|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
|
#include <pangu_logger.h>
|
|
|
|
|
#include "pangu_logger.h"
|
|
|
|
|
|
|
|
|
|
#include <tfe_stream.h>
|
|
|
|
|
#include <tfe_utils.h>
|
|
|
|
|
@@ -119,7 +119,7 @@ void pangu_http_init(struct tfe_proxy * proxy)
|
|
|
|
|
g_pangu_rt=ALLOC(struct pangu_rt,1);
|
|
|
|
|
MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level),0);
|
|
|
|
|
g_pangu_rt->local_logger=MESA_create_runtime_log_handle(logfile, g_pangu_rt->log_level);
|
|
|
|
|
g_pangu_rt->send_logger=pangu_send_log_init(profile, "LOG", g_pangu_rt->local_logger);
|
|
|
|
|
g_pangu_rt->send_logger=pangu_log_handle_create(profile, "LOG", g_pangu_rt->local_logger);
|
|
|
|
|
if(!g_pangu_rt->send_logger)
|
|
|
|
|
{
|
|
|
|
|
goto error_out;
|
|
|
|
|
@@ -142,15 +142,15 @@ void pangu_http_init(struct tfe_proxy * proxy)
|
|
|
|
|
g_pangu_rt->scan_table_id[i]=Maat_table_register(g_pangu_rt->maat, table_name[i]);
|
|
|
|
|
if(g_pangu_rt->scan_table_id[i]<0)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_ERROR(proxy->logger, "Pangu HTTP Maat table %s register failed.", table_name[i]);
|
|
|
|
|
TFE_LOG_ERROR(NULL, "Pangu HTTP Maat table %s register failed.", table_name[i]);
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
TFE_LOG_INFO(proxy->logger, "Pangu HTTP init success.");
|
|
|
|
|
TFE_LOG_INFO(NULL, "Pangu HTTP init success.");
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
error_out:
|
|
|
|
|
TFE_LOG_ERROR(proxy->logger, "Pangu HTTP init failed.");
|
|
|
|
|
TFE_LOG_ERROR(NULL, "Pangu HTTP init failed.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
static void _wrap_std_field_write(struct tfe_http_half * half, enum tfe_http_std_field field_id, const char * value)
|
|
|
|
|
@@ -158,17 +158,20 @@ static void _wrap_std_field_write(struct tfe_http_half * half, enum tfe_http_std
|
|
|
|
|
struct http_field_name tmp_name;
|
|
|
|
|
tmp_name.field_id=field_id;
|
|
|
|
|
tmp_name.field_name=NULL;
|
|
|
|
|
tfe_http_field_write(half, tmp_name, value);
|
|
|
|
|
tfe_http_field_write(half, &tmp_name, value);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#if 0
|
|
|
|
|
static void _wrap_non_std_field_write(struct tfe_http_half * half, const char* field_name, const char * value)
|
|
|
|
|
{
|
|
|
|
|
struct http_field_name tmp_name;
|
|
|
|
|
tmp_name.field_id=TFE_HTTP_UNKNOWN_FIELD;
|
|
|
|
|
tmp_name.field_name=field_name;
|
|
|
|
|
tfe_http_field_write(half, tmp_name, value);
|
|
|
|
|
//todo remove force convert after tfe_http.h improved.
|
|
|
|
|
tmp_name.field_name=(char*)field_name;
|
|
|
|
|
tfe_http_field_write(half, &tmp_name, value);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
enum replace_zone
|
|
|
|
|
{
|
|
|
|
|
kZoneRequestUri=0,
|
|
|
|
|
@@ -236,7 +239,7 @@ static void pangu_http_ctx_free(struct pangu_http_ctx* ctx)
|
|
|
|
|
inline void addr_tfe2sapp(const struct tfe_stream_addr* tfe_addr, struct ipaddr* sapp_addr)
|
|
|
|
|
{
|
|
|
|
|
sapp_addr->addrtype=tfe_addr->addrtype;
|
|
|
|
|
sapp_addr->paddr=tfe_addr->paddr;
|
|
|
|
|
sapp_addr->paddr=(char*)tfe_addr->paddr;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -260,18 +263,17 @@ inline void addr_tfe2sapp(const struct tfe_stream_addr* tfe_addr, struct ipaddr*
|
|
|
|
|
static enum pangu_action decide_ctrl_action(const Maat_rule_t* hit_result,int cnt,const Maat_rule_t**enforce_rule)
|
|
|
|
|
{
|
|
|
|
|
int i=0;
|
|
|
|
|
int idx=0;
|
|
|
|
|
const Maat_rule_t* tmp_rule=hit_result;
|
|
|
|
|
enum pangu_action tmp_action=PG_ACTION_NONE;
|
|
|
|
|
|
|
|
|
|
for(i=0;i<cnt;i++)
|
|
|
|
|
{
|
|
|
|
|
if(hit_result[i].action>tmp_action)
|
|
|
|
|
if((enum pangu_action)hit_result[i].action>tmp_action)
|
|
|
|
|
{
|
|
|
|
|
tmp_rule=hit_result+i;
|
|
|
|
|
tmp_action=hit_result[i].action;
|
|
|
|
|
tmp_action=(enum pangu_action)hit_result[i].action;
|
|
|
|
|
}
|
|
|
|
|
else if(hit_result[i].action==tmp_action)
|
|
|
|
|
else if((enum pangu_action)hit_result[i].action==tmp_action)
|
|
|
|
|
{
|
|
|
|
|
if(hit_result[i].config_id<tmp_rule->config_id)
|
|
|
|
|
{
|
|
|
|
|
@@ -287,6 +289,7 @@ static enum pangu_action decide_ctrl_action(const Maat_rule_t* hit_result,int cn
|
|
|
|
|
*enforce_rule=tmp_rule;
|
|
|
|
|
return tmp_action;
|
|
|
|
|
}
|
|
|
|
|
//https://github.com/AndiDittrich/HttpErrorPages
|
|
|
|
|
static void html_generate(const char* enforce_para, char** page_buff,size_t *page_size)
|
|
|
|
|
{
|
|
|
|
|
*page_buff=g_pangu_rt->reject_page;
|
|
|
|
|
@@ -296,7 +299,7 @@ static void html_free(char** page_buff)
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
static int is_http_request(uint64 events)
|
|
|
|
|
static int is_http_request(uint64_t events)
|
|
|
|
|
{
|
|
|
|
|
if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_REQ_BODY_CONT))
|
|
|
|
|
{
|
|
|
|
|
@@ -316,7 +319,7 @@ enum replace_zone zone_name_to_id(const char* name)
|
|
|
|
|
"http_resp_header",
|
|
|
|
|
"http_resp_body",
|
|
|
|
|
"http_resp_body"};
|
|
|
|
|
int i=0;
|
|
|
|
|
size_t i=0;
|
|
|
|
|
for(i=0;i< sizeof(std_name)/sizeof(const char*);i++)
|
|
|
|
|
{
|
|
|
|
|
if(0==strcasecmp(name,std_name[i]))
|
|
|
|
|
@@ -384,7 +387,7 @@ size_t format_replace_rule(const char* exec_para, struct replace_rule* replace,
|
|
|
|
|
sub_token= strtok_r(token,";", &saveptr);
|
|
|
|
|
if (sub_token == NULL)
|
|
|
|
|
break;
|
|
|
|
|
if(0=strncasecmp(sub_token,str_zone,strlen(str_zone)))
|
|
|
|
|
if(0==strncasecmp(sub_token,str_zone,strlen(str_zone)))
|
|
|
|
|
{
|
|
|
|
|
replace[idx].zone=zone_name_to_id(sub_token+strlen(str_zone));
|
|
|
|
|
if(replace[idx].zone==kZoneMax)
|
|
|
|
|
@@ -394,9 +397,9 @@ size_t format_replace_rule(const char* exec_para, struct replace_rule* replace,
|
|
|
|
|
}
|
|
|
|
|
if(0==strncasecmp(sub_token,str_subs,strlen(str_subs)))
|
|
|
|
|
{
|
|
|
|
|
sub_token=+=strlen(str_subs);
|
|
|
|
|
replace[idx].find=tfe_strdup(strtok_r_esc(sub_token,"/", &saveptr2));
|
|
|
|
|
replace[idx].replace_with==tfe_strdup(strtok_r_esc(NULL,"/", &saveptr2));
|
|
|
|
|
sub_token+=strlen(str_subs);
|
|
|
|
|
replace[idx].find=tfe_strdup(strtok_r_esc(sub_token,'/', &saveptr2));
|
|
|
|
|
replace[idx].replace_with=tfe_strdup(strtok_r_esc(NULL, '/', &saveptr2));
|
|
|
|
|
idx++;
|
|
|
|
|
if(idx==n_replace)
|
|
|
|
|
{
|
|
|
|
|
@@ -408,7 +411,7 @@ size_t format_replace_rule(const char* exec_para, struct replace_rule* replace,
|
|
|
|
|
tmp=NULL;
|
|
|
|
|
return idx;
|
|
|
|
|
}
|
|
|
|
|
size_t select_replace_rule(enum replace_zone zone, struct replace_rule* replace, size_t n_replace,
|
|
|
|
|
size_t select_replace_rule(enum replace_zone zone, const struct replace_rule* replace, size_t n_replace,
|
|
|
|
|
const struct replace_rule** selected, size_t n_selected)
|
|
|
|
|
{
|
|
|
|
|
size_t i=0,j=0;
|
|
|
|
|
@@ -437,10 +440,11 @@ static struct evbuffer* replace_string(const char* in, const struct replace_rule
|
|
|
|
|
if(status!=0)
|
|
|
|
|
{
|
|
|
|
|
char error_message[TFE_STRING_MAX];
|
|
|
|
|
regerror (status, reg, error_message, sizeof(error_message));
|
|
|
|
|
regerror (status, ®, error_message, sizeof(error_message));
|
|
|
|
|
TFE_LOG_ERROR(g_pangu_rt->local_logger,"Regex error compiling '%s': %s\n",
|
|
|
|
|
zone->find, error_message);
|
|
|
|
|
goto error_out;
|
|
|
|
|
regfree(®);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* "p" is a pointer into the string which points to the end of the previous match. */
|
|
|
|
|
@@ -455,7 +459,7 @@ static struct evbuffer* replace_string(const char* in, const struct replace_rule
|
|
|
|
|
int i = 0;
|
|
|
|
|
|
|
|
|
|
while (1) {
|
|
|
|
|
int nomatch = regexec (reg, p, n_matches, m, 0);
|
|
|
|
|
int nomatch = regexec (®, p, n_matches, m, 0);
|
|
|
|
|
if (nomatch)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
@@ -493,7 +497,6 @@ static struct evbuffer* replace_string(const char* in, const struct replace_rule
|
|
|
|
|
evbuffer_add(out, pre_sub_expr_end, in_sz-(pre_sub_expr_end-p));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
error_out:
|
|
|
|
|
regfree(®);
|
|
|
|
|
return out;
|
|
|
|
|
|
|
|
|
|
@@ -501,13 +504,10 @@ error_out:
|
|
|
|
|
struct evbuffer* execute_replace_rule(const char* in, size_t in_sz,
|
|
|
|
|
enum replace_zone zone, const struct replace_rule* rules, size_t n_rule)
|
|
|
|
|
{
|
|
|
|
|
const struct replace_rule** todo[MAX_EDIT_ZONE_NUM];
|
|
|
|
|
enum replace_zone zone;
|
|
|
|
|
int ret=0, is_replaced=0;
|
|
|
|
|
size_t n_todo=0, i=0, tmp_size=0;
|
|
|
|
|
const struct replace_rule* todo[MAX_EDIT_ZONE_NUM];
|
|
|
|
|
size_t n_todo=0, i=0;
|
|
|
|
|
struct evbuffer* out=NULL;
|
|
|
|
|
const char* interator=NULL;
|
|
|
|
|
size_t interator_sz=0;
|
|
|
|
|
struct evbuffer* new_out=NULL, *pre_out=NULL;
|
|
|
|
|
if(in==0)
|
|
|
|
|
{
|
|
|
|
|
@@ -528,7 +528,7 @@ struct evbuffer* execute_replace_rule(const char* in, size_t in_sz,
|
|
|
|
|
{
|
|
|
|
|
pre_out=out;
|
|
|
|
|
out=new_out;
|
|
|
|
|
interator=evbuffer_pullup(out, -1);
|
|
|
|
|
interator=(char*)evbuffer_pullup(out, -1);
|
|
|
|
|
evbuffer_free(pre_out);
|
|
|
|
|
pre_out=NULL;
|
|
|
|
|
}
|
|
|
|
|
@@ -538,22 +538,25 @@ struct evbuffer* execute_replace_rule(const char* in, size_t in_sz,
|
|
|
|
|
void http_replace(const struct tfe_stream * stream, const struct tfe_http_session * session,
|
|
|
|
|
uint64_t events, const char* body_frag, size_t frag_size,struct pangu_http_ctx* ctx)
|
|
|
|
|
{
|
|
|
|
|
struct replace_rule* ctx->rep_ctx=ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM);
|
|
|
|
|
struct tfe_http_half * req=NULL;
|
|
|
|
|
void* interator=NULL;
|
|
|
|
|
struct http_field_name tmp_name;
|
|
|
|
|
const struct replace_rule** todo[MAX_EDIT_ZONE_NUM];
|
|
|
|
|
size_t n_todo=0,i=0, out_size=0;
|
|
|
|
|
char* buff_in=NULL, buff_out=NULL;
|
|
|
|
|
const char* buff_in=NULL;
|
|
|
|
|
struct evbuffer* rewrite_url=NULL, *rewrite_buff=NULL;
|
|
|
|
|
struct replace_ctx* rep_ctx=NULL;
|
|
|
|
|
int is_replaced=0;
|
|
|
|
|
struct tfe_http_session *to_write_sess=NULL;
|
|
|
|
|
|
|
|
|
|
to_write_sess=tfe_http_session_allow_write(session);
|
|
|
|
|
if(to_write_sess==NULL) //fail to wirte, abandon.
|
|
|
|
|
{
|
|
|
|
|
TFE_STREAM_LOG_INFO(stream, "tfe_http_session_allow_write() %s failed.",session->req->req_spec.uri);
|
|
|
|
|
tfe_http_session_detach(session);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if(ctx->rep_ctx==NULL)
|
|
|
|
|
{
|
|
|
|
|
ctx->rep_ctx=rep_ctx=ALLOC(struct replace_ctx, 1);
|
|
|
|
|
|
|
|
|
|
rep_ctx->rule=ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM);
|
|
|
|
|
rep_ctx->n_rule=format_replace_rule(ctx->exec_para, rep_ctx->rule, MAX_EDIT_ZONE_NUM);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
if(events&EV_HTTP_REQ_HDR)
|
|
|
|
|
{
|
|
|
|
|
@@ -562,23 +565,22 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio
|
|
|
|
|
}
|
|
|
|
|
if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_RESP_HDR))
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if(events&EV_HTTP_REQ_HDR)
|
|
|
|
|
{
|
|
|
|
|
rep_ctx->replacing=tfe_http_session_request_create(session, session->req->req_spec.method,
|
|
|
|
|
rewrite_url!=NULL ? evbuffer_pullup(rewrite_url,-1) : session->req->req_spec.uri);
|
|
|
|
|
rep_ctx->replacing=tfe_http_session_request_create(to_write_sess, session->req->req_spec.method,
|
|
|
|
|
rewrite_url!=NULL ? (char*)evbuffer_pullup(rewrite_url,-1) : session->req->req_spec.uri);
|
|
|
|
|
evbuffer_free(rewrite_url);
|
|
|
|
|
rewrite_url=NULL;
|
|
|
|
|
tfe_http_allow_write(session->req);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
rep_ctx->replacing=tfe_http_session_response_create(session, session->resp->resp_spec.resp_code);
|
|
|
|
|
tfe_http_allow_write(session->resp);
|
|
|
|
|
rep_ctx->replacing=tfe_http_session_response_create(to_write_sess, session->resp->resp_spec.resp_code);
|
|
|
|
|
}
|
|
|
|
|
while(1)
|
|
|
|
|
{
|
|
|
|
|
buff_in=tfe_http_field_iterate(session->req, &interator, &tmp_name);
|
|
|
|
|
if(tmp_name->field_id==TFE_HTTP_CONT_LENGTH)
|
|
|
|
|
if(tmp_name.field_id==TFE_HTTP_CONT_LENGTH)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
@@ -586,8 +588,8 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio
|
|
|
|
|
{
|
|
|
|
|
rewrite_buff=execute_replace_rule(buff_in, strlen(buff_in),
|
|
|
|
|
events&EV_HTTP_REQ_HDR?kZoneRequestHeaders:kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule);
|
|
|
|
|
tfe_http_field_write(rep_ctx->replacing, tmp_name,
|
|
|
|
|
rewrite_buff!=NULL ? evbuffer_pullup(rewrite_buff) : buff_in);
|
|
|
|
|
tfe_http_field_write(rep_ctx->replacing, &tmp_name,
|
|
|
|
|
rewrite_buff!=NULL ? (char*)evbuffer_pullup(rewrite_buff, -1) : buff_in);
|
|
|
|
|
evbuffer_free(rewrite_buff);
|
|
|
|
|
rewrite_buff=NULL;
|
|
|
|
|
|
|
|
|
|
@@ -613,23 +615,23 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
assert(rep_ctx->body_size==evbuffer_get_length(rep_ctx->http_body));
|
|
|
|
|
buff_in=evbuffer_pullup(rep_ctx->http_body, -1);
|
|
|
|
|
buff_in=(char*)evbuffer_pullup(rep_ctx->http_body, -1);
|
|
|
|
|
rewrite_buff=execute_replace_rule(buff_in, rep_ctx->body_size,
|
|
|
|
|
events&EV_HTTP_REQ_HDR?kZoneRequestHeaders:kZoneResponseHeader, rep_ctx->rule, rep_ctx->n_rule);
|
|
|
|
|
char cont_len_str[TFE_SYMBOL_MAX];
|
|
|
|
|
snprintf(cont_len_str, "%llu", evbuffer_get_length(rewrite_buff));
|
|
|
|
|
snprintf(cont_len_str, sizeof(cont_len_str), "%lu", evbuffer_get_length(rewrite_buff));
|
|
|
|
|
_wrap_std_field_write(rep_ctx->replacing, TFE_HTTP_CONT_LENGTH, cont_len_str);
|
|
|
|
|
tfe_http_half_append_body(rep_ctx->replacing,
|
|
|
|
|
evbuffer_pullup(rewrite_buff, -1), evbuffer_get_length(rewrite_buff),0);
|
|
|
|
|
(char*)evbuffer_pullup(rewrite_buff, -1), evbuffer_get_length(rewrite_buff),0);
|
|
|
|
|
evbuffer_free(rewrite_buff);
|
|
|
|
|
rewrite_buff=NULL;
|
|
|
|
|
if(is_http_request(events))
|
|
|
|
|
{
|
|
|
|
|
tfe_http_session_request_set(session, rep_ctx->replacing);
|
|
|
|
|
tfe_http_session_request_set(to_write_sess, rep_ctx->replacing);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
tfe_http_session_response_set(session, rep_ctx->replacing);
|
|
|
|
|
tfe_http_session_response_set(to_write_sess, rep_ctx->replacing);
|
|
|
|
|
}
|
|
|
|
|
rep_ctx->replacing=NULL;//http half's ownership has been transfered to session.
|
|
|
|
|
|
|
|
|
|
@@ -637,42 +639,40 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio
|
|
|
|
|
rep_ctx->http_body=NULL;
|
|
|
|
|
rep_ctx->body_size=0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
static void http_reject(const struct tfe_http_session * session, uint64_t events, struct pangu_http_ctx* ctx)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
enum tfe_bussiness_action plugin_ret=BIZ_ACTION_FORWARD;
|
|
|
|
|
int resp_code=0,ret=0;
|
|
|
|
|
struct tfe_http_half* response=NULL;
|
|
|
|
|
struct http_field_name tmp_name;
|
|
|
|
|
char* page_buff=NULL;
|
|
|
|
|
size_t page_size=0;
|
|
|
|
|
char cont_len_str[TFE_STRING_MAX];
|
|
|
|
|
struct tfe_http_session* to_write=NULL;
|
|
|
|
|
struct tfe_http_session* to_write_sess=NULL;
|
|
|
|
|
|
|
|
|
|
ret=sscanf(ctx->exec_para,"code=%d%[^;];",&resp_code);
|
|
|
|
|
ret=sscanf(ctx->exec_para,"code=%d;",&resp_code);
|
|
|
|
|
if(ret!=1)
|
|
|
|
|
{
|
|
|
|
|
TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid reject rule %d paramter %s",
|
|
|
|
|
ctx->exec_rule->config_id, ctx->exec_para);
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
|
|
|
|
to_write=tfe_http_session_allow_write(session);
|
|
|
|
|
response=tfe_http_session_response_create(to_write, resp_code);
|
|
|
|
|
to_write_sess=tfe_http_session_allow_write(session);
|
|
|
|
|
response=tfe_http_session_response_create(to_write_sess, resp_code);
|
|
|
|
|
|
|
|
|
|
html_generate(ctx->exec_para, &page_buff, &page_size);
|
|
|
|
|
_wrap_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8");
|
|
|
|
|
snprinf(cont_len_str,sizeof(cont_len_str), "%llu", page_size);
|
|
|
|
|
snprintf(cont_len_str,sizeof(cont_len_str), "%lu", page_size);
|
|
|
|
|
_wrap_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str);
|
|
|
|
|
tfe_http_half_append_body(response, page_buff, page_size, 0);
|
|
|
|
|
tfe_http_session_response_set(session, response);
|
|
|
|
|
tfe_http_session_response_set(to_write_sess, response);
|
|
|
|
|
response=NULL;
|
|
|
|
|
error_out:
|
|
|
|
|
html_free(page_buff);
|
|
|
|
|
return plugin_ret;
|
|
|
|
|
html_free(&page_buff);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
static void http_redirect(const struct tfe_http_session * session, uint64_t events, struct pangu_http_ctx* ctx)
|
|
|
|
|
{
|
|
|
|
|
@@ -706,7 +706,8 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
void * interator=NULL;
|
|
|
|
|
const char* field_val=NULL;
|
|
|
|
|
struct http_field_name field_name;
|
|
|
|
|
struct Maat_rule_t result[MAX_SCAN_RESULT], *choosen=NULL;
|
|
|
|
|
struct Maat_rule_t result[MAX_SCAN_RESULT];
|
|
|
|
|
const struct Maat_rule_t* choosen=NULL;
|
|
|
|
|
char buff[TFE_STRING_MAX], *p=NULL;
|
|
|
|
|
int scan_ret=0, hit_cnt=0, table_id=0, read_rule_ret=0;
|
|
|
|
|
unsigned int i=0;
|
|
|
|
|
@@ -723,10 +724,14 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
if((events&EV_HTTP_REQ_HDR)|(events&EV_HTTP_RESP_HDR))
|
|
|
|
|
{
|
|
|
|
|
table_id=events&EV_HTTP_REQ_HDR?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_HDR]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_HDR];
|
|
|
|
|
for(i=0; i<session->req->field_cnt && hit_cnt<MAX_SCAN_RESULT; i++)
|
|
|
|
|
while(hit_cnt<MAX_SCAN_RESULT)
|
|
|
|
|
{
|
|
|
|
|
field_val=tfe_http_field_iterate(session->req, &interator, &field_name);
|
|
|
|
|
scan_ret=Maat_set_scan_status(g_pangu_rt->maat, ctx->mid, MAAT_SET_SCAN_DISTRICT,
|
|
|
|
|
if(field_val==NULL)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
scan_ret=Maat_set_scan_status(g_pangu_rt->maat, &(ctx->mid), MAAT_SET_SCAN_DISTRICT,
|
|
|
|
|
field_name.field_name,strlen(field_name.field_name));
|
|
|
|
|
assert(scan_ret==0);
|
|
|
|
|
scan_ret=Maat_full_scan_string(g_pangu_rt->maat, table_id,
|
|
|
|
|
@@ -741,7 +746,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
if((events&EV_HTTP_REQ_BODY_BEGIN)|(events&EV_HTTP_RESP_BODY_BEGIN))
|
|
|
|
|
{
|
|
|
|
|
assert(ctx->sp==NULL);
|
|
|
|
|
table_id=events&EV_HTTP_REQ_BODY_BEGIN?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_BODY]
|
|
|
|
|
table_id=events&EV_HTTP_REQ_BODY_BEGIN?g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY]:g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_BODY];
|
|
|
|
|
ctx->sp=Maat_stream_scan_string_start(g_pangu_rt->maat, table_id, ctx->thread_id);
|
|
|
|
|
}
|
|
|
|
|
if(body_frag!=NULL)
|
|
|
|
|
@@ -755,7 +760,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
}
|
|
|
|
|
if((events&EV_HTTP_REQ_BODY_END)|(events&EV_HTTP_RESP_BODY_END))
|
|
|
|
|
{
|
|
|
|
|
Maat_stream_scan_string_end(&(ctx->sp);
|
|
|
|
|
Maat_stream_scan_string_end(&(ctx->sp));
|
|
|
|
|
ctx->sp=NULL;
|
|
|
|
|
}
|
|
|
|
|
if(hit_cnt>0)
|
|
|
|
|
@@ -763,12 +768,12 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
ctx->action=decide_ctrl_action(result, hit_cnt, &choosen);
|
|
|
|
|
ctx->exec_rule=ALLOC(struct Maat_rule_t, 1);
|
|
|
|
|
memcpy(ctx->exec_rule, choosen, sizeof(struct Maat_rule_t));
|
|
|
|
|
if(ctx->exec_rule.serv_def_len>MAX_SERVICE_DEFINE_LEN)
|
|
|
|
|
if(ctx->exec_rule->serv_def_len>MAX_SERVICE_DEFINE_LEN)
|
|
|
|
|
{
|
|
|
|
|
ctx->exec_para=ALLOC(char, ctx->exec_rule.serv_def_len);
|
|
|
|
|
ctx->exec_para=ALLOC(char, ctx->exec_rule->serv_def_len);
|
|
|
|
|
read_rule_ret=Maat_read_rule(g_pangu_rt->maat, ctx->exec_rule,
|
|
|
|
|
MAAT_RULE_SERV_DEFINE, ctx->exec_para, ctx->exec_rule.serv_def_len);
|
|
|
|
|
assert(read_rule_ret== ctx->exec_rule.serv_def_len);
|
|
|
|
|
MAAT_RULE_SERV_DEFINE, ctx->exec_para, ctx->exec_rule->serv_def_len);
|
|
|
|
|
assert(read_rule_ret== ctx->exec_rule->serv_def_len);
|
|
|
|
|
}
|
|
|
|
|
if(hit_cnt>1)
|
|
|
|
|
{
|
|
|
|
|
@@ -778,26 +783,26 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
p+=snprintf(p, sizeof(buff)-(p-buff), "%d:", result[i].config_id);
|
|
|
|
|
}
|
|
|
|
|
*p='\0';
|
|
|
|
|
TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%d ids=%s enforce=%d .",
|
|
|
|
|
session->req->req_spec.url, buff, hit_cnt, ctx->exec_rule->config_id);
|
|
|
|
|
TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%d ids=%s execute=%d.",
|
|
|
|
|
session->req->req_spec.url, hit_cnt, buff, ctx->exec_rule->config_id);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ctx->action;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
enum tfe_bussiness_action pangu_on_http_begin(const struct tfe_stream * stream,
|
|
|
|
|
void pangu_on_http_begin(const struct tfe_stream * stream,
|
|
|
|
|
const struct tfe_http_session * session, unsigned int thread_id, void ** pme)
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme;
|
|
|
|
|
struct Maat_rule_t result[MAX_SCAN_RESULT];
|
|
|
|
|
struct Maat_rule_t* choosen=NULL;
|
|
|
|
|
const struct Maat_rule_t* choosen=NULL;
|
|
|
|
|
struct ipaddr sapp_addr;
|
|
|
|
|
int hit_cnt=0;
|
|
|
|
|
assert(ctx==NULL);
|
|
|
|
|
ctx=pangu_http_ctx_new(thread_id);
|
|
|
|
|
addr_tfe2sapp(stream->addr, sapp_addr);
|
|
|
|
|
hit_cnt=Maat_scan_proto_addr(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_IP], sapp_addr, 0,
|
|
|
|
|
addr_tfe2sapp(stream->addr, &sapp_addr);
|
|
|
|
|
hit_cnt=Maat_scan_proto_addr(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_IP], &sapp_addr, 0,
|
|
|
|
|
result, MAX_SCAN_RESULT, &(ctx->mid), (int)thread_id);
|
|
|
|
|
if(hit_cnt>0)
|
|
|
|
|
{
|
|
|
|
|
@@ -805,7 +810,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, uint64_t ev
|
|
|
|
|
}
|
|
|
|
|
if(ctx->action==PG_ACTION_WHITELIST)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
tfe_http_session_detach(session);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -818,7 +823,7 @@ void pangu_on_http_end(const struct tfe_stream * stream,
|
|
|
|
|
struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->exec_rule, .result_num=1};
|
|
|
|
|
if(ctx->action!=PG_ACTION_NONE)
|
|
|
|
|
{
|
|
|
|
|
pangu_send_log(g_pangu_rt->send_logger, &log_msg, NULL, 0);
|
|
|
|
|
pangu_log_send(g_pangu_rt->send_logger, &log_msg, NULL, 0);
|
|
|
|
|
}
|
|
|
|
|
pangu_http_ctx_free(ctx);
|
|
|
|
|
*pme=NULL;
|
|
|
|
|
@@ -829,7 +834,6 @@ void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_
|
|
|
|
|
uint64_t events, const char* body_frag, size_t frag_size, unsigned int thread_id, void ** pme)
|
|
|
|
|
{
|
|
|
|
|
struct pangu_http_ctx* ctx=*(struct pangu_http_ctx**)pme;
|
|
|
|
|
int hit_cnt=0;
|
|
|
|
|
enum pangu_action hit_action=PG_ACTION_NONE;
|
|
|
|
|
|
|
|
|
|
Re_Enter:
|
|
|
|
|
|
zhengchao