2022-11-17 05:05:35 +08:00
|
|
|
/*
|
|
|
|
|
**********************************************************************************************
|
|
|
|
|
* File: maat_rule.h
|
|
|
|
|
* Description: maat rule entry
|
|
|
|
|
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
|
|
|
|
|
* Date: 2022-10-31
|
|
|
|
|
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
|
|
|
|
|
***********************************************************************************************
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _MAAT_RULE_H_
|
|
|
|
|
#define _MAAT_RULE_H_
|
|
|
|
|
|
|
|
|
|
#ifdef __cpluscplus
|
|
|
|
|
extern "C"
|
|
|
|
|
{
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
#include <stddef.h>
|
|
|
|
|
#include <limits.h>
|
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <pthread.h>
|
2022-12-03 22:23:41 +08:00
|
|
|
#include <sys/queue.h>
|
|
|
|
|
#include <openssl/md5.h>
|
|
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
#include "log/log.h"
|
2022-12-03 22:23:41 +08:00
|
|
|
#include "hiredis/hiredis.h"
|
|
|
|
|
#include "uthash/uthash.h"
|
|
|
|
|
#include "maat_command.h"
|
2022-12-14 15:28:21 +08:00
|
|
|
#include "IPMatcher.h"
|
2023-01-30 21:59:35 +08:00
|
|
|
#include "maat_kv.h"
|
|
|
|
|
#include "maat_table.h"
|
|
|
|
|
|
|
|
|
|
#define MAX_TABLE_NUM 256
|
2022-12-14 15:28:21 +08:00
|
|
|
|
|
|
|
|
struct maat_rule_head {
|
|
|
|
|
int config_id;
|
|
|
|
|
int service_id;
|
|
|
|
|
char do_log;
|
|
|
|
|
char do_blacklist;
|
|
|
|
|
char action;
|
|
|
|
|
char resevered;
|
|
|
|
|
int serv_def_len;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define MAX_SERVICE_DEFINE_LEN 128
|
|
|
|
|
struct maat_rule {
|
|
|
|
|
int config_id;
|
|
|
|
|
int service_id;
|
|
|
|
|
uint8_t do_log;
|
|
|
|
|
uint8_t do_blacklist;
|
|
|
|
|
uint8_t action;
|
|
|
|
|
uint8_t reserved;
|
|
|
|
|
int serv_def_len;
|
|
|
|
|
char service_defined[MAX_SERVICE_DEFINE_LEN];
|
|
|
|
|
};
|
|
|
|
|
|
2023-01-06 18:54:59 +08:00
|
|
|
#define ITEM_RULE_MAGIC 0x4d3c2b1a
|
|
|
|
|
struct maat_item_inner {
|
2022-12-14 15:28:21 +08:00
|
|
|
long long magic_num;
|
2023-01-06 18:54:59 +08:00
|
|
|
int item_id;
|
2022-12-14 15:28:21 +08:00
|
|
|
int group_id;
|
|
|
|
|
int district_id;
|
|
|
|
|
int expr_id_cnt;
|
|
|
|
|
int expr_id_lb; //low boundary
|
|
|
|
|
int expr_id_ub; //up boundary
|
|
|
|
|
};
|
|
|
|
|
|
2023-01-30 21:59:35 +08:00
|
|
|
struct maat_item {
|
|
|
|
|
int item_id;
|
|
|
|
|
int group_id;
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
void *user_data;
|
|
|
|
|
};
|
|
|
|
|
|
2022-12-14 15:28:21 +08:00
|
|
|
#define COMPILE_RULE_MAGIC 0x1a2b3c4d
|
2023-01-30 21:59:35 +08:00
|
|
|
struct compile_rule {
|
2022-12-14 15:28:21 +08:00
|
|
|
long long magic_num;
|
2023-01-06 18:54:59 +08:00
|
|
|
int compile_id;
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_rule_head head;// fix len of Maat_rule_t
|
|
|
|
|
char *service_defined;
|
|
|
|
|
int is_valid;
|
|
|
|
|
int declared_clause_num;
|
|
|
|
|
double evaluation_order;
|
2023-01-30 21:59:35 +08:00
|
|
|
struct compile_schema *ref_table;
|
2023-01-06 18:54:59 +08:00
|
|
|
void **ex_data;
|
2022-12-14 15:28:21 +08:00
|
|
|
pthread_rwlock_t rwlock;
|
|
|
|
|
};
|
2022-11-17 05:05:35 +08:00
|
|
|
|
2023-01-06 18:54:59 +08:00
|
|
|
struct group2compile_rule {
|
|
|
|
|
int group_id;
|
|
|
|
|
int compile_id;
|
|
|
|
|
int is_valid;
|
|
|
|
|
int not_flag;
|
2023-01-30 21:59:35 +08:00
|
|
|
int vt_id; //virtual_table_id
|
2023-01-06 18:54:59 +08:00
|
|
|
int clause_index;
|
2023-01-30 21:59:35 +08:00
|
|
|
int associated_compile_table_id;
|
2023-01-06 18:54:59 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct group2group_rule {
|
|
|
|
|
int group_id;
|
|
|
|
|
int superior_group_id;
|
|
|
|
|
int is_valid;
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
struct maat_runtime {
|
|
|
|
|
/* maat_runtime can be created and destroy dynamic, so need version info */
|
2022-11-25 16:32:29 +08:00
|
|
|
long long version;
|
2022-11-17 05:05:35 +08:00
|
|
|
|
|
|
|
|
time_t last_update_time;
|
|
|
|
|
|
2022-12-14 15:28:21 +08:00
|
|
|
long long *ref_cnt;
|
2023-01-30 21:59:35 +08:00
|
|
|
struct table_manager *ref_tbl_mgr; //share with maat instance
|
2022-11-17 05:05:35 +08:00
|
|
|
size_t max_table_num;
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
size_t max_thread_num;
|
2022-11-17 05:05:35 +08:00
|
|
|
uint32_t rule_num;
|
2022-12-14 15:28:21 +08:00
|
|
|
|
|
|
|
|
struct maat_garbage_bin *ref_garbage_bin;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
|
|
|
struct maat_kv_store *district_map;
|
|
|
|
|
struct maat_kv_store *tmp_district_map;
|
|
|
|
|
|
|
|
|
|
unsigned int district_num;
|
|
|
|
|
|
2022-12-14 15:28:21 +08:00
|
|
|
struct log_handle *logger;
|
2022-11-17 05:05:35 +08:00
|
|
|
};
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
enum data_source {
|
|
|
|
|
DATA_SOURCE_NONE = 0,
|
2022-12-03 22:23:41 +08:00
|
|
|
DATA_SOURCE_REDIS,
|
|
|
|
|
DATA_SOURCE_IRIS_FILE,
|
|
|
|
|
DATA_SOURCE_JSON_FILE
|
2022-11-17 05:05:35 +08:00
|
|
|
};
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
struct source_iris_ctx {
|
2022-12-05 23:21:18 +08:00
|
|
|
char inc_idx_dir[NAME_MAX];
|
|
|
|
|
char full_idx_dir[NAME_MAX];
|
2022-11-17 05:05:35 +08:00
|
|
|
};
|
|
|
|
|
|
2022-12-03 22:23:41 +08:00
|
|
|
struct source_json_ctx
|
|
|
|
|
{
|
|
|
|
|
char json_file[NAME_MAX];
|
|
|
|
|
char iris_file[NAME_MAX];
|
|
|
|
|
char effective_json_md5[MD5_DIGEST_LENGTH*2+1];
|
|
|
|
|
struct timespec last_md5_time;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct source_redis_ctx
|
|
|
|
|
{
|
|
|
|
|
redisContext *read_ctx;
|
|
|
|
|
redisContext *write_ctx;
|
|
|
|
|
char redis_ip[64];
|
|
|
|
|
uint16_t redis_port;
|
|
|
|
|
int redis_db;
|
|
|
|
|
time_t last_reconnect_time;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct foreign_key {
|
|
|
|
|
int column;
|
|
|
|
|
char *key;
|
|
|
|
|
size_t key_len;
|
|
|
|
|
char *filename;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
//rm= Redis Maat
|
|
|
|
|
struct serial_rule {
|
|
|
|
|
enum maat_operation op;//0: delete, 1: add.
|
|
|
|
|
unsigned long rule_id;
|
|
|
|
|
long long timeout; // absolute unix time.
|
|
|
|
|
char table_name[NAME_MAX];
|
|
|
|
|
char *table_line;
|
|
|
|
|
int n_foreign;
|
|
|
|
|
struct foreign_key *f_keys;
|
|
|
|
|
TAILQ_ENTRY(serial_rule) entries;
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define POSSIBLE_REDIS_REPLY_SIZE 2
|
|
|
|
|
struct expected_reply {
|
|
|
|
|
int s_rule_seq;
|
|
|
|
|
int possible_reply_num;
|
|
|
|
|
redisReply possible_replies[POSSIBLE_REDIS_REPLY_SIZE];
|
|
|
|
|
};
|
|
|
|
|
|
2023-01-06 18:54:59 +08:00
|
|
|
struct rule_tag {
|
|
|
|
|
char *tag_name;
|
|
|
|
|
char *tag_val;
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
struct maat {
|
2022-11-25 16:32:29 +08:00
|
|
|
char instance_name[NAME_MAX];
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
struct maat_runtime *maat_rt;
|
2022-11-25 16:32:29 +08:00
|
|
|
struct maat_runtime *creating_maat_rt;
|
|
|
|
|
|
2023-01-30 21:59:35 +08:00
|
|
|
struct table_manager *tbl_mgr;
|
2022-11-17 05:05:35 +08:00
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
enum data_source input_mode;
|
2022-11-17 05:05:35 +08:00
|
|
|
union {
|
2022-11-25 16:32:29 +08:00
|
|
|
struct source_iris_ctx iris_ctx;
|
2022-12-03 22:23:41 +08:00
|
|
|
struct source_json_ctx json_ctx;
|
|
|
|
|
struct source_redis_ctx mr_ctx;
|
2022-11-17 05:05:35 +08:00
|
|
|
};
|
2023-01-06 18:54:59 +08:00
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
struct log_handle *logger;
|
2022-11-25 16:32:29 +08:00
|
|
|
int deferred_load;
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
int is_running;
|
|
|
|
|
pthread_mutex_t background_update_mutex;
|
|
|
|
|
int nr_worker_thread;
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
long long maat_version;
|
|
|
|
|
long long last_full_version;
|
2022-11-17 05:05:35 +08:00
|
|
|
pthread_t cfg_mon_thread;
|
2022-11-25 16:32:29 +08:00
|
|
|
|
|
|
|
|
int rule_effect_interval_ms;
|
|
|
|
|
int rule_update_checking_interval_ms;
|
|
|
|
|
int gc_timeout_ms; //garbage collection timeout_ms;
|
|
|
|
|
|
2022-12-03 22:23:41 +08:00
|
|
|
int cumulative_update_off; //Default: cumulative update on
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
struct maat_garbage_bin *garbage_bin;
|
2022-12-03 22:23:41 +08:00
|
|
|
|
2023-01-30 21:59:35 +08:00
|
|
|
int default_compile_table_id;
|
|
|
|
|
int g2g_table_id; //group2group table id
|
2022-12-03 22:23:41 +08:00
|
|
|
|
|
|
|
|
char decrypt_key[NAME_MAX];
|
|
|
|
|
char decrypt_algo[NAME_MAX];
|
|
|
|
|
int maat_json_is_gzipped;
|
|
|
|
|
|
|
|
|
|
long long load_specific_version; //Default: Load the Latest. Only valid in redis mode, and maybe failed for too old
|
|
|
|
|
char foreign_cont_dir[NAME_MAX];
|
|
|
|
|
|
|
|
|
|
/* statistics */
|
|
|
|
|
long long line_cmd_acc_num;
|
2022-12-14 15:28:21 +08:00
|
|
|
|
|
|
|
|
long long *outer_mid_cnt;
|
|
|
|
|
long long *compile_mid_cnt;
|
|
|
|
|
long long *thread_call_cnt;
|
|
|
|
|
|
|
|
|
|
long long scan_err_cnt;
|
2022-11-17 05:05:35 +08:00
|
|
|
};
|
|
|
|
|
|
2023-01-30 21:59:35 +08:00
|
|
|
struct maat_state {
|
|
|
|
|
struct maat *maat_instance;
|
|
|
|
|
int16_t thread_id;
|
|
|
|
|
int compile_table_id; //caller can select compile table to scan
|
|
|
|
|
unsigned char is_set_district;
|
|
|
|
|
unsigned char is_last_scan;
|
|
|
|
|
int district_id; //-1: Any District; -2: Unkonwn District;
|
|
|
|
|
int scan_cnt;
|
|
|
|
|
struct maat_compile_state *compile_mid;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
int parse_accept_tag(const char *value, struct rule_tag **result, void *logger);
|
|
|
|
|
|
|
|
|
|
int compare_accept_tag(const char *value, const struct rule_tag *accept_tags, int n_tag);
|
|
|
|
|
|
|
|
|
|
struct maat_item *maat_item_new(int item_id, int group_id, void *user_data);
|
|
|
|
|
|
|
|
|
|
void maat_item_free(struct maat_item *item, void (* item_user_data_free)(void *));
|
|
|
|
|
|
|
|
|
|
struct maat_item_inner *maat_item_inner_new(int group_id, int item_id, int district_id);
|
|
|
|
|
|
|
|
|
|
void maat_item_inner_free(struct maat_item_inner *item);
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
void maat_start_cb(long long new_version, int update_type, void *u_para);
|
|
|
|
|
|
|
|
|
|
int maat_update_cb(const char *table_name, const char *line, void *u_para);
|
|
|
|
|
|
|
|
|
|
void maat_finish_cb(void *u_para);
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
void *rule_monitor_loop(void *arg);
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
void maat_read_full_config(struct maat *maat_instance);
|
|
|
|
|
|
2022-12-03 22:23:41 +08:00
|
|
|
/* maat command API for internal */
|
2022-12-09 17:12:18 +08:00
|
|
|
redisContext *maat_cmd_connect_redis(const char *redis_ip, int redis_port, int redis_db, struct log_handle *logger);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
|
|
|
|
redisReply *maat_cmd_wrap_redis_command(redisContext *c, const char *format, ...);
|
|
|
|
|
|
|
|
|
|
int maat_cmd_wrap_redis_get_reply(redisContext *c, redisReply **reply);
|
|
|
|
|
|
|
|
|
|
long long maat_cmd_redis_server_time_s(redisContext *c);
|
|
|
|
|
|
|
|
|
|
long long maat_cmd_read_redis_integer(const redisReply *reply);
|
|
|
|
|
|
|
|
|
|
int maat_cmd_get_valid_flag_offset(const char *line, enum table_type table_type, int valid_column_seq);
|
|
|
|
|
|
|
|
|
|
const char *maat_cmd_find_Nth_column(const char *line, int Nth, int *column_len);
|
|
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule, size_t serial_rule_num,
|
|
|
|
|
long long server_time, struct log_handle *logger);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
2022-12-05 23:21:18 +08:00
|
|
|
void maat_cmd_clear_rule_cache(struct serial_rule *s_rule);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
|
|
|
|
int maat_cmd_get_rm_key_list(redisContext *c, long long instance_version, long long desired_version,
|
|
|
|
|
long long *new_version, struct table_schema_manager* table_schema_mgr,
|
2022-12-09 17:12:18 +08:00
|
|
|
struct serial_rule **list, int *update_type, int cumulative_off,
|
|
|
|
|
struct log_handle *logger);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
int maat_cmd_get_redis_value(redisContext *c, struct serial_rule *rule_list, int rule_num, int print_process,
|
|
|
|
|
struct log_handle *logger);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
int maat_cmd_get_foreign_keys_by_prefix(redisContext *ctx, struct serial_rule *rule_list, int rule_num,
|
|
|
|
|
const char *dir, struct log_handle *logger);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
void maat_cmd_get_foreign_conts(redisContext *ctx, struct serial_rule *rule_list, int rule_num, int print_fn,
|
|
|
|
|
struct log_handle *logger);
|
2022-12-03 22:23:41 +08:00
|
|
|
|
|
|
|
|
void maat_cmd_rewrite_table_line_with_foreign(struct serial_rule *s_rule);
|
|
|
|
|
|
|
|
|
|
void maat_cmd_set_serial_rule(struct serial_rule *rule, enum maat_operation op, unsigned long rule_id,
|
|
|
|
|
const char *table_name, const char *line, long long timeout);
|
|
|
|
|
|
2023-01-06 18:54:59 +08:00
|
|
|
void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head, const char *srv_def, int srv_def_len);
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
#ifdef __cpluscplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#endif
|
