TSG-1531 TFE 新增 DOH 插件

1.DOH 协议解析
2.DOH 协议还原
3.DOH POST请求 early response
4.DOH 策略扫描
5.tfe plugin 支持多个 bussiness 插件调用
6.Maat_feather 的创建从 pangu 剥离(涉及pangu/doh/ssl-policy)
7.增加 kafka 日志
8.增加测试用例

plugin/business/pangu-http/src/pangu_http.cpp

@@ -7,6 +7,7 @@
 #include <tfe_utils.h>
 #include <tfe_http.h>
 #include <tfe_plugin.h>
+#include <tfe_resource.h>
 
 #include <MESA/Maat_rule.h>
 #include <MESA/MESA_handle_logger.h>
@@ -182,116 +183,6 @@ struct pangu_rt
 };
 struct pangu_rt * g_pangu_rt;
 
-Maat_feather_t g_business_maat;
-
-
-#define MAAT_INPUT_JSON			0
-#define MAAT_INPUT_REDIS    	1
-#define MAAT_INPUT_FILE        	2
-
-static Maat_feather_t create_maat_feather(const char * instance_name, const char * profile, const char * section, int max_thread, void * logger)
-{
-	Maat_feather_t target;
-	int input_mode = 0, maat_stat_on = 0, maat_perf_on = 0;
-	int ret = 0, scan_detail = 0, effect_interval = 60;
-	char table_info[TFE_STRING_MAX] = {0}, inc_cfg_dir[TFE_STRING_MAX] = {0}, ful_cfg_dir[TFE_STRING_MAX] = {0};
-	char redis_server[TFE_STRING_MAX] = {0};
-	char redis_port_range[TFE_STRING_MAX] = {0};
-	char accept_tags[TFE_STRING_MAX] = {0};
-	int redis_port_begin=0, redis_port_end=0;
-	int redis_port_select=0, deferred_load_on=0;
-	int redis_db_idx = 0;
-	char json_cfg_file[TFE_STRING_MAX] = {0}, maat_stat_file[TFE_STRING_MAX] = {0};
-	MESA_load_profile_int_def(profile, section, "maat_input_mode", &(input_mode), 0);
-	MESA_load_profile_int_def(profile, section, "stat_switch", &(maat_stat_on), 1);
-	MESA_load_profile_int_def(profile, section, "perf_switch", &(maat_perf_on), 1);
-
-	MESA_load_profile_string_def(profile, section, "table_info", table_info, sizeof(table_info), "");
-	MESA_load_profile_string_def(profile, section, "accept_tags", accept_tags, sizeof(accept_tags), "");
-
-	MESA_load_profile_string_def(profile, section, "json_cfg_file", json_cfg_file, sizeof(json_cfg_file), "");
-
-	MESA_load_profile_string_def(profile, section, "maat_redis_server", redis_server, sizeof(redis_server), "");
-	MESA_load_profile_string_def(profile, section, "maat_redis_port_range", redis_port_range, sizeof(redis_server), "6379");
-	ret=sscanf(redis_port_range,"%d-%d", &redis_port_begin, &redis_port_end);
-	if(ret==1)
-	{
-		redis_port_select=redis_port_begin;
-	}
-	else if(ret==2)
-	{
-		srand(time(NULL));
-		redis_port_select=redis_port_begin+rand()%(redis_port_end-redis_port_begin);
-	}
-	else
-	{
-		TFE_LOG_ERROR(logger, "Invalid redis port range %s, MAAT init failed.", redis_port_range);
-	}
-	MESA_load_profile_int_def(profile, section, "maat_redis_db_index", &(redis_db_idx), 0);
-
-	MESA_load_profile_string_def(profile, section, "inc_cfg_dir", inc_cfg_dir, sizeof(inc_cfg_dir), "");
-	MESA_load_profile_string_def(profile, section, "full_cfg_dir", ful_cfg_dir, sizeof(ful_cfg_dir), "");
-
-	MESA_load_profile_string_def(profile, section, "stat_file", maat_stat_file, sizeof(maat_stat_file), "");
-	MESA_load_profile_int_def(profile, section, "effect_interval_s", &(effect_interval), 60);
-	MESA_load_profile_int_def(profile, section, "deferred_load_on", &(deferred_load_on), 0);
-
-	effect_interval *= 1000;//convert s to ms
-	assert(strlen(inc_cfg_dir) != 0 || strlen(ful_cfg_dir) != 0 || strlen(redis_server)!=0 || strlen(json_cfg_file)!=0);
-
-	target = Maat_feather(max_thread, table_info, logger);
-	Maat_set_feather_opt(target, MAAT_OPT_INSTANCE_NAME, instance_name, strlen(instance_name) + 1);
-	switch (input_mode)
-	{
-		case MAAT_INPUT_JSON:
-			Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file) + 1);
-			break;
-		case MAAT_INPUT_REDIS:
-			Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP, redis_server, strlen(redis_server) + 1);
-			Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port_select, sizeof(redis_port_select));
-			Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx));
-			break;
-		case MAAT_INPUT_FILE: Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir) + 1);
-			Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir) + 1);
-			break;
-		default: TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode);
-			goto error_out;
-			break;
-	}
-
-
-	Maat_set_feather_opt(target, MAAT_OPT_FOREIGN_CONT_DIR, "./pangu_files", strlen("./pangu_files")+1);
-	if (maat_stat_on)
-	{
-		Maat_set_feather_opt(target, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file) + 1);
-		Maat_set_feather_opt(target, MAAT_OPT_STAT_ON, NULL, 0);
-		if (maat_perf_on)
-		{
-			Maat_set_feather_opt(target, MAAT_OPT_PERF_ON, NULL, 0);
-		}
-	}
-	Maat_set_feather_opt(target, MAAT_OPT_DEFERRED_LOAD, &deferred_load_on, sizeof(deferred_load_on));
-
-	Maat_set_feather_opt(target, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
-	Maat_set_feather_opt(target, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
-	if(strlen(accept_tags)>0)
-	{
-		Maat_set_feather_opt(target, MAAT_OPT_ACCEPT_TAGS, &accept_tags, sizeof(accept_tags));
-	}
-
-	ret = Maat_initiate_feather(target);
-	if (ret < 0)
-	{
-		TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__);
-		goto error_out;
-	}
-
-	return target;
-error_out:
-	Maat_burn_feather(target);
-	return NULL;
-}
-
 static void pangu_http_gc_cb(evutil_socket_t fd, short what, void * arg)
 {
 	int i=0;
@@ -1095,12 +986,7 @@ int maat_ip_table_init(int profile_idx,
 int pangu_policy_init(const char* profile_path, const char* static_section, const char* dynamic_section)
 {
 	int ret = 0;
-
-	g_pangu_rt->maat = create_maat_feather("static", profile_path, static_section, g_pangu_rt->thread_num, g_pangu_rt->local_logger);
-	if (!g_pangu_rt->maat)
-	{
-		goto error_out;
-	}
+	g_pangu_rt->maat = (Maat_feather_t)tfe_bussiness_resouce_get(STATIC_MAAT);
 
 	const char * table_name[__SCAN_TABLE_MAX];
 	table_name[PXY_CTRL_IP] = "TSG_SECURITY_ADDR";
@@ -1170,11 +1056,8 @@ int pangu_policy_init(const char* profile_path, const char* static_section, cons
 			goto error_out;
 		}
 	}
-	g_pangu_rt->dyn_maat = create_maat_feather("dyn", profile_path, dynamic_section, g_pangu_rt->thread_num, g_pangu_rt->local_logger);
-	if (!g_pangu_rt->maat)
-	{
-		goto error_out;
-	}
+
+	g_pangu_rt->dyn_maat = (Maat_feather_t)tfe_bussiness_resouce_get(DYNAMINC_MAAT);
 	g_pangu_rt->subscriber_id_table_id=Maat_table_register(g_pangu_rt->dyn_maat, "TSG_DYN_SUBSCRIBER_IP");
 	ret=Maat_plugin_EX_register(g_pangu_rt->dyn_maat,
 							g_pangu_rt->subscriber_id_table_id,
@@ -1304,7 +1187,6 @@ int pangu_http_init(struct tfe_proxy * proxy)
 		TFE_LOG_INFO(NULL, "Tango Cache Enabled.");
 	}
 	TFE_LOG_INFO(NULL, "Pangu HTTP init success.");
-	g_business_maat=g_pangu_rt->maat;
 	return 0;
 
 error_out:
@@ -3078,7 +2960,7 @@ void pangu_on_http_end(const struct tfe_stream * stream,
 	return;
 }
 
-void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_session * session,
+int pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_session * session,
 	enum tfe_http_event events, const unsigned char * body_frag, size_t frag_size, unsigned int thread_id, void ** pme)
 {
 	struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme;
@@ -3090,7 +2972,7 @@ void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_
 		{
 			ctx->resumed_cb=NULL;
 		}
-		return;
+		return NO_CALL_NEXT_PLUGIN;
 	}
 
 	enforce_control_policy(stream, session, events, body_frag, frag_size,thread_id, ctx);
@@ -3118,7 +3000,7 @@ void pangu_on_http_data(const struct tfe_stream * stream, const struct tfe_http_
 			cache_write(session, events, body_frag, frag_size, thread_id, ctx);
 		}
 	}
-	return;
+	return NO_CALL_NEXT_PLUGIN;
 }
 
 struct tfe_plugin pangu_http_spec = {