add checksum of compiled database to binaries and lib, check match

983a36c2 · Nils Goroll · 267bec17 · 983a36c2 · 983a36c2 · 983a36c2
Commit 983a36c2 authored Apr 13, 2014 by Nils Goroll
7 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -58,3 +58,4 @@ src/gen/dcs.db*
 src/gen/fixup.*
 src/vcc_if.c
 src/vcc_if.h
+src/gen/dcs_classifier.checksum
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -11,6 +11,8 @@ include_HEADERS = \
 	dcs_match.h \
 	dcs_type.h

+CHECKSUM = `cat gen/dcs_classifier.checksum`
+
 lib_LTLIBRARIES = libdcs.la

 bin_PROGRAMS = dcs dcs_test

--- a/src/dcs_match.c
+++ b/src/dcs_match.c
@@ -23,7 +23,9 @@
 #include <stdlib.h>
 #endif

+#include <stdio.h>
 #include <errno.h>
+#include <string.h>

 #include "dcs_classifier.h"
 #include "dcs_match.h"
@@ -48,6 +50,20 @@
 #define p_entry_if_changed(...) do { } while(0)
 #endif

+int
+dcs_match_init(void) {
+	if (strcmp(dcs_checksum, DCS_CHECKSUM) != 0) {
+		fprintf(stderr, "dcs checksum check failed:\n"
+		    "\tgot\t\t%s\n"
+		    "\texpected\t%s\n"
+		    "Make sure the dcs database you link against is the same you compiled against.\n",
+		    dcs_checksum,
+		    DCS_CHECKSUM);
+		return 1;
+	}
+	return 0;
+}
+
 /*
 * we deliberately return int instead of dcs_entry_id_t here in order to not
 * require dcs_classifier.h for callers

--- a/src/dcs_match.h
+++ b/src/dcs_match.h
@@ -19,6 +19,7 @@

 #ifndef DCS_MATCH_H
 #define DCS_MATCH_H 1
+int dcs_match_init(void);
 int dcs_match(const char *p);
 int dcs_match_id(int entry_id /* dcs_entry_id_t */);
 int dcs_match_type_id(int entry_id /* dcs_entry_id_t */);

--- a/src/gen_dcs_classifier.pl
+++ b/src/gen_dcs_classifier.pl
@@ -55,12 +55,14 @@ use constant {
    F_MIN		=> 1,
    F_CLASSIFIER_C	=> 1,
    F_CLASSIFIER_H	=> 2,
-    F_MAX		=> 2
+    F_CHECKSUM		=> 3,
+    F_MAX		=> 3
 };

 my @filenames;
 $filenames[F_CLASSIFIER_C] = 'dcs_classifier.c';
 $filenames[F_CLASSIFIER_H] = 'dcs_classifier.h';
+$filenames[F_CHECKSUM] = 'dcs_classifier.checksum';

 {
    my @fhs;
@@ -369,9 +371,9 @@ sub load_classifier_db($$) {
    close($fh);

    my $decrypt = RC4(compute_key($secret), substr($crypt_data, 32));
-
+    my $h_file;
    {
-	my $h_file = substr($crypt_data, 0, 32);
+	$h_file = substr($crypt_data, 0, 32);
 	my $h_decrypt = unpack('H*', md5($decrypt));

 	die 'checksum error: file '.$h_file.' decrypt '.$h_decrypt
@@ -379,7 +381,7 @@ sub load_classifier_db($$) {

    }

-    \$decrypt;
+    return wantarray ? (\$decrypt, $h_file) : \$decrypt;
 }

 my %nbtype2typeenum;
@@ -479,7 +481,7 @@ sub load_reorder($) {
    \@reorder;
 }

-my $dbref = load_classifier_db($ARGV[0], $ARGV[1]);
+my ($dbref, $dbchecksum) = load_classifier_db($ARGV[0], $ARGV[1]);
 my $removeref = load_remove($ARGV[2]);
 my $reorderref = load_reorder($ARGV[3]);

@@ -556,7 +558,7 @@ my $subkey_id = 0;
 ## build %common_subkeys
 ## build @entries, except that not all fields are filled
 my %subkeys_count;
-my $dbboilerplate;
+my $dbboilerplate = "checksum ".$dbchecksum."\n";
 foreach (split(/[\n\r\f]/, $$dbref)) {
    if (/^\s*#/) {
 	$dbboilerplate .= $_."\n";
@@ -744,6 +746,8 @@ my $dcs_type_count = scalar(keys %typeenum2nbtype);
 ################################################################################
 ## generate the data

+_VCL (F_CHECKSUM, VCL_TOP, $dbchecksum."\n");
+
 boilerplate_autogen_c(F_CLASSIFIER_C, $dbboilerplate);
 boilerplate_autogen_c(F_CLASSIFIER_H, undef);

@@ -752,6 +756,8 @@ _VCL (F_CLASSIFIER_H, VCL_TOP, <<EOF);
 #define DCS_CLASSIFIER_H 1
 #include <stdint.h>

+#define DCS_CHECKSUM "$dbchecksum"
+
 /* tunable */
 #define DCS_MAX_NEGMATCH_CAND	32

@@ -853,6 +859,7 @@ struct dcs_matchstate {
 	dcs_entry_id_t		candidates[DCS_MAX_NEGMATCH_CAND];
 };

+const char *dcs_checksum;
 const char * const dcs_type[DCS_TYPE_COUNT];
 const struct dcs_entry dcs_entry[DCS_ENTRY_COUNT];
 const struct dcs_subkey dcs_subkey[DCS_SUBKEY_COUNT];
@@ -877,6 +884,9 @@ _VCL (F_CLASSIFIER_C, VCL_TOP, <<EOF);
 #endif

 #include "$filenames[F_CLASSIFIER_H]"
+
+const char *dcs_checksum = DCS_CHECKSUM;
+
 EOF

 _VCL (F_CLASSIFIER_C, VCL_TOP, 
@@ -1268,3 +1278,79 @@ VCL_close();
 #real	0m7.003s
 #user	0m6.984s
 #sys	0m0.020s
+
+## linking .o
+#real	0m7.568s
+#user	0m7.540s
+#sys	0m0.028s
+
+
+## linking.so
+#slink@haggis:~/Devel/dcs_classifier/src$ for i in {1..3} ; do time /tmp/dcs/bin/dcs <~/Projekte/Telekom_Varnish/netbiscuits/uas_x1000  >/dev/null ; done
+#
+#real	0m7.968s
+#user	0m7.932s
+#sys	0m0.036s
+#
+#real	0m7.737s
+#user	0m7.708s
+#sys	0m0.028s
+#
+#real	0m8.140s
+#user	0m8.120s
+#sys	0m0.020s
+#slink@haggis:~/Devel/dcs_classifier/src$ ldd /tmp/dcs/bin/dcs
+#	linux-vdso.so.1 (0x00007fff12dfe000)
+#	libdcs.so.0 => /tmp/dcs/lib/libdcs.so.0 (0x00007f045812a000)
+#	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0457d68000)
+#	/lib64/ld-linux-x86-64.so.2 (0x00007f04585f0000)
+#slink@haggis:~/Devel/dcs_classifier/src$ ls -hals /tmp/dcs/bin/dcs
+#12K -rwxr-xr-x 1 slink slink 11K Mar 13 08:30 /tmp/dcs/bin/dcs
+
+
+## linking .o
+#slink@haggis:~/Devel/dcs_classifier/src$ for i in {1..3} ; do time /tmp/dcs/bin/dcs <~/Projekte/Telekom_Varnish/netbiscuits/uas_x1000  >/dev/null ; done
+#!ldd
+#
+#real	0m7.491s
+#user	0m7.464s
+#sys	0m0.024s
+#
+#real	0m7.525s
+#user	0m7.504s
+#sys	0m0.020s
+#
+#real	0m7.961s
+#user	0m7.940s
+#sys	0m0.024s
+#slink@haggis:~/Devel/dcs_classifier/src$ !ldd
+#ldd /tmp/dcs/bin/dcs
+#	linux-vdso.so.1 (0x00007fffcf431000)
+#	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa4ed4fa000)
+#	/lib64/ld-linux-x86-64.so.2 (0x00007fa4ed8be000)
+#slink@haggis:~/Devel/dcs_classifier/src$ ls -hals /tmp/dcs/bin/dcs
+#3.0M -rwxr-xr-x 1 slink slink 3.0M Mar 13 08:21 /tmp/dcs/bin/dcs
+#
+## in xxx_SOURCES
+##
+#slink@haggis:~/Devel/dcs_classifier/src$ for i in {1..3} ; do time /tmp/dcs/bin/dcs <~/Projekte/Telekom_Varnish/netbiscuits/uas_x1000  >/dev/null ; done
+#
+#real	0m7.799s
+#user	0m7.772s
+#sys	0m0.028s
+#
+#real	0m7.573s
+#user	0m7.544s
+#sys	0m0.028s
+#
+#real	0m7.745s
+#user	0m7.724s
+#sys	0m0.020s
+#
+#slink@haggis:~/Devel/dcs_classifier/src$ ls -hals /tmp/dcs/bin/dcs
+#3.0M -rwxr-xr-x 1 slink slink 3.0M Mar 13 08:21 /tmp/dcs/bin/dcs
+#slink@haggis:~/Devel/dcs_classifier/src$ ldd /tmp/dcs/bin/dcs
+#	linux-vdso.so.1 (0x00007fff03bfe000)
+#	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f46f9a17000)
+#	/lib64/ld-linux-x86-64.so.2 (0x00007f46f9ddb000)
+#
--- a/src/vmod_dcs.c
+++ b/src/vmod_dcs.c
@@ -24,6 +24,14 @@

 #include "dcs_varnish.c"

+int
+vmod_init(struct vmod_priv *priv, const struct VCL_conf *cfg)
+{
+	(void)priv;
+        (void)cfg;
+	return dcs_match_init();
+}
+
 int
 vmod_classify(struct sess *sp) {
 	return dcs_varnish_classify(sp);

--- a/src/vmod_dcs.vcc
+++ b/src/vmod_dcs.vcc
 Module dcs

+Init vmod_init
+
 Function INT	classify()

 # all of these take the return value from classify()