2015-11-10 18:29:42 +08:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
2015-11-12 18:28:58 +08:00
|
|
|
#include <assert.h>
|
2016-11-21 17:56:59 +08:00
|
|
|
#include <time.h>
|
2015-11-12 18:28:58 +08:00
|
|
|
#include <MESA/MESA_handle_logger.h>
|
|
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
#include "rulescan.h"
|
|
|
|
|
#include "UniversalBoolMatch.h"
|
|
|
|
|
#include "Maat_rule.h"
|
|
|
|
|
#include "Maat_rule_internal.h"
|
2015-11-12 18:28:58 +08:00
|
|
|
#include "dynamic_array.h"
|
2016-02-18 14:53:06 +08:00
|
|
|
#include "aligment_int64.h"
|
2015-11-12 18:28:58 +08:00
|
|
|
#include "config_monitor.h"
|
|
|
|
|
#include "map_str2int.h"
|
|
|
|
|
#include "rulescan.h"
|
|
|
|
|
#include "json2iris.h"
|
2015-11-10 18:29:42 +08:00
|
|
|
|
|
|
|
|
struct _Maat_table_info_t * acqurie_table(struct _Maat_feather_t* _feather,int table_id,enum MAAT_TABLE_TYPE expect_type)
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_table_info_t *p_table=NULL;
|
|
|
|
|
if(table_id>MAX_TABLE_NUM)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if(_feather->p_table_info[table_id]==NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
p_table=_feather->p_table_info[table_id];
|
2016-02-11 13:57:39 +08:00
|
|
|
if(p_table==NULL)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
if(p_table->table_type!=expect_type)
|
|
|
|
|
{
|
|
|
|
|
if(expect_type!=TABLE_TYPE_EXPR||
|
|
|
|
|
p_table->table_type!=TABLE_TYPE_EXPR_PLUS)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
return p_table;
|
|
|
|
|
}
|
|
|
|
|
inline void INC_SCANNER_REF(_Maat_scanner_t*scanner,int thread_num)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
aligment_int64_array_add(scanner->ref_cnt, thread_num, 1);
|
2015-11-10 18:29:42 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
inline void DEC_SCANNER_REF(_Maat_scanner_t*scanner,int thread_num)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
|
|
|
|
|
aligment_int64_array_add(scanner->ref_cnt, thread_num, -1);
|
2015-11-10 18:29:42 +08:00
|
|
|
return;
|
|
|
|
|
}
|
2015-11-12 18:28:58 +08:00
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
//return 1 if insert a unique id
|
|
|
|
|
//return 0 if id is duplicated
|
|
|
|
|
//return -1 if set is full
|
|
|
|
|
int insert_set_id(unsigned int **set,int* size,int cnt,unsigned int id)
|
|
|
|
|
{
|
|
|
|
|
int i=0;
|
|
|
|
|
for(i=0;i<cnt;i++)
|
|
|
|
|
{
|
|
|
|
|
if((*set)[i]==id)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(i==cnt)
|
|
|
|
|
{
|
|
|
|
|
if(cnt==*size)
|
|
|
|
|
{
|
|
|
|
|
*size+=16;
|
|
|
|
|
*set=(unsigned int*)realloc(*set,(*size)*sizeof(unsigned int));
|
|
|
|
|
}
|
|
|
|
|
(*set)[cnt]=id;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
int pickup_hit_region_from_compile(universal_bool_expr_t *compile_hit,const unsigned int* hitted_id,int hit_cnt,int* region_pos,int size)
|
|
|
|
|
{
|
|
|
|
|
int i=0,j=0;
|
|
|
|
|
int k=0;
|
|
|
|
|
for(i=0;i<hit_cnt;i++)
|
|
|
|
|
{
|
|
|
|
|
for(j=0;j<(int)(compile_hit->bool_item_num);j++)
|
|
|
|
|
{
|
|
|
|
|
if(hitted_id[i]==compile_hit->bool_item_ids[j])
|
|
|
|
|
{
|
|
|
|
|
region_pos[k]=i;
|
|
|
|
|
k++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return k;
|
|
|
|
|
}
|
2017-06-24 21:38:11 +08:00
|
|
|
int region_compile(_Maat_feather_t*feather,struct _INNER_scan_status_t *_mid,int is_last_region,void* region_hit,int region_type_size,int group_offset,int region_hit_num,struct Maat_rule_t* result,_compile_result_t *rs_result, int size,int thread_num)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
int scan_ret=0,result_cnt=0;
|
2016-12-29 12:28:33 +08:00
|
|
|
int ret=0,i=0;
|
2015-11-10 18:29:42 +08:00
|
|
|
int r_in_c_cnt=0;
|
|
|
|
|
int shortcut_avilable_cnt=0;
|
2016-02-11 13:57:39 +08:00
|
|
|
void* bool_matcher=feather->scanner->expr_compiler;
|
2017-07-03 19:54:47 +08:00
|
|
|
struct _Maat_group_inner_t* group_rule=NULL;
|
|
|
|
|
struct _Maat_compile_inner_t* array_mi_rule[MAX_SCANNER_HIT_NUM];
|
|
|
|
|
struct _Maat_compile_inner_t* _mi_rule=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
int region_pos[MAX_SCANNER_HIT_NUM];
|
|
|
|
|
_mid->cur_hit_cnt=0;
|
|
|
|
|
for(i=0;i<region_hit_num;i++)
|
|
|
|
|
{
|
2017-07-03 19:54:47 +08:00
|
|
|
group_rule=*(struct _Maat_group_inner_t**)((char*)region_hit+region_type_size*i+group_offset);
|
2015-11-10 18:29:42 +08:00
|
|
|
if(group_rule->group_id<0)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if(group_rule->compile_shortcut!=NULL&&group_rule->ref_cnt==1&&shortcut_avilable_cnt<MAX_SCANNER_HIT_NUM)
|
|
|
|
|
{
|
2017-07-03 19:54:47 +08:00
|
|
|
array_mi_rule[shortcut_avilable_cnt]=(struct _Maat_compile_inner_t*)(group_rule->compile_shortcut);
|
2015-11-10 18:29:42 +08:00
|
|
|
shortcut_avilable_cnt++;
|
|
|
|
|
}
|
2017-06-28 09:51:19 +08:00
|
|
|
_mid->cur_hit_id[_mid->cur_hit_cnt]=group_rule->group_id;
|
2015-11-10 18:29:42 +08:00
|
|
|
_mid->cur_hit_cnt++;
|
|
|
|
|
ret=insert_set_id(&(_mid->hitted_group_id),
|
|
|
|
|
&(_mid->hit_group_size),
|
|
|
|
|
_mid->hit_group_cnt,
|
|
|
|
|
(unsigned int)group_rule->group_id);
|
|
|
|
|
_mid->hit_group_cnt+=ret;
|
|
|
|
|
}
|
|
|
|
|
if(shortcut_avilable_cnt==region_hit_num||shortcut_avilable_cnt==MAX_SCANNER_HIT_NUM)
|
|
|
|
|
{
|
|
|
|
|
//short cut for rules contains one group
|
|
|
|
|
scan_ret=shortcut_avilable_cnt;
|
2017-06-24 21:38:11 +08:00
|
|
|
aligment_int64_array_add(feather->orphan_group_saving, thread_num, 1);
|
|
|
|
|
}
|
2017-06-28 09:51:19 +08:00
|
|
|
else if(shortcut_avilable_cnt==0&®ion_hit_num==1&&_mid->hit_group_cnt==1&&is_last_region==1)
|
2017-06-24 21:38:11 +08:00
|
|
|
{
|
|
|
|
|
//short cut for last scan and combination rules
|
2017-06-28 09:51:19 +08:00
|
|
|
//region_hit_num==1 : for current scan hitted rules, one and each other group may statisfy a compile rule.
|
|
|
|
|
//_mid->hit_group_cnt==1: With pre scan hitted group rules, one group may staisfy a compile rule
|
2017-06-24 21:38:11 +08:00
|
|
|
scan_ret=0;
|
|
|
|
|
aligment_int64_array_add(feather->last_region_saving, thread_num, 1);
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
scan_ret=boolexpr_match(bool_matcher,thread_num,
|
2015-11-10 18:29:42 +08:00
|
|
|
_mid->hitted_group_id,_mid->hit_group_cnt,
|
|
|
|
|
(void **)array_mi_rule, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
}
|
2016-12-29 16:34:31 +08:00
|
|
|
for(i=0;i<scan_ret&&result_cnt<size;i++)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
_mi_rule=array_mi_rule[i];
|
|
|
|
|
if(_mi_rule==NULL||_mi_rule->db_c_rule==NULL)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(0==pthread_rwlock_tryrdlock(&(_mi_rule->rwlock)))
|
|
|
|
|
{
|
|
|
|
|
make_group_set(_mi_rule,&(rs_result[result_cnt].group_set));
|
|
|
|
|
r_in_c_cnt=pickup_hit_region_from_compile(&(rs_result[result_cnt].group_set),_mid->cur_hit_id,_mid->cur_hit_cnt,
|
|
|
|
|
region_pos, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
if(r_in_c_cnt>0)//compile config hitted becasue of new reigon
|
|
|
|
|
{
|
|
|
|
|
memcpy(&(result[result_cnt]),&(_mi_rule->db_c_rule->m_rule_head),sizeof(struct _head_Maat_rule_t));
|
|
|
|
|
memcpy(result[result_cnt].service_defined
|
|
|
|
|
,_mi_rule->db_c_rule->service_defined
|
|
|
|
|
,_mi_rule->db_c_rule->m_rule_head.serv_def_len);
|
|
|
|
|
rs_result[result_cnt].compile_id=_mi_rule->compile_id;
|
|
|
|
|
result_cnt++;
|
|
|
|
|
}
|
|
|
|
|
pthread_rwlock_unlock(&(_mi_rule->rwlock));
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
if(result_cnt>0)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(feather->hit_cnt,thread_num,1);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
return result_cnt;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-03 19:54:47 +08:00
|
|
|
int exprid2region_id(struct _Maat_group_inner_t* group_rule,int expr_id,int* district_id)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2017-07-04 20:13:36 +08:00
|
|
|
int i=0,region_id=-1;
|
2017-07-03 19:54:47 +08:00
|
|
|
struct _Maat_region_inner_t* region_rule=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
assert(group_rule->group_id>=0);
|
|
|
|
|
pthread_mutex_lock(&(group_rule->mutex));
|
|
|
|
|
for(i=0;i<group_rule->region_boundary;i++)
|
|
|
|
|
{
|
2017-07-03 19:54:47 +08:00
|
|
|
region_rule=(struct _Maat_region_inner_t*)dynamic_array_read(group_rule->regions, i);
|
2015-11-10 18:29:42 +08:00
|
|
|
if(region_rule==NULL)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-07-03 19:54:47 +08:00
|
|
|
if(expr_id>=region_rule->expr_id_lb&&expr_id<=region_rule->expr_id_ub)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
region_id=region_rule->region_id;
|
2016-02-11 13:57:39 +08:00
|
|
|
*district_id=region_rule->district_id;
|
2017-07-03 19:54:47 +08:00
|
|
|
break;
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
pthread_mutex_unlock(&(group_rule->mutex));
|
|
|
|
|
return region_id;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
int match_district(struct _OUTER_scan_status_t *_mid,scan_result_t *region_hit,int region_hit_num)
|
|
|
|
|
{
|
2017-07-03 19:54:47 +08:00
|
|
|
struct _Maat_group_inner_t* group_rule=NULL;
|
2016-02-11 13:57:39 +08:00
|
|
|
int i=0;
|
|
|
|
|
int district_id=-1,region_id=-1;
|
|
|
|
|
int ret_region_num=region_hit_num;
|
|
|
|
|
while(i<ret_region_num)
|
|
|
|
|
{
|
2017-07-03 19:54:47 +08:00
|
|
|
group_rule=(struct _Maat_group_inner_t*)(region_hit[i].tag);
|
2016-02-11 13:57:39 +08:00
|
|
|
region_id=exprid2region_id(group_rule, region_hit[i].expr_id,&district_id);
|
|
|
|
|
if(region_id>0&&district_id!=_mid->district_id)
|
|
|
|
|
{
|
|
|
|
|
ret_region_num--;
|
|
|
|
|
memmove(&(region_hit[i]),&(region_hit[i+1]),sizeof(scan_result_t)*(ret_region_num-i));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ret_region_num;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
int fill_regex_pos(struct regex_pos_t *regex_pos,int size,rule_result_t *rs_result,const char* buff)
|
|
|
|
|
{
|
|
|
|
|
int i=0,j=0;
|
|
|
|
|
int group_num=rs_result->group_num;
|
|
|
|
|
unsigned int * position=rs_result->position;
|
|
|
|
|
unsigned int * length=rs_result->length;
|
|
|
|
|
regex_pos->group_num=group_num;
|
|
|
|
|
for(i=0;i<(int)rs_result->result_num&&i<size;i++)
|
|
|
|
|
{
|
|
|
|
|
if((group_num+1)*i>MAX_MATCH_POS_NUM)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
regex_pos[i].hitting_regex_pos=buff+position[(group_num+1)*i];
|
|
|
|
|
regex_pos[i].hitting_regex_len=length[(group_num+1)*i];
|
|
|
|
|
for(j=0;j<group_num&&j<MAAT_MAX_REGEX_GROUP_NUM;j++)
|
|
|
|
|
{
|
|
|
|
|
if((group_num+1)*i+j+1>MAAT_MAX_REGEX_GROUP_NUM)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
regex_pos[i].grouping_pos[j]=buff+position[(group_num+1)*i+j+1];
|
|
|
|
|
regex_pos[i].grouping_len[j]=length[(group_num+1)*i+j+1];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return i;
|
|
|
|
|
}
|
|
|
|
|
int fill_substr_pos(struct str_pos_t* str_pos,int size,rule_result_t *rs_result,const char* buff)
|
|
|
|
|
{
|
|
|
|
|
int i=0;
|
|
|
|
|
unsigned int * position=rs_result->position;
|
|
|
|
|
unsigned int * length=rs_result->length;
|
|
|
|
|
for(i=0;i<(int)rs_result->result_num&&i<size;i++)
|
|
|
|
|
{
|
|
|
|
|
if(i>MAX_MATCH_POS_NUM)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
str_pos[i].hit_pos=buff+position[i];
|
|
|
|
|
str_pos[i].hit_len= length[i];
|
|
|
|
|
}
|
|
|
|
|
return i;
|
|
|
|
|
}
|
|
|
|
|
int hit_pos_RS2Maat(struct sub_item_pos_t* maat_sub_item,int size,rule_result_t* rs_result,int rs_cnt,const char* buff)
|
|
|
|
|
{
|
|
|
|
|
int k=0;
|
|
|
|
|
for(k=0;k<rs_cnt&&k<size;k++)
|
|
|
|
|
{
|
|
|
|
|
switch(rs_result[k].rule_type)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
case RULETYPE_STR:
|
|
|
|
|
maat_sub_item[k].ruletype=MAAT_POSTYPE_EXPR;
|
|
|
|
|
maat_sub_item[k].hit_cnt=fill_substr_pos(maat_sub_item[k].substr_pos, MAAT_MAX_HIT_POS_NUM, &(rs_result[k]),buff);
|
|
|
|
|
break;
|
|
|
|
|
case RULETYPE_REG:
|
|
|
|
|
maat_sub_item[k].ruletype=MAAT_POSTYPE_REGEX;
|
|
|
|
|
maat_sub_item[k].hit_cnt=fill_regex_pos(maat_sub_item[k].regex_pos, MAAT_MAX_HIT_POS_NUM, &(rs_result[k]),buff);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
assert(0);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return k;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
int fill_region_hit_detail(const char* scan_buff,const _INNER_scan_status_t* _mid,
|
2015-11-10 18:29:42 +08:00
|
|
|
scan_result_t *region_hit,int region_cnt,
|
|
|
|
|
_compile_result_t *compile_hit,int compile_cnt,
|
|
|
|
|
struct Maat_hit_detail_t *hit_detail,int detail_num)
|
|
|
|
|
{
|
|
|
|
|
int i=0,j=0,k=0;
|
|
|
|
|
char r_in_c_flag[region_cnt];
|
|
|
|
|
int region_pos[MAX_SCANNER_HIT_NUM],pos=0;
|
|
|
|
|
int r_in_c_cnt=0;
|
|
|
|
|
int region_id=-1;
|
2016-02-11 13:57:39 +08:00
|
|
|
int district_id=-1; //Indifferenc
|
2015-11-10 18:29:42 +08:00
|
|
|
memset(r_in_c_flag,0,sizeof(r_in_c_flag));
|
|
|
|
|
memset(region_pos,0,sizeof(region_pos));
|
|
|
|
|
|
2017-07-03 19:54:47 +08:00
|
|
|
struct _Maat_group_inner_t* group_rule=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
//for each hitted compile cfg,find its region_ids
|
|
|
|
|
for(i=0;i<compile_cnt&&i<detail_num;i++)
|
|
|
|
|
{
|
|
|
|
|
hit_detail[i].config_id=compile_hit[i].compile_id;
|
|
|
|
|
r_in_c_cnt=pickup_hit_region_from_compile(&(compile_hit[i].group_set),_mid->cur_hit_id,_mid->cur_hit_cnt,
|
|
|
|
|
region_pos, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
assert(r_in_c_cnt>0);//previous hitted compile was elimited in region_compile
|
|
|
|
|
for(j=0,k=0;j<r_in_c_cnt&&k<MAAT_MAX_HIT_RULE_NUM;j++)
|
|
|
|
|
{
|
|
|
|
|
pos=region_pos[j];
|
|
|
|
|
r_in_c_flag[pos]=1;
|
2017-07-03 19:54:47 +08:00
|
|
|
group_rule=(struct _Maat_group_inner_t*)(region_hit[pos].tag);
|
2016-02-11 13:57:39 +08:00
|
|
|
region_id=exprid2region_id(group_rule,region_hit[pos].expr_id,&district_id);
|
2015-11-10 18:29:42 +08:00
|
|
|
if(region_id<0)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
hit_detail[i].region_pos[k].region_id=region_id;
|
|
|
|
|
hit_detail[i].region_pos[k].sub_item_num=region_hit[pos].rnum;
|
|
|
|
|
hit_pos_RS2Maat(hit_detail[i].region_pos[k].sub_item_pos,MAAT_MAX_EXPR_ITEM_NUM,
|
|
|
|
|
region_hit[pos].result, region_hit[pos].rnum,scan_buff);
|
|
|
|
|
k++;
|
|
|
|
|
}
|
|
|
|
|
hit_detail[i].hit_region_cnt=k;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
//for each region_ids, if belongs to no compile cfg, fill hit_detail as a half hit cfg
|
|
|
|
|
for(k=0,j=i;k<region_cnt&&j<region_cnt&&j<detail_num;k++)
|
|
|
|
|
{
|
|
|
|
|
if(r_in_c_flag[k]==0)
|
|
|
|
|
{
|
2017-07-03 19:54:47 +08:00
|
|
|
group_rule=(struct _Maat_group_inner_t*)(region_hit[k].tag);
|
2015-11-10 18:29:42 +08:00
|
|
|
hit_detail[j].config_id=-2;
|
|
|
|
|
hit_detail[j].hit_region_cnt=1;
|
2016-02-11 13:57:39 +08:00
|
|
|
hit_detail[j].region_pos[0].region_id=exprid2region_id(group_rule,region_hit[k].expr_id,&district_id);
|
2015-11-10 18:29:42 +08:00
|
|
|
hit_detail[j].region_pos[0].sub_item_num=region_hit[k].rnum;
|
|
|
|
|
hit_pos_RS2Maat(hit_detail[j].region_pos[0].sub_item_pos,MAAT_MAX_EXPR_ITEM_NUM,
|
|
|
|
|
region_hit[k].result,region_hit[k].rnum,scan_buff);
|
|
|
|
|
j++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return j;
|
|
|
|
|
}
|
2016-05-09 22:02:27 +08:00
|
|
|
struct _INNER_scan_status_t* _make_inner_status(void)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _INNER_scan_status_t* inner_mid=NULL;
|
|
|
|
|
inner_mid=(struct _INNER_scan_status_t*)calloc(sizeof(struct _INNER_scan_status_t),1);
|
|
|
|
|
inner_mid->cur_hit_cnt=0;
|
|
|
|
|
inner_mid->hit_group_cnt=0;
|
|
|
|
|
inner_mid->hit_group_size=4;
|
|
|
|
|
inner_mid->hitted_group_id=(unsigned int*)malloc(sizeof(unsigned int)*inner_mid->hit_group_size);
|
|
|
|
|
return inner_mid;
|
|
|
|
|
}
|
2016-05-09 22:02:27 +08:00
|
|
|
struct _OUTER_scan_status_t* _make_outer_status(_Maat_feather_t *feather,int thread_num)
|
2016-02-11 13:57:39 +08:00
|
|
|
{
|
|
|
|
|
struct _OUTER_scan_status_t* outer_mid=NULL;
|
|
|
|
|
outer_mid=(struct _OUTER_scan_status_t*)calloc(sizeof(struct _OUTER_scan_status_t),1);
|
|
|
|
|
outer_mid->feather=feather;
|
|
|
|
|
outer_mid->district_id=-1;
|
2016-05-09 22:02:27 +08:00
|
|
|
outer_mid->thread_num=(unsigned short)thread_num;
|
|
|
|
|
aligment_int64_array_add(feather->outer_mid_cnt, thread_num,1);
|
2016-02-11 13:57:39 +08:00
|
|
|
return outer_mid;
|
|
|
|
|
}
|
|
|
|
|
struct _OUTER_scan_status_t* grab_mid(scan_status_t* raw_mid,_Maat_feather_t* feather,int thread_num,int is_hit_region)
|
|
|
|
|
{
|
|
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
|
|
|
|
if(*raw_mid!=NULL)
|
|
|
|
|
{
|
|
|
|
|
_mid=(struct _OUTER_scan_status_t*)(*raw_mid);
|
|
|
|
|
}
|
|
|
|
|
if(is_hit_region==1)
|
|
|
|
|
{
|
|
|
|
|
if(_mid==NULL)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
_mid=_make_outer_status(feather,thread_num);
|
2016-02-11 13:57:39 +08:00
|
|
|
*raw_mid=_mid;
|
|
|
|
|
}
|
|
|
|
|
if(_mid->inner==NULL)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
_mid->inner=_make_inner_status();
|
|
|
|
|
aligment_int64_array_add(feather->inner_mid_cnt,thread_num,1);
|
2016-02-11 13:57:39 +08:00
|
|
|
}
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
return _mid;
|
|
|
|
|
}
|
|
|
|
|
int detain_last_data(char* buff,int buff_size,int detained_len,const char* data,int data_len)
|
|
|
|
|
{
|
|
|
|
|
int to_copy_size=0,foward_offset=0;
|
|
|
|
|
int ret_len;
|
|
|
|
|
if(data_len<=buff_size-detained_len)
|
|
|
|
|
{
|
|
|
|
|
to_copy_size=data_len;
|
|
|
|
|
memcpy(buff+detained_len,data,data_len);
|
|
|
|
|
ret_len=detained_len+data_len;
|
|
|
|
|
}
|
|
|
|
|
else if(data_len>buff_size-detained_len&&data_len<buff_size)
|
|
|
|
|
{
|
|
|
|
|
foward_offset=detained_len+data_len-buff_size;
|
|
|
|
|
to_copy_size=buff_size-data_len;
|
|
|
|
|
memmove(buff,buff+foward_offset,to_copy_size);
|
|
|
|
|
|
|
|
|
|
memcpy(buff+to_copy_size,data,data_len);
|
|
|
|
|
ret_len=buff_size;
|
|
|
|
|
}
|
|
|
|
|
else//data_len>=buff_size
|
|
|
|
|
{
|
|
|
|
|
memcpy(buff,data+data_len-buff_size,buff_size);
|
|
|
|
|
ret_len=buff_size;
|
|
|
|
|
}
|
|
|
|
|
return ret_len;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
Maat_feather_t Maat_feather(int max_thread_num,const char* table_info_path,void* logger)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2017-04-23 13:19:02 +08:00
|
|
|
if(max_thread_num<=0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
|
|
|
|
|
"Invalid max_thread_num=%d."
|
|
|
|
|
,max_thread_num);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
_Maat_feather_t* feather=(_Maat_feather_t*)calloc(sizeof(struct _Maat_feather_t),1);
|
2016-05-09 22:02:27 +08:00
|
|
|
feather->table_cnt=read_table_info(feather->p_table_info, MAX_TABLE_NUM,table_info_path,max_thread_num,logger);
|
2015-11-10 18:29:42 +08:00
|
|
|
feather->map_tablename2id=map_create();
|
2016-08-30 10:40:05 +08:00
|
|
|
int i=0,j=0,ret=0;
|
2015-11-10 18:29:42 +08:00
|
|
|
for(i=0;i<MAX_TABLE_NUM;i++)
|
|
|
|
|
{
|
|
|
|
|
if(feather->p_table_info[i]!=NULL)
|
|
|
|
|
{
|
|
|
|
|
if(feather->p_table_info[i]->table_type==TABLE_TYPE_GROUP)
|
|
|
|
|
{
|
|
|
|
|
feather->GROUP_MODE_ON=1;
|
2017-07-04 20:13:36 +08:00
|
|
|
strncpy(feather->group_tn,feather->p_table_info[i]->table_name[0],sizeof(feather->group_tn));
|
2017-07-03 12:53:12 +08:00
|
|
|
}
|
|
|
|
|
if(feather->p_table_info[i]->table_type==TABLE_TYPE_COMPILE)
|
|
|
|
|
{
|
2017-07-04 20:13:36 +08:00
|
|
|
strncpy(feather->compile_tn,feather->p_table_info[i]->table_name[0],sizeof(feather->compile_tn));
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
2016-08-30 11:08:32 +08:00
|
|
|
for(j=0;j<feather->p_table_info[i]->conj_cnt;j++)
|
2016-08-30 10:40:05 +08:00
|
|
|
{
|
|
|
|
|
ret=map_register(feather->map_tablename2id,feather->p_table_info[i]->table_name[j],feather->p_table_info[i]->table_id);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(feather->logger,RLOG_LV_FATAL,maat_module ,
|
|
|
|
|
"Duplicate table name %s of table id %d"
|
|
|
|
|
,feather->p_table_info[i]->table_name[j]
|
|
|
|
|
,feather->p_table_info[i]->table_id);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
feather->logger=logger;
|
|
|
|
|
feather->scan_thread_num=max_thread_num;
|
|
|
|
|
feather->garbage_q=MESA_lqueue_create(0,0);
|
|
|
|
|
feather->effect_interval_ms=60*1000;
|
|
|
|
|
feather->scan_interval_ms=1*1000;
|
2017-06-13 20:19:16 +08:00
|
|
|
feather->rule_scan_type=2;
|
2016-02-18 14:53:06 +08:00
|
|
|
feather->thread_call_cnt=aligment_int64_array_alloc(max_thread_num);
|
2016-05-09 22:02:27 +08:00
|
|
|
feather->outer_mid_cnt=aligment_int64_array_alloc(max_thread_num);
|
|
|
|
|
feather->inner_mid_cnt=aligment_int64_array_alloc(max_thread_num);
|
|
|
|
|
feather->hit_cnt=aligment_int64_array_alloc(max_thread_num);
|
2017-06-24 21:38:11 +08:00
|
|
|
feather->orphan_group_saving=aligment_int64_array_alloc(max_thread_num);
|
|
|
|
|
feather->last_region_saving=aligment_int64_array_alloc(max_thread_num);
|
2016-10-25 15:11:55 +08:00
|
|
|
feather->maat_version=0;
|
|
|
|
|
feather->last_full_version=0;
|
2017-07-03 20:15:39 +08:00
|
|
|
feather->base_grp_seq=0;
|
|
|
|
|
feather->base_rgn_seq=0;
|
|
|
|
|
feather->connect_timeout.tv_sec=0;
|
|
|
|
|
feather->connect_timeout.tv_usec=100*1000; // 100 ms
|
2017-01-03 09:38:10 +08:00
|
|
|
pthread_mutex_init(&(feather->plugin_table_reg_mutex),NULL);
|
2017-07-03 12:53:12 +08:00
|
|
|
pthread_mutex_init(&(feather->redis_write_lock),NULL);
|
2016-12-29 12:15:42 +08:00
|
|
|
snprintf(feather->table_info_fn,sizeof(feather->table_info_fn),"%s",table_info_path);
|
2015-11-10 18:29:42 +08:00
|
|
|
return feather;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT type,const void* value,int size)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2016-02-10 10:01:18 +08:00
|
|
|
_Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
int intval=0,ret=-1;
|
|
|
|
|
if(_feather->still_working==1)// not allowed set after Maat_initiate_feather;
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2016-02-10 10:01:18 +08:00
|
|
|
return -2;
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
switch(type)
|
|
|
|
|
{
|
|
|
|
|
case MAAT_OPT_EFFECT_INVERVAL_MS:
|
2016-02-10 10:01:18 +08:00
|
|
|
intval=*(const int*)value;
|
2015-11-10 18:29:42 +08:00
|
|
|
if(size!=sizeof(int)||intval<=0)
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
_feather->effect_interval_ms=intval;
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_SCANDIR_INTERVAL_MS:
|
2016-02-10 10:01:18 +08:00
|
|
|
intval=*(const int*)value;
|
2015-11-10 18:29:42 +08:00
|
|
|
if(size!=sizeof(int)||intval<0)
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
_feather->scan_interval_ms=intval;
|
|
|
|
|
break;
|
2016-02-10 10:01:18 +08:00
|
|
|
case MAAT_OPT_FULL_CFG_DIR:
|
|
|
|
|
if(size>(int)sizeof(_feather->full_dir))
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
memcpy(_feather->full_dir,(const char*)value,size);
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_INC_CFG_DIR:
|
|
|
|
|
if(size>(int)sizeof(_feather->inc_dir))
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
memcpy(_feather->inc_dir,(const char*)value,size);
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_JSON_FILE_PATH:
|
2017-07-04 20:13:36 +08:00
|
|
|
ret=json2iris((const char*)value
|
2017-07-04 10:01:56 +08:00
|
|
|
,_feather->compile_tn,_feather->group_tn
|
2017-07-04 20:13:36 +08:00
|
|
|
,_feather->full_dir
|
2017-07-04 10:01:56 +08:00
|
|
|
,sizeof(_feather->full_dir),_feather->logger);
|
2016-02-10 10:01:18 +08:00
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
memcpy(_feather->inc_dir,_feather->full_dir,sizeof(_feather->inc_dir));
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_INFO,maat_module ,
|
|
|
|
|
"Maat initial with JSON file %s,generate index file %s OK."
|
|
|
|
|
,(const char*)value
|
|
|
|
|
,_feather->full_dir);
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_STAT_ON:
|
|
|
|
|
_feather->stat_on=1;
|
|
|
|
|
_feather->stat_handle=FS_create_handle();
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_PERF_ON:
|
|
|
|
|
_feather->perf_on=1;
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_STAT_FILE_PATH:
|
|
|
|
|
if(size>(int)sizeof(_feather->stat_file))
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
memcpy(_feather->stat_file,(const char*)value,size);
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_INFO,maat_module ,
|
|
|
|
|
"Maat performance statistic output to %s."
|
|
|
|
|
,(const char*)value);
|
|
|
|
|
_feather->stat_on=1;
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_SCAN_DETAIL:
|
|
|
|
|
intval=*(const int*)value;
|
|
|
|
|
_feather->rule_scan_type=intval;
|
|
|
|
|
break;
|
2016-12-29 12:15:42 +08:00
|
|
|
case MAAT_OPT_INSTANCE_NAME:
|
|
|
|
|
snprintf(_feather->instance_name
|
|
|
|
|
,sizeof(_feather->instance_name)
|
|
|
|
|
,"%s",
|
|
|
|
|
(const char*)value);
|
|
|
|
|
break;
|
2017-06-09 20:46:28 +08:00
|
|
|
case MAAT_OPT_DECRYPT_KEY:
|
2017-07-04 20:13:36 +08:00
|
|
|
if((size_t)size>sizeof(_feather->decrypt_key))
|
2017-07-03 12:53:12 +08:00
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2017-06-09 20:46:28 +08:00
|
|
|
memcpy(_feather->decrypt_key,value,size);
|
|
|
|
|
break;
|
2017-07-03 12:53:12 +08:00
|
|
|
case MAAT_OPT_REDIS_IP:
|
2017-07-04 20:13:36 +08:00
|
|
|
if((size_t)size>sizeof(_feather->redis_ip))
|
2017-07-03 12:53:12 +08:00
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
memcpy(_feather->redis_ip,value,size);
|
|
|
|
|
break;
|
|
|
|
|
case MAAT_OPT_REDIS_PORT:
|
2017-07-04 20:13:36 +08:00
|
|
|
if((size_t)size!=sizeof(unsigned short))
|
2017-07-03 12:53:12 +08:00
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
_feather->redis_port=*((unsigned short*)value);
|
|
|
|
|
break;
|
2015-11-10 18:29:42 +08:00
|
|
|
default:
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
int Maat_initiate_feather(Maat_feather_t feather)
|
|
|
|
|
{
|
|
|
|
|
_Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
2017-07-03 20:15:39 +08:00
|
|
|
|
2017-07-03 12:53:12 +08:00
|
|
|
if(strlen(_feather->redis_ip)>0&&_feather->redis_port!=0)
|
|
|
|
|
{
|
|
|
|
|
_feather->REDIS_MODE_ON=1;
|
2017-07-05 20:58:38 +08:00
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_INFO,maat_module ,
|
|
|
|
|
"Maat initiate from Redis %s:%hu"
|
|
|
|
|
,_feather->redis_ip
|
|
|
|
|
,_feather->redis_port);
|
2017-07-03 20:15:39 +08:00
|
|
|
_feather->redis_read_ctx=redisConnectWithTimeout(_feather->redis_ip,_feather->redis_port,_feather->connect_timeout);
|
2017-07-03 12:53:12 +08:00
|
|
|
if(_feather->redis_read_ctx==NULL)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_module
|
|
|
|
|
,"Redis connect %s:%d failed."
|
|
|
|
|
,_feather->redis_ip,_feather->redis_port);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
redisEnableKeepAlive(_feather->redis_read_ctx);
|
|
|
|
|
redis_monitor_traverse(_feather->maat_version
|
|
|
|
|
,_feather->redis_read_ctx
|
|
|
|
|
,maat_start_cb
|
|
|
|
|
,maat_update_cb
|
|
|
|
|
,maat_finish_cb
|
|
|
|
|
, _feather
|
|
|
|
|
,_feather->decrypt_key //Not used.
|
2017-07-03 20:15:39 +08:00
|
|
|
,_feather);
|
2017-07-03 12:53:12 +08:00
|
|
|
}
|
|
|
|
|
else
|
2016-02-15 09:28:47 +08:00
|
|
|
{
|
2017-07-03 12:53:12 +08:00
|
|
|
if(strlen(_feather->full_dir)==0)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_module ,
|
|
|
|
|
"At initiation: NO FULL_CFG_DIR or JSON_FILE_PATH. ");
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
config_monitor_traverse(_feather->maat_version,
|
|
|
|
|
_feather->full_dir,
|
|
|
|
|
maat_start_cb,
|
|
|
|
|
maat_update_cb,
|
|
|
|
|
maat_finish_cb,
|
|
|
|
|
_feather,
|
|
|
|
|
_feather->decrypt_key,
|
|
|
|
|
_feather->logger);
|
2016-02-15 09:28:47 +08:00
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->update_tmp_scanner==NULL)
|
|
|
|
|
{
|
2017-07-05 20:58:38 +08:00
|
|
|
if(_feather->REDIS_MODE_ON==1)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_module ,
|
|
|
|
|
"At initiation: no avilable rule in redis in %s:%hu"
|
|
|
|
|
,_feather->redis_ip
|
|
|
|
|
,_feather->redis_port);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_module ,
|
2016-02-10 10:01:18 +08:00
|
|
|
"At initiation: no valid index file in %s",_feather->full_dir);
|
2017-07-05 20:58:38 +08:00
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
|
|
|
|
_feather->scanner=_feather->update_tmp_scanner;
|
|
|
|
|
_feather->update_tmp_scanner=NULL;
|
|
|
|
|
_feather->still_working=1;
|
|
|
|
|
if(_feather->scanner!=NULL)
|
|
|
|
|
{
|
|
|
|
|
_feather->maat_version=_feather->scanner->version;
|
2016-10-25 15:11:55 +08:00
|
|
|
_feather->last_full_version=_feather->scanner->version;
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
|
|
|
|
if(strlen(_feather->stat_file)==0)
|
|
|
|
|
{
|
2016-02-15 09:28:47 +08:00
|
|
|
if(_feather->stat_on==1)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_module ,
|
|
|
|
|
"At initiation: MAAT_OPT_STAT_FILE_PATH not set,TURN OFF STAT trigger.");
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
_feather->stat_on=0;
|
|
|
|
|
}
|
2016-02-15 09:28:47 +08:00
|
|
|
if(_feather->stat_on==0&&_feather->perf_on==1)
|
|
|
|
|
{
|
|
|
|
|
MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_module ,
|
|
|
|
|
"At initiation: STAT tirigger OFF, TURN OFF PERF trigger.");
|
|
|
|
|
_feather->perf_on=0;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
maat_stat_init(_feather);
|
|
|
|
|
|
|
|
|
|
pthread_t cfg_mon_t;
|
|
|
|
|
pthread_create(&cfg_mon_t, NULL, thread_rule_monitor, (void*)_feather);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Maat_feather_t Maat_summon_feather(int max_thread_num,
|
|
|
|
|
const char* table_info_path,
|
|
|
|
|
const char* ful_cfg_dir,
|
|
|
|
|
const char* inc_cfg_dir,
|
|
|
|
|
void* logger)
|
|
|
|
|
{
|
|
|
|
|
int ret=-1;
|
|
|
|
|
Maat_feather_t feather=NULL;
|
|
|
|
|
feather=Maat_feather(max_thread_num,table_info_path,logger);
|
|
|
|
|
if(feather==NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
ret=Maat_set_feather_opt(feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
2016-03-16 12:48:43 +08:00
|
|
|
ret=Maat_set_feather_opt(feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1);
|
2016-02-10 10:01:18 +08:00
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
|
|
|
|
ret=Maat_initiate_feather(feather);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
|
|
|
|
return feather;
|
|
|
|
|
|
|
|
|
|
error_out:
|
|
|
|
|
Maat_burn_feather(feather);
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
Maat_feather_t Maat_summon_feather_json(int max_thread_num,
|
|
|
|
|
const char* table_info_path,
|
|
|
|
|
const char* json_rule,
|
|
|
|
|
void* logger)
|
|
|
|
|
{
|
|
|
|
|
int ret=-1;
|
|
|
|
|
Maat_feather_t feather=NULL;
|
|
|
|
|
feather=Maat_feather(max_thread_num,table_info_path,logger);
|
|
|
|
|
if(feather==NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
ret=Maat_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, json_rule, strlen(json_rule)+1);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
goto error_out;
|
|
|
|
|
}
|
|
|
|
|
ret=Maat_initiate_feather(feather);
|
|
|
|
|
if(ret<0)
|
|
|
|
|
{
|
|
|
|
|
goto error_out;
|
|
|
|
|
} return feather;
|
|
|
|
|
|
|
|
|
|
error_out:
|
|
|
|
|
|
|
|
|
|
Maat_burn_feather(feather);
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
void Maat_burn_feather(Maat_feather_t feather)
|
|
|
|
|
{
|
|
|
|
|
_Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
_feather->still_working=0;//destroy will proceed in thread_rule_monitor
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
int Maat_table_register(Maat_feather_t feather,const char* table_name)
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t *_feather=(struct _Maat_feather_t *)feather;
|
|
|
|
|
int table_id=-1,ret=0;
|
|
|
|
|
ret=map_str2int(_feather->map_tablename2id, table_name,&table_id);
|
|
|
|
|
if(ret>0)
|
|
|
|
|
{
|
|
|
|
|
return table_id;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
int Maat_table_callback_register(Maat_feather_t feather,short table_id,
|
|
|
|
|
Maat_start_callback_t *start,//MAAT_RULE_UPDATE_TYPE_*,u_para
|
|
|
|
|
Maat_update_callback_t *update,//table line ,u_para
|
|
|
|
|
Maat_finish_callback_t *finish,//u_para
|
|
|
|
|
void* u_para)
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t *_feather=(struct _Maat_feather_t *)feather;
|
|
|
|
|
int idx=0,i=0;
|
|
|
|
|
_Maat_table_info_t *p_table=_feather->p_table_info[table_id];
|
|
|
|
|
const char* lines=NULL;
|
|
|
|
|
if(p_table==NULL)
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(p_table->table_type!=TABLE_TYPE_PLUGIN)
|
|
|
|
|
{
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2017-01-03 09:38:10 +08:00
|
|
|
pthread_mutex_lock(&(_feather->plugin_table_reg_mutex));
|
2015-11-10 18:29:42 +08:00
|
|
|
idx=p_table->cb_info->cb_plug_cnt;
|
|
|
|
|
if(idx==MAX_PLUGING_NUM)
|
|
|
|
|
{
|
2017-01-03 09:38:10 +08:00
|
|
|
pthread_mutex_unlock(&(_feather->plugin_table_reg_mutex));
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
p_table->cb_info->cb_plug_cnt++;
|
|
|
|
|
p_table->cb_info->cb_plug[idx].start=start;
|
|
|
|
|
p_table->cb_info->cb_plug[idx].update=update;
|
|
|
|
|
p_table->cb_info->cb_plug[idx].finish=finish;
|
|
|
|
|
p_table->cb_info->cb_plug[idx].u_para=u_para;
|
2016-12-15 12:05:48 +08:00
|
|
|
if(p_table->cb_info->cache_line_num>0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2016-05-25 11:47:15 +08:00
|
|
|
if(start!=NULL)
|
|
|
|
|
{
|
|
|
|
|
start(MAAT_RULE_UPDATE_TYPE_FULL,u_para);
|
|
|
|
|
}
|
2016-12-15 12:05:48 +08:00
|
|
|
for(i=0;i<p_table->cb_info->cache_line_num;i++)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
lines=(const char*)dynamic_array_read(p_table->cb_info->cache_lines,i);
|
|
|
|
|
if(lines==NULL)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
update(table_id,lines,u_para);
|
|
|
|
|
}
|
2016-05-25 11:47:15 +08:00
|
|
|
if(finish!=NULL)
|
|
|
|
|
{
|
|
|
|
|
finish(u_para);
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
2017-01-03 09:38:10 +08:00
|
|
|
pthread_mutex_unlock(&(_feather->plugin_table_reg_mutex));
|
2015-11-10 18:29:42 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
|
|
|
|
|
,int* detail_ret,scan_status_t* mid,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
int region_ret=0,compile_ret=0,hit_region_cnt=0;
|
|
|
|
|
unsigned int sub_type=0;
|
|
|
|
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t* _mid=(struct _OUTER_scan_status_t*)(*mid);
|
2015-11-10 18:29:42 +08:00
|
|
|
|
|
|
|
|
scan_result_t *region_result=NULL;
|
|
|
|
|
_compile_result_t compile_result[rule_num];//dynamic array
|
|
|
|
|
struct _Maat_table_info_t *p_table=NULL;
|
2016-02-18 14:53:06 +08:00
|
|
|
struct timespec start,end;
|
2016-12-28 18:06:34 +08:00
|
|
|
_Maat_scanner_t* my_scanner=NULL;
|
2016-03-08 14:47:21 +08:00
|
|
|
if(data==NULL||data_len<=0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&start);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid,_feather, thread_num, 0);
|
2015-11-10 18:29:42 +08:00
|
|
|
p_table=acqurie_table(_feather, table_id,TABLE_TYPE_EXPR);
|
|
|
|
|
if(p_table==NULL)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
if(p_table->cfg_num==0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
if(p_table->table_type==TABLE_TYPE_EXPR_PLUS&&(_mid==NULL||_mid->is_set_district!=1))
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2016-02-11 13:57:39 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
if(p_table->do_charset_merge==1)
|
|
|
|
|
{
|
|
|
|
|
sub_type=make_sub_type(table_id,CHARSET_NONE,0);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
sub_type=make_sub_type(table_id,charset,0);
|
|
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
aligment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
|
2015-11-10 18:29:42 +08:00
|
|
|
scan_data_t scan_data;
|
|
|
|
|
scan_data.text_data.text=data;
|
|
|
|
|
scan_data.text_data.tlen=data_len;
|
|
|
|
|
scan_data.text_data.toffset=0;
|
|
|
|
|
my_scanner=_feather->scanner;
|
|
|
|
|
if(my_scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
struct _region_stat_t * region_stat=NULL;
|
|
|
|
|
region_stat=&(my_scanner->region_counter[p_table->table_id]);
|
|
|
|
|
if(region_stat->cfg_num==0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
assert(thread_num<_feather->scan_thread_num);
|
|
|
|
|
region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num;
|
|
|
|
|
|
|
|
|
|
INC_SCANNER_REF(my_scanner, thread_num);
|
2016-12-28 18:06:34 +08:00
|
|
|
if(region_stat->expr_rule_cnt>0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
scan_data.rule_type=RULETYPE_STR;
|
|
|
|
|
scan_data.sub_type=sub_type;
|
|
|
|
|
region_ret=rulescan_search(my_scanner->region, thread_num, &scan_data, region_result, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
if(region_ret>0)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt+=region_ret;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
if(region_stat->regex_rule_cnt>0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
scan_data.rule_type=RULETYPE_REG;
|
|
|
|
|
scan_data.sub_type=make_sub_type(table_id,CHARSET_NONE,0);
|
|
|
|
|
region_ret=rulescan_search(my_scanner->region, thread_num, &scan_data, region_result+hit_region_cnt, MAX_SCANNER_HIT_NUM-hit_region_cnt);
|
|
|
|
|
if(region_ret>0)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt+=region_ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
if(hit_region_cnt>0&&p_table->table_type==TABLE_TYPE_EXPR_PLUS)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt=match_district(_mid,region_result,hit_region_cnt);
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
if(hit_region_cnt>0)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->hit_cnt, thread_num,1);
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid,_feather,thread_num, 1);
|
|
|
|
|
compile_ret=region_compile(_feather,_mid->inner,
|
2017-06-24 21:38:11 +08:00
|
|
|
_mid->is_last_region,
|
2015-11-11 11:50:31 +08:00
|
|
|
region_result,sizeof(scan_result_t),offsetof(scan_result_t, tag),
|
|
|
|
|
hit_region_cnt,
|
2016-05-09 22:02:27 +08:00
|
|
|
result,compile_result,rule_num,
|
|
|
|
|
thread_num);
|
2017-06-24 21:38:11 +08:00
|
|
|
assert(_mid->is_last_region<2);
|
|
|
|
|
if(_mid->is_last_region==1)
|
|
|
|
|
{
|
|
|
|
|
_mid->is_last_region=2;
|
|
|
|
|
}
|
2016-04-25 11:59:54 +08:00
|
|
|
if(hit_detail!=NULL&&_feather->rule_scan_type!=0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2016-02-11 13:57:39 +08:00
|
|
|
*detail_ret=fill_region_hit_detail(data,_mid->inner,
|
2015-11-10 18:29:42 +08:00
|
|
|
region_result,hit_region_cnt,
|
|
|
|
|
compile_result,compile_ret,
|
|
|
|
|
hit_detail,detail_num);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
DEC_SCANNER_REF(my_scanner, thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&end);
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(p_table,data_len,&start, &end,thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
else
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(p_table,data_len,NULL, NULL,thread_num);
|
2016-02-18 14:53:06 +08:00
|
|
|
}
|
|
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
if(compile_ret==0&&hit_region_cnt>0)
|
|
|
|
|
{
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
return compile_ret;
|
|
|
|
|
}
|
|
|
|
|
int Maat_full_scan_string(Maat_feather_t feather,int table_id
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int* found_pos,int rule_num
|
|
|
|
|
,scan_status_t* mid,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
int detail_ret=0,compile_ret=0;
|
|
|
|
|
compile_ret=Maat_full_scan_string_detail(feather,table_id,
|
|
|
|
|
charset, data,data_len,
|
|
|
|
|
result, rule_num,
|
|
|
|
|
NULL, 0, &detail_ret,mid,thread_num);
|
|
|
|
|
return compile_ret;
|
|
|
|
|
}
|
|
|
|
|
int Maat_scan_intval(Maat_feather_t feather,int table_id
|
|
|
|
|
,unsigned int intval
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t *mid,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
int region_ret=0,compile_ret=0;
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
scan_data_t intval_scan_data;
|
|
|
|
|
scan_result_t *region_result=NULL;
|
|
|
|
|
_compile_result_t compile_result[rule_num];
|
|
|
|
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
struct _Maat_scanner_t* my_scanner=NULL;
|
|
|
|
|
intval_scan_data.rule_type=RULETYPE_INT;
|
|
|
|
|
intval_scan_data.sub_type=make_sub_type(table_id,CHARSET_NONE, 0);
|
|
|
|
|
intval_scan_data.int_data=intval;
|
|
|
|
|
_Maat_table_info_t* p_table=NULL;
|
2016-02-18 14:53:06 +08:00
|
|
|
struct timespec start,end;
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&start);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2017-07-03 12:53:12 +08:00
|
|
|
p_table=acqurie_table(_feather,table_id,TABLE_TYPE_INTERVAL);
|
2015-11-10 18:29:42 +08:00
|
|
|
if(p_table==NULL)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(p_table->cfg_num==0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
my_scanner=_feather->scanner;
|
|
|
|
|
if(my_scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
struct _region_stat_t * region_stat=NULL;
|
|
|
|
|
region_stat=&(my_scanner->region_counter[p_table->table_id]);
|
|
|
|
|
if(region_stat->cfg_num==0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
aligment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
|
2015-11-10 18:29:42 +08:00
|
|
|
|
|
|
|
|
region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num;
|
|
|
|
|
|
2015-11-12 18:28:58 +08:00
|
|
|
INC_SCANNER_REF(my_scanner,thread_num);
|
2015-11-10 18:29:42 +08:00
|
|
|
region_ret=rulescan_search(my_scanner->region, thread_num, &intval_scan_data, region_result, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
if(region_ret<0)
|
|
|
|
|
{
|
2015-11-12 18:28:58 +08:00
|
|
|
DEC_SCANNER_REF(my_scanner, thread_num);
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else if(region_ret>0)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->hit_cnt, thread_num,1);
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid, _feather, thread_num, 1);
|
|
|
|
|
compile_ret=region_compile(_feather,_mid->inner,
|
2017-06-24 21:38:11 +08:00
|
|
|
_mid->is_last_region,
|
2015-11-11 11:50:31 +08:00
|
|
|
region_result,sizeof(scan_result_t),offsetof(scan_result_t, tag),
|
|
|
|
|
region_ret,
|
2016-05-09 22:02:27 +08:00
|
|
|
result,compile_result,rule_num,
|
|
|
|
|
thread_num);
|
2017-06-24 21:38:11 +08:00
|
|
|
assert(_mid->is_last_region<2);
|
|
|
|
|
if(_mid->is_last_region==1)
|
|
|
|
|
{
|
|
|
|
|
_mid->is_last_region=2;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
|
2015-11-12 18:28:58 +08:00
|
|
|
DEC_SCANNER_REF(my_scanner,thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&end);
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(p_table,0,&start, &end,thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
else
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(p_table,0,NULL, NULL,thread_num);
|
2016-02-18 14:53:06 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
if(compile_ret==0&®ion_ret>0)
|
|
|
|
|
{
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
return compile_ret;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|
|
|
|
,struct ipaddr* addr,unsigned short int proto
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t *mid,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
int region_ret=0,compile_ret=0;
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
scan_data_t ip_scan_data;
|
|
|
|
|
scan_result_t *region_result=NULL;
|
|
|
|
|
_compile_result_t compile_result[rule_num];
|
|
|
|
|
_Maat_table_info_t* p_table=NULL;
|
|
|
|
|
|
|
|
|
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
struct _Maat_scanner_t* my_scanner=NULL;
|
2016-02-18 14:53:06 +08:00
|
|
|
struct timespec start,end;
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&start);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
p_table=acqurie_table(_feather, table_id, TABLE_TYPE_IP);
|
|
|
|
|
if(p_table==NULL)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(p_table->cfg_num==0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
my_scanner=_feather->scanner;
|
|
|
|
|
if(my_scanner==NULL)
|
2016-03-11 14:11:31 +08:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
struct _region_stat_t * region_stat=NULL;
|
|
|
|
|
region_stat=&(my_scanner->region_counter[p_table->table_id]);
|
|
|
|
|
if(region_stat->cfg_num==0)
|
2016-03-11 14:11:31 +08:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
if(region_stat->ipv4_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV4)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if(region_stat->ipv6_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV6)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
aligment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
|
|
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
ip_scan_data.rule_type=RULETYPE_IPv4;
|
|
|
|
|
ip_scan_data.sub_type=make_sub_type(table_id,CHARSET_NONE, 0);
|
|
|
|
|
switch(addr->addrtype)
|
|
|
|
|
{
|
|
|
|
|
case ADDR_TYPE_IPV4:
|
|
|
|
|
ip_scan_data.ipv4_data.saddr=ntohl(addr->paddr.v4->saddr);
|
|
|
|
|
ip_scan_data.ipv4_data.daddr=ntohl(addr->paddr.v4->daddr);
|
|
|
|
|
ip_scan_data.ipv4_data.sport=ntohs(addr->paddr.v4->source);
|
|
|
|
|
ip_scan_data.ipv4_data.dport=ntohs(addr->paddr.v4->dest);
|
|
|
|
|
ip_scan_data.ipv4_data.proto=proto;
|
|
|
|
|
break;
|
|
|
|
|
case ADDR_TYPE_IPV6:
|
|
|
|
|
ip_scan_data.rule_type=RULETYPE_IPv6;
|
|
|
|
|
memcpy(ip_scan_data.ipv6_data.saddr,addr->paddr.v6->saddr,sizeof(ip_scan_data.ipv6_data.saddr));
|
|
|
|
|
ipv6_ntoh(ip_scan_data.ipv6_data.saddr);
|
|
|
|
|
memcpy(ip_scan_data.ipv6_data.daddr,addr->paddr.v6->daddr,sizeof(ip_scan_data.ipv6_data.daddr));
|
|
|
|
|
ipv6_ntoh(ip_scan_data.ipv6_data.daddr);
|
|
|
|
|
ip_scan_data.ipv6_data.sport=ntohs(addr->paddr.v6->source);
|
|
|
|
|
ip_scan_data.ipv6_data.dport=ntohs(addr->paddr.v6->dest);
|
|
|
|
|
ip_scan_data.ipv6_data.proto=proto;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num;
|
|
|
|
|
INC_SCANNER_REF(my_scanner,thread_num);
|
|
|
|
|
region_ret=rulescan_search(my_scanner->region, thread_num, &ip_scan_data, region_result, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
if(region_ret<0)
|
|
|
|
|
{
|
|
|
|
|
DEC_SCANNER_REF(my_scanner,thread_num);
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else if(region_ret>0)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->hit_cnt, thread_num,1);
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid, _feather, thread_num, 1);
|
2017-06-24 21:38:11 +08:00
|
|
|
|
2016-02-11 13:57:39 +08:00
|
|
|
compile_ret=region_compile(_feather,_mid->inner,
|
2017-06-24 21:38:11 +08:00
|
|
|
_mid->is_last_region,
|
2015-11-11 11:50:31 +08:00
|
|
|
region_result,sizeof(scan_result_t),offsetof(scan_result_t, tag),
|
|
|
|
|
region_ret,
|
2016-05-09 22:02:27 +08:00
|
|
|
result,compile_result,rule_num,
|
|
|
|
|
thread_num);
|
2017-06-24 21:38:11 +08:00
|
|
|
assert(_mid->is_last_region<2);
|
|
|
|
|
if(_mid->is_last_region==1)
|
|
|
|
|
{
|
|
|
|
|
_mid->is_last_region=2;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
DEC_SCANNER_REF(my_scanner,thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
if(_feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&end);
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(p_table,0,&start, &end,thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
else
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(p_table,0,NULL, NULL,thread_num);
|
2016-02-18 14:53:06 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
if(compile_ret==0&®ion_ret>0)
|
|
|
|
|
{
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
return compile_ret;
|
|
|
|
|
}
|
|
|
|
|
int Maat_scan_addr(Maat_feather_t feather,int table_id
|
|
|
|
|
,struct ipaddr* addr
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t *mid,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
int compile_ret=0;
|
|
|
|
|
compile_ret=Maat_scan_proto_addr(feather,table_id,
|
|
|
|
|
addr, 0,
|
|
|
|
|
result, rule_num,
|
|
|
|
|
mid,thread_num);
|
|
|
|
|
return compile_ret;
|
|
|
|
|
}
|
|
|
|
|
stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
struct _Maat_scanner_t* scanner=NULL;
|
|
|
|
|
|
|
|
|
|
struct _Maat_table_info_t *p_table=NULL;
|
|
|
|
|
assert(thread_num<_feather->scan_thread_num);
|
|
|
|
|
p_table=acqurie_table(_feather, table_id, TABLE_TYPE_EXPR);
|
|
|
|
|
if(p_table==NULL)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2016-08-30 14:04:20 +08:00
|
|
|
if(p_table->quick_expr_switch==1)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2016-08-30 14:04:20 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
struct _stream_para_t* sp=(struct _stream_para_t*)calloc(sizeof(struct _stream_para_t),1);
|
|
|
|
|
scanner=_feather->scanner;
|
|
|
|
|
sp->feather=_feather;
|
|
|
|
|
sp->version=_feather->maat_version;
|
|
|
|
|
sp->acc_scan_len=0;
|
2016-10-25 15:11:55 +08:00
|
|
|
sp->rs_stream_para=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
if(scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return sp;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
struct _region_stat_t * region_stat=NULL;
|
|
|
|
|
region_stat=&(scanner->region_counter[p_table->table_id]);
|
2015-11-10 18:29:42 +08:00
|
|
|
INC_SCANNER_REF(scanner, thread_num);
|
|
|
|
|
|
|
|
|
|
sp->table_id=table_id;
|
|
|
|
|
sp->thread_num=thread_num;
|
|
|
|
|
sp->max_cross_size=p_table->cross_cache_size;
|
|
|
|
|
sp->caching_size=0;
|
|
|
|
|
sp->scan_buff=NULL;
|
|
|
|
|
sp->last_cache=NULL;
|
|
|
|
|
if(p_table->do_charset_merge==1)
|
|
|
|
|
{
|
|
|
|
|
sp->do_merge=1;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
if(region_stat->expr_rule_cnt>0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
sp->do_expr=1;
|
|
|
|
|
}
|
2016-12-28 18:06:34 +08:00
|
|
|
if(region_stat->regex_rule_cnt>0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
sp->do_regex=1;
|
|
|
|
|
}
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->stream_num,thread_num,1);
|
2015-11-10 18:29:42 +08:00
|
|
|
sp->rs_stream_para=rulescan_startstream(_feather->scanner->region,thread_num);
|
|
|
|
|
return sp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int Maat_stream_scan_string_detail(stream_para_t* stream_para
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
|
|
|
|
|
,int* detail_ret,scan_status_t* mid)
|
|
|
|
|
{
|
|
|
|
|
struct _stream_para_t* sp=(struct _stream_para_t*)(*stream_para);
|
|
|
|
|
struct _Maat_scanner_t* scanner=sp->feather->scanner;
|
|
|
|
|
|
|
|
|
|
int sub_type=0;
|
|
|
|
|
int region_ret=0,hit_region_cnt=0,compile_ret=0;
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
scan_result_t *region_result;
|
|
|
|
|
_compile_result_t compile_result[rule_num];//dynamic array
|
|
|
|
|
scan_data_t region_scan_data;
|
2016-02-11 13:57:39 +08:00
|
|
|
_Maat_table_info_t* p_table=NULL;
|
2016-02-18 14:53:06 +08:00
|
|
|
struct timespec start,end;
|
2016-03-08 14:47:21 +08:00
|
|
|
if(data==NULL||data_len<=0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
if(sp->feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&start);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid, sp->feather, sp->thread_num,0);
|
2016-03-08 14:47:21 +08:00
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
if(scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if(sp->version!=sp->feather->maat_version)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
p_table=sp->feather->p_table_info[sp->table_id];
|
2016-12-28 18:06:34 +08:00
|
|
|
//table rule num is already judged in Maat_stream_scan_string_start
|
|
|
|
|
|
|
|
|
|
|
2016-02-11 13:57:39 +08:00
|
|
|
if(p_table->table_type==TABLE_TYPE_EXPR_PLUS&&(_mid==NULL||_mid->is_set_district!=1))
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
sp->feather->scan_err_cnt++;
|
2016-02-11 13:57:39 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
aligment_int64_array_add(sp->feather->thread_call_cnt, sp->thread_num, 1);
|
|
|
|
|
|
2015-11-10 18:29:42 +08:00
|
|
|
region_result=scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*sp->thread_num;
|
|
|
|
|
*detail_ret=0;
|
|
|
|
|
if(sp->do_merge==1)
|
|
|
|
|
{
|
|
|
|
|
sub_type=make_sub_type(sp->table_id,CHARSET_NONE,0);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
sub_type=make_sub_type(sp->table_id,charset,0);
|
|
|
|
|
}
|
|
|
|
|
if(sp->max_cross_size>0&&sp->caching_size>0)
|
|
|
|
|
{
|
|
|
|
|
if(sp->scan_buff!=NULL)
|
|
|
|
|
{
|
|
|
|
|
free(sp->scan_buff);
|
|
|
|
|
sp->scan_buff=NULL;
|
|
|
|
|
}
|
|
|
|
|
sp->scan_buff=(char*)malloc(sp->caching_size+data_len);
|
|
|
|
|
memcpy(sp->scan_buff,sp->last_cache,sp->caching_size);
|
|
|
|
|
memcpy(sp->scan_buff+sp->caching_size,data,data_len);
|
|
|
|
|
region_scan_data.text_data.text=sp->scan_buff;
|
|
|
|
|
region_scan_data.text_data.tlen=sp->caching_size+data_len;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
region_scan_data.text_data.text=data;
|
|
|
|
|
region_scan_data.text_data.tlen=data_len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(sp->last_cache==NULL&&sp->max_cross_size>0)
|
|
|
|
|
{
|
|
|
|
|
assert(sp->caching_size==0);
|
|
|
|
|
sp->last_cache=(char*)malloc(sizeof(char)*sp->max_cross_size);
|
|
|
|
|
}
|
|
|
|
|
if(sp->max_cross_size>0)
|
|
|
|
|
{
|
|
|
|
|
sp->caching_size=detain_last_data(sp->last_cache,sp->max_cross_size,sp->caching_size,data,data_len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
region_scan_data.text_data.toffset=(int)MIN(0xffffffff/2, sp->acc_scan_len);//longger then int
|
|
|
|
|
sp->acc_scan_len+=data_len;
|
|
|
|
|
if(sp->do_expr==1)
|
|
|
|
|
{
|
|
|
|
|
region_scan_data.rule_type=RULETYPE_STR;
|
|
|
|
|
region_scan_data.sub_type=sub_type;
|
|
|
|
|
region_ret=rulescan_searchstream(sp->rs_stream_para, ®ion_scan_data, region_result, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
if(region_ret<0)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
sp->feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else if(region_ret>0)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt+=region_ret;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(sp->do_regex==1)
|
|
|
|
|
{
|
|
|
|
|
region_scan_data.rule_type=RULETYPE_REG;
|
|
|
|
|
region_scan_data.sub_type=make_sub_type(sp->table_id,CHARSET_NONE,0);
|
|
|
|
|
region_ret=rulescan_searchstream(sp->rs_stream_para, ®ion_scan_data, region_result+hit_region_cnt, MAX_SCANNER_HIT_NUM-hit_region_cnt);
|
|
|
|
|
if(region_ret<0)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
sp->feather->scan_err_cnt++;
|
2015-11-10 18:29:42 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else if(region_ret>0)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt+=region_ret;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
if(hit_region_cnt>0&&p_table->table_type==TABLE_TYPE_EXPR_PLUS)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt=match_district(_mid,region_result,hit_region_cnt);
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
if(hit_region_cnt>0)
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->hit_cnt, sp->thread_num,1);
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid, sp->feather,sp->thread_num, 1);
|
|
|
|
|
compile_ret=region_compile(sp->feather,_mid->inner,
|
2017-06-24 21:38:11 +08:00
|
|
|
_mid->is_last_region,
|
2015-11-11 11:50:31 +08:00
|
|
|
region_result,sizeof(scan_result_t),offsetof(scan_result_t, tag),
|
|
|
|
|
hit_region_cnt,
|
2016-05-09 22:02:27 +08:00
|
|
|
result,compile_result,rule_num,
|
|
|
|
|
sp->thread_num);
|
2017-06-24 21:38:11 +08:00
|
|
|
assert(_mid->is_last_region<2);
|
|
|
|
|
if(_mid->is_last_region==1)
|
|
|
|
|
{
|
|
|
|
|
_mid->is_last_region=2;
|
|
|
|
|
}
|
2016-04-25 11:59:54 +08:00
|
|
|
if(hit_detail!=NULL&&sp->feather->rule_scan_type!=0)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
if(sp->scan_buff!=NULL)
|
|
|
|
|
{
|
2016-02-11 13:57:39 +08:00
|
|
|
*detail_ret=fill_region_hit_detail(sp->scan_buff,_mid->inner,
|
2015-11-12 18:28:58 +08:00
|
|
|
region_result,hit_region_cnt,
|
2015-11-10 18:29:42 +08:00
|
|
|
compile_result,compile_ret,
|
|
|
|
|
hit_detail,detail_num);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2016-02-11 13:57:39 +08:00
|
|
|
*detail_ret=fill_region_hit_detail(data,_mid->inner,
|
2015-11-10 18:29:42 +08:00
|
|
|
region_result,hit_region_cnt,
|
|
|
|
|
compile_result,compile_ret,
|
|
|
|
|
hit_detail,detail_num);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(*detail_ret==0)
|
|
|
|
|
{
|
|
|
|
|
free(sp->scan_buff);
|
2016-02-11 13:57:39 +08:00
|
|
|
sp->scan_buff=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
if(sp->feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&end);
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(sp->feather->p_table_info[sp->table_id],data_len,&start, &end,sp->thread_num);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
else
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(sp->feather->p_table_info[sp->table_id],data_len,NULL, NULL,sp->thread_num);
|
2016-02-18 14:53:06 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
if(compile_ret==0&&hit_region_cnt>0)
|
|
|
|
|
{
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
return compile_ret;
|
|
|
|
|
}
|
|
|
|
|
int Maat_stream_scan_string(stream_para_t* stream_para
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int* found_pos,int rule_num
|
|
|
|
|
,scan_status_t* mid)
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
int compile_ret=0;
|
|
|
|
|
int detail_ret=0;
|
|
|
|
|
compile_ret=Maat_stream_scan_string_detail(stream_para, charset,data,data_len,
|
|
|
|
|
result,rule_num, NULL, 0,&detail_ret,mid);
|
|
|
|
|
return compile_ret;
|
|
|
|
|
}
|
|
|
|
|
void Maat_stream_scan_string_end(stream_para_t* stream_para)
|
|
|
|
|
{
|
|
|
|
|
struct _stream_para_t* sp=(struct _stream_para_t*)(*stream_para);
|
|
|
|
|
struct _Maat_scanner_t* scanner=sp->feather->scanner;
|
2016-02-10 10:01:18 +08:00
|
|
|
struct _Maat_table_info_t * p_table=sp->feather->p_table_info[sp->table_id];
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->stream_num,sp->thread_num,-1);
|
2015-11-10 18:29:42 +08:00
|
|
|
if(scanner!=NULL)
|
|
|
|
|
{
|
2016-10-25 15:11:55 +08:00
|
|
|
if(sp->version>=sp->feather->last_full_version)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
|
|
|
|
DEC_SCANNER_REF(scanner, sp->thread_num);
|
2016-10-21 16:42:04 +08:00
|
|
|
rulescan_endstream(sp->rs_stream_para);
|
2016-10-25 15:11:55 +08:00
|
|
|
|
2016-10-21 16:42:04 +08:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
rulescan_endstream_simple(sp->rs_stream_para);
|
|
|
|
|
sp->feather->zombie_rs_stream--;
|
|
|
|
|
}
|
2016-10-25 15:11:55 +08:00
|
|
|
sp->rs_stream_para=NULL;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if(sp->rs_stream_para!=NULL)
|
|
|
|
|
{
|
|
|
|
|
rulescan_endstream_simple(sp->rs_stream_para);
|
|
|
|
|
sp->feather->zombie_rs_stream--;
|
|
|
|
|
sp->rs_stream_para=NULL;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
|
|
|
|
if(sp->last_cache!=NULL)
|
|
|
|
|
{
|
|
|
|
|
free(sp->last_cache);
|
|
|
|
|
sp->last_cache=NULL;
|
|
|
|
|
sp->caching_size=0;
|
|
|
|
|
}
|
|
|
|
|
if(sp->scan_buff!=NULL)
|
|
|
|
|
{
|
|
|
|
|
free(sp->scan_buff);
|
|
|
|
|
sp->scan_buff=NULL;
|
|
|
|
|
}
|
|
|
|
|
free(sp);
|
|
|
|
|
*stream_para=NULL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,unsigned long long total_len,int thread_num)
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
struct _Maat_scanner_t* scanner=NULL;
|
2015-11-30 16:45:20 +08:00
|
|
|
fuzzy_handle_t * tmp_fuzzy_handle=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
struct _Maat_table_info_t *p_table=NULL;
|
2015-11-13 18:08:55 +08:00
|
|
|
p_table=acqurie_table(_feather, table_id, TABLE_TYPE_DIGEST);
|
2015-11-11 11:50:31 +08:00
|
|
|
if(p_table==NULL)
|
2015-11-10 18:29:42 +08:00
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-12 18:28:58 +08:00
|
|
|
return NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
2015-11-30 16:45:20 +08:00
|
|
|
tmp_fuzzy_handle=fuzzy_create_handle(total_len);
|
|
|
|
|
if(tmp_fuzzy_handle==NULL)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2015-11-30 16:45:20 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
struct _stream_para_t* sp=(struct _stream_para_t*)calloc(sizeof(struct _stream_para_t),1);
|
|
|
|
|
scanner=_feather->scanner;
|
|
|
|
|
sp->feather=_feather;
|
|
|
|
|
sp->version=_feather->maat_version;
|
|
|
|
|
sp->acc_scan_len=0;
|
|
|
|
|
if(scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return sp;
|
|
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
INC_SCANNER_REF(scanner, thread_num);
|
2015-11-10 18:29:42 +08:00
|
|
|
sp->table_id=table_id;
|
|
|
|
|
sp->thread_num=thread_num;
|
2015-11-11 11:50:31 +08:00
|
|
|
sp->total_len=total_len;
|
2015-11-30 16:45:20 +08:00
|
|
|
sp->fuzzy_hash_handle=tmp_fuzzy_handle;
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_init(&(sp->fuzzy_mutex),NULL);
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->stream_num,thread_num,1);
|
2015-11-11 11:50:31 +08:00
|
|
|
return sp;
|
|
|
|
|
}
|
2015-11-12 17:49:57 +08:00
|
|
|
|
2015-11-11 11:50:31 +08:00
|
|
|
inline int REACH_QUERY_THRESH(unsigned long long total_len,unsigned long long acc_len,unsigned char* query_point,int point_size)
|
|
|
|
|
{
|
2015-11-12 18:28:58 +08:00
|
|
|
const unsigned long long QUERY_MIN_RATE=(3); //30%
|
|
|
|
|
// const unsigned long long QUERY_MIN_LEN=(1024*1024*4);
|
2015-11-11 11:50:31 +08:00
|
|
|
//do query every 10 percent since 30%, e.g. 0.3/0.4/0.5/.../1.0
|
|
|
|
|
unsigned long long rate=(acc_len*10)/total_len;
|
|
|
|
|
// if(acc_len>QUERY_MIN_LEN)
|
|
|
|
|
// {
|
|
|
|
|
// return 1;
|
|
|
|
|
// }
|
2016-04-06 10:41:59 +08:00
|
|
|
if(rate>(unsigned long long)(point_size+QUERY_MIN_RATE))
|
2015-11-30 16:45:20 +08:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
if(rate>=QUERY_MIN_RATE&&query_point[rate-QUERY_MIN_RATE]==0)
|
|
|
|
|
{
|
|
|
|
|
query_point[rate-QUERY_MIN_RATE]=1;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
int Maat_stream_scan_digest(stream_para_t * stream_para, const char * data, int data_len, unsigned long long offset, struct Maat_rule_t * result, int rule_num, scan_status_t * mid)
|
|
|
|
|
{
|
2015-11-16 14:30:34 +08:00
|
|
|
struct _stream_para_t* sp=(struct _stream_para_t*)(*stream_para);
|
2015-11-11 11:50:31 +08:00
|
|
|
int do_query=0;
|
|
|
|
|
GIE_result_t query_result[MAX_SCANNER_HIT_NUM];
|
|
|
|
|
int hit_region_cnt=0,compile_ret=0;
|
|
|
|
|
_compile_result_t compile_result[rule_num];//dynamic array
|
2016-06-03 15:11:25 +08:00
|
|
|
if(data==NULL||data_len<=0)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if(sp->feather->scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
GIE_handle_t* GIE_handle=sp->feather->scanner->digest_handle[sp->table_id];
|
|
|
|
|
unsigned long long digest_len=0;
|
|
|
|
|
char* digest_buff=NULL;
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
2015-11-12 18:28:58 +08:00
|
|
|
pthread_rwlock_t *GIE_rwlock=&(sp->feather->scanner->digest_rwlock[sp->table_id]);
|
2016-02-18 14:53:06 +08:00
|
|
|
struct timespec start,end;
|
2016-02-10 10:01:18 +08:00
|
|
|
if(sp->feather->perf_on==1)
|
|
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&start);
|
2016-02-10 10:01:18 +08:00
|
|
|
}
|
2015-11-30 16:45:20 +08:00
|
|
|
if(sp->acc_scan_len+(unsigned long long)data_len > sp->total_len)
|
|
|
|
|
{
|
2017-04-23 12:19:36 +08:00
|
|
|
goto fast_out;
|
2015-11-30 16:45:20 +08:00
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
aligment_int64_array_add(sp->feather->thread_call_cnt, sp->thread_num, 1);
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_lock(&(sp->fuzzy_mutex));
|
2015-11-11 11:50:31 +08:00
|
|
|
sp->acc_scan_len+=fuzzy_feed(sp->fuzzy_hash_handle, data, (unsigned int)data_len,offset);
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_unlock(&(sp->fuzzy_mutex));
|
2015-11-12 18:28:58 +08:00
|
|
|
do_query=REACH_QUERY_THRESH(sp->total_len, sp->acc_scan_len, sp->query_point,8);
|
2015-11-11 11:50:31 +08:00
|
|
|
if(do_query==0)
|
|
|
|
|
{
|
2017-04-23 12:19:36 +08:00
|
|
|
goto fast_out;
|
2015-11-11 11:50:31 +08:00
|
|
|
}
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_lock(&(sp->fuzzy_mutex));
|
2015-11-11 11:50:31 +08:00
|
|
|
digest_len=fuzzy_status(sp->fuzzy_hash_handle, HASH_LENGTH);
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_unlock(&(sp->fuzzy_mutex));
|
2015-11-11 11:50:31 +08:00
|
|
|
if(digest_len==0)
|
|
|
|
|
{
|
2017-04-23 12:19:36 +08:00
|
|
|
goto fast_out;
|
2015-11-11 11:50:31 +08:00
|
|
|
}
|
|
|
|
|
digest_buff=(char*)malloc(sizeof(char)*digest_len);
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_lock(&(sp->fuzzy_mutex));
|
2015-11-11 11:50:31 +08:00
|
|
|
fuzzy_digest(sp->fuzzy_hash_handle,digest_buff, digest_len);
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_unlock(&(sp->fuzzy_mutex));
|
2015-11-11 11:50:31 +08:00
|
|
|
if(0==pthread_rwlock_tryrdlock(GIE_rwlock))
|
|
|
|
|
{
|
2015-11-30 16:45:20 +08:00
|
|
|
if(GIE_handle!=NULL)
|
|
|
|
|
{
|
|
|
|
|
hit_region_cnt=GIE_query(GIE_handle, sp->total_len, digest_buff, query_result, MAX_SCANNER_HIT_NUM);
|
|
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
pthread_rwlock_unlock(GIE_rwlock);
|
|
|
|
|
}
|
|
|
|
|
free(digest_buff);
|
|
|
|
|
digest_buff=NULL;
|
|
|
|
|
if(hit_region_cnt<0)//error occurs
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
sp->feather->scan_err_cnt++;
|
2017-04-23 12:19:36 +08:00
|
|
|
compile_ret=-1;
|
|
|
|
|
goto fast_out;
|
2015-11-11 11:50:31 +08:00
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
if(hit_region_cnt>0)
|
2015-11-11 11:50:31 +08:00
|
|
|
{
|
2016-02-10 10:01:18 +08:00
|
|
|
sp->feather->p_table_info[sp->table_id]->hit_cnt++;
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid,sp->feather, sp->thread_num,1);
|
|
|
|
|
compile_ret=region_compile(sp->feather,_mid->inner,
|
2017-06-24 21:38:11 +08:00
|
|
|
_mid->is_last_region,
|
2016-02-10 10:01:18 +08:00
|
|
|
query_result,sizeof(GIE_result_t),offsetof(GIE_result_t, tag),
|
|
|
|
|
hit_region_cnt,
|
2016-05-09 22:02:27 +08:00
|
|
|
result,compile_result,rule_num,
|
|
|
|
|
sp->thread_num);
|
2017-06-24 21:38:11 +08:00
|
|
|
assert(_mid->is_last_region<2);
|
|
|
|
|
if(_mid->is_last_region==1)
|
|
|
|
|
{
|
|
|
|
|
_mid->is_last_region=2;
|
|
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
}
|
2017-04-23 12:19:36 +08:00
|
|
|
fast_out:
|
2016-02-10 10:01:18 +08:00
|
|
|
if(sp->feather->perf_on==1)
|
2015-11-11 11:50:31 +08:00
|
|
|
{
|
2016-02-18 14:53:06 +08:00
|
|
|
clock_gettime(CLOCK_MONOTONIC,&end);
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(sp->feather->p_table_info[sp->table_id],data_len,&start, &end,sp->thread_num);
|
2015-11-11 11:50:31 +08:00
|
|
|
}
|
2016-02-18 14:53:06 +08:00
|
|
|
else
|
|
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
maat_stat_table(sp->feather->p_table_info[sp->table_id],data_len,NULL, NULL,sp->thread_num);
|
2016-02-18 14:53:06 +08:00
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
if(compile_ret==0&&hit_region_cnt>0)
|
|
|
|
|
{
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
return compile_ret;
|
2015-11-10 18:29:42 +08:00
|
|
|
}
|
2015-11-11 11:50:31 +08:00
|
|
|
void Maat_stream_scan_digest_end(stream_para_t* stream_para)
|
|
|
|
|
{
|
|
|
|
|
struct _stream_para_t* sp=(struct _stream_para_t*)(*stream_para);
|
|
|
|
|
struct _Maat_scanner_t* scanner=sp->feather->scanner;
|
2016-02-10 10:01:18 +08:00
|
|
|
struct _Maat_table_info_t * p_table=sp->feather->p_table_info[sp->table_id];
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(p_table->stream_num,sp->thread_num,-1);
|
2015-11-11 11:50:31 +08:00
|
|
|
if(scanner!=NULL)
|
|
|
|
|
{
|
|
|
|
|
if(sp->version==sp->feather->maat_version)
|
|
|
|
|
{
|
|
|
|
|
DEC_SCANNER_REF(scanner, sp->thread_num);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
fuzzy_destroy_handle(sp->fuzzy_hash_handle);
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_destroy(&(sp->fuzzy_mutex));
|
2015-11-11 11:50:31 +08:00
|
|
|
assert(sp->last_cache==NULL);
|
2015-11-12 17:49:57 +08:00
|
|
|
assert(sp->scan_buff==NULL);
|
2015-11-11 11:50:31 +08:00
|
|
|
free(sp);
|
|
|
|
|
*stream_para=NULL;
|
2016-02-10 10:01:18 +08:00
|
|
|
|
2015-11-11 11:50:31 +08:00
|
|
|
return;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCAN_OPT type,const void* value,int size)
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
|
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
2016-02-15 09:28:47 +08:00
|
|
|
int map_ret=-1;
|
2016-12-19 11:24:27 +08:00
|
|
|
if(_feather->scanner==NULL)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=grab_mid(mid,_feather, 0, 0);
|
2016-02-23 16:44:39 +08:00
|
|
|
if(_mid==NULL)
|
2016-02-11 13:57:39 +08:00
|
|
|
{
|
2016-05-09 22:02:27 +08:00
|
|
|
_mid=_make_outer_status(_feather,0);
|
2016-02-11 13:57:39 +08:00
|
|
|
*mid=_mid;
|
|
|
|
|
}
|
|
|
|
|
switch(type)
|
|
|
|
|
{
|
|
|
|
|
case MAAT_SET_SCAN_DISTRICT:
|
2016-09-07 11:42:41 +08:00
|
|
|
if(value==NULL||size<=0)
|
|
|
|
|
{
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2016-09-07 11:42:41 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2016-09-18 12:44:00 +08:00
|
|
|
map_ret=map_unNullstr2int(_feather->scanner->district_map,(const char*)value,size,&(_mid->district_id));
|
2016-02-11 13:57:39 +08:00
|
|
|
if(map_ret<0)
|
|
|
|
|
{
|
2016-02-23 16:44:39 +08:00
|
|
|
//May be the district is not effected yet.
|
2017-02-17 18:16:37 +08:00
|
|
|
_mid->district_id=-1;
|
2016-02-11 13:57:39 +08:00
|
|
|
}
|
|
|
|
|
_mid->is_set_district=1;
|
|
|
|
|
break;
|
2017-06-24 21:38:11 +08:00
|
|
|
case MAAT_SET_SCAN_LAST_REGION:
|
|
|
|
|
_mid->is_last_region=1;
|
|
|
|
|
break;
|
2016-02-11 13:57:39 +08:00
|
|
|
default:
|
2016-10-08 11:40:57 +08:00
|
|
|
_feather->scan_err_cnt++;
|
2016-02-15 09:28:47 +08:00
|
|
|
return -1;
|
2016-02-11 13:57:39 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2016-02-15 09:28:47 +08:00
|
|
|
return 0;
|
2016-02-11 13:57:39 +08:00
|
|
|
}
|
2015-11-10 18:29:42 +08:00
|
|
|
void Maat_clean_status(scan_status_t* mid)
|
|
|
|
|
{
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t* _mid=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
if(*mid==NULL)
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-02-11 13:57:39 +08:00
|
|
|
_mid=(struct _OUTER_scan_status_t*)(*mid);
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(_mid->feather->outer_mid_cnt,_mid->thread_num,-1);
|
2016-02-11 13:57:39 +08:00
|
|
|
if(_mid->inner!=NULL)
|
|
|
|
|
{
|
|
|
|
|
free(_mid->inner->hitted_group_id);
|
|
|
|
|
free(_mid->inner);
|
2016-05-09 22:02:27 +08:00
|
|
|
aligment_int64_array_add(_mid->feather->inner_mid_cnt,_mid->thread_num,-1);
|
2016-02-11 13:57:39 +08:00
|
|
|
}
|
|
|
|
|
_mid->feather=NULL;
|
2015-11-10 18:29:42 +08:00
|
|
|
free(_mid);
|
|
|
|
|
*mid=NULL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
