OMPUB-462 iOS操作系统使用Chrome浏览器访问个别HTTP2网站Deny Profile未生效v4.6.14-20220507

TSG-10278 删除Deny模板文件中系统除了信息

2 files changed, 32 insertions, 9 deletions

diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index dde4af5..2cb1bb8 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -1313,10 +1313,9 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
 	return prior_action;
 }
 //HTML template is downloaded from https://github.com/AndiDittrich/HttpErrorPages
-static void template_generate(int status_code, int cfg_id, const char* msg, char ** page_buff, size_t * page_size)
+static void template_generate(int status_code, const char* msg, char ** page_buff, size_t * page_size)
 {
 	ctemplate::TemplateDictionary dict("pg_page_dict");	//dict is automatically finalized after function returned.
-	dict.SetIntValue("cfg_id", cfg_id);
 
 	if (NULL == msg)
 	{
@@ -1366,7 +1365,6 @@ static int html_generate(int profile_id, const char* msg, char ** page_buff, siz
 	if(!strncmp(block_profile->profile_type, "template", strlen(block_profile->profile_type)))
 	{
 		ctemplate::TemplateDictionary dict("pg_page_dict");	//dict is automatically finalized after function returned.
-		dict.SetIntValue("cfg_id", profile_id);
 		dict.SetValue("msg", msg);
 		std::string output;
 
@@ -1740,7 +1738,7 @@ static void http_block(const struct tfe_stream * stream, const struct tfe_http_s
 				message = rewrite_message;
 			}
 			/*read local configuration**/
-			template_generate(resp_code, ctx->enforce_rules[0].config_id, message, &page_buff, &page_size);
+			template_generate(resp_code, message, &page_buff, &page_size);
 			if(rewrite_message_sz>0 && rewrite_message!= NULL)
 			{
 				FREE(&rewrite_message);
diff --git a/plugin/protocol/http2/src/http2_stream.cpp b/plugin/protocol/http2/src/http2_stream.cpp
index a92bab7..2650e6f 100644
--- a/plugin/protocol/http2/src/http2_stream.cpp
+++ b/plugin/protocol/http2/src/http2_stream.cpp
@@ -744,6 +744,26 @@ static int http_session_update_window_size(struct tfe_h2_stream *h2_stream_info,
 	return 1;
 }
 
+static void http2_client_submit_settings(nghttp2_session *http2_client_handle, nghttp2_session *http2_server_handle)
+{
+	/*Check the current setting frame state is NGHTTP2_IB_READ_FIRST_SETTINGS**/
+	if (http2_client_handle->iframe.state != NGHTTP2_IB_READ_FIRST_SETTINGS)
+	{
+		return;
+	}
+	nghttp2_settings_entry iv[2] = {{NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100},{NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, 65535}};
+	int xret = nghttp2_submit_settings(http2_server_handle, NGHTTP2_FLAG_NONE, iv, 2);
+	if (xret != 0)
+	{
+		TFE_LOG_ERROR(logger()->handle, "Submit settings error: %s\n", nghttp2_strerror(xret));
+	}
+	xret = nghttp2_session_send(http2_server_handle);
+	if (xret != 0) {
+		TFE_LOG_ERROR(logger()->handle, "Fatal send error: %s\n", nghttp2_strerror(xret));
+	}
+	return;
+}
+
 static enum tfe_stream_action http2_frame_submit_built_resp(struct tfe_h2_stream *h2_stream_info, struct tfe_h2_session *h2_session)
 {
     int rv = -1;
@@ -786,6 +806,7 @@ static enum tfe_stream_action http2_frame_submit_built_resp(struct tfe_h2_stream
 		tfe_http_field_write(&pangu_resp->half_public, &encoding_field, content_encoding);
 	}
 	http_session_update_window_size(h2_stream_info, h2_session, evbuffer_get_length(body->evbuf_body));
+	http2_client_submit_settings(h2_stream_info->http2_client_handle,h2_stream_info->http2_server_handle);
 
 	nghttp2_data_provider data_prd;
 	data_prd.source.ptr    = (void *)body;
@@ -1091,7 +1112,6 @@ void http2_disect_goaway(struct tfe_h2_stream *h2_stream_info)
 static int http2_submit_frame_goaway(struct tfe_h2_stream *connection, const nghttp2_frame *frame, enum tfe_conn_dir dir)
 {
 	int xret = -1;
-	const char *opaque_data = NULL;
 	enum tfe_stream_action stream_action = ACTION_DROP_DATA;
 
 	const nghttp2_goaway *goaway = &frame->goaway;
@@ -1112,9 +1132,8 @@ static int http2_submit_frame_goaway(struct tfe_h2_stream *connection, const ngh
 													  dir, nghttp2_strerror(xret));
 	}
 finish:
-	opaque_data = ((const char *)goaway->opaque_data) != NULL ? (char *)goaway->opaque_data : "-";
-	TFE_LOG_DEBUG(logger()->handle, "%s, %d, submit goaway, stream_id:%d, action:%d, errod_code:%d, data:%s", connection->tf_stream->str_stream_info,
-				  dir, goaway->last_stream_id, connection->stream_action, goaway->error_code, opaque_data);
+	TFE_LOG_DEBUG(logger()->handle, "%s, %d, submit goaway, stream_id:%d, action:%d, errod_code:%d, data:%.*s", connection->tf_stream->str_stream_info,
+				  dir, goaway->last_stream_id, connection->stream_action, goaway->error_code, goaway->opaque_data_len, goaway->opaque_data);
 	connection->goaway = 1;
 	connection->stream_action = stream_action;
 	return 0;
@@ -1715,6 +1734,10 @@ static enum tfe_stream_action http2_client_frame_submit_header(struct tfe_h2_str
 	if (h2_session->plugin_built_resp)
 	{
 		stream_action = http2_submit_built_response(h2_stream_info, h2_session);
+		if(stream_action == ACTION_USER_DATA)
+		{
+			nghttp2_session_terminate_session(h2_stream_info->http2_client_handle, 0);
+		}
 		return stream_action;
 	}
 	headers = &req->header;
@@ -1726,7 +1749,9 @@ static enum tfe_stream_action http2_client_frame_submit_header(struct tfe_h2_str
 	method = http2_get_method(h2_session->req);
 	if (method == (enum tfe_http_std_method)HTTP_REQUEST_METHOD_POST || method == (enum tfe_http_std_method)HTTP_REQUEST_METHOD_PUT)
 	{
-		if (h2_session->plugin_built_req != NULL)
+		const struct http_field_name field = {TFE_HTTP_CONT_LENGTH, NULL};
+		const char *content_length = h2_half_ops_field_read(&(h2_session->req->half_public), &field);
+		if ((h2_session->plugin_built_req != NULL) && (atoi(content_length) != 0))
 		{
 			stream_action = (enum tfe_stream_action)ACTION_USER_DATA;
 			return stream_action;