + addr_tfe2sapp(stream->addr, &sapp_addr); + hit_cnt=Maat_scan_proto_addr(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_IP], &sapp_addr, 0, result, MAX_SCAN_RESULT, &(ctx->mid), (int)thread_id); if(hit_cnt>0) { @@ -805,7 +810,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev } if(ctx->action==PG_ACTION_WHITELIST) { - + tfe_http_session_detach(session); } } @@ -818,7 +823,7 @@ void pangu_on_http_end(const struct tfe_stream * stream, struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->exec_rule, .result_num=1}; if(ctx->action!=PG_ACTION_NONE) { - pangu_send_log(g_pangu_rt->send_logger, &log_msg, NULL, 0); + pangu_log_send(g_pangu_rt->send_logger, &log_msg, NULL, 0); } pangu_http_ctx_free(ctx); *pme=NULL; @@ -829,7 +834,6 @@ void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_ uint64_t events, const char* body_frag, size_t frag_size, unsigned int thread_id, void ** pme) { struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme; - int hit_cnt=0; enum pangu_action hit_action=PG_ACTION_NONE; Re_Enter: diff --git a/plugin/business/pangu-http/pangu_logger.cpp b/plugin/business/pangu-http/pangu_logger.cpp index aa7e565..4de458d 100644 --- a/plugin/business/pangu-http/pangu_logger.cpp +++ b/plugin/business/pangu-http/pangu_logger.cpp @@ -1,6 +1,7 @@ +#include "pangu_logger.h" #include #include -#include "pangu_logger.h" +#include #include #include @@ -10,8 +11,7 @@ #include #include #include - - +#include struct json_spec { @@ -101,7 +101,7 @@ static rd_kafka_t * create_kafka_handle(const char* brokerlist) -struct pangu_logger* pangu_send_log_init(const char* profile, const char* section, void* logger) +struct pangu_logger* pangu_log_handle_create(const char* profile, const char* section, void* local_logger) { int ret=-1,i=0; char addr_string[TFE_SYMBOL_MAX]={0},local_msg_dir[TFE_STRING_MAX]={0}; @@ -109,7 +109,7 @@ struct pangu_logger* pangu_send_log_init(const char* profile, const char* secti unsigned int ip_buff[TFE_SYMBOL_MAX]; struct pangu_logger* instance=ALLOC(struct pangu_logger,1); - instance->global_logger=logger; + instance->global_logger=local_logger; instance->opt2json[LOG_OPT_HTTP_C2S_ISN] = {cJSON_Number,"isn"}; instance->opt2json[LOG_OPT_HTTP_PROXY_FLAG] = {cJSON_Number,"proxy_flag"}; @@ -123,13 +123,13 @@ struct pangu_logger* pangu_send_log_init(const char* profile, const char* secti instance->opt2json[LOG_OPT_HTTP_CONTENT_TYPE] = {cJSON_String,"content_type"}; instance->opt2json[LOG_OPT_HTTP_CONTENT_LEN] = {cJSON_String,"content_len"}; - TFE_LOG_ERROR(logger,"Pangu log is inititating from %s section %s.", profile, section); + TFE_LOG_ERROR(local_logger,"Pangu log is inititating from %s section %s.", profile, section); MESA_load_profile_string_def(profile, section, "NIC_NAME",nic_name,sizeof(nic_name),"eth0"); instance->local_ip_nr=get_ip_by_eth_name(nic_name); if(instance->local_ip_nr==INADDR_NONE) { - TFE_LOG_ERROR(logger, "%s get NIC_NAME: %s error.", __FUNCTION__, nic_name); + TFE_LOG_ERROR(local_logger, "%s get NIC_NAME: %s error.", __FUNCTION__, nic_name); goto error_out; } inet_ntop(AF_INET,&(instance->local_ip_nr),instance->local_ip_str,sizeof(instance->local_ip_str)); @@ -139,13 +139,13 @@ struct pangu_logger* pangu_send_log_init(const char* profile, const char* secti ret=MESA_load_profile_string_def(profile, section,"KAFKA_BROKERLIST", instance->brokerlist, sizeof(instance->brokerlist), NULL); if(ret<0) { - TFE_LOG_ERROR(logger,"Pangu log init failed, no brokerlist in profile %s section %s.", profile, section); + TFE_LOG_ERROR(local_logger,"Pangu log init failed, no brokerlist in profile %s section %s.", profile, section); goto error_out; } instance->kafka_handle=create_kafka_handle(instance->brokerlist); if(instance->kafka_handle==NULL) { - TFE_LOG_ERROR(logger,"Pangu log init failed. Cannot create lafka handle with brokerlist: %s.", instance->brokerlist); + TFE_LOG_ERROR(local_logger,"Pangu log init failed. Cannot create lafka handle with brokerlist: %s.", instance->brokerlist); goto error_out; } instance->topic_name="PXY_HTTP_LOG"; diff --git a/plugin/business/pangu-http/pangu_logger.h b/plugin/business/pangu-http/pangu_logger.h index d8cfc7f..6b59bad 100644 --- a/plugin/business/pangu-http/pangu_logger.h +++ b/plugin/business/pangu-http/pangu_logger.h @@ -84,7 +84,9 @@ struct pangu_log }; struct pangu_logger* logger; +struct pangu_logger* pangu_log_handle_create(const char* profile, const char* section, void* local_logger); + //return 0 if SUCCESS, otherwise return -1 -int pangu_send_log(struct pangu_logger* logger, const pangu_log* log_msg, struct opt_unit* log_opt, int opt_num); +int pangu_log_send(struct pangu_logger* logger, const pangu_log* log_msg, struct opt_unit* log_opt, int opt_num);