SafeLine icon indicating copy to clipboard operation
SafeLine copied to clipboard

Published 20 hours ago verified publisher icon chaitin

[Bug] POST `/api/open/policy` Fails with `internal-error` Due to FSL Compilation Failure in `safeline-mgt`

Open LaiLaK918 opened this issue 5 months ago • 3 comments
trafficstars

What happened?

When sending a POST request to https://localhost:9443/api/open/policy to create a new policy, the API returns an internal-error response with the message "compiling failed: compiling FSL failed". The GET request to the same endpoint succeeds, indicating the API is accessible, but the POST operation fails. The error is logged in the safeline-mgt container, pointing to an issue with FSL (Filter Specification Language) compilation in the fvm service.

How we reproduce?

  1. Set up the environment using the provided docker-compose.yml and .env files:
    • .env: 
      SAFELINE_DIR=./data/safeline
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=xxx
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
ARCH_SUFFIX=
RELEASE=
REGION=-g
    • Relevant docker-compose.yml services: safeline-mgt, safeline-fvm, safeline-pg (full configuration provided in the original context).
  2. Start the services: 
    docker-compose up -d
  3. Verify the safeline-mgt service is running by sending a GET request: 
    curl -k https://localhost:9443/api/open/policy -H "X-SLCE-API-TOKEN: Your API Token"
    This should return a successful response.
  4. Send a POST request to create a policy: 
    curl -k -X POST https://localhost:9443/api/open/policy \
-H "Content-Type: application/json" \
-H "X-SLCE-API-TOKEN: Your API Token" \
-d '{
    "name": "IPBlock",
    "is_enabled": true,
    "pattern": [
        [
            {
                "k": "src_ip",
                "op": "in",
                "v": [
                    "172.19.0.1"
                ],
                "sub_k": ""
            }
        ]
    ],
    "action": 1,
    "expire": 174854302,
    "log": true,
    "level": 0
}'
  5. Observe the response and check the safeline-mgt container logs: 
    docker logs safeline-mgt

Expected behavior

The POST request to /api/open/policy should successfully create the policy and return a success response (e.g., HTTP 200 or 201 with a confirmation message, such as {"data": {...}, "msg": "success"}).

Error log

The safeline-mgt container logs show the following errors:

safeline-mgt  | 2025/05/29 10:42:18 [ERROR] fvm fvm/grpc_helper.go:76 FVM AppendFSL Close Error rpc error: code = Unknown desc = compiling failed: compiling FSL failed
safeline-mgt  | 2025/05/29 10:42:18 [ERROR] fvm fvm/grpc_helper.go:80 FVM AppendFSL Close Error rpc error: code = Unknown desc = compiling failed: compiling FSL failed
safeline-mgt  | 2025/05/29 10:42:18 [ERROR] fvm fvm/policy_rule.go:66 compile and push fsl error: rpc error: code = Unknown desc = compiling failed: compiling FSL failed
safeline-mgt  | 2025/05/29 10:42:18 [ERROR] api.policy [email protected]/context.go:185 create policy error: rules compile error, please check your params

The 'safeline-fvm' container logs show the following errors:

safeline-fvm  | time="2025-05-29T10:42:18Z" level=error msg="AppendFSL: compiling failed: compiling FSL failed"

API response:

{
    "data": {},
    "msg": "internal-error"
}

LaiLaK918 avatar May 29 '25 10:05 LaiLaK918