diff options
| author | fengweihao <[email protected]> | 2021-05-28 10:51:22 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2021-05-28 10:51:22 +0800 |
| commit | 2ad0ddecbeb4ac4e065158272a783aca63e4e12c (patch) | |
| tree | 553d40d4857e677cbffb07e77e81faf0137dbcad | |
| parent | 91facad80ad88ca81970246f3550efb677dd16ff (diff) | |
TSG-6332 日志字段增加common_service_category
TSG-6438 策略优先级修复
| -rw-r--r-- | plugin/business/pangu-http/src/pangu_http.cpp | 23 | ||||
| -rw-r--r-- | plugin/business/pangu-http/src/pangu_logger.cpp | 34 |
2 files changed, 43 insertions, 14 deletions
diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index 8d47e4e..512dd83 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -945,6 +945,8 @@ struct pangu_http_ctx int magic_num; enum pangu_action action; char * action_para; + int hit_cnt; + struct Maat_rule_t result[MAX_SCAN_RESULT]; scan_status_t scan_mid; stream_para_t sp; struct cache_mid* cmid; @@ -1931,10 +1933,10 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht const char * field_val = NULL; struct http_field_name field_name; struct tfe_http_half * http_half; - struct Maat_rule_t result[MAX_SCAN_RESULT]; + struct Maat_rule_t *result = ctx->result; char buff[TFE_STRING_MAX], * p = NULL; int scan_ret = 0, table_id = 0; - size_t hit_cnt = 0, i = 0; + size_t hit_cnt = ctx->hit_cnt, i = 0; if (events & EV_HTTP_REQ_HDR) { @@ -1943,7 +1945,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht { int str_host_length = (int) (strlen(session->req->req_spec.host)); scan_ret = Maat_full_scan_string(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], - CHARSET_UTF8, str_host, str_host_length, result, NULL, MAX_SCAN_RESULT, &(ctx->scan_mid), ctx->thread_id); + CHARSET_UTF8, str_host, str_host_length, result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id); if (scan_ret > 0) { hit_cnt += scan_ret; @@ -2338,7 +2340,6 @@ void cache_write(const struct tfe_http_session * session, enum tfe_http_event ev { ctx->cache_wirte_result=web_cache_write_end(ctx->cache_write_ctx); ctx->cache_write_ctx=NULL; - //printf("cache update success: %s\n", ctx->ref_session->req->req_spec.url); } } @@ -2351,12 +2352,12 @@ void pangu_on_http_begin(const struct tfe_stream * stream, } struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme; - struct Maat_rule_t result[MAX_SCAN_RESULT]; struct ipaddr sapp_addr; int hit_cnt = 0, scan_ret=0; assert(ctx == NULL); ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_SESSION])); ctx = pangu_http_ctx_new(thread_id); + struct Maat_rule_t *result = ctx->result; scan_ret = tfe_scan_subscribe_id(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger); if(scan_ret>0) @@ -2388,16 +2389,10 @@ void pangu_on_http_begin(const struct tfe_stream * stream, { hit_cnt+=scan_ret; } - if (hit_cnt > 0) - { - ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->param); - } - if (ctx->action == PG_ACTION_WHITELIST) + + if(hit_cnt > 0) { - ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_WHITELSIT])); - TFE_LOG_INFO(g_pangu_rt->local_logger, "Bypass rules matched on http begin: url=%s policy id=%d.", - session->req->req_spec.url, ctx->enforce_rules[0].config_id); - tfe_http_session_detach(session); + ctx->hit_cnt = hit_cnt; } *pme = ctx; diff --git a/plugin/business/pangu-http/src/pangu_logger.cpp b/plugin/business/pangu-http/src/pangu_logger.cpp index a27364e..e303b1e 100644 --- a/plugin/business/pangu-http/src/pangu_logger.cpp +++ b/plugin/business/pangu-http/src/pangu_logger.cpp @@ -81,6 +81,34 @@ error_out: return NULL; } +static int pangu_log_get_fqdn_cat(struct tfe_cmsg *cmsg, char *fqdn_cat_buff) +{ + int ret=0; + unsigned int i=0, category_id_num=0; + uint16_t opt_out_size; + unsigned int category_id_val[TFE_SYMBOL_MAX]={0}; + + char *p = fqdn_cat_buff; + + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_NUM, (unsigned char *)&category_id_num, sizeof(category_id_num), &opt_out_size); + if (ret != 0 || category_id_num == 0) + { + return -1; + } + ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size); + if (ret != 0) + { + return -1; + } + + for (i = 0; i < category_id_num && i < 8; i++) + { + p += snprintf(p, sizeof(fqdn_cat_buff) - (p - fqdn_cat_buff), "%s%d", i>0 ? "," : "", category_id_val[i]); + } + + return 0; +} + int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) { const struct tfe_http_session* http=log_msg->http; @@ -126,6 +154,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) cJSON_AddStringToObject(common_obj, "common_schema_type", "HTTP"); unsigned int common_direction=0; + char category_id_val[TFE_SYMBOL_MAX]; char opt_val[24] = { 0 }; uint16_t opt_out_size; struct tfe_cmsg * cmsg = tfe_stream_get0_cmsg(log_msg->stream); if (cmsg!=NULL) @@ -140,6 +169,11 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) { cJSON_AddNumberToObject(common_obj, "common_direction", common_direction); //0:域内->域外,1:域外->域内,描述的是CLIENT_IP信息 } + ret = pangu_log_get_fqdn_cat(cmsg, category_id_val); + if (ret==0) + { + cJSON_AddStringToObject(common_obj, "common_service_category", category_id_val); + } } if (http->req) |