diff options
| author | fengweihao <[email protected]> | 2024-01-19 14:21:30 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2024-01-19 14:21:30 +0800 |
| commit | 589c1c28a4d00b3dc56830b136b415cd718cc9fa (patch) | |
| tree | a5be89fa6113c6c5bdf62580c4293f35c7b7136f | |
| parent | 3cf47f940fc59e48522d27dfd31927d4444fc2b1 (diff) | |
TSG-18679 适配maat在使用hyperscan流式扫描时最大输入字符串长度65535
| -rw-r--r-- | plugin/business/tsg-http/src/tsg_http.cpp | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 99238b5..1bd059e 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -30,7 +30,8 @@ #include <string.h> #include <sys/types.h> -#define MAX_EDIT_ZONE_NUM 64 +#define MAX_EDIT_ZONE_NUM 64 +#define MAX_SCAN_DATA_SIZE ((1 << 16) - 1) enum proxy_action //Bigger action number is prior. { @@ -1879,12 +1880,14 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio size_t rewrite_uri_sz=0; if (tfe_http_in_request(events)) { - rewrite_uri_sz = execute_replace_rule(in_req_spec->uri, strlen(in_req_spec->uri), + if(in_req_spec->uri != NULL) + { + rewrite_uri_sz = execute_replace_rule(in_req_spec->uri, strlen(in_req_spec->uri), kZoneRequestUri, rep_ctx->rule, rep_ctx->n_rule, &rewrite_uri, 1); + } if(rewrite_uri_sz>0) rep_ctx->actually_replaced=1; rep_ctx->replacing = tfe_http_session_request_create(to_write_sess, in_req_spec->method, rewrite_uri_sz >0 ? rewrite_uri : in_req_spec->uri); - tfe_http_session_request_set(to_write_sess, rep_ctx->replacing); } else @@ -2728,13 +2731,21 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht ctx->sp = maat_stream_new(g_proxy_rt->feather, table_id, ctx->scan_mid); } + const unsigned char *scan_body_frag=NULL; size_t scan_len=0; if (body_frag != NULL) { - scan_ret = maat_stream_scan(ctx->sp, (const char *)body_frag, (int)frag_size, - result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); - if (scan_ret == MAAT_SCAN_HIT) + scan_body_frag = body_frag; + while (scan_body_frag < body_frag + frag_size) { - hit_cnt += n_hit_result; + scan_len = (scan_body_frag + MAX_SCAN_DATA_SIZE < body_frag + frag_size) ? MAX_SCAN_DATA_SIZE : (body_frag + frag_size - scan_body_frag); + + scan_ret = maat_stream_scan(ctx->sp, (const char *)scan_body_frag, scan_len, + result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + if (scan_ret == MAAT_SCAN_HIT) + { + hit_cnt += n_hit_result; + } + scan_body_frag += MAX_SCAN_DATA_SIZE; } } |