use user-agent for searching a client

Author: avbelov23

tempesta_fw/client.c

@@ -32,6 +32,9 @@
 #include "lib/str.h"
 #include "lib/common.h"
 
+/* Length of comparison of clients entry by User-Agent. */
+#define UA_CMP_LEN	256
+
 static struct {
 	unsigned int	db_size;
 	const char	*db_path;
@@ -49,17 +52,23 @@ static struct {
  * @users		- reference counter.
  * 			  Expiration state will begind, when the counter reaches
  *			  zero;
+ * @user_agent_len	- Length of @user_agent
+ * @user_agent		- UA_CMP_LEN first characters of User-Agent
  */
 typedef struct {
 	TfwClient	cli;
 	TfwAddr		xff_addr;
 	time_t		expires;
 	spinlock_t	lock;
 	atomic_t	users;
+	unsigned long	user_agent_len;
+	char		user_agent[UA_CMP_LEN];
 } TfwClientEntry;
 
 static TDB *client_db;
 
+unsigned long tfw_hash_str_len(const TfwStr *str, unsigned long str_len);
+
 /**
  * Called when a client socket is closed.
  */
@@ -93,6 +102,7 @@ tfw_client_put(TfwClient *cli)
 typedef struct {
 	TfwAddr addr;
 	TfwAddr xff_addr;
+	TfwStr	user_agent;
 } TfwClientEqCtx;
 
 static struct in6_addr any_addr = IN6ADDR_ANY_INIT;
@@ -118,6 +128,12 @@ tfw_client_addr_eq(TdbRec *rec, void (*init)(void *), void *data)
 		return false;
 	}
 
+	if (!tfw_str_eq_cstr(&ctx->user_agent, ent->user_agent,
+			     ent->user_agent_len, 0))
+	{
+		return false;
+	}
+
 	spin_lock(&ent->lock);
 
 	if (curr_time > ent->expires) {
@@ -159,23 +175,26 @@ tfw_client_ent_init(TdbRec *rec, void (*init)(void *), void *data)
 
 	tfw_peer_init((TfwPeer *)cli, &ctx->addr);
 	ent->xff_addr = ctx->xff_addr;
+	tfw_str_to_cstr(&ctx->user_agent, ent->user_agent,
+			sizeof(ent->user_agent));
+	ent->user_agent_len = min(ctx->user_agent.len, sizeof(ent->user_agent));
 
 	TFW_DBG("new client: cli=%p\n", cli);
 	TFW_DBG_ADDR("client address", &cli->addr, TFW_NO_PORT);
 	TFW_DBG2("client %p, users=%d\n", cli, 1);
 }
 
 /**
- * Find a client corresponding to @addr and @xff_addr (e.g. from X-Forwarded-For).
- * More advanced identification is possible based on User-Agent,
- * Cookie and other HTTP headers.
+ * Find a client corresponding to @addr, @xff_addr (e.g. from X-Forwarded-For)
+ * and @user_agent.
  *
  * The returned TfwClient reference must be released via tfw_client_put()
  * when the @sk is closed.
  * TODO #515 employ eviction strategy for the table.
  */
 TfwClient *
-tfw_client_obtain(TfwAddr addr, TfwAddr *xff_addr, void (*init)(void *))
+tfw_client_obtain(TfwAddr addr, TfwAddr *xff_addr, TfwStr *user_agent,
+		  void (*init)(void *))
 {
 	TfwClientEntry *ent;
 	TfwClient *cli;
@@ -198,6 +217,13 @@ tfw_client_obtain(TfwAddr addr, TfwAddr *xff_addr, void (*init)(void *))
 		ctx.xff_addr.sin6_addr = any_addr;
 	}
 
+	if (user_agent) {
+		key ^= tfw_hash_str_len(user_agent, UA_CMP_LEN);
+		ctx.user_agent = *user_agent;
+	} else {
+		TFW_STR_INIT(&ctx.user_agent);
+	}
+
 	len = sizeof(TfwClientEntry);
 	rec = tdb_rec_get_alloc(client_db, key, &len, &tfw_client_addr_eq,
 				&tfw_client_ent_init, init, &ctx, &is_new);

tempesta_fw/client.h

@@ -37,7 +37,7 @@ typedef struct {
 } TfwClient;
 
 TfwClient *tfw_client_obtain(TfwAddr addr, TfwAddr *cli_addr,
-			     void (*init)(void *));
+			     TfwStr *user_agent, void (*init)(void *));
 void tfw_client_put(TfwClient *cli);
 int tfw_client_for_each(int (*fn)(void *));
 void tfw_client_set_expires_time(unsigned int expires_time);

tempesta_fw/http.c

@@ -3011,7 +3011,7 @@ tfw_http_get_ip_from_xff(TfwHttpReq *req)
 static int
 tfw_http_req_client_link(TfwConn *conn, TfwHttpReq *req)
 {
-	TfwStr s_ip;
+	TfwStr s_ip, s_user_agent, *ua;
 	TfwAddr addr;
 	TfwClient *cli, *conn_cli;
 
@@ -3021,7 +3021,11 @@ tfw_http_req_client_link(TfwConn *conn, TfwHttpReq *req)
 			return TFW_BLOCK;
 
 		conn_cli = (TfwClient *)conn->peer;
-		cli = tfw_client_obtain(conn_cli->addr, &addr, NULL);
+		ua = &req->h_tbl->tbl[TFW_HTTP_HDR_USER_AGENT];
+		tfw_http_msg_clnthdr_val(ua, TFW_HTTP_HDR_USER_AGENT,
+					 &s_user_agent);
+		cli = tfw_client_obtain(conn_cli->addr, &addr, &s_user_agent,
+					NULL);
 		if (cli) {
 			if (cli != conn_cli)
 				req->peer = cli;

tempesta_fw/http_limits.c

@@ -339,7 +339,7 @@ frang_conn_new(struct sock *sk)
 	TfwAddr addr;
 
 	ss_getpeername(sk, &addr);
-	cli = tfw_client_obtain(addr, NULL, __frang_init_acc);
+	cli = tfw_client_obtain(addr, NULL, NULL, __frang_init_acc);
 	if (unlikely(!cli)) {
 		TFW_ERR("can't obtain a client for frang accounting\n");
 		return TFW_BLOCK;

tempesta_fw/sock_clnt.c

@@ -160,7 +160,7 @@ tfw_sock_clnt_new(struct sock *sk)
 	tfw_connection_unlink_from_sk(sk);
 
 	ss_getpeername(sk, &addr);
-	cli = tfw_client_obtain(addr, NULL, NULL);
+	cli = tfw_client_obtain(addr, NULL, NULL, NULL);
 	if (!cli) {
 		TFW_ERR("can't obtain a client for the new socket\n");
 		return -ENOENT;