Simplifies the multi thread sample

Now using multi process not multi threads. To be renamed.
2025-08-15 23:55:03 +03:00 · 2016-07-07 09:29:14 -03:00 · 2016-07-07 09:29:14 -03:00 · cd5a116ca6
commit cd5a116ca6
parent 5daf4873b5
2 changed files with 48 additions and 275 deletions
--- a/examples/multithread_c/basic_rules.conf
+++ b/examples/multithread_c/basic_rules.conf
@ -1,234 +1,14 @@
 # -- Rule engine initialization ----------------------------------------------
 # Enable ModSecurity, attaching it to every transaction. Use detection
 # only to start with, because that minimises the chances of post-installation
 # disruption.
 #
 SecRuleEngine DetectionOnly
 # -- Request body handling ---------------------------------------------------
 # Allow ModSecurity to access request bodies. If you don't, ModSecurity
 # won't be able to see any POST parameters, which opens a large security
 # hole for attackers to exploit.
 #
 SecRequestBodyAccess On
 # Enable XML request body parser.
 # Initiate XML Processor in case of xml content-type
 #
 SecRule REQUEST_HEADERS:Content-Type "text/xml" \
     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
 # Enable JSON request body parser.
 # Initiate JSON Processor in case of JSON content-type; change accordingly
 # if your application does not use 'application/json'
 #
 SecRule REQUEST_HEADERS:Content-Type "application/json" \
     "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
 # Maximum request body size we will accept for buffering. If you support
 # file uploads then the value given on the first line has to be as large
 # as the largest file you are willing to accept. The second value refers
 # to the size of data, with files excluded. You want to keep that value as
 # low as practical.
 #
 SecRequestBodyLimit 13107200
 SecRequestBodyNoFilesLimit 131072
 # Store up to 128 KB of request body data in memory. When the multipart
 # parser reachers this limit, it will start using your hard disk for
 # storage. That is slow, but unavoidable.
 #
 SecRequestBodyInMemoryLimit 131072
 # What do do if the request body size is above our configured limit.
 # Keep in mind that this setting will automatically be set to ProcessPartial
 # when SecRuleEngine is set to DetectionOnly mode in order to minimize
 # disruptions when initially deploying ModSecurity.
 #
 SecRequestBodyLimitAction Reject
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)
 # or log a high-severity alert (when deployed in detection-only mode).
 #
 SecRule REQBODY_ERROR "!@eq 0" \
 "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
 # By default be strict with what we accept in the multipart/form-data
 # request body. If the rule below proves to be too strict for your
 # environment consider changing it to detection-only. You are encouraged
 # _not_ to remove it altogether.
 #
 SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
 "id:'200003',phase:2,t:none,log,deny,status:400, \
 msg:'Multipart request body failed strict validation: \
 PE %{REQBODY_PROCESSOR_ERROR}, \
 BQ %{MULTIPART_BOUNDARY_QUOTED}, \
 BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
 DB %{MULTIPART_DATA_BEFORE}, \
 DA %{MULTIPART_DATA_AFTER}, \
 HF %{MULTIPART_HEADER_FOLDING}, \
 LF %{MULTIPART_LF_LINE}, \
 SM %{MULTIPART_MISSING_SEMICOLON}, \
 IQ %{MULTIPART_INVALID_QUOTING}, \
 IP %{MULTIPART_INVALID_PART}, \
 IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
 FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
 # Did we see anything that might be a boundary?
 #
 SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
 "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
 # PCRE Tuning
 # We want to avoid a potential RegEx DoS condition
 #
 SecPcreMatchLimit 1000
 SecPcreMatchLimitRecursion 1000
 # Some internal errors will set flags in TX and we will need to look for these.
 # All of these are prefixed with "MSC_".  The following flags currently exist:
 #
 # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
 #
 SecRule TX:/^MSC_/ "!@streq 0" \
        "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
 # -- Response body handling --------------------------------------------------
 # Allow ModSecurity to access response bodies. 
 # You should have this directive enabled in order to identify errors
 # and data leakage issues.
 # 
 # Do keep in mind that enabling this directive does increases both
 # memory consumption and response latency.
 #
 SecResponseBodyAccess On
 # Which response MIME types do you want to inspect? You should adjust the
 # configuration below to catch documents but avoid static files
 # (e.g., images and archives).
 #
 SecResponseBodyMimeType text/plain text/html text/xml
 # Buffer response bodies of up to 512 KB in length.
 SecResponseBodyLimit 524288
 # What happens when we encounter a response body larger than the configured
 # limit? By default, we process what we have and let the rest through.
 # That's somewhat less secure, but does not break any legitimate pages.
 #
 SecResponseBodyLimitAction ProcessPartial
 # -- Filesystem configuration ------------------------------------------------
 # The location where ModSecurity stores temporary files (for example, when
 # it needs to handle a file upload that is larger than the configured limit).
 # 
 # This default setting is chosen due to all systems have /tmp available however, 
 # this is less than ideal. It is recommended that you specify a location that's private.
 #
 SecTmpDir /tmp/
 # The location where ModSecurity will keep its persistent data.  This default setting 
 # is chosen due to all systems have /tmp available however, it
 # too should be updated to a place that other users can't access.
 #
 SecDataDir /tmp/
 # -- File uploads handling configuration -------------------------------------
 # The location where ModSecurity stores intercepted uploaded files. This
 # location must be private to ModSecurity. You don't want other users on
 # the server to access the files, do you?
 #
 #SecUploadDir /opt/modsecurity/var/upload/
 # By default, only keep the files that were determined to be unusual
 # in some way (by an external inspection script). For this to work you
 # will also need at least one file inspection rule.
 #
 #SecUploadKeepFiles RelevantOnly
 # Uploaded files are by default created with permissions that do not allow
 # any other user to access them. You may need to relax that if you want to
 # interface ModSecurity to an external program (e.g., an anti-virus).
 #
 #SecUploadFileMode 0600
 # -- Debug log configuration -------------------------------------------------
 # The default debug log configuration is to duplicate the error, warning
 # and notice messages from the error log.
 #
 #SecDebugLog /opt/modsecurity/var/log/debug.log
 #SecDebugLogLevel 3
 # -- Audit log configuration -------------------------------------------------
 # Log the transactions that are marked by a rule, as well as those that
 # trigger a server error (determined by a 5xx or 4xx, excluding 404,  
 # level response status codes).
 #
 SecAuditEngine RelevantOnly
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 # Log everything we know about a transaction.
 SecAuditLogParts ABIJDEFHZ
 # Use a single file for logging. This is much easier to look at, but
 # assumes that you will use the audit log only ocassionally.
 #
 SecAuditLogType Serial
 SecAuditLog /var/log/modsec_audit.log
 # Specify the path for concurrent audit logging.
 #SecAuditLogStorageDir /opt/modsecurity/var/audit/
 # -- Miscellaneous -----------------------------------------------------------
 # Use the most commonly used application/x-www-form-urlencoded parameter
 # separator. There's probably only one application somewhere that uses
 # something else so don't expect to change this value.
 #
 SecArgumentSeparator &
 # Settle on version 0 (zero) cookies, as that is what most applications
 # use. Using an incorrect cookie version may open your installation to
 # evasion attacks (against the rules that examine named cookies).
 #
 SecCookieFormat 0
 # Specify your Unicode Code Point.
 # This mapping is used by the t:urlDecodeUni transformation function
 # to properly map encoded data to your language. Properly setting
 # these directives helps to reduce false positives and negatives.
 #
 SecUnicodeMapFile unicode.mapping 20127
 # Improve the quality of ModSecurity by sharing information about your
 # current ModSecurity version and dependencies versions.
 # The following information will be shared: ModSecurity version,
 # Web Server version, APR version, PCRE version, Lua version, Libxml2
 # version, Anonymous unique id for host.
 SecStatusEngine On
 SecDebugLog /dev/stdout
 SecDebugLogLevel 9
 SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "id:'900018',phase:1,t:none,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var},nolog,pass"
 SecRule &TX:REAL_IP "@eq 0" "id:'900021',phase:1,t:none,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash},setvar:tx.real_ip=%{remote_addr},nolog,pass"
 SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "id:'900019',phase:2,t:none,setvar:ip.auth_attempt=+1,nolog,pass"
 SecRule REQUEST_HEADERS:User-Agent ".*" "id:1,phase:1,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{MATCHED_VAR}"
 SecAction "phase:2,initcol:ip=%{REMOTE_ADDR}_%{tx.ua_hash}"
 SecRule REQUEST_HEADERS:User-Agent ".*" "id:2,phase:2,setvar:ip.auth_attempt=+1"
 SecRule ARGS:foo "herewego" "id:3,phase:2,setvar:ip.foo=bar"
 SecRule IP "bar" "id:4,phase:2"
 SecRule IP:auth_attempt "bar" "id:5,phase:2"
--- a/examples/multithread_c/multi.c
+++ b/examples/multithread_c/multi.c
@ -15,45 +15,48 @@
 #include <modsecurity/modsecurity.h>
 #include <modsecurity/transaction.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <pthread.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/ipc.h>
 #include <sys/shm.h>
 #include <sys/wait.h>
-#define SHM_SIZE 1024
+
-#define FORKS 10
+#define FORKS 5
-#define TRHREADS 10
+#define REQUESTS_PER_PROCESS 100
 char main_rule_uri[] = "basic_rules.conf";
 Rules *rules = NULL;
 ModSecurity *modsec = NULL;
 key_t key;
 void process_special_request (int j) {
    Transaction *transaction = NULL;
    transaction = msc_new_transaction(modsec, rules, NULL);
-void process_request (void *ptr)
+    msc_process_connection(transaction, "127.0.0.1", 12345, "127.0.0.1", 80);
-{
+    msc_process_uri(transaction,
-    int i;
+        "http://www.modsecurity.org/test?foo=herewego",
-    for (i = 0; i < TRHREADS; i++) {
+        "GET", "1.1");
    msc_add_request_header(transaction, "User-Agent",
        "Basic ModSecurity example");
    msc_process_request_headers(transaction);
    msc_process_request_body(transaction);
    msc_add_response_header(transaction, "Content-type", "text/html");
    msc_process_response_headers(transaction, 200, "HTTP 1.0");
    msc_process_response_body(transaction);
    msc_process_logging(transaction);
    msc_transaction_cleanup(transaction);
 }
 void process_request (int j) {
    for (int i = 0; i < REQUESTS_PER_PROCESS; i++) {
        if (i == 1 && j == 1) {
            process_special_request(j);
            continue;
        }
        struct timeval tv;
        int shmid = shmget(key, SHM_SIZE, 0644 | IPC_CREAT);
        char *data;
        int *j;
        data = shmat(shmid, (void *)0, 0);
        j = (int *)data;
        (*j)++;
        Transaction *transaction = NULL;
        transaction = msc_new_transaction(modsec, rules, NULL);
@ -70,8 +73,9 @@ void process_request (void *ptr)
        msc_process_response_body(transaction);
        msc_process_logging(transaction);
        msc_transaction_cleanup(transaction);
-        tv.tv_sec = 0;
+
-        tv.tv_usec = 1000;
+        tv.tv_sec = 1;
        tv.tv_usec = 500;
        select(0, NULL, NULL, NULL, &tv);
    }
 }
@ -81,22 +85,12 @@ int main (int argc, char **argv)
 {
    int ret = 1;
    const char *error = NULL;
    pthread_t thread[TRHREADS*FORKS];
    int i = 0;
    pid_t pid;
-    int shmid;
+    int f;
-    int h;
+
    modsec = msc_init();
    key = ftok("shmdemo.c", 'R');
    shmid = shmget(key, SHM_SIZE, 0644 | IPC_CREAT);
    char *data = shmat(shmid, (void *)0, 0);
    memset(data, '\0', SHM_SIZE);
    int *z = (int *) data;
    z = 0;
    msc_set_connector_info(modsec, "ModSecurity-test v0.0.1-alpha (Simple " \
        "example on how to use ModSecurity API");
@ -111,22 +105,21 @@ int main (int argc, char **argv)
    msc_rules_dump(rules);
-    for (h = 0; h < FORKS; h++) {
+    for (f = 0; f < FORKS; f++) {
        pid = fork();
        if (pid == 0) {
-            pthread_create (&thread[h*TRHREADS], NULL, (void *) &process_request, (void *) NULL);
+            process_request(f);
            pthread_join(thread[h*TRHREADS], NULL);
            goto child;
        }
        struct timeval tv;
        tv.tv_sec = 0;
        tv.tv_usec = 500;
        select(0, NULL, NULL, NULL, &tv);
    }
    wait(NULL);
    int *j;
    data = shmat(shmid, (void *)0, 0);
    j = (int *) data;
    fprintf(stderr, "The final count is: %d\n", *j);
 child:
    if (pid == 0) {