TSG-1531 TFE 新增 DOH 插件

1.DOH 协议解析
2.DOH 协议还原
3.DOH POST请求 early response
4.DOH 策略扫描
5.tfe plugin 支持多个 bussiness 插件调用
6.Maat_feather 的创建从 pangu 剥离(涉及pangu/doh/ssl-policy)
7.增加 kafka 日志
8.增加测试用例

common/src/tfe_http.cpp

@@ -153,11 +153,12 @@ int http_frame_raise_session_begin(struct http_frame_session_ctx * ht_frame,
 	struct tfe_plugin * plugin_info_iter;
 	TFE_PLUGIN_FOREACH(plugin_info_iter, &__for_each_iterator)
 	{
+		__plugin_id++;
 		if (plugin_info_iter->on_session_begin == NULL) continue;
 
 		/* Calling ctx, in callback can fetch by calling frame_plugin_status_get_XXX */
 		ht_frame->calling_plugin = plugin_info_iter;
-		ht_frame->calling_plugin_status = &ht_frame->plugin_status[__plugin_id];
+		ht_frame->calling_plugin_status = &ht_frame->plugin_status[__plugin_id - 1];
 
 		/* Call session begin */
 		void ** calling_pme = &ht_frame->calling_plugin_status->pme;
@@ -179,11 +180,12 @@ void http_frame_raise_session_end(struct http_frame_session_ctx * ht_frame, cons
 
 	TFE_PLUGIN_FOREACH(plugin_info_iter, &__for_each_iterator)
 	{
+		__plugin_id++;
 		if (plugin_info_iter->on_session_end == NULL) continue;
 
 		/* Calling ctx, in callback can fetch by calling frame_plugin_status_get_XXX */
 		ht_frame->calling_plugin = plugin_info_iter;
-		ht_frame->calling_plugin_status = &ht_frame->plugin_status[__plugin_id];
+		ht_frame->calling_plugin_status = &ht_frame->plugin_status[__plugin_id - 1];
 
 		/* Call session end */
 		void ** calling_pme = &ht_frame->calling_plugin_status->pme;
@@ -207,6 +209,7 @@ void http_frame_raise_event(struct http_frame_session_ctx * ht_frame,
 	struct tfe_plugin * plugin_info_iter;
 	TFE_PLUGIN_FOREACH(plugin_info_iter, &__for_each_iterator)
 	{
+		__plugin_id++;
 		if (plugin_info_iter->on_session_data == NULL)
 		{
 			continue;
@@ -214,7 +217,7 @@ void http_frame_raise_event(struct http_frame_session_ctx * ht_frame,
 
 		/* Calling ctx, in callback can fetch by calling frame_plugin_status_get_XXX */
 		ht_frame->calling_plugin = plugin_info_iter;
-		ht_frame->calling_plugin_status = &ht_frame->plugin_status[__plugin_id];
+		ht_frame->calling_plugin_status = &ht_frame->plugin_status[__plugin_id - 1];
 
 		if (ht_frame->calling_plugin_status->detached)
 		{
@@ -222,7 +225,10 @@ void http_frame_raise_event(struct http_frame_session_ctx * ht_frame,
 		}
 
 		void ** calling_pme = &ht_frame->calling_plugin_status->pme;
-		plugin_info_iter->on_session_data(stream, ht_session, event, data, datalen, thread_id, calling_pme);
+		if (plugin_info_iter->on_session_data(stream, ht_session, event, data, datalen, thread_id, calling_pme) == NO_CALL_NEXT_PLUGIN)
+		{
+			break;
+		}
 	}
 
 	ht_frame->calling_plugin = NULL;

common/src/tfe_resource.cpp

@@ -0,0 +1,169 @@
+#include <tfe_utils.h>
+#include <tfe_resource.h>
+#include <tfe_proxy.h>
+#include <MESA/Maat_rule.h>
+#include <MESA/MESA_prof_load.h>
+
+#define MAAT_INPUT_JSON 0
+#define MAAT_INPUT_REDIS 1
+#define MAAT_INPUT_FILE 2
+
+static Maat_feather_t static_maat = NULL;
+static Maat_feather_t dynamic_maat = NULL;
+
+static Maat_feather_t create_maat_feather(const char *instance_name, const char *profile, const char *section, int max_thread, void *logger)
+{
+    Maat_feather_t target;
+    int input_mode = 0, maat_stat_on = 0, maat_perf_on = 0;
+    int ret = 0, scan_detail = 0, effect_interval = 60;
+    char table_info[TFE_STRING_MAX] = {0}, inc_cfg_dir[TFE_STRING_MAX] = {0}, ful_cfg_dir[TFE_STRING_MAX] = {0};
+    char redis_server[TFE_STRING_MAX] = {0};
+    char redis_port_range[TFE_STRING_MAX] = {0};
+    char accept_tags[TFE_STRING_MAX] = {0};
+    int redis_port_begin = 0, redis_port_end = 0;
+    int redis_port_select = 0;
+    int redis_db_idx = 0;
+    char json_cfg_file[TFE_STRING_MAX] = {0}, maat_stat_file[TFE_STRING_MAX] = {0};
+
+    MESA_load_profile_int_def(profile, section, "maat_input_mode", &(input_mode), 0);
+    MESA_load_profile_int_def(profile, section, "stat_switch", &(maat_stat_on), 1);
+    MESA_load_profile_int_def(profile, section, "perf_switch", &(maat_perf_on), 1);
+    MESA_load_profile_string_def(profile, section, "table_info", table_info, sizeof(table_info), "");
+    MESA_load_profile_string_def(profile, section, "accept_tags", accept_tags, sizeof(accept_tags), "");
+    MESA_load_profile_string_def(profile, section, "json_cfg_file", json_cfg_file, sizeof(json_cfg_file), "");
+    MESA_load_profile_string_def(profile, section, "maat_redis_server", redis_server, sizeof(redis_server), "");
+    MESA_load_profile_string_def(profile, section, "maat_redis_port_range", redis_port_range, sizeof(redis_server), "6379");
+    MESA_load_profile_int_def(profile, section, "maat_redis_db_index", &(redis_db_idx), 0);
+    MESA_load_profile_string_def(profile, section, "inc_cfg_dir", inc_cfg_dir, sizeof(inc_cfg_dir), "");
+    MESA_load_profile_string_def(profile, section, "full_cfg_dir", ful_cfg_dir, sizeof(ful_cfg_dir), "");
+    MESA_load_profile_string_def(profile, section, "stat_file", maat_stat_file, sizeof(maat_stat_file), "");
+    MESA_load_profile_int_def(profile, section, "effect_interval_s", &(effect_interval), 60);
+
+    effect_interval *= 1000; //convert s to ms
+
+    target = Maat_feather(max_thread, table_info, logger);
+    Maat_set_feather_opt(target, MAAT_OPT_INSTANCE_NAME, instance_name, strlen(instance_name) + 1);
+    switch (input_mode)
+    {
+    case MAAT_INPUT_JSON:
+        if (!strlen(json_cfg_file))
+        {
+            TFE_LOG_ERROR(logger, "Invalid json_cfg_file, MAAT init failed.");
+            goto error_out;
+        }
+
+        Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file) + 1);
+        break;
+    case MAAT_INPUT_REDIS:
+        if (!strlen(redis_server))
+        {
+            TFE_LOG_ERROR(logger, "Invalid maat_redis_server, MAAT init failed.");
+            goto error_out;
+        }
+
+        ret = sscanf(redis_port_range, "%d-%d", &redis_port_begin, &redis_port_end);
+        if (ret == 1)
+        {
+            redis_port_select = redis_port_begin;
+        }
+        else if (ret == 2)
+        {
+            srand(time(NULL));
+            redis_port_select = redis_port_begin + rand() % (redis_port_end - redis_port_begin);
+        }
+        else
+        {
+            TFE_LOG_ERROR(logger, "Invalid redis port range %s, MAAT init failed.", redis_port_range);
+
+            goto error_out;
+        }
+
+        Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP, redis_server, strlen(redis_server) + 1);
+        Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port_select, sizeof(redis_port_select));
+        Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx));
+        break;
+    case MAAT_INPUT_FILE:
+        if (!strlen(ful_cfg_dir))
+        {
+            TFE_LOG_ERROR(logger, "Invalid ful_cfg_dir, MAAT init failed.");
+            goto error_out;
+        }
+
+        if (!strlen(inc_cfg_dir))
+        {
+            TFE_LOG_ERROR(logger, "Invalid inc_cfg_dir, MAAT init failed.");
+            goto error_out;
+        }
+
+        Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir) + 1);
+        Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir) + 1);
+        break;
+    default:
+        TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode);
+        goto error_out;
+        break;
+    }
+
+    Maat_set_feather_opt(target, MAAT_OPT_FOREIGN_CONT_DIR, "./pangu_files", strlen("./pangu_files") + 1);
+    if (maat_stat_on)
+    {
+        Maat_set_feather_opt(target, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file) + 1);
+        Maat_set_feather_opt(target, MAAT_OPT_STAT_ON, NULL, 0);
+        if (maat_perf_on)
+        {
+            Maat_set_feather_opt(target, MAAT_OPT_PERF_ON, NULL, 0);
+        }
+    }
+
+    Maat_set_feather_opt(target, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
+    Maat_set_feather_opt(target, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
+    if (strlen(accept_tags) > 0)
+    {
+        Maat_set_feather_opt(target, MAAT_OPT_ACCEPT_TAGS, &accept_tags, sizeof(accept_tags));
+    }
+
+    ret = Maat_initiate_feather(target);
+    if (ret < 0)
+    {
+        TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__);
+        goto error_out;
+    }
+
+    return target;
+error_out:
+    Maat_burn_feather(target);
+    return NULL;
+}
+
+int tfe_bussiness_resouce_init()
+{
+    const char *profile_path = "./conf/pangu/pangu_pxy.conf";
+    unsigned int thread_num = tfe_proxy_get_work_thread_count();
+    static_maat = create_maat_feather("static", profile_path, "MAAT", thread_num, g_default_logger);
+    if (!static_maat)
+    {
+        return -1;
+    }
+
+    dynamic_maat = create_maat_feather("dyn", profile_path, "DYNAMIC_MAAT", thread_num, g_default_logger);
+    if (!dynamic_maat)
+    {
+        return -1;
+    }
+
+    return 0;
+}
+
+void *tfe_bussiness_resouce_get(enum RESOURCE_TYPE type)
+{
+    if (type == STATIC_MAAT)
+    {
+        return static_maat;
+    }
+    if (type == DYNAMINC_MAAT)
+    {
+        return dynamic_maat;
+    }
+
+    return NULL;
+}

common/src/tfe_utils.cpp

@@ -154,4 +154,76 @@ cleanup:
     return content;
 }
 
+static int tfe_decode_base64_internal(u_char *dst, u_char *src, const u_char *basis)
+{
+    size_t          len;
+    u_char         *d, *s;
 
+    for (len = 0; len < strlen((char *)src); len++)
+    {
+        if (src[len] == '=')
+        {
+            break;
+        }
+
+        if (basis[src[len]] == 77)
+        {
+            return 0;
+        }
+    }
+
+    if (len % 4 == 1)
+    {
+        return 0;
+    }
+
+    s = src;
+    d = dst;
+
+    while (len > 3)
+    {
+        *d++ = (u_char) (basis[s[0]] << 2 | basis[s[1]] >> 4);
+        *d++ = (u_char) (basis[s[1]] << 4 | basis[s[2]] >> 2);
+        *d++ = (u_char) (basis[s[2]] << 6 | basis[s[3]]);
+
+        s += 4;
+        len -= 4;
+    }
+
+    if (len > 1)
+    {
+        *d++ = (u_char) (basis[s[0]] << 2 | basis[s[1]] >> 4);
+    }
+
+    if (len > 2)
+    {
+        *d++ = (u_char) (basis[s[1]] << 4 | basis[s[2]] >> 2);
+    }
+
+    return d - dst;
+}
+
+int tfe_decode_base64url(u_char *dst, u_char *src)
+{
+    static u_char   basis64[] = {
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 62, 77, 77,
+        52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 77, 77, 77, 77, 77, 77,
+        77,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
+        15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 77, 77, 77, 77, 63,
+        77, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+        41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 77, 77, 77, 77, 77,
+
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+        77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77, 77
+    };
+
+    return tfe_decode_base64_internal(dst, src, basis64);
+}