Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / e70c7977f2db37d6228834c98306712fb30f3fd4 / . / contrib / mod_defender / spoa.c
blob: 2ae1a366cf68cfe3d93bcf2a85587dc883dfa495 [file] [log] [blame]
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]1/*
2 * Mod Defender for HAProxy
3 *
4 * Copyright 2017 HAProxy Technologies, Dragan Dosen <ddosen@haproxy.com>
5 *
6 * Based on "A Random IP reputation service acting as a Stream Processing Offload Agent"
7 * Copyright 2016 HAProxy Technologies, Christopher Faulet <cfaulet@haproxy.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 3 of the License, or (at your option) any later version.
13 *
14 */
15#include <unistd.h>
16#include <stdlib.h>
17#include <string.h>
18#include <stdbool.h>
19#include <errno.h>
20#include <stdio.h>
21#include <signal.h>
22#include <netinet/in.h>
23#include <sys/socket.h>
24#include <err.h>
25#include <ctype.h>
26
27#include <pthread.h>
28
29#include <event2/util.h>
30#include <event2/event.h>
31#include <event2/event_struct.h>
32#include <event2/thread.h>
33
Willy Tarreauc13ed532020-06-02 10:22:45 +0200[diff] [blame]34#include <haproxy/chunk.h>
Willy Tarreaub2551052020-06-09 09:07:15 +0200[diff] [blame]35#include <haproxy/list.h>
Willy Tarreau6c58ab02020-06-04 22:35:49 +0200[diff] [blame]36#include <haproxy/spoe.h>
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]37
38#include "spoa.h"
39#include "defender.h"
40
41#define DEFAULT_PORT 12345
42#define CONNECTION_BACKLOG 10
43#define NUM_WORKERS 10
44#define MAX_FRAME_SIZE 16384
Christopher Faulet63816502018-05-31 14:56:42 +0200[diff] [blame]45#define SPOP_VERSION "2.0"
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]46
47#define SLEN(str) (sizeof(str)-1)
48
49#define DEBUG(x...) \
50 do { \
51 if (debug) \
52 LOG(x); \
53 } while (0)
54
55
56enum spoa_state {
57 SPOA_ST_CONNECTING = 0,
58 SPOA_ST_PROCESSING,
59 SPOA_ST_DISCONNECTING,
60};
61
62enum spoa_frame_type {
63 SPOA_FRM_T_UNKNOWN = 0,
64 SPOA_FRM_T_HAPROXY,
65 SPOA_FRM_T_AGENT,
66};
67
68struct spoe_engine {
69 char *id;
70
71 struct list processing_frames;
72 struct list outgoing_frames;
73
74 struct list clients;
75 struct list list;
76};
77
78struct spoe_frame {
79 enum spoa_frame_type type;
80 char *buf;
81 unsigned int offset;
82 unsigned int len;
83
84 unsigned int stream_id;
85 unsigned int frame_id;
86 unsigned int flags;
87 bool hcheck; /* true is the CONNECT frame is a healthcheck */
88 bool fragmented; /* true if the frame is fragmented */
89 int defender_status; /* mod_defender returned status */
90
91 struct event process_frame_event;
92 struct worker *worker;
93 struct spoe_engine *engine;
94 struct client *client;
95 struct list list;
96
97 char *frag_buf; /* used to accumulate payload of a fragmented frame */
98 unsigned int frag_len;
99
100 char data[0];
101};
102
103struct client {
104 int fd;
105 unsigned long id;
106 enum spoa_state state;
107
108 struct event read_frame_event;
109 struct event write_frame_event;
110
111 struct spoe_frame *incoming_frame;
112 struct spoe_frame *outgoing_frame;
113
114 struct list processing_frames;
115 struct list outgoing_frames;
116
117 unsigned int max_frame_size;
118 int status_code;
119
120 char *engine_id;
121 struct spoe_engine *engine;
122 bool pipelining;
123 bool async;
124 bool fragmentation;
125
126 struct worker *worker;
127 struct list by_worker;
128 struct list by_engine;
129};
130
131/* Globals */
132static struct worker *workers = NULL;
133struct worker null_worker = { .id = 0 };
134static unsigned long clicount = 0;
135static int server_port = DEFAULT_PORT;
136static int num_workers = NUM_WORKERS;
137static unsigned int max_frame_size = MAX_FRAME_SIZE;
138struct timeval processing_delay = {0, 0};
139static bool debug = false;
140static bool pipelining = false;
141static bool async = false;
142static bool fragmentation = false;
143
144
145static const char *spoe_frm_err_reasons[SPOE_FRM_ERRS] = {
146 [SPOE_FRM_ERR_NONE] = "normal",
147 [SPOE_FRM_ERR_IO] = "I/O error",
148 [SPOE_FRM_ERR_TOUT] = "a timeout occurred",
149 [SPOE_FRM_ERR_TOO_BIG] = "frame is too big",
150 [SPOE_FRM_ERR_INVALID] = "invalid frame received",
151 [SPOE_FRM_ERR_NO_VSN] = "version value not found",
152 [SPOE_FRM_ERR_NO_FRAME_SIZE] = "max-frame-size value not found",
153 [SPOE_FRM_ERR_NO_CAP] = "capabilities value not found",
154 [SPOE_FRM_ERR_BAD_VSN] = "unsupported version",
155 [SPOE_FRM_ERR_BAD_FRAME_SIZE] = "max-frame-size too big or too small",
156 [SPOE_FRM_ERR_FRAG_NOT_SUPPORTED] = "fragmentation not supported",
157 [SPOE_FRM_ERR_INTERLACED_FRAMES] = "invalid interlaced frames",
158 [SPOE_FRM_ERR_FRAMEID_NOTFOUND] = "frame-id not found",
159 [SPOE_FRM_ERR_RES] = "resource allocation error",
160 [SPOE_FRM_ERR_UNKNOWN] = "an unknown error occurred",
161};
162
163static void signal_cb(evutil_socket_t, short, void *);
164static void accept_cb(evutil_socket_t, short, void *);
165static void worker_monitor_cb(evutil_socket_t, short, void *);
166static void process_frame_cb(evutil_socket_t, short, void *);
167static void read_frame_cb(evutil_socket_t, short, void *);
168static void write_frame_cb(evutil_socket_t, short, void *);
169
170static void use_spoe_engine(struct client *);
171static void unuse_spoe_engine(struct client *);
172static void release_frame(struct spoe_frame *);
173static void release_client(struct client *);
174
175/* Check the protocol version. It returns -1 if an error occurred, the number of
176 * read bytes otherwise. */
177static int
178check_proto_version(struct spoe_frame *frame, char **buf, char *end)
179{
180 char *str, *p = *buf;
181 uint64_t sz;
182 int ret;
183
184 /* Get the list of all supported versions by HAProxy */
185 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
186 return -1;
187 ret = spoe_decode_buffer(&p, end, &str, &sz);
188 if (ret == -1 || !str)
189 return -1;
190
191 DEBUG(frame->worker, "<%lu> Supported versions : %.*s",
192 frame->client->id, (int)sz, str);
193
Ilya Shipitsince7b00f2020-03-23 22:28:40 +0500[diff] [blame]194 /* TODO: Find the right version in supported ones */
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]195
196 ret = (p - *buf);
197 *buf = p;
198 return ret;
199}
200
201/* Check max frame size value. It returns -1 if an error occurred, the number of
202 * read bytes otherwise. */
203static int
204check_max_frame_size(struct spoe_frame *frame, char **buf, char *end)
205{
206 char *p = *buf;
207 uint64_t sz;
208 int type, ret;
209
210 /* Get the max-frame-size value of HAProxy */
211 type = *p++;
212 if ((type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT32 &&
213 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT64 &&
214 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT32 &&
215 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT64)
216 return -1;
217 if (decode_varint(&p, end, &sz) == -1)
218 return -1;
219
220 /* Keep the lower value */
221 if (sz < frame->client->max_frame_size)
222 frame->client->max_frame_size = sz;
223
224 DEBUG(frame->worker, "<%lu> HAProxy maximum frame size : %u",
225 frame->client->id, (unsigned int)sz);
226
227 ret = (p - *buf);
228 *buf = p;
229 return ret;
230}
231
232/* Check healthcheck value. It returns -1 if an error occurred, the number of
233 * read bytes otherwise. */
234static int
235check_healthcheck(struct spoe_frame *frame, char **buf, char *end)
236{
237 char *p = *buf;
238 int type, ret;
239
240 /* Get the "healthcheck" value */
241 type = *p++;
242 if ((type & SPOE_DATA_T_MASK) != SPOE_DATA_T_BOOL)
243 return -1;
244 frame->hcheck = ((type & SPOE_DATA_FL_TRUE) == SPOE_DATA_FL_TRUE);
245
246 DEBUG(frame->worker, "<%lu> HELLO healthcheck : %s",
247 frame->client->id, (frame->hcheck ? "true" : "false"));
248
249 ret = (p - *buf);
250 *buf = p;
251 return ret;
252}
253
254/* Check capabilities value. It returns -1 if an error occurred, the number of
255 * read bytes otherwise. */
256static int
257check_capabilities(struct spoe_frame *frame, char **buf, char *end)
258{
259 struct client *client = frame->client;
260 char *str, *p = *buf;
261 uint64_t sz;
262 int ret;
263
264 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
265 return -1;
266 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
267 return -1;
268 if (str == NULL) /* this is not an error */
269 goto end;
270
271 DEBUG(frame->worker, "<%lu> HAProxy capabilities : %.*s",
272 client->id, (int)sz, str);
273
274 while (sz) {
275 char *delim;
276
277 /* Skip leading spaces */
278 for (; isspace(*str) && sz; sz--);
279
280 if (sz >= 10 && !strncmp(str, "pipelining", 10)) {
281 str += 10; sz -= 10;
282 if (!sz || isspace(*str) || *str == ',') {
283 DEBUG(frame->worker,
284 "<%lu> HAProxy supports frame pipelining",
285 client->id);
286 client->pipelining = true;
287 }
288 }
289 else if (sz >= 5 && !strncmp(str, "async", 5)) {
290 str += 5; sz -= 5;
291 if (!sz || isspace(*str) || *str == ',') {
292 DEBUG(frame->worker,
293 "<%lu> HAProxy supports asynchronous frame",
294 client->id);
295 client->async = true;
296 }
297 }
298 else if (sz >= 13 && !strncmp(str, "fragmentation", 13)) {
299 str += 13; sz -= 13;
300 if (!sz || isspace(*str) || *str == ',') {
301 DEBUG(frame->worker,
302 "<%lu> HAProxy supports fragmented frame",
303 client->id);
304 client->fragmentation = true;
305 }
306 }
307
308 if (!sz || (delim = memchr(str, ',', sz)) == NULL)
309 break;
310 delim++;
311 sz -= (delim - str);
312 str = delim;
313 }
314 end:
315 ret = (p - *buf);
316 *buf = p;
317 return ret;
318}
319
320/* Check engine-id value. It returns -1 if an error occurred, the number of
321 * read bytes otherwise. */
322static int
323check_engine_id(struct spoe_frame *frame, char **buf, char *end)
324{
325 struct client *client = frame->client;
326 char *str, *p = *buf;
327 uint64_t sz;
328 int ret;
329
330 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
331 return -1;
332
333 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
334 return -1;
335 if (str == NULL) /* this is not an error */
336 goto end;
337
338 if (client->engine != NULL)
339 goto end;
340
341 DEBUG(frame->worker, "<%lu> HAProxy engine id : %.*s",
342 client->id, (int)sz, str);
343
344 client->engine_id = strndup(str, (int)sz);
345 end:
346 ret = (p - *buf);
347 *buf = p;
348 return ret;
349}
350
351static int
352acc_payload(struct spoe_frame *frame)
353{
354 struct client *client = frame->client;
355 char *buf;
356 size_t len = frame->len - frame->offset;
357 int ret = frame->offset;
358
359 /* No need to accumulation payload */
360 if (frame->fragmented == false)
361 return ret;
362
363 buf = realloc(frame->frag_buf, frame->frag_len + len);
364 if (buf == NULL) {
365 client->status_code = SPOE_FRM_ERR_RES;
366 return -1;
367 }
368 memcpy(buf + frame->frag_len, frame->buf + frame->offset, len);
369 frame->frag_buf = buf;
370 frame->frag_len += len;
371
372 if (!(frame->flags & SPOE_FRM_FL_FIN)) {
373 /* Wait for next parts */
374 frame->buf = (char *)(frame->data);
375 frame->offset = 0;
376 frame->len = 0;
377 frame->flags = 0;
378 return 1;
379 }
380
381 frame->buf = frame->frag_buf;
382 frame->len = frame->frag_len;
383 frame->offset = 0;
384 return ret;
385}
386
387/* Check disconnect status code. It returns -1 if an error occurred, the number
388 * of read bytes otherwise. */
389static int
390check_discon_status_code(struct spoe_frame *frame, char **buf, char *end)
391{
392 char *p = *buf;
393 uint64_t sz;
394 int type, ret;
395
396 /* Get the "status-code" value */
397 type = *p++;
398 if ((type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT32 &&
399 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_INT64 &&
400 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT32 &&
401 (type & SPOE_DATA_T_MASK) != SPOE_DATA_T_UINT64)
402 return -1;
403 if (decode_varint(&p, end, &sz) == -1)
404 return -1;
405
406 frame->client->status_code = (unsigned int)sz;
407
408 DEBUG(frame->worker, "<%lu> Disconnect status code : %u",
409 frame->client->id, frame->client->status_code);
410
411 ret = (p - *buf);
412 *buf = p;
413 return ret;
414}
415
416/* Check the disconnect message. It returns -1 if an error occurred, the number
417 * of read bytes otherwise. */
418static int
419check_discon_message(struct spoe_frame *frame, char **buf, char *end)
420{
421 char *str, *p = *buf;
422 uint64_t sz;
423 int ret;
424
425 /* Get the "message" value */
426 if ((*p++ & SPOE_DATA_T_MASK) != SPOE_DATA_T_STR)
427 return -1;
428 ret = spoe_decode_buffer(&p, end, &str, &sz);
429 if (ret == -1 || !str)
430 return -1;
431
432 DEBUG(frame->worker, "<%lu> Disconnect message : %.*s",
433 frame->client->id, (int)sz, str);
434
435 ret = (p - *buf);
436 *buf = p;
437 return ret;
438}
439
440
441
442/* Decode a HELLO frame received from HAProxy. It returns -1 if an error
443 * occurred, otherwise the number of read bytes. HELLO frame cannot be
444 * ignored and having another frame than a HELLO frame is an error. */
445static int
446handle_hahello(struct spoe_frame *frame)
447{
448 struct client *client = frame->client;
449 char *p, *end;
450
451 p = frame->buf;
452 end = frame->buf + frame->len;
453
454 /* Check frame type: we really want a HELLO frame */
455 if (*p++ != SPOE_FRM_T_HAPROXY_HELLO)
456 goto error;
457
458 DEBUG(frame->worker, "<%lu> Decode HAProxy HELLO frame", client->id);
459
460 /* Retrieve flags */
461 memcpy((char *)&(frame->flags), p, 4);
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]462 frame->flags = ntohl(frame->flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]463 p += 4;
464
465 /* Fragmentation is not supported for HELLO frame */
466 if (!(frame->flags & SPOE_FRM_FL_FIN)) {
467 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
468 goto error;
469 }
470
471 /* stream-id and frame-id must be cleared */
472 if (*p != 0 || *(p+1) != 0) {
473 client->status_code = SPOE_FRM_ERR_INVALID;
474 goto error;
475 }
476 p += 2;
477
478 /* Loop on K/V items */
479 while (p < end) {
480 char *str;
481 uint64_t sz;
482
483 /* Decode the item name */
484 spoe_decode_buffer(&p, end, &str, &sz);
485 if (!str) {
486 client->status_code = SPOE_FRM_ERR_INVALID;
487 goto error;
488 }
489
490 /* Check "supported-versions" K/V item */
491 if (!memcmp(str, "supported-versions", sz)) {
492 if (check_proto_version(frame, &p, end) == -1) {
493 client->status_code = SPOE_FRM_ERR_INVALID;
494 goto error;
495 }
496 }
497 /* Check "max-frame-size" K/V item */
498 else if (!memcmp(str, "max-frame-size", sz)) {
499 if (check_max_frame_size(frame, &p, end) == -1) {
500 client->status_code = SPOE_FRM_ERR_INVALID;
501 goto error;
502 }
503 }
504 /* Check "healthcheck" K/V item */
505 else if (!memcmp(str, "healthcheck", sz)) {
506 if (check_healthcheck(frame, &p, end) == -1) {
507 client->status_code = SPOE_FRM_ERR_INVALID;
508 goto error;
509 }
510 }
511 /* Check "capabilities" K/V item */
512 else if (!memcmp(str, "capabilities", sz)) {
513 if (check_capabilities(frame, &p, end) == -1) {
514 client->status_code = SPOE_FRM_ERR_INVALID;
515 goto error;
516 }
517 }
518 /* Check "engine-id" K/V item */
519 else if (!memcmp(str, "engine-id", sz)) {
520 if (check_engine_id(frame, &p, end) == -1) {
521 client->status_code = SPOE_FRM_ERR_INVALID;
522 goto error;
523 }
524 }
525 else {
526 DEBUG(frame->worker, "<%lu> Skip K/V item : key=%.*s",
527 client->id, (int)sz, str);
528
529 /* Silently ignore unknown item */
530 if (spoe_skip_data(&p, end) == -1) {
531 client->status_code = SPOE_FRM_ERR_INVALID;
532 goto error;
533 }
534 }
535 }
536
537 if (async == false || client->engine_id == NULL)
538 client->async = false;
539 if (pipelining == false)
540 client->pipelining = false;
541
542 if (client->async == true)
543 use_spoe_engine(client);
544
545 return (p - frame->buf);
546 error:
547 return -1;
548}
549
550/* Decode a DISCONNECT frame received from HAProxy. It returns -1 if an error
551 * occurred, otherwise the number of read bytes. DISCONNECT frame cannot be
552 * ignored and having another frame than a DISCONNECT frame is an error.*/
553static int
554handle_hadiscon(struct spoe_frame *frame)
555{
556 struct client *client = frame->client;
557 char *p, *end;
558
559 p = frame->buf;
560 end = frame->buf + frame->len;
561
562 /* Check frame type: we really want a DISCONNECT frame */
563 if (*p++ != SPOE_FRM_T_HAPROXY_DISCON)
564 goto error;
565
566 DEBUG(frame->worker, "<%lu> Decode HAProxy DISCONNECT frame", client->id);
567
568 /* Retrieve flags */
569 memcpy((char *)&(frame->flags), p, 4);
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]570 frame->flags = ntohl(frame->flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]571 p += 4;
572
573 /* Fragmentation is not supported for DISCONNECT frame */
574 if (!(frame->flags & SPOE_FRM_FL_FIN)) {
575 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
576 goto error;
577 }
578
579 /* stream-id and frame-id must be cleared */
580 if (*p != 0 || *(p+1) != 0) {
581 client->status_code = SPOE_FRM_ERR_INVALID;
582 goto error;
583 }
584 p += 2;
585
586 client->status_code = SPOE_FRM_ERR_NONE;
587
588 /* Loop on K/V items */
589 while (p < end) {
590 char *str;
591 uint64_t sz;
592
593 /* Decode item key */
594 spoe_decode_buffer(&p, end, &str, &sz);
595 if (!str) {
596 client->status_code = SPOE_FRM_ERR_INVALID;
597 goto error;
598 }
599
600 /* Check "status-code" K/V item */
601 if (!memcmp(str, "status-code", sz)) {
602 if (check_discon_status_code(frame, &p, end) == -1) {
603 client->status_code = SPOE_FRM_ERR_INVALID;
604 goto error;
605 }
606 }
607 /* Check "message" K/V item */
608 else if (!memcmp(str, "message", sz)) {
609 if (check_discon_message(frame, &p, end) == -1) {
610 client->status_code = SPOE_FRM_ERR_INVALID;
611 goto error;
612 }
613 }
614 else {
615 DEBUG(frame->worker, "<%lu> Skip K/V item : key=%.*s",
616 client->id, (int)sz, str);
617
618 /* Silently ignore unknown item */
619 if (spoe_skip_data(&p, end) == -1) {
620 client->status_code = SPOE_FRM_ERR_INVALID;
621 goto error;
622 }
623 }
624 }
625
626 return (p - frame->buf);
627 error:
628 return -1;
629}
630
631/* Decode a NOTIFY frame received from HAProxy. It returns -1 if an error
632 * occurred, 0 if it must be must be ignored, otherwise the number of read
633 * bytes. */
634static int
635handle_hanotify(struct spoe_frame *frame)
636{
637 struct client *client = frame->client;
638 char *p, *end;
639 uint64_t stream_id, frame_id;
640
641 p = frame->buf;
642 end = frame->buf + frame->len;
643
644 /* Check frame type */
645 if (*p++ != SPOE_FRM_T_HAPROXY_NOTIFY)
646 goto ignore;
647
648 DEBUG(frame->worker, "<%lu> Decode HAProxy NOTIFY frame", client->id);
649
650 /* Retrieve flags */
651 memcpy((char *)&(frame->flags), p, 4);
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]652 frame->flags = ntohl(frame->flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]653 p += 4;
654
655 /* Fragmentation is not supported */
656 if (!(frame->flags & SPOE_FRM_FL_FIN) && fragmentation == false) {
657 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
658 goto error;
659 }
660
661 /* Read the stream-id and frame-id */
662 if (decode_varint(&p, end, &stream_id) == -1)
663 goto ignore;
664 if (decode_varint(&p, end, &frame_id) == -1)
665 goto ignore;
666
667 frame->stream_id = (unsigned int)stream_id;
668 frame->frame_id = (unsigned int)frame_id;
669
670 DEBUG(frame->worker, "<%lu> STREAM-ID=%u - FRAME-ID=%u"
671 " - %s frame received"
672 " - frag_len=%u - len=%u - offset=%ld",
673 client->id, frame->stream_id, frame->frame_id,
674 (frame->flags & SPOE_FRM_FL_FIN) ? "unfragmented" : "fragmented",
675 frame->frag_len, frame->len, p - frame->buf);
676
677 frame->fragmented = !(frame->flags & SPOE_FRM_FL_FIN);
678 frame->offset = (p - frame->buf);
679 return acc_payload(frame);
680
681 ignore:
682 return 0;
683
684 error:
685 return -1;
686}
687
688/* Decode next part of a fragmented frame received from HAProxy. It returns -1
689 * if an error occurred, 0 if it must be must be ignored, otherwise the number
690 * of read bytes. */
691static int
692handle_hafrag(struct spoe_frame *frame)
693{
694 struct client *client = frame->client;
695 char *p, *end;
696 uint64_t stream_id, frame_id;
697
698 p = frame->buf;
699 end = frame->buf + frame->len;
700
701 /* Check frame type */
702 if (*p++ != SPOE_FRM_T_UNSET)
703 goto ignore;
704
705 DEBUG(frame->worker, "<%lu> Decode Next part of a fragmented frame", client->id);
706
707 /* Fragmentation is not supported */
708 if (fragmentation == false) {
709 client->status_code = SPOE_FRM_ERR_FRAG_NOT_SUPPORTED;
710 goto error;
711 }
712
713 /* Retrieve flags */
714 memcpy((char *)&(frame->flags), p, 4);
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]715 frame->flags = ntohl(frame->flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]716 p+= 4;
717
718 /* Read the stream-id and frame-id */
719 if (decode_varint(&p, end, &stream_id) == -1)
720 goto ignore;
721 if (decode_varint(&p, end, &frame_id) == -1)
722 goto ignore;
723
724 if (frame->fragmented == false ||
725 frame->stream_id != (unsigned int)stream_id ||
726 frame->frame_id != (unsigned int)frame_id) {
727 client->status_code = SPOE_FRM_ERR_INTERLACED_FRAMES;
728 goto error;
729 }
730
731 if (frame->flags & SPOE_FRM_FL_ABRT) {
732 DEBUG(frame->worker, "<%lu> STREAM-ID=%u - FRAME-ID=%u"
733 " - Abort processing of a fragmented frame"
734 " - frag_len=%u - len=%u - offset=%ld",
735 client->id, frame->stream_id, frame->frame_id,
736 frame->frag_len, frame->len, p - frame->buf);
737 goto ignore;
738 }
739
740 DEBUG(frame->worker, "<%lu> STREAM-ID=%u - FRAME-ID=%u"
741 " - %s fragment of a fragmented frame received"
742 " - frag_len=%u - len=%u - offset=%ld",
743 client->id, frame->stream_id, frame->frame_id,
744 (frame->flags & SPOE_FRM_FL_FIN) ? "last" : "next",
745 frame->frag_len, frame->len, p - frame->buf);
746
747 frame->offset = (p - frame->buf);
748 return acc_payload(frame);
749
750 ignore:
751 return 0;
752
753 error:
754 return -1;
755}
756
757/* Encode a HELLO frame to send it to HAProxy. It returns the number of written
758 * bytes. */
759static int
760prepare_agenthello(struct spoe_frame *frame)
761{
762 struct client *client = frame->client;
763 char *p, *end;
764 char capabilities[64];
765 int n;
766 unsigned int flags = SPOE_FRM_FL_FIN;
767
768 DEBUG(frame->worker, "<%lu> Encode Agent HELLO frame", client->id);
769 frame->type = SPOA_FRM_T_AGENT;
770
771 p = frame->buf;
772 end = frame->buf+max_frame_size;
773
774 /* Frame Type */
775 *p++ = SPOE_FRM_T_AGENT_HELLO;
776
777 /* Set flags */
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]778 flags = htonl(flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]779 memcpy(p, (char *)&flags, 4);
780 p += 4;
781
782 /* No stream-id and frame-id for HELLO frames */
783 *p++ = 0;
784 *p++ = 0;
785
786 /* "version" K/V item */
787 spoe_encode_buffer("version", 7, &p, end);
788 *p++ = SPOE_DATA_T_STR;
789 spoe_encode_buffer(SPOP_VERSION, SLEN(SPOP_VERSION), &p, end);
790 DEBUG(frame->worker, "<%lu> Agent version : %s",
791 client->id, SPOP_VERSION);
792
793
794 /* "max-frame-size" K/V item */
795 spoe_encode_buffer("max-frame-size", 14, &p ,end);
796 *p++ = SPOE_DATA_T_UINT32;
797 encode_varint(client->max_frame_size, &p, end);
798 DEBUG(frame->worker, "<%lu> Agent maximum frame size : %u",
799 client->id, client->max_frame_size);
800
801 /* "capabilities" K/V item */
802 spoe_encode_buffer("capabilities", 12, &p, end);
803 *p++ = SPOE_DATA_T_STR;
804
805 memset(capabilities, 0, sizeof(capabilities));
806 n = 0;
807
808 /* 1. Fragmentation capability ? */
809 if (fragmentation == true) {
810 memcpy(capabilities, "fragmentation", 13);
811 n += 13;
812 }
813 /* 2. Pipelining capability ? */
814 if (client->pipelining == true) {
815 if (n) capabilities[n++] = ',';
816 memcpy(capabilities + n, "pipelining", 10);
817 n += 10;
818 }
819 /* 3. Async capability ? */
820 if (client->async == true) {
821 if (n) capabilities[n++] = ',';
822 memcpy(capabilities + n, "async", 5);
823 n += 5;
824 }
825 spoe_encode_buffer(capabilities, n, &p, end);
826
827 DEBUG(frame->worker, "<%lu> Agent capabilities : %.*s",
828 client->id, n, capabilities);
829
830 frame->len = (p - frame->buf);
831 return frame->len;
832}
833
834/* Encode a DISCONNECT frame to send it to HAProxy. It returns the number of
835 * written bytes. */
836static int
837prepare_agentdicon(struct spoe_frame *frame)
838{
839 struct client *client = frame->client;
840 char *p, *end;
841 const char *reason;
842 int rlen;
843 unsigned int flags = SPOE_FRM_FL_FIN;
844
845 DEBUG(frame->worker, "<%lu> Encode Agent DISCONNECT frame", client->id);
846 frame->type = SPOA_FRM_T_AGENT;
847
848 p = frame->buf;
849 end = frame->buf+max_frame_size;
850
851 if (client->status_code >= SPOE_FRM_ERRS)
852 client->status_code = SPOE_FRM_ERR_UNKNOWN;
853 reason = spoe_frm_err_reasons[client->status_code];
854 rlen = strlen(reason);
855
856 /* Frame type */
857 *p++ = SPOE_FRM_T_AGENT_DISCON;
858
859 /* Set flags */
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]860 flags = htonl(flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]861 memcpy(p, (char *)&flags, 4);
862 p += 4;
863
864 /* No stream-id and frame-id for DISCONNECT frames */
865 *p++ = 0;
866 *p++ = 0;
867
868 /* There are 2 mandatory items: "status-code" and "message" */
869
870 /* "status-code" K/V item */
871 spoe_encode_buffer("status-code", 11, &p, end);
872 *p++ = SPOE_DATA_T_UINT32;
873 encode_varint(client->status_code, &p, end);
874 DEBUG(frame->worker, "<%lu> Disconnect status code : %u",
875 client->id, client->status_code);
876
877 /* "message" K/V item */
878 spoe_encode_buffer("message", 7, &p, end);
879 *p++ = SPOE_DATA_T_STR;
880 spoe_encode_buffer(reason, rlen, &p, end);
881 DEBUG(frame->worker, "<%lu> Disconnect message : %s",
882 client->id, reason);
883
884 frame->len = (p - frame->buf);
885 return frame->len;
886}
887
888/* Encode a ACK frame to send it to HAProxy. It returns the number of written
889 * bytes. */
890static int
891prepare_agentack(struct spoe_frame *frame)
892{
893 char *p, *end;
894 unsigned int flags = SPOE_FRM_FL_FIN;
895
896 /* Be careful here, in async mode, frame->client can be NULL */
897
898 DEBUG(frame->worker, "Encode Agent ACK frame");
899 frame->type = SPOA_FRM_T_AGENT;
900
901 p = frame->buf;
902 end = frame->buf+max_frame_size;
903
904 /* Frame type */
905 *p++ = SPOE_FRM_T_AGENT_ACK;
906
907 /* Set flags */
Christopher Faulet48d02d02018-05-18 14:38:56 +0200[diff] [blame]908 flags = htonl(flags);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]909 memcpy(p, (char *)&flags, 4);
910 p += 4;
911
912 /* Set stream-id and frame-id for ACK frames */
913 encode_varint(frame->stream_id, &p, end);
914 encode_varint(frame->frame_id, &p, end);
915
916 DEBUG(frame->worker, "STREAM-ID=%u - FRAME-ID=%u",
917 frame->stream_id, frame->frame_id);
918
919 frame->len = (p - frame->buf);
920 return frame->len;
921}
922
923static int
924create_server_socket(void)
925{
926 struct sockaddr_in listen_addr;
927 int fd, yes = 1;
928
929 fd = socket(AF_INET, SOCK_STREAM, 0);
930 if (fd < 0) {
931 LOG(&null_worker, "Failed to create service socket : %m");
932 return -1;
933 }
934
935 memset(&listen_addr, 0, sizeof(listen_addr));
936 listen_addr.sin_family = AF_INET;
937 listen_addr.sin_addr.s_addr = INADDR_ANY;
938 listen_addr.sin_port = htons(server_port);
939
940 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) < 0 ||
941 setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &yes, sizeof(yes)) < 0) {
942 LOG(&null_worker, "Failed to set option on server socket : %m");
943 return -1;
944 }
945
946 if (bind(fd, (struct sockaddr *) &listen_addr, sizeof(listen_addr)) < 0) {
947 LOG(&null_worker, "Failed to bind server socket : %m");
948 return -1;
949 }
950
951 if (listen(fd, CONNECTION_BACKLOG) < 0) {
952 LOG(&null_worker, "Failed to listen on server socket : %m");
953 return -1;
954 }
955
956 return fd;
957}
958
959static void
960release_frame(struct spoe_frame *frame)
961{
962 struct worker *worker;
963
964 if (frame == NULL)
965 return;
966
967 if (event_pending(&frame->process_frame_event, EV_TIMEOUT, NULL))
968 event_del(&frame->process_frame_event);
969
970 worker = frame->worker;
971 LIST_DEL(&frame->list);
972 if (frame->frag_buf)
973 free(frame->frag_buf);
974 memset(frame, 0, sizeof(*frame)+max_frame_size+4);
975 LIST_ADDQ(&worker->frames, &frame->list);
976}
977
978static void
979release_client(struct client *c)
980{
981 struct spoe_frame *frame, *back;
982
983 if (c == NULL)
984 return;
985
986 DEBUG(c->worker, "<%lu> Release client", c->id);
987
988 LIST_DEL(&c->by_worker);
989 c->worker->nbclients--;
990
991 unuse_spoe_engine(c);
992 free(c->engine_id);
993
994 if (event_pending(&c->read_frame_event, EV_READ, NULL))
995 event_del(&c->read_frame_event);
996 if (event_pending(&c->write_frame_event, EV_WRITE, NULL))
997 event_del(&c->write_frame_event);
998
999 release_frame(c->incoming_frame);
1000 release_frame(c->outgoing_frame);
1001 list_for_each_entry_safe(frame, back, &c->processing_frames, list) {
1002 release_frame(frame);
1003 }
1004 list_for_each_entry_safe(frame, back, &c->outgoing_frames, list) {
1005 release_frame(frame);
1006 }
1007
1008 if (c->fd >= 0)
1009 close(c->fd);
1010
1011 free(c);
1012}
1013
1014static void
1015reset_frame(struct spoe_frame *frame)
1016{
1017 if (frame == NULL)
1018 return;
1019
1020 if (frame->frag_buf)
1021 free(frame->frag_buf);
1022
1023 frame->type = SPOA_FRM_T_UNKNOWN;
1024 frame->buf = (char *)(frame->data);
1025 frame->offset = 0;
1026 frame->len = 0;
1027 frame->stream_id = 0;
1028 frame->frame_id = 0;
1029 frame->flags = 0;
1030 frame->hcheck = false;
1031 frame->fragmented = false;
1032 frame->defender_status = -1;
1033 frame->frag_buf = NULL;
1034 frame->frag_len = 0;
1035 LIST_INIT(&frame->list);
1036}
1037
1038static void
1039use_spoe_engine(struct client *client)
1040{
1041 struct spoe_engine *eng;
1042
1043 if (client->engine_id == NULL)
1044 return;
1045
1046 list_for_each_entry(eng, &client->worker->engines, list) {
1047 if (!strcmp(eng->id, client->engine_id))
1048 goto end;
1049 }
1050
1051 if ((eng = malloc(sizeof(*eng))) == NULL) {
1052 client->async = false;
1053 return;
1054 }
1055
1056 eng->id = strdup(client->engine_id);
1057 LIST_INIT(&eng->clients);
1058 LIST_INIT(&eng->processing_frames);
1059 LIST_INIT(&eng->outgoing_frames);
1060 LIST_ADDQ(&client->worker->engines, &eng->list);
1061 LOG(client->worker, "Add new SPOE engine '%s'", eng->id);
1062
1063 end:
1064 client->engine = eng;
1065 LIST_ADDQ(&eng->clients, &client->by_engine);
1066}
1067
1068static void
1069unuse_spoe_engine(struct client *client)
1070{
1071 struct spoe_engine *eng;
1072 struct spoe_frame *frame, *back;
1073
1074 if (client == NULL || client->engine == NULL)
1075 return;
1076
1077 eng = client->engine;
1078 client->engine = NULL;
1079 LIST_DEL(&client->by_engine);
1080 if (!LIST_ISEMPTY(&eng->clients))
1081 return;
1082
1083 LOG(client->worker, "Remove SPOE engine '%s'", eng->id);
1084 LIST_DEL(&eng->list);
1085
1086 list_for_each_entry_safe(frame, back, &eng->processing_frames, list) {
1087 release_frame(frame);
1088 }
1089 list_for_each_entry_safe(frame, back, &eng->outgoing_frames, list) {
1090 release_frame(frame);
1091 }
1092 free(eng->id);
1093 free(eng);
1094}
1095
1096
1097static struct spoe_frame *
1098acquire_incoming_frame(struct client *client)
1099{
1100 struct spoe_frame *frame;
1101
1102 frame = client->incoming_frame;
1103 if (frame != NULL)
1104 return frame;
1105
1106 if (LIST_ISEMPTY(&client->worker->frames)) {
1107 if ((frame = calloc(1, sizeof(*frame)+max_frame_size+4)) == NULL) {
1108 LOG(client->worker, "Failed to allocate new frame : %m");
1109 return NULL;
1110 }
1111 }
1112 else {
1113 frame = LIST_NEXT(&client->worker->frames, typeof(frame), list);
1114 LIST_DEL(&frame->list);
1115 }
1116
1117 reset_frame(frame);
1118 frame->worker = client->worker;
1119 frame->engine = client->engine;
1120 frame->client = client;
1121
1122 if (event_assign(&frame->process_frame_event, client->worker->base, -1,
1123 EV_TIMEOUT|EV_PERSIST, process_frame_cb, frame) < 0) {
1124 LOG(client->worker, "Failed to create frame event");
1125 return NULL;
1126 }
1127
1128 client->incoming_frame = frame;
1129 return frame;
1130}
1131
1132static struct spoe_frame *
1133acquire_outgoing_frame(struct client *client)
1134{
1135 struct spoe_engine *engine = client->engine;
1136 struct spoe_frame *frame = NULL;
1137
1138 if (client->outgoing_frame != NULL)
1139 frame = client->outgoing_frame;
1140 else if (!LIST_ISEMPTY(&client->outgoing_frames)) {
1141 frame = LIST_NEXT(&client->outgoing_frames, typeof(frame), list);
1142 LIST_DEL(&frame->list);
1143 client->outgoing_frame = frame;
1144 }
1145 else if (engine!= NULL && !LIST_ISEMPTY(&engine->outgoing_frames)) {
1146 frame = LIST_NEXT(&engine->outgoing_frames, typeof(frame), list);
1147 LIST_DEL(&frame->list);
1148 client->outgoing_frame = frame;
1149 }
1150 return frame;
1151}
1152
1153static void
1154write_frame(struct client *client, struct spoe_frame *frame)
1155{
1156 uint32_t netint;
1157
1158 LIST_DEL(&frame->list);
1159
1160 frame->buf = (char *)(frame->data);
1161 frame->offset = 0;
1162 netint = htonl(frame->len);
1163 memcpy(frame->buf, &netint, 4);
1164
1165 if (client != NULL) { /* HELLO or DISCONNECT frames */
1166 event_add(&client->write_frame_event, NULL);
1167
1168 /* Try to process the frame as soon as possible, and always
1169 * attach it to the client */
1170 if (client->async || client->pipelining) {
1171 if (client->outgoing_frame == NULL)
1172 client->outgoing_frame = frame;
1173 else
1174 LIST_ADD(&client->outgoing_frames, &frame->list);
1175 }
1176 else {
1177 client->outgoing_frame = frame;
1178 event_del(&client->read_frame_event);
1179 }
1180 }
1181 else { /* for all other frames */
1182 if (frame->client == NULL) { /* async mode ! */
1183 LIST_ADDQ(&frame->engine->outgoing_frames, &frame->list);
1184 list_for_each_entry(client, &frame->engine->clients, by_engine)
1185 event_add(&client->write_frame_event, NULL);
1186 }
1187 else if (frame->client->pipelining) {
1188 LIST_ADDQ(&frame->client->outgoing_frames, &frame->list);
1189 event_add(&frame->client->write_frame_event, NULL);
1190 }
1191 else {
1192 frame->client->outgoing_frame = frame;
1193 event_add(&frame->client->write_frame_event, NULL);
1194 event_del(&frame->client->read_frame_event);
1195 }
1196 }
1197}
1198
1199static void
1200process_incoming_frame(struct spoe_frame *frame)
1201{
1202 struct client *client = frame->client;
1203
1204 if (event_add(&frame->process_frame_event, &processing_delay) < 0) {
1205 LOG(client->worker, "Failed to process incoming frame");
1206 release_frame(frame);
1207 return;
1208 }
1209
1210 if (client->async) {
1211 frame->client = NULL;
1212 LIST_ADDQ(&frame->engine->processing_frames, &frame->list);
1213 }
1214 else if (client->pipelining)
1215 LIST_ADDQ(&client->processing_frames, &frame->list);
1216 else
1217 event_del(&client->read_frame_event);
1218}
1219
1220static void
1221signal_cb(evutil_socket_t sig, short events, void *user_data)
1222{
1223 struct event_base *base = user_data;
1224 int i;
1225
1226 DEBUG(&null_worker, "Stopping the server");
1227
1228 event_base_loopbreak(base);
1229 DEBUG(&null_worker, "Main event loop stopped");
1230
1231 for (i = 0; i < num_workers; i++) {
1232 event_base_loopbreak(workers[i].base);
1233 DEBUG(&null_worker, "Event loop stopped for worker %02d",
1234 workers[i].id);
1235 }
1236}
1237
1238static void
1239worker_monitor_cb(evutil_socket_t fd, short events, void *arg)
1240{
1241 struct worker *worker = arg;
1242
1243 LOG(worker, "%u clients connected", worker->nbclients);
1244}
1245
1246static void
1247process_frame_cb(evutil_socket_t fd, short events, void *arg)
1248{
1249 struct spoe_frame *frame = arg;
1250 char *p, *end;
1251 int ret;
1252
1253 DEBUG(frame->worker,
1254 "Process frame messages : STREAM-ID=%u - FRAME-ID=%u - length=%u bytes",
1255 frame->stream_id, frame->frame_id, frame->len - frame->offset);
1256
1257 p = frame->buf + frame->offset;
1258 end = frame->buf + frame->len;
1259
1260 /* Loop on messages */
1261 while (p < end) {
1262 char *str;
1263 uint64_t sz;
1264 int nbargs;
1265
1266 /* Decode the message name */
1267 spoe_decode_buffer(&p, end, &str, &sz);
1268 if (!str)
1269 goto stop_processing;
1270
1271 DEBUG(frame->worker, "Process SPOE Message '%.*s'", (int)sz, str);
1272
1273 nbargs = *p++; /* Get the number of arguments */
1274 frame->offset = (p - frame->buf); /* Save index to handle errors and skip args */
1275 if (!memcmp(str, "check-request", sz)) {
1276 struct defender_request request;
1277
1278 memset(&request, 0, sizeof(request));
1279
1280 if (nbargs != 8)
1281 goto skip_message;
1282
1283 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1284 goto stop_processing;
1285 if (spoe_decode_data(&p, end, &request.clientip) == -1)
1286 goto skip_message;
1287
1288 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1289 goto stop_processing;
1290 if (spoe_decode_data(&p, end, &request.id) == -1)
1291 goto skip_message;
1292
1293 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1294 goto stop_processing;
1295 if (spoe_decode_data(&p, end, &request.method) == -1)
1296 goto skip_message;
1297
1298 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1299 goto stop_processing;
1300 if (spoe_decode_data(&p, end, &request.path) == -1)
1301 goto skip_message;
1302
1303 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1304 goto stop_processing;
1305 if (spoe_decode_data(&p, end, &request.query) == -1)
1306 goto skip_message;
1307
1308 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1309 goto stop_processing;
1310 if (spoe_decode_data(&p, end, &request.version) == -1)
1311 goto skip_message;
1312
1313 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1314 goto stop_processing;
1315 if (spoe_decode_data(&p, end, &request.headers) == -1)
1316 goto skip_message;
1317
1318 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1319 goto stop_processing;
1320 if (spoe_decode_data(&p, end, &request.body) == -1)
1321 goto skip_message;
1322
1323 frame->defender_status = defender_process_request(frame->worker, &request);
1324 }
1325 else {
1326 skip_message:
1327 p = frame->buf + frame->offset; /* Restore index */
1328
1329 while (nbargs-- > 0) {
1330 /* Silently ignore argument: its name and its value */
1331 if (spoe_decode_buffer(&p, end, &str, &sz) == -1)
1332 goto stop_processing;
1333 if (spoe_skip_data(&p, end) == -1)
1334 goto stop_processing;
1335 }
1336 }
1337 }
1338
1339 stop_processing:
1340 /* Prepare agent ACK frame */
1341 frame->buf = (char *)(frame->data) + 4;
1342 frame->offset = 0;
1343 frame->len = 0;
1344 frame->flags = 0;
1345
1346 ret = prepare_agentack(frame);
Dragan Dosenf21185f2018-06-01 15:42:12 +0200[diff] [blame]1347 p = frame->buf + ret;
1348 end = frame->buf+max_frame_size;
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]1349
1350 if (frame->defender_status != -1) {
1351 DEBUG(frame->worker, "Add action : set variable status=%u",
1352 frame->defender_status);
1353
1354 *p++ = SPOE_ACT_T_SET_VAR; /* Action type */
1355 *p++ = 3; /* Number of args */
1356 *p++ = SPOE_SCOPE_SESS; /* Arg 1: the scope */
1357 spoe_encode_buffer("status", 6, &p, end); /* Arg 2: variable name */
1358 *p++ = SPOE_DATA_T_UINT32;
1359 encode_varint(frame->defender_status, &p, end); /* Arg 3: variable value */
1360 frame->len = (p - frame->buf);
1361 }
1362 write_frame(NULL, frame);
1363}
1364
1365static void
1366read_frame_cb(evutil_socket_t fd, short events, void *arg)
1367{
1368 struct client *client = arg;
1369 struct spoe_frame *frame;
1370 uint32_t netint;
1371 int n;
1372
1373 DEBUG(client->worker, "<%lu> %s", client->id, __FUNCTION__);
1374 if ((frame = acquire_incoming_frame(client)) == NULL)
1375 goto close;
1376
1377 frame->type = SPOA_FRM_T_HAPROXY;
1378 if (frame->buf == (char *)(frame->data)) {
1379 /* Read the frame length: frame->buf points on length part (frame->data) */
1380 n = read(client->fd, frame->buf+frame->offset, 4-frame->offset);
1381 if (n <= 0) {
1382 if (n < 0)
1383 LOG(client->worker, "Failed to read frame length : %m");
1384 goto close;
1385 }
1386 frame->offset += n;
1387 if (frame->offset != 4)
1388 return;
1389 memcpy(&netint, frame->buf, 4);
1390 frame->buf += 4;
1391 frame->offset = 0;
1392 frame->len = ntohl(netint);
1393 }
1394
1395 /* Read the frame: frame->buf points on frame part (frame->data+4)*/
1396 n = read(client->fd, frame->buf + frame->offset,
1397 frame->len - frame->offset);
1398 if (n <= 0) {
1399 if (n < 0) {
1400 LOG(client->worker, "Frame to read frame : %m");
1401 goto close;
1402 }
1403 return;
1404 }
1405 frame->offset += n;
1406 if (frame->offset != frame->len)
1407 return;
1408 frame->offset = 0;
1409
1410 DEBUG(client->worker, "<%lu> New Frame of %u bytes received",
1411 client->id, frame->len);
1412
1413 switch (client->state) {
1414 case SPOA_ST_CONNECTING:
1415 if (handle_hahello(frame) < 0) {
1416 LOG(client->worker, "Failed to decode HELLO frame");
1417 goto disconnect;
1418 }
1419 prepare_agenthello(frame);
1420 goto write_frame;
1421
1422 case SPOA_ST_PROCESSING:
1423 if (frame->buf[0] == SPOE_FRM_T_HAPROXY_DISCON) {
1424 client->state = SPOA_ST_DISCONNECTING;
1425 goto disconnecting;
1426 }
1427 if (frame->buf[0] == SPOE_FRM_T_UNSET)
1428 n = handle_hafrag(frame);
1429 else
1430 n = handle_hanotify(frame);
1431
1432 if (n < 0) {
1433 LOG(client->worker, "Failed to decode frame: %s",
1434 spoe_frm_err_reasons[client->status_code]);
1435 goto disconnect;
1436 }
1437 else if (n == 0) {
1438 LOG(client->worker, "Ignore invalid/unknown/aborted frame");
1439 goto ignore_frame;
1440 }
1441 else if (n == 1)
1442 goto noop;
1443 else
1444 goto process_frame;
1445
1446 case SPOA_ST_DISCONNECTING:
1447 disconnecting:
1448 if (handle_hadiscon(frame) < 0) {
1449 LOG(client->worker, "Failed to decode DISCONNECT frame");
1450 goto disconnect;
1451 }
1452 if (client->status_code != SPOE_FRM_ERR_NONE)
1453 LOG(client->worker, "<%lu> Peer closed connection: %s",
1454 client->id, spoe_frm_err_reasons[client->status_code]);
Dragan Dosen59bb97a2017-06-02 12:03:16 +0200[diff] [blame]1455 goto disconnect;
1456 }
1457
1458 noop:
1459 return;
1460
1461 ignore_frame:
1462 reset_frame(frame);
1463 return;
1464
1465 process_frame:
1466 process_incoming_frame(frame);
1467 client->incoming_frame = NULL;
1468 return;
1469
1470 write_frame:
1471 write_frame(client, frame);
1472 client->incoming_frame = NULL;
1473 return;
1474
1475 disconnect:
1476 client->state = SPOA_ST_DISCONNECTING;
1477 if (prepare_agentdicon(frame) < 0) {
1478 LOG(client->worker, "Failed to encode DISCONNECT frame");
1479 goto close;
1480 }
1481 goto write_frame;
1482
1483 close:
1484 release_client(client);
1485}
1486
1487static void
1488write_frame_cb(evutil_socket_t fd, short events, void *arg)
1489{
1490 struct client *client = arg;
1491 struct spoe_frame *frame;
1492 int n;
1493
1494 DEBUG(client->worker, "<%lu> %s", client->id, __FUNCTION__);
1495 if ((frame = acquire_outgoing_frame(client)) == NULL) {
1496 event_del(&client->write_frame_event);
1497 return;
1498 }
1499
1500 if (frame->buf == (char *)(frame->data)) {
1501 /* Write the frame length: frame->buf points on length part (frame->data) */
1502 n = write(client->fd, frame->buf+frame->offset, 4-frame->offset);
1503 if (n <= 0) {
1504 if (n < 0)
1505 LOG(client->worker, "Failed to write frame length : %m");
1506 goto close;
1507 }
1508 frame->offset += n;
1509 if (frame->offset != 4)
1510 return;
1511 frame->buf += 4;
1512 frame->offset = 0;
1513 }
1514
1515 /* Write the frame: frame->buf points on frame part (frame->data+4)*/
1516 n = write(client->fd, frame->buf + frame->offset,
1517 frame->len - frame->offset);
1518 if (n <= 0) {
1519 if (n < 0) {
1520 LOG(client->worker, "Failed to write frame : %m");
1521 goto close;
1522 }
1523 return;
1524 }
1525 frame->offset += n;
1526 if (frame->offset != frame->len)
1527 return;
1528
1529 DEBUG(client->worker, "<%lu> Frame of %u bytes send",
1530 client->id, frame->len);
1531
1532 switch (client->state) {
1533 case SPOA_ST_CONNECTING:
1534 if (frame->hcheck == true) {
1535 DEBUG(client->worker,
1536 "<%lu> Close client after healthcheck",
1537 client->id);
1538 goto close;
1539 }
1540 client->state = SPOA_ST_PROCESSING;
1541 break;
1542
1543 case SPOA_ST_PROCESSING:
1544 break;
1545
1546 case SPOA_ST_DISCONNECTING:
1547 goto close;
1548 }
1549
1550 release_frame(frame);
1551 client->outgoing_frame = NULL;
1552 if (!client->async && !client->pipelining) {
1553 event_del(&client->write_frame_event);
1554 event_add(&client->read_frame_event, NULL);
1555 }
1556 return;
1557
1558 close:
1559 release_client(client);
1560}
1561
1562static void
1563accept_cb(int listener, short event, void *arg)
1564{
1565 struct worker *worker;
1566 struct client *client;
1567 int fd;
1568
1569 worker = &workers[clicount++ % num_workers];
1570
1571 if ((fd = accept(listener, NULL, NULL)) < 0) {
1572 if (errno != EAGAIN && errno != EWOULDBLOCK)
1573 LOG(worker, "Failed to accept client connection : %m");
1574 return;
1575 }
1576
1577 DEBUG(&null_worker,
1578 "<%lu> New Client connection accepted and assigned to worker %02d",
1579 clicount, worker->id);
1580
1581 if (evutil_make_socket_nonblocking(fd) < 0) {
1582 LOG(&null_worker, "Failed to set client socket to non-blocking : %m");
1583 close(fd);
1584 return;
1585 }
1586
1587 if ((client = calloc(1, sizeof(*client))) == NULL) {
1588 LOG(&null_worker, "Failed to allocate memory for client state : %m");
1589 close(fd);
1590 return;
1591 }
1592
1593 client->id = clicount;
1594 client->fd = fd;
1595 client->worker = worker;
1596 client->state = SPOA_ST_CONNECTING;
1597 client->status_code = SPOE_FRM_ERR_NONE;
1598 client->max_frame_size = max_frame_size;
1599 client->engine = NULL;
1600 client->pipelining = false;
1601 client->async = false;
1602 client->incoming_frame = NULL;
1603 client->outgoing_frame = NULL;
1604 LIST_INIT(&client->processing_frames);
1605 LIST_INIT(&client->outgoing_frames);
1606
1607 LIST_ADDQ(&worker->clients, &client->by_worker);
1608
1609 worker->nbclients++;
1610
1611 if (event_assign(&client->read_frame_event, worker->base, fd,
1612 EV_READ|EV_PERSIST, read_frame_cb, client) < 0 ||
1613 event_assign(&client->write_frame_event, worker->base, fd,
1614 EV_WRITE|EV_PERSIST, write_frame_cb, client) < 0) {
1615 LOG(&null_worker, "Failed to create client events");
1616 release_client(client);
1617 return;
1618 }
1619 event_add(&client->read_frame_event, NULL);
1620}
1621
1622static void *
1623worker_function(void *data)
1624{
1625 struct client *client, *cback;
1626 struct spoe_frame *frame, *fback;
1627 struct worker *worker = data;
1628
1629 DEBUG(worker, "Worker ready to process client messages");
1630 event_base_dispatch(worker->base);
1631
1632 list_for_each_entry_safe(client, cback, &worker->clients, by_worker) {
1633 release_client(client);
1634 }
1635
1636 list_for_each_entry_safe(frame, fback, &worker->frames, list) {
1637 LIST_DEL(&frame->list);
1638 free(frame);
1639 }
1640
1641 event_free(worker->monitor_event);
1642 event_base_free(worker->base);
1643 DEBUG(worker, "Worker is stopped");
1644 pthread_exit(&null_worker);
1645}
1646
1647
1648static int
1649parse_processing_delay(const char *str)
1650{
1651 unsigned long value;
1652
1653 value = 0;
1654 while (1) {
1655 unsigned int j;
1656
1657 j = *str - '0';
1658 if (j > 9)
1659 break;
1660 str++;
1661 value *= 10;
1662 value += j;
1663 }
1664
1665 switch (*str) {
1666 case '\0': /* no unit = millisecond */
1667 value *= 1000;
1668 break;
1669 case 's': /* second */
1670 value *= 1000000;
1671 str++;
1672 break;
1673 case 'm': /* millisecond : "ms" */
1674 if (str[1] != 's')
1675 return -1;
1676 value *= 1000;
1677 str += 2;
1678 break;
1679 case 'u': /* microsecond : "us" */
1680 if (str[1] != 's')
1681 return -1;
1682 str += 2;
1683 break;
1684 default:
1685 return -1;
1686 }
1687 if (*str)
1688 return -1;
1689
1690 processing_delay.tv_sec = (time_t)(value / 1000000);
1691 processing_delay.tv_usec = (suseconds_t)(value % 1000000);
1692 return 0;
1693}
1694
1695
1696static void
1697usage(char *prog)
1698{
1699 fprintf(stderr,
1700 "Usage : %s [OPTION]...\n"
1701 " -h Print this message\n"
1702 " -f <config-file> Mod Defender configuration file\n"
1703 " -l <log-file> Mod Defender log file\n"
1704 " -d Enable the debug mode\n"
1705 " -m <max-frame-size> Specify the maximum frame size (default : %u)\n"
1706 " -p <port> Specify the port to listen on (default : %d)\n"
1707 " -n <num-workers> Specify the number of workers (default : %d)\n"
1708 " -c <capability> Enable the support of the specified capability\n"
1709 " -t <time> Set a delay to process a message (default: 0)\n"
1710 " The value is specified in milliseconds by default,\n"
1711 " but can be in any other unit if the number is suffixed\n"
1712 " by a unit (us, ms, s)\n"
1713 "\n"
1714 " Supported capabilities: fragmentation, pipelining, async\n",
1715 prog, MAX_FRAME_SIZE, DEFAULT_PORT, NUM_WORKERS);
1716}
1717
1718int
1719main(int argc, char **argv)
1720{
1721 struct event_base *base = NULL;
1722 struct event *signal_event = NULL, *accept_event = NULL;
1723 int opt, i, fd = -1;
1724 const char *config_file = NULL;
1725 const char *log_file = NULL;
1726
1727 // TODO: add '-t <processing-time>' option
1728 while ((opt = getopt(argc, argv, "hf:l:dm:n:p:c:t:")) != -1) {
1729 switch (opt) {
1730 case 'h':
1731 usage(argv[0]);
1732 return EXIT_SUCCESS;
1733 case 'f':
1734 config_file = optarg;
1735 break;
1736 case 'l':
1737 log_file = optarg;
1738 break;
1739 case 'd':
1740 debug = true;
1741 break;
1742 case 'm':
1743 max_frame_size = atoi(optarg);
1744 break;
1745 case 'n':
1746 num_workers = atoi(optarg);
1747 break;
1748 case 'p':
1749 server_port = atoi(optarg);
1750 break;
1751 case 'c':
1752 if (!strcmp(optarg, "pipelining"))
1753 pipelining = true;
1754 else if (!strcmp(optarg, "async"))
1755 async = true;
1756 else if (!strcmp(optarg, "fragmentation"))
1757 fragmentation = true;
1758 else
1759 fprintf(stderr, "WARNING: unsupported capability '%s'\n", optarg);
1760 break;
1761 case 't':
1762 if (!parse_processing_delay(optarg))
1763 break;
1764 fprintf(stderr, "%s: failed to parse time '%s'.\n", argv[0], optarg);
1765 fprintf(stderr, "Try '%s -h' for more information.\n", argv[0]);
1766 return EXIT_FAILURE;
1767 default:
1768 usage(argv[0]);
1769 return EXIT_FAILURE;
1770 }
1771 }
1772
1773 if (!defender_init(config_file, log_file))
1774 goto error;
1775
1776 if (num_workers <= 0) {
1777 LOG(&null_worker, "%s : Invalid number of workers '%d'\n",
1778 argv[0], num_workers);
1779 goto error;
1780 }
1781
1782 if (server_port <= 0) {
1783 LOG(&null_worker, "%s : Invalid port '%d'\n",
1784 argv[0], server_port);
1785 goto error;
1786 }
1787
1788 if (evthread_use_pthreads() < 0) {
1789 LOG(&null_worker, "No pthreads support for libevent");
1790 goto error;
1791 }
1792
1793 if ((base = event_base_new()) == NULL) {
1794 LOG(&null_worker, "Failed to initialize libevent : %m");
1795 goto error;
1796 }
1797
1798 signal(SIGPIPE, SIG_IGN);
1799
1800 if ((fd = create_server_socket()) < 0) {
1801 LOG(&null_worker, "Failed to create server socket");
1802 goto error;
1803 }
1804 if (evutil_make_socket_nonblocking(fd) < 0) {
1805 LOG(&null_worker, "Failed to set server socket to non-blocking");
1806 goto error;
1807 }
1808
1809 if ((workers = calloc(num_workers, sizeof(*workers))) == NULL) {
1810 LOG(&null_worker, "Failed to set allocate memory for workers");
1811 goto error;
1812 }
1813
1814 for (i = 0; i < num_workers; ++i) {
1815 struct worker *w = &workers[i];
1816
1817 w->id = i+1;
1818 w->nbclients = 0;
1819 LIST_INIT(&w->engines);
1820 LIST_INIT(&w->clients);
1821 LIST_INIT(&w->frames);
1822
1823 if ((w->base = event_base_new()) == NULL) {
1824 LOG(&null_worker,
1825 "Failed to initialize libevent for worker %02d : %m",
1826 w->id);
1827 goto error;
1828 }
1829
1830 w->monitor_event = event_new(w->base, fd, EV_PERSIST,
1831 worker_monitor_cb, (void *)w);
1832 if (w->monitor_event == NULL ||
1833 event_add(w->monitor_event, (struct timeval[]){{5,0}}) < 0) {
1834 LOG(&null_worker,
1835 "Failed to create monitor event for worker %02d",
1836 w->id);
1837 goto error;
1838 }
1839
1840 if (pthread_create(&w->thread, NULL, worker_function, (void *)w)) {
1841 LOG(&null_worker,
1842 "Failed to start thread for worker %02d : %m",
1843 w->id);
1844 }
1845 DEBUG(&null_worker, "Worker %02d initialized", w->id);
1846 }
1847
1848 accept_event = event_new(base, fd, EV_READ|EV_PERSIST, accept_cb,
1849 (void *)base);
1850 if (accept_event == NULL || event_add(accept_event, NULL) < 0) {
1851 LOG(&null_worker, "Failed to create accept event : %m");
1852 }
1853
1854 signal_event = evsignal_new(base, SIGINT, signal_cb, (void *)base);
1855 if (signal_event == NULL || event_add(signal_event, NULL) < 0) {
1856 LOG(&null_worker, "Failed to create signal event : %m");
1857 }
1858
1859 DEBUG(&null_worker,
1860 "Server is ready"
1861 " [fragmentation=%s - pipelining=%s - async=%s - debug=%s - max-frame-size=%u]",
1862 (fragmentation?"true":"false"), (pipelining?"true":"false"), (async?"true":"false"),
1863 (debug?"true":"false"), max_frame_size);
1864 event_base_dispatch(base);
1865
1866 for (i = 0; i < num_workers; i++) {
1867 struct worker *w = &workers[i];
1868
1869 pthread_join(w->thread, NULL);
1870 DEBUG(&null_worker, "Worker %02d terminated", w->id);
1871 }
1872
1873 free(workers);
1874 event_free(signal_event);
1875 event_free(accept_event);
1876 event_base_free(base);
1877 close(fd);
1878 return EXIT_SUCCESS;
1879
1880 error:
1881 if (workers != NULL)
1882 free(workers);
1883 if (signal_event != NULL)
1884 event_free(signal_event);
1885 if (accept_event != NULL)
1886 event_free(accept_event);
1887 if (base != NULL)
1888 event_base_free(base);
1889 if (fd != -1)
1890 close(fd);
1891 return EXIT_FAILURE;
1892}