From eb70e87583edda1c894e9a3d5e40da9571770de9 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Thu, 29 Feb 2024 11:25:36 +0800 Subject: [PATCH] =?UTF-8?q?TSG-19480=20=E4=BF=AE=E5=A4=8DMetric=E4=B8=AD?= =?UTF-8?q?=E5=91=BD=E4=B8=AD=E7=AD=96=E7=95=A5=E7=BB=9F=E8=AE=A1=E5=92=8C?= =?UTF-8?q?Throughput=E7=9A=84=E6=97=B6=E6=9C=BA=E4=B8=8D=E4=B8=80?= =?UTF-8?q?=E8=87=B4=EF=BC=8C=E9=80=A0=E6=88=90=E7=95=8C=E9=9D=A2=E5=B1=95?= =?UTF-8?q?=E7=A4=BA=E6=AD=A7=E4=B9=89=20TSG-19540=20=E4=BF=AE=E5=A4=8DMan?= =?UTF-8?q?ipulation=E7=AD=96=E7=95=A5=E4=B8=ADProtocol=E9=80=89=E6=8B=A9U?= =?UTF-8?q?DP/ICMP=E6=97=B6,=E9=80=89=E6=8B=A9=E9=9D=9E=E6=97=A0=E6=B3=95?= =?UTF-8?q?=E5=91=BD=E4=B8=AD=E7=AD=96=E7=95=A5=20TSG-19337=20=E7=95=8C?= =?UTF-8?q?=E9=9D=A2=E5=B1=95=E7=A4=BA=E4=B8=80=E8=87=B4=E6=80=A7=EF=BC=8C?= =?UTF-8?q?Proxy=E7=9A=84Manipulate=E6=97=A5=E5=BF=97=E4=B8=AD=E7=9A=84IP?= =?UTF-8?q?=20Protocol=E7=BB=9F=E4=B8=80=E5=B0=8F=E5=86=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/src/tfe_scan.cpp | 7 +- plugin/business/doh/src/logger.cpp | 2 +- plugin/business/tsg-http/src/tsg_http.cpp | 152 ++++++++++---------- plugin/business/tsg-http/src/tsg_logger.cpp | 2 +- 4 files changed, 85 insertions(+), 78 deletions(-) diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index 2f22ac4..1c43f93 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -428,7 +428,12 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc { hit_cnt_ip += n_hit_result; } - + scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), + result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt_ip += n_hit_result; + } scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp index 8dad40c..9420413 100644 --- a/plugin/business/doh/src/logger.cpp +++ b/plugin/business/doh/src/logger.cpp @@ -399,7 +399,7 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c tfe_stream_info_get(stream, INFO_FROM_UPSTREAM_RX_OFFSET, &s2c_byte_num, sizeof(s2c_byte_num)); cJSON_AddStringToObject(common_obj, "decoded_as", "HTTP"); - cJSON_AddStringToObject(common_obj, "ip_protocol", "TCP"); + cJSON_AddStringToObject(common_obj, "ip_protocol", "tcp"); cJSON_AddNumberToObject(common_obj, "out_link_id", 0); cJSON_AddNumberToObject(common_obj, "in_link_id", 0); cJSON_AddStringToObject(common_obj, "sled_ip", handle->kafka_logger->local_ip_str); diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 42afd8c..5f2481a 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -1189,6 +1189,77 @@ struct proxy_http_ctx int thread_id; }; +static inline int ctx_actually_replaced(struct proxy_http_ctx * ctx) +{ + if(ctx->action == PX_ACTION_MANIPULATE && + ctx->param->action == MA_ACTION_REPLACE && + ctx->rep_ctx->actually_replaced==1) + { + return 1; + } + else + { + return 0; + } +} + +static inline int ctx_actually_ran_script(struct proxy_http_ctx * ctx) +{ + if(ctx->action == PX_ACTION_MANIPULATE && + ctx->param->action == MA_ACTION_LUA_SCRIPT && + ctx->tsg_ctx->actually_executed==1) + { + return 1; + } + else + { + return 0; + } +} + +static inline int ctx_actually_inserted(struct proxy_http_ctx * ctx) +{ + if(ctx->action == PX_ACTION_MANIPULATE && + ctx->param->action == MA_ACTION_INSERT && + ctx->ins_ctx->actually_inserted==1) + { + return 1; + } + else + { + return 0; + } +} + +static inline int ctx_actually_edited(struct proxy_http_ctx * ctx) +{ + if(ctx->action == PX_ACTION_MANIPULATE && + ctx->param->action == MA_ACTION_ELEMENT && ctx->edit_ctx != NULL && + ctx->edit_ctx->actually_edited==1) + { + return 1; + } + else + { + return 0; + } +} + +static inline int ctx_actually_manipulate(struct proxy_http_ctx * ctx) +{ + if(ctx->action == PX_ACTION_MANIPULATE && + (ctx->param->action == MA_ACTION_REDIRECT || + ctx->param->action == MA_ACTION_HIJACK)&& + ctx->manipulate_replaced==1) + { + return 1; + } + else + { + return 0; + } +} + void http_repl_ctx_free(struct replace_ctx* rep_ctx) { if (rep_ctx->http_body) @@ -2829,7 +2900,12 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h if(ctx->log_resp_body == NULL) ctx->log_resp_body = evbuffer_new(); evbuffer_add(ctx->log_resp_body, body_frag, frag_size); } - proxy_send_metric_log(stream, ctx, thread_id, 1); + + if((((ctx_actually_replaced(ctx)) || (ctx_actually_inserted(ctx)) || (ctx_actually_edited(ctx)) || (ctx_actually_manipulate(ctx)) + || ctx_actually_ran_script(ctx)) || ctx->action == PX_ACTION_REJECT || (ctx->action == PX_ACTION_MONIT))) + { + proxy_send_metric_log(stream, ctx, thread_id, 1); + } return; } @@ -2910,80 +2986,6 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ return; } -static inline int ctx_actually_replaced(struct proxy_http_ctx * ctx) -{ - - if(ctx->action == PX_ACTION_MANIPULATE && - ctx->param->action == MA_ACTION_REPLACE && - ctx->rep_ctx->actually_replaced==1) - { - return 1; - } - else - { - return 0; - } -} - -static inline int ctx_actually_ran_script(struct proxy_http_ctx * ctx) -{ - if(ctx->action == PX_ACTION_MANIPULATE && - ctx->param->action == MA_ACTION_LUA_SCRIPT && - ctx->tsg_ctx->actually_executed==1) - { - return 1; - } - else - { - return 0; - } -} - -static inline int ctx_actually_inserted(struct proxy_http_ctx * ctx) -{ - - if(ctx->action == PX_ACTION_MANIPULATE && - ctx->param->action == MA_ACTION_INSERT && - ctx->ins_ctx->actually_inserted==1) - { - return 1; - } - else - { - return 0; - } -} - -static inline int ctx_actually_edited(struct proxy_http_ctx * ctx) -{ - - if(ctx->action == PX_ACTION_MANIPULATE && - ctx->param->action == MA_ACTION_ELEMENT && ctx->edit_ctx != NULL && - ctx->edit_ctx->actually_edited==1) - { - return 1; - } - else - { - return 0; - } -} - -static inline int ctx_actually_manipulate(struct proxy_http_ctx * ctx) -{ - if(ctx->action == PX_ACTION_MANIPULATE && - (ctx->param->action == MA_ACTION_REDIRECT || - ctx->param->action == MA_ACTION_HIJACK)&& - ctx->manipulate_replaced==1) - { - return 1; - } - else - { - return 0; - } -} - void proxy_on_http_end(const struct tfe_stream * stream, const struct tfe_http_session * session, unsigned int thread_id, void ** pme) { diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index 6673d83..4ae7203 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -253,7 +253,7 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) cJSON_AddStringToObject(common_obj, "http_version", app_proto[http->major_version]); cJSON_AddStringToObject(common_obj, "decoded_as", "HTTP"); - cJSON_AddStringToObject(common_obj, "ip_protocol", "TCP"); + cJSON_AddStringToObject(common_obj, "ip_protocol", "tcp"); cJSON_AddNumberToObject(common_obj, "out_link_id", 0); cJSON_AddNumberToObject(common_obj, "in_link_id", 0); cJSON_AddStringToObject(common_obj, "sled_ip", handle->kafka_logger->local_ip_str);