20180802

1-MAAT接口设置支持redis读取配置文件

bin/kniconf/kni.conf

@@ -1,9 +1,16 @@
-[MOUDLE]
+[Module]
 table_info_path=./kniconf/maat_table_info.conf
-full_cfg_dir=/home/liuyang/run/sapp_run/config/index
-inc_cfg_dir=/home/liuyang/run/sapp_run/config/inc/index
+full_cfg_dir=/home/mesasoft/tango_rules/full/index
+inc_cfg_dir=/home/mesasoft/tango_rules/inc/index
 logger_filepath=./log/kni.log
-logger_level=10
+logger_level=30
 
-maat_json_switch=1
+default_work_mode=1
 
+#0:iris;1:json;2:redis
+maat_readconf_mode=2
+redis_server=192.168.11.243
+redis_port=6379
+redis_db_index=4
+scandir_interval=1000
+effect_interval=60000

kni.c

@@ -1218,13 +1218,13 @@ int kni_scan_whitelist_domain(char* domain,int domain_len,int thread_seq,scan_st
 	struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
 
 	string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq);
-/*
+
 	if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(string_scan_num==0))
 	{
 		action=KNI_ACTION_WHITELIST;
 		return action;
 	}
-*/	
+	
 	for(i=0;i<string_scan_num;i++)
 	{
 		action=abs(maat_result[i].action);
@@ -1252,14 +1252,14 @@ int kni_scan_whitelist_ip(struct ipaddr* addr,int thread_seq,int protocol,scan_s
 	struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
 
 	ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,maat_result,KNI_MAX_SAMENUM,&mid,thread_seq);
-
+/*
 	if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_num==0))
 	{
 		
 		action=KNI_ACTION_WHITELIST;
 		return action;
 	}
-
+*/
 	for(i=0;i<ipscan_num;i++)
 	{
 		action=abs(maat_result[i].action);
@@ -1875,7 +1875,7 @@ void kni_free_project(int thread_seq, void *project_req_value)
 	return ;
 }
 
-int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_switch,char* table_info_path,char* inc_cfg_dir,char* full_cfg_dir )
+int init_profile_info(int* scandir_interval,int* effect_interval,int* logger_level,char* logger_filepath,int* maat_readconf_mode,char* table_info_path,char* inc_cfg_dir,char* full_cfg_dir,char* stat_file_path,char* redis_ip,int* redis_port,int* redis_index )
 {
 //main.conf
 //	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME_MAIN,(char*)KNI_CONF_MODE,(char*)"thread_num",&(g_kni_comminfo.thread_num),1);
@@ -1886,10 +1886,17 @@ int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_swi
 //kni.conf
 	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT);
 	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",logger_level,RLOG_LV_INFO);
-	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_json_switch",maat_json_switch,0);
+	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_readconf_mode",maat_readconf_mode,KNI_READCONF_IRIS);	
+	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"scandir_interval",scandir_interval,KNI_SCANDIR_INTERVAL);
+	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"effect_interval",effect_interval,KNI_EFFECT_INTERVAL);	
+	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_db_index",redis_index,0);
+	MESA_load_profile_int_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_port",(int*)redis_port);
+
+	MESA_load_profile_string_nodef((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"redis_server",redis_ip,INET_ADDRSTRLEN);
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log");
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"table_info_path",table_info_path,KNI_CONF_MAXLEN,KNI_TABLEINFO_PATH);
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"inc_cfg_dir",inc_cfg_dir,KNI_CONF_MAXLEN,KNI_INCCFG_FILEPATH);
+	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"stat_file_path",stat_file_path,KNI_CONF_MAXLEN,KNI_STAT_FILEPATH);
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"full_cfg_dir",full_cfg_dir,KNI_CONF_MAXLEN,KNI_FULLCFG_FILEPATH);
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"tun_name",g_kni_comminfo.tun_name,KNI_CONF_MAXLEN,"tun0");
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"domain_path",g_kni_comminfo.domain_path,KNI_CONF_MAXLEN,"/home/server_unixsocket_file");
@@ -2013,8 +2020,16 @@ extern "C" char kni_init()
 	int logger_level;
 	char logger_filepath[KNI_CONF_MAXLEN]={0};
 
-	int maat_json_switch=0;
+	int maat_readconf_mode=0;
+	int redis_db_index=0;
+	int redis_port=0;
+	unsigned short redis_port_real=0;
+	char redis_ip[INET_ADDRSTRLEN]={0};
+	int scandir_interval=KNI_SCANDIR_INTERVAL;
+	int effect_interval=KNI_EFFECT_INTERVAL;
+	
 	char table_info_path[KNI_CONF_MAXLEN]={0};
+	char stat_file_dir[KNI_CONF_MAXLEN]={0};
 	char full_cfg_dir[KNI_CONF_MAXLEN]={0};
 	char inc_cfg_dir[KNI_CONF_MAXLEN]={0};
 
@@ -2027,7 +2042,7 @@ extern "C" char kni_init()
 
 
 //init profile	
-	init_profile_info(&logger_level,logger_filepath,&maat_json_switch,table_info_path,inc_cfg_dir,full_cfg_dir);
+	init_profile_info(&scandir_interval,&effect_interval,&logger_level,logger_filepath,&maat_readconf_mode,table_info_path,inc_cfg_dir,full_cfg_dir,stat_file_dir,redis_ip,&redis_port,&redis_db_index);
 
 //init runtime log
 	g_kni_comminfo.logger=MESA_create_runtime_log_handle(logger_filepath,logger_level);
@@ -2060,16 +2075,27 @@ extern "C" char kni_init()
 		return -1;
 	}
 
-	if(maat_json_switch==1)
+	if(maat_readconf_mode==KNI_READCONF_JSON)
 	{
 		Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_JSON_FILE_PATH, KNI_MAATJSON_FILEPATH,strlen(KNI_MAATJSON_FILEPATH));
 	}
-	else
+	else if(maat_readconf_mode==KNI_READCONF_IRIS)
 	{
 		Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_FULL_CFG_DIR,full_cfg_dir,strlen(full_cfg_dir));
 		Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_INC_CFG_DIR,inc_cfg_dir,strlen(inc_cfg_dir));
 	}
+	else if(maat_readconf_mode==KNI_READCONF_REDIS)
+	{
+		redis_port_real=(unsigned short)redis_port;
+		Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_IP,(void*)redis_ip,strlen(redis_ip)+1);
+		Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_PORT,(void*)&redis_port_real,sizeof(unsigned short));
+		Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_REDIS_INDEX,(void*)&redis_db_index,sizeof(int));
 
+	}
+
+	Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_SCANDIR_INTERVAL_MS, (void*)&scandir_interval,sizeof(int));
+	Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_EFFECT_INVERVAL_MS, (void*)&effect_interval,sizeof(int));
+	Maat_set_feather_opt(g_kni_maatinfo.maat_feather,MAAT_OPT_STAT_FILE_PATH,stat_file_dir,strlen(stat_file_dir));
 
 	ret=Maat_initiate_feather(g_kni_maatinfo.maat_feather);
 	if(ret<0)

kni.h

@@ -93,10 +93,17 @@
 #define KNI_TABLENAME_DOMAIN			"WHITE_LIST_DOMAIN"
 
 
+#define KNI_READCONF_IRIS			0
+#define KNI_READCONF_JSON			1
+#define KNI_READCONF_REDIS			2
+#define KNI_SCANDIR_INTERVAL		1000
+#define KNI_EFFECT_INTERVAL			60000
 #define KNI_MAATJSON_FILEPATH		"./kniconf/maat_test.json"
 #define KNI_TABLEINFO_PATH			"./kniconf/maat_table_info.conf"
 #define KNI_FULLCFG_FILEPATH		"/home/config/full/index"
 #define KNI_INCCFG_FILEPATH			"/home/config/inc/index"
+#define KNI_STAT_FILEPATH			"./log/kni_maat_stat"
+
 
 //lqueue info
 #define KNI_THREAD_SAFE			1