2015-11-12 18:28:58 +08:00
|
|
|
#ifndef H_MAAT_RULE_INTERNAL_H_INCLUDE
|
|
|
|
|
#define H_MAAT_RULE_INTERNAL_H_INCLUDE
|
|
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
#include "Maat_rule.h"
|
|
|
|
|
|
|
|
|
|
#include <MESA/MESA_htable.h>
|
|
|
|
|
#include <MESA/MESA_list_queue.h>
|
2016-02-10 10:01:18 +08:00
|
|
|
#include <MESA/field_stat.h>
|
2015-10-10 18:30:12 +08:00
|
|
|
#include "dynamic_array.h"
|
|
|
|
|
#include "UniversalBoolMatch.h"
|
|
|
|
|
#include "rulescan.h"
|
|
|
|
|
|
2015-11-12 18:28:58 +08:00
|
|
|
#include "mesa_fuzzy.h"
|
|
|
|
|
#include "great_index_engine.h"
|
|
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
#include <pthread.h>
|
|
|
|
|
#include <iconv.h>
|
|
|
|
|
|
2015-11-12 18:28:58 +08:00
|
|
|
extern const char *maat_module;
|
|
|
|
|
|
|
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
#if(__GNUC__ * 100 + __GNUC_MINOR__ * 10 + __GNUC_PATCHLEVEL__ >= 411)
|
|
|
|
|
#define atomic_inc(x) __sync_add_and_fetch((x),1)
|
|
|
|
|
#define atomic_dec(x) __sync_sub_and_fetch((x),1)
|
|
|
|
|
#define atomic_add(x,y) __sync_add_and_fetch((x),(y))
|
|
|
|
|
#define atomic_sub(x,y) __sync_sub_and_fetch((x),(y))
|
|
|
|
|
typedef int atomic_t;
|
|
|
|
|
#define ATOMIC_INIT(i) { (i) }
|
|
|
|
|
#define atomic_read(x) __sync_add_and_fetch((x),0)
|
|
|
|
|
#define atomic_set(x,y) __sync_lock_test_and_set((x),y)
|
|
|
|
|
#else
|
|
|
|
|
#include <alsa/iatomic.h>
|
|
|
|
|
#endif
|
|
|
|
|
#define CPU_CACHE_ALIGMENT 64
|
|
|
|
|
#define TRUE 1
|
|
|
|
|
#define FALSE 0
|
|
|
|
|
|
|
|
|
|
#define MAX_TABLE_NUM 256
|
|
|
|
|
#define MAX_CHARSET_NUM 6
|
|
|
|
|
#define MAX_TABLE_NAME_LEN 256
|
|
|
|
|
#define MAX_TABLE_LINE_SIZE (1024*4)
|
|
|
|
|
#define MAX_EXPR_KEYLEN 1024
|
2016-02-11 13:57:39 +08:00
|
|
|
#define MAX_DISTRICT_LEN 64
|
2015-10-10 18:30:12 +08:00
|
|
|
#define MAX_PLUGING_NUM 32
|
|
|
|
|
|
|
|
|
|
#define MAX_SCANNER_HIT_NUM 64
|
|
|
|
|
|
|
|
|
|
#define MAX_GROUP_CACHE 128
|
|
|
|
|
|
|
|
|
|
#define MAX_FAILED_NUM 128
|
|
|
|
|
|
2016-02-18 14:53:06 +08:00
|
|
|
#define MAX_MAAT_STAT_NUM 64
|
2015-10-10 18:30:12 +08:00
|
|
|
#ifndef MAX
|
|
|
|
|
#define MAX(a, b) (((a) > (b)) ? (a) : (b))
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef MIN
|
|
|
|
|
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-11-11 11:50:31 +08:00
|
|
|
#ifndef offsetof
|
|
|
|
|
#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef container_of
|
|
|
|
|
#define container_of(ptr, type, member) ({ \
|
|
|
|
|
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
|
|
|
|
|
(type *)( (char *)__mptr - offsetof(type,member) );})
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
typedef void* rule_scanner_t;
|
|
|
|
|
enum MAAT_TABLE_TYPE
|
|
|
|
|
{
|
|
|
|
|
TABLE_TYPE_EXPR=0,
|
|
|
|
|
TABLE_TYPE_IP,
|
|
|
|
|
TABLE_TYPE_COMPILE,
|
|
|
|
|
TABLE_TYPE_PLUGIN,
|
|
|
|
|
TABLE_TYPE_INTVAL,
|
2015-11-09 16:07:50 +08:00
|
|
|
TABLE_TYPE_DIGEST,
|
2016-02-11 13:57:39 +08:00
|
|
|
TABLE_TYPE_EXPR_PLUS,
|
2015-10-10 18:30:12 +08:00
|
|
|
TABLE_TYPE_GROUP
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
enum MAAT_EXPR_TYPE
|
|
|
|
|
{
|
|
|
|
|
EXPR_TYPE_STRING=0,
|
|
|
|
|
EXPR_TYPE_AND,
|
|
|
|
|
EXPR_TYPE_REGEX,
|
|
|
|
|
EXPR_TYPE_OFFSET
|
|
|
|
|
};
|
|
|
|
|
enum MAAT_MATCH_METHOD
|
|
|
|
|
{
|
|
|
|
|
MATCH_METHOD_SUB=0,
|
|
|
|
|
MATCH_METHOD_RIGHT,
|
|
|
|
|
MATCH_METHOD_LEFT,
|
|
|
|
|
MATCH_METHOD_FULL
|
|
|
|
|
};
|
2016-02-10 10:01:18 +08:00
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
struct db_str_rule_t
|
|
|
|
|
{
|
|
|
|
|
int region_id;
|
|
|
|
|
int group_id;
|
|
|
|
|
char keywords[MAX_EXPR_KEYLEN];
|
2016-02-11 13:57:39 +08:00
|
|
|
char district[MAX_DISTRICT_LEN];
|
2015-10-10 18:30:12 +08:00
|
|
|
enum MAAT_EXPR_TYPE expr_type;
|
|
|
|
|
enum MAAT_MATCH_METHOD match_method;
|
|
|
|
|
int is_hexbin;
|
|
|
|
|
int is_case_sensitive;
|
|
|
|
|
int is_valid;
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
struct db_ip_rule_t
|
|
|
|
|
{
|
|
|
|
|
int region_id;
|
|
|
|
|
int group_id;
|
|
|
|
|
int addr_type;
|
|
|
|
|
union
|
|
|
|
|
{
|
|
|
|
|
//ip address use network order
|
|
|
|
|
//port use host order
|
|
|
|
|
ipv4_rule_t ipv4_rule;
|
|
|
|
|
ipv6_rule_t ipv6_rule;
|
|
|
|
|
};
|
|
|
|
|
int is_valid;
|
|
|
|
|
};
|
|
|
|
|
struct db_intval_rule_t
|
|
|
|
|
{
|
|
|
|
|
int region_id;
|
|
|
|
|
int group_id;
|
|
|
|
|
interval_rule_t intval;
|
|
|
|
|
int is_valid;
|
|
|
|
|
};
|
2015-11-10 18:29:42 +08:00
|
|
|
struct db_digest_rule_t
|
|
|
|
|
{
|
|
|
|
|
int region_id;
|
|
|
|
|
int group_id;
|
|
|
|
|
unsigned long long orgin_len;
|
|
|
|
|
const char* digest_string;
|
|
|
|
|
short confidence_degree;
|
|
|
|
|
int is_valid;
|
|
|
|
|
};
|
2015-10-10 18:30:12 +08:00
|
|
|
struct _head_Maat_rule_t
|
|
|
|
|
{
|
|
|
|
|
int config_id;
|
|
|
|
|
int service_id;
|
|
|
|
|
char do_log;
|
|
|
|
|
char do_blacklist;
|
|
|
|
|
char action;
|
|
|
|
|
char resevered;
|
|
|
|
|
int serv_def_len;
|
|
|
|
|
};
|
|
|
|
|
struct db_compile_rule_t
|
|
|
|
|
{
|
|
|
|
|
// Maat_rule_t m_rule_head;
|
|
|
|
|
struct _head_Maat_rule_t m_rule_head;// fix len of Maat_rule_t
|
|
|
|
|
char* service_defined;
|
|
|
|
|
long long effective_range;
|
|
|
|
|
int is_valid;
|
|
|
|
|
int declare_grp_num;
|
|
|
|
|
};
|
|
|
|
|
struct db_group_rule_t
|
|
|
|
|
{
|
|
|
|
|
int group_id;
|
|
|
|
|
int compile_id;
|
|
|
|
|
int is_valid;
|
|
|
|
|
};
|
|
|
|
|
struct op_expr_t
|
|
|
|
|
{
|
|
|
|
|
boolean_expr_t* p_expr;
|
|
|
|
|
scan_rule_t* p_rules[MAAT_MAX_EXPR_ITEM_NUM];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct _Maat_region_rule_t
|
|
|
|
|
{
|
|
|
|
|
int region_id;
|
|
|
|
|
int expr_id;
|
2016-02-11 13:57:39 +08:00
|
|
|
int district_id;
|
2015-10-10 18:30:12 +08:00
|
|
|
enum MAAT_TABLE_TYPE region_type;
|
|
|
|
|
};
|
|
|
|
|
struct _Maat_group_rule_t
|
|
|
|
|
{
|
|
|
|
|
int group_id;
|
|
|
|
|
int region_boundary;
|
|
|
|
|
int region_cnt;
|
|
|
|
|
int ref_cnt;
|
|
|
|
|
dynamic_array_t *region_rules;
|
|
|
|
|
void* compile_shortcut;
|
|
|
|
|
pthread_mutex_t mutex;
|
|
|
|
|
};
|
|
|
|
|
struct _Maat_compile_rule_t
|
|
|
|
|
{
|
|
|
|
|
struct db_compile_rule_t *db_c_rule;
|
|
|
|
|
dynamic_array_t *groups;
|
|
|
|
|
int group_cnt;
|
|
|
|
|
int compile_id;//equal to db_c_rule->m_rule.config_id
|
|
|
|
|
pthread_rwlock_t rwlock;//reading compile rule is safe in update thread, rwlock lock called when delete or scan thread read
|
|
|
|
|
};
|
|
|
|
|
struct _compile_result_t
|
|
|
|
|
{
|
|
|
|
|
int compile_id;
|
|
|
|
|
universal_bool_expr_t group_set;
|
|
|
|
|
};
|
|
|
|
|
struct _callback_plugin
|
|
|
|
|
{
|
|
|
|
|
Maat_start_callback_t *start;
|
|
|
|
|
Maat_update_callback_t *update;
|
|
|
|
|
Maat_finish_callback_t *finish;
|
|
|
|
|
void* u_para;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct _plugin_table_info
|
|
|
|
|
{
|
|
|
|
|
int cb_plug_cnt;
|
|
|
|
|
struct _callback_plugin cb_plug[MAX_PLUGING_NUM];
|
|
|
|
|
dynamic_array_t *cache_lines;
|
|
|
|
|
int line_num;
|
|
|
|
|
long cache_size;
|
2015-12-24 17:58:40 +08:00
|
|
|
pthread_mutex_t plugin_mutex;
|
2015-10-10 18:30:12 +08:00
|
|
|
};
|
|
|
|
|
struct _Maat_table_info_t
|
|
|
|
|
{
|
|
|
|
|
unsigned short table_id;
|
|
|
|
|
char table_name[MAX_TABLE_NAME_LEN];
|
|
|
|
|
enum MAAT_TABLE_TYPE table_type;
|
|
|
|
|
enum MAAT_CHARSET src_charset;
|
|
|
|
|
enum MAAT_CHARSET dst_charset[MAX_CHARSET_NUM];
|
|
|
|
|
int src_charset_in_dst;
|
|
|
|
|
int do_charset_merge;
|
|
|
|
|
int cfg_num;
|
|
|
|
|
int cross_cache_size;
|
|
|
|
|
int expr_rule_cnt; //expr_type=0,1,3
|
|
|
|
|
int regex_rule_cnt; //expr_type=2
|
|
|
|
|
struct _plugin_table_info *cb_info;
|
2016-02-10 10:01:18 +08:00
|
|
|
//for stat>>>>>>>>
|
|
|
|
|
int stat_line_id;
|
|
|
|
|
long long scan_cnt;
|
2016-02-18 14:53:06 +08:00
|
|
|
long long scan_cpu_time; //nano
|
2016-02-10 10:01:18 +08:00
|
|
|
long long input_bytes;
|
|
|
|
|
long long stream_num;
|
|
|
|
|
long long hit_cnt;
|
2015-10-10 18:30:12 +08:00
|
|
|
};
|
2016-02-11 13:57:39 +08:00
|
|
|
|
|
|
|
|
struct _INNER_scan_status_t
|
2015-10-10 18:30:12 +08:00
|
|
|
{
|
|
|
|
|
int thread_num;
|
|
|
|
|
int cur_hit_cnt;
|
|
|
|
|
int hit_group_cnt;
|
|
|
|
|
int hit_group_size;
|
|
|
|
|
unsigned int cur_hit_id[MAX_SCANNER_HIT_NUM];
|
|
|
|
|
unsigned int *hitted_group_id;
|
|
|
|
|
};
|
2016-02-11 13:57:39 +08:00
|
|
|
struct _OUTER_scan_status_t
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t* feather;
|
|
|
|
|
int is_set_district;
|
|
|
|
|
int district_id;
|
|
|
|
|
struct _INNER_scan_status_t* inner;
|
|
|
|
|
};
|
2015-10-10 18:30:12 +08:00
|
|
|
enum maat_garbage_type
|
|
|
|
|
{
|
|
|
|
|
GARBAGE_SCANNER=0,
|
|
|
|
|
GARBAGE_GROUP_RULE,
|
|
|
|
|
GARBAGE_COMPILE_RULE,
|
|
|
|
|
GARBAGE_BOOL_MATCHER
|
|
|
|
|
};
|
|
|
|
|
struct iconv_handle_t
|
|
|
|
|
{
|
|
|
|
|
int is_initialized;
|
|
|
|
|
iconv_t cd;
|
|
|
|
|
};
|
|
|
|
|
struct _stream_para_t
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_feather_t* feather;
|
|
|
|
|
int version;
|
|
|
|
|
int thread_num;
|
|
|
|
|
int max_cross_size;
|
|
|
|
|
int caching_size;
|
|
|
|
|
unsigned short table_id;
|
|
|
|
|
char do_merge;
|
|
|
|
|
char do_expr:4;
|
|
|
|
|
char do_regex:4;
|
|
|
|
|
char* last_cache;
|
|
|
|
|
char* scan_buff;
|
|
|
|
|
void* rs_stream_para;
|
|
|
|
|
long acc_scan_len;
|
2015-11-10 18:29:42 +08:00
|
|
|
unsigned long long total_len;
|
|
|
|
|
fuzzy_handle_t *fuzzy_hash_handle;
|
2015-12-08 13:01:49 +08:00
|
|
|
pthread_mutex_t fuzzy_mutex;
|
2015-11-11 11:50:31 +08:00
|
|
|
unsigned char query_point[8];
|
2015-10-10 18:30:12 +08:00
|
|
|
};
|
|
|
|
|
struct _Maat_scanner_t
|
|
|
|
|
{
|
|
|
|
|
int version;
|
|
|
|
|
time_t last_update_time;
|
2016-02-18 14:53:06 +08:00
|
|
|
long long *ref_cnt; //optimized for cache_alignment 64
|
2015-10-10 18:30:12 +08:00
|
|
|
rule_scanner_t region;
|
2015-11-10 18:29:42 +08:00
|
|
|
pthread_rwlock_t digest_rwlock[MAX_TABLE_NUM];
|
|
|
|
|
GIE_handle_t* digest_handle[MAX_TABLE_NUM];
|
2015-10-10 18:30:12 +08:00
|
|
|
MESA_htable_handle region_hash;
|
|
|
|
|
MESA_htable_handle group_hash;
|
|
|
|
|
MESA_htable_handle compile_hash;
|
2016-02-11 13:57:39 +08:00
|
|
|
MESA_htable_handle district_map;
|
|
|
|
|
unsigned int district_num;
|
2015-10-10 18:30:12 +08:00
|
|
|
unsigned int cfg_num;
|
|
|
|
|
unsigned int exprid_generator;
|
|
|
|
|
MESA_lqueue_head region_update_q;
|
2015-11-10 18:29:42 +08:00
|
|
|
MESA_lqueue_head digest_update_q[MAX_TABLE_NUM];
|
2015-10-10 18:30:12 +08:00
|
|
|
void * expr_compiler;
|
|
|
|
|
scan_result_t *region_rslt_buff;
|
|
|
|
|
MESA_lqueue_head tomb_ref;//reference of feather->garbage_q
|
|
|
|
|
int max_thread_num;
|
|
|
|
|
iconv_t iconv_handle[MAX_CHARSET_NUM][MAX_CHARSET_NUM];//iconv_handle[to][from]
|
|
|
|
|
};
|
|
|
|
|
struct _Maat_feather_t
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_scanner_t *scanner;
|
|
|
|
|
struct _Maat_scanner_t *update_tmp_scanner;
|
|
|
|
|
MESA_lqueue_head garbage_q;
|
|
|
|
|
int table_cnt;
|
2016-02-10 10:01:18 +08:00
|
|
|
int GROUP_MODE_ON;
|
|
|
|
|
int still_working;
|
|
|
|
|
int scan_interval_ms;
|
|
|
|
|
int effect_interval_ms;
|
|
|
|
|
int stat_on;
|
|
|
|
|
int perf_on;
|
2015-10-10 18:30:12 +08:00
|
|
|
struct _Maat_table_info_t *p_table_info[MAX_TABLE_NUM];
|
|
|
|
|
MESA_htable_handle map_tablename2id;
|
|
|
|
|
void* logger;
|
|
|
|
|
int maat_version;
|
|
|
|
|
int scan_thread_num;
|
2016-02-10 10:01:18 +08:00
|
|
|
int rule_scan_type;
|
2015-10-10 18:30:12 +08:00
|
|
|
char inc_dir[MAX_TABLE_NAME_LEN];
|
|
|
|
|
char full_dir[MAX_TABLE_NAME_LEN];
|
2016-02-10 10:01:18 +08:00
|
|
|
char stat_file[MAX_TABLE_NAME_LEN];
|
|
|
|
|
//for stat>>>>
|
|
|
|
|
screen_stat_handle_t stat_handle;
|
|
|
|
|
int total_stat_id;
|
|
|
|
|
int fs_status_id[MAX_MAAT_STAT_NUM];
|
|
|
|
|
int fs_column_id[MAX_MAAT_STAT_NUM];
|
2016-02-11 13:57:39 +08:00
|
|
|
long long outer_mid_cnt;
|
|
|
|
|
long long inner_mid_cnt;
|
2016-02-10 10:01:18 +08:00
|
|
|
long long hit_cnt;
|
2016-02-18 14:53:06 +08:00
|
|
|
long long *thread_call_cnt;//size indicate by scan_thread_num,
|
2015-10-10 18:30:12 +08:00
|
|
|
};
|
|
|
|
|
struct _maat_garbage_t
|
|
|
|
|
{
|
|
|
|
|
enum maat_garbage_type type;
|
|
|
|
|
time_t create_time;
|
|
|
|
|
int ok_times;
|
|
|
|
|
union
|
|
|
|
|
{
|
|
|
|
|
struct _Maat_scanner_t* scanner;
|
|
|
|
|
struct _Maat_group_rule_t* group_rule;
|
|
|
|
|
struct _Maat_compile_rule_t* compile_rule;
|
|
|
|
|
void* bool_matcher;
|
|
|
|
|
void * raw;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
void garbage_bagging(enum maat_garbage_type type,void *p,MESA_lqueue_head garbage_q);
|
|
|
|
|
void garbage_bury(MESA_lqueue_head garbage_q,void *logger);
|
2015-11-12 18:28:58 +08:00
|
|
|
void make_group_set(const struct _Maat_compile_rule_t* compile_rule,universal_bool_expr_t* a_set);
|
2015-11-13 18:08:55 +08:00
|
|
|
int read_table_info(struct _Maat_table_info_t** p_table_info,int num,const char* table_info_path,void*logger);
|
2015-11-12 18:28:58 +08:00
|
|
|
void maat_start_cb(unsigned int new_version,int update_type,void*u_para);
|
|
|
|
|
void maat_update_cb(const char* table_name,const char* line,void *u_para);
|
|
|
|
|
void maat_finish_cb(void* u_para);
|
|
|
|
|
void *thread_rule_monitor(void *arg);
|
|
|
|
|
unsigned int make_sub_type(unsigned short table_id,enum MAAT_CHARSET charset,int do_charset_merge);
|
|
|
|
|
inline void ipv6_ntoh(unsigned int *v6_addr)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i=0;
|
|
|
|
|
for(i=0;i<4;i++)
|
|
|
|
|
{
|
|
|
|
|
v6_addr[i]=ntohl(v6_addr[i]);
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-02-10 10:01:18 +08:00
|
|
|
void maat_stat_init(struct _Maat_feather_t* feather);
|
2016-02-18 14:53:06 +08:00
|
|
|
void maat_stat_table(struct _Maat_table_info_t* p_table,int scan_len,struct timespec* start, struct timespec* end);
|
2016-02-10 10:01:18 +08:00
|
|
|
void maat_stat_output(struct _Maat_feather_t* feather);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-11-12 18:28:58 +08:00
|
|
|
#endif
|
2015-11-09 16:18:38 +08:00
|
|
|
|
