调整pangu-http配置文件的目录结构。

plugin/business/pangu-http/conf/pangu_ctrl.json

@@ -0,0 +1,135 @@
+{
+    "rules": [
+       {
+            "compile_id": 125,
+            "service": 1,
+            "action": 48,
+            "do_blacklist": 1,
+	    "do_log": 1,
+            "effective_range": 0,
+            "user_region": "code=302;url=http://news.baidu.com",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "regions": [
+                        {
+                            "table_name": "PXY_CTRL_HTTP_URL",
+                            "table_type": "string",
+                            "table_content": {
+                                "keywords": "kernel-3.10.0-327.el7.src.rpm",
+                                "expr_type": "regex",
+                                "match_method": "sub",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                }
+            ]
+        },
+    	{
+            "compile_id": 128,
+            "service": 1,
+            "action": 16,
+            "do_blacklist": 1,
+	    "do_log": 1,
+            "effective_range": 0,
+            "user_region": "code=302;url=http://news.baidu.com",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "regions": [
+                        {
+                            "table_name": "PXY_CTRL_HTTP_RES_BODY",
+                            "table_type": "string",
+                            "table_content": {
+                                "keywords": "hello=world",
+                                "expr_type": "regex",
+                                "match_method": "sub",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                }
+            ]
+        },
+	{
+            "compile_id": 127,
+            "service": 1,
+            "action": 80, 
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_range": 0,
+            "user_region": "zone=http_resp_body;regex=/house.qq.com/www.renren.com",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "regions": [
+                        {
+                            "table_name": "PXY_CTRL_HTTP_URL",
+                            "table_type": "string",
+                            "table_content": {
+                                "keywords": "www.qq.com",
+                                "expr_type": "none",
+                                "match_method": "left",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                }
+            ]
+        },
+    	{
+            "compile_id": 130,
+            "service": 1,
+            "action": 48, 
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_range": 0,
+            "user_region": "code=404;content=",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "regions": [
+                        {
+                            "table_name": "PXY_CTRL_HTTP_URL",
+                            "table_type": "string",
+                            "table_content": {
+                                "keywords": "www.google.com",
+                                "expr_type": "none",
+                                "match_method": "sub",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                }
+            ]
+        },
+    	{
+            "compile_id": 131,
+            "service": 1,
+            "action": 48, 
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_range": 0,
+            "user_region": "code=404;content=",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "regions": [
+                        {
+                            "table_name": "PXY_CTRL_HTTP_RES_BODY",
+                            "table_type": "string",
+                            "table_content": {
+                                "keywords": "动物世界",
+                                "expr_type": "none",
+                                "match_method": "sub",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                }
+            ]
+        }
+ 
+   ]
+}

plugin/business/pangu-http/conf/pangu_pxy.conf

@@ -0,0 +1,19 @@
+[DEBUG]
+LOG_LEVEL=0
+[LOG]
+NIC_NAME=enp131s0f2
+ENTRANCE_ID=0
+KAFKA_BROKERLIST=192.168.10.73:9092
+
+[MAAT]
+# 0:json 1: redis 2: iris
+MAAT_INPUT_MODE=0
+TABLE_INFO=./pangu_conf/table_info.conf
+JSON_CFG_FILE=./pangu_conf/pangu_ctrl.json
+STAT_FILE=./log/pangu_scan.status
+FULL_CFG_DIR=./pangu_policy/full/index/
+INC_CFG_DIR=./pangu_policy/inc/index/
+MAAT_REDIS_SERVER=192.168.11.243
+MAAT_REDIS_PORT=6379
+MAAT_REDIS_DB_INDEX=4
+EFFECT_INTERVAL_S=1

plugin/business/pangu-http/conf/table_info.conf

@@ -0,0 +1,25 @@
+#each collumn seperate with '\t'
+#id	(0~65535)
+#name string
+#type one of ip,expr,expr_plus,digest,intval,compile or plugin
+#src_charset one of GBK,BIG5,UNICODE,UTF8
+#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
+#do_merege [yes/no]
+#cross cache [number]
+#quick mode [quickon/quickoff], default [quickoff]
+#For ip/intval/digest/compile/group
+#id	name	type
+#
+#For plugin table
+#id	name	type	valid_column
+#
+#For expr/expr_plus Table
+#id	name	type	src_charset	dst_charset	do_merge cross_cache quick_mode
+0	PXY_CTRL_COMPILE	compile	escape	--
+1	PXY_CTRL_GROUP	group	--
+2	PXY_CTRL_IP	ip	---
+3	PXY_CTRL_HTTP_URL	expr	UTF8	GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8	yes	128	quickoff
+4	PXY_CTRL_HTTP_REQ_HDR	expr_plus	UTF8	GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8	yes	128	quickoff
+5	PXY_CTRL_HTTP_REQ_BODY	expr	UTF8	GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8	yes	128	quickoff
+6	PXY_CTRL_HTTP_RES_HDR	expr_plus	UTF8	GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8	yes	128	quickoff
+7	PXY_CTRL_HTTP_RES_BODY	expr	UTF8	GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8	yes	128	quickoff

plugin/business/pangu-http/pangu_http.cpp

@@ -61,22 +61,37 @@ struct pangu_rt
 	int page_size;
 };
 struct pangu_rt *g_pangu_rt;
+#define MAAT_INPUT_JSON		0
+#define	MAAT_INPUT_REDIS	1
+#define	MAAT_INPUT_FILE		2
+
 static Maat_feather_t create_maat_feather(const char* profile, const char* section,int max_thread, void* logger)
 {
 	Maat_feather_t target;
-	int maat_json_switch=0,maat_stat_on=0,maat_perf_on=0;
+	int input_mode=0,maat_stat_on=0,maat_perf_on=0;
 	int ret=0,scan_detail=0,effect_interval=60;
 	char table_info[TFE_STRING_MAX]={0},inc_cfg_dir[TFE_STRING_MAX]={0},ful_cfg_dir[TFE_STRING_MAX]={0};
+	char redis_server[TFE_STRING_MAX]={0};
+	int redis_port=0;
+	int redis_db_idx=0;
 	char json_cfg_file[TFE_STRING_MAX]={0},maat_stat_file[TFE_STRING_MAX]={0};
 	const char* instance_name="pangu";
-	MESA_load_profile_int_def(profile, section,"MAAT_JSON_SWITCH", &(maat_json_switch),0);
+	MESA_load_profile_int_def(profile, section,"MAAT_INPUT_MODE", &(input_mode),0);
 	MESA_load_profile_int_def(profile, section,"STAT_SWITCH", &(maat_stat_on),1);
 	MESA_load_profile_int_def(profile, section,"PERF_SWITCH", &(maat_perf_on),1);
 
 	MESA_load_profile_string_def(profile,section,"TABLE_INFO",table_info, sizeof(table_info),"");
+	
+	MESA_load_profile_string_def(profile,section,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
+
+	MESA_load_profile_string_def(profile,section,"MAAT_REDIS_SERVER",redis_server, sizeof(redis_server),"");
+	MESA_load_profile_int_def(profile,section,"MAAT_REDIS_PORT", &(redis_port),6379);
+	MESA_load_profile_int_def(profile,section,"MAAT_REDIS_DB_INDEX", &(redis_db_idx),0);
+	
+
 	MESA_load_profile_string_def(profile,section,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),"");
 	MESA_load_profile_string_def(profile,section,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),"");
-	MESA_load_profile_string_def(profile,section,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
+	
 	MESA_load_profile_string_def(profile,section,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file),"");
 	MESA_load_profile_int_def(profile,section,"EFFECT_INTERVAL_S", &(effect_interval),60);
 
@@ -85,14 +100,24 @@ static Maat_feather_t create_maat_feather(const char* profile, const char* secti
 
 	target=Maat_feather(max_thread,table_info, logger);
 	Maat_set_feather_opt(target,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
-	if(maat_json_switch==1)
+	switch(input_mode)
 	{
-		Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
-	}
-	else
-	{
-		Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1);
-		Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1);
+		case 	MAAT_INPUT_JSON:
+			Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
+			break;
+		case	MAAT_INPUT_REDIS:
+			Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP,redis_server, strlen(redis_server)+1);
+            Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port, sizeof(redis_port));
+            Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx));
+			break;
+		case	MAAT_INPUT_FILE:
+			Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1);
+			Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1);
+			break;
+		default:
+			TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode);
+			goto error_out;
+			break;
 	}
 	if(maat_stat_on)
 	{
@@ -111,13 +136,16 @@ static Maat_feather_t create_maat_feather(const char* profile, const char* secti
 	if(ret<0)
 	{
 		TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__);
-		return NULL;
+		goto error_out;
 	}
 	return target;
+error_out:
+	Maat_burn_feather(target);
+	return NULL;
 }
 int pangu_http_init(struct tfe_proxy * proxy)
 {
-	const char* profile="./pangu/pangu_pxy.conf";
+	const char* profile="./pangu_conf/pangu_pxy.conf";
 	const char* logfile="./log/pangu_pxy.log";
 	g_pangu_rt=ALLOC(struct pangu_rt,1);
 	MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level),0);
@@ -151,11 +179,11 @@ int pangu_http_init(struct tfe_proxy * proxy)
 	}
 	
 	char page_path[256];
-	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path,sizeof(page_path), "./template/HTTP403.html");
+	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path,sizeof(page_path), "./pangu_conf/template/HTTP403.html");
 	g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP);
-	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path,sizeof(page_path), "./template/HTTP404.html");
+	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path,sizeof(page_path), "./pangu_conf/template/HTTP404.html");
 	g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP);
-	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path,sizeof(page_path), "./template/HTTP451.html");
+	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path,sizeof(page_path), "./pangu_conf/template/HTTP451.html");
 	g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP);	
 	
 	TFE_LOG_INFO(NULL, "Pangu HTTP init success.");
@@ -866,7 +894,7 @@ void pangu_on_http_end(const struct tfe_stream * stream,
 	struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce};
 	if(ctx->action!=PG_ACTION_NONE)
 	{
-		pangu_log_send(g_pangu_rt->send_logger, &log_msg);
+		pangu_send_log(g_pangu_rt->send_logger, &log_msg);
 	}
 	pangu_http_ctx_free(ctx);
 	*pme=NULL;

plugin/business/pangu-http/pangu_logger.h

@@ -15,6 +15,7 @@ struct pangu_logger;
 struct pangu_logger*  pangu_log_handle_create(const char* profile, const char* section, void* local_logger);
 
 //return 0 if SUCCESS, otherwise return -1
-int pangu_log_send(struct pangu_logger* logger, const pangu_log* log_msg);
+int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg);
+