2023-02-22 15:22:41 +08:00
|
|
|
/**********************************************************************************************
|
2023-05-04 17:10:19 +08:00
|
|
|
* File: maat_rule.c
|
2022-11-17 05:05:35 +08:00
|
|
|
* Description:
|
|
|
|
|
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
|
|
|
|
|
* Date: 2022-10-31
|
2023-05-04 17:10:19 +08:00
|
|
|
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
|
2022-11-17 05:05:35 +08:00
|
|
|
***********************************************************************************************
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <unistd.h>
|
2022-11-25 16:32:29 +08:00
|
|
|
#include <stdio.h>
|
2022-11-17 05:05:35 +08:00
|
|
|
#include <pthread.h>
|
2023-02-21 11:27:18 +08:00
|
|
|
#include <linux/limits.h>
|
2022-11-25 16:32:29 +08:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/prctl.h>
|
2022-12-03 22:23:41 +08:00
|
|
|
#include <sys/stat.h>
|
2022-11-25 16:32:29 +08:00
|
|
|
#include <assert.h>
|
2022-11-17 05:05:35 +08:00
|
|
|
|
2022-12-03 22:23:41 +08:00
|
|
|
#include "json2iris.h"
|
2023-01-31 20:39:53 +08:00
|
|
|
#include "log/log.h"
|
2022-11-17 05:05:35 +08:00
|
|
|
#include "maat_utils.h"
|
2022-12-03 22:23:41 +08:00
|
|
|
#include "maat_rule.h"
|
|
|
|
|
#include "maat_config_monitor.h"
|
|
|
|
|
#include "maat_redis_monitor.h"
|
2023-01-30 21:59:35 +08:00
|
|
|
#include "maat_table.h"
|
|
|
|
|
#include "maat_compile.h"
|
|
|
|
|
#include "maat_plugin.h"
|
2023-06-19 12:30:25 +00:00
|
|
|
#include "maat_ip_plugin.h"
|
|
|
|
|
#include "maat_fqdn_plugin.h"
|
|
|
|
|
#include "maat_bool_plugin.h"
|
2023-04-20 15:34:56 +08:00
|
|
|
#include "maat_stat.h"
|
2023-03-01 09:32:36 +08:00
|
|
|
#include "ip_matcher.h"
|
2022-12-14 15:28:21 +08:00
|
|
|
#include "alignment.h"
|
2023-01-31 20:39:53 +08:00
|
|
|
#include "maat_garbage_collection.h"
|
2022-11-17 05:05:35 +08:00
|
|
|
|
2022-12-09 17:12:18 +08:00
|
|
|
#define MODULE_MAAT_RULE module_name_str("maat.rule")
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
struct maat_runtime* maat_runtime_create(long long version, struct maat *maat_inst)
|
2022-11-17 05:05:35 +08:00
|
|
|
{
|
|
|
|
|
struct maat_runtime *maat_rt = ALLOC(struct maat_runtime, 1);
|
|
|
|
|
|
|
|
|
|
maat_rt->version = version;
|
2023-06-16 15:59:30 +08:00
|
|
|
int ret = table_manager_runtime_create(maat_inst->tbl_mgr,
|
|
|
|
|
maat_inst->opts.nr_worker_thread,
|
|
|
|
|
maat_inst->garbage_bin);
|
2023-01-30 21:59:35 +08:00
|
|
|
if (ret < 0) {
|
|
|
|
|
FREE(maat_rt);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_rt->ref_tbl_mgr = maat_inst->tbl_mgr;
|
|
|
|
|
maat_rt->max_table_num = table_manager_table_size(maat_inst->tbl_mgr);
|
2023-03-15 11:36:54 +08:00
|
|
|
maat_rt->sequence_map = maat_kv_store_new();
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_rt->logger = maat_inst->logger;
|
|
|
|
|
maat_rt->ref_garbage_bin = maat_inst->garbage_bin;
|
|
|
|
|
maat_rt->ref_cnt = alignment_int64_array_alloc(maat_inst->opts.nr_worker_thread);
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
return maat_rt;
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2023-04-12 20:48:19 +08:00
|
|
|
void maat_runtime_commit(struct maat_runtime *maat_rt, int update_type,
|
2023-04-13 14:56:35 +08:00
|
|
|
long long maat_rt_version, struct log_handle *logger)
|
2022-11-17 05:05:35 +08:00
|
|
|
{
|
|
|
|
|
for (size_t i = 0; i < maat_rt->max_table_num; i++) {
|
2023-04-13 14:56:35 +08:00
|
|
|
table_manager_commit_runtime(maat_rt->ref_tbl_mgr, i, update_type, maat_rt_version);
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
2022-11-25 16:32:29 +08:00
|
|
|
|
|
|
|
|
maat_rt->last_update_time = time(NULL);
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
void maat_start_cb(long long new_version, int update_type, void *u_param)
|
2022-11-17 05:05:35 +08:00
|
|
|
{
|
2023-04-12 20:48:19 +08:00
|
|
|
size_t i = 0;
|
|
|
|
|
enum table_type table_type = TABLE_TYPE_INVALID;
|
2023-06-16 15:59:30 +08:00
|
|
|
struct maat *maat_inst = (struct maat *)u_param;
|
|
|
|
|
|
|
|
|
|
size_t max_table_cnt = table_manager_table_size(maat_inst->tbl_mgr);
|
|
|
|
|
maat_inst->new_version = new_version;
|
2023-03-15 11:36:54 +08:00
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
if (update_type == MAAT_UPDATE_TYPE_FULL) {
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->creating_maat_rt = maat_runtime_create(new_version, maat_inst);
|
|
|
|
|
|
2023-04-22 11:30:49 +08:00
|
|
|
for (i = 0; i < max_table_cnt; i++) {
|
2023-06-16 15:59:30 +08:00
|
|
|
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, i);
|
2023-04-12 20:48:19 +08:00
|
|
|
if (table_type == TABLE_TYPE_COMPILE) {
|
|
|
|
|
// compile runtime need a reference to maat runtime
|
2023-06-16 15:59:30 +08:00
|
|
|
void *compile_rt = table_manager_get_updating_runtime(maat_inst->tbl_mgr, i);
|
|
|
|
|
compile_runtime_init(compile_rt, maat_inst->creating_maat_rt);
|
2023-04-12 20:48:19 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->maat_version = new_version;
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
2022-11-25 16:32:29 +08:00
|
|
|
|
2023-04-22 11:30:49 +08:00
|
|
|
for (i = 0; i < max_table_cnt; i++) {
|
2023-06-16 15:59:30 +08:00
|
|
|
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, i);
|
2023-04-12 20:48:19 +08:00
|
|
|
if (table_type == TABLE_TYPE_PLUGIN) {
|
2023-06-16 15:59:30 +08:00
|
|
|
void *schema = table_manager_get_schema(maat_inst->tbl_mgr, i);
|
2023-04-12 20:48:19 +08:00
|
|
|
plugin_table_all_callback_start((struct plugin_schema *)schema, update_type);
|
2023-03-15 11:36:54 +08:00
|
|
|
}
|
2023-04-12 20:48:19 +08:00
|
|
|
}
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
int maat_update_cb(const char *table_name, const char *line, void *u_param)
|
2022-11-17 05:05:35 +08:00
|
|
|
{
|
2023-01-30 21:59:35 +08:00
|
|
|
if (NULL == table_name || NULL == line || NULL == u_param) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
struct maat *maat_inst =(struct maat *)u_param;
|
2022-11-17 05:05:35 +08:00
|
|
|
struct maat_runtime* maat_rt = NULL;
|
2023-06-16 15:59:30 +08:00
|
|
|
int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
|
2022-12-03 22:23:41 +08:00
|
|
|
if (table_id < 0) {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-03-02 14:52:31 +08:00
|
|
|
"[%s:%d] update warning, unknown table name %s",
|
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
2022-12-03 22:23:41 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
void *schema = table_manager_get_schema(maat_inst->tbl_mgr, table_id);
|
2023-01-30 21:59:35 +08:00
|
|
|
if (NULL == schema) {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-03-02 14:52:31 +08:00
|
|
|
"[%s:%d] update warning, table name %s doesn't have table schema",
|
|
|
|
|
__FUNCTION__, __LINE__, table_name);
|
2022-12-03 22:23:41 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2022-12-06 00:35:36 +08:00
|
|
|
|
2023-04-12 20:48:19 +08:00
|
|
|
int update_type = MAAT_UPDATE_TYPE_INC;
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->creating_maat_rt != NULL) { //Full update
|
|
|
|
|
maat_rt = maat_inst->creating_maat_rt;
|
2023-04-12 20:48:19 +08:00
|
|
|
update_type = MAAT_UPDATE_TYPE_FULL;
|
2022-11-17 05:05:35 +08:00
|
|
|
} else {
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_rt = maat_inst->maat_rt;
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
2023-03-15 11:36:54 +08:00
|
|
|
|
2023-04-12 20:48:19 +08:00
|
|
|
table_manager_update_runtime(maat_rt->ref_tbl_mgr, table_name, table_id, line, update_type);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-12 19:20:05 +08:00
|
|
|
long long maat_runtime_rule_num(struct maat_runtime *maat_rt)
|
2022-11-25 16:32:29 +08:00
|
|
|
{
|
2023-04-12 19:20:05 +08:00
|
|
|
long long total = 0;
|
2022-11-25 16:32:29 +08:00
|
|
|
|
|
|
|
|
for (size_t i = 0; i < maat_rt->max_table_num; i++) {
|
2023-04-12 19:20:05 +08:00
|
|
|
long long rule_cnt = table_manager_runtime_rule_count(maat_rt->ref_tbl_mgr, i);
|
|
|
|
|
total += rule_cnt;
|
|
|
|
|
if (rule_cnt != 0) {
|
|
|
|
|
log_info(maat_rt->logger, MODULE_MAAT_RULE, "table:%d rule count:%lld", i, rule_cnt);
|
|
|
|
|
}
|
2022-11-25 16:32:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return total;
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 20:39:53 +08:00
|
|
|
void maat_plugin_table_all_callback_finish(struct table_manager *tbl_mgr)
|
|
|
|
|
{
|
2023-04-22 11:30:49 +08:00
|
|
|
size_t max_table_cnt = table_manager_table_size(tbl_mgr);
|
2023-02-07 11:25:31 +08:00
|
|
|
enum table_type table_type = TABLE_TYPE_INVALID;
|
2023-01-31 20:39:53 +08:00
|
|
|
|
2023-04-22 11:30:49 +08:00
|
|
|
for (size_t i = 0; i < max_table_cnt; i++) {
|
2023-01-31 20:39:53 +08:00
|
|
|
table_type = table_manager_get_table_type(tbl_mgr, i);
|
|
|
|
|
if (table_type != TABLE_TYPE_PLUGIN) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void *plugin_schema = table_manager_get_schema(tbl_mgr, i);
|
|
|
|
|
plugin_table_all_callback_finish((struct plugin_schema *)plugin_schema);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-19 09:44:25 +00:00
|
|
|
void maat_plugin_table_garbage_collect_routine(struct table_manager *tbl_mgr)
|
|
|
|
|
{
|
|
|
|
|
size_t max_table_cnt = table_manager_table_size(tbl_mgr);
|
|
|
|
|
enum table_type table_type = TABLE_TYPE_INVALID;
|
2023-06-19 12:30:25 +00:00
|
|
|
void *runtime = NULL;
|
|
|
|
|
struct ex_data_runtime *ex_data_rt = NULL;
|
2023-06-19 09:44:25 +00:00
|
|
|
|
|
|
|
|
for (size_t i = 0; i < max_table_cnt; i++) {
|
|
|
|
|
table_type = table_manager_get_table_type(tbl_mgr, i);
|
|
|
|
|
|
2023-06-19 12:30:25 +00:00
|
|
|
switch (table_type) {
|
|
|
|
|
case TABLE_TYPE_COMPILE:
|
|
|
|
|
runtime = table_manager_get_runtime(tbl_mgr, i);
|
|
|
|
|
compile_runtime_garbage_collect_routine(runtime);
|
|
|
|
|
break;
|
|
|
|
|
case TABLE_TYPE_PLUGIN:
|
|
|
|
|
runtime = table_manager_get_runtime(tbl_mgr, i);
|
|
|
|
|
ex_data_rt = plugin_runtime_get_ex_data_rt(runtime);
|
|
|
|
|
break;
|
|
|
|
|
case TABLE_TYPE_IP_PLUGIN:
|
|
|
|
|
runtime = table_manager_get_runtime(tbl_mgr, i);
|
|
|
|
|
ex_data_rt = ip_plugin_runtime_get_ex_data_rt(runtime);
|
|
|
|
|
break;
|
|
|
|
|
case TABLE_TYPE_FQDN_PLUGIN:
|
|
|
|
|
runtime = table_manager_get_runtime(tbl_mgr, i);
|
|
|
|
|
ex_data_rt = fqdn_plugin_runtime_get_ex_data_rt(runtime);
|
|
|
|
|
break;
|
|
|
|
|
case TABLE_TYPE_BOOL_PLUGIN:
|
|
|
|
|
runtime = table_manager_get_runtime(tbl_mgr, i);
|
|
|
|
|
ex_data_rt = bool_plugin_runtime_get_ex_data_rt(runtime);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ex_data_rt != NULL) {
|
|
|
|
|
ex_data_runtime_garbage_collect_routine(ex_data_rt);
|
|
|
|
|
ex_data_rt = NULL;
|
|
|
|
|
}
|
2023-06-19 09:44:25 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
void maat_finish_cb(void *u_param)
|
|
|
|
|
{
|
2023-06-16 15:59:30 +08:00
|
|
|
struct maat *maat_inst = (struct maat *)u_param;
|
2022-11-17 05:05:35 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_plugin_table_all_callback_finish(maat_inst->tbl_mgr);
|
2023-01-31 20:39:53 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->creating_maat_rt != NULL) {
|
|
|
|
|
maat_runtime_commit(maat_inst->creating_maat_rt, MAAT_UPDATE_TYPE_FULL,
|
|
|
|
|
maat_inst->creating_maat_rt->version, maat_inst->logger);
|
|
|
|
|
maat_inst->creating_maat_rt->rule_num = maat_runtime_rule_num(maat_inst->creating_maat_rt);
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-02-03 17:28:14 +08:00
|
|
|
"Full config version %llu load %d entries complete",
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->creating_maat_rt->version,
|
|
|
|
|
maat_inst->creating_maat_rt->rule_num);
|
|
|
|
|
} else if (maat_inst->maat_rt != NULL) {
|
|
|
|
|
maat_inst->maat_rt->version = maat_inst->maat_version;
|
|
|
|
|
maat_runtime_commit(maat_inst->maat_rt, MAAT_UPDATE_TYPE_INC,
|
|
|
|
|
maat_inst->maat_rt->version, maat_inst->logger);
|
|
|
|
|
maat_inst->maat_rt->rule_num = maat_runtime_rule_num(maat_inst->maat_rt);
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-02-03 17:28:14 +08:00
|
|
|
"Inc config version %llu load %d entries complete",
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->maat_rt->version,
|
|
|
|
|
maat_inst->maat_rt->rule_num);
|
2023-03-15 11:36:54 +08:00
|
|
|
} else {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-04-13 14:56:35 +08:00
|
|
|
"Version %d has no valid rules, plugin callback complete.",
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->maat_version);
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
2023-03-15 11:36:54 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->new_version = INVALID_VERSION;
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
void maat_read_full_config(struct maat *maat_inst)
|
2023-05-11 11:21:46 +08:00
|
|
|
{
|
|
|
|
|
int ret = -1;
|
|
|
|
|
char err_str[NAME_MAX] = {0};
|
|
|
|
|
struct source_redis_ctx *redis_ctx = NULL;
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
switch (maat_inst->opts.input_mode) {
|
2023-05-11 11:21:46 +08:00
|
|
|
case DATA_SOURCE_REDIS:
|
2023-06-16 15:59:30 +08:00
|
|
|
redis_ctx = &(maat_inst->opts.redis_ctx);
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-05-11 11:21:46 +08:00
|
|
|
"Maat initiate from Redis %s:%hu db%d",
|
|
|
|
|
redis_ctx->redis_ip, redis_ctx->redis_port, redis_ctx->redis_db);
|
|
|
|
|
redis_ctx->read_ctx = maat_cmd_connect_redis(redis_ctx->redis_ip,
|
|
|
|
|
redis_ctx->redis_port,
|
|
|
|
|
redis_ctx->redis_db,
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->logger);
|
2023-05-11 11:21:46 +08:00
|
|
|
if (redis_ctx->read_ctx != NULL) {
|
2023-06-16 15:59:30 +08:00
|
|
|
redis_monitor_traverse(maat_inst->maat_version, redis_ctx,
|
2023-05-11 11:21:46 +08:00
|
|
|
maat_start_cb, maat_update_cb, maat_finish_cb,
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst);
|
2023-05-11 11:21:46 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (NULL == maat_inst->creating_maat_rt) {
|
|
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-05-11 11:21:46 +08:00
|
|
|
"[%s:%d] At initiation: NO effective rule in redis %s:%hu db%d",
|
|
|
|
|
__FUNCTION__, __LINE__, redis_ctx->redis_ip, redis_ctx->redis_port,
|
|
|
|
|
redis_ctx->redis_db);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case DATA_SOURCE_IRIS_FILE:
|
2023-06-16 15:59:30 +08:00
|
|
|
config_monitor_traverse(maat_inst->maat_version,
|
|
|
|
|
maat_inst->opts.iris_ctx.full_idx_dir,
|
2023-05-11 11:21:46 +08:00
|
|
|
maat_start_cb, maat_update_cb, maat_finish_cb,
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst, maat_inst->opts.decrypt_key,
|
|
|
|
|
maat_inst->logger);
|
|
|
|
|
if (NULL == maat_inst->creating_maat_rt) {
|
|
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-05-11 11:21:46 +08:00
|
|
|
"[%s:%d] At initiation: NO effective rule in %s",
|
2023-06-16 15:59:30 +08:00
|
|
|
__FUNCTION__, __LINE__, maat_inst->opts.iris_ctx.full_idx_dir);
|
2023-05-11 11:21:46 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case DATA_SOURCE_JSON_FILE:
|
2023-06-16 15:59:30 +08:00
|
|
|
ret = load_maat_json_file(maat_inst, maat_inst->opts.json_ctx.json_file,
|
2023-05-11 11:21:46 +08:00
|
|
|
err_str, sizeof(err_str));
|
|
|
|
|
if (ret < 0) {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-05-11 11:21:46 +08:00
|
|
|
"[%s:%d] Maat re-initiate with JSON file %s failed: %s",
|
2023-06-16 15:59:30 +08:00
|
|
|
__FUNCTION__, __LINE__, maat_inst->opts.json_ctx.json_file, err_str);
|
2023-05-11 11:21:46 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
config_monitor_traverse(maat_inst->maat_version,
|
|
|
|
|
maat_inst->opts.json_ctx.iris_file,
|
2023-05-11 11:21:46 +08:00
|
|
|
maat_start_cb, maat_update_cb, maat_finish_cb,
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst, maat_inst->opts.decrypt_key,
|
|
|
|
|
maat_inst->logger);
|
|
|
|
|
if (NULL == maat_inst->creating_maat_rt) {
|
|
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-05-11 11:21:46 +08:00
|
|
|
"[%s:%d] At initiation: NO effective rule in %s",
|
2023-06-16 15:59:30 +08:00
|
|
|
__FUNCTION__, __LINE__, maat_inst->opts.json_ctx.iris_file);
|
2023-05-11 11:21:46 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->maat_rt = maat_inst->creating_maat_rt;
|
|
|
|
|
maat_inst->creating_maat_rt = NULL;
|
|
|
|
|
maat_inst->is_running = 1;
|
|
|
|
|
if (maat_inst->maat_rt != NULL) {
|
|
|
|
|
maat_inst->maat_version = maat_inst->maat_rt->version;
|
|
|
|
|
maat_inst->last_full_version = maat_inst->maat_rt->version;
|
2023-05-11 11:21:46 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
long long maat_runtime_get_sequence(struct maat_runtime *maat_rt, const char *key)
|
|
|
|
|
{
|
|
|
|
|
if (NULL == maat_rt || NULL == key) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
long long sequence = 0;
|
|
|
|
|
int map_ret = maat_kv_read(maat_rt->sequence_map, key, &sequence);
|
|
|
|
|
if (map_ret < 0) {
|
|
|
|
|
maat_kv_register(maat_rt->sequence_map, key, sequence);
|
|
|
|
|
} else {
|
|
|
|
|
sequence++;
|
|
|
|
|
int ret = maat_kv_write(maat_rt->sequence_map, key, sequence);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sequence;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void maat_runtime_destroy(struct maat_runtime *maat_rt)
|
|
|
|
|
{
|
|
|
|
|
if (NULL == maat_rt) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (maat_rt->sequence_map != NULL) {
|
|
|
|
|
maat_kv_store_free(maat_rt->sequence_map);
|
|
|
|
|
maat_rt->sequence_map = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (maat_rt->ref_cnt != NULL) {
|
|
|
|
|
alignment_int64_array_free(maat_rt->ref_cnt);
|
|
|
|
|
maat_rt->ref_cnt = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FREE(maat_rt);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void garbage_maat_kv_store_free(void *kv_store, void *arg)
|
|
|
|
|
{
|
|
|
|
|
struct maat_kv_store *store = (struct maat_kv_store *)kv_store;
|
|
|
|
|
maat_kv_store_free(store);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void garbage_maat_runtime_destroy(void *maat_runtime, void *arg)
|
|
|
|
|
{
|
|
|
|
|
struct maat_runtime *maat_rt = (struct maat_runtime *)maat_runtime;
|
|
|
|
|
maat_runtime_destroy(maat_rt);
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-17 05:05:35 +08:00
|
|
|
void *rule_monitor_loop(void *arg)
|
|
|
|
|
{
|
2022-11-25 16:32:29 +08:00
|
|
|
/* Defined by prctl: The name can be up to 16 bytes long, and should
|
|
|
|
|
be null terminated if it contains fewer bytes. */
|
2023-06-16 15:59:30 +08:00
|
|
|
char maat_name[MAX_INSTANCE_NAME_LEN + 1] = {0};
|
|
|
|
|
struct maat *maat_inst = (struct maat *)arg;
|
2022-11-17 05:05:35 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (strlen(maat_inst->opts.inst_name) > 0) {
|
|
|
|
|
snprintf(maat_name, sizeof(maat_name), "%s", maat_inst->opts.inst_name);
|
2022-11-25 16:32:29 +08:00
|
|
|
} else {
|
2023-06-16 15:59:30 +08:00
|
|
|
snprintf(maat_name, sizeof(maat_name), "MAAT_LOOP");
|
2022-11-25 16:32:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int ret = prctl(PR_SET_NAME, (unsigned long long)maat_name, NULL, NULL, NULL);
|
|
|
|
|
assert(ret >= 0);
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
pthread_mutex_lock(&(maat_inst->background_update_mutex));
|
2022-11-25 16:32:29 +08:00
|
|
|
/* if deferred load on */
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->opts.deferred_load_on != 0) {
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-03-02 14:52:31 +08:00
|
|
|
"Deferred Loading ON, updating in %s:%d", __FUNCTION__, __LINE__);
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_read_full_config(maat_inst);
|
2022-11-25 16:32:29 +08:00
|
|
|
}
|
2023-06-16 15:59:30 +08:00
|
|
|
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
|
2022-11-25 16:32:29 +08:00
|
|
|
|
2022-12-03 22:23:41 +08:00
|
|
|
char md5_tmp[MD5_DIGEST_LENGTH * 2 + 1] = {0};
|
|
|
|
|
char err_str[NAME_MAX] = {0};
|
|
|
|
|
struct stat attrib;
|
2023-06-16 15:59:30 +08:00
|
|
|
|
|
|
|
|
while (maat_inst->is_running) {
|
2023-05-31 09:13:14 +00:00
|
|
|
if (time(NULL) % 10 == 0) {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-05-31 09:13:14 +00:00
|
|
|
"%s thread still alive.........", __FUNCTION__);
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
usleep(maat_inst->opts.rule_update_checking_interval_ms * 1000);
|
|
|
|
|
|
|
|
|
|
if (0 == pthread_mutex_trylock(&(maat_inst->background_update_mutex))) {
|
|
|
|
|
switch (maat_inst->opts.input_mode) {
|
2022-12-03 22:23:41 +08:00
|
|
|
case DATA_SOURCE_REDIS:
|
2023-06-16 15:59:30 +08:00
|
|
|
redis_monitor_traverse(maat_inst->maat_version,
|
|
|
|
|
&(maat_inst->opts.redis_ctx),
|
|
|
|
|
maat_start_cb, maat_update_cb, maat_finish_cb,
|
|
|
|
|
maat_inst);
|
2022-12-03 22:23:41 +08:00
|
|
|
break;
|
2022-11-25 16:32:29 +08:00
|
|
|
case DATA_SOURCE_IRIS_FILE:
|
2023-06-16 15:59:30 +08:00
|
|
|
config_monitor_traverse(maat_inst->maat_version,
|
|
|
|
|
maat_inst->opts.iris_ctx.inc_idx_dir,
|
2022-12-09 17:12:18 +08:00
|
|
|
maat_start_cb, maat_update_cb, maat_finish_cb,
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst, maat_inst->opts.decrypt_key,
|
|
|
|
|
maat_inst->logger);
|
2022-11-17 05:05:35 +08:00
|
|
|
break;
|
2022-12-03 22:23:41 +08:00
|
|
|
case DATA_SOURCE_JSON_FILE:
|
|
|
|
|
memset(md5_tmp, 0, sizeof(md5_tmp));
|
2023-06-16 15:59:30 +08:00
|
|
|
stat(maat_inst->opts.json_ctx.json_file, &attrib);
|
|
|
|
|
if (memcmp(&attrib.st_ctim, &(maat_inst->opts.json_ctx.last_md5_time),
|
|
|
|
|
sizeof(attrib.st_ctim))) {
|
|
|
|
|
maat_inst->opts.json_ctx.last_md5_time = attrib.st_ctim;
|
|
|
|
|
md5_file(maat_inst->opts.json_ctx.json_file, md5_tmp);
|
|
|
|
|
if (0 != strcmp(md5_tmp, maat_inst->opts.json_ctx.effective_json_md5)) {
|
|
|
|
|
ret = load_maat_json_file(maat_inst, maat_inst->opts.json_ctx.json_file,
|
2022-12-09 17:12:18 +08:00
|
|
|
err_str, sizeof(err_str));
|
2022-12-03 22:23:41 +08:00
|
|
|
if (ret < 0) {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_error(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-03-02 14:52:31 +08:00
|
|
|
"[%s:%d] Maat re-initiate with JSON file %s (md5=%s)failed: %s\n",
|
2023-06-16 15:59:30 +08:00
|
|
|
__FUNCTION__, __LINE__, maat_inst->opts.json_ctx.json_file,
|
2023-03-02 14:52:31 +08:00
|
|
|
md5_tmp, err_str);
|
2022-12-03 22:23:41 +08:00
|
|
|
} else {
|
2023-06-16 15:59:30 +08:00
|
|
|
config_monitor_traverse(0, maat_inst->opts.json_ctx.iris_file,
|
2022-12-09 17:12:18 +08:00
|
|
|
maat_start_cb, maat_update_cb, maat_finish_cb,
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst, maat_inst->opts.decrypt_key,
|
|
|
|
|
maat_inst->logger);
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2022-12-09 17:12:18 +08:00
|
|
|
"Maat re-initiate with JSON file %s success, md5: %s\n",
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->opts.json_ctx.json_file, md5_tmp);
|
2022-12-03 22:23:41 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
2022-11-17 05:05:35 +08:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->creating_maat_rt != NULL) {
|
|
|
|
|
struct maat_runtime *old_maat_rt = maat_inst->maat_rt;
|
|
|
|
|
maat_inst->maat_rt = maat_inst->creating_maat_rt;
|
2022-11-17 05:05:35 +08:00
|
|
|
|
|
|
|
|
if (old_maat_rt != NULL) {
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->maat_rt->version > old_maat_rt->version) {
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-02-03 17:28:14 +08:00
|
|
|
"Maat version updated %lld -> %lld\n",
|
2023-06-16 15:59:30 +08:00
|
|
|
old_maat_rt->version, maat_inst->maat_rt->version);
|
2022-11-29 14:12:40 +08:00
|
|
|
} else {
|
2023-06-16 15:59:30 +08:00
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-02-03 17:28:14 +08:00
|
|
|
"Maat version roll back %lld -> %lld\n",
|
2023-06-16 15:59:30 +08:00
|
|
|
old_maat_rt->version, maat_inst->maat_rt->version);
|
2022-11-29 14:12:40 +08:00
|
|
|
}
|
2023-06-16 15:59:30 +08:00
|
|
|
|
|
|
|
|
maat_inst->stat->zombie_rs_stream += alignment_int64_array_sum(old_maat_rt->ref_cnt,
|
|
|
|
|
maat_inst->opts.nr_worker_thread);
|
|
|
|
|
maat_garbage_bagging(maat_inst->garbage_bin, old_maat_rt, NULL,
|
2023-03-29 22:25:14 +08:00
|
|
|
garbage_maat_runtime_destroy);
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->creating_maat_rt = NULL;
|
|
|
|
|
maat_inst->maat_version = maat_inst->maat_rt->version;
|
|
|
|
|
maat_inst->last_full_version = maat_inst->maat_rt->version;
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->maat_rt != NULL) {
|
|
|
|
|
time_t time_window = time(NULL) - maat_inst->maat_rt->last_update_time;
|
2022-11-25 16:32:29 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (time_window >= maat_inst->opts.rule_effect_interval_ms / 1000) {
|
|
|
|
|
maat_runtime_commit(maat_inst->maat_rt, MAAT_UPDATE_TYPE_INC,
|
|
|
|
|
maat_inst->maat_rt->version, maat_inst->logger);
|
|
|
|
|
log_info(maat_inst->logger, MODULE_MAAT_RULE,
|
2023-02-23 14:50:07 +08:00
|
|
|
"Actual update config version %u, %d entries load to maat runtime.",
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_inst->maat_rt->version, maat_inst->maat_rt->rule_num);
|
2022-11-25 16:32:29 +08:00
|
|
|
}
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
2023-06-16 15:59:30 +08:00
|
|
|
|
|
|
|
|
maat_garbage_collect_routine(maat_inst->garbage_bin);
|
2023-06-19 09:44:25 +00:00
|
|
|
maat_plugin_table_garbage_collect_routine(maat_inst->tbl_mgr);
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if ((1 == maat_inst->opts.stat_on) && (time(NULL) % 2 == 0)) {
|
|
|
|
|
maat_stat_output(maat_inst->stat, maat_inst->maat_version, maat_inst->opts.perf_on);
|
2023-04-20 15:34:56 +08:00
|
|
|
}
|
2022-11-17 05:05:35 +08:00
|
|
|
}
|
2022-11-25 16:32:29 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
maat_runtime_destroy(maat_inst->maat_rt);
|
|
|
|
|
maat_garbage_bin_free(maat_inst->garbage_bin);
|
|
|
|
|
table_manager_destroy(maat_inst->tbl_mgr); //table manager MUST be freed at last.
|
2022-12-03 22:23:41 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->stat != NULL) {
|
|
|
|
|
maat_stat_free(maat_inst->stat);
|
|
|
|
|
maat_inst->stat = NULL;
|
2023-04-20 15:34:56 +08:00
|
|
|
}
|
2023-02-03 17:28:14 +08:00
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->opts.input_mode == DATA_SOURCE_REDIS) {
|
|
|
|
|
if (maat_inst->opts.redis_ctx.read_ctx != NULL) {
|
|
|
|
|
redisFree(maat_inst->opts.redis_ctx.read_ctx);
|
|
|
|
|
maat_inst->opts.redis_ctx.read_ctx = NULL;
|
2022-12-03 22:23:41 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->opts.redis_ctx.write_ctx != NULL) {
|
|
|
|
|
redisFree(maat_inst->opts.redis_ctx.write_ctx);
|
|
|
|
|
maat_inst->opts.redis_ctx.write_ctx = NULL;
|
2022-12-03 22:23:41 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
if (maat_inst->opts.accept_tags != NULL) {
|
|
|
|
|
FREE(maat_inst->opts.accept_tags);
|
|
|
|
|
maat_inst->opts.accept_tags = NULL;
|
2023-05-04 17:10:19 +08:00
|
|
|
}
|
|
|
|
|
|
2023-06-16 15:59:30 +08:00
|
|
|
log_handle_destroy(maat_inst->logger);
|
|
|
|
|
FREE(maat_inst);
|
2022-11-25 16:32:29 +08:00
|
|
|
|
|
|
|
|
return NULL;
|
2023-06-16 15:59:30 +08:00
|
|
|
}
|
