TSG-3395 hijack内存泄漏修复

管控策略统计计数修改

1 files changed, 40 insertions, 20 deletions

diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 6fe7043..17b7f17 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -923,7 +923,7 @@ struct insert_ctx
 	struct insert_rule *rule;
 	struct tfe_http_half * replacing;
 	struct evbuffer *http_body;
-	int actually_replaced;
+	int actually_inserted;
 };
 
 struct ip_data_ctx
@@ -1554,7 +1554,10 @@ static void http_redirect(const struct tfe_http_session * session, enum tfe_http
 	{
 		assert(0);
 	}
-	ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REDIRECT]));
+	if(ctx->enforce_rules[0].do_log > 0)
+	{
+		ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REDIRECT]));
+	}
 
 	response = tfe_http_session_response_create(to_write, resp_code);
 	tfe_http_std_field_write(response, TFE_HTTP_LOCATION, rd_url);
@@ -1589,6 +1592,7 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev
 		ctx->action = PG_ACTION_NONE;
 		return;
 	}
+
 	struct tfe_http_session * to_write_sess = NULL;
 	if (events & EV_HTTP_RESP_HDR || tfe_http_in_hdr(events))
 	{
@@ -1605,6 +1609,10 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev
 		snprintf(cont_len_str, sizeof(cont_len_str), "%lu", page_size);
 		tfe_http_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str);
 
+		if(ctx->enforce_rules[0].do_log > 0)
+		{
+			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REJECT]));
+		}
 		tfe_http_half_append_body(response, page_buff, page_size, 0);
 		tfe_http_half_append_body(response, NULL, 0, 0);
 		tfe_http_session_response_set(to_write_sess, response);
@@ -1613,6 +1621,10 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev
 	}
 	else
 	{
+		if(ctx->enforce_rules[0].do_log > 0)
+		{
+			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REJECT]));
+		}
 		to_write_sess = tfe_http_session_allow_write(session);
 		tfe_http_session_kill(to_write_sess);
 	}
@@ -1666,13 +1678,17 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e
 		}
 		if (try_send_by_token(hijack_size) <= 0)
 		{
+			FREE(&hijack_buff);
 			TFE_LOG_ERROR(g_pangu_rt->local_logger, "No token is available to send data, profile_id = %d", param->profile_id);
 			ctx->action = PG_ACTION_NONE;
 			return;
 		}
 		ctx->inject_sz = hijack_size;
-		ATOMIC_ADD(&(g_pangu_rt->stat_val[STAT_ACTION_HIJACK_SZ]), hijack_size);
-
+		if(ctx->enforce_rules[0].do_log > 0)
+		{
+			ATOMIC_ADD(&(g_pangu_rt->stat_val[STAT_ACTION_HIJACK_SZ]), hijack_size);
+			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_HIJACK]));
+		}
 		char cont_len_str[16];
 
 		to_write_sess = tfe_http_session_allow_write(session);
@@ -1686,7 +1702,6 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e
 			tfe_http_nonstd_field_write(response, "Content-Disposition", hijack_file_name);
 			FREE(&hijack_file_name);
 		}
-		ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_HIJACK]));
 
 		const char* cont_disposition_val=tfe_http_std_field_read(to_write_sess->resp, TFE_HTTP_CONT_DISPOSITION);
 		if (cont_disposition_val != NULL)
@@ -1702,6 +1717,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e
 		tfe_http_session_response_set(to_write_sess, response);
 		tfe_http_session_detach(session);
 		ma_profile_table_free(hijack_profile);
+		FREE(&hijack_buff);
 		hijack_profile = NULL;
 	}
 	else
@@ -1779,7 +1795,6 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 				return;
 			}
 			ctx->inject_sz = ins_ctx->rule->inject_sz;
-			ATOMIC_ADD(&(g_pangu_rt->stat_val[STAT_ACTION_INSERT_SZ]), ctx->inject_sz);
 		}
 		else
 		{
@@ -1849,8 +1864,12 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 		if (rewrite_sz >0)
 		{
 			tfe_http_half_append_body(ins_ctx->replacing, rewrite_buff, rewrite_sz, 0);
-			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_INSERT]));
-			ins_ctx->actually_replaced=1;
+			if(ctx->enforce_rules[0].do_log > 0)
+			{
+				ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_INSERT]));
+				ATOMIC_ADD(&(g_pangu_rt->stat_val[STAT_ACTION_INSERT_SZ]), ctx->inject_sz);
+			}
+			ins_ctx->actually_inserted=1;
 		}
 		else
 		{
@@ -1897,7 +1916,6 @@ static void http_manipulate(const struct tfe_stream * stream, const struct tfe_h
 			break;
 		case MA_ACTION_BLOCK:
 			http_block(session, events, ctx);
-			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REJECT]));
 			break;
 		case MA_ACTION_REPLACE:
 			http_replace(stream, session, events, body_frag, frag_size, ctx);
@@ -2052,7 +2070,6 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h
 			break;
 		case PG_ACTION_REJECT:
 			http_block(session, events, ctx);
-			ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REJECT]));
 			break;
 		case PG_ACTION_MANIPULATE:
 			http_manipulate(stream, session, events, body_frag, frag_size, ctx);
@@ -2400,7 +2417,7 @@ static inline int ctx_actually_replaced(struct pangu_http_ctx * ctx)
 
 	if(ctx->action == PG_ACTION_MANIPULATE &&
 	   ctx->param->action == MA_ACTION_REPLACE &&
-	   ctx->n_enforce==1 && ctx->rep_ctx->actually_replaced==0)
+	   ctx->n_enforce==1 && ctx->rep_ctx->actually_replaced==1)
 	{
 		return 1;
 	}
@@ -2415,7 +2432,7 @@ static inline int ctx_actually_inserted(struct pangu_http_ctx * ctx)
 
 	if(ctx->action == PG_ACTION_MANIPULATE &&
 	   ctx->param->action == MA_ACTION_INSERT &&
-	   ctx->n_enforce==1 && ctx->ins_ctx->actually_replaced==0)
+	   ctx->n_enforce==1 && ctx->ins_ctx->actually_inserted==1)
 	{
 		return 1;
 	}
@@ -2430,7 +2447,7 @@ static inline int ctx_actually_manipulate(struct pangu_http_ctx * ctx)
 	if(ctx->action == PG_ACTION_MANIPULATE &&
 	   (ctx->param->action == MA_ACTION_REDIRECT ||
 	    ctx->param->action == MA_ACTION_HIJACK)&&
-	    ctx->n_enforce==1 && ctx->manipulate_replaced==0)
+	    ctx->n_enforce==1 && ctx->manipulate_replaced==1)
 	{
 		return 1;
 	}
@@ -2482,20 +2499,23 @@ void pangu_on_http_end(const struct tfe_stream * stream,
 		log_msg.action = ctx->param->action;
 	}
 
-	if ((ctx->action != PG_ACTION_NONE&&
-		!(ctx_actually_replaced(ctx))) ||
-		(ctx->action != PG_ACTION_NONE&&
-		!(ctx_actually_inserted(ctx))) ||
-		(ctx->action != PG_ACTION_NONE&&
-		!(ctx_actually_manipulate(ctx))))
+	if(ctx->action != PG_ACTION_NONE &&
+	   (((ctx_actually_replaced(ctx)) ||
+	   (ctx_actually_inserted(ctx)) ||
+	   (ctx_actually_manipulate(ctx))) ||
+	   (ctx->action == PG_ACTION_MONIT ||
+	   	ctx->action == PG_ACTION_REJECT ||
+	   	ctx->action == PG_ACTION_WHITELIST)))
 	{
 		ret=pangu_send_log(g_pangu_rt->send_logger, &log_msg);
 		ATOMIC_ADD(&(g_pangu_rt->stat_val[STAT_LOG_NUM]), ret);
 	}
-	if(ctx->rep_ctx && ctx->rep_ctx->actually_replaced==1)
+
+	if(ctx->rep_ctx && ctx->rep_ctx->actually_replaced==1 && ctx->enforce_rules[0].do_log ==1)
 	{
 		ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_REPLACE]));
 	}
+
 	TFE_LOG_DEBUG(g_pangu_rt->local_logger, "cache %s %s upload=%d",
 											session->req->req_spec.url,
 											cache_pending_result_string(ctx->pending_result),