2023-01-30 21:59:35 +08:00
|
|
|
|
/*
|
|
|
|
|
|
**********************************************************************************************
|
2023-05-04 17:10:19 +08:00
|
|
|
|
* File: maat_ip.c
|
2023-01-30 21:59:35 +08:00
|
|
|
|
* Description:
|
|
|
|
|
|
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
|
|
|
|
|
|
* Date: 2022-10-31
|
2023-05-04 17:10:19 +08:00
|
|
|
|
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
|
2023-01-30 21:59:35 +08:00
|
|
|
|
***********************************************************************************************
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#include <stdint.h>
|
2023-01-31 20:39:53 +08:00
|
|
|
|
#include <assert.h>
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
|
|
|
|
|
#include "log/log.h"
|
|
|
|
|
|
#include "maat_utils.h"
|
|
|
|
|
|
#include "maat_ex_data.h"
|
2023-03-01 09:32:36 +08:00
|
|
|
|
#include "ip_matcher.h"
|
2023-03-27 15:52:47 +08:00
|
|
|
|
#include "interval_matcher.h"
|
2023-01-30 21:59:35 +08:00
|
|
|
|
#include "maat_ip.h"
|
|
|
|
|
|
#include "maat_rule.h"
|
2023-01-31 20:39:53 +08:00
|
|
|
|
#include "maat_compile.h"
|
2023-02-03 17:28:14 +08:00
|
|
|
|
#include "alignment.h"
|
2023-01-30 21:59:35 +08:00
|
|
|
|
#include "maat_garbage_collection.h"
|
|
|
|
|
|
|
|
|
|
|
|
#define MODULE_IP module_name_str("maat.ip")
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_schema {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
int item_id_column;
|
|
|
|
|
|
int group_id_column;
|
|
|
|
|
|
int addr_type_column;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
int addr_format_column;
|
|
|
|
|
|
int ip1_column;
|
|
|
|
|
|
int ip2_column;
|
|
|
|
|
|
int port_format_column;
|
|
|
|
|
|
int port1_column;
|
|
|
|
|
|
int port2_column;
|
|
|
|
|
|
int protocol_column;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
int table_id; //ugly
|
2023-02-09 22:13:15 +08:00
|
|
|
|
struct table_manager *ref_tbl_mgr;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
struct ipv4_item_rule {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
uint32_t min_ip; /* 源地址下界;0表示忽略本字段 */
|
|
|
|
|
|
uint32_t max_ip; /* 源地址上界;0表示固定IP=min_addr */
|
2023-01-30 21:59:35 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
struct ipv6_item_rule {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
uint32_t min_ip[4]; /* 源地址下界;全0表示忽略本字段 */
|
|
|
|
|
|
uint32_t max_ip[4]; /* 源地址上界;全0表示固定IP=min_addr */
|
2023-01-30 21:59:35 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_item {
|
2023-02-22 15:22:41 +08:00
|
|
|
|
long long item_id;
|
|
|
|
|
|
long long group_id;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
int addr_type;
|
|
|
|
|
|
union {
|
|
|
|
|
|
struct ipv4_item_rule ipv4;
|
|
|
|
|
|
struct ipv6_item_rule ipv6;
|
|
|
|
|
|
};
|
2023-03-27 15:52:47 +08:00
|
|
|
|
enum ip_format ip_format;
|
|
|
|
|
|
enum port_format port_format;
|
|
|
|
|
|
uint16_t min_port;
|
|
|
|
|
|
uint16_t max_port;
|
|
|
|
|
|
int proto;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
void *user_data;
|
|
|
|
|
|
void (*user_data_free)(void *data);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_runtime {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
struct ip_matcher *ip_matcher;
|
|
|
|
|
|
struct interval_matcher *intval_matcher;
|
2023-05-09 17:45:43 +08:00
|
|
|
|
struct rcu_hash_table *item_hash;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
2023-04-13 14:56:35 +08:00
|
|
|
|
long long version;
|
2023-04-12 19:20:05 +08:00
|
|
|
|
long long rule_num;
|
2023-04-20 15:34:56 +08:00
|
|
|
|
long long ipv6_rule_num;
|
|
|
|
|
|
size_t n_worker_thread;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
struct log_handle *logger;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
struct maat_garbage_bin *ref_garbage_bin;
|
|
|
|
|
|
|
|
|
|
|
|
long long update_err_cnt;
|
2023-02-03 17:28:14 +08:00
|
|
|
|
long long *scan_cnt;
|
2023-04-20 15:34:56 +08:00
|
|
|
|
long long *scan_cpu_time;
|
2023-02-03 17:28:14 +08:00
|
|
|
|
long long *hit_cnt;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr,
|
|
|
|
|
|
const char *table_name, struct log_handle *logger)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_schema *ip_schema = ALLOC(struct ip_schema, 1);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
|
|
|
|
|
cJSON *custom_item = NULL;
|
|
|
|
|
|
cJSON *item = cJSON_GetObjectItem(json, "table_id");
|
2023-01-31 20:39:53 +08:00
|
|
|
|
if (item != NULL && item->type == cJSON_Number) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
ip_schema->table_id = item->valueint;
|
2023-05-30 16:16:18 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
|
|
|
|
|
"[%s:%d] ip table:<%s> schema has no table_id column",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
item = cJSON_GetObjectItem(json, "custom");
|
|
|
|
|
|
if (NULL == item || item->type != cJSON_Object) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no custom column",
|
2023-03-02 14:52:31 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "item_id");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
ip_schema->item_id_column = custom_item->valueint;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no item_id column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "group_id");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
ip_schema->group_id_column = custom_item->valueint;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no group_id column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "addr_type");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
ip_schema->addr_type_column = custom_item->valueint;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no add_type column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "addr_format");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
|
|
|
|
|
ip_schema->addr_format_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no addr_format column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "ip1");
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
ip_schema->ip1_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no ip1 column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "ip2");
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
ip_schema->ip2_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no ip2 column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "port_format");
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
ip_schema->port_format_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no port_format column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "port1");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
|
|
|
|
|
ip_schema->port1_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no port1 column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
2023-02-03 17:28:14 +08:00
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "port2");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
|
|
|
|
|
ip_schema->port2_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no port2 column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "protocol");
|
|
|
|
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
|
|
|
|
|
ip_schema->protocol_column = custom_item->valueint;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> schema has no protocol column",
|
2023-03-27 15:52:47 +08:00
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
|
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ip_schema->ref_tbl_mgr = tbl_mgr;
|
2023-02-03 17:28:14 +08:00
|
|
|
|
return ip_schema;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
error:
|
2023-02-03 17:28:14 +08:00
|
|
|
|
FREE(ip_schema);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
void ip_schema_free(void *ip_schema)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-02-03 17:28:14 +08:00
|
|
|
|
FREE(ip_schema);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
struct ip_item *ip_item_new(struct ip_schema *ip_schema, const char *table_name,
|
|
|
|
|
|
const char *line, struct log_handle *logger)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
|
|
|
|
|
size_t column_offset = 0;
|
|
|
|
|
|
size_t column_len = 0;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
char addr_format[16] = {0};
|
|
|
|
|
|
char port_format[16] = {0};
|
|
|
|
|
|
char ip1_str[40] = {0};
|
|
|
|
|
|
char ip2_str[40] = {0};
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_item *ip_item = ALLOC(struct ip_item, 1);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
int ret = get_column_pos(line, ip_schema->item_id_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no item_id in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
2023-02-22 15:08:52 +08:00
|
|
|
|
ip_item->item_id = atoll(line + column_offset);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->group_id_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no group_id in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
2023-02-22 15:08:52 +08:00
|
|
|
|
ip_item->group_id = atoll(line + column_offset);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->addr_type_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no addr_type in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
2023-02-03 17:28:14 +08:00
|
|
|
|
ip_item->addr_type = atoi(line + column_offset);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (ip_item->addr_type != IPv4 && ip_item->addr_type != IPv6) {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has invalid addr type:%d in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, ip_item->addr_type, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->addr_format_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no addr_format in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-31 20:39:53 +08:00
|
|
|
|
goto error;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
2023-03-27 15:52:47 +08:00
|
|
|
|
memcpy(addr_format, (line + column_offset), column_len);
|
|
|
|
|
|
if (IP_FORMAT_UNKNOWN == ip_format_str2int(addr_format)) {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has invalid addr_format, "
|
|
|
|
|
|
"should be single/range/CIDR/mask in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->ip1_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-03-02 14:52:31 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no ip1 in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
2023-03-27 15:52:47 +08:00
|
|
|
|
memcpy(ip1_str, (line + column_offset), column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->ip2_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-03-02 14:52:31 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no ip2 in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
2023-03-27 15:52:47 +08:00
|
|
|
|
memcpy(ip2_str, (line + column_offset), column_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (IPv4 == ip_item->addr_type) {
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = ip_format2range(ip_item->addr_type, ip_format_str2int(addr_format),
|
|
|
|
|
|
ip1_str, ip2_str, &ip_item->ipv4.min_ip, &ip_item->ipv4.max_ip);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> ip_format2range(ip4) failed in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
//ipv6
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = ip_format2range(ip_item->addr_type, ip_format_str2int(addr_format),
|
|
|
|
|
|
ip1_str, ip2_str, ip_item->ipv6.min_ip, ip_item->ipv6.max_ip);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> ip_format2range(ip6) failed in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->port_format_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (ret < 0) {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no port_format in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
memcpy(port_format, (line + column_offset), column_len);
|
|
|
|
|
|
if (PORT_FORMAT_UNKNOWN == port_format_str2int(port_format)) {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has invalid port_format, "
|
|
|
|
|
|
"should be single/range in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
ip_item->port_format = port_format_str2int(port_format);
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->port1_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (ret < 0) {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s>) has no port1 in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
ip_item->min_port = atoi(line + column_offset);
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->port2_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (ret < 0) {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no port2 in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
ip_item->max_port = atoi(line + column_offset);
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ret = get_column_pos(line, ip_schema->protocol_column, &column_offset,
|
|
|
|
|
|
&column_len);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (ret < 0) {
|
|
|
|
|
|
log_error(logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] ip table:<%s> has no protocol in line:%s",
|
|
|
|
|
|
__FUNCTION__, __LINE__, table_name, line);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
goto error;
|
|
|
|
|
|
}
|
|
|
|
|
|
ip_item->proto = atoi(line + column_offset);
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
return ip_item;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
error:
|
2023-02-03 17:28:14 +08:00
|
|
|
|
FREE(ip_item);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
void ip_item_free(struct ip_item *item)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-05-07 23:09:33 +08:00
|
|
|
|
if (NULL == item) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (item->user_data != NULL && item->user_data_free != NULL) {
|
|
|
|
|
|
item->user_data_free(item->user_data);
|
|
|
|
|
|
item->user_data = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
FREE(item);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
void ip_item_free_cb(void *user_ctx, void *data)
|
2023-03-15 11:36:54 +08:00
|
|
|
|
{
|
|
|
|
|
|
struct ip_item *item = (struct ip_item *)data;
|
|
|
|
|
|
ip_item_free(item);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-20 15:34:56 +08:00
|
|
|
|
void *ip_runtime_new(void *ip_schema, size_t max_thread_num,
|
2023-04-13 14:56:35 +08:00
|
|
|
|
struct maat_garbage_bin *garbage_bin,
|
2023-03-15 11:36:54 +08:00
|
|
|
|
struct log_handle *logger)
|
|
|
|
|
|
{
|
2023-04-13 14:56:35 +08:00
|
|
|
|
if (NULL == ip_schema) {
|
|
|
|
|
|
return NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
struct ip_runtime *ip_rt = ALLOC(struct ip_runtime, 1);
|
|
|
|
|
|
|
2023-05-09 17:45:43 +08:00
|
|
|
|
ip_rt->item_hash = rcu_hash_new(ip_item_free_cb, NULL);
|
2023-04-20 15:34:56 +08:00
|
|
|
|
ip_rt->n_worker_thread = max_thread_num;
|
2023-03-15 11:36:54 +08:00
|
|
|
|
ip_rt->ref_garbage_bin = garbage_bin;
|
|
|
|
|
|
ip_rt->logger = logger;
|
|
|
|
|
|
|
|
|
|
|
|
ip_rt->hit_cnt = alignment_int64_array_alloc(max_thread_num);
|
|
|
|
|
|
ip_rt->scan_cnt = alignment_int64_array_alloc(max_thread_num);
|
2023-04-24 19:18:12 +08:00
|
|
|
|
ip_rt->scan_cpu_time = alignment_int64_array_alloc(max_thread_num);
|
2023-03-15 11:36:54 +08:00
|
|
|
|
|
|
|
|
|
|
return ip_rt;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void ip_runtime_free(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
|
|
|
|
|
if (ip_rt->ip_matcher != NULL) {
|
|
|
|
|
|
ip_matcher_free(ip_rt->ip_matcher);
|
|
|
|
|
|
ip_rt->ip_matcher = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-04 09:31:20 +08:00
|
|
|
|
if (ip_rt->intval_matcher != NULL) {
|
|
|
|
|
|
interval_matcher_free(ip_rt->intval_matcher);
|
|
|
|
|
|
ip_rt->intval_matcher = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-09 17:45:43 +08:00
|
|
|
|
if (ip_rt->item_hash != NULL) {
|
|
|
|
|
|
rcu_hash_free(ip_rt->item_hash);
|
|
|
|
|
|
ip_rt->item_hash = NULL;
|
2023-03-15 11:36:54 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (ip_rt->hit_cnt != NULL) {
|
|
|
|
|
|
alignment_int64_array_free(ip_rt->hit_cnt);
|
|
|
|
|
|
ip_rt->hit_cnt = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (ip_rt->scan_cnt != NULL) {
|
|
|
|
|
|
alignment_int64_array_free(ip_rt->scan_cnt);
|
|
|
|
|
|
ip_rt->scan_cnt = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-20 15:34:56 +08:00
|
|
|
|
if (ip_rt->scan_cpu_time != NULL) {
|
|
|
|
|
|
alignment_int64_array_free(ip_rt->scan_cpu_time);
|
|
|
|
|
|
ip_rt->scan_cpu_time = NULL;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
FREE(ip_rt);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
void ip_item_to_ip_rule(struct ip_item *item, struct ip_rule *rule)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (IPv4 == item->addr_type) {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
rule->type = IPv4;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
rule->ipv4_rule.start_ip = item->ipv4.min_ip;
|
|
|
|
|
|
rule->ipv4_rule.end_ip = item->ipv4.max_ip;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
rule->type = IPv6;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
memcpy(rule->ipv6_rule.start_ip, item->ipv6.min_ip,
|
|
|
|
|
|
sizeof(item->ipv6.min_ip));
|
|
|
|
|
|
memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_ip,
|
|
|
|
|
|
sizeof(item->ipv6.max_ip));
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
rule->rule_id = item->item_id;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
void ip_item_to_port_rule(struct ip_item *item, struct interval_rule *rule)
|
|
|
|
|
|
{
|
|
|
|
|
|
rule->start = item->min_port;
|
|
|
|
|
|
rule->end = item->max_port;
|
|
|
|
|
|
rule->result.rule_id = item->item_id;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len,
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_item *item, int is_valid)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-03-15 13:30:39 +08:00
|
|
|
|
int ret = -1;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
|
|
|
|
|
if (0 == is_valid) {
|
|
|
|
|
|
// delete
|
2023-05-09 17:45:43 +08:00
|
|
|
|
rcu_hash_del(ip_rt->item_hash, key, key_len);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
// add
|
2023-05-09 17:45:43 +08:00
|
|
|
|
ret = rcu_hash_add(ip_rt->item_hash, key, key_len, (void *)item);
|
2023-03-15 13:30:39 +08:00
|
|
|
|
if (ret < 0) {
|
2023-03-15 11:36:54 +08:00
|
|
|
|
log_error(ip_rt->logger, MODULE_IP,
|
2023-05-07 23:09:33 +08:00
|
|
|
|
"[%s:%d] ip item(item_id:%lld) add to ip runtime htable failed",
|
2023-03-15 11:36:54 +08:00
|
|
|
|
__FUNCTION__, __LINE__, item->item_id);
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
int ip_runtime_update(void *ip_runtime, void *ip_schema,
|
2023-03-29 22:25:14 +08:00
|
|
|
|
const char *table_name, const char *line,
|
|
|
|
|
|
int valid_column)
|
2023-01-31 20:39:53 +08:00
|
|
|
|
{
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (NULL == ip_runtime || NULL == ip_schema || NULL == line) {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_schema *schema = (struct ip_schema *)ip_schema;
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
2023-02-22 15:08:52 +08:00
|
|
|
|
long long item_id = get_column_value(line, schema->item_id_column);
|
|
|
|
|
|
if (item_id < 0) {
|
2023-05-30 16:16:18 +08:00
|
|
|
|
log_error(ip_rt->logger, MODULE_IP,
|
|
|
|
|
|
"[%s:%d] ip table:<%s> has no item_id(column seq:%d)"
|
|
|
|
|
|
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
|
|
|
|
|
|
schema->item_id_column, line);
|
2023-04-20 15:34:56 +08:00
|
|
|
|
ip_rt->update_err_cnt++;
|
2023-02-22 15:08:52 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-01-30 21:59:35 +08:00
|
|
|
|
int is_valid = get_column_value(line, valid_column);
|
|
|
|
|
|
if (is_valid < 0) {
|
2023-05-30 16:16:18 +08:00
|
|
|
|
log_error(ip_rt->logger, MODULE_IP,
|
|
|
|
|
|
"[%s:%d] ip table:<%s> has no is_valid(column seq:%d)"
|
|
|
|
|
|
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
|
|
|
|
|
|
valid_column, line);
|
2023-04-20 15:34:56 +08:00
|
|
|
|
ip_rt->update_err_cnt++;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return -1;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_item *ip_item = NULL;
|
|
|
|
|
|
if (1 == is_valid) {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
//add
|
2023-05-30 16:16:18 +08:00
|
|
|
|
ip_item = ip_item_new(schema, table_name, line, ip_rt->logger);
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (NULL == ip_item) {
|
2023-04-20 15:34:56 +08:00
|
|
|
|
ip_rt->update_err_cnt++;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
struct maat_item_inner *inner_item = maat_item_inner_new(ip_item->item_id,
|
|
|
|
|
|
ip_item->group_id,
|
|
|
|
|
|
0);
|
|
|
|
|
|
ip_item->user_data = inner_item;
|
|
|
|
|
|
ip_item->user_data_free = maat_item_inner_free;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
int ret = ip_runtime_update_row(ip_rt, (char *)&item_id, sizeof(long long),
|
|
|
|
|
|
ip_item, is_valid);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
if (ret < 0) {
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (ip_item != NULL) {
|
|
|
|
|
|
ip_item_free(ip_item);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
2023-04-20 15:34:56 +08:00
|
|
|
|
ip_rt->update_err_cnt++;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-29 22:25:14 +08:00
|
|
|
|
void garbage_ip_matcher_free(void *ip_matcher, void *arg)
|
|
|
|
|
|
{
|
|
|
|
|
|
struct ip_matcher *matcher = (struct ip_matcher *)ip_matcher;
|
|
|
|
|
|
ip_matcher_free(matcher);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-30 16:16:18 +08:00
|
|
|
|
int ip_runtime_commit(void *ip_runtime, const char *table_name,
|
|
|
|
|
|
long long maat_rt_version)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-02-03 17:28:14 +08:00
|
|
|
|
if (NULL == ip_runtime) {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-05-09 17:45:43 +08:00
|
|
|
|
int updating_flag = rcu_hash_is_updating(ip_rt->item_hash);
|
2023-03-15 11:36:54 +08:00
|
|
|
|
if (0 == updating_flag) {
|
2023-01-30 21:59:35 +08:00
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-20 15:34:56 +08:00
|
|
|
|
ip_rt->ipv6_rule_num = 0;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
struct ip_rule *rules = NULL;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
struct interval_rule *intval_rules = NULL;
|
2023-03-15 11:36:54 +08:00
|
|
|
|
void **ex_data_array = NULL;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
2023-05-09 17:45:43 +08:00
|
|
|
|
size_t rule_cnt = rcu_updating_hash_list(ip_rt->item_hash, &ex_data_array);
|
2023-03-15 11:36:54 +08:00
|
|
|
|
if (rule_cnt > 0) {
|
|
|
|
|
|
rules = ALLOC(struct ip_rule, rule_cnt);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
intval_rules = ALLOC(struct interval_rule, rule_cnt);
|
2023-03-15 11:36:54 +08:00
|
|
|
|
for (size_t i = 0; i < rule_cnt; i++) {
|
|
|
|
|
|
struct ip_item *item = (struct ip_item *)ex_data_array[i];
|
2023-04-20 15:34:56 +08:00
|
|
|
|
if (item->addr_type == IPv6) {
|
|
|
|
|
|
ip_rt->ipv6_rule_num++;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
ip_item_to_ip_rule(item, &rules[i]);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
ip_item_to_port_rule(item, &intval_rules[i]);
|
2023-03-15 11:36:54 +08:00
|
|
|
|
}
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
int ret = 0;
|
|
|
|
|
|
size_t mem_used = 0;
|
|
|
|
|
|
struct ip_matcher *new_ip_matcher = NULL;
|
|
|
|
|
|
struct ip_matcher *old_ip_matcher = NULL;
|
|
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
struct interval_matcher *new_intval_matcher = NULL;
|
|
|
|
|
|
struct interval_matcher *old_intval_matcher = NULL;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (rule_cnt > 0) {
|
2023-03-30 21:32:58 +08:00
|
|
|
|
new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (NULL == new_ip_matcher) {
|
|
|
|
|
|
log_error(ip_rt->logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] table[%s] rebuild ip_matcher engine failed "
|
|
|
|
|
|
"when update %zu ip rules", __FUNCTION__, __LINE__,
|
|
|
|
|
|
table_name, rule_cnt);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
ret = -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
new_intval_matcher = interval_matcher_new(intval_rules, rule_cnt);
|
|
|
|
|
|
if (NULL == new_intval_matcher) {
|
|
|
|
|
|
log_error(ip_rt->logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"[%s:%d] table[%s] rebuild interval_matcher engine "
|
|
|
|
|
|
"failed when update %zu ip rules", __FUNCTION__, __LINE__,
|
|
|
|
|
|
table_name, rule_cnt);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
ret = -1;
|
|
|
|
|
|
}
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
old_ip_matcher = ip_rt->ip_matcher;
|
|
|
|
|
|
ip_rt->ip_matcher = new_ip_matcher;
|
2023-05-09 17:45:43 +08:00
|
|
|
|
rcu_hash_commit(ip_rt->item_hash);
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
if (old_ip_matcher != NULL) {
|
2023-03-29 22:25:14 +08:00
|
|
|
|
maat_garbage_bagging(ip_rt->ref_garbage_bin, old_ip_matcher, NULL,
|
|
|
|
|
|
garbage_ip_matcher_free);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
old_intval_matcher = ip_rt->intval_matcher;
|
|
|
|
|
|
ip_rt->intval_matcher = new_intval_matcher;
|
|
|
|
|
|
if (old_intval_matcher != NULL) {
|
2023-03-29 22:25:14 +08:00
|
|
|
|
maat_garbage_bagging(ip_rt->ref_garbage_bin, old_intval_matcher, NULL,
|
|
|
|
|
|
garbage_interval_matcher_free);
|
2023-03-15 11:36:54 +08:00
|
|
|
|
}
|
2023-03-27 15:52:47 +08:00
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
ip_rt->rule_num = rule_cnt;
|
2023-04-13 14:56:35 +08:00
|
|
|
|
ip_rt->version = maat_rt_version;
|
2023-03-15 11:36:54 +08:00
|
|
|
|
|
2023-04-13 14:56:35 +08:00
|
|
|
|
log_info(ip_rt->logger, MODULE_IP,
|
2023-05-30 16:16:18 +08:00
|
|
|
|
"table[%s] commit %zu ip rules and rebuild ip_matcher completed"
|
|
|
|
|
|
", version:%lld", table_name, rule_cnt, ip_rt->version);
|
2023-04-13 14:56:35 +08:00
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
if (rules != NULL) {
|
|
|
|
|
|
FREE(rules);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-04 09:31:20 +08:00
|
|
|
|
if (intval_rules != NULL) {
|
|
|
|
|
|
FREE(intval_rules);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-15 11:36:54 +08:00
|
|
|
|
if (ex_data_array != NULL) {
|
|
|
|
|
|
FREE(ex_data_array);
|
|
|
|
|
|
}
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-12 19:20:05 +08:00
|
|
|
|
long long ip_runtime_rule_count(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
|
|
|
|
|
return ip_rt->rule_num;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-20 15:34:56 +08:00
|
|
|
|
long long ip_runtime_ipv6_rule_count(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
|
|
|
|
|
return ip_rt->ipv6_rule_num;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
int validate_port(struct ip_item *item, uint16_t port, int proto)
|
2023-03-27 15:52:47 +08:00
|
|
|
|
{
|
|
|
|
|
|
uint16_t host_port = ntohs(port);
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
|
|
|
|
|
if (item->min_port > host_port || item->max_port < host_port) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
if (item->proto != -1 && item->proto != proto) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
int validate_proto(struct ip_item *item, int proto)
|
2023-03-27 15:52:47 +08:00
|
|
|
|
{
|
2023-05-07 23:09:33 +08:00
|
|
|
|
if (item->proto != -1 && item->proto != proto) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-15 11:53:46 +08:00
|
|
|
|
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
|
2023-03-27 15:52:47 +08:00
|
|
|
|
uint8_t *ip_addr, uint16_t port, int proto, int vtable_id,
|
|
|
|
|
|
struct maat_state *state)
|
2023-01-30 21:59:35 +08:00
|
|
|
|
{
|
2023-03-06 10:45:36 +08:00
|
|
|
|
if (0 == ip_rt->rule_num) {
|
|
|
|
|
|
//empty ip table
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
2023-03-27 15:52:47 +08:00
|
|
|
|
|
2023-04-03 19:01:26 +08:00
|
|
|
|
struct scan_result ip_results[MAX_SCANNER_HIT_ITEM_NUM];
|
2023-03-27 15:52:47 +08:00
|
|
|
|
|
|
|
|
|
|
/* if ip_addr = "0.0.0.0" means any ip */
|
|
|
|
|
|
int any_ip_flag = 0;
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
struct ip_data scan_data;
|
|
|
|
|
|
if (ip_type == IPv4) {
|
|
|
|
|
|
scan_data.type = IPv4;
|
2023-02-16 11:13:23 +08:00
|
|
|
|
scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (0 == scan_data.ipv4) {
|
|
|
|
|
|
any_ip_flag = 1;
|
|
|
|
|
|
}
|
2023-02-03 17:28:14 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
scan_data.type = IPv6;
|
|
|
|
|
|
for (int i = 0; i < 4; i++) {
|
|
|
|
|
|
scan_data.ipv6[i] = *((uint32_t *)ip_addr + i);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
2023-02-16 11:13:23 +08:00
|
|
|
|
ipv6_ntoh(scan_data.ipv6);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (0 == scan_data.ipv6[0] && 0 == scan_data.ipv6[1] &&
|
|
|
|
|
|
0 == scan_data.ipv6[2] && 0 == scan_data.ipv6[3]) {
|
|
|
|
|
|
any_ip_flag = 1;
|
|
|
|
|
|
}
|
2023-02-03 17:28:14 +08:00
|
|
|
|
}
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-03-27 15:52:47 +08:00
|
|
|
|
int ret = 0;
|
2023-05-07 23:09:33 +08:00
|
|
|
|
size_t real_hit_item_cnt = 0;
|
|
|
|
|
|
struct maat_item hit_maat_items[MAX_SCANNER_HIT_ITEM_NUM];
|
2023-03-27 15:52:47 +08:00
|
|
|
|
|
|
|
|
|
|
// any ip, so scan port+proto
|
|
|
|
|
|
if (1 == any_ip_flag) {
|
2023-04-03 19:01:26 +08:00
|
|
|
|
struct interval_result port_results[MAX_SCANNER_HIT_ITEM_NUM];
|
2023-03-27 15:52:47 +08:00
|
|
|
|
uint16_t host_port = ntohs(port);
|
|
|
|
|
|
int n_hit_port_item = interval_matcher_match(ip_rt->intval_matcher, host_port,
|
|
|
|
|
|
port_results, MAX_SCANNER_HIT_ITEM_NUM);
|
|
|
|
|
|
if (n_hit_port_item <= 0) {
|
|
|
|
|
|
return n_hit_port_item;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (n_hit_port_item > MAX_SCANNER_HIT_ITEM_NUM) {
|
|
|
|
|
|
n_hit_port_item = MAX_SCANNER_HIT_ITEM_NUM;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
for (int i = 0; i < n_hit_port_item; i++) {
|
2023-03-27 15:52:47 +08:00
|
|
|
|
long long item_id = port_results[i].rule_id;
|
2023-05-09 17:45:43 +08:00
|
|
|
|
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
|
2023-05-07 23:09:33 +08:00
|
|
|
|
(char *)&item_id,
|
|
|
|
|
|
sizeof(long long));
|
|
|
|
|
|
if (!ip_item) {
|
|
|
|
|
|
// item config has been deleted
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ret = validate_proto(ip_item, proto);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (ret < 0) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
|
|
|
|
|
hit_maat_items[real_hit_item_cnt].item_id = port_results[i].rule_id;
|
|
|
|
|
|
hit_maat_items[real_hit_item_cnt].group_id = ip_item->group_id;
|
|
|
|
|
|
real_hit_item_cnt++;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
int n_hit_ip_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data,
|
|
|
|
|
|
ip_results, MAX_SCANNER_HIT_ITEM_NUM);
|
|
|
|
|
|
if (n_hit_ip_item <= 0) {
|
|
|
|
|
|
return n_hit_ip_item;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (n_hit_ip_item > MAX_SCANNER_HIT_ITEM_NUM) {
|
|
|
|
|
|
n_hit_ip_item = MAX_SCANNER_HIT_ITEM_NUM;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for (size_t i = 0; i < n_hit_ip_item; i++) {
|
|
|
|
|
|
long long item_id = ip_results[i].rule_id;
|
2023-05-09 17:45:43 +08:00
|
|
|
|
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
|
2023-05-07 23:09:33 +08:00
|
|
|
|
(char *)&item_id,
|
|
|
|
|
|
sizeof(long long));
|
|
|
|
|
|
if (!ip_item) {
|
|
|
|
|
|
// item config has been deleted
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ret = validate_port(ip_item, port, proto);
|
2023-03-27 15:52:47 +08:00
|
|
|
|
if (ret < 0) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
2023-05-07 23:09:33 +08:00
|
|
|
|
|
|
|
|
|
|
hit_maat_items[real_hit_item_cnt].item_id = ip_results[i].rule_id;
|
|
|
|
|
|
hit_maat_items[real_hit_item_cnt].group_id = ip_item->group_id;
|
|
|
|
|
|
real_hit_item_cnt++;
|
2023-03-27 15:52:47 +08:00
|
|
|
|
}
|
2023-01-30 21:59:35 +08:00
|
|
|
|
}
|
2023-01-31 20:39:53 +08:00
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
|
2023-05-07 23:09:33 +08:00
|
|
|
|
return real_hit_item_cnt;
|
2023-02-03 17:28:14 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-20 15:34:56 +08:00
|
|
|
|
void ip_runtime_hit_inc(struct ip_runtime *ip_rt, int thread_id)
|
2023-02-03 17:28:14 +08:00
|
|
|
|
{
|
2023-04-20 15:34:56 +08:00
|
|
|
|
if (NULL == ip_rt || thread_id < 0) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
|
alignment_int64_array_add(ip_rt->hit_cnt, thread_id, 1);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-20 15:34:56 +08:00
|
|
|
|
void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start,
|
|
|
|
|
|
struct timespec *end, int thread_id)
|
2023-02-03 17:28:14 +08:00
|
|
|
|
{
|
2023-04-20 15:34:56 +08:00
|
|
|
|
if (NULL == ip_rt || thread_id < 0) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
alignment_int64_array_add(ip_rt->scan_cnt, thread_id, 1);
|
|
|
|
|
|
|
|
|
|
|
|
if (start != NULL && end != NULL) {
|
2023-05-30 16:16:18 +08:00
|
|
|
|
long long consume_time = (end->tv_sec - start->tv_sec) * 1000000000 +
|
|
|
|
|
|
(end->tv_nsec - start->tv_nsec);
|
2023-04-20 15:34:56 +08:00
|
|
|
|
alignment_int64_array_add(ip_rt->scan_cpu_time, thread_id, consume_time);
|
|
|
|
|
|
}
|
2023-02-22 15:22:41 +08:00
|
|
|
|
}
|
2023-04-20 15:34:56 +08:00
|
|
|
|
|
|
|
|
|
|
long long ip_runtime_scan_count(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
|
|
|
|
|
long long sum = alignment_int64_array_sum(ip_rt->scan_cnt, ip_rt->n_worker_thread);
|
|
|
|
|
|
alignment_int64_array_reset(ip_rt->scan_cnt, ip_rt->n_worker_thread);
|
|
|
|
|
|
|
|
|
|
|
|
return sum;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
long long ip_runtime_scan_cpu_time(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
|
|
|
|
|
long long sum = alignment_int64_array_sum(ip_rt->scan_cpu_time,
|
|
|
|
|
|
ip_rt->n_worker_thread);
|
|
|
|
|
|
alignment_int64_array_reset(ip_rt->scan_cpu_time, ip_rt->n_worker_thread);
|
|
|
|
|
|
|
|
|
|
|
|
return sum;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
long long ip_runtime_hit_count(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
2023-05-30 16:16:18 +08:00
|
|
|
|
long long sum = alignment_int64_array_sum(ip_rt->hit_cnt,
|
|
|
|
|
|
ip_rt->n_worker_thread);
|
2023-04-20 15:34:56 +08:00
|
|
|
|
alignment_int64_array_reset(ip_rt->hit_cnt, ip_rt->n_worker_thread);
|
|
|
|
|
|
|
|
|
|
|
|
return sum;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
long long ip_runtime_update_err_count(void *ip_runtime)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (NULL == ip_runtime) {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
|
|
|
|
|
|
return ip_rt->update_err_cnt;
|
2023-05-09 17:45:43 +08:00
|
|
|
|
}
|
