初步调通maat扫描
This commit is contained in:
崔一鸣
@@ -12,16 +12,38 @@ void kni_maat_destroy(struct kni_maat_handle *handle){
|
||||
FREE(&handle);
|
||||
}
|
||||
|
||||
|
||||
void compile_ex_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp){
|
||||
printf("call compile_ex_param_new\n");
|
||||
if(rule->config_id == 0){
|
||||
int *action = (int*)argp;
|
||||
*action = rule->action;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
void compile_ex_param_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp){
|
||||
return;
|
||||
}
|
||||
|
||||
void compile_ex_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp){
|
||||
return;
|
||||
}
|
||||
|
||||
struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){
|
||||
const char *section = "maat";
|
||||
int readconf_mode;
|
||||
char tableinfo_path[KNI_PATH_MAX];
|
||||
char tablename_intercept_compile[KNI_SYMBOL_MAX];
|
||||
char tablename_intercept_ip[KNI_SYMBOL_MAX];
|
||||
char tablename_intercept_domain[KNI_SYMBOL_MAX];
|
||||
char compile_alias[KNI_SYMBOL_MAX];
|
||||
MESA_load_profile_int_def(profile, section, "readconf_mode", &readconf_mode, KNI_MAAT_READCONF_IRIS);
|
||||
MESA_load_profile_string_def(profile, section, "tableinfo_path", tableinfo_path, sizeof(tableinfo_path), "unknown");
|
||||
MESA_load_profile_string_def(profile, section, "tablename_intercept_compile", tablename_intercept_compile, sizeof(tablename_intercept_compile), "unknown");
|
||||
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n readconf_mode: %d\n tableinfo_path: %s\n tablename_intercept_compile: %s\n",
|
||||
section, readconf_mode, tableinfo_path, tablename_intercept_compile);
|
||||
MESA_load_profile_string_def(profile, section, "tablename_intercept_ip", tablename_intercept_ip, sizeof(tablename_intercept_ip), "unknown");
|
||||
MESA_load_profile_string_def(profile, section, "tablename_intercept_domain", tablename_intercept_domain, sizeof(tablename_intercept_domain), "unknown");
|
||||
MESA_load_profile_string_def(profile, section, "compile_alias", compile_alias, sizeof(compile_alias), "unknown");
|
||||
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n readconf_mode: %d\n tableinfo_path: %s\n tablename_intercept_ip: %s\n tablename_intercept_domain: %s\n"
|
||||
"compile_alias: %s\n", section, readconf_mode, tableinfo_path, tablename_intercept_ip, tablename_intercept_domain, compile_alias);
|
||||
Maat_feather_t feather = Maat_feather(g_iThreadNum, tableinfo_path, logger);
|
||||
if(feather == NULL){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_feather, max_thread_num is %d, tableinfo_path is %s", g_iThreadNum, tableinfo_path);
|
||||
@@ -54,16 +76,29 @@ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_initiate_feather");
|
||||
return NULL;
|
||||
}
|
||||
int tableid_intercept_compile = Maat_table_register(feather, tablename_intercept_compile);
|
||||
if(tableid_intercept_compile < 0){
|
||||
int tableid_intercept_ip = Maat_table_register(feather, tablename_intercept_ip);
|
||||
int tableid_intercept_domain = Maat_table_register(feather, tablename_intercept_domain);
|
||||
if(tableid_intercept_ip < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_table_register, tablename is %d, ret is %d",
|
||||
tablename_intercept_compile, tableid_intercept_compile);
|
||||
tablename_intercept_ip, tableid_intercept_ip);
|
||||
return NULL;
|
||||
}
|
||||
if(tableid_intercept_domain < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_table_register, tablename is %d, ret is %d",
|
||||
tablename_intercept_domain, tableid_intercept_domain);
|
||||
return NULL;
|
||||
}
|
||||
struct kni_maat_handle *handle = ALLOC(struct kni_maat_handle, 1);
|
||||
ret = Maat_rule_get_ex_new_index(feather, "COMPILE_ALIAS", compile_ex_param_new, compile_ex_param_free, compile_ex_param_dup, 0, (void*)&(handle->default_action));
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_rule_get_ex_new_index, ret is %d", ret);
|
||||
kni_maat_destroy(handle);
|
||||
return NULL;
|
||||
}
|
||||
handle->feather = feather;
|
||||
handle->tableid_intercept_compile = tableid_intercept_compile;
|
||||
handle->default_action = KNI_ACTION_INTERCEPT;
|
||||
handle->tableid_intercept_ip = tableid_intercept_ip;
|
||||
handle->tableid_intercept_domain = tableid_intercept_domain;
|
||||
//handle->default_action = KNI_ACTION_INTERCEPT;
|
||||
handle->logger = logger;
|
||||
return handle;
|
||||
}
|
||||
@@ -85,26 +120,43 @@ static int maat_process_scan_result(struct kni_maat_handle *handle, int num, str
|
||||
int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int thread_seq){
|
||||
void *logger = handle->logger;
|
||||
struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
|
||||
int ret = Maat_scan_proto_addr(handle->feather, handle->tableid_intercept_compile, addr, 0, result,
|
||||
KNI_MAAT_RULE_NUM_MAX, NULL, thread_seq);
|
||||
scan_status_t mid = NULL;
|
||||
int ret = Maat_scan_proto_addr(handle->feather, handle->tableid_intercept_ip, addr, 0, result,
|
||||
KNI_MAAT_RULE_NUM_MAX, &mid, thread_seq);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_scan_proto_addr, ret is %d", ret);
|
||||
return handle->default_action;
|
||||
}
|
||||
return maat_process_scan_result(handle, ret, result);
|
||||
int action = maat_process_scan_result(handle, ret, result);
|
||||
|
||||
//for debug
|
||||
char saddr[INET_ADDRSTRLEN];
|
||||
inet_ntop(AF_INET, &(addr->v4->saddr), saddr, INET_ADDRSTRLEN);
|
||||
KNI_LOG_DEBUG(logger, "ip is %s, ret is %d, action is %d\n", saddr, ret, action);
|
||||
|
||||
return action;
|
||||
}
|
||||
|
||||
int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domain_len, int thread_seq){
|
||||
void *logger = handle->logger;
|
||||
struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
|
||||
//TODO: GBK
|
||||
int ret = Maat_full_scan_string(handle->feather, handle->tableid_intercept_compile, CHARSET_GBK,
|
||||
domain, domain_len, result, NULL, KNI_MAAT_RULE_NUM_MAX, NULL, thread_seq);
|
||||
//必须要初始化为NULL, 不懂为什么
|
||||
scan_status_t mid = NULL;
|
||||
int ret = Maat_full_scan_string(handle->feather, handle->tableid_intercept_domain, CHARSET_UTF8,
|
||||
domain, domain_len, result, NULL, KNI_MAAT_RULE_NUM_MAX, &mid, thread_seq);
|
||||
if(ret < 0){
|
||||
KNI_LOG_ERROR(logger, "Failed at Maat_full_scan_string, ret is %d", ret);
|
||||
return handle->default_action;
|
||||
}
|
||||
return maat_process_scan_result(handle, ret, result);
|
||||
int action = maat_process_scan_result(handle, ret, result);
|
||||
|
||||
//for debug
|
||||
char domain1[100] = "";
|
||||
memcpy(domain1, domain, domain_len);
|
||||
domain1[domain_len] = '\0';
|
||||
KNI_LOG_DEBUG(logger, "domain is %s, ret is %d, action is %d\n", domain, ret, action);
|
||||
|
||||
return action;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user