管控策略日志增加字段common_data_centerv4.3.16-202011

管控策略统计计数修改
解密流量删除用户自定义判断fata日志

5 files changed, 26 insertions, 5 deletions

diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp
index 6b626de..ec80cac 100644
--- a/plugin/business/doh/src/logger.cpp
+++ b/plugin/business/doh/src/logger.cpp
@@ -286,6 +286,7 @@ int doh_kafka_init(const char *profile, struct doh_conf *conf)
         return 0;
     }
     conf->device_id = (const char *)tfe_bussiness_resouce_get(DEVICE_ID);
+	conf->data_center = (const char *)tfe_bussiness_resouce_get(DATA_CENTER);
     conf->kafka_logger = (tfe_kafka_logger_t *)tfe_bussiness_resouce_get(KAFKA_LOGGER);
     if (conf->kafka_logger && !conf->kafka_logger->enable)
     {
@@ -401,6 +402,11 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c
     cJSON_AddNumberToObject(common_obj, "common_s2c_byte_num", s2c_byte_num);
     cJSON_AddStringToObject(common_obj, "doh_url", http->req->req_spec.url);
     cJSON_AddStringToObject(common_obj, "doh_host", http->req->req_spec.host);
+	if(handle->data_center)
+	{
+		cJSON_AddStringToObject(common_obj, "common_data_center", handle->data_center);
+	}
+
     for (size_t i = 0; i < sizeof(req_fields) / sizeof(struct json_spec); i++)
     {
         tmp_val = tfe_http_std_field_read(http->req, req_fields[i].field_id);
diff --git a/plugin/business/doh/src/pub.h b/plugin/business/doh/src/pub.h
index 4a73f45..540bd0d 100644
--- a/plugin/business/doh/src/pub.h
+++ b/plugin/business/doh/src/pub.h
@@ -59,6 +59,7 @@ struct doh_conf
 	int entry_id;
 	int en_sendlog;
 	const char *device_id;
+    const char *data_center;
 	tfe_kafka_logger_t *kafka_logger;
 
 	int fs_id[DOH_STAT_MAX];
diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 841dd9f..16da3ae 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -2071,7 +2071,6 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h
 		case PG_ACTION_NONE:
 			break;
 		case PG_ACTION_MONIT:
-			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_MONIT]));
 			//send log on close.
 			break;
 		case PG_ACTION_REJECT:
@@ -2407,6 +2406,7 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
 	}
 	if (ctx->action == PG_ACTION_WHITELIST)
 	{
+		ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_WHITELSIT]));
 		TFE_LOG_INFO(g_pangu_rt->local_logger, "Bypass rules matched on http begin: url=%s policy id=%d.",
 			session->req->req_spec.url, ctx->enforce_rules[0].config_id);
 		tfe_http_session_detach(session);
@@ -2422,7 +2422,7 @@ static inline int ctx_actually_replaced(struct pangu_http_ctx * ctx)
 
 	if(ctx->action == PG_ACTION_MANIPULATE &&
 	   ctx->param->action == MA_ACTION_REPLACE &&
-	   ctx->n_enforce==1 && ctx->rep_ctx->actually_replaced==1)
+	   ctx->rep_ctx->actually_replaced==1)
 	{
 		return 1;
 	}
@@ -2437,7 +2437,7 @@ static inline int ctx_actually_inserted(struct pangu_http_ctx * ctx)
 
 	if(ctx->action == PG_ACTION_MANIPULATE &&
 	   ctx->param->action == MA_ACTION_INSERT &&
-	   ctx->n_enforce==1 && ctx->ins_ctx->actually_inserted==1)
+	   ctx->ins_ctx->actually_inserted==1)
 	{
 		return 1;
 	}
@@ -2452,7 +2452,7 @@ static inline int ctx_actually_manipulate(struct pangu_http_ctx * ctx)
 	if(ctx->action == PG_ACTION_MANIPULATE &&
 	   (ctx->param->action == MA_ACTION_REDIRECT ||
 	    ctx->param->action == MA_ACTION_HIJACK)&&
-	    ctx->n_enforce==1 && ctx->manipulate_replaced==1)
+	    ctx->manipulate_replaced==1)
 	{
 		return 1;
 	}
@@ -2514,6 +2514,14 @@ void pangu_on_http_end(const struct tfe_stream * stream,
 	{
 		ret=pangu_send_log(g_pangu_rt->send_logger, &log_msg);
 		ATOMIC_ADD(&(g_pangu_rt->stat_val[STAT_LOG_NUM]), ret);
+
+		for(i=0; i< ctx->n_enforce; i++)
+		{
+			if(ctx->enforce_rules[i].action == PG_ACTION_MONIT)
+			{
+				ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_MONIT]));
+			}
+		}
 	}
 
 	if(ctx->rep_ctx && ctx->rep_ctx->actually_replaced==1 && ctx->enforce_rules[0].do_log ==1)
diff --git a/plugin/business/pangu-http/src/pangu_logger.cpp b/plugin/business/pangu-http/src/pangu_logger.cpp
index d48b4e2..6a5269d 100644
--- a/plugin/business/pangu-http/src/pangu_logger.cpp
+++ b/plugin/business/pangu-http/src/pangu_logger.cpp
@@ -17,6 +17,7 @@ struct pangu_logger
 	int entry_id;
 	unsigned int en_sendlog;
 	const char *device_id;
+	const char *data_center;
 	void* local_logger;
 
 	unsigned long long send_cnt;
@@ -58,6 +59,7 @@ struct pangu_logger*  pangu_log_handle_create(const char* profile, const char* s
 	}
 
 	instance->device_id = (const char  *)tfe_bussiness_resouce_get(DEVICE_ID);
+	instance->data_center = (const char  *)tfe_bussiness_resouce_get(DATA_CENTER);
 	instance->kafka_logger = (tfe_kafka_logger_t *)tfe_bussiness_resouce_get(KAFKA_LOGGER);
 	if (instance->kafka_logger && !instance->kafka_logger->enable)
     {
@@ -186,6 +188,11 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 	cJSON_AddNumberToObject(common_obj, "common_s2c_byte_num", s2c_byte_num);
 	cJSON_AddStringToObject(common_obj, "http_url", http->req->req_spec.url);
 	cJSON_AddStringToObject(common_obj, "http_host", http->req->req_spec.host);
+	if(handle->data_center)
+	{
+		cJSON_AddStringToObject(common_obj, "common_data_center", handle->data_center);
+	}
+
 	for(size_t i=0;i<sizeof(req_fields)/sizeof(struct json_spec);i++)
 	{
 		tmp_val=tfe_http_std_field_read(http->req, req_fields[i].field_id);
diff --git a/plugin/business/traffic-mirror/src/entry.cpp b/plugin/business/traffic-mirror/src/entry.cpp
index 60c0d49..97306b6 100644
--- a/plugin/business/traffic-mirror/src/entry.cpp
+++ b/plugin/business/traffic-mirror/src/entry.cpp
@@ -596,7 +596,6 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
 
 	if (!policy_ex_data)
 	{
-		TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's EXDATA, detach the stream", str_policy_id);
 		goto detach;
 	}