Merge pull request #1017 from tempesta-tech/ao-731

Fix #731: HTTP tables introduction.
tempesta-tech · Jun 9, 2018 · 333ec1c · 333ec1c
2 parents 5091c12 + 7eb43b4
commit 333ec1c
Show file tree

Hide file tree

Showing 27 changed files with 1,704 additions and 1,135 deletions.
diff --git a/etc/tempesta_fw.conf b/etc/tempesta_fw.conf
@@ -232,33 +232,21 @@
 #   There is a special group called "default". All "server" entries defined
 #   outside an "srv_group" added to the default group implicitly.
 
-# TAG: sched_http_rules
+# TAG: http_chain
 #
-# The HTTP scheduler content-based load balancing rules.
-# The HTTP load balancer is instructed to send HTTP requests to a virtual host
-# based on the contents of an HTTP request field, such as URI, Host, headers,
-# etc.
+# Block of HTTP content-based load balancing rules. List of such linked
+# blocks (chains), that contain rules, represent HTTP table.
+# The HTTP table is instructed to send HTTP requests to a virtual host
+# based on the contents of an HTTP request field, such as URI, Host,
+# headers, etc.
 #
 # Syntax:
-#   sched_http_rules {
-#       match VHOST FIELD OP ARG;
+#   http_chain {
+#      [ FIELD == (!=) ARG ] -> ACTION [ = VAL];
 #       ...
 #   }
 #
-# VHOST is the reference to a previously defined 'vhost'.
 # FIELD is an HTTP request field such as uri, host, etc.
-# OP is a string comparison operator such as eq, prefix, etc.
-# ARG is an argument for the OP operator such as "/foo/bar.html",
-# "example.com", etc.
-#
-# A "match" entry is a single instruction for the load balancer that says:
-# take the FIELD of http request, compare it with ARG using OP. If they match,
-# then send the request to the specified VHOST.
-#
-# For every HTTP request, the load balancer executes all "match" instructions
-# sequentially until it finds a match. If no match is found, then the request
-# is dropped.
-#
 # Supported FIELD keywords:
 #   - uri
 #       Only a part of URI is looked at that contains the path and the query
@@ -267,35 +255,105 @@
 #       The host part from URI in HTTP request line, or the value of Host
 #       header field. The Host part in URI takes priority over the Host header
 #       field value.
+#   - method
+#       HTTP request method. Supported ARG values for this field are: "copy",
+#       "delete", "get", "head", "lock", "mkcol", "move", "options", "patch",
+#       "post", "propfind", "proppatch", "put", "trace", "unlock", "purge".
 #   - hdr_host
 #       The value of the "Host" header field.
 #   - hdr_conn
 #       The value of the "Connection" header field.
+#   - hdr_ctype
+#       The value of the "Content-Type" header field.
+#   - hdr_uagent
+#       The value of the "User-Agent" header field.
+#   - hdr_cookie
+#       The value of the "Cookie" header field.
 #   - hdr_ref
 #       The value of the "Referer" header field.
+#   - hdr_nmatch
+#       The value of the "If-None-Match" header field.
+#   - hdr_xfrwd
+#       The value of the "X-Forwarded-For" header field.
 #   - hdr_raw
 #       The contents of any other HTTP header field as specified by ARG.
 #       ARG must include contents of an HTTP header starting with the header
 #       field name. The suffix OP is not supported for this FIELD. Processing
 #       of hdr_raw may be slow as it requires walking over all headers of an
 #       HTTP request.
-#
-# Supported OP keywords (comparison operations):
+#   - mark
+#       The value of netfilter mark of request's skb.
+#
+# ARG is an argument (such as "/foo/bar.html", "example.com", etc.) for
+# comparison with FIELD. The type of comparison for FIELD and ARG depends
+# on "==" ("!=") sign and on wildcard existance in ARG:
+#   "==": "ARG" => eq / "ARG*" => eq_prefix / "*ARG" => eq_suffix.
+#   "!=": "ARG" => non_eq / "ARG*" => non_eq_prefix / "*ARG" => non_eq_suffix.
+# Types of comparison operations:
 #   - eq - FIELD is fully equal to the string specified in ARG.
-#   - prefix - FIELD starts with the string specified in ARG.
-#   - suffix - FIELD ends with the string specified in ARG.
+#   - non_eq - FIELD is not equal to the string specified in ARG.
+#   - eq_prefix - FIELD starts with the string specified in ARG.
+#   - non_eq_prefix - FIELD doesn't starts with the string specified in ARG.
+#   - eq_suffix - FIELD ends with the string specified in ARG.
+#   - non_eq_suffix - FIELD doesn't ends with the string specified in ARG.
+#
+# ACTION is a rule action with appropriate type; possible types are:
+#   - vhost reference
+#       Rule with such action pass the request to
+#       specified virtual host (must be defined
+#       earlier in configuration file).
+#   - chain reference
+#       Rule redirects request to other HTTP chain
+#       (must be defined earlier and must not be
+#       the same as current).
+#   - mark
+#       Rule set netfilter marks into all skbs for
+#       all matched requests.
+#   - block
+#       Rule blocks all matched requests.
+#
+# VAL is possible value for specified action; only "mark" action is allowed to
+# have value (unsigned integer type).
+#
+# Rule entry is a single instruction for HTTP table that says: take the FIELD
+# of http request, compare it with ARG. If they match, then apply rule ACTION
+# (with possible VAL) to that request.
+# For every HTTP request, HTTP table executes all rule instructions in all
+# linked HTTP chains (beginning from the main chain) sequentially until it finds
+# a match. If no match is found, then the request is dropped.
+#
+# Default match rule can be specified. Its syntax looks like this:
+#
+# Syntax:
+#     -> ACTION;
+#
+# This rule works as last resort option, and if specified it applies designated
+# action to requests that didn't match any more specific rule. As all match
+# rules are processed in sequential order, this rule must come last to serve
+# the intended role.
+# One main HTTP chain (without name) must be specified after all other chains in
+# configuration file. If no main chain is specified, it is created implicitly.
+# In this case one default match rule pointing to default virtual host will be
+# created in implicit main chain if default virtual host is present in
+# configuration and if such default rule (with default virtual host) have not
+# been specified explicitly in any chain in configuration.
+# User can explicitly create main HTTP chain with empty list of rules, which
+# means the complete absence of rules - all incoming requests will be dropped
+# in such configuration.
 #
 # Example:
 #   srv_group static { ... }
+#   srv_group nts_app { ... }
 #   srv_group foo_app { ... }
 #   srv_group bar_app { ... }
+#   srv_group default { ... }
 #
 #   vhost base {
 # 	proxy_pass static;
 #	...
 #   }
 #   vhost app {
-# 	proxy_pass bar_app;
+# 	proxy_pass default;
 # 	location prefix "?" {
 # 	    proxy_pass foo_app;
 #	    ...
@@ -310,37 +368,45 @@
 # 	proxy_pass bar_app backup=foo_app;
 #	...
 #   }
+#   vhost nts {
+# 	proxy_pass nts_app backup=bar_app;
+#	...
+#   }
 #
-#   sched_http_rules {
-#       match base   uri       prefix  "/static";
-#       match base   uri       suffix  ".php";
-#       match base   host      prefix  "static.";
-#       match app    host      suffix  "tempesta-tech.com";
-#       match app    host      eq      "foo.example.com";
-#       match heavy  hdr_conn  eq      "keep-alive";
-#       match heavy  hdr_host  prefix  "bar.";
-#       match heavy  hdr_host  suffix  "natsys-lab.com";
-#       match heavy  hdr_host  eq      "bar.natsys-lab.com";
-#       match heavy  hdr_raw   prefix  "X-Custom-Bar-Hdr: ";
+#   http_chain example {
+#                                         -> mark = 7;
+#                                         -> heavy;
+#   }
+#   http_chain stat {
+#                                         -> mark = 6;
+#                                         -> base;
+#   }
+#   http_chain natsys {
+#       host     == "static.*"            -> stat;
+#       host     == "*.example.com"       -> example;
+#                                         -> mark = 5;
+#                                         -> nts;
+#   }
+#   http_chain {
+#       mark     == 1                     -> app;
+#       mark     == 2                     -> block;
+#       hdr_conn == "keep-alive"          -> heavy;
+#       hdr_host == "bar.*"               -> heavy;
+#       hdr_host == "*natsys-lab.com"     -> natsys;
+#       hdr_host == "bar.natsys-lab.com"  -> mark = 3;
+#       hdr_raw  == "X-Custom-Bar-Hdr: *" -> mark = 4;
+#       uri      == "*.php"               -> app;
+#       host     == "static.*"            -> app;
+#       host     == "*tempesta-tech.com"  -> base;
+#       host     == "foo.example.com"     -> base;
+#                                         -> app;
 #   }
 #
-# Configuration order 'srv_groups/servers -> vhosts -> sched_http_rules'
+# Configuration order 'srv_groups/servers -> vhosts -> http_chains'
 # is mandatory.
 #
-# Also, there's a special default match rule that matches any request. If
-# specified, the default rule must come last in the list of rules. All requests
-# that didn't match any rule are routed to the vhost specified in the default
-# rule. If the default match rule is not defined, and there's the default vhost
-# (explicit or implicit), then the default rule is added implicitly to route
-# requests to the default vhost.
-#
-# Syntax:
-#     match VHOST * * *
-#
 # Default:
-#   No rules defined. If there's the default vhost, then the default match
-#   rule is added to route HTTP requests to the "default" vhost. Otherwise,
-#   the request doesn't match any rule, and is dropped.
+#   See description of main HTTP chain and default rule above.
 #
 
 # TAG: keepalive_timeout
@@ -580,7 +646,7 @@
 #   }
 #
 # NAME is a unique identifier of virtural host that may be used to refer it
-# from HTTP scheduler (see "sched_http_rules" directive).
+# from HTTP tables (see "http_chain" directive).
 #
 # <directive> is one of "location", "proxy_pass", "cache_bypass", "cache_fulfill",
 # "nonidempotent" or "hdr_add" directives (see the corresponding directives'

diff --git a/scripts/tempesta.sh b/scripts/tempesta.sh
@@ -36,14 +36,11 @@ tfw_path=${TFW_PATH:="$TFW_ROOT/tempesta_fw"}
 tls_path=${TLS_PATH:="$TFW_ROOT/tls"}
 lib_path=${LIB_PATH:="$TFW_ROOT/lib"}
 tfw_cfg_path=${TFW_CFG_PATH:="$TFW_ROOT/etc/tempesta_fw.conf"}
-sched_path=${TFW_SCHED_PATH:="$tfw_path/sched/"}
-sched_ko_files=($(ls $sched_path/tfw_sched_*.ko))
 
 lib_mod=tempesta_lib
 tls_mod=tempesta_tls
 tdb_mod=tempesta_db
 tfw_mod=tempesta_fw
-tfw_sched_mod=tfw_sched_$sched
 declare -r LONG_OPTS="help,load,unload,start,stop,restart,reload"
 
 declare devs=$(ip addr show up | awk '/^[0-9]+/ { sub(/:/, "", $2); print $2}')
@@ -109,21 +106,12 @@ load_modules()
 
 	load_one_module "$tfw_path/$tfw_mod.ko" "tfw_cfg_path=$tfw_cfg_path" ||
 		error "cannot load tempesta module"
-
-	for ko_file in "${sched_ko_files[@]}"; do
-		load_one_module "$ko_file" ||
-			error "cannot load tempesta scheduler module"
-	done
 }
 
 unload_modules()
 {
 	echo "Un-loading Tempesta kernel modules..."
 
-	for ko_file in "${sched_ko_files[@]}"; do
-		rmmod $(basename "${ko_file%.ko}")
-	done
-
 	rmmod $tfw_mod
 	rmmod $tdb_mod
 	rmmod $tls_mod

diff --git a/tempesta_fw/Makefile b/tempesta_fw/Makefile
@@ -41,6 +41,9 @@ tempesta_fw-objs = \
 	http_msg.o \
 	http_parser.o \
 	http_sess.o \
+	http_tbl.o \
+	http_sched_hash.o \
+	http_sched_ratio.o \
 	main.o \
 	pool.o \
 	procfs.o \
@@ -57,4 +60,4 @@ tempesta_fw-objs = \
 	vhost.o \
 	work_queue.o
 
-obj-m	+= stress/ sched/ t/
+obj-m	+= stress/ t/