Add ja5h filtration.

- Also remove some unnecessary files.

Author: EvgeniiMekhanik

fw/http.c

@@ -5999,6 +5999,15 @@ __check_authority_correctness(TfwHttpReq *req)
 	return true;
 }
 
+static bool
+tfw_http_check_ja5h_req_limit(TfwHttpReq *req)
+{
+	u64 limit = http_get_ja5_recs_limit(req->ja5h);
+	u64 rate = ja5h_get_records_rate(req->ja5h);
+
+	return rate > limit;
+}
+
 /**
  * @return zero on success and negative value otherwise.
  * TODO enter the function depending on current GFSM state.
@@ -6160,6 +6169,14 @@ tfw_http_req_process(TfwConn *conn, TfwStream *stream, struct sk_buff *skb,
 
 	req->ja5h.method = req->method;
 
+	if (tfw_http_check_ja5h_req_limit(req)) {
+		TFW_INC_STAT_BH(clnt.msgs_filtout);
+		return tfw_http_req_parse_block(req, 403,
+				"parsed request exceeded ja5h limit",
+				HTTP2_ECODE_PROTO);
+	}
+
+
 	/*
 	 * The message is fully parsed, the rest of the data in the
 	 * stream may represent another request or its part.

fw/t/unit/helpers.c

@@ -465,4 +465,48 @@ tfw_vhost_get_cache_use_stale(TfwLocation *loc, TfwVhost *vhost)
 	return NULL;
 }
 
+void
+http_ja5_cfgop_cleanup(TfwCfgSpec *cs)
+{
+
+}
+
+int
+ja5_cfgop_begin(TfwCfgSpec *cs, TfwCfgEntry *ce)
+{
+	return 0;
+}
+
+u64
+http_get_ja5_storage_size(void)
+{
+	return 0;
+}
+
+bool
+ja5h_init_filter(size_t max_storage_size)
+{
+	return true;
+}
+
+int
+http_ja5_cfgop_finish(TfwCfgSpec *cs)
+{
+	return 0;
+}
+
+u64
+http_get_ja5_recs_limit(HttpJa5h fingerprint)
+{
+	return UINT_MAX;
+}
+
+u32
+ja5h_get_records_rate(HttpJa5h fingerprint)
+{
+	return 0;
+}
+
+TfwCfgSpec ja5_hash_specs[0];
+
 unsigned int cache_default_ttl = 60;