static void core_vars_gen_list(ib_tx_t *tx, const char *name)
{
assert(tx != NULL);
assert(name != NULL);
ib_status_t rc;
ib_var_source_t *source;
rc = ib_var_source_acquire(
&source,
tx->mp,
ib_var_store_config(tx->var_store),
name, strlen(name)
);
if (rc != IB_OK) {
ib_log_warning_tx(tx, "Failed to acquire \"%s\" var: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_var_source_initialize(source, NULL, tx->var_store, IB_FTYPE_LIST);
if (rc != IB_OK) {
ib_log_warning_tx(tx,
"Failed add \"%s\" var to transaction: %s",
name, ib_status_to_string(rc)
);
}
}
static void core_gen_tx_numeric_field(ib_tx_t *tx,
const char *name,
ib_num_t val)
{
ib_field_t *f;
assert(tx != NULL);
assert(name != NULL);
ib_num_t num = val;
ib_status_t rc = ib_field_create(&f, tx->mp,
name, strlen(name),
IB_FTYPE_NUM,
&num);
if (rc != IB_OK) {
ib_log_warning(tx->ib, "Failed to create \"%s\" field: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_data_add(tx->data, f);
if (rc != IB_OK) {
ib_log_warning_tx(tx,
"Failed add \"%s\" field to transaction data store: %s",
name, ib_status_to_string(rc)
);
}
}
void RunTest(int line,
const char *s,
int base,
ib_status_t estatus,
ib_num_t expected)
{
ib_status_t rc;
ib_num_t result;
rc = ::ib_string_to_num(s, base, &result);
if (estatus == IB_OK) {
EXPECT_EQ(rc, IB_OK)
<< "Line " << line << ": "
<< "Conversion of '" << s << "' base10="<< base
<< " failed; rc=" << rc
<< " (" << ib_status_to_string(rc) << ")";
}
else {
EXPECT_EQ(rc, estatus)
<< "Line " << line << ": "
<< "Conversion of '" << s << "' base=" << base
<< " expected status " << estatus << " returned "<< rc
<< " (" << ib_status_to_string(rc) << ")";
}
if (rc == IB_OK) {
EXPECT_EQ(expected, result)
<< "Line " << line << ": "
<< "Conversion of '" << s << "' base=" <<base
<< " expected value=" << expected << " result="<< result;
}
}
static void core_gen_tx_bytestr_alias_field(ib_tx_t *tx,
const char *name,
ib_bytestr_t *val)
{
ib_field_t *f;
assert(tx != NULL);
assert(name != NULL);
assert(val != NULL);
ib_status_t rc = ib_field_create_no_copy(&f, tx->mp,
name, strlen(name),
IB_FTYPE_BYTESTR,
val);
if (rc != IB_OK) {
ib_log_warning(tx->ib, "Failed to create \"%s\" field: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_data_add(tx->data, f);
if (rc != IB_OK) {
ib_log_warning_tx(tx,
"Failed add \"%s\" field to transaction data store: %s",
name, ib_status_to_string(rc)
);
}
}
/** Create and return top-level cont with no transient data
* Sets up engine manager and kill-or-continue txn hook before launching
* potentially-slow mainconfiguration in separate thread.
*/
static ib_status_t tsib_pre_init(TSCont *contp)
{
int rv;
ib_status_t rc;
TSCont cont;
assert(contp != NULL);
/* create a cont to fend off traffic while we read config */
*contp = cont = TSContCreate(ironbee_plugin, NULL);
if (cont == NULL) {
TSError("[ironbee] failed to create initial continuation: disabled");
return IB_EUNKNOWN;
}
if (module_data.allow_at_startup) {
/* SSN_START doesn't use contdata; READ_REQUEST_HDR only needs non-null flag.
* Using &module_data might let us clean up some tsib_api stuff in future.
*/
TSContDataSet(cont, &module_data);
}
else {
/* NULL contdata signals the READ_REQUEST_HDR hook to reject requests */
TSContDataSet(cont, NULL);
}
TSHttpHookAdd(TS_HTTP_READ_REQUEST_HDR_HOOK, cont);
if (!module_data.log_disable) {
/* success is documented as TS_LOG_ERROR_NO_ERROR but that's undefined.
* It's actually a TS_SUCCESS (proxy/InkAPI.cc line 6641).
*/
printf("Logging to \"%s\"\n", module_data.log_file);
rv = TSTextLogObjectCreate(module_data.log_file,
TS_LOG_MODE_ADD_TIMESTAMP,
&module_data.logger);
if (rv != TS_SUCCESS) {
TSError("[ironbee] Error creating log file.");
return IB_EUNKNOWN;
}
}
/* Initialize IronBee (including util) */
rc = ib_initialize();
if (rc != IB_OK) {
TSError("[ironbee] Error initializing IronBee: %s",
ib_status_to_string(rc));
return rc;
}
/* Create the IronBee engine manager */
TSDebug("ironbee", "Creating IronBee engine manager");
rc = ib_manager_create(&(module_data.manager), /* Engine Manager */
&ibplugin, /* Server object */
module_data.max_engines); /* Default max */
if (rc != IB_OK) {
TSError("[ironbee] Error creating IronBee engine manager: %s",
ib_status_to_string(rc));
}
return rc;
}
ib_status_t ib_core_collection_managers_register(
ib_engine_t *ib,
const ib_module_t *module)
{
assert(ib != NULL);
assert(module != NULL);
const char *pattern = "^([^\\s=]+)=(.*)$";
const int compile_flags = PCRE_DOTALL | PCRE_DOLLAR_ENDONLY;
pcre *compiled;
const char *error;
int eoff;
ib_status_t rc;
const ib_collection_manager_t *manager;
/* Register the name/value pair InitCollection manager */
rc = ib_collection_manager_register(
ib, module, "core name/value pair", "vars:",
core_managed_collection_vars_register_fn, NULL,
NULL, NULL,
core_managed_collection_vars_populate_fn, NULL,
NULL, NULL,
&manager);
if (rc != IB_OK) {
ib_log_alert(ib, "Failed to register core name/value pair handler: %s",
ib_status_to_string(rc));
return rc;
}
/* Compile the name/value pair pattern */
compiled = pcre_compile(pattern, compile_flags, &error, &eoff, NULL);
if (compiled == NULL) {
ib_log_error(ib, "Failed to compile pattern \"%s\": %s", pattern,
error ? error : "(null)");
return IB_EUNKNOWN;
}
core_vars_manager.pattern = compiled;
core_vars_manager.manager = manager;
#if ENABLE_JSON
/* Register the JSON file InitCollection manager */
rc = ib_collection_manager_register(
ib, module, "core JSON file", "json-file://",
core_managed_collection_jsonfile_register_fn, NULL,
NULL, NULL,
core_managed_collection_jsonfile_populate_fn, NULL,
core_managed_collection_jsonfile_persist_fn, NULL,
&manager);
if (rc != IB_OK) {
ib_log_alert(ib, "Failed to register core JSON file handler: %s",
ib_status_to_string(rc));
return rc;
}
#endif
return IB_OK;
}
/**
* Handle on/off directives.
*
* @param[in] cp Config parser
* @param[in] name Directive name
* @param[in] onoff on/off flag
* @param[in] cbdata Callback data (ignored)
*
* @returns Status code
*/
static ib_status_t handle_directive_onoff(ib_cfgparser_t *cp,
const char *name,
int onoff,
void *cbdata)
{
assert(cp != NULL);
assert(name != NULL);
assert(cp->ib != NULL);
ib_engine_t *ib = cp->ib;
ib_status_t rc;
ib_module_t *module = NULL;
modpcre_cfg_t *config = NULL;
ib_context_t *ctx = cp->cur_ctx ? cp->cur_ctx : ib_context_main(ib);
const char *pname;
/* Get my module object */
rc = ib_engine_module_get(cp->ib, MODULE_NAME_STR, &module);
if (rc != IB_OK) {
ib_cfg_log_error(cp, "Failed to get %s module object: %s",
MODULE_NAME_STR, ib_status_to_string(rc));
return rc;
}
/* Get my module configuration */
rc = ib_context_module_config(ctx, module, (void *)&config);
if (rc != IB_OK) {
ib_cfg_log_error(cp, "Failed to get %s module configuration: %s",
MODULE_NAME_STR, ib_status_to_string(rc));
return rc;
}
if (strcasecmp("PcreStudy", name) == 0) {
pname = MODULE_NAME_STR ".study";
}
else if (strcasecmp("PcreUseJit", name) == 0) {
pname = MODULE_NAME_STR ".use_jit";
}
else {
ib_cfg_log_error(cp, "Unhandled directive \"%s\"", name);
return IB_EINVAL;
}
rc = ib_context_set_num(ctx, pname, onoff);
if (rc != IB_OK) {
ib_cfg_log_error(cp, "Failed to set \"%s\" to %s for \"%s\": %s",
pname, onoff ? "true" : "false", name,
ib_status_to_string(rc));
}
return IB_OK;
}
static ib_status_t modbinradix_init(ib_engine_t *ib,
ib_module_t *m,
void *cbdata)
{
IB_FTRACE_INIT();
ib_status_t rc;
/* Register as a matcher provider. */
rc = ib_provider_register(ib,
IB_PROVIDER_TYPE_MATCHER,
MODULE_NAME_STR,
NULL,
&modbinradix_matcher_iface,
modbinradix_provider_instance_init);
if (rc != IB_OK) {
ib_log_error(ib,
MODULE_NAME_STR ": Error registering ac matcher provider: "
"%s", ib_status_to_string(rc));
IB_FTRACE_RET_STATUS(IB_OK);
}
ib_log_debug(ib, "AC Status: compiled=\"%d.%d %s\" BinRadix Matcher"
" registered", AC_MAJOR, AC_MINOR,
IB_XSTRINGIFY(AC_DATE));
IB_FTRACE_RET_STATUS(IB_OK);
}
ib_status_t ibpp_caught_ib_exception(
ib_engine_t* engine,
ib_status_t status,
const error& e
)
{
std::string message;
int level = 1;
message = std::string(ib_status_to_string(status)) + ":";
if (boost::get_error_info<errinfo_what>(e)) {
message += *boost::get_error_info<errinfo_what>(e);
}
else {
message += "IronBee++ Exception but no explanation provided. "
"Please report as bug.";
}
if (boost::get_error_info<errinfo_level>(e)) {
level = *boost::get_error_info<errinfo_level>(e);
}
if (engine) {
ib_log(engine, level, "%s", message.c_str());
ib_log_debug(engine, "%s", diagnostic_information(e).c_str() );
} else {
ib_util_log_error("%s", message.c_str());
ib_util_log_debug("%s", diagnostic_information(e).c_str()
);
}
return status;
}
/**
* Handle request_header events for user agent extraction.
*
* Extract the "request_headers" field (a list) from the transactions's
* data provider instance, then loop through the list, looking for the
* "User-Agent" field. If found, the value is parsed and used to update the
* connection object fields.
*
* @param[in] ib IronBee object
* @param[in,out] tx Transaction.
* @param[in] event Event type
* @param[in] data Callback data (not used)
*
* @returns Status code
*/
static ib_status_t modua_user_agent(ib_engine_t *ib,
ib_tx_t *tx,
ib_state_event_type_t event,
void *data)
{
assert(ib != NULL);
assert(tx != NULL);
assert(tx->data != NULL);
assert(event == request_header_finished_event);
ib_field_t *req_agent = NULL;
ib_status_t rc = IB_OK;
const ib_list_t *bs_list;
const ib_bytestr_t *bs;
/* Extract the User-Agent header field from the provider instance */
rc = ib_data_get(tx->data, "request_headers:User-Agent", &req_agent);
if ( (req_agent == NULL) || (rc != IB_OK) ) {
ib_log_debug_tx(tx, "request_header_finished_event: No user agent");
return IB_OK;
}
if (req_agent->type != IB_FTYPE_LIST) {
ib_log_error_tx(tx,
"Expected request_headers:User-Agent to "
"return list of values.");
return IB_EINVAL;
}
rc = ib_field_value_type(req_agent,
ib_ftype_list_out(&bs_list),
IB_FTYPE_LIST);
if (rc != IB_OK) {
ib_log_error_tx(tx,
"Cannot retrieve request_headers:User-Agent: %d",
rc);
return rc;
}
if (IB_LIST_ELEMENTS(bs_list) == 0) {
ib_log_debug_tx(tx, "request_header_finished_event: No user agent");
return IB_OK;
}
req_agent = (ib_field_t *)IB_LIST_NODE_DATA(IB_LIST_LAST(bs_list));
/* Found it: copy the data into a newly allocated string buffer */
rc = ib_field_value_type(req_agent,
ib_ftype_bytestr_out(&bs),
IB_FTYPE_BYTESTR);
if (rc != IB_OK) {
ib_log_error_tx(tx, "Request user agent is not a BYTESTR: %s",
ib_status_to_string(rc));
return rc;
}
/* Finally, split it up & store the components */
rc = modua_agent_fields(ib, tx, bs);
return rc;
}
static ib_status_t modpcre_init(ib_engine_t *ib,
ib_module_t *m,
void *cbdata)
{
IB_FTRACE_INIT();
ib_status_t rc;
/* Register as a matcher provider. */
rc = ib_provider_register(ib,
IB_PROVIDER_TYPE_MATCHER,
MODULE_NAME_STR,
NULL,
&modpcre_matcher_iface,
NULL);
if (rc != IB_OK) {
ib_log_error(ib,
MODULE_NAME_STR
": Error registering pcre matcher provider: "
"%s", ib_status_to_string(rc));
IB_FTRACE_RET_STATUS(IB_OK);
}
ib_log_debug(ib,"PCRE Status: compiled=\"%d.%d %s\" loaded=\"%s\"",
PCRE_MAJOR, PCRE_MINOR, IB_XSTRINGIFY(PCRE_DATE), pcre_version());
/* Register operators. */
ib_operator_register(ib,
"pcre",
(IB_OP_FLAG_PHASE | IB_OP_FLAG_CAPTURE),
pcre_operator_create,
NULL,
pcre_operator_destroy,
NULL,
pcre_operator_execute,
NULL);
/* An alias of pcre. The same callbacks are registered. */
ib_operator_register(ib,
"rx",
(IB_OP_FLAG_PHASE | IB_OP_FLAG_CAPTURE),
pcre_operator_create,
NULL,
pcre_operator_destroy,
NULL,
pcre_operator_execute,
NULL);
/* Register a pcre operator that uses pcre_dfa_exec to match streams. */
ib_operator_register(ib,
"dfa",
(IB_OP_FLAG_PHASE | IB_OP_FLAG_STREAM),
dfa_operator_create,
NULL,
dfa_operator_destroy,
NULL,
dfa_operator_execute,
NULL);
IB_FTRACE_RET_STATUS(IB_OK);
}
/**
* Initialize the IronBee ATS plugin.
*
* Performs initializations required by ATS.
*
* @param[in] argc Command-line argument count
* @param[in] argv Command-line argument list
*/
static void *ibinit(void *x)
{
TSCont cont = x;
ib_status_t rc;
rc = ironbee_init(&module_data);
if (rc != IB_OK) {
TSError("[ironbee] initialization failed: %s",
ib_status_to_string(rc));
goto Lerror;
}
/* connection initialization & cleanup */
TSHttpHookAdd(TS_HTTP_SSN_START_HOOK, cont);
/* now all's up and running, flag it to our READ_REQUEST_HDR hook */
TSContDataSet(cont, &module_data);
/* Register our continuation for management update for traffic_line -x
* Note that this requires Trafficserver 3.3.5 or later, or else
* apply the patch from bug TS-2036
*/
TSMgmtUpdateRegister(cont, "ironbee");
return NULL;
Lerror:
TSError("[ironbee] Unable to initialize plugin (disabled).");
return NULL;
}
static void core_gen_tx_bytestr_alias2(
ib_tx_t *tx,
const char *name,
const char *val, size_t val_length
)
{
assert(tx != NULL);
assert(name != NULL);
assert(val != NULL);
ib_status_t rc;
ib_bytestr_t *bytestr;
rc = ib_bytestr_alias_mem(
&bytestr,
tx->mp,
(const uint8_t *)val,
val_length
);
if (rc != IB_OK) {
ib_log_warning_tx(tx, "Failed to create alias for \"%s\" var: %s",
name, ib_status_to_string(rc));
return;
}
core_gen_tx_bytestr_alias(tx, name, bytestr);
}
static void core_gen_tx_bytestr_alias(ib_tx_t *tx,
const char *name,
ib_bytestr_t *val)
{
assert(tx != NULL);
assert(name != NULL);
assert(val != NULL);
ib_field_t *f;
ib_var_source_t *source;
ib_status_t rc;
rc = ib_field_create_no_copy(
&f,
tx->mp,
name, strlen(name),
IB_FTYPE_BYTESTR,
val
);
if (rc != IB_OK) {
ib_log_warning_tx(tx, "Failed to create \"%s\" var: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_var_source_acquire(
&source,
tx->mp,
ib_var_store_config(tx->var_store),
name, strlen(name)
);
if (rc != IB_OK) {
ib_log_warning_tx(tx, "Failed to acquire \"%s\" var: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_var_source_set(source, tx->var_store, f);
if (rc != IB_OK) {
ib_log_warning_tx(tx,
"Failed add \"%s\" var to transaction: %s",
name, ib_status_to_string(rc)
);
}
}
/**
* Create an instance of the @c ee_match_any operator.
*
* Looks up the automata name and adds the automata to the operator instance.
*
* @param[in] ctx Current context.
* @param[in] parameters Automata name.
* @param[out] instance_data Instance data.
* @param[in] cbdata Callback data.
*/
static
ib_status_t ee_match_any_operator_create(
ib_context_t *ctx,
const char *parameters,
void *instance_data,
void *cbdata
)
{
assert(ctx != NULL);
assert(parameters != NULL);
assert(instance_data != NULL);
ib_status_t rc;
ia_eudoxus_t* eudoxus;
ee_operator_data_t *operator_data;
ib_module_t *module;
ib_engine_t *ib = ib_context_get_engine(ctx);
ib_mpool_t *pool = ib_context_get_mpool(ctx);
const ee_config_t *config = ee_get_config(ib);
const ib_hash_t *eudoxus_pattern_hash;
assert(config != NULL);
assert(config->eudoxus_pattern_hash != NULL);
/* Get my module object */
rc = ib_engine_module_get(ib, MODULE_NAME_STR, &module);
if (rc != IB_OK) {
ib_log_error(ib, "Failed to get eudoxus operator module object: %s",
ib_status_to_string(rc));
return rc;
}
/* Allocate a rule data object, populate it */
operator_data = ib_mpool_alloc(pool, sizeof(*operator_data));
if (operator_data == NULL) {
return IB_EALLOC;
}
eudoxus_pattern_hash = config->eudoxus_pattern_hash;
rc = ib_hash_get(eudoxus_pattern_hash, &eudoxus, parameters);
if (rc == IB_ENOENT ) {
ib_log_error(ib,
MODULE_NAME_STR ": No eudoxus automata named %s found.",
parameters);
return rc;
}
else if (rc != IB_OK) {
ib_log_error(ib,
MODULE_NAME_STR ": Error setting up eudoxus automata operator.");
return rc;
}
operator_data->eudoxus = eudoxus;
*(ee_operator_data_t **)instance_data = operator_data;
ib_log_debug(ib, "Found compiled eudoxus pattern \"%s\"", parameters);
return IB_OK;
}
/**
* Perf Event Start Event Callback.
*
* On a connection started event we register connection
* counters for the connection.
*
* @param[in] ib IronBee object.
* @param[in] event Event type.
* @param[in] connp Connection object.
* @param[in] cbdata Callback data: actually an perf_info_t describing the
* event.
*/
static ib_status_t mod_perf_stats_reg_conn_counter(
ib_engine_t *ib,
ib_state_event_type_t event_type,
ib_conn_t *connp,
void *cbdata
)
{
IB_FTRACE_INIT();
perf_info_t *perf_info;
event_info_t *eventp = (event_info_t *)cbdata;
int cevent = eventp->number;
int rc;
int event;
perf_info = ib_mpool_alloc(connp->mp, sizeof(*perf_info) * IB_STATE_EVENT_NUM);
for (event = 0; event < IB_STATE_EVENT_NUM; ++event) {
if ((eventp->cbdata_type == IB_CBDATA_NONE) ||
(eventp->cbdata_type == IB_CBDATA_CONN_DATA_T)) {
ib_log_error(ib, "Cannot collect stats for:%d name:%s cbdata_type: %d",
eventp->number, eventp->name, eventp->cbdata_type);
}
else {
perf_info_t *perfp = &perf_info[event];
/* Does this event match conn_started_event?
* If so we should init counters for this event.
*/
if (event == cevent) {
perfp->call_cnt = 1;
perfp->start_usec = ib_clock_get_time();
}
else {
perfp->call_cnt = 0;
perfp->start_usec = 0;
}
/* Setup other defaults */
perfp->number = event;
perfp->name = ib_state_event_name((ib_state_event_type_t)event);
perfp->cbdata_type = ib_state_event_cbdata_type(event);
perfp->max_usec = 0;
perfp->total_usec = 0;
perfp->stop_usec = 0;
ib_log_debug(ib, "Perf callback registered %s (%d) (%d)",
perfp->name, perfp->number, perfp->cbdata_type);
}
}
rc = ib_hash_set(connp->data, "MOD_PERF_STATS" ,perf_info);
if (rc != IB_OK) {
ib_log_debug(ib, "Failed to store perf stats in connection data: %s", ib_status_to_string(rc));
IB_FTRACE_RET_STATUS(rc);
}
IB_FTRACE_RET_STATUS(IB_OK);
}
/**
* Called to initialize the user agent module (when the module is loaded).
*
* Registers a handler for the request_header_finished_event event.
*
* @param[in,out] ib IronBee object
* @param[in] m Module object
* @param[in] cbdata (unused)
*
* @returns Status code
*/
static ib_status_t modua_init(ib_engine_t *ib, ib_module_t *m, void *cbdata)
{
IB_FTRACE_INIT();
ib_status_t rc;
modua_match_rule_t *failed_rule;
unsigned int failed_frule_num;
/* Register the user agent callback */
rc = ib_hook_tx_register(ib, request_header_finished_event,
modua_user_agent,
NULL);
if (rc != IB_OK) {
ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc));
}
/* Register the remote address callback */
rc = ib_hook_tx_register(ib, request_header_finished_event,
modua_remoteip,
NULL);
if (rc != IB_OK) {
ib_log_error(ib, "Hook register returned %s", ib_status_to_string(rc));
}
/* Initializations */
rc = modua_ruleset_init(&failed_rule, &failed_frule_num);
if (rc != IB_OK) {
ib_log_error(ib,
"User agent rule initialization failed"
" on rule %s field rule #%d: %s",
failed_rule->label, failed_frule_num, ib_status_to_string(rc));
}
/* Get the rules */
modua_match_ruleset = modua_ruleset_get( );
if (modua_match_ruleset == NULL) {
ib_log_error(ib, "Failed to get user agent rule list: %s", ib_status_to_string(rc));
IB_FTRACE_RET_STATUS(rc);
}
ib_log_debug(ib,
"Found %d match rules",
modua_match_ruleset->num_rules);
IB_FTRACE_RET_STATUS(IB_OK);
}
static void core_gen_tx_numeric(ib_tx_t *tx,
const char *name,
ib_num_t val)
{
assert(tx != NULL);
assert(name != NULL);
ib_field_t *f;
ib_num_t num = val;
ib_status_t rc;
ib_var_source_t *source;
rc = ib_field_create(&f, tx->mp,
name, strlen(name),
IB_FTYPE_NUM,
&num);
if (rc != IB_OK) {
ib_log_warning_tx(tx, "Failed to create \"%s\" field: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_var_source_acquire(
&source,
tx->mp,
ib_var_store_config(tx->var_store),
name, strlen(name)
);
if (rc != IB_OK) {
ib_log_warning_tx(tx, "Failed to acquire \"%s\" var: %s",
name, ib_status_to_string(rc));
return;
}
rc = ib_var_source_set(source, tx->var_store, f);
if (rc != IB_OK) {
ib_log_warning_tx(tx,
"Failed add \"%s\" var to transaction: %s",
name, ib_status_to_string(rc)
);
}
}
/**
* Store a field in the agent list
*
* Creates a new field and adds it to the agent list field list.
*
* @param[in] ib IronBee object
* @param[in,out] mp Memory pool to allocate from
* @param[in] agent_list Field to add the field to
* @param[in] name Field name
* @param[in] value Field value
*
* @returns Status code
*/
static ib_status_t modua_store_field(ib_engine_t *ib,
ib_mpool_t *mp,
ib_field_t *agent_list,
const char *name,
const char *value)
{
IB_FTRACE_INIT();
ib_field_t *tmp_field = NULL;
ib_status_t rc = IB_OK;
/* No value? Do nothing */
if (value == NULL) {
ib_log_debug3(ib, "No %s field in user agent", name);
IB_FTRACE_RET_STATUS(IB_OK);
}
/* Create the field */
rc = ib_field_create(
&tmp_field,
mp,
IB_FIELD_NAME(name),
IB_FTYPE_NULSTR,
ib_ftype_nulstr_in(value)
);
if (rc != IB_OK) {
ib_log_alert(ib,
"Error creating user agent %s field: %s", name, ib_status_to_string(rc));
IB_FTRACE_RET_STATUS(rc);
}
/* Add the field to the list */
rc = ib_field_list_add(agent_list, tmp_field);
if (rc != IB_OK) {
ib_log_alert(ib,
"Error adding user agent %s field: %s", name, ib_status_to_string(rc));
IB_FTRACE_RET_STATUS(rc);
}
ib_log_debug3(ib, "Stored user agent %s '%s'", name, value);
IB_FTRACE_RET_STATUS(IB_OK);
}
/**
* Eudoxus first match callback function. Called when a match occurs.
*
* Always returns IA_EUDOXUS_CMD_STOP to stop matching (unless an
* error occurs). If capture is enabled the matched text will be stored in the
* capture variable.
*
* @param[in] engine Eudoxus engine.
* @param[in] output Output defined by automata.
* @param[in] output_length Length of output.
* @param[in] input Current location in the input (first character
* after the match).
* @param[in,out] cbdata Pointer to the ee_callback_data_t instance we are
* handling. This is needed for handling capture
* of the match.
* @return IA_EUDOXUS_CMD_ERROR on error, IA_EUDOXUS_CMD_STOP otherwise.
*/
static
ia_eudoxus_command_t ee_first_match_callback(ia_eudoxus_t* engine,
const char *output,
size_t output_length,
const uint8_t *input,
void *cbdata)
{
assert(cbdata != NULL);
assert(output != NULL);
ib_status_t rc;
uint32_t match_len;
const ee_callback_data_t *ee_cbdata = cbdata;
ib_tx_t *tx = ee_cbdata->tx;
ib_field_t *capture = ee_cbdata->capture;
ib_bytestr_t *bs;
ib_field_t *field;
const char *name;
assert(tx != NULL);
if (capture != NULL) {
if (output_length != sizeof(uint32_t)) {
return IA_EUDOXUS_CMD_ERROR;
}
match_len = *(uint32_t *)(output);
rc = ib_capture_clear(capture);
if (rc != IB_OK) {
ib_log_error_tx(tx, "Error clearing captures: %s",
ib_status_to_string(rc));
return IA_EUDOXUS_CMD_ERROR;
}
/* Create a byte-string representation */
rc = ib_bytestr_dup_mem(&bs,
tx->mp,
(input - match_len),
match_len);
if (rc != IB_OK) {
return IA_EUDOXUS_CMD_ERROR;
}
name = ib_capture_name(0);
rc = ib_field_create(&field, tx->mp, name, strlen(name),
IB_FTYPE_BYTESTR, ib_ftype_bytestr_in(bs));
if (rc != IB_OK) {
return IA_EUDOXUS_CMD_ERROR;
}
rc = ib_capture_set_item(capture, 0, tx->mp, field);
if (rc != IB_OK) {
return IA_EUDOXUS_CMD_ERROR;
}
}
return IA_EUDOXUS_CMD_STOP;
}
void RunTest(int line,
const char *s,
ib_status_t estatus)
{
ib_status_t rc;
ib_float_t result;
rc = ::ib_string_to_float(s, &result);
EXPECT_EQ(rc, estatus)
<< "Line " << line << ": Conversion of '" << s << "'"
<< " failed; rc=" << rc
<< " (" << ib_status_to_string(rc) << ")";
}
static void ironbee_plugin_mgmt_update(TSCont contp)
{
assert(contp != NULL);
TSDebug("ironbee", "Management update");
ib_status_t rc;
rc = tsib_manager_engine_create();
if (rc != IB_OK) {
TSError("[ironbee] Error creating new engine: %s",
ib_status_to_string(rc));
}
}
/**
* Get or create an ib_hash_t inside of @c tx for storing dfa rule data.
*
* The hash is stored at the key @c HASH_NAME_STR.
*
* @param[in] m PCRE module.
* @param[in] tx The transaction containing @c tx->data which holds
* the @a operator_data object.
* @param[out] hash The fetched or created rule data hash. This is set
* to NULL on failure.
*
* @return
* - IB_OK on success.
* - IB_EALLOC on allocation failure
*/
static
ib_status_t get_or_create_operator_data_hash(
const ib_module_t *m,
ib_tx_t *tx,
ib_hash_t **hash
)
{
assert(tx);
assert(tx->mp);
ib_status_t rc;
/* Get or create the hash that contains the rule data. */
rc = ib_tx_get_module_data(tx, m, hash);
if ( (rc == IB_OK) && (*hash != NULL) ) {
ib_log_debug2_tx(tx, "Found rule data hash in tx.");
return IB_OK;
}
ib_log_debug2_tx(tx, "Rule data hash did not exist in tx.");
rc = ib_hash_create(hash, tx->mp);
if (rc != IB_OK) {
ib_log_debug2_tx(tx, "Failed to create hash: %s",
ib_status_to_string(rc));
return rc;
}
rc = ib_tx_set_module_data(tx, m, *hash);
if (rc != IB_OK) {
ib_log_debug2_tx(tx, "Failed to store hash: %s",
ib_status_to_string(rc));
*hash = NULL;
}
ib_log_debug2_tx(tx, "Returning rule hash at %p.", *hash);
return rc;
}
void RunTest(int line,
const char *s,
int base,
ib_status_t estatus)
{
ib_status_t rc;
ib_num_t result;
rc = ::ib_string_to_num(s, base, &result);
EXPECT_EQ(rc, estatus)
<< "Line " << line << ": Conversion of '" << s
<< "' base10=" << base
<< " failed; rc=" << rc
<< " (" << ib_status_to_string(rc) << ")";
}
void ib_trace_status(const char *file,
int line,
const char *func,
const char *msg,
ib_status_t rc)
{
const char *sep = func?"() - ":"";
const char *sep2 = msg?" ":"";
fprintf(ib_trace_fh, "IronBee TRACE [%s:%d]: %s%s%s%s%s)\n",
file, line,
(func?func:""), sep,
(msg?msg:""), sep2,
ib_status_to_string(rc));
fflush(ib_trace_fh);
}
ib_status_t ngxib_release_engine(
ib_engine_t *engine,
ngx_log_t *log
)
{
module_data_t *mod_data = &module_data;
ib_status_t rc;
assert(mod_data->manager != NULL);
rc = ib_manager_engine_release(mod_data->manager, engine);
if (rc != IB_OK) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"Failed to release engine to manager: %s!",
ib_status_to_string(rc));
}
return rc;
}
/**
* Engine Manager Control Channel continuation.
*
* This polls and takes action on commands to IronBee.
*
* @param[in] contp Pointer to the continuation.
* @param[in] event Event from ATS. Unused.
* @param[in] edata Event data. Unused.
*
* @returns
* - 0 On success.
* - -1 On error.
*/
static int manager_ctl(TSCont contp, TSEvent event, void *edata)
{
module_data_t *mod_data = (module_data_t *)(TSContDataGet(contp));
if (ib_engine_manager_control_ready(mod_data->manager_ctl)) {
ib_status_t rc;
rc = ib_engine_manager_control_recv(mod_data->manager_ctl, false);
if (rc != IB_EAGAIN && rc != IB_OK) {
TSError("[ironbee] Error processing message: %s",
ib_status_to_string(rc));
return -1;
}
}
return 0;
}
ib_status_t ngxib_acquire_engine(
ib_engine_t **pengine,
ngx_log_t *log
)
{
module_data_t *mod_data = &module_data;
ib_status_t rc;
/* No manager? Decline the request */
if (mod_data->manager == NULL) {
ngx_log_error(NGX_LOG_ERR, log, 0, "acquire_engine: No manager!");
return IB_DECLINED;
}
rc = ib_manager_engine_acquire(mod_data->manager, pengine);
if (rc != IB_OK) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"Failed to acquire engine from manager: %s!",
ib_status_to_string(rc));
}
return rc;
}
void RunTest(int line,
const char *s,
ib_float_t expected)
{
ib_status_t rc;
ib_float_t result;
rc = ::ib_string_to_float(s, &result);
if (result != IB_OK) {
EXPECT_EQ(rc, IB_OK)
<< "Line " << line << ": "
<< "Conversion of '" << s << "' failed; rc=" << rc
<< " (" << ib_status_to_string(rc) << ")";
}
else {
ib_num_t range = (ib_num_t)fabs(expected * 0.001);
bool iseq = ( (result >= expected - range) &&
(result <= expected + range) );
EXPECT_TRUE(iseq)
<< "Line " << line << ": "
<< "Conversion of '" << s
<< "' expected value=" << expected << " result="<< result;
}
}
/**
* Set the matches into the given field name as .0, .1, .2 ... .9.
*
* @param[in] ib The IronBee engine to log to.
* @param[in] tx The transaction to store the values into (tx->dpi).
* @param[in] field_name The field to populate with Regex matches.
* @param[in] ovector The vector of integer pairs of matches from PCRE.
* @param[in] matches The number of matches.
* @param[in] subject The matched-against string data.
*
* @returns IB_OK or IB_EALLOC.
*/
static ib_status_t pcre_set_matches(ib_engine_t *ib,
ib_tx_t *tx,
int *ovector,
int matches,
const char *subject)
{
IB_FTRACE_INIT();
/* IronBee status. */
ib_status_t rc;
/* Iterator. */
int i;
rc = ib_data_capture_clear(tx);
if (rc != IB_OK) {
ib_log_error_tx(tx, "Error clearing captures: %s",
ib_status_to_string(rc));
}
/* We have a match! Now populate TX:0-9 in tx->dpi. */
ib_log_debug2_tx(tx, "REGEX populating %d matches", matches);
for (i=0; i<matches; i++)
{
/* The length of the match. */
size_t match_len;
/* The first character in the match. */
const char *match_start;
/* Field name */
const char *name;
/* Holder for a copy of the field value when creating a new field. */
ib_bytestr_t *bs;
/* Field holder. */
ib_field_t *field;
/* Readability. Mark the start and length of the string. */
match_start = subject+ovector[i*2];
match_len = ovector[i*2+1] - ovector[i*2];
/* If debugging this, copy the string value out and print it to the
* log. This could be dangerous as there could be non-character
* values in the match. */
ib_log_debug2_tx(tx, "REGEX Setting #%d=%.*s",
i, (int)match_len, match_start);
/* Create a byte-string representation */
rc = ib_bytestr_dup_mem(&bs,
tx->mp,
(const uint8_t*)match_start,
match_len);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
/* Create a field to hold the byte-string */
name = ib_data_capture_name(i);
rc = ib_field_create(&field, tx->mp, name, strlen(name),
IB_FTYPE_BYTESTR, ib_ftype_bytestr_in(bs));
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
/* Add it to the capture collection */
rc = ib_data_capture_set_item(tx, i, field);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
}
IB_FTRACE_RET_STATUS(IB_OK);
}
