static int
ts_lua_client_request_client_addr_get_port(lua_State *L)
{
struct sockaddr const *client_ip;
ts_lua_http_ctx *http_ctx;
int port;
http_ctx = ts_lua_get_http_ctx(L);
client_ip = TSHttpTxnClientAddrGet(http_ctx->txnp);
if (client_ip == NULL) {
lua_pushnil(L);
} else {
if (client_ip->sa_family == AF_INET) {
port = ((struct sockaddr_in *)client_ip)->sin_port;
} else {
port = ((struct sockaddr_in6 *)client_ip)->sin6_port;
}
lua_pushnumber(L, port);
}
return 1;
}
static RequestInfo *
create_request_info(TSHttpTxn txn)
{
RequestInfo *req_info;
char *url;
int url_len;
TSMBuffer buf;
TSMLoc loc;
req_info = (RequestInfo *)TSmalloc(sizeof(RequestInfo));
url = TSHttpTxnEffectiveUrlStringGet(txn, &url_len);
req_info->effective_url = TSstrndup(url, url_len);
TSfree(url);
TSHttpTxnClientReqGet(txn, &buf, &loc);
req_info->buf = TSMBufferCreate();
TSHttpHdrClone(req_info->buf, buf, loc, &(req_info->http_hdr_loc));
TSHandleMLocRelease(buf, TS_NULL_MLOC, loc);
req_info->client_addr = TSmalloc(sizeof(struct sockaddr));
memmove((void *)req_info->client_addr, (void *)TSHttpTxnClientAddrGet(txn), sizeof(struct sockaddr));
return req_info;
}
static int
ts_lua_client_request_client_addr_get_ip(lua_State *L)
{
struct sockaddr const *client_ip;
char cip[128];
ts_lua_http_ctx *http_ctx;
http_ctx = ts_lua_get_http_ctx(L);
client_ip = TSHttpTxnClientAddrGet(http_ctx->txnp);
if (client_ip == NULL) {
lua_pushnil(L);
} else {
if (client_ip->sa_family == AF_INET) {
inet_ntop(AF_INET, (const void *)&((struct sockaddr_in *)client_ip)->sin_addr, cip, sizeof(cip));
} else {
inet_ntop(AF_INET6, (const void *)&((struct sockaddr_in6 *)client_ip)->sin6_addr, cip, sizeof(cip));
}
lua_pushstring(L, cip);
}
return 1;
}
/**
* Initialize the IB connection.
*
* Initializes an IronBee connection from a ATS continuation
*
* @param[in] iconn IB connection
* @param[in] ssn Session context data
*
* @returns status
*/
static ib_status_t ironbee_conn_init(
tsib_ssn_ctx *ssndata)
{
assert(ssndata != NULL);
const struct sockaddr *addr;
int port;
ib_conn_t *iconn = ssndata->iconn;
/* remote ip */
addr = TSHttpTxnClientAddrGet(ssndata->txnp);
addr2str(addr, ssndata->remote_ip, &port);
iconn->remote_ipstr = ssndata->remote_ip;
/* remote port */
iconn->remote_port = port;
/* local end */
addr = TSHttpTxnIncomingAddrGet(ssndata->txnp);
addr2str(addr, ssndata->local_ip, &port);
iconn->local_ipstr = ssndata->local_ip;
/* local_port */
iconn->local_port = port;
return IB_OK;
}
static ib_status_t ironbee_conn_init(ib_engine_t *ib,
ib_conn_t *iconn, void *cbdata)
{
/* when does this happen? */
ib_status_t rc;
const struct sockaddr *addr;
int port;
TSCont contp = iconn->pctx;
ib_ssn_ctx* data = TSContDataGet(contp);
// ib_clog_debug(....);
/* remote ip */
addr = TSHttpTxnClientAddrGet(data->txnp);
addr2str(addr, data->remote_ip, &port);
iconn->remote_ipstr = data->remote_ip;
rc = ib_data_add_bytestr(iconn->dpi,
"remote_ip",
(uint8_t *)iconn->remote_ipstr,
strlen(data->remote_ip),
NULL);
if (rc != IB_OK) {
return rc;
}
/* remote port */
iconn->remote_port = port;
rc = ib_data_add_num(iconn->dpi, "remote_port", port, NULL);
if (rc != IB_OK) {
return rc;
}
/* local end */
addr = TSHttpTxnIncomingAddrGet(data->txnp);
addr2str(addr, data->local_ip, &port);
iconn->local_ipstr = data->local_ip;
rc = ib_data_add_bytestr(iconn->dpi,
"local_ip",
(uint8_t *)iconn->local_ipstr,
strlen(data->local_ip),
NULL);
if (rc != IB_OK) {
return rc;
}
/* local_port */
iconn->local_port = port;
rc = ib_data_add_num(iconn->dpi, "local_port", port, NULL);
if (rc != IB_OK) {
return rc;
}
return IB_OK;
}
static RequestInfo *
create_request_info(TSHttpTxn txn)
{
RequestInfo *req_info;
char *url;
int url_len;
TSMBuffer buf;
TSMLoc loc;
const struct sockaddr *sa;
req_info = (RequestInfo *)TSmalloc(sizeof(RequestInfo));
memset(req_info, 0, sizeof(RequestInfo));
url = TSHttpTxnEffectiveUrlStringGet(txn, &url_len);
req_info->effective_url = TSstrndup(url, url_len);
TSfree(url);
TSHttpTxnClientReqGet(txn, &buf, &loc);
req_info->buf = TSMBufferCreate();
TSHttpHdrClone(req_info->buf, buf, loc, &(req_info->http_hdr_loc));
TSHandleMLocRelease(buf, TS_NULL_MLOC, loc);
sa = TSHttpTxnClientAddrGet(txn);
switch (sa->sa_family) {
case AF_INET:
memcpy(&req_info->client_addr.sin, sa, sizeof(struct sockaddr_in));
break;
case AF_INET6:
memcpy(&req_info->client_addr.sin6, sa, sizeof(struct sockaddr_in6));
break;
default:
break;
}
return req_info;
}
TSRemapStatus
TSRemapDoRemap(void *ih, TSHttpTxn rh, TSRemapRequestInfo* rri)
{
int i, len;
time_t t, e;
MD5_CTX ctx;
struct sockaddr_in *in;
const char *qh, *ph, *ip;
unsigned char md[MD5_DIGEST_LENGTH];
secure_link_info *sli = (secure_link_info *)ih;
char *token = NULL, *expire = NULL, *path = NULL;
char *s, *ptr, *saveptr = NULL, *val, hash[32] = "";
in = (struct sockaddr_in *)TSHttpTxnClientAddrGet(rh);
ip = inet_ntoa(in->sin_addr);
s = TSUrlStringGet(rri->requestBufp, rri->requestUrl, &len);
TSDebug(PLUGIN_NAME, "request [%.*s] from [%s]", len, s, ip);
TSfree(s);
qh = TSUrlHttpQueryGet(rri->requestBufp, rri->requestUrl, &len);
if(qh && len > 0) {
s = (char *)TSstrndup(qh, len);
if((ptr = strtok_r(s, "&", &saveptr)) != NULL) {
do {
if((val = strchr(ptr, '=')) != NULL) {
*val++ = '\0';
if(strcmp(ptr, "st") == 0) {
token = TSstrdup(val);
} else if(strcmp(ptr, "ex") == 0) {
expire = TSstrdup(val);
}
} else {
TSError("Invalid parameter [%s]", ptr);
break;
}
} while((ptr = strtok_r(NULL, "&", &saveptr)) != NULL);
} else {
TSError("strtok didn't find a & in the query string");
/* this is just example, so set fake params to prevent plugin crash */
token = TSstrdup("d41d8cd98f00b204e9800998ecf8427e");
expire = TSstrdup("00000000");
}
TSfree(s);
} else {
TSError("TSUrlHttpQueryGet returns empty value");
}
ph = TSUrlPathGet(rri->requestBufp, rri->requestUrl, &len);
if(ph && len > 0) {
s = TSstrndup(ph, len);
if((ptr = strrchr(s, '/')) != NULL) {
*++ptr = '\0';
}
path = TSstrdup(s);
TSfree(s);
} else {
TSError("TSUrlPathGet returns empty value");
/* this is just example, so set fake params to prevent plugin crash */
path = TSstrdup("example/");
}
MD5_Init(&ctx);
MD5_Update(&ctx, sli->secret, strlen(sli->secret));
MD5_Update(&ctx, ip, strlen(ip));
if (path)
MD5_Update(&ctx, path, strlen(path));
if (expire)
MD5_Update(&ctx, expire, strlen(expire));
MD5_Final(md, &ctx);
for(i = 0; i < MD5_DIGEST_LENGTH; i++) {
sprintf(&hash[i * 2], "%02x", md[i]);
}
time(&t);
e = strtol(expire, NULL, 16);
i = TSREMAP_DID_REMAP;
if(e < t || strcmp(hash, token) != 0) {
if(e < t) {
TSDebug(PLUGIN_NAME, "link expired: [%lu] vs [%lu]", t, e);
} else {
TSDebug(PLUGIN_NAME, "tokens mismatch: [%s] vs [%s]", hash, token);
}
if(sli->strict) {
TSDebug(PLUGIN_NAME, "request is DENY");
TSHttpTxnSetHttpRetStatus(rh, TS_HTTP_STATUS_FORBIDDEN);
i = TSREMAP_NO_REMAP;
} else {
TSDebug(PLUGIN_NAME, "request is PASS");
}
}
if(i == TSREMAP_DID_REMAP) {
if(TSUrlHttpQuerySet(rri->requestBufp, rri->requestUrl, "", -1) == TS_SUCCESS) {
s = TSUrlStringGet(rri->requestBufp, rri->requestUrl, &len);
TSDebug(PLUGIN_NAME, "new request string is [%.*s]", len, s);
TSfree(s);
} else {
i = TSREMAP_NO_REMAP;
}
}
TSfree(expire);
TSfree(token);
TSfree(path);
return i;
}
static void
handle_client_lookup(TSHttpTxn txnp, TSCont contp)
{
TSMBuffer bufp;
TSMLoc hdr_loc, url_loc;
int host_length;
in_addr_t clientip = 0;
const char *host;
if (TSIsDebugTagSet("redirect")) {
struct sockaddr const *addr = TSHttpTxnClientAddrGet(txnp);
if (addr) {
socklen_t addr_size = 0;
if (addr->sa_family == AF_INET) {
addr_size = sizeof(struct sockaddr_in);
} else if (addr->sa_family == AF_INET6) {
addr_size = sizeof(struct sockaddr_in6);
}
if (addr_size > 0) {
char clientstring[INET6_ADDRSTRLEN];
if (NULL != inet_ntop(addr->sa_family, addr, clientstring, addr_size)) {
TSDebug(PLUGIN_NAME, "clientip is %s and block_ip is %s", clientstring, block_ip);
}
}
}
}
if (TSHttpTxnClientReqGet(txnp, &bufp, &hdr_loc) != TS_SUCCESS) {
TSError("[%s] Couldn't retrieve client request header", PLUGIN_NAME);
goto done;
}
if (TSHttpHdrUrlGet(bufp, hdr_loc, &url_loc) != TS_SUCCESS) {
TSError("[%s] Couldn't retrieve request url", PLUGIN_NAME);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
host = TSUrlHostGet(bufp, url_loc, &host_length);
if (!host) {
TSError("[%s] Couldn't retrieve request hostname", PLUGIN_NAME);
TSHandleMLocRelease(bufp, hdr_loc, url_loc);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
/*
* Check to see if the client is already headed to the redirect site.
*/
if (strncmp(host, url_redirect, host_length) == 0) {
TSHandleMLocRelease(bufp, hdr_loc, url_loc);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
/* TODO: This is odd, clientip is never set ... */
if (ip_deny == clientip) {
TSHttpTxnHookAdd(txnp, TS_HTTP_SEND_RESPONSE_HDR_HOOK, contp);
update_redirected_method_stats(bufp, hdr_loc);
TSHandleMLocRelease(bufp, hdr_loc, url_loc);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
/*
* Increment the local redirect stat and do global update:
*/
TSStatIntIncrement(requests_redirects, 1);
TSHttpTxnReenable(txnp, TS_EVENT_HTTP_ERROR);
return;
}
done:
// Increment the local number unchanged stat and do global update:
TSStatIntIncrement(requests_unchanged, 1);
TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE);
}
static void
handle_client_lookup(TSHttpTxn txnp, TSCont contp)
{
TSMBuffer bufp;
TSMLoc hdr_loc, url_loc;
int host_length;
in_addr_t clientip = 0;
const char *host;
/*
* Here we declare local coupled statistics variables:
*/
INKCoupledStat local_request_outcomes;
INKStat local_requests_all;
INKStat local_requests_redirects;
INKStat local_requests_unchanged;
/*
* Create local copy of the global coupled stat category:
*/
local_request_outcomes = INKStatCoupledLocalCopyCreate("local_request_outcomes", request_outcomes);
/*
* Create the local copies of the global coupled stats:
*/
local_requests_all = INKStatCoupledLocalAdd(local_request_outcomes, "requests.all.local", INKSTAT_TYPE_FLOAT);
local_requests_redirects = INKStatCoupledLocalAdd(local_request_outcomes,
"requests.redirects.local", INKSTAT_TYPE_INT64);
local_requests_unchanged = INKStatCoupledLocalAdd(local_request_outcomes,
"requests.unchanged.local", INKSTAT_TYPE_INT64);
/*
* Increment the count of total requests:
* (it is more natural to treat the number of requests as an
* integer, but we declare this a FLOAT in order to demonstrate
* how to increment coupled FLOAT stats)
*/
INKStatFloatAddTo(local_requests_all, 1.0);
if (TSIsDebugTagSet("redirect")) {
struct sockaddr const* addr = TSHttpTxnClientAddrGet(txnp);
if (addr) {
socklen_t addr_size = 0;
if (addr->sa_family == AF_INET)
addr_size = sizeof(struct sockaddr_in);
else if (addr->sa_family == AF_INET6)
addr_size = sizeof(struct sockaddr_in6);
if (addr_size > 0) {
char clientstring[INET6_ADDRSTRLEN];
if (NULL != inet_ntop(addr->sa_family, addr, clientstring, addr_size))
TSDebug("redirect", "clientip is %s and block_ip is %s", clientstring, block_ip);
}
}
}
if (TSHttpTxnClientReqGet(txnp, &bufp, &hdr_loc) != TS_SUCCESS) {
TSError("couldn't retrieve client request header\n");
goto done;
}
if (TSHttpHdrUrlGet(bufp, hdr_loc, &url_loc) != TS_SUCCESS) {
TSError("couldn't retrieve request url\n");
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
host = TSUrlHostGet(bufp, url_loc, &host_length);
if (!host) {
TSError("couldn't retrieve request hostname\n");
TSHandleMLocRelease(bufp, hdr_loc, url_loc);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
/*
* Check to see if the client is already headed to the redirect site.
*/
if (strncmp(host, url_redirect, host_length) == 0) {
TSHandleMLocRelease(bufp, hdr_loc, url_loc);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
/* TODO: This is odd, clientip is never set ... */
if (ip_deny == clientip) {
TSHttpTxnHookAdd(txnp, TS_HTTP_SEND_RESPONSE_HDR_HOOK, contp);
update_redirected_method_stats(bufp, hdr_loc);
TSHandleMLocRelease(bufp, hdr_loc, url_loc);
TSHandleMLocRelease(bufp, TS_NULL_MLOC, hdr_loc);
/*
* Increment the local redirect stat and do global update:
*/
INKStatIncrement(local_requests_redirects);
INKStatsCoupledUpdate(local_request_outcomes);
INKStatCoupledLocalCopyDestroy(local_request_outcomes);
TSHttpTxnReenable(txnp, TS_EVENT_HTTP_ERROR);
return;
}
done:
/*
* Increment the local number unchanged stat and do global update:
*/
INKStatIncrement(local_requests_unchanged);
INKStatsCoupledUpdate(local_request_outcomes);
INKStatCoupledLocalCopyDestroy(local_request_outcomes);
TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE);
}
static int astats_origin(TSCont cont, TSEvent event, void *edata) {
TSCont icontp;
stats_state *my_state;
config_t* config;
TSHttpTxn txnp = (TSHttpTxn) edata;
TSMBuffer reqp;
TSMLoc hdr_loc = NULL, url_loc = NULL;
TSEvent reenable = TS_EVENT_HTTP_CONTINUE;
config = get_config(cont);
TSDebug(PLUGIN_TAG, "in the read stuff");
if (TSHttpTxnClientReqGet(txnp, &reqp, &hdr_loc) != TS_SUCCESS)
goto cleanup;
if (TSHttpHdrUrlGet(reqp, hdr_loc, &url_loc) != TS_SUCCESS)
goto cleanup;
int path_len = 0;
const char* path = TSUrlPathGet(reqp,url_loc,&path_len);
TSDebug(PLUGIN_TAG,"Path: %.*s",path_len,path);
TSDebug(PLUGIN_TAG,"Path: %.*s",path_len,path);
if (!(path_len == config->stats_path_len && !memcmp(path, config->stats_path, config->stats_path_len))) {
// TSDebug(PLUGIN_TAG, "not right path: %.*s",path_len,path);
goto notforme;
}
const struct sockaddr *addr = TSHttpTxnClientAddrGet(txnp);
if(!is_ip_allowed(config, addr)) {
TSDebug(PLUGIN_TAG, "not right ip");
goto notforme;
}
// TSDebug(PLUGIN_TAG,"Path...: %.*s",path_len,path);
int query_len;
char *query = (char*)TSUrlHttpQueryGet(reqp,url_loc,&query_len);
TSDebug(PLUGIN_TAG,"query: %.*s",query_len,query);
TSSkipRemappingSet(txnp,1); //not strictly necessary, but speed is everything these days
/* This is us -- register our intercept */
TSDebug(PLUGIN_TAG, "Intercepting request");
icontp = TSContCreate(stats_dostuff, TSMutexCreate());
my_state = (stats_state *) TSmalloc(sizeof(*my_state));
memset(my_state, 0, sizeof(*my_state));
my_state->recordTypes = config->recordTypes;
if (query_len) {
my_state->query = nstrl(query, query_len);
TSDebug(PLUGIN_TAG,"new query: %s", my_state->query);
stats_fillState(my_state, my_state->query, query_len);
}
TSContDataSet(icontp, my_state);
TSHttpTxnIntercept(icontp, txnp);
goto cleanup;
notforme:
cleanup:
#if (TS_VERSION_NUMBER < 2001005)
if (path)
TSHandleStringRelease(reqp, url_loc, path);
#endif
if (url_loc)
TSHandleMLocRelease(reqp, hdr_loc, url_loc);
if (hdr_loc)
TSHandleMLocRelease(reqp, TS_NULL_MLOC, hdr_loc);
TSHttpTxnReenable(txnp, reenable);
return 0;
}
