Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a833cd90b202557cbf6c863687732f3a6ae9da17 / . / contrib / mod_defender / spoa.c
blob: c4e15bb4431b896f6649d8156d8f3c19f09e1a53 [file] [log] [blame]
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]1/*
2 * Mod Defender for HAProxy
3 *
4 * Copyright 2017 HAProxy Technologies, Dragan Dosen <ddosen@haproxy.com>
5 *
6 * Based on "A Random IP reputation service acting as a Stream Processing Offload Agent"
7 * Copyright 2016 HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 3 of the License, or (at your option) any later version.
13 *
14 */
15#include <unistd.h>
16#include <stdlib.h>
17#include <string.h>
18#include <stdbool.h>
19#include <errno.h>
20#include <stdio.h>
21#include <signal.h>
22#include <netinet/in.h>
23#include <sys/socket.h>
24#include <err.h>
25#include <ctype.h>
26
27#include <pthread.h>
28
29#include <event2/util.h>
30#include <event2/event.h>
31#include <event2/event_struct.h>
32#include <event2/thread.h>
33
34#include <common/mini-clist.h>
35#include <common/chunk.h>
36
37#include <proto/spoe.h>
38
39#include "spoa.h"
40#include "defender.h"
41
42#define DEFAULT_PORT 12345
43#define CONNECTION_BACKLOG 10
44#define NUM_WORKERS 10
45#define MAX_FRAME_SIZE 16384
46#define SPOP_VERSION "1.0"
47
48#define SLEN(str) (sizeof(str)-1)
49
50#define DEBUG(x...) \
51 do { \
52 if (debug) \
53 LOG(x); \
54 } while (0)
55
56
57enum spoa_state {
58 SPOA_ST_CONNECTING = 0,
59 SPOA_ST_PROCESSING,
60 SPOA_ST_DISCONNECTING,
61};
62
63enum spoa_frame_type {
64 SPOA_FRM_T_UNKNOWN = 0,
65 SPOA_FRM_T_HAPROXY,
66 SPOA_FRM_T_AGENT,
67};
68
69struct spoe_engine {
70 char *id;
71
72 struct list processing_frames;
73 struct list outgoing_frames;
74
75 struct list clients;
76 struct list list;
77};
78
79struct spoe_frame {
80 enum spoa_frame_type type;
81 char *buf;
82 unsigned int offset;
83 unsigned int len;
84
85 unsigned int stream_id;
86 unsigned int frame_id;
87 unsigned int flags;
88 bool hcheck; /* true is the CONNECT frame is a healthcheck */
89 bool fragmented; /* true if the frame is fragmented */
90 int defender_status; /* mod_defender returned status */
91
92 struct event process_frame_event;
93 struct worker *worker;
94 struct spoe_engine *engine;
95 struct client *client;
96 struct list list;
97
98 char *frag_buf; /* used to accumulate payload of a fragmented frame */
99 unsigned int frag_len;
100
101 char data[0];
102};
103
104struct client {
105 int fd;
106 unsigned long id;
107 enum spoa_state state;
108
109 struct event read_frame_event;
110 struct event write_frame_event;
111
112 struct spoe_frame *incoming_frame;
113 struct spoe_frame *outgoing_frame;
114
115 struct list processing_frames;
116 struct list outgoing_frames;
117
118 unsigned int max_frame_size;
119 int status_code;
120
121 char *engine_id;
122 struct spoe_engine *engine;
123 bool pipelining;
124 bool async;
125 bool fragmentation;
126
127 struct worker *worker;
128 struct list by_worker;
129 struct list by_engine;
130};
131
132/* Globals */
133static struct worker *workers = NULL;
134struct worker null_worker = { .id = 0 };
135static unsigned long clicount = 0;
136static int server_port = DEFAULT_PORT;
137static int num_workers = NUM_WORKERS;
138static unsigned int max_frame_size = MAX_FRAME_SIZE;
139struct timeval processing_delay = {0, 0};
140static bool debug = false;
141static bool pipelining = false;
142static bool async = false;
143static bool fragmentation = false;
144
145
146static const char *spoe_frm_err_reasons[SPOE_FRM_ERRS] = {
147 [SPOE_FRM_ERR_NONE] = "normal",
148 [SPOE_FRM_ERR_IO] = "I/O error",
149 [SPOE_FRM_ERR_TOUT] = "a timeout occurred",
150 [SPOE_FRM_ERR_TOO_BIG] = "frame is too big",
151 [SPOE_FRM_ERR_INVALID] = "invalid frame received",
152 [SPOE_FRM_ERR_NO_VSN] = "version value not found",
153 [SPOE_FRM_ERR_NO_FRAME_SIZE] = "max-frame-size value not found",
154 [SPOE_FRM_ERR_NO_CAP] = "capabilities value not found",
155 [SPOE_FRM_ERR_BAD_VSN] = "unsupported version",
156 [SPOE_FRM_ERR_BAD_FRAME_SIZE] = "max-frame-size too big or too small",
157 [SPOE_FRM_ERR_FRAG_NOT_SUPPORTED] = "fragmentation not supported",
158 [SPOE_FRM_ERR_INTERLACED_FRAMES] = "invalid interlaced frames",
159 [SPOE_FRM_ERR_FRAMEID_NOTFOUND] = "frame-id not found",
160 [SPOE_FRM_ERR_RES] = "resource allocation error",
161 [SPOE_FRM_ERR_UNKNOWN] = "an unknown error occurred",
162};
163
164static void signal_cb(evutil_socket_t, short, void *);
165static void accept_cb(evutil_socket_t, short, void *);
166static void worker_monitor_cb(evutil_socket_t, short, void *);
167static void process_frame_cb(evutil_socket_t, short, void *);
168static void read_frame_cb(evutil_socket_t, short, void *);
169static void write_frame_cb(evutil_socket_t, short, void *);
170
171static void use_spoe_engine(struct client *);
172static void unuse_spoe_engine(struct client *);
173static void release_frame(struct spoe_frame *);
174static void release_client(struct client *);
175
176/* Check the protocol version. It returns -1 if an error occurred, the number of
177 * read bytes otherwise. */
178static int
179check_proto_version(struct spoe_frame *frame, char **buf, char *end)
180{
181 char *str, *p = *buf;
182 uint64_t sz;
183 int ret;
184
185 /* Get the list of all supported versions by HAProxy */
186 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
187 return -1;
188 ret = spoe_decode_buffer(&p, end, &str, &sz);
189 if (ret == -1 || !str)
190 return -1;
191
192 DEBUG(frame->worker, "<%lu> Supported versions : %.*s",
193 frame->client->id, (int)sz, str);
194
195 /* TODO: Find the right verion in supported ones */
196
197 ret = (p - *buf);
198 *buf = p;
199 return ret;
200}
201
202/* Check max frame size value. It returns -1 if an error occurred, the number of
203 * read bytes otherwise. */
204static int
205check_max_frame_size(struct spoe_frame *frame, char **buf, char *end)
206{
207 char *p = *buf;
208 uint64_t sz;
209 int type, ret;
210
211 /* Get the max-frame-size value of HAProxy */
212 type = *p++;
213 if ((type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT32 &&
214 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT64 &&
215 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT32 &&
216 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT64)
217 return -1;
218 if (decode_varint(&p, end, &sz) == -1)
219 return -1;
220
221 /* Keep the lower value */
222 if (sz < frame->client->max_frame_size)
223 frame->client->max_frame_size = sz;
224
225 DEBUG(frame->worker, "<%lu> HAProxy maximum frame size : %u",
226 frame->client->id, (unsigned int)sz);
227
228 ret = (p - *buf);
229 *buf = p;
230 return ret;
231}
232
233/* Check healthcheck value. It returns -1 if an error occurred, the number of
234 * read bytes otherwise. */
235static int
236check_healthcheck(struct spoe_frame *frame, char **buf, char *end)
237{
238 char *p = *buf;
239 int type, ret;
240
241 /* Get the "healthcheck" value */
242 type = *p++;
243 if ((type & SPOE_DATA_T_MASK) != SPOE_DATA_T_BOOL)
244 return -1;
245 frame->hcheck = ((type & SPOE_DATA_FL_TRUE) == SPOE_DATA_FL_TRUE);
246
247 DEBUG(frame->worker, "<%lu> HELLO healthcheck : %s",
248 frame->client->id, (frame->hcheck ? "true" : "false"));
249
250 ret = (p - *buf);
251 *buf = p;
252 return ret;
253}
254
255/* Check capabilities value. It returns -1 if an error occurred, the number of
256 * read bytes otherwise. */
257static int
258check_capabilities(struct spoe_frame *frame, char **buf, char *end)
259{
260 struct client *client = frame->client;
261 char *str, *p = *buf;
262 uint64_t sz;
263 int ret;
264
265 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
266 return -1;
267 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
268 return -1;
269 if (str == NULL) /* this is not an error */
270 goto end;
271
272 DEBUG(frame->worker, "<%lu> HAProxy capabilities : %.*s",
273 client->id, (int)sz, str);
274
275 while (sz) {
276 char *delim;
277
278 /* Skip leading spaces */
279 for (; isspace(*str) && sz; sz--);
280
281 if (sz >= 10 && !strncmp(str, "pipelining", 10)) {
282 str += 10; sz -= 10;
283 if (!sz || isspace(*str) || *str == ',') {
284 DEBUG(frame->worker,
285 "<%lu> HAProxy supports frame pipelining",
286 client->id);
287 client->pipelining = true;
288 }
289 }
290 else if (sz >= 5 && !strncmp(str, "async", 5)) {
291 str += 5; sz -= 5;
292 if (!sz || isspace(*str) || *str == ',') {
293 DEBUG(frame->worker,
294 "<%lu> HAProxy supports asynchronous frame",
295 client->id);
296 client->async = true;
297 }
298 }
299 else if (sz >= 13 && !strncmp(str, "fragmentation", 13)) {
300 str += 13; sz -= 13;
301 if (!sz || isspace(*str) || *str == ',') {
302 DEBUG(frame->worker,
303 "<%lu> HAProxy supports fragmented frame",
304 client->id);
305 client->fragmentation = true;
306 }
307 }
308
309 if (!sz || (delim = memchr(str, ',', sz)) == NULL)
310 break;
311 delim++;
312 sz -= (delim - str);
313 str = delim;
314 }
315 end:
316 ret = (p - *buf);
317 *buf = p;
318 return ret;
319}
320
321/* Check engine-id value. It returns -1 if an error occurred, the number of
322 * read bytes otherwise. */
323static int
324check_engine_id(struct spoe_frame *frame, char **buf, char *end)
325{
326 struct client *client = frame->client;
327 char *str, *p = *buf;
328 uint64_t sz;
329 int ret;
330
331 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
332 return -1;
333
334 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
335 return -1;
336 if (str == NULL) /* this is not an error */
337 goto end;
338
339 if (client->engine != NULL)
340 goto end;
341
342 DEBUG(frame->worker, "<%lu> HAProxy engine id : %.*s",
343 client->id, (int)sz, str);
344
345 client->engine_id = strndup(str, (int)sz);
346 end:
347 ret = (p - *buf);
348 *buf = p;
349 return ret;
350}
351
352static int
353acc_payload(struct spoe_frame *frame)
354{
355 struct client *client = frame->client;
356 char *buf;
357 size_t len = frame->len - frame->offset;
358 int ret = frame->offset;
359
360 /* No need to accumulation payload */
361 if (frame->fragmented == false)
362 return ret;
363
364 buf = realloc(frame->frag_buf, frame->frag_len + len);
365 if (buf == NULL) {
366 client->status_code = SPOE_FRM_ERR_RES;
367 return -1;
368 }
369 memcpy(buf + frame->frag_len, frame->buf + frame->offset, len);
370 frame->frag_buf = buf;
371 frame->frag_len += len;
372
373 if (!(frame->flags & SPOE_FRM_FL_FIN)) {
374 /* Wait for next parts */
375 frame->buf = (char *)(frame->data);
376 frame->offset = 0;
377 frame->len = 0;
378 frame->flags = 0;
379 return 1;
380 }
381
382 frame->buf = frame->frag_buf;
383 frame->len = frame->frag_len;
384 frame->offset = 0;
385 return ret;
386}
387
388/* Check disconnect status code. It returns -1 if an error occurred, the number
389 * of read bytes otherwise. */
390static int
391check_discon_status_code(struct spoe_frame *frame, char **buf, char *end)
392{
393 char *p = *buf;
394 uint64_t sz;
395 int type, ret;
396
397 /* Get the "status-code" value */
398 type = *p++;
399 if ((type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT32 &&
400 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT64 &&
401 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT32 &&
402 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT64)
403 return -1;
404 if (decode_varint(&p, end, &sz) == -1)
405 return -1;
406
407 frame->client->status_code = (unsigned int)sz;
408
409 DEBUG(frame->worker, "<%lu> Disconnect status code : %u",
410 frame->client->id, frame->client->status_code);
411
412 ret = (p - *buf);
413 *buf = p;
414 return ret;
415}
416
417/* Check the disconnect message. It returns -1 if an error occurred, the number
418 * of read bytes otherwise. */
419static int
420check_discon_message(struct spoe_frame *frame, char **buf, char *end)
421{
422 char *str, *p = *buf;
423 uint64_t sz;
424 int ret;
425
426 /* Get the "message" value */
427 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
428 return -1;
429 ret = spoe_decode_buffer(&p, end, &str, &sz);
430 if (ret == -1 || !str)
431 return -1;
432
433 DEBUG(frame->worker, "<%lu> Disconnect message : %.*s",
434 frame->client->id, (int)sz, str);
435
436 ret = (p - *buf);
437 *buf = p;
438 return ret;
439}
440
441
442
443/* Decode a HELLO frame received from HAProxy. It returns -1 if an error
444 * occurred, otherwise the number of read bytes. HELLO frame cannot be
445 * ignored and having another frame than a HELLO frame is an error. */
446static int
447handle_hahello(struct spoe_frame *frame)
448{
449 struct client *client = frame->client;
450 char *p, *end;
451
452 p = frame->buf;
453 end = frame->buf + frame->len;
454
455 /* Check frame type: we really want a HELLO frame */
456 if (*p++ != SPOE_FRM_T_HAPROXY_HELLO)
457 goto error;
458
459 DEBUG(frame->worker, "<%lu> Decode HAProxy HELLO frame", client->id);
460
461 /* Retrieve flags */
462 memcpy((char *)&(frame->flags), p, 4);
463 p += 4;
464
465 /* Fragmentation is not supported for HELLO frame */
466 if (!(frame->flags & SPOE_FRM_FL_FIN)) {
467 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
468 goto error;
469 }
470
471 /* stream-id and frame-id must be cleared */
472 if (*p != 0 || *(p+1) != 0) {
473 client->status_code = SPOE_FRM_ERR_INVALID;
474 goto error;
475 }
476 p += 2;
477
478 /* Loop on K/V items */
479 while (p < end) {
480 char *str;
481 uint64_t sz;
482
483 /* Decode the item name */
484 spoe_decode_buffer(&p, end, &str, &sz);
485 if (!str) {
486 client->status_code = SPOE_FRM_ERR_INVALID;
487 goto error;
488 }
489
490 /* Check "supported-versions" K/V item */
491 if (!memcmp(str, "supported-versions", sz)) {
492 if (check_proto_version(frame, &p, end) == -1) {
493 client->status_code = SPOE_FRM_ERR_INVALID;
494 goto error;
495 }
496 }
497 /* Check "max-frame-size" K/V item */
498 else if (!memcmp(str, "max-frame-size", sz)) {
499 if (check_max_frame_size(frame, &p, end) == -1) {
500 client->status_code = SPOE_FRM_ERR_INVALID;
501 goto error;
502 }
503 }
504 /* Check "healthcheck" K/V item */
505 else if (!memcmp(str, "healthcheck", sz)) {
506 if (check_healthcheck(frame, &p, end) == -1) {
507 client->status_code = SPOE_FRM_ERR_INVALID;
508 goto error;
509 }
510 }
511 /* Check "capabilities" K/V item */
512 else if (!memcmp(str, "capabilities", sz)) {
513 if (check_capabilities(frame, &p, end) == -1) {
514 client->status_code = SPOE_FRM_ERR_INVALID;
515 goto error;
516 }
517 }
518 /* Check "engine-id" K/V item */
519 else if (!memcmp(str, "engine-id", sz)) {
520 if (check_engine_id(frame, &p, end) == -1) {
521 client->status_code = SPOE_FRM_ERR_INVALID;
522 goto error;
523 }
524 }
525 else {
526 DEBUG(frame->worker, "<%lu> Skip K/V item : key=%.*s",
527 client->id, (int)sz, str);
528
529 /* Silently ignore unknown item */
530 if (spoe_skip_data(&p, end) == -1) {
531 client->status_code = SPOE_FRM_ERR_INVALID;
532 goto error;
533 }
534 }
535 }
536
537 if (async == false || client->engine_id == NULL)
538 client->async = false;
539 if (pipelining == false)
540 client->pipelining = false;
541
542 if (client->async == true)
543 use_spoe_engine(client);
544
545 return (p - frame->buf);
546 error:
547 return -1;
548}
549
550/* Decode a DISCONNECT frame received from HAProxy. It returns -1 if an error
551 * occurred, otherwise the number of read bytes. DISCONNECT frame cannot be
552 * ignored and having another frame than a DISCONNECT frame is an error.*/
553static int
554handle_hadiscon(struct spoe_frame *frame)
555{
556 struct client *client = frame->client;
557 char *p, *end;
558
559 p = frame->buf;
560 end = frame->buf + frame->len;
561
562 /* Check frame type: we really want a DISCONNECT frame */
563 if (*p++ != SPOE_FRM_T_HAPROXY_DISCON)
564 goto error;
565
566 DEBUG(frame->worker, "<%lu> Decode HAProxy DISCONNECT frame", client->id);
567
568 /* Retrieve flags */
569 memcpy((char *)&(frame->flags), p, 4);
570 p += 4;
571
572 /* Fragmentation is not supported for DISCONNECT frame */
573 if (!(frame->flags & SPOE_FRM_FL_FIN)) {
574 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
575 goto error;
576 }
577
578 /* stream-id and frame-id must be cleared */
579 if (*p != 0 || *(p+1) != 0) {
580 client->status_code = SPOE_FRM_ERR_INVALID;
581 goto error;
582 }
583 p += 2;
584
585 client->status_code = SPOE_FRM_ERR_NONE;
586
587 /* Loop on K/V items */
588 while (p < end) {
589 char *str;
590 uint64_t sz;
591
592 /* Decode item key */
593 spoe_decode_buffer(&p, end, &str, &sz);
594 if (!str) {
595 client->status_code = SPOE_FRM_ERR_INVALID;
596 goto error;
597 }
598
599 /* Check "status-code" K/V item */
600 if (!memcmp(str, "status-code", sz)) {
601 if (check_discon_status_code(frame, &p, end) == -1) {
602 client->status_code = SPOE_FRM_ERR_INVALID;
603 goto error;
604 }
605 }
606 /* Check "message" K/V item */
607 else if (!memcmp(str, "message", sz)) {
608 if (check_discon_message(frame, &p, end) == -1) {
609 client->status_code = SPOE_FRM_ERR_INVALID;
610 goto error;
611 }
612 }
613 else {
614 DEBUG(frame->worker, "<%lu> Skip K/V item : key=%.*s",
615 client->id, (int)sz, str);
616
617 /* Silently ignore unknown item */
618 if (spoe_skip_data(&p, end) == -1) {
619 client->status_code = SPOE_FRM_ERR_INVALID;
620 goto error;
621 }
622 }
623 }
624
625 return (p - frame->buf);
626 error:
627 return -1;
628}
629
630/* Decode a NOTIFY frame received from HAProxy. It returns -1 if an error
631 * occurred, 0 if it must be must be ignored, otherwise the number of read
632 * bytes. */
633static int
634handle_hanotify(struct spoe_frame *frame)
635{
636 struct client *client = frame->client;
637 char *p, *end;
638 uint64_t stream_id, frame_id;
639
640 p = frame->buf;
641 end = frame->buf + frame->len;
642
643 /* Check frame type */
644 if (*p++ != SPOE_FRM_T_HAPROXY_NOTIFY)
645 goto ignore;
646
647 DEBUG(frame->worker, "<%lu> Decode HAProxy NOTIFY frame", client->id);
648
649 /* Retrieve flags */
650 memcpy((char *)&(frame->flags), p, 4);
651 p += 4;
652
653 /* Fragmentation is not supported */
654 if (!(frame->flags & SPOE_FRM_FL_FIN) && fragmentation == false) {
655 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
656 goto error;
657 }
658
659 /* Read the stream-id and frame-id */
660 if (decode_varint(&p, end, &stream_id) == -1)
661 goto ignore;
662 if (decode_varint(&p, end, &frame_id) == -1)
663 goto ignore;
664
665 frame->stream_id = (unsigned int)stream_id;
666 frame->frame_id = (unsigned int)frame_id;
667
668 DEBUG(frame->worker, "<%lu> STREAM-ID=%u - FRAME-ID=%u"
669 " - %s frame received"
670 " - frag_len=%u - len=%u - offset=%ld",
671 client->id, frame->stream_id, frame->frame_id,
672 (frame->flags & SPOE_FRM_FL_FIN) ? "unfragmented" : "fragmented",
673 frame->frag_len, frame->len, p - frame->buf);
674
675 frame->fragmented = !(frame->flags & SPOE_FRM_FL_FIN);
676 frame->offset = (p - frame->buf);
677 return acc_payload(frame);
678
679 ignore:
680 return 0;
681
682 error:
683 return -1;
684}
685
686/* Decode next part of a fragmented frame received from HAProxy. It returns -1
687 * if an error occurred, 0 if it must be must be ignored, otherwise the number
688 * of read bytes. */
689static int
690handle_hafrag(struct spoe_frame *frame)
691{
692 struct client *client = frame->client;
693 char *p, *end;
694 uint64_t stream_id, frame_id;
695
696 p = frame->buf;
697 end = frame->buf + frame->len;
698
699 /* Check frame type */
700 if (*p++ != SPOE_FRM_T_UNSET)
701 goto ignore;
702
703 DEBUG(frame->worker, "<%lu> Decode Next part of a fragmented frame", client->id);
704
705 /* Fragmentation is not supported */
706 if (fragmentation == false) {
707 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
708 goto error;
709 }
710
711 /* Retrieve flags */
712 memcpy((char *)&(frame->flags), p, 4);
713 p+= 4;
714
715 /* Read the stream-id and frame-id */
716 if (decode_varint(&p, end, &stream_id) == -1)
717 goto ignore;
718 if (decode_varint(&p, end, &frame_id) == -1)
719 goto ignore;
720
721 if (frame->fragmented == false ||
722 frame->stream_id != (unsigned int)stream_id ||
723 frame->frame_id != (unsigned int)frame_id) {
724 client->status_code = SPOE_FRM_ERR_INTERLACED_FRAMES;
725 goto error;
726 }
727
728 if (frame->flags & SPOE_FRM_FL_ABRT) {
729 DEBUG(frame->worker, "<%lu> STREAM-ID=%u - FRAME-ID=%u"
730 " - Abort processing of a fragmented frame"
731 " - frag_len=%u - len=%u - offset=%ld",
732 client->id, frame->stream_id, frame->frame_id,
733 frame->frag_len, frame->len, p - frame->buf);
734 goto ignore;
735 }
736
737 DEBUG(frame->worker, "<%lu> STREAM-ID=%u - FRAME-ID=%u"
738 " - %s fragment of a fragmented frame received"
739 " - frag_len=%u - len=%u - offset=%ld",
740 client->id, frame->stream_id, frame->frame_id,
741 (frame->flags & SPOE_FRM_FL_FIN) ? "last" : "next",
742 frame->frag_len, frame->len, p - frame->buf);
743
744 frame->offset = (p - frame->buf);
745 return acc_payload(frame);
746
747 ignore:
748 return 0;
749
750 error:
751 return -1;
752}
753
754/* Encode a HELLO frame to send it to HAProxy. It returns the number of written
755 * bytes. */
756static int
757prepare_agenthello(struct spoe_frame *frame)
758{
759 struct client *client = frame->client;
760 char *p, *end;
761 char capabilities[64];
762 int n;
763 unsigned int flags = SPOE_FRM_FL_FIN;
764
765 DEBUG(frame->worker, "<%lu> Encode Agent HELLO frame", client->id);
766 frame->type = SPOA_FRM_T_AGENT;
767
768 p = frame->buf;
769 end = frame->buf+max_frame_size;
770
771 /* Frame Type */
772 *p++ = SPOE_FRM_T_AGENT_HELLO;
773
774 /* Set flags */
775 memcpy(p, (char *)&flags, 4);
776 p += 4;
777
778 /* No stream-id and frame-id for HELLO frames */
779 *p++ = 0;
780 *p++ = 0;
781
782 /* "version" K/V item */
783 spoe_encode_buffer("version", 7, &p, end);
784 *p++ = SPOE_DATA_T_STR;
785 spoe_encode_buffer(SPOP_VERSION, SLEN(SPOP_VERSION), &p, end);
786 DEBUG(frame->worker, "<%lu> Agent version : %s",
787 client->id, SPOP_VERSION);
788
789
790 /* "max-frame-size" K/V item */
791 spoe_encode_buffer("max-frame-size", 14, &p ,end);
792 *p++ = SPOE_DATA_T_UINT32;
793 encode_varint(client->max_frame_size, &p, end);
794 DEBUG(frame->worker, "<%lu> Agent maximum frame size : %u",
795 client->id, client->max_frame_size);
796
797 /* "capabilities" K/V item */
798 spoe_encode_buffer("capabilities", 12, &p, end);
799 *p++ = SPOE_DATA_T_STR;
800
801 memset(capabilities, 0, sizeof(capabilities));
802 n = 0;
803
804 /* 1. Fragmentation capability ? */
805 if (fragmentation == true) {
806 memcpy(capabilities, "fragmentation", 13);
807 n += 13;
808 }
809 /* 2. Pipelining capability ? */
810 if (client->pipelining == true) {
811 if (n) capabilities[n++] = ',';
812 memcpy(capabilities + n, "pipelining", 10);
813 n += 10;
814 }
815 /* 3. Async capability ? */
816 if (client->async == true) {
817 if (n) capabilities[n++] = ',';
818 memcpy(capabilities + n, "async", 5);
819 n += 5;
820 }
821 spoe_encode_buffer(capabilities, n, &p, end);
822
823 DEBUG(frame->worker, "<%lu> Agent capabilities : %.*s",
824 client->id, n, capabilities);
825
826 frame->len = (p - frame->buf);
827 return frame->len;
828}
829
830/* Encode a DISCONNECT frame to send it to HAProxy. It returns the number of
831 * written bytes. */
832static int
833prepare_agentdicon(struct spoe_frame *frame)
834{
835 struct client *client = frame->client;
836 char *p, *end;
837 const char *reason;
838 int rlen;
839 unsigned int flags = SPOE_FRM_FL_FIN;
840
841 DEBUG(frame->worker, "<%lu> Encode Agent DISCONNECT frame", client->id);
842 frame->type = SPOA_FRM_T_AGENT;
843
844 p = frame->buf;
845 end = frame->buf+max_frame_size;
846
847 if (client->status_code >= SPOE_FRM_ERRS)
848 client->status_code = SPOE_FRM_ERR_UNKNOWN;
849 reason = spoe_frm_err_reasons[client->status_code];
850 rlen = strlen(reason);
851
852 /* Frame type */
853 *p++ = SPOE_FRM_T_AGENT_DISCON;
854
855 /* Set flags */
856 memcpy(p, (char *)&flags, 4);
857 p += 4;
858
859 /* No stream-id and frame-id for DISCONNECT frames */
860 *p++ = 0;
861 *p++ = 0;
862
863 /* There are 2 mandatory items: "status-code" and "message" */
864
865 /* "status-code" K/V item */
866 spoe_encode_buffer("status-code", 11, &p, end);
867 *p++ = SPOE_DATA_T_UINT32;
868 encode_varint(client->status_code, &p, end);
869 DEBUG(frame->worker, "<%lu> Disconnect status code : %u",
870 client->id, client->status_code);
871
872 /* "message" K/V item */
873 spoe_encode_buffer("message", 7, &p, end);
874 *p++ = SPOE_DATA_T_STR;
875 spoe_encode_buffer(reason, rlen, &p, end);
876 DEBUG(frame->worker, "<%lu> Disconnect message : %s",
877 client->id, reason);
878
879 frame->len = (p - frame->buf);
880 return frame->len;
881}
882
883/* Encode a ACK frame to send it to HAProxy. It returns the number of written
884 * bytes. */
885static int
886prepare_agentack(struct spoe_frame *frame)
887{
888 char *p, *end;
889 unsigned int flags = SPOE_FRM_FL_FIN;
890
891 /* Be careful here, in async mode, frame->client can be NULL */
892
893 DEBUG(frame->worker, "Encode Agent ACK frame");
894 frame->type = SPOA_FRM_T_AGENT;
895
896 p = frame->buf;
897 end = frame->buf+max_frame_size;
898
899 /* Frame type */
900 *p++ = SPOE_FRM_T_AGENT_ACK;
901
902 /* Set flags */
903 memcpy(p, (char *)&flags, 4);
904 p += 4;
905
906 /* Set stream-id and frame-id for ACK frames */
907 encode_varint(frame->stream_id, &p, end);
908 encode_varint(frame->frame_id, &p, end);
909
910 DEBUG(frame->worker, "STREAM-ID=%u - FRAME-ID=%u",
911 frame->stream_id, frame->frame_id);
912
913 frame->len = (p - frame->buf);
914 return frame->len;
915}
916
917static int
918create_server_socket(void)
919{
920 struct sockaddr_in listen_addr;
921 int fd, yes = 1;
922
923 fd = socket(AF_INET, SOCK_STREAM, 0);
924 if (fd < 0) {
925 LOG(&null_worker, "Failed to create service socket : %m");
926 return -1;
927 }
928
929 memset(&listen_addr, 0, sizeof(listen_addr));
930 listen_addr.sin_family = AF_INET;
931 listen_addr.sin_addr.s_addr = INADDR_ANY;
932 listen_addr.sin_port = htons(server_port);
933
934 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) < 0 ||
935 setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &yes, sizeof(yes)) < 0) {
936 LOG(&null_worker, "Failed to set option on server socket : %m");
937 return -1;
938 }
939
940 if (bind(fd, (struct sockaddr *) &listen_addr, sizeof(listen_addr)) < 0) {
941 LOG(&null_worker, "Failed to bind server socket : %m");
942 return -1;
943 }
944
945 if (listen(fd, CONNECTION_BACKLOG) < 0) {
946 LOG(&null_worker, "Failed to listen on server socket : %m");
947 return -1;
948 }
949
950 return fd;
951}
952
953static void
954release_frame(struct spoe_frame *frame)
955{
956 struct worker *worker;
957
958 if (frame == NULL)
959 return;
960
961 if (event_pending(&frame->process_frame_event, EV_TIMEOUT, NULL))
962 event_del(&frame->process_frame_event);
963
964 worker = frame->worker;
965 LIST_DEL(&frame->list);
966 if (frame->frag_buf)
967 free(frame->frag_buf);
968 memset(frame, 0, sizeof(*frame)+max_frame_size+4);
969 LIST_ADDQ(&worker->frames, &frame->list);
970}
971
972static void
973release_client(struct client *c)
974{
975 struct spoe_frame *frame, *back;
976
977 if (c == NULL)
978 return;
979
980 DEBUG(c->worker, "<%lu> Release client", c->id);
981
982 LIST_DEL(&c->by_worker);
983 c->worker->nbclients--;
984
985 unuse_spoe_engine(c);
986 free(c->engine_id);
987
988 if (event_pending(&c->read_frame_event, EV_READ, NULL))
989 event_del(&c->read_frame_event);
990 if (event_pending(&c->write_frame_event, EV_WRITE, NULL))
991 event_del(&c->write_frame_event);
992
993 release_frame(c->incoming_frame);
994 release_frame(c->outgoing_frame);
995 list_for_each_entry_safe(frame, back, &c->processing_frames, list) {
996 release_frame(frame);
997 }
998 list_for_each_entry_safe(frame, back, &c->outgoing_frames, list) {
999 release_frame(frame);
1000 }
1001
1002 if (c->fd >= 0)
1003 close(c->fd);
1004
1005 free(c);
1006}
1007
1008static void
1009reset_frame(struct spoe_frame *frame)
1010{
1011 if (frame == NULL)
1012 return;
1013
1014 if (frame->frag_buf)
1015 free(frame->frag_buf);
1016
1017 frame->type = SPOA_FRM_T_UNKNOWN;
1018 frame->buf = (char *)(frame->data);
1019 frame->offset = 0;
1020 frame->len = 0;
1021 frame->stream_id = 0;
1022 frame->frame_id = 0;
1023 frame->flags = 0;
1024 frame->hcheck = false;
1025 frame->fragmented = false;
1026 frame->defender_status = -1;
1027 frame->frag_buf = NULL;
1028 frame->frag_len = 0;
1029 LIST_INIT(&frame->list);
1030}
1031
1032static void
1033use_spoe_engine(struct client *client)
1034{
1035 struct spoe_engine *eng;
1036
1037 if (client->engine_id == NULL)
1038 return;
1039
1040 list_for_each_entry(eng, &client->worker->engines, list) {
1041 if (!strcmp(eng->id, client->engine_id))
1042 goto end;
1043 }
1044
1045 if ((eng = malloc(sizeof(*eng))) == NULL) {
1046 client->async = false;
1047 return;
1048 }
1049
1050 eng->id = strdup(client->engine_id);
1051 LIST_INIT(&eng->clients);
1052 LIST_INIT(&eng->processing_frames);
1053 LIST_INIT(&eng->outgoing_frames);
1054 LIST_ADDQ(&client->worker->engines, &eng->list);
1055 LOG(client->worker, "Add new SPOE engine '%s'", eng->id);
1056
1057 end:
1058 client->engine = eng;
1059 LIST_ADDQ(&eng->clients, &client->by_engine);
1060}
1061
1062static void
1063unuse_spoe_engine(struct client *client)
1064{
1065 struct spoe_engine *eng;
1066 struct spoe_frame *frame, *back;
1067
1068 if (client == NULL || client->engine == NULL)
1069 return;
1070
1071 eng = client->engine;
1072 client->engine = NULL;
1073 LIST_DEL(&client->by_engine);
1074 if (!LIST_ISEMPTY(&eng->clients))
1075 return;
1076
1077 LOG(client->worker, "Remove SPOE engine '%s'", eng->id);
1078 LIST_DEL(&eng->list);
1079
1080 list_for_each_entry_safe(frame, back, &eng->processing_frames, list) {
1081 release_frame(frame);
1082 }
1083 list_for_each_entry_safe(frame, back, &eng->outgoing_frames, list) {
1084 release_frame(frame);
1085 }
1086 free(eng->id);
1087 free(eng);
1088}
1089
1090
1091static struct spoe_frame *
1092acquire_incoming_frame(struct client *client)
1093{
1094 struct spoe_frame *frame;
1095
1096 frame = client->incoming_frame;
1097 if (frame != NULL)
1098 return frame;
1099
1100 if (LIST_ISEMPTY(&client->worker->frames)) {
1101 if ((frame = calloc(1, sizeof(*frame)+max_frame_size+4)) == NULL) {
1102 LOG(client->worker, "Failed to allocate new frame : %m");
1103 return NULL;
1104 }
1105 }
1106 else {
1107 frame = LIST_NEXT(&client->worker->frames, typeof(frame), list);
1108 LIST_DEL(&frame->list);
1109 }
1110
1111 reset_frame(frame);
1112 frame->worker = client->worker;
1113 frame->engine = client->engine;
1114 frame->client = client;
1115
1116 if (event_assign(&frame->process_frame_event, client->worker->base, -1,
1117 EV_TIMEOUT|EV_PERSIST, process_frame_cb, frame) < 0) {
1118 LOG(client->worker, "Failed to create frame event");
1119 return NULL;
1120 }
1121
1122 client->incoming_frame = frame;
1123 return frame;
1124}
1125
1126static struct spoe_frame *
1127acquire_outgoing_frame(struct client *client)
1128{
1129 struct spoe_engine *engine = client->engine;
1130 struct spoe_frame *frame = NULL;
1131
1132 if (client->outgoing_frame != NULL)
1133 frame = client->outgoing_frame;
1134 else if (!LIST_ISEMPTY(&client->outgoing_frames)) {
1135 frame = LIST_NEXT(&client->outgoing_frames, typeof(frame), list);
1136 LIST_DEL(&frame->list);
1137 client->outgoing_frame = frame;
1138 }
1139 else if (engine!= NULL && !LIST_ISEMPTY(&engine->outgoing_frames)) {
1140 frame = LIST_NEXT(&engine->outgoing_frames, typeof(frame), list);
1141 LIST_DEL(&frame->list);
1142 client->outgoing_frame = frame;
1143 }
1144 return frame;
1145}
1146
1147static void
1148write_frame(struct client *client, struct spoe_frame *frame)
1149{
1150 uint32_t netint;
1151
1152 LIST_DEL(&frame->list);
1153
1154 frame->buf = (char *)(frame->data);
1155 frame->offset = 0;
1156 netint = htonl(frame->len);
1157 memcpy(frame->buf, &netint, 4);
1158
1159 if (client != NULL) { /* HELLO or DISCONNECT frames */
1160 event_add(&client->write_frame_event, NULL);
1161
1162 /* Try to process the frame as soon as possible, and always
1163 * attach it to the client */
1164 if (client->async || client->pipelining) {
1165 if (client->outgoing_frame == NULL)
1166 client->outgoing_frame = frame;
1167 else
1168 LIST_ADD(&client->outgoing_frames, &frame->list);
1169 }
1170 else {
1171 client->outgoing_frame = frame;
1172 event_del(&client->read_frame_event);
1173 }
1174 }
1175 else { /* for all other frames */
1176 if (frame->client == NULL) { /* async mode ! */
1177 LIST_ADDQ(&frame->engine->outgoing_frames, &frame->list);
1178 list_for_each_entry(client, &frame->engine->clients, by_engine)
1179 event_add(&client->write_frame_event, NULL);
1180 }
1181 else if (frame->client->pipelining) {
1182 LIST_ADDQ(&frame->client->outgoing_frames, &frame->list);
1183 event_add(&frame->client->write_frame_event, NULL);
1184 }
1185 else {
1186 frame->client->outgoing_frame = frame;
1187 event_add(&frame->client->write_frame_event, NULL);
1188 event_del(&frame->client->read_frame_event);
1189 }
1190 }
1191}
1192
1193static void
1194process_incoming_frame(struct spoe_frame *frame)
1195{
1196 struct client *client = frame->client;
1197
1198 if (event_add(&frame->process_frame_event, &processing_delay) < 0) {
1199 LOG(client->worker, "Failed to process incoming frame");
1200 release_frame(frame);
1201 return;
1202 }
1203
1204 if (client->async) {
1205 frame->client = NULL;
1206 LIST_ADDQ(&frame->engine->processing_frames, &frame->list);
1207 }
1208 else if (client->pipelining)
1209 LIST_ADDQ(&client->processing_frames, &frame->list);
1210 else
1211 event_del(&client->read_frame_event);
1212}
1213
1214static void
1215signal_cb(evutil_socket_t sig, short events, void *user_data)
1216{
1217 struct event_base *base = user_data;
1218 int i;
1219
1220 DEBUG(&null_worker, "Stopping the server");
1221
1222 event_base_loopbreak(base);
1223 DEBUG(&null_worker, "Main event loop stopped");
1224
1225 for (i = 0; i < num_workers; i++) {
1226 event_base_loopbreak(workers[i].base);
1227 DEBUG(&null_worker, "Event loop stopped for worker %02d",
1228 workers[i].id);
1229 }
1230}
1231
1232static void
1233worker_monitor_cb(evutil_socket_t fd, short events, void *arg)
1234{
1235 struct worker *worker = arg;
1236
1237 LOG(worker, "%u clients connected", worker->nbclients);
1238}
1239
1240static void
1241process_frame_cb(evutil_socket_t fd, short events, void *arg)
1242{
1243 struct spoe_frame *frame = arg;
1244 char *p, *end;
1245 int ret;
1246
1247 DEBUG(frame->worker,
1248 "Process frame messages : STREAM-ID=%u - FRAME-ID=%u - length=%u bytes",
1249 frame->stream_id, frame->frame_id, frame->len - frame->offset);
1250
1251 p = frame->buf + frame->offset;
1252 end = frame->buf + frame->len;
1253
1254 /* Loop on messages */
1255 while (p < end) {
1256 char *str;
1257 uint64_t sz;
1258 int nbargs;
1259
1260 /* Decode the message name */
1261 spoe_decode_buffer(&p, end, &str, &sz);
1262 if (!str)
1263 goto stop_processing;
1264
1265 DEBUG(frame->worker, "Process SPOE Message '%.*s'", (int)sz, str);
1266
1267 nbargs = *p++; /* Get the number of arguments */
1268 frame->offset = (p - frame->buf); /* Save index to handle errors and skip args */
1269 if (!memcmp(str, "check-request", sz)) {
1270 struct defender_request request;
1271
1272 memset(&request, 0, sizeof(request));
1273
1274 if (nbargs != 8)
1275 goto skip_message;
1276
1277 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1278 goto stop_processing;
1279 if (spoe_decode_data(&p, end, &request.clientip) == -1)
1280 goto skip_message;
1281
1282 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1283 goto stop_processing;
1284 if (spoe_decode_data(&p, end, &request.id) == -1)
1285 goto skip_message;
1286
1287 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1288 goto stop_processing;
1289 if (spoe_decode_data(&p, end, &request.method) == -1)
1290 goto skip_message;
1291
1292 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1293 goto stop_processing;
1294 if (spoe_decode_data(&p, end, &request.path) == -1)
1295 goto skip_message;
1296
1297 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1298 goto stop_processing;
1299 if (spoe_decode_data(&p, end, &request.query) == -1)
1300 goto skip_message;
1301
1302 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1303 goto stop_processing;
1304 if (spoe_decode_data(&p, end, &request.version) == -1)
1305 goto skip_message;
1306
1307 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1308 goto stop_processing;
1309 if (spoe_decode_data(&p, end, &request.headers) == -1)
1310 goto skip_message;
1311
1312 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1313 goto stop_processing;
1314 if (spoe_decode_data(&p, end, &request.body) == -1)
1315 goto skip_message;
1316
1317 frame->defender_status = defender_process_request(frame->worker, &request);
1318 }
1319 else {
1320 skip_message:
1321 p = frame->buf + frame->offset; /* Restore index */
1322
1323 while (nbargs-- > 0) {
1324 /* Silently ignore argument: its name and its value */
1325 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1326 goto stop_processing;
1327 if (spoe_skip_data(&p, end) == -1)
1328 goto stop_processing;
1329 }
1330 }
1331 }
1332
1333 stop_processing:
1334 /* Prepare agent ACK frame */
1335 frame->buf = (char *)(frame->data) + 4;
1336 frame->offset = 0;
1337 frame->len = 0;
1338 frame->flags = 0;
1339
1340 ret = prepare_agentack(frame);
1341 p = frame->buf + ret;
1342
1343 if (frame->defender_status != -1) {
1344 DEBUG(frame->worker, "Add action : set variable status=%u",
1345 frame->defender_status);
1346
1347 *p++ = SPOE_ACT_T_SET_VAR; /* Action type */
1348 *p++ = 3; /* Number of args */
1349 *p++ = SPOE_SCOPE_SESS; /* Arg 1: the scope */
1350 spoe_encode_buffer("status", 6, &p, end); /* Arg 2: variable name */
1351 *p++ = SPOE_DATA_T_UINT32;
1352 encode_varint(frame->defender_status, &p, end); /* Arg 3: variable value */
1353 frame->len = (p - frame->buf);
1354 }
1355 write_frame(NULL, frame);
1356}
1357
1358static void
1359read_frame_cb(evutil_socket_t fd, short events, void *arg)
1360{
1361 struct client *client = arg;
1362 struct spoe_frame *frame;
1363 uint32_t netint;
1364 int n;
1365
1366 DEBUG(client->worker, "<%lu> %s", client->id, __FUNCTION__);
1367 if ((frame = acquire_incoming_frame(client)) == NULL)
1368 goto close;
1369
1370 frame->type = SPOA_FRM_T_HAPROXY;
1371 if (frame->buf == (char *)(frame->data)) {
1372 /* Read the frame length: frame->buf points on length part (frame->data) */
1373 n = read(client->fd, frame->buf+frame->offset, 4-frame->offset);
1374 if (n <= 0) {
1375 if (n < 0)
1376 LOG(client->worker, "Failed to read frame length : %m");
1377 goto close;
1378 }
1379 frame->offset += n;
1380 if (frame->offset != 4)
1381 return;
1382 memcpy(&netint, frame->buf, 4);
1383 frame->buf += 4;
1384 frame->offset = 0;
1385 frame->len = ntohl(netint);
1386 }
1387
1388 /* Read the frame: frame->buf points on frame part (frame->data+4)*/
1389 n = read(client->fd, frame->buf + frame->offset,
1390 frame->len - frame->offset);
1391 if (n <= 0) {
1392 if (n < 0) {
1393 LOG(client->worker, "Frame to read frame : %m");
1394 goto close;
1395 }
1396 return;
1397 }
1398 frame->offset += n;
1399 if (frame->offset != frame->len)
1400 return;
1401 frame->offset = 0;
1402
1403 DEBUG(client->worker, "<%lu> New Frame of %u bytes received",
1404 client->id, frame->len);
1405
1406 switch (client->state) {
1407 case SPOA_ST_CONNECTING:
1408 if (handle_hahello(frame) < 0) {
1409 LOG(client->worker, "Failed to decode HELLO frame");
1410 goto disconnect;
1411 }
1412 prepare_agenthello(frame);
1413 goto write_frame;
1414
1415 case SPOA_ST_PROCESSING:
1416 if (frame->buf[0] == SPOE_FRM_T_HAPROXY_DISCON) {
1417 client->state = SPOA_ST_DISCONNECTING;
1418 goto disconnecting;
1419 }
1420 if (frame->buf[0] == SPOE_FRM_T_UNSET)
1421 n = handle_hafrag(frame);
1422 else
1423 n = handle_hanotify(frame);
1424
1425 if (n < 0) {
1426 LOG(client->worker, "Failed to decode frame: %s",
1427 spoe_frm_err_reasons[client->status_code]);
1428 goto disconnect;
1429 }
1430 else if (n == 0) {
1431 LOG(client->worker, "Ignore invalid/unknown/aborted frame");
1432 goto ignore_frame;
1433 }
1434 else if (n == 1)
1435 goto noop;
1436 else
1437 goto process_frame;
1438
1439 case SPOA_ST_DISCONNECTING:
1440 disconnecting:
1441 if (handle_hadiscon(frame) < 0) {
1442 LOG(client->worker, "Failed to decode DISCONNECT frame");
1443 goto disconnect;
1444 }
1445 if (client->status_code != SPOE_FRM_ERR_NONE)
1446 LOG(client->worker, "<%lu> Peer closed connection: %s",
1447 client->id, spoe_frm_err_reasons[client->status_code]);
1448 client->status_code = SPOE_FRM_ERR_NONE;
1449 goto disconnect;
1450 }
1451
1452 noop:
1453 return;
1454
1455 ignore_frame:
1456 reset_frame(frame);
1457 return;
1458
1459 process_frame:
1460 process_incoming_frame(frame);
1461 client->incoming_frame = NULL;
1462 return;
1463
1464 write_frame:
1465 write_frame(client, frame);
1466 client->incoming_frame = NULL;
1467 return;
1468
1469 disconnect:
1470 client->state = SPOA_ST_DISCONNECTING;
1471 if (prepare_agentdicon(frame) < 0) {
1472 LOG(client->worker, "Failed to encode DISCONNECT frame");
1473 goto close;
1474 }
1475 goto write_frame;
1476
1477 close:
1478 release_client(client);
1479}
1480
1481static void
1482write_frame_cb(evutil_socket_t fd, short events, void *arg)
1483{
1484 struct client *client = arg;
1485 struct spoe_frame *frame;
1486 int n;
1487
1488 DEBUG(client->worker, "<%lu> %s", client->id, __FUNCTION__);
1489 if ((frame = acquire_outgoing_frame(client)) == NULL) {
1490 event_del(&client->write_frame_event);
1491 return;
1492 }
1493
1494 if (frame->buf == (char *)(frame->data)) {
1495 /* Write the frame length: frame->buf points on length part (frame->data) */
1496 n = write(client->fd, frame->buf+frame->offset, 4-frame->offset);
1497 if (n <= 0) {
1498 if (n < 0)
1499 LOG(client->worker, "Failed to write frame length : %m");
1500 goto close;
1501 }
1502 frame->offset += n;
1503 if (frame->offset != 4)
1504 return;
1505 frame->buf += 4;
1506 frame->offset = 0;
1507 }
1508
1509 /* Write the frame: frame->buf points on frame part (frame->data+4)*/
1510 n = write(client->fd, frame->buf + frame->offset,
1511 frame->len - frame->offset);
1512 if (n <= 0) {
1513 if (n < 0) {
1514 LOG(client->worker, "Failed to write frame : %m");
1515 goto close;
1516 }
1517 return;
1518 }
1519 frame->offset += n;
1520 if (frame->offset != frame->len)
1521 return;
1522
1523 DEBUG(client->worker, "<%lu> Frame of %u bytes send",
1524 client->id, frame->len);
1525
1526 switch (client->state) {
1527 case SPOA_ST_CONNECTING:
1528 if (frame->hcheck == true) {
1529 DEBUG(client->worker,
1530 "<%lu> Close client after healthcheck",
1531 client->id);
1532 goto close;
1533 }
1534 client->state = SPOA_ST_PROCESSING;
1535 break;
1536
1537 case SPOA_ST_PROCESSING:
1538 break;
1539
1540 case SPOA_ST_DISCONNECTING:
1541 goto close;
1542 }
1543
1544 release_frame(frame);
1545 client->outgoing_frame = NULL;
1546 if (!client->async && !client->pipelining) {
1547 event_del(&client->write_frame_event);
1548 event_add(&client->read_frame_event, NULL);
1549 }
1550 return;
1551
1552 close:
1553 release_client(client);
1554}
1555
1556static void
1557accept_cb(int listener, short event, void *arg)
1558{
1559 struct worker *worker;
1560 struct client *client;
1561 int fd;
1562
1563 worker = &workers[clicount++ % num_workers];
1564
1565 if ((fd = accept(listener, NULL, NULL)) < 0) {
1566 if (errno != EAGAIN && errno != EWOULDBLOCK)
1567 LOG(worker, "Failed to accept client connection : %m");
1568 return;
1569 }
1570
1571 DEBUG(&null_worker,
1572 "<%lu> New Client connection accepted and assigned to worker %02d",
1573 clicount, worker->id);
1574
1575 if (evutil_make_socket_nonblocking(fd) < 0) {
1576 LOG(&null_worker, "Failed to set client socket to non-blocking : %m");
1577 close(fd);
1578 return;
1579 }
1580
1581 if ((client = calloc(1, sizeof(*client))) == NULL) {
1582 LOG(&null_worker, "Failed to allocate memory for client state : %m");
1583 close(fd);
1584 return;
1585 }
1586
1587 client->id = clicount;
1588 client->fd = fd;
1589 client->worker = worker;
1590 client->state = SPOA_ST_CONNECTING;
1591 client->status_code = SPOE_FRM_ERR_NONE;
1592 client->max_frame_size = max_frame_size;
1593 client->engine = NULL;
1594 client->pipelining = false;
1595 client->async = false;
1596 client->incoming_frame = NULL;
1597 client->outgoing_frame = NULL;
1598 LIST_INIT(&client->processing_frames);
1599 LIST_INIT(&client->outgoing_frames);
1600
1601 LIST_ADDQ(&worker->clients, &client->by_worker);
1602
1603 worker->nbclients++;
1604
1605 if (event_assign(&client->read_frame_event, worker->base, fd,
1606 EV_READ|EV_PERSIST, read_frame_cb, client) < 0 ||
1607 event_assign(&client->write_frame_event, worker->base, fd,
1608 EV_WRITE|EV_PERSIST, write_frame_cb, client) < 0) {
1609 LOG(&null_worker, "Failed to create client events");
1610 release_client(client);
1611 return;
1612 }
1613 event_add(&client->read_frame_event, NULL);
1614}
1615
1616static void *
1617worker_function(void *data)
1618{
1619 struct client *client, *cback;
1620 struct spoe_frame *frame, *fback;
1621 struct worker *worker = data;
1622
1623 DEBUG(worker, "Worker ready to process client messages");
1624 event_base_dispatch(worker->base);
1625
1626 list_for_each_entry_safe(client, cback, &worker->clients, by_worker) {
1627 release_client(client);
1628 }
1629
1630 list_for_each_entry_safe(frame, fback, &worker->frames, list) {
1631 LIST_DEL(&frame->list);
1632 free(frame);
1633 }
1634
1635 event_free(worker->monitor_event);
1636 event_base_free(worker->base);
1637 DEBUG(worker, "Worker is stopped");
1638 pthread_exit(&null_worker);
1639}
1640
1641
1642static int
1643parse_processing_delay(const char *str)
1644{
1645 unsigned long value;
1646
1647 value = 0;
1648 while (1) {
1649 unsigned int j;
1650
1651 j = *str - '0';
1652 if (j > 9)
1653 break;
1654 str++;
1655 value *= 10;
1656 value += j;
1657 }
1658
1659 switch (*str) {
1660 case '\0': /* no unit = millisecond */
1661 value *= 1000;
1662 break;
1663 case 's': /* second */
1664 value *= 1000000;
1665 str++;
1666 break;
1667 case 'm': /* millisecond : "ms" */
1668 if (str[1] != 's')
1669 return -1;
1670 value *= 1000;
1671 str += 2;
1672 break;
1673 case 'u': /* microsecond : "us" */
1674 if (str[1] != 's')
1675 return -1;
1676 str += 2;
1677 break;
1678 default:
1679 return -1;
1680 }
1681 if (*str)
1682 return -1;
1683
1684 processing_delay.tv_sec = (time_t)(value / 1000000);
1685 processing_delay.tv_usec = (suseconds_t)(value % 1000000);
1686 return 0;
1687}
1688
1689
1690static void
1691usage(char *prog)
1692{
1693 fprintf(stderr,
1694 "Usage : %s [OPTION]...\n"
1695 " -h Print this message\n"
1696 " -f <config-file> Mod Defender configuration file\n"
1697 " -l <log-file> Mod Defender log file\n"
1698 " -d Enable the debug mode\n"
1699 " -m <max-frame-size> Specify the maximum frame size (default : %u)\n"
1700 " -p <port> Specify the port to listen on (default : %d)\n"
1701 " -n <num-workers> Specify the number of workers (default : %d)\n"
1702 " -c <capability> Enable the support of the specified capability\n"
1703 " -t <time> Set a delay to process a message (default: 0)\n"
1704 " The value is specified in milliseconds by default,\n"
1705 " but can be in any other unit if the number is suffixed\n"
1706 " by a unit (us, ms, s)\n"
1707 "\n"
1708 " Supported capabilities: fragmentation, pipelining, async\n",
1709 prog, MAX_FRAME_SIZE, DEFAULT_PORT, NUM_WORKERS);
1710}
1711
1712int
1713main(int argc, char **argv)
1714{
1715 struct event_base *base = NULL;
1716 struct event *signal_event = NULL, *accept_event = NULL;
1717 int opt, i, fd = -1;
1718 const char *config_file = NULL;
1719 const char *log_file = NULL;
1720
1721 // TODO: add '-t <processing-time>' option
1722 while ((opt = getopt(argc, argv, "hf:l:dm:n:p:c:t:")) != -1) {
1723 switch (opt) {
1724 case 'h':
1725 usage(argv[0]);
1726 return EXIT_SUCCESS;
1727 case 'f':
1728 config_file = optarg;
1729 break;
1730 case 'l':
1731 log_file = optarg;
1732 break;
1733 case 'd':
1734 debug = true;
1735 break;
1736 case 'm':
1737 max_frame_size = atoi(optarg);
1738 break;
1739 case 'n':
1740 num_workers = atoi(optarg);
1741 break;
1742 case 'p':
1743 server_port = atoi(optarg);
1744 break;
1745 case 'c':
1746 if (!strcmp(optarg, "pipelining"))
1747 pipelining = true;
1748 else if (!strcmp(optarg, "async"))
1749 async = true;
1750 else if (!strcmp(optarg, "fragmentation"))
1751 fragmentation = true;
1752 else
1753 fprintf(stderr, "WARNING: unsupported capability '%s'\n", optarg);
1754 break;
1755 case 't':
1756 if (!parse_processing_delay(optarg))
1757 break;
1758 fprintf(stderr, "%s: failed to parse time '%s'.\n", argv[0], optarg);
1759 fprintf(stderr, "Try '%s -h' for more information.\n", argv[0]);
1760 return EXIT_FAILURE;
1761 default:
1762 usage(argv[0]);
1763 return EXIT_FAILURE;
1764 }
1765 }
1766
1767 if (!defender_init(config_file, log_file))
1768 goto error;
1769
1770 if (num_workers <= 0) {
1771 LOG(&null_worker, "%s : Invalid number of workers '%d'\n",
1772 argv[0], num_workers);
1773 goto error;
1774 }
1775
1776 if (server_port <= 0) {
1777 LOG(&null_worker, "%s : Invalid port '%d'\n",
1778 argv[0], server_port);
1779 goto error;
1780 }
1781
1782 if (evthread_use_pthreads() < 0) {
1783 LOG(&null_worker, "No pthreads support for libevent");
1784 goto error;
1785 }
1786
1787 if ((base = event_base_new()) == NULL) {
1788 LOG(&null_worker, "Failed to initialize libevent : %m");
1789 goto error;
1790 }
1791
1792 signal(SIGPIPE, SIG_IGN);
1793
1794 if ((fd = create_server_socket()) < 0) {
1795 LOG(&null_worker, "Failed to create server socket");
1796 goto error;
1797 }
1798 if (evutil_make_socket_nonblocking(fd) < 0) {
1799 LOG(&null_worker, "Failed to set server socket to non-blocking");
1800 goto error;
1801 }
1802
1803 if ((workers = calloc(num_workers, sizeof(*workers))) == NULL) {
1804 LOG(&null_worker, "Failed to set allocate memory for workers");
1805 goto error;
1806 }
1807
1808 for (i = 0; i < num_workers; ++i) {
1809 struct worker *w = &workers[i];
1810
1811 w->id = i+1;
1812 w->nbclients = 0;
1813 LIST_INIT(&w->engines);
1814 LIST_INIT(&w->clients);
1815 LIST_INIT(&w->frames);
1816
1817 if ((w->base = event_base_new()) == NULL) {
1818 LOG(&null_worker,
1819 "Failed to initialize libevent for worker %02d : %m",
1820 w->id);
1821 goto error;
1822 }
1823
1824 w->monitor_event = event_new(w->base, fd, EV_PERSIST,
1825 worker_monitor_cb, (void *)w);
1826 if (w->monitor_event == NULL ||
1827 event_add(w->monitor_event, (struct timeval[]){{5,0}}) < 0) {
1828 LOG(&null_worker,
1829 "Failed to create monitor event for worker %02d",
1830 w->id);
1831 goto error;
1832 }
1833
1834 if (pthread_create(&w->thread, NULL, worker_function, (void *)w)) {
1835 LOG(&null_worker,
1836 "Failed to start thread for worker %02d : %m",
1837 w->id);
1838 }
1839 DEBUG(&null_worker, "Worker %02d initialized", w->id);
1840 }
1841
1842 accept_event = event_new(base, fd, EV_READ|EV_PERSIST, accept_cb,
1843 (void *)base);
1844 if (accept_event == NULL || event_add(accept_event, NULL) < 0) {
1845 LOG(&null_worker, "Failed to create accept event : %m");
1846 }
1847
1848 signal_event = evsignal_new(base, SIGINT, signal_cb, (void *)base);
1849 if (signal_event == NULL || event_add(signal_event, NULL) < 0) {
1850 LOG(&null_worker, "Failed to create signal event : %m");
1851 }
1852
1853 DEBUG(&null_worker,
1854 "Server is ready"
1855 " [fragmentation=%s - pipelining=%s - async=%s - debug=%s - max-frame-size=%u]",
1856 (fragmentation?"true":"false"), (pipelining?"true":"false"), (async?"true":"false"),
1857 (debug?"true":"false"), max_frame_size);
1858 event_base_dispatch(base);
1859
1860 for (i = 0; i < num_workers; i++) {
1861 struct worker *w = &workers[i];
1862
1863 pthread_join(w->thread, NULL);
1864 DEBUG(&null_worker, "Worker %02d terminated", w->id);
1865 }
1866
1867 free(workers);
1868 event_free(signal_event);
1869 event_free(accept_event);
1870 event_base_free(base);
1871 close(fd);
1872 return EXIT_SUCCESS;
1873
1874 error:
1875 if (workers != NULL)
1876 free(workers);
1877 if (signal_event != NULL)
1878 event_free(signal_event);
1879 if (accept_event != NULL)
1880 event_free(accept_event);
1881 if (base != NULL)
1882 event_base_free(base);
1883 if (fd != -1)
1884 close(fd);
1885 return EXIT_FAILURE;
1886}