diff options
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/business/doh/src/doh.cpp | 108 | ||||
| -rw-r--r-- | plugin/business/doh/src/logger.cpp | 24 | ||||
| -rw-r--r-- | plugin/business/doh/src/pub.h | 21 | ||||
| -rw-r--r-- | plugin/business/tsg-http/include/http_lua.h | 8 | ||||
| -rw-r--r-- | plugin/business/tsg-http/include/tsg_proxy_logger.h | 7 | ||||
| -rw-r--r-- | plugin/business/tsg-http/src/http_lua.cpp | 14 | ||||
| -rw-r--r-- | plugin/business/tsg-http/src/tsg_http.cpp | 723 | ||||
| -rw-r--r-- | plugin/business/tsg-http/src/tsg_logger.cpp | 16 | ||||
| -rw-r--r-- | plugin/business/tsg-http/test/test_http_lua.cpp | 47 |
9 files changed, 524 insertions, 444 deletions
diff --git a/plugin/business/doh/src/doh.cpp b/plugin/business/doh/src/doh.cpp index f0370ed..f09ac0f 100644 --- a/plugin/business/doh/src/doh.cpp +++ b/plugin/business/doh/src/doh.cpp @@ -118,7 +118,7 @@ static cJSON *doh_get_answer_records(struct doh_ctx *ctx, cJSON *object, int qty return NULL; } -void doh_action_param_free_cb(int table_id, void **ad, long argl, void *argp) +void doh_action_param_free_cb(const char *table_name, void **ad, long argl, void *argp) { if(*ad==NULL) { @@ -135,14 +135,14 @@ void doh_action_param_free_cb(int table_id, void **ad, long argl, void *argp) pthread_mutex_unlock(&(param->lock)); pthread_mutex_destroy(&(param->lock)); - if(param->hit_rule.srv_def_large) - FREE(&(param->hit_rule.srv_def_large)) + if(param->hit_rule.action_parameter) + FREE(&(param->hit_rule.action_parameter)) FREE(&(param)); return; } -static void doh_get_cheat_data(long long p_result, int qtype, struct doh_ctx *ctx, const char *str_stream_info) +static void doh_get_cheat_data(uuid_t p_result, int qtype, struct doh_ctx *ctx, const char *str_stream_info) { int i; int answer_size = 0; @@ -150,28 +150,24 @@ static void doh_get_cheat_data(long long p_result, int qtype, struct doh_ctx *ct cJSON *item = NULL; cJSON *object = NULL; cJSON *answer_array = NULL; - int table_id=0; - table_id=maat_get_table_id(g_doh_conf->maat, "PXY_CTRL_COMPILE_PLUGIN"); - if(table_id < 0) - { - return; - } - struct doh_action_param *get_ex_param=(struct doh_action_param *)maat_plugin_table_get_ex_data(g_doh_conf->maat, table_id, (const char *)&p_result, sizeof(p_result)); + char result_str[UUID_STRING_SIZE]={0}; + uuid_unparse(p_result, result_str); + struct doh_action_param *get_ex_param=(struct doh_action_param *)maat_plugin_table_get_ex_data(g_doh_conf->maat, "PXY_CTRL_RULE_PLUGIN", result_str, strlen(result_str)); if(get_ex_param==NULL) { return; } struct doh_maat_rule_t *hit_rule = &(get_ex_param->hit_rule); - if(hit_rule==NULL || hit_rule->srv_def_large==NULL) + if(hit_rule==NULL || hit_rule->action_parameter==NULL) { goto end; } memcpy(ctx->result, hit_rule, sizeof(struct doh_maat_rule_t)); - TFE_LOG_INFO(g_doh_conf->local_logger, "%s hit %lld %s", str_stream_info, p_result, hit_rule->srv_def_large); + TFE_LOG_INFO(g_doh_conf->local_logger, "%s hit %s %s", str_stream_info, result_str, hit_rule->action_parameter); - object = cJSON_Parse(hit_rule->srv_def_large); + object = cJSON_Parse(hit_rule->action_parameter); if (object == NULL) { goto end; @@ -240,26 +236,25 @@ end: } } -static long long doh_fetch_rule(long long *result, int result_num) +static int doh_fetch_rule(uuid_t *result, uuid_t p_result, int result_num) { - int i = 0; - long long p_result = 0; + uuid_clear(p_result); - for (i = 0; i < result_num && i < MAX_SCAN_RESULT; i++) + for (int i = 0; i < result_num && i < MAX_SCAN_RESULT; i++) { - if (p_result == 0) + if (uuid_is_null(p_result) == 1) { - p_result = result[i]; + uuid_copy(p_result, result[i]); continue; } - if (result[i] > p_result) + if(uuid_compare(result[i], p_result) > 0) { - p_result = result[i]; + uuid_copy(p_result, result[i]); } } - return p_result; + return 0; } static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http_session *session, struct doh_ctx *ctx, char *qname, int qtype) @@ -268,8 +263,9 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http int scan_ret = 0; size_t n_hit_result; struct ipaddr sapp_addr; - long long p_result = 0; - long long result[MAX_SCAN_RESULT]; + uuid_t p_result; + uuid_t result[MAX_SCAN_RESULT]={0}; + char result_str[UUID_STRING_SIZE]={0}; scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger); if (scan_ret > 0) @@ -287,27 +283,29 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http const char *host = session->req->req_spec.host; if (host) { - scan_ret = maat_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_HOST].id,host, strlen(host), + scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", host, strlen(host), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { - TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit host: %s scan ret: %d policy_id: %lld addr: %s", - g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, result[hit_cnt], stream->str_stream_info); + memset(result_str, 0, sizeof(result_str)); + uuid_unparse(result[hit_cnt], result_str); + TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit host: %s scan ret: %d policy_id: %s addr: %s", + "ATTR_SERVER_FQDN", host, scan_ret, result_str, stream->str_stream_info); hit_cnt += n_hit_result; } else { TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit host: %s scan ret: %d addr: %s", - g_doh_conf->tables[TYPE_HOST].name, host, scan_ret, stream->str_stream_info); + "ATTR_SERVER_FQDN", host, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic(g_doh_conf->maat, g_doh_conf->tables[TYPE_HOST].id, + scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } - scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->tables[TYPE_HOST].id, g_doh_conf->local_logger); + scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_doh_conf->local_logger); if (scan_ret > 0) { hit_cnt += scan_ret; @@ -344,7 +342,7 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http } // scan appid long long app_id = 8006; - scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_doh_conf->tables[TYPE_APPID].id); + scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id); if(scan_ret > 0) { hit_cnt += scan_ret; @@ -355,22 +353,24 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http { hit_cnt += scan_ret; } - + // scan qname - scan_ret = maat_scan_string(g_doh_conf->maat, g_doh_conf->tables[TYPE_QNAME].id, qname, strlen(qname), + scan_ret = maat_scan_string(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_DOH_QNAME", qname, strlen(qname), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { - TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit domain: %s scan ret: %d qtype: %d policy_id: %lld addr: %s", - g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, qtype, result[hit_cnt], stream->str_stream_info); + memset(result_str, 0, sizeof(result_str)); + uuid_unparse(result[hit_cnt], result_str); + TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, Hit domain: %s scan ret: %d qtype: %d policy_id: %s addr: %s", + "ATTR_DOH_QNAME", qname, scan_ret, qtype, result_str, stream->str_stream_info); hit_cnt += n_hit_result; } else { TFE_LOG_INFO(g_doh_conf->local_logger, "Scan %s, NO hit domain: %s scan ret: %d addr: %s", - g_doh_conf->tables[TYPE_QNAME].name, qname, scan_ret, stream->str_stream_info); + "ATTR_DOH_QNAME", qname, scan_ret, stream->str_stream_info); } - scan_ret = maat_scan_not_logic(g_doh_conf->maat, g_doh_conf->tables[TYPE_QNAME].id, + scan_ret = maat_scan_not_logic(g_doh_conf->maat, "TSG_OBJ_FQDN", "ATTR_DOH_QNAME", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -379,8 +379,8 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http if (hit_cnt) { - p_result = doh_fetch_rule(result, hit_cnt); - if (p_result != 0) + doh_fetch_rule(result, p_result, hit_cnt); + if (uuid_is_null(p_result) != 1) { ctx->result_num = 1; ctx->result = ALLOC(struct doh_maat_rule_t, ctx->result_num); @@ -389,26 +389,6 @@ static void doh_maat_scan(const struct tfe_stream *stream, const struct tfe_http } } -static int doh_maat_init(const char *profile, const char *section) -{ - g_doh_conf->maat = tfe_get_maat_handle(); - MESA_load_profile_string_def(profile, section, "table_appid", g_doh_conf->tables[TYPE_APPID].name, TFE_STRING_MAX, "ATTR_APP_ID"); - MESA_load_profile_string_def(profile, section, "table_qname", g_doh_conf->tables[TYPE_QNAME].name, TFE_STRING_MAX, "ATTR_DOH_QNAME"); - MESA_load_profile_string_def(profile, section, "table_host", g_doh_conf->tables[TYPE_HOST].name, TFE_STRING_MAX, "ATTR_SERVER_FQDN"); - - for (int i = 0; i < TYPE_MAX; i++) - { - g_doh_conf->tables[i].id = maat_get_table_id(g_doh_conf->maat, g_doh_conf->tables[i].name); - if (g_doh_conf->tables[i].id < 0) - { - TFE_LOG_ERROR(g_doh_conf->local_logger, "maat_get_table_id failed, table_name: %s", g_doh_conf->tables[i].name); - return -1; - } - } - - return 0; -} - static void doh_gc_cb(evutil_socket_t fd, short what, void *arg) { int i = 0; @@ -664,12 +644,6 @@ int doh_on_init(struct tfe_proxy *proxy) TFE_LOG_ERROR(NULL, "Doh init kafka failed."); goto error; } - - if (doh_maat_init(profile, "maat") != 0) - { - TFE_LOG_ERROR(NULL, "Doh init maat failed."); - goto error; - } TFE_LOG_INFO(g_doh_conf->local_logger, "Doh init success."); success: @@ -838,7 +812,7 @@ void doh_send_metric_log(const struct tfe_stream * stream, struct doh_ctx *ctx, } fieldstat->tags[thread_id][TAG_VSYS_ID].value_longlong = ctx->result->vsys_id; - fieldstat->tags[thread_id][TAG_RULE_ID].value_longlong = ctx->result->config_id; + fieldstat->tags[thread_id][TAG_RULE_ID].value_str = ctx->result->config_uuid_string; fieldstat->tags[thread_id][TAG_ACTION].value_longlong = 48; fieldstat->tags[thread_id][TAG_SUB_ACTION].value_str = "redirect"; diff --git a/plugin/business/doh/src/logger.cpp b/plugin/business/doh/src/logger.cpp index ae0ddf5..f11335c 100644 --- a/plugin/business/doh/src/logger.cpp +++ b/plugin/business/doh/src/logger.cpp @@ -8,20 +8,6 @@ struct json_spec enum tfe_http_std_field field_id; }; -enum _log_action //Bigger action number is prior. -{ - LG_ACTION_NONE = 0x00, - LG_ACTION_MONIT = 0x01, - LG_ACTION_FORWARD = 0x02, /* N/A */ - LG_ACTION_REJECT = 0x10, - LG_ACTION_DROP = 0x20, /* N/A */ - LG_ACTION_MANIPULATE = 0x30, - LG_ACTION_RATELIMIT = 0x40, /* N/A */ - LG_ACTION_WHITELIST = 0x60, - LG_ACTION_SHUNT = 0x80, - __LG_ACTION_MAX -}; - #define get_time_ms(tv) ((long long)(tv.tv_sec) * 1000 + (long long)(tv.tv_usec) / 1000) static int get_rr_str2json(cJSON *object, dns_info_t *dns_info, int *dns_sec) @@ -473,9 +459,9 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c for (size_t i = 0; i < result_num; i++) { - TFE_LOG_DEBUG(handle->local_logger, "URL: %s, policy_id: %lld, service: %d, do_log:%d", + TFE_LOG_DEBUG(handle->local_logger, "URL: %s, policy_id: %s, service: %d, do_log:%d", http->req->req_spec.url, - result[i].config_id, + result[i].config_uuid_string, result[i].service_id, result[i].do_log); @@ -485,11 +471,11 @@ int doh_send_log(struct doh_conf *handle, const struct tfe_http_session *http, c } cJSON *proxy_rule_list=NULL; - int config_id[1]={0}; + char *config_id[1]={0}; per_hit_obj = cJSON_Duplicate(common_obj, 1); - config_id[0]=result[i].config_id; - proxy_rule_list = cJSON_CreateIntArray(config_id, 1); + config_id[0]=result[i].config_uuid_string; + proxy_rule_list = cJSON_CreateStringArray((const char **)config_id, 1); cJSON_AddItemToObject(per_hit_obj, "proxy_rule_list", proxy_rule_list); cJSON_AddStringToObject(per_hit_obj, "proxy_action", "redirect"); diff --git a/plugin/business/doh/src/pub.h b/plugin/business/doh/src/pub.h index a0b7d5b..1b19dbf 100644 --- a/plugin/business/doh/src/pub.h +++ b/plugin/business/doh/src/pub.h @@ -41,12 +41,6 @@ enum doh_content_type DOH_TYPE_UDPWIREFORMAT, }; -struct maat_table -{ - int id; - char name[TFE_STRING_MAX]; -}; - struct doh_conf { int enable; @@ -65,18 +59,19 @@ struct doh_conf screen_stat_handle_t fs_handle; struct maat *maat; - struct maat_table tables[TYPE_MAX]; }; struct doh_maat_rule_t { - long long config_id; - int service_id; - unsigned char do_log; - unsigned char do_blacklist; - unsigned char action; - char *srv_def_large; int vsys_id; + long long config_id; + uuid_t config_uuid; + char *config_uuid_string; + int service_id; + unsigned char do_log; + unsigned char do_blacklist; + unsigned char action; + char *action_parameter; }; struct doh_ctx diff --git a/plugin/business/tsg-http/include/http_lua.h b/plugin/business/tsg-http/include/http_lua.h index 545166e..8fe3061 100644 --- a/plugin/business/tsg-http/include/http_lua.h +++ b/plugin/business/tsg-http/include/http_lua.h @@ -11,13 +11,13 @@ struct tsg_lua_script { int lua_is_cache; struct elua_vm **http_lua_handle; - int (*http_lua_profile)(int profile_id, struct elua_script ***elua_ctx, char **profile_msg, size_t *msg_len, int *timeout); + int (*http_lua_profile)(char *profile_uuid_str, struct elua_script ***elua_ctx, char **profile_msg, size_t *msg_len, int *timeout); }; struct tsg_script_ctx { - int config_id; - int profile_id; + char *config_uuid_str; + char *profile_uuid_str; int http_req_uri; int rewrite_header; char *rewrite_uri; @@ -37,6 +37,6 @@ struct elua_context * http_lua_ctx_new(struct tsg_lua_script *lua_script, unsign void http_lua_ctx_free(struct tsg_lua_script *lua_script, unsigned int thread_id, struct elua_context * lua_ctx); struct elua_script *http_lua_map_cache_script(struct elua_vm *vm, const char *script, size_t script_len, size_t timeout_ms); -size_t execute_lua_script_rule(struct tsg_lua_script *lua_script, int profile_id, struct elua_context * lua_ctx, unsigned int thread_id, void *user_data); +size_t execute_lua_script_rule(struct tsg_lua_script *lua_script, char *profile_uuid_str, struct elua_context * lua_ctx, unsigned int thread_id, void *user_data); int http_lua_handle_create(struct tsg_lua_script *lua_script, int thread_num, const char *name_space); diff --git a/plugin/business/tsg-http/include/tsg_proxy_logger.h b/plugin/business/tsg-http/include/tsg_proxy_logger.h index 1eb0eb3..225edae 100644 --- a/plugin/business/tsg-http/include/tsg_proxy_logger.h +++ b/plugin/business/tsg-http/include/tsg_proxy_logger.h @@ -5,13 +5,14 @@ struct log_rule_t { - long long config_id; + int vsys_id; + uuid_t config_uuid; + char *config_uuid_string; int service_id; unsigned char do_log; unsigned char do_blacklist; unsigned char action; - char *srv_def_large; - int vsys_id; + char *action_parameter; }; struct proxy_log diff --git a/plugin/business/tsg-http/src/http_lua.cpp b/plugin/business/tsg-http/src/http_lua.cpp index 1832645..3087c40 100644 --- a/plugin/business/tsg-http/src/http_lua.cpp +++ b/plugin/business/tsg-http/src/http_lua.cpp @@ -125,7 +125,7 @@ static int http_lua_log_debug(struct elua_vm *vm) p += snprintf(p, sizeof(buff) - (p - buff), " %s", in); } - TFE_LOG_DEBUG(tsg_ctx->local_logger, "policy_id:%d, profile_id:%d, message:%20s", tsg_ctx->config_id, tsg_ctx->profile_id, buff); + TFE_LOG_DEBUG(tsg_ctx->local_logger, "policy_id:%s, profile_id:%s, message:%20s", tsg_ctx->config_uuid_str, tsg_ctx->profile_uuid_str, buff); http_free_params(out_lua_argv); return 1; @@ -161,7 +161,7 @@ static int http_lua_log_info(struct elua_vm *vm) p += snprintf(p, sizeof(buff) - (p - buff), " %s", in); } - TFE_LOG_INFO(tsg_ctx->local_logger, "policy_id:%d, profile_id:%d, message:%s", tsg_ctx->config_id, tsg_ctx->profile_id, buff); + TFE_LOG_INFO(tsg_ctx->local_logger, "policy_id:%s, profile_id:%s, message:%s", tsg_ctx->config_uuid_str, tsg_ctx->profile_uuid_str, buff); http_free_params(out_lua_argv); return 1; @@ -197,7 +197,7 @@ static int http_lua_log_error(struct elua_vm *vm) p += snprintf(p, sizeof(buff) - (p - buff), " %s", in); } - TFE_LOG_ERROR(tsg_ctx->local_logger, "policy_id:%d, profile_id:%d, message:%s", tsg_ctx->config_id, tsg_ctx->profile_id, buff); + TFE_LOG_ERROR(tsg_ctx->local_logger, "policy_id:%s, profile_id:%s, message:%s", tsg_ctx->config_uuid_str, tsg_ctx->profile_uuid_str, buff); http_free_params(out_lua_argv); return 1; @@ -683,7 +683,7 @@ static int http_lua_get_body(struct elua_vm *vm) if(tsg_ctx->http_body == NULL) { - TFE_LOG_ERROR(tsg_ctx->local_logger, "policy_id:%d, profile_id:%d, message:%s", tsg_ctx->config_id, tsg_ctx->profile_id, "Can't to get req/resp body data"); + TFE_LOG_ERROR(tsg_ctx->local_logger, "policy_id:%s, profile_id:%s, message:%s", tsg_ctx->config_uuid_str, tsg_ctx->profile_uuid_str, "Can't to get req/resp body data"); return 0; } @@ -829,14 +829,14 @@ finish: return 0; } -size_t execute_lua_script_rule(struct tsg_lua_script *lua_script, int profile_id, struct elua_context *elua_ctx, unsigned int thread_id, void *user_data) +size_t execute_lua_script_rule(struct tsg_lua_script *lua_script, char *profile_uuid_str, struct elua_context *elua_ctx, unsigned int thread_id, void *user_data) { int ret=0; char *profile_msg=NULL; size_t msg_len=0; int timeout=0; struct elua_script **escript=NULL; - ret=lua_script->http_lua_profile(profile_id, &escript, &profile_msg, &msg_len, &timeout); + ret=lua_script->http_lua_profile(profile_uuid_str, &escript, &profile_msg, &msg_len, &timeout); if(ret<0) { return ret; @@ -856,7 +856,7 @@ size_t execute_lua_script_rule(struct tsg_lua_script *lua_script, int profile_id struct tsg_script_ctx *tsg_ctx= (struct tsg_script_ctx *)user_data; if(tsg_ctx != NULL && tsg_ctx->local_logger != NULL) { - TFE_LOG_ERROR(tsg_ctx->local_logger, "policy_id:%d, profile_id:%d, error_code:%d, error: %s", tsg_ctx->config_id, tsg_ctx->profile_id, ret, elua_get_last_error_string(lua_script->http_lua_handle[thread_id])); + TFE_LOG_ERROR(tsg_ctx->local_logger, "policy_id:%s, profile_id:%s, error_code:%d, error: %s", tsg_ctx->config_uuid_str, tsg_ctx->profile_uuid_str, ret, elua_get_last_error_string(lua_script->http_lua_handle[thread_id])); } } if(profile_msg != NULL) diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 9c57c56..4e365b1 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -33,17 +33,21 @@ #define MAX_EDIT_ZONE_NUM 64 #define MAX_SCAN_DATA_SIZE ((1 << 16) - 1) -enum proxy_action //Bigger action number is prior. -{ - PX_ACTION_NONE = 0x00, - PX_ACTION_MONIT = 0x01, - PX_ACTION_FORWARD = 0x02, /* N/A */ - PX_ACTION_REJECT = 0x10, - PX_ACTION_DROP = 0x20, /* N/A */ - PX_ACTION_MANIPULATE = 0x30, - PX_ACTION_RATELIMIT = 0x40, /* N/A */ - PX_ACTION_WHITELIST = 0x60, - PX_ACTION_SHUNT = 0x80, +enum proxy_action +{ + PX_ACTION_NONE = 0, + PX_ACTION_MONIT = 1, + PX_ACTION_INTERCEPT = 2, /* N/A */ + PX_ACTION_NO_INTERCEPT = 3, + PX_ACTION_ACTIVE_DEFENCE = 4, + PX_ACTION_WANNAT = 8, + PX_ACTION_REJECT = 16, + PX_ACTION_SHAPING = 32, + PX_ACTION_MANIPULATE = 48, + PX_ACTION_SERVICE_CHAINING=64, + PX_ACTION_WHITELIST = 96, + PX_ACTION_SHUNT = 128, + PX_STATISTICS = 129, __PX_ACTION_MAX }; @@ -103,7 +107,7 @@ enum manipulate_profile_table struct manipulate_profile { - int profile_id; + char *profile_uuid; int ref_cnt; size_t msg_len; char *profile_name; @@ -118,13 +122,14 @@ struct manipulate_profile struct maat_rule_t { - long long config_id; + int vsys_id; + uuid_t config_uuid; + char *config_uuid_string; int service_id; unsigned char do_log; unsigned char do_blacklist; unsigned char action; - char *srv_def_large; - int vsys_id; + char *action_parameter; }; struct policy_action_param @@ -134,7 +139,8 @@ struct policy_action_param char *message; char *position; float enforcement_ratio; - int profile_id; + char *profile_uuid_str; + int status_code; size_t n_rule; @@ -230,28 +236,54 @@ void trusted_CA_update_start_cb(int update_type, void* u_para) } g_proxy_rt->ca_store_reseting++; } - } -void trusted_CA_update_cert_cb(int table_id, const char* table_line, void* u_para) + +void trusted_CA_update_cert_cb(const char *table_name, const char *table_line, enum maat_operation op, void *u_para) { - int ret=0, cfg_id=0, is_valid=0; - char cert_name[128]={0}, cert_file[1024]={0}; - ret=sscanf(table_line, "%d\t%s\t%s\t%d", &cfg_id, cert_name, cert_file, &is_valid); - if(ret!=4) + int ret = 0; + + cJSON* trust_ca_cert = cJSON_Parse(table_line); + if(trust_ca_cert == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Trusted CA Store parse cert config failed: %s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_TRUSTED_CA_CERT parse table_line failed. table_line:%s", table_line); return; } + + char *uuid_sring=NULL; + int is_valid=0; + char cert_name[128]={0}, cert_file[1024]={0}; + + cJSON *uuid = cJSON_GetObjectItem(trust_ca_cert, "uuid"); + if(uuid && uuid->type==cJSON_String) + { + uuid_sring = uuid->valuestring; + } + cJSON *item = cJSON_GetObjectItem(trust_ca_cert, "cert_name"); + if(item && item->type==cJSON_String) + { + memcpy(cert_name, item->valuestring, strlen(item->valuestring)); + } + item = cJSON_GetObjectItem(trust_ca_cert, "cert_file"); + if(item && item->type==cJSON_String) + { + memcpy(cert_file, item->valuestring, strlen(item->valuestring)); + } + item = cJSON_GetObjectItem(trust_ca_cert, "is_valid"); + if(item && item->type==cJSON_Number) + { + is_valid=item->valueint; + } + if(is_valid==1) { ret=tfe_proxy_ssl_add_trust_ca(cert_file); if(ret<0) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Trusted CA Store add cert failed %d:%s:%s", cfg_id, cert_name, cert_file); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Trusted CA Store add cert failed %s:%s:%s", uuid_sring, cert_name, cert_file); } else { - TFE_LOG_INFO(g_proxy_rt->local_logger, "Trusted CA Store add cert success %d:%s:%s", cfg_id, cert_name, cert_file); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Trusted CA Store add cert success %s:%s:%s", uuid_sring, cert_name, cert_file); } } else @@ -259,13 +291,16 @@ void trusted_CA_update_cert_cb(int table_id, const char* table_line, void* u_par ret=tfe_proxy_ssl_del_trust_ca(cert_file); if(ret<0) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Trusted CA Store del cert failed %d:%s:%s", cfg_id, cert_name, cert_file); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Trusted CA Store del cert failed %s:%s:%s", uuid_sring, cert_name, cert_file); } else { - TFE_LOG_INFO(g_proxy_rt->local_logger, "Trusted CA Store del cert success %d:%s:%s", cfg_id, cert_name, cert_file); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Trusted CA Store del cert success %s:%s:%s", uuid_sring, cert_name, cert_file); } } + + cJSON_Delete(trust_ca_cert); + trust_ca_cert=NULL; return; } void trusted_CA_update_crl_cb(int table_id,const char* table_line,void* u_para) @@ -413,83 +448,128 @@ char* str_unescape(char* s) return s; } -void policy_action_param_new(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) +unsigned char action_type_str2idx(const char *action_str) { - int ret=0, group_num=0; - long long config_id=0; - int service_id=0, action=0; - int do_log=0,do_blacklist=0,is_valid=0; - char effective_range[1024]={0}; - char srv_def_large[8192]={0}; - struct policy_action_param* param=NULL; + const char * action_name[__PX_ACTION_MAX]; + action_name[PX_ACTION_NONE] = "none"; + action_name[PX_ACTION_MONIT] = "monitor"; + action_name[PX_ACTION_INTERCEPT] = "intercept"; + action_name[PX_ACTION_NO_INTERCEPT] = "no_intercept"; + action_name[PX_ACTION_ACTIVE_DEFENCE] = "active_defence"; + action_name[PX_ACTION_WANNAT] = "wannat"; + action_name[PX_ACTION_REJECT] = "deny"; + action_name[PX_ACTION_SHAPING] = "shaping"; + action_name[PX_ACTION_MANIPULATE] = "manipulate"; + action_name[PX_ACTION_SERVICE_CHAINING] = "service_chaining"; + action_name[PX_ACTION_WHITELIST] = "allow"; + action_name[PX_ACTION_SHUNT] = "shunt"; + action_name[PX_STATISTICS] = "statistics"; - ret=sscanf(table_line, "%lld\t%d\t%d\t%d\t%d\t%s\t%s\t%d\t%d", &config_id, &service_id, &action, &do_blacklist, &do_log, effective_range, srv_def_large, &group_num, &is_valid); - if(ret!=9) + int action = 0; + for ( action = PX_ACTION_NONE; action < __PX_ACTION_MAX; action++) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "ctrl policy table parse failed, ret:%d, %s", ret, table_line); - return; + if (0 == strcasecmp(action_str, action_name[action])) + break; } + return action; +} - *ad=NULL; +unsigned char log_option_type_str2idx(const char *log_option) +{ + size_t i = 0; + const char *log_option_name[] = {"none", "metadata", "all"}; + for (i = 0; i < sizeof(log_option_name) / sizeof(const char *); i++) + { + if (0 == strcasecmp(log_option, log_option_name[i])) + break; + } + return i; + +} - str_unescape(srv_def_large); - int serv_def_len=strlen(srv_def_large); - if((unsigned int)serv_def_len<strlen("{}")+1) +void policy_action_param_new(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) +{ + cJSON* pxy_ctrl_rule = cJSON_Parse(table_line); + if(pxy_ctrl_rule == NULL) { + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_CTRL_RULE parse table_line failed. table_line:%s", table_line); return; } - int rule_id; - cJSON *json=NULL, *rules=NULL, *item=NULL, *sub_item=NULL; - json=cJSON_Parse(srv_def_large); - if(json==NULL) + struct policy_action_param* param=ALLOC(struct policy_action_param, 1); + + cJSON *uuid = cJSON_GetObjectItem(pxy_ctrl_rule, "uuid"); + if(uuid && uuid->type==cJSON_String) + { + param->hit_rule.config_uuid_string = strdup(uuid->valuestring); + uuid_parse(uuid->valuestring, param->hit_rule.config_uuid); + } + + cJSON *action = cJSON_GetObjectItem(pxy_ctrl_rule, "action"); + if(action && action->type==cJSON_String) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "invalid policy parameter: id = %lld", config_id); + param->hit_rule.action=action_type_str2idx(action->valuestring); + } + + cJSON *blacklist_option = cJSON_GetObjectItem(pxy_ctrl_rule, "blacklist_option"); + if(blacklist_option && blacklist_option->type==cJSON_Number) + { + param->hit_rule.do_blacklist=blacklist_option->valueint; + } + + cJSON *log_option = cJSON_GetObjectItem(pxy_ctrl_rule, "log_option"); + if(log_option && log_option->type==cJSON_String) + { + param->hit_rule.do_log=log_option_type_str2idx(log_option->valuestring); + } + + cJSON *action_parameter = cJSON_GetObjectItem(pxy_ctrl_rule, "action_parameter"); + if(action_parameter == NULL || action_parameter->type!=cJSON_Object) + { + FREE(¶m); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "invalid policy parameter: id = %s", param->hit_rule.config_uuid_string); return; } - param=ALLOC(struct policy_action_param, 1); param->ref_cnt=1; - param->hit_rule.action=action; - param->hit_rule.config_id=config_id; - param->hit_rule.do_blacklist=do_blacklist; - param->hit_rule.do_log=do_log; - param->hit_rule.srv_def_large=tfe_strdup(srv_def_large); pthread_mutex_init(&(param->lock), NULL); + param->hit_rule.action_parameter = cJSON_PrintUnformatted(action_parameter); - item=cJSON_GetObjectItem(json,"method"); - if(item && item->type==cJSON_String) + cJSON *method=cJSON_GetObjectItem(action_parameter,"method"); + if(method && method->type==cJSON_String) { - param->action=manipulate_action_str2idx(item->valuestring); + param->action=manipulate_action_str2idx(method->valuestring); } + int rule_id=0; + cJSON *rules=NULL, *item=NULL, *sub_item=NULL; switch(param->action) { case MA_ACTION_ALLOW: case MA_ACTION_MONITOR: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } break; case MA_ACTION_REDIRECT: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(json,"code"); + item=cJSON_GetObjectItem(action_parameter,"code"); if(item && item->type==cJSON_Number) { param->status_code = item->valueint; } - item=cJSON_GetObjectItem(json,"to"); + item=cJSON_GetObjectItem(action_parameter,"to"); if(item && item->type==cJSON_String) { param->message = tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(json,"enforcement_ratio"); + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); if(item && item->type==cJSON_Number) { param->enforcement_ratio = item->valuedouble; @@ -500,34 +580,34 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k } break; case MA_ACTION_BLOCK: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(json,"code"); + item=cJSON_GetObjectItem(action_parameter,"code"); if(item && item->type==cJSON_Number) { param->status_code = item->valueint; } - item=cJSON_GetObjectItem(json,"message"); + item=cJSON_GetObjectItem(action_parameter,"message"); if(item && item->type==cJSON_String) { param->message = tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(json,"html_profile"); - if(item && item->type==cJSON_Number) + item=cJSON_GetObjectItem(action_parameter,"html_profile"); + if(item && item->type==cJSON_String) { - param->profile_id = item->valueint; + param->profile_uuid_str = tfe_strdup(item->valuestring); } break; case MA_ACTION_REPLACE: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(json,"enforcement_ratio"); + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); if(item && item->type==cJSON_Number) { param->enforcement_ratio = item->valuedouble; @@ -536,7 +616,7 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k { param->enforcement_ratio = 1; } - rules = cJSON_GetObjectItem(json, "rules"); + rules = cJSON_GetObjectItem(action_parameter, "rules"); if(rules == NULL) { break; @@ -562,16 +642,17 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k param->n_rule = rule_id; break; case MA_ACTION_HIJACK: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(json,"hijack_profile"); - if(item && item->type==cJSON_Number){ - param->profile_id = item->valueint; + item=cJSON_GetObjectItem(action_parameter,"hijack_profile"); + if(item && item->type==cJSON_String) + { + param->profile_uuid_str =tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(json,"enforcement_ratio"); + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); if(item && item->type==cJSON_Number) { param->enforcement_ratio = item->valuedouble; @@ -582,20 +663,21 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k } break; case MA_ACTION_INSERT: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(json,"insert_profile"); - if(item && item->type==cJSON_Number){ - param->profile_id = item->valueint; + item=cJSON_GetObjectItem(action_parameter,"insert_profile"); + if(item && item->type==cJSON_String) + { + param->profile_uuid_str =tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(json,"position"); + item=cJSON_GetObjectItem(action_parameter,"position"); if(item && item->type==cJSON_String){ param->position = tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(json,"enforcement_ratio"); + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); if(item && item->type==cJSON_Number) { param->enforcement_ratio = item->valuedouble; @@ -606,12 +688,12 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k } break; case MA_ACTION_ELEMENT: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - rules = cJSON_GetObjectItem(json, "rules"); + rules = cJSON_GetObjectItem(action_parameter, "rules"); if(rules == NULL) { break; @@ -649,16 +731,17 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k param->e_rule = rule_id; break; case MA_ACTION_LUA_SCRIPT: - item=cJSON_GetObjectItem(json,"vsys_id"); + item=cJSON_GetObjectItem(action_parameter,"vsys_id"); if(item && item->type==cJSON_Number) { param->hit_rule.vsys_id=item->valueint; } - item=cJSON_GetObjectItem(json,"run_script_profile"); - if(item && item->type==cJSON_Number){ - param->profile_id = item->valueint; + item=cJSON_GetObjectItem(action_parameter,"run_script_profile"); + if(item && item->type==cJSON_String) + { + param->profile_uuid_str =tfe_strdup(item->valuestring); } - item=cJSON_GetObjectItem(json,"enforcement_ratio"); + item=cJSON_GetObjectItem(action_parameter,"enforcement_ratio"); if(item && item->type==cJSON_Number) { param->enforcement_ratio = item->valuedouble; @@ -672,12 +755,12 @@ void policy_action_param_new(const char *table_name, int table_id, const char* k break; } *ad=param; - TFE_LOG_INFO(g_proxy_rt->local_logger, "Add ctrl policy: %lld", config_id); - cJSON_Delete(json); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Add ctrl policy: %s", param->hit_rule.config_uuid_string); + cJSON_Delete(pxy_ctrl_rule); return; } -void policy_action_param_free_cb(int table_id, void **ad, long argl, void *argp) +void policy_action_param_free_cb(const char *table_name, void **ad, long argl, void *argp) { unsigned int i=0; if(*ad==NULL) @@ -717,8 +800,12 @@ void policy_action_param_free_cb(int table_id, void **ad, long argl, void *argp) FREE(&(param->message)); if (param->position) FREE(&(param->position)); - if(param->hit_rule.srv_def_large) - FREE(&(param->hit_rule.srv_def_large)) + if(param->profile_uuid_str) + FREE(&(param->profile_uuid_str)); + if(param->hit_rule.config_uuid_string) + FREE(&(param->hit_rule.config_uuid_string)); + if(param->hit_rule.action_parameter) + FREE(¶m->hit_rule.action_parameter); FREE(&(param)); return; @@ -726,11 +813,11 @@ void policy_action_param_free_cb(int table_id, void **ad, long argl, void *argp) void policy_action_param_free(struct policy_action_param* param) { - policy_action_param_free_cb(0, (void**)¶m, 0, NULL); + policy_action_param_free_cb("PXY_CTRL_RULE_PLUGIN", (void**)¶m, 0, NULL); return; } -void policy_action_param_dup(int idx, void **to, void **from, long argl, void *argp) +void policy_action_param_dup(const char *table_name, void **to, void **from, long argl, void *argp) { struct policy_action_param* from_param=*((struct policy_action_param**)from); if(from_param==NULL) @@ -745,27 +832,42 @@ void policy_action_param_dup(int idx, void **to, void **from, long argl, void *a return; } -void ma_profile_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) +void ma_profile_table_new_cb(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) { - int ret=0, profile_id=0, is_valid=0; - char profile_name[512]={0}, formate[128]={0}; - char profile_path[TFE_PATH_MAX]={0}; - - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%d", &profile_id, profile_name, formate, profile_path, &is_valid); - if(ret!=5) + cJSON* response_pages = cJSON_Parse(table_line); + if(response_pages == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Policy table parse config failed: %s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "TSG_PROFILE_RESPONSE_PAGES parse table_line failed. table_line:%s", table_line); return; } + char *profile_path=NULL; struct manipulate_profile* ply_profile=ALLOC(struct manipulate_profile, 1); - memset(ply_profile, 0, sizeof(struct manipulate_profile)); + cJSON *uuid = cJSON_GetObjectItem(response_pages, "uuid"); + if(uuid && uuid->type==cJSON_String) + { + ply_profile->profile_uuid = tfe_strdup(uuid->valuestring); + } + cJSON *profile_name = cJSON_GetObjectItem(response_pages, "profile_name"); + if(profile_name && profile_name->type==cJSON_String) + { + ply_profile->profile_name=tfe_strdup(profile_name->valuestring); + } + cJSON *format = cJSON_GetObjectItem(response_pages, "format"); + if(format && format->type==cJSON_String) + { + ply_profile->profile_type=tfe_strdup(format->valuestring); + } + cJSON *item = cJSON_GetObjectItem(response_pages, "path"); + if(item && item->type==cJSON_String) + { + profile_path=item->valuestring; + } - ply_profile->profile_id=profile_id; ply_profile->ref_cnt=1; pthread_mutex_init(&(ply_profile->lock), NULL); - if(strcasecmp(formate, "template") == 0) + if(strcasecmp(ply_profile->profile_type, "template") == 0) { ply_profile->tpl = ctemplate::Template::GetTemplate(profile_path, ctemplate::DO_NOT_STRIP); }else @@ -773,38 +875,59 @@ void ma_profile_table_new_cb(const char *table_name, int table_id, const char* k ply_profile->profile_msg = tfe_read_file(profile_path, &ply_profile->msg_len); if (ply_profile->profile_msg == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Read file failed %d:%s:%s", profile_id, profile_name, profile_path); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Read file failed %s:%s:%s", ply_profile->profile_uuid, ply_profile->profile_name, profile_path); } } - ply_profile->profile_name=tfe_strdup(profile_name); - ply_profile->profile_type=tfe_strdup(formate); - TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %d", profile_id); + cJSON_Delete(response_pages); + response_pages=NULL; + TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %s", ply_profile->profile_uuid); *ad = ply_profile; return; } -void ma_insert_profile_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) +void ma_insert_profile_table_new_cb(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) { - int ret=0, profile_id=0, is_valid=0; - char profile_name[512]={0}, formate[128]={0}; - char profile_path[TFE_PATH_MAX]={0},profile_position[TFE_PATH_MAX]={0}; - - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%d", &profile_id, profile_name, formate, profile_path, profile_position, &is_valid); - if(ret!=6) + cJSON* insert_script = cJSON_Parse(table_line); + if(insert_script == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Policy table parse config failed: %s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_INSERT_SCRIPTS parse table_line failed. table_line:%s", table_line); return; } + + char *profile_path=NULL; struct manipulate_profile* ply_profile=ALLOC(struct manipulate_profile, 1); - memset(ply_profile, 0, sizeof(struct manipulate_profile)); + cJSON *uuid = cJSON_GetObjectItem(insert_script, "uuid"); + if(uuid && uuid->type==cJSON_String) + { + ply_profile->profile_uuid = tfe_strdup(uuid->valuestring); + } + cJSON *profile_name = cJSON_GetObjectItem(insert_script, "profile_name"); + if(profile_name && profile_name->type==cJSON_String) + { + ply_profile->profile_name=tfe_strdup(profile_name->valuestring); + } + cJSON *format = cJSON_GetObjectItem(insert_script, "format"); + if(format && format->type==cJSON_String) + { + ply_profile->profile_type=tfe_strdup(format->valuestring); + } + cJSON *insert_on = cJSON_GetObjectItem(insert_script, "insert_on"); + if(insert_on && insert_on->type==cJSON_String) + { + ply_profile->profile_position=tfe_strdup(insert_on->valuestring); + } + cJSON *item = cJSON_GetObjectItem(insert_script, "path"); + if(item && item->type==cJSON_String) + { + profile_path=item->valuestring; + } - ply_profile->profile_id=profile_id; ply_profile->ref_cnt=1; pthread_mutex_init(&(ply_profile->lock), NULL); - if(strcasecmp(formate, "template") == 0) + if(strcasecmp(ply_profile->profile_type, "template") == 0) { ply_profile->tpl = ctemplate::Template::GetTemplate(profile_path, ctemplate::DO_NOT_STRIP); }else @@ -812,82 +935,114 @@ void ma_insert_profile_table_new_cb(const char *table_name, int table_id, const ply_profile->profile_msg = tfe_read_file(profile_path, &ply_profile->msg_len); if (ply_profile->profile_msg == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Read file failed %d:%s:%s", profile_id, profile_name, profile_path); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Read file failed %s:%s:%s", ply_profile->profile_uuid, ply_profile->profile_name, profile_path); } } - ply_profile->profile_name=tfe_strdup(profile_name); - ply_profile->profile_type=tfe_strdup(formate); - ply_profile->profile_position=tfe_strdup(profile_position); - - TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %d", profile_id); + cJSON_Delete(insert_script); + insert_script=NULL; + TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %s", ply_profile->profile_uuid); *ad = ply_profile; + return; } -void ma_hijack_profile_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) +void ma_hijack_profile_table_new_cb(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) { - int ret=0, profile_id=0, is_valid=0; - char profile_name[512]={0}, formate[128]={0}; - char profile_path[TFE_PATH_MAX]={0},hijack_name[512]={0}; - - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%d", &profile_id, profile_name, hijack_name, formate, profile_path, &is_valid); - if(ret!=6) + cJSON* hihijack_files = cJSON_Parse(table_line); + if(hihijack_files == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Policy table parse config failed: %s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_HIJACK_FILES parse table_line failed. table_line:%s", table_line); return; } + struct manipulate_profile* ply_profile=ALLOC(struct manipulate_profile, 1); + cJSON *uuid = cJSON_GetObjectItem(hihijack_files, "uuid"); + if(uuid && uuid->type==cJSON_String) + { + ply_profile->profile_uuid = tfe_strdup(uuid->valuestring); + } + cJSON *profile_name = cJSON_GetObjectItem(hihijack_files, "profile_name"); + if(profile_name && profile_name->type==cJSON_String) + { + ply_profile->profile_name=tfe_strdup(profile_name->valuestring); + } + cJSON *content_type = cJSON_GetObjectItem(hihijack_files, "content_type"); + if(content_type && content_type->type==cJSON_String) + { + ply_profile->profile_type=tfe_strdup(content_type->valuestring); + } + cJSON *path = cJSON_GetObjectItem(hihijack_files, "path"); + if(path && path->type==cJSON_String) + { + ply_profile->profile_msg=tfe_strdup(path->valuestring); + } + ply_profile->ref_cnt=1; pthread_mutex_init(&(ply_profile->lock), NULL); - ply_profile->profile_id=profile_id; - ply_profile->profile_msg=tfe_strdup(profile_path); - ply_profile->profile_name=tfe_strdup(hijack_name); - ply_profile->profile_type=tfe_strdup(formate); - - TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %d", profile_id); + cJSON_Delete(hihijack_files); + hihijack_files=NULL; + TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %s", ply_profile->profile_uuid); *ad = ply_profile; return; } -void ma_lua_profile_table_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp) +void ma_lua_profile_table_new_cb(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) { - int timeout=0; - int ret=0, profile_id=0, is_valid=0; - char profile_name[512]={0}, profile_path[TFE_PATH_MAX]={0}; - - ret=sscanf(table_line, "%d\t%s\t%d\t%d", &profile_id, profile_path, &timeout, &is_valid); - if(ret!=4) + cJSON* run_scripts = cJSON_Parse(table_line); + if(run_scripts == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Policy table parse config failed: %s", table_line); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "PXY_PROFILE_RUN_SCRIPTS parse table_line failed. table_line:%s", table_line); return; } + + char *profile_path=NULL; + struct manipulate_profile* ply_profile=ALLOC(struct manipulate_profile, 1); + cJSON *uuid = cJSON_GetObjectItem(run_scripts, "uuid"); + if(uuid && uuid->type==cJSON_String) + { + ply_profile->profile_uuid = tfe_strdup(uuid->valuestring); + } + cJSON *max_exec_time = cJSON_GetObjectItem(run_scripts, "max_exec_time"); + if(max_exec_time && max_exec_time->type==cJSON_Number) + { + ply_profile->timeout=max_exec_time->valueint; + } + cJSON *path = cJSON_GetObjectItem(run_scripts, "path"); + if(path && path->type==cJSON_String) + { + profile_path=path->valuestring; + } + ply_profile->ref_cnt=1; pthread_mutex_init(&(ply_profile->lock), NULL); - ply_profile->profile_id=profile_id; ply_profile->profile_name=tfe_strdup(profile_path); ply_profile->profile_msg = tfe_read_file(profile_path, &ply_profile->msg_len); - ply_profile->timeout=timeout; + if (ply_profile->profile_msg == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Read file failed %d:%s:%s", profile_id, profile_name, profile_path); + cJSON_Delete(run_scripts); + run_scripts=NULL; + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Read file failed %s:%s:%s", ply_profile->profile_uuid, ply_profile->profile_name, profile_path); *ad = ply_profile; return; } int thread_num = g_proxy_rt->thread_num; ply_profile->escript_ctx = ALLOC(struct elua_script *, thread_num); - TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %d", profile_id); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Policy table add success %s", ply_profile->profile_uuid); + cJSON_Delete(run_scripts); + run_scripts=NULL; *ad = ply_profile; return; } -void ma_profile_table_free_cb(int table_id, void **ad, long argl, void *argp) +void ma_profile_table_free_cb(const char *table_name, void **ad, long argl, void *argp) { if(*ad==NULL) { @@ -904,6 +1059,9 @@ void ma_profile_table_free_cb(int table_id, void **ad, long argl, void *argp) pthread_mutex_unlock(&(ply_obj->lock)); pthread_mutex_destroy(&(ply_obj->lock)); + if(ply_obj->profile_uuid) + FREE(&ply_obj->profile_uuid); + if(ply_obj->profile_type) FREE(&ply_obj->profile_type); @@ -939,7 +1097,7 @@ void ma_profile_table_free(struct manipulate_profile* ply_obj) ma_profile_table_free_cb(0, (void **)&ply_obj, 0, NULL); } -void ma_profile_table_dup_cb(int table_id, void **to, void **from, long argl, void *argp) +void ma_profile_table_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) { struct manipulate_profile* ply_obj=(struct manipulate_profile*)(*from); pthread_mutex_lock(&(ply_obj->lock)); @@ -948,21 +1106,6 @@ void ma_profile_table_dup_cb(int table_id, void **to, void **from, long argl, vo *to=ply_obj; } -int maat_table_init(const char* table_name, - maat_start_callback_t *start, maat_update_callback_t *update, maat_finish_callback_t *finish, - void *u_para) -{ - int table_id=0; - - table_id=maat_get_table_id(g_proxy_rt->feather, table_name); - if(table_id>=0) - { - maat_table_callback_register(g_proxy_rt->feather, table_id, - start, update, finish, u_para); - } - return table_id; -} - const char* table_name_idx2str(int profile_idx) { const char *table_name_map[] = {"TSG_PROFILE_RESPONSE_PAGES", @@ -977,7 +1120,7 @@ int maat_table_ex_init(int profile_idx, maat_ex_free_func_t* free_func, maat_ex_dup_func_t* dup_func) { - int table_id = 0; + int ret = 0; const char *table_name = table_name_idx2str(profile_idx); maat_ex_new_func_t *new_func[] = { @@ -987,18 +1130,17 @@ int maat_table_ex_init(int profile_idx, [POLICY_PROFILE_TABLE_LUA] = ma_lua_profile_table_new_cb, }; - table_id=g_proxy_rt->plolicy_table_id[profile_idx]=maat_get_table_id(g_proxy_rt->feather, table_name); - if(table_id >= 0) + ret=maat_plugin_table_ex_schema_register(g_proxy_rt->feather, table_name, + new_func[profile_idx], + free_func, + dup_func, + 0, NULL); + if(ret < 0) { - table_id=maat_plugin_table_ex_schema_register(g_proxy_rt->feather, table_name, - new_func[profile_idx], - free_func, - dup_func, - 0, NULL); - return 0; + TFE_LOG_INFO(NULL, "Pangu HTTP register table %s failed.", table_name); + return -1; } - TFE_LOG_INFO(NULL, "Pangu HTTP register table %s failed.", table_name); - return -1; + return ret; } int proxy_policy_init(const char* profile_path, const char* static_section, const char* dynamic_section) @@ -1006,51 +1148,25 @@ int proxy_policy_init(const char* profile_path, const char* static_section, cons int ret = 0; g_proxy_rt->feather = tfe_get_maat_handle(); - const char * table_name[__SCAN_TABLE_MAX]; - table_name[PXY_CTRL_HTTP_URL] = "ATTR_HTTP_URL"; - table_name[PXY_CTRL_HTTP_FQDN] = "ATTR_SERVER_FQDN"; - table_name[PXY_CTRL_HTTP_REQ_HDR] = "ATTR_HTTP_REQ_HDR"; - table_name[PXY_CTRL_HTTP_REQ_BODY] = "ATTR_HTTP_REQ_BODY"; - table_name[PXY_CTRL_HTTP_RES_HDR] = "ATTR_HTTP_RES_HDR"; - table_name[PXY_CTRL_HTTP_RES_BODY] = "ATTR_HTTP_RES_BODY"; - table_name[PXY_CTRL_APP_ID] = "ATTR_APP_ID"; - - for (int i = 0; i < __SCAN_TABLE_MAX; i++) - { - g_proxy_rt->scan_table_id[i] = maat_get_table_id(g_proxy_rt->feather, table_name[i]); - if (g_proxy_rt->scan_table_id[i] < 0) - { - TFE_LOG_ERROR(NULL, "Pangu HTTP Maat table %s register failed.", table_name[i]); - goto error_out; - } - } - - g_proxy_rt->ctrl_plugin_idx=maat_get_table_id(g_proxy_rt->feather, "PXY_CTRL_COMPILE_PLUGIN"); - maat_plugin_table_ex_schema_register(g_proxy_rt->feather, "PXY_CTRL_COMPILE_PLUGIN", + ret = maat_plugin_table_ex_schema_register(g_proxy_rt->feather, "PXY_CTRL_RULE_PLUGIN", policy_action_param_new, policy_action_param_free_cb, policy_action_param_dup, 0, NULL); - - ret = maat_table_init("PXY_PROFILE_TRUSTED_CA_CERT", - trusted_CA_update_start_cb, - trusted_CA_update_cert_cb, - trusted_CA_update_finish_cb, - g_proxy_rt); if(ret<0) { - TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CERT failed."); + TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_CTRL_RULE_PLUGIN failed."); goto error_out; } - ret = maat_table_init("PXY_OBJ_TRUSTED_CA_CRL", - trusted_CA_update_start_cb, - trusted_CA_update_crl_cb, - trusted_CA_update_finish_cb, - g_proxy_rt); + ret = maat_table_callback_register(g_proxy_rt->feather, "PXY_PROFILE_TRUSTED_CA_CERT", + trusted_CA_update_start_cb, + trusted_CA_update_cert_cb, + trusted_CA_update_finish_cb, + g_proxy_rt); if(ret<0) { - TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CRL failed."); + TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CERT failed."); goto error_out; } @@ -1155,7 +1271,7 @@ struct proxy_http_ctx enum proxy_action action; char * action_para; int hit_cnt; - long long result[MAX_SCAN_RESULT]; + uuid_t result[MAX_SCAN_RESULT]; struct maat_state *scan_mid; struct maat_stream *sp; struct maat_rule_t * enforce_rules; @@ -1292,6 +1408,14 @@ void http_element_ctx_free(struct edit_element_ctx *edit_ctx) void http_tsg_ctx_free(struct tsg_script_ctx *tsg_ctx, int thread_id) { + if(tsg_ctx->config_uuid_str) + { + FREE(&tsg_ctx->config_uuid_str) + } + if(tsg_ctx->profile_uuid_str) + { + FREE(&tsg_ctx->profile_uuid_str) + } if (tsg_ctx->http_body) { evbuffer_free(tsg_ctx->http_body); @@ -1383,15 +1507,10 @@ static inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct return; } -static struct manipulate_profile* get_profile_by_id(int profile_table, int profile_id) +static struct manipulate_profile* get_profile_by_id(const char *table_name, char *cfg_id_str) { struct manipulate_profile* result=NULL; - - char cfg_id_str[16] = {0}; - snprintf(cfg_id_str, sizeof(cfg_id_str), "%d", profile_id); - int table_id = g_proxy_rt->plolicy_table_id[profile_table]; - - result = (struct manipulate_profile*)maat_plugin_table_get_ex_data(g_proxy_rt->feather, table_id, (const char*)cfg_id_str, strlen(cfg_id_str)); + result = (struct manipulate_profile*)maat_plugin_table_get_ex_data(g_proxy_rt->feather, table_name, (const char*)cfg_id_str, strlen(cfg_id_str)); return result; } @@ -1414,7 +1533,7 @@ void proxy_send_metric_log(const struct tfe_stream * stream, struct proxy_http_c for(i=0; i< ctx->n_enforce; i++) { fieldstat->tags[thread_id][TAG_VSYS_ID].value_longlong = ctx->enforce_rules[i].vsys_id; - fieldstat->tags[thread_id][TAG_RULE_ID].value_longlong = ctx->enforce_rules[i].config_id; + fieldstat->tags[thread_id][TAG_RULE_ID].value_str = ctx->enforce_rules[i].config_uuid_string; fieldstat->tags[thread_id][TAG_ACTION].value_longlong = PX_ACTION_MANIPULATE; if(ctx->enforce_rules[i].action == PX_ACTION_MANIPULATE) { @@ -1508,10 +1627,11 @@ static inline int action_cmp(enum proxy_action a1, enum proxy_action a2) } //enforce_rules[0] contains execute action. -static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, +static enum proxy_action decide_ctrl_action(uuid_t *result, size_t n_hit, struct maat_rule_t** enforce_rules, size_t * n_enforce, struct policy_action_param **param) { void *ex_data=NULL; + char result_uuid_string[UUID_STRING_SIZE]={0}; size_t n_monit = 0, exist_enforce_num = 0, i = 0; struct policy_action_param *get_ex_param=NULL; @@ -1520,7 +1640,8 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, hit_rules=ALLOC(struct maat_rule_t, n_hit); for (i = 0; i < n_hit && i<MAX_SCAN_RESULT; i++) { - get_ex_param =(struct policy_action_param *)maat_plugin_table_get_ex_data(g_proxy_rt->feather, g_proxy_rt->ctrl_plugin_idx, (const char *)&results[i], sizeof(results[i])); + uuid_unparse(result[i], result_uuid_string); + get_ex_param =(struct policy_action_param *)maat_plugin_table_get_ex_data(g_proxy_rt->feather, "PXY_CTRL_RULE_PLUGIN", result_uuid_string, strlen(result_uuid_string)); if(get_ex_param==NULL) { continue; @@ -1550,7 +1671,7 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, } else if (action_cmp(__action, prior_action) == 0) { - if (hit_rules[i].config_id > prior_rule->config_id) + if(uuid_compare(hit_rules[i].config_uuid, prior_rule->config_uuid) > 0) { prior_rule = hit_rules + i; } @@ -1569,7 +1690,8 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, } *enforce_rules[0]=*prior_rule; *n_enforce=1; - ex_data=maat_plugin_table_get_ex_data(g_proxy_rt->feather, g_proxy_rt->ctrl_plugin_idx, (const char *)&prior_rule->config_id, sizeof(prior_rule->config_id)); + + ex_data=maat_plugin_table_get_ex_data(g_proxy_rt->feather, "PXY_CTRL_RULE_PLUGIN", prior_rule->config_uuid_string, strlen(prior_rule->config_uuid_string)); if(ex_data!=NULL) { *param=(struct policy_action_param*)ex_data; @@ -1603,7 +1725,7 @@ static enum proxy_action decide_ctrl_action(long long *results, size_t n_hit, memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct maat_rule_t)); } - ex_data=maat_plugin_table_get_ex_data(g_proxy_rt->feather, g_proxy_rt->ctrl_plugin_idx, (const char *)&prior_rule->config_id, sizeof(prior_rule->config_id)); + ex_data=maat_plugin_table_get_ex_data(g_proxy_rt->feather, "PXY_CTRL_RULE_PLUGIN", prior_rule->config_uuid_string, strlen(prior_rule->config_uuid_string)); if(ex_data!=NULL) { *param=(struct policy_action_param*)ex_data; @@ -1655,11 +1777,11 @@ void manipulate_profile_free(struct manipulate_profile* ma_profile) FREE(&ma_profile); } -static int html_generate(int profile_id, const char* msg, char ** page_buff, size_t * page_size) +static int html_generate(char *profile_uuid, const char* msg, char ** page_buff, size_t * page_size) { int ret = 0; - struct manipulate_profile* block_profile=get_profile_by_id(POLICY_PROFLIE_TABLE_REJECT, profile_id); + struct manipulate_profile* block_profile=get_profile_by_id("TSG_PROFILE_RESPONSE_PAGES", profile_uuid); if(block_profile==NULL) { ret=-1; @@ -1706,11 +1828,11 @@ static int http_enforcement_ratio(float enforcement_ratio) return 0; } -int http_lua_profile(int profile_id, struct elua_script ***elua_ctx, char **profile_msg, size_t *msg_len, int *timeout) +int http_lua_profile(char *profile_uuid_str, struct elua_script ***elua_ctx, char **profile_msg, size_t *msg_len, int *timeout) { int ret = 0; - struct manipulate_profile* lua_profile=get_profile_by_id(POLICY_PROFILE_TABLE_LUA, profile_id); + struct manipulate_profile* lua_profile=get_profile_by_id("PXY_PROFILE_RUN_SCRIPTS", profile_uuid_str); if(lua_profile==NULL) { ret=-1; @@ -1750,7 +1872,7 @@ void http_lua(const struct tfe_stream * stream, const struct tfe_http_session * { struct policy_action_param *param = ctx->param; ctx->tsg_ctx = tsg_ctx = ALLOC(struct tsg_script_ctx, 1); - tsg_ctx->profile_id = param->profile_id; + tsg_ctx->profile_uuid_str = tfe_strdup(param->profile_uuid_str); tsg_ctx->addr = stream->addr; tsg_ctx->elua_ctx = http_lua_ctx_new(lua_script, ctx->thread_id); } @@ -1764,7 +1886,7 @@ void http_lua(const struct tfe_stream * stream, const struct tfe_http_session * tsg_ctx->events = events; tsg_ctx->session = session; tsg_ctx->local_logger = g_proxy_rt->local_logger; - tsg_ctx->config_id = ctx->enforce_rules[0].config_id; + tsg_ctx->config_uuid_str = ctx->enforce_rules[0].config_uuid_string; struct tfe_http_half * in_req_half = session->req; struct tfe_http_half * in_resp_half = session->resp; @@ -1774,7 +1896,7 @@ void http_lua(const struct tfe_stream * stream, const struct tfe_http_session * if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR)) { tsg_ctx->http_req_uri=1; tsg_ctx->execut_lua_sucess=0; - ret=execute_lua_script_rule(lua_script, tsg_ctx->profile_id, tsg_ctx->elua_ctx, ctx->thread_id, (void *)tsg_ctx); + ret=execute_lua_script_rule(lua_script, tsg_ctx->profile_uuid_str, tsg_ctx->elua_ctx, ctx->thread_id, (void *)tsg_ctx); if(ret==0 && tsg_ctx->execut_lua_sucess==1) { tsg_ctx->actually_executed =1; @@ -1798,7 +1920,7 @@ void http_lua(const struct tfe_stream * stream, const struct tfe_http_session * FREE(&tsg_ctx->rewrite_uri); } - ret=execute_lua_script_rule(lua_script, tsg_ctx->profile_id, tsg_ctx->elua_ctx, ctx->thread_id, (void *)tsg_ctx); + ret=execute_lua_script_rule(lua_script, tsg_ctx->profile_uuid_str, tsg_ctx->elua_ctx, ctx->thread_id, (void *)tsg_ctx); if(ret==0 && tsg_ctx->execut_lua_sucess==1) { tsg_ctx->actually_executed =1; @@ -1836,7 +1958,7 @@ void http_lua(const struct tfe_stream * stream, const struct tfe_http_session * char * __http_body = (char *) evbuffer_pullup(tsg_ctx->http_body, -1); size_t __http_body_len = evbuffer_get_length(tsg_ctx->http_body); - ret=execute_lua_script_rule(lua_script, tsg_ctx->profile_id, tsg_ctx->elua_ctx, ctx->thread_id, (void *)tsg_ctx); + ret=execute_lua_script_rule(lua_script, tsg_ctx->profile_uuid_str, tsg_ctx->elua_ctx, ctx->thread_id, (void *)tsg_ctx); char * __http_lua_body = NULL; size_t __http_body_lua_len = 0; if(ret == 0 && tsg_ctx->http_lua_body != NULL) @@ -2072,7 +2194,7 @@ static void http_get_subscriber_id(const struct tfe_stream * stream, char *repla } } -static int http_regex_replace(const struct tfe_stream * stream, char *message, int profile_id, char **rewrite_message) +static int http_regex_replace(const struct tfe_stream * stream, char *message, char *profile_id_str, char **rewrite_message) { int i=0, n_rule=0; char replace_with[TFE_SYMBOL_MAX]={0}; @@ -2089,7 +2211,7 @@ static int http_regex_replace(const struct tfe_stream * stream, char *message, i { rule[n_rule].zone = kZoneRequestUri; rule[n_rule].find = tfe_strdup("{{tsg_policy_id}}"); - snprintf(replace_with, TFE_SYMBOL_MAX, "%d", profile_id); + snprintf(replace_with, TFE_SYMBOL_MAX, "%s", profile_id_str); rule[n_rule].replace_with = tfe_strdup(replace_with); n_rule++; } @@ -2144,8 +2266,7 @@ static void http_redirect(const struct tfe_stream * stream, const struct tfe_htt } ctx->manipulate_replaced = 1; if (resp_code <= 0 || rd_url == NULL){ - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid redirect rule %lld paramter", - ctx->enforce_rules[0].config_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid redirect rule %s paramter", ctx->enforce_rules[0].config_uuid_string); goto error_out; } @@ -2166,7 +2287,7 @@ static void http_redirect(const struct tfe_stream * stream, const struct tfe_htt response = tfe_http_session_response_create(to_write, resp_code); - rewrite_uri_sz = http_regex_replace(stream, rd_url, ctx->enforce_rules[0].config_id, &rewrite_uri); + rewrite_uri_sz = http_regex_replace(stream, rd_url, ctx->enforce_rules[0].config_uuid_string, &rewrite_uri); if(rewrite_uri_sz>0 && rewrite_uri!= NULL) { tfe_http_std_field_write(response, TFE_HTTP_LOCATION, rewrite_uri); @@ -2200,11 +2321,10 @@ static void http_block(const struct tfe_stream * stream, const struct tfe_http_s struct policy_action_param *param = ctx->param; int resp_code = param->status_code; - int profile_id = param->profile_id; char *message = param->message; - if (profile_id < 0){ - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid block rule %lld", ctx->enforce_rules[0].config_id); + if (param->profile_uuid_str< 0){ + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid block rule %s", ctx->enforce_rules[0].config_uuid_string); ctx->action = PX_ACTION_NONE; return; } @@ -2215,10 +2335,10 @@ static void http_block(const struct tfe_stream * stream, const struct tfe_http_s to_write_sess = tfe_http_session_allow_write(session); response = tfe_http_session_response_create(to_write_sess, resp_code); - ret = html_generate(profile_id, message, &page_buff, &page_size); + ret = html_generate(param->profile_uuid_str, message, &page_buff, &page_size); if (ret != 0) { - rewrite_message_sz = http_regex_replace(stream, message, ctx->enforce_rules[0].config_id, &rewrite_message); + rewrite_message_sz = http_regex_replace(stream, message, ctx->enforce_rules[0].config_uuid_string, &rewrite_message); if(rewrite_message_sz>0 && rewrite_message!= NULL) { message = rewrite_message; @@ -2258,10 +2378,9 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e struct tfe_http_half * response = NULL; struct tfe_http_session * to_write_sess = NULL; - if (param->profile_id <= 0) + if (param->profile_uuid_str == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid hijack rule %lld", - ctx->enforce_rules[0].config_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Invalid hijack rule %s", ctx->enforce_rules[0].config_uuid_string); ctx->action = PX_ACTION_NONE; return; } @@ -2280,10 +2399,10 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e if(events & EV_HTTP_RESP_HDR) { - struct manipulate_profile* hijack_profile=get_profile_by_id(POLICY_PROFILE_TABLE_HIJACK, param->profile_id); + struct manipulate_profile* hijack_profile=get_profile_by_id("PXY_PROFILE_HIJACK_FILES", param->profile_uuid_str); if (NULL == hijack_profile) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "get table obj faild, profile_id = %d", param->profile_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "get table obj faild, profile_id = %s", param->profile_uuid_str); ctx->action = PX_ACTION_NONE; return; } @@ -2299,7 +2418,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e if (try_send_by_token(hijack_size) <= 0) { FREE(&hijack_buff); - TFE_LOG_ERROR(g_proxy_rt->local_logger, "No token is available to send data, profile_id = %d", param->profile_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "No token is available to send data, profile_id = %s", param->profile_uuid_str); ctx->action = PX_ACTION_NONE; return; } @@ -2346,11 +2465,11 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e return; } -static int format_insert_rule(int profile_id, struct insert_rule *rule) +static int format_insert_rule(char *profile_uuid, struct insert_rule *rule) { int ret = 0; - struct manipulate_profile* insert_profile=get_profile_by_id(POLICY_PROFILE_TABLE_INSERT, profile_id); + struct manipulate_profile* insert_profile=get_profile_by_id("PXY_PROFILE_INSERT_SCRIPTS", profile_uuid); if(insert_profile==NULL) { ret=-1; @@ -2398,16 +2517,16 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_ { ctx->ins_ctx = ins_ctx = ALLOC(struct insert_ctx, 1); ins_ctx->rule = ALLOC(struct insert_rule, 1); - int ret=format_insert_rule(param->profile_id, ins_ctx->rule); + int ret=format_insert_rule(param->profile_uuid_str, ins_ctx->rule); if (ret<0) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Failed to get policy table, profile_id = %d", param->profile_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Failed to get policy table, profile_id = %s", param->profile_uuid_str); ctx->action = PX_ACTION_NONE; return; } if (try_send_by_token(ins_ctx->rule->inject_sz) <= 0) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "No token is available to send data, profile_id = %d", param->profile_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "No token is available to send data, profile_id = %s", param->profile_uuid_str); ctx->action = PX_ACTION_NONE; return; } @@ -2636,8 +2755,7 @@ static void http_manipulate(const struct tfe_stream * stream, const struct tfe_h struct policy_action_param *param = ctx->param; if (param == NULL) { - TFE_LOG_ERROR(g_proxy_rt->local_logger, "Failed to get the json format parsed. config_id = %lld", - ctx->enforce_rules[0].config_id); + TFE_LOG_ERROR(g_proxy_rt->local_logger, "Failed to get the json format parsed. config_id = %s",ctx->enforce_rules[0].config_uuid_string); ctx->action = PX_ACTION_NONE; return; } @@ -2698,12 +2816,13 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht const unsigned char * body_frag, size_t frag_size, struct proxy_http_ctx * ctx, const struct tfe_stream * stream) { void * iterator = NULL; + const char *attribute_name=NULL; const char * field_val = NULL; struct http_field_name field_name; struct tfe_http_half * http_half; - long long *result = ctx->result; + uuid_t *result = ctx->result; char buff[TFE_STRING_MAX], * p = NULL; - int scan_ret = 0, table_id = 0; + int scan_ret = 0; size_t n_hit_result=0; size_t hit_cnt = ctx->hit_cnt, i = 0; @@ -2713,20 +2832,20 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht int str_host_length = get_fqdn_len(str_host); if (str_host != NULL && str_host_length != 0) { - scan_ret = maat_scan_string(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], - str_host, str_host_length, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", str_host, str_host_length, + result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_FQDN", "ATTR_SERVER_FQDN", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } - scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_FQDN], g_proxy_rt->local_logger); + scan_ret = tfe_scan_fqdn_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if (scan_ret > 0) { hit_cnt += scan_ret; @@ -2735,14 +2854,14 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht const char * str_url = session->req->req_spec.url; int str_url_length = (int) (strlen(session->req->req_spec.url)); - scan_ret = maat_scan_string(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_URL], - str_url, str_url_length, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_URL", "ATTR_HTTP_URL", str_url, str_url_length, + result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_URL], + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_URL", "ATTR_HTTP_URL", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2752,8 +2871,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR)) { - table_id = events & EV_HTTP_REQ_HDR ? g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_REQ_HDR] : g_proxy_rt - ->scan_table_id[PXY_CTRL_HTTP_RES_HDR]; + attribute_name= events & EV_HTTP_REQ_HDR ? "ATTR_HTTP_REQ_HDR" : "ATTR_HTTP_RES_HDR"; + http_half = events & EV_HTTP_REQ_HDR ? session->req : session->resp; while (hit_cnt < MAX_SCAN_RESULT) { @@ -2763,18 +2882,15 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht break; } - const char * str_field_name = http_field_name_to_string(&field_name); - scan_ret = maat_state_set_scan_district(ctx->scan_mid, table_id, str_field_name, strlen(str_field_name)); - assert(scan_ret == 0); - scan_ret = maat_scan_string(g_proxy_rt->feather, table_id, field_val, strlen(field_val), - result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, field_val, strlen(field_val), + result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; } } - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, table_id, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, - &n_hit_result, ctx->scan_mid); + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; @@ -2784,12 +2900,11 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN)) { assert(ctx->sp == NULL); - table_id = events & EV_HTTP_REQ_BODY_BEGIN ? g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY] : g_proxy_rt - ->scan_table_id[PXY_CTRL_HTTP_RES_BODY]; - ctx->sp = maat_stream_new(g_proxy_rt->feather, table_id, ctx->scan_mid); + attribute_name = events & EV_HTTP_REQ_BODY_BEGIN ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY"; + ctx->sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", attribute_name, ctx->scan_mid); } - const unsigned char *scan_body_frag=NULL; size_t scan_len=0; + const unsigned char *scan_body_frag=NULL; size_t scan_len=0; if (body_frag != NULL) { scan_body_frag = body_frag; @@ -2798,7 +2913,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht scan_len = (scan_body_frag + MAX_SCAN_DATA_SIZE < body_frag + frag_size) ? MAX_SCAN_DATA_SIZE : (body_frag + frag_size - scan_body_frag); scan_ret = maat_stream_scan(ctx->sp, (const char *)scan_body_frag, scan_len, - result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; @@ -2809,9 +2924,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END)) { - table_id = events & EV_HTTP_REQ_BODY_END ? g_proxy_rt->scan_table_id[PXY_CTRL_HTTP_REQ_BODY] : g_proxy_rt - ->scan_table_id[PXY_CTRL_HTTP_RES_BODY]; - scan_ret = maat_scan_not_logic(g_proxy_rt->feather, table_id, result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + attribute_name = events & EV_HTTP_REQ_BODY_END ? "ATTR_HTTP_REQ_BODY" : "ATTR_HTTP_RES_BODY"; + scan_ret = maat_scan_not_logic(g_proxy_rt->feather, "TSG_OBJ_KEYWORDS", "attribute_name", result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2826,8 +2940,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->param); if (ctx->action == PX_ACTION_WHITELIST) { - TFE_LOG_INFO(g_proxy_rt->local_logger, "Bypass rules matched: url=%s policy id=%lld.", - session->req->req_spec.url, ctx->enforce_rules[0].config_id); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Bypass rules matched: url=%s policy id=%s.", + session->req->req_spec.url, ctx->enforce_rules[0].config_uuid_string); goto __out; } if (hit_cnt > 1) @@ -2835,13 +2949,15 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht p = buff; for (i = 0; i < hit_cnt && i<MAX_SCAN_RESULT; i++) { - p += snprintf(p, sizeof(buff) - (p - buff), "%lld:", result[i]); + char result_uuid_string[UUID_STRING_SIZE]={0}; + uuid_unparse(result[i], result_uuid_string); + p += snprintf(p, sizeof(buff) - (p - buff), "%s:", result_uuid_string); } *p = '\0'; - TFE_LOG_INFO(g_proxy_rt->local_logger, "Multiple rules matched: url=%s num=%lu ids=%s execute=%lld.", - session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id); + TFE_LOG_INFO(g_proxy_rt->local_logger, "Multiple rules matched: url=%s num=%lu ids=%s execute=%s.", + session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_uuid_string); } ctx->hit_cnt=0; } @@ -2898,7 +3014,7 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h evbuffer_add(ctx->log_resp_body, body_frag, frag_size); } - if((((ctx_actually_replaced(ctx)) || (ctx_actually_inserted(ctx)) || (ctx_actually_edited(ctx)) || (ctx_actually_manipulate(ctx)) + if((((ctx_actually_replaced(ctx)) || (ctx_actually_inserted(ctx)) || (ctx_actually_edited(ctx)) || (ctx_actually_manipulate(ctx)) || ctx_actually_ran_script(ctx)) || ctx->action == PX_ACTION_REJECT || (ctx->action == PX_ACTION_MONIT))) { proxy_send_metric_log(stream, ctx, thread_id, 1); @@ -2921,28 +3037,27 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ assert(ctx == NULL); ATOMIC_INC(&(g_proxy_rt->stat_val[STAT_SESSION])); ctx = proxy_http_ctx_new(thread_id); - long long *result = ctx->result; - scan_ret = tfe_scan_subscribe_id(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); + scan_ret = tfe_scan_subscribe_id(stream, ctx->result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if(scan_ret>0) { hit_cnt += scan_ret; } - scan_ret = tfe_scan_ip_tags(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); + scan_ret = tfe_scan_ip_tags(stream, ctx->result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if(scan_ret>0) { hit_cnt += scan_ret; } long long app_id=67; - scan_ret = tfe_scan_app_id(result, ctx->scan_mid, hit_cnt, app_id, g_proxy_rt->scan_table_id[PXY_CTRL_APP_ID]); + scan_ret = tfe_scan_app_id(ctx->result, ctx->scan_mid, hit_cnt, app_id); if(scan_ret > 0) { hit_cnt += scan_ret; } - - scan_ret = tfe_scan_device(stream, result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); + + scan_ret = tfe_scan_device(stream, ctx->result, ctx->scan_mid, hit_cnt, g_proxy_rt->local_logger); if(scan_ret > 0) { hit_cnt += scan_ret; @@ -2951,12 +3066,12 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ addr_tfe2sapp(stream->addr, &sapp_addr); if (sapp_addr.addrtype == ADDR_TYPE_IPV4) { - scan_ret = tfe_scan_ipv4_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); + scan_ret = tfe_scan_ipv4_addr(stream, ctx->result, ctx->scan_mid, hit_cnt, sapp_addr); if (scan_ret > 0) { hit_cnt += scan_ret; } - scan_ret = tfe_scan_port(stream, result, ctx->scan_mid, hit_cnt, sapp_addr.v4->source, sapp_addr.v4->dest); + scan_ret = tfe_scan_port(stream, ctx->result, ctx->scan_mid, hit_cnt, sapp_addr.v4->source, sapp_addr.v4->dest); if(scan_ret > 0) { hit_cnt += scan_ret; @@ -2964,12 +3079,12 @@ void proxy_on_http_begin(const struct tfe_stream *stream, const struct tfe_http_ } if (sapp_addr.addrtype == ADDR_TYPE_IPV6) { - scan_ret = tfe_scan_ipv6_addr(stream, result, ctx->scan_mid, hit_cnt, sapp_addr); + scan_ret = tfe_scan_ipv6_addr(stream, ctx->result, ctx->scan_mid, hit_cnt, sapp_addr); if (scan_ret > 0) { hit_cnt += scan_ret; } - scan_ret = tfe_scan_port(stream, result, ctx->scan_mid, hit_cnt, sapp_addr.v6->source, sapp_addr.v6->dest); + scan_ret = tfe_scan_port(stream, ctx->result, ctx->scan_mid, hit_cnt, sapp_addr.v6->source, sapp_addr.v6->dest); if(scan_ret > 0) { hit_cnt += scan_ret; diff --git a/plugin/business/tsg-http/src/tsg_logger.cpp b/plugin/business/tsg-http/src/tsg_logger.cpp index e79b80c..258c184 100644 --- a/plugin/business/tsg-http/src/tsg_logger.cpp +++ b/plugin/business/tsg-http/src/tsg_logger.cpp @@ -356,21 +356,21 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) } int j=0, enable_monit=0; - int monit_config_id[16]={0}; + char *monit_config_id[16]={0}; for(size_t i=0; i<log_msg->result_num; i++) { if(log_msg->result[i].action == LG_ACTION_MONIT) { - monit_config_id[j]=log_msg->result[i].config_id; + monit_config_id[j]=log_msg->result[i].config_uuid_string; j++; } } for(size_t i=0; i<log_msg->result_num; i++) { - TFE_LOG_DEBUG(handle->local_logger, "URL: %s, policy_id: %lld, service: %d, do_log:%d", + TFE_LOG_DEBUG(handle->local_logger, "URL: %s, policy_id: %s, service: %d, do_log:%d", http->req->req_spec.url, - log_msg->result[i].config_id, + log_msg->result[i].config_uuid_string, log_msg->result[i].service_id, log_msg->result[i].do_log); @@ -385,17 +385,17 @@ int proxy_send_log(struct proxy_logger* handle, const struct proxy_log* log_msg) } cJSON *proxy_rule_list=NULL; - int config_id[1]={0}; + char *config_id[1]={0}; per_hit_obj=cJSON_Duplicate(common_obj, 1); if(log_msg->result[i].action == LG_ACTION_MONIT) { - proxy_rule_list = cJSON_CreateIntArray(monit_config_id, j); + proxy_rule_list = cJSON_CreateStringArray((const char **)monit_config_id, j); enable_monit=1; } else { - config_id[0]=log_msg->result[i].config_id; - proxy_rule_list = cJSON_CreateIntArray(config_id, 1); + config_id[0]=log_msg->result[i].config_uuid_string; + proxy_rule_list = cJSON_CreateStringArray((const char **)config_id, 1); } cJSON_AddItemToObject(per_hit_obj, "proxy_rule_list", proxy_rule_list); cJSON_AddNumberToObject(per_hit_obj, "vsys_id", log_msg->result[i].vsys_id); diff --git a/plugin/business/tsg-http/test/test_http_lua.cpp b/plugin/business/tsg-http/test/test_http_lua.cpp index 14daf52..3b375f4 100644 --- a/plugin/business/tsg-http/test/test_http_lua.cpp +++ b/plugin/business/tsg-http/test/test_http_lua.cpp @@ -163,10 +163,11 @@ static int lua_http_default_headers_init(struct def_lua_http_headers *lua_http_h return 0; } -int http_lua_profile_for_test(int profile_id, struct elua_script ***elua_ctx, char **profile_msg, size_t *msg_len, int *timeout) +int http_lua_profile_for_test(char *profile_id_str, struct elua_script ***elua_ctx, char **profile_msg, size_t *msg_len, int *timeout) { size_t input_sz; const char *filename[]= {"./test_data/http_session.lua", "./test_data/header_filter_by_lua.lua"}; + int profile_id=atoi(profile_id_str); char *input= tfe_read_file(filename[profile_id], &input_sz); *profile_msg=tfe_strdup(input); @@ -221,7 +222,8 @@ const struct tfe_http_session *lua_http_session_init() TEST(TSG_LUA_SCRIPT, Lua_TimeOut) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; struct timespec start_time, end_time; @@ -235,7 +237,7 @@ TEST(TSG_LUA_SCRIPT, Lua_TimeOut) lua_script->http_lua_profile = http_lua_profile_for_test; clock_gettime(CLOCK_REALTIME, &(start_time)); - ret = execute_lua_script_rule(lua_script, profile_id, NULL, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, NULL, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret!=0); clock_gettime(CLOCK_REALTIME, &(end_time)); @@ -250,7 +252,8 @@ TEST(TSG_LUA_SCRIPT, Lua_TimeOut) TEST(TSG_LUA_SCRIPT, Req_Uri) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx, 0, sizeof(tsg_ctx)); @@ -262,7 +265,7 @@ TEST(TSG_LUA_SCRIPT, Req_Uri) lua_script->http_lua_profile = http_lua_profile_for_test; tsg_ctx.session->req->req_spec.uri = tfe_strdup("forecast"); - ret = execute_lua_script_rule(lua_script, profile_id, NULL, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, NULL, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); EXPECT_STREQ(tsg_ctx.rewrite_uri,"team"); @@ -276,7 +279,8 @@ TEST(TSG_LUA_SCRIPT, Req_Uri) TEST(TSG_LUA_SCRIPT, Req_Header) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx, 0, sizeof(tsg_ctx)); @@ -287,7 +291,7 @@ TEST(TSG_LUA_SCRIPT, Req_Header) lua_script->http_lua_profile = http_lua_profile_for_test; tsg_ctx.session->req->req_spec.method = TFE_HTTP_METHOD_GET; - ret = execute_lua_script_rule(lua_script, profile_id, NULL, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, NULL, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); const char* user_agent_val=tfe_http_std_field_read(tsg_ctx.session->resp, TFE_HTTP_USER_AGENT); @@ -307,7 +311,8 @@ TEST(TSG_LUA_SCRIPT, Req_Header) TEST(TSG_LUA_SCRIPT, Resp_Header) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx,0,sizeof(struct tsg_script_ctx)); @@ -318,7 +323,7 @@ TEST(TSG_LUA_SCRIPT, Resp_Header) lua_script->http_lua_profile = http_lua_profile_for_test; tsg_ctx.session->resp->resp_spec.resp_code = 200; - ret = execute_lua_script_rule(lua_script, profile_id, NULL, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, NULL, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); const char* content_type_val=tfe_http_std_field_read(tsg_ctx.session->resp, TFE_HTTP_CONT_TYPE); @@ -334,7 +339,8 @@ TEST(TSG_LUA_SCRIPT, Resp_Header) TEST(TSG_LUA_SCRIPT, Req_Data) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx,0,sizeof(struct tsg_script_ctx)); @@ -348,7 +354,7 @@ TEST(TSG_LUA_SCRIPT, Req_Data) tsg_ctx.http_body = evbuffer_new(); evbuffer_add(tsg_ctx.http_body, input, strlen(input)); - ret = execute_lua_script_rule(lua_script, profile_id, NULL, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, NULL, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); ASSERT_TRUE(tsg_ctx.http_lua_body!=NULL); @@ -372,7 +378,8 @@ TEST(TSG_LUA_SCRIPT, Req_Data) TEST(TSG_LUA_SCRIPT, Resq_Data) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx,0,sizeof(struct tsg_script_ctx)); @@ -386,7 +393,7 @@ TEST(TSG_LUA_SCRIPT, Resq_Data) tsg_ctx.http_body = evbuffer_new(); evbuffer_add(tsg_ctx.http_body, input, strlen(input)); - ret = execute_lua_script_rule(lua_script, profile_id, NULL, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, NULL, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); ASSERT_TRUE(tsg_ctx.http_lua_body!=NULL); @@ -410,7 +417,8 @@ TEST(TSG_LUA_SCRIPT, Resq_Data) TEST(TSG_LUA_SCRIPT, Lua_Http_Session) { int ret=0; - int profile_id=0,thread_id=0; + int thread_id=0; + const char *profile_id_str = "0"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx,0,sizeof(struct tsg_script_ctx)); @@ -421,7 +429,7 @@ TEST(TSG_LUA_SCRIPT, Lua_Http_Session) lua_script->http_lua_profile = http_lua_profile_for_test; tsg_ctx.elua_ctx=http_lua_ctx_new(lua_script, thread_id); - ret = execute_lua_script_rule(lua_script, profile_id, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); const char* content_type_val=tfe_http_std_field_read(tsg_ctx.session->resp, TFE_HTTP_CONT_TYPE); @@ -433,7 +441,7 @@ TEST(TSG_LUA_SCRIPT, Lua_Http_Session) const char *user_input="This is response data"; evbuffer_add(tsg_ctx.http_body, user_input, strlen(user_input)); - ret = execute_lua_script_rule(lua_script, profile_id, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); EXPECT_TRUE(tsg_ctx.http_lua_body!=NULL); @@ -458,7 +466,8 @@ TEST(TSG_LUA_SCRIPT, Lua_Http_Session) TEST(TSG_LUA_SCRIPT, Lua_Http_Header_Filter) { int ret=0; - int profile_id=1,thread_id=0; + int thread_id=0; + const char *profile_id_str = "1"; struct tsg_script_ctx tsg_ctx; memset(&tsg_ctx,0,sizeof(struct tsg_script_ctx)); @@ -471,7 +480,7 @@ TEST(TSG_LUA_SCRIPT, Lua_Http_Header_Filter) lua_http_headers_clear(); tsg_ctx.replacing=tsg_ctx.session->resp; - ret = execute_lua_script_rule(lua_script, profile_id, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); const char *server_type_val=tfe_http_std_field_read(tsg_ctx.replacing, TFE_HTTP_SERVER); @@ -489,7 +498,7 @@ TEST(TSG_LUA_SCRIPT, Lua_Http_Header_Filter) const char *user_input="This is response data"; evbuffer_add(tsg_ctx.http_body, user_input, strlen(user_input)); - ret = execute_lua_script_rule(lua_script, profile_id, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); + ret = execute_lua_script_rule(lua_script, (char *)profile_id_str, tsg_ctx.elua_ctx, thread_id, (void *)&tsg_ctx); EXPECT_TRUE(ret==0); EXPECT_TRUE(tsg_ctx.http_lua_body!=NULL); char *__http_body=(char *) evbuffer_pullup(tsg_ctx.http_lua_body, -1); |