2015-10-10 18:30:12 +08:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
*****************Maat Network Flow Rule Manage Framework********
|
|
|
|
|
* Maat is the Goddess of truth and justice in ancient Egyptian concept.
|
|
|
|
|
* Her feather was the measure that determined whether the souls (considered
|
|
|
|
|
* to reside in the heart) of the departed would reach the paradise of afterlife
|
|
|
|
|
* successfully.
|
|
|
|
|
* Author: zhengchao@iie.ac.cn,MESA
|
2015-11-09 16:26:16 +08:00
|
|
|
* Version 2015-11-09 digest scan
|
2015-10-10 18:30:12 +08:00
|
|
|
* NOTE: MUST compile with G++
|
|
|
|
|
* All right reserved by Institute of Infomation Engineering,Chinese Academic of Science 2014~2018
|
|
|
|
|
*********************************************************
|
|
|
|
|
*/
|
|
|
|
|
#ifndef H_MAAT_RULE_H_INCLUDE
|
|
|
|
|
#define H_MAAT_RULE_H_INCLUDE
|
2016-03-04 10:57:41 +08:00
|
|
|
#ifndef __cplusplus
|
|
|
|
|
#error("This file should be compiled with C++ compiler")
|
|
|
|
|
#endif
|
2015-10-10 18:30:12 +08:00
|
|
|
#include "stream.h"
|
|
|
|
|
enum MAAT_CHARSET
|
|
|
|
|
{
|
|
|
|
|
CHARSET_NONE=0,
|
|
|
|
|
CHARSET_GBK,
|
|
|
|
|
CHARSET_BIG5,
|
|
|
|
|
CHARSET_UNICODE,
|
|
|
|
|
CHARSET_UTF8, // 4
|
2016-04-03 12:29:41 +08:00
|
|
|
CHARSET_BIN, //5
|
|
|
|
|
CHARSET_UNICODE_ASCII_ESC, // Unicode Escape format, prefix backslash-u hex, e.g. "\u627;"
|
|
|
|
|
CHARSET_UNICODE_ASCII_ALIGNED,//Unicode Escape format, prefix backslash-u with 4 bytes aligned, e.g. "\u0627"
|
|
|
|
|
CHARSET_UNICODE_NCR_DEC, //SGML Numeric character reference,decimal base, e.g. "ا"
|
|
|
|
|
CHARSET_UNICODE_NCR_HEX, //SGML Numeric character reference,hexdecimal base, e.g. "ا"
|
|
|
|
|
CHARSET_URL_ENCODE_GB2312, //URL encode with GB2312, e.g. the chinese word "china" was encoded to %D6%D0%B9%FA
|
|
|
|
|
CHARSET_URL_ENCODE_UTF8 //11, URL encode with UTF8,e.g. the chinese word "china" was encoded to %E4%B8%AD%E5%9B%BD
|
2015-10-10 18:30:12 +08:00
|
|
|
};
|
|
|
|
|
enum MAAT_ACTION
|
|
|
|
|
{
|
|
|
|
|
MAAT_ACTION_BLOCK=0,
|
|
|
|
|
MAAT_ACTION_MONIT,
|
|
|
|
|
MAAT_ACTION_WHITE
|
|
|
|
|
};
|
|
|
|
|
enum MAAT_POS_TYPE
|
|
|
|
|
{
|
|
|
|
|
MAAT_POSTYPE_EXPR=0,
|
|
|
|
|
MAAT_POSTYPE_REGEX
|
|
|
|
|
};
|
|
|
|
|
typedef void* scan_status_t;
|
|
|
|
|
typedef void* stream_para_t;
|
|
|
|
|
typedef void* Maat_feather_t;
|
2015-11-09 16:18:38 +08:00
|
|
|
|
|
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
#define MAX_SERVICE_DEFINE_LEN 128
|
|
|
|
|
struct Maat_rule_t
|
|
|
|
|
{
|
|
|
|
|
int config_id;
|
|
|
|
|
int service_id;
|
|
|
|
|
char do_log;
|
|
|
|
|
char do_blacklist;
|
|
|
|
|
char action;
|
|
|
|
|
char resevered;
|
|
|
|
|
int serv_def_len;
|
|
|
|
|
char service_defined[MAX_SERVICE_DEFINE_LEN];
|
|
|
|
|
};
|
|
|
|
|
#define MAAT_RULE_UPDATE_TYPE_FULL 1
|
|
|
|
|
#define MAAT_RULE_UPDATE_TYPE_INC 2
|
|
|
|
|
typedef void Maat_start_callback_t(int update_type,void* u_para);
|
|
|
|
|
typedef void Maat_update_callback_t(int table_id,const char* table_line,void* u_para);
|
|
|
|
|
typedef void Maat_finish_callback_t(void* u_para);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//--------------------HITTING DETAIL DESCRIPTION BEGIN
|
|
|
|
|
|
|
|
|
|
#define MAAT_MAX_HIT_RULE_NUM 8
|
|
|
|
|
#define MAAT_MAX_EXPR_ITEM_NUM 8
|
|
|
|
|
#define MAAT_MAX_HIT_POS_NUM 8
|
|
|
|
|
#define MAAT_MAX_REGEX_GROUP_NUM 8
|
|
|
|
|
|
|
|
|
|
//NOTE position buffer as hitting_regex_pos and hit_pos,are ONLY valid before next scan or Maat_stream_scan_string_end
|
|
|
|
|
struct regex_pos_t
|
|
|
|
|
{
|
|
|
|
|
int group_num;
|
|
|
|
|
int hitting_regex_len;
|
|
|
|
|
const char* hitting_regex_pos;
|
|
|
|
|
int grouping_len[MAAT_MAX_REGEX_GROUP_NUM];
|
|
|
|
|
const char* grouping_pos[MAAT_MAX_REGEX_GROUP_NUM];
|
|
|
|
|
};
|
|
|
|
|
struct str_pos_t
|
|
|
|
|
{
|
|
|
|
|
int hit_len;
|
|
|
|
|
const char* hit_pos;
|
|
|
|
|
};
|
|
|
|
|
struct sub_item_pos_t
|
|
|
|
|
{
|
|
|
|
|
enum MAAT_POS_TYPE ruletype;
|
|
|
|
|
int hit_cnt;
|
|
|
|
|
union
|
|
|
|
|
{
|
|
|
|
|
struct regex_pos_t regex_pos[MAAT_MAX_HIT_POS_NUM];
|
|
|
|
|
struct str_pos_t substr_pos[MAAT_MAX_HIT_POS_NUM];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct Maat_region_pos_t
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
int region_id;
|
|
|
|
|
int sub_item_num;
|
|
|
|
|
struct sub_item_pos_t sub_item_pos[MAAT_MAX_EXPR_ITEM_NUM];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct Maat_hit_detail_t
|
|
|
|
|
{
|
|
|
|
|
int config_id;//set <0 if half hit;
|
|
|
|
|
int hit_region_cnt;
|
|
|
|
|
struct Maat_region_pos_t region_pos[MAAT_MAX_HIT_RULE_NUM];
|
|
|
|
|
};
|
|
|
|
|
//--------------------HITTING DETAIL DESCRIPTION END
|
2016-02-10 10:01:18 +08:00
|
|
|
|
|
|
|
|
//Abondon interface ,left for compatible.
|
2015-10-10 18:30:12 +08:00
|
|
|
Maat_feather_t Maat_summon_feather(int max_thread_num,
|
|
|
|
|
const char* table_info_path,
|
|
|
|
|
const char* ful_cfg_dir,
|
|
|
|
|
const char* inc_cfg_dir,
|
2016-02-10 10:01:18 +08:00
|
|
|
void*logger);//MESA_handle_logger
|
|
|
|
|
//Abondon interface ,left for compatible.
|
2015-10-10 18:30:12 +08:00
|
|
|
Maat_feather_t Maat_summon_feather_json(int max_thread_num,
|
|
|
|
|
const char* table_info_path,
|
|
|
|
|
const char* json_rule,
|
|
|
|
|
void* logger);
|
|
|
|
|
|
2016-02-10 10:01:18 +08:00
|
|
|
Maat_feather_t Maat_feather(int max_thread_num,const char* table_info_path,void* logger);
|
|
|
|
|
int Maat_initiate_feather(Maat_feather_t feather);
|
|
|
|
|
|
2016-02-11 13:57:39 +08:00
|
|
|
enum MAAT_INIT_OPT
|
|
|
|
|
{
|
2016-02-10 10:01:18 +08:00
|
|
|
MAAT_OPT_SCANDIR_INTERVAL_MS=1, //VALUE is interger,SIZE=sizeof(int). DEFAULT:1,000 milliseconds.
|
|
|
|
|
MAAT_OPT_EFFECT_INVERVAL_MS, //VALUE is interger,SIZE=sizeof(int). DEFAULT:60,000 milliseconds.
|
|
|
|
|
MAAT_OPT_FULL_CFG_DIR, //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
|
|
|
|
MAAT_OPT_INC_CFG_DIR, //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
|
|
|
|
MAAT_OPT_JSON_FILE_PATH, //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
|
|
|
|
MAAT_OPT_STAT_ON, //VALUE is indifferent,SIZE is indifferent.MAAT_OPT_STAT_FILE_PATH must be set.Default: stat OFF.
|
|
|
|
|
MAAT_OPT_PERF_ON, //VALUE is indifferent,SIZE is indifferent.MAAT_OPT_STAT_FILE_PATH must be set.Default: stat OFF.
|
|
|
|
|
MAAT_OPT_STAT_FILE_PATH, //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
|
|
|
|
MAAT_OPT_SCAN_DETAIL //VALUE is interger,SIZE=sizeof(int). 0: not return any detail;1: return hit pos, not include regex grouping;
|
|
|
|
|
// 2 return hit pos and regex grouping pos;DEFAULT:2
|
|
|
|
|
};
|
|
|
|
|
//return -1 if failed, return 0 on success;
|
|
|
|
|
int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT type,const void* value,int size);
|
2015-10-10 18:30:12 +08:00
|
|
|
void Maat_burn_feather(Maat_feather_t feather);
|
|
|
|
|
|
|
|
|
|
//return table_id(>=0) if success,otherwise return -1;
|
|
|
|
|
int Maat_table_register(Maat_feather_t feather,const char* table_name);
|
|
|
|
|
//return 1 if success,otherwise return -1 incase invalid table_id or registed function number exceed 32;
|
|
|
|
|
int Maat_table_callback_register(Maat_feather_t feather,short table_id,
|
|
|
|
|
Maat_start_callback_t *start,//MAAT_RULE_UPDATE_TYPE_*,u_para
|
|
|
|
|
Maat_update_callback_t *update,//table line ,u_para
|
|
|
|
|
Maat_finish_callback_t *finish,//u_para
|
|
|
|
|
void* u_para);
|
|
|
|
|
|
2016-02-11 13:57:39 +08:00
|
|
|
enum MAAT_SCAN_OPT
|
|
|
|
|
{
|
|
|
|
|
MAAT_SET_SCAN_DISTRICT=1 //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
|
|
|
|
};
|
|
|
|
|
//return 0 if success, return -1 when failed;
|
2016-02-15 09:28:47 +08:00
|
|
|
int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCAN_OPT type,const void* value,int size);
|
2015-10-10 18:30:12 +08:00
|
|
|
|
|
|
|
|
//Return hit rule number, return -1 when error occurs,return -2 when hit current region
|
|
|
|
|
//mid MUST set NULL before fist call
|
|
|
|
|
int Maat_scan_intval(Maat_feather_t feather,int table_id
|
|
|
|
|
,unsigned int intval
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t *mid,int thread_num);
|
|
|
|
|
int Maat_scan_addr(Maat_feather_t feather,int table_id
|
|
|
|
|
,struct ipaddr* addr
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t *mid,int thread_num);
|
|
|
|
|
int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|
|
|
|
,struct ipaddr* addr,unsigned short int proto
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t *mid,int thread_num);
|
|
|
|
|
int Maat_full_scan_string(Maat_feather_t feather,int table_id
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int* found_pos,int rule_num
|
|
|
|
|
,scan_status_t* mid,int thread_num);
|
|
|
|
|
//hite_detail could be NULL if unconcern
|
|
|
|
|
int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
|
|
|
|
|
,int* detail_ret,scan_status_t* mid,int thread_num);
|
|
|
|
|
|
|
|
|
|
stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,int thread_num);
|
|
|
|
|
int Maat_stream_scan_string(stream_para_t* stream_para
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int* found_pos,int rule_num
|
|
|
|
|
,scan_status_t* mid);
|
2015-11-09 16:20:48 +08:00
|
|
|
//hited_detail could be NULL if unconcern
|
2015-10-10 18:30:12 +08:00
|
|
|
int Maat_stream_scan_string_detail(stream_para_t* stream_para
|
|
|
|
|
,enum MAAT_CHARSET charset,const char* data,int data_len
|
|
|
|
|
,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
|
|
|
|
|
,int* detail_ret,scan_status_t* mid);
|
|
|
|
|
void Maat_stream_scan_string_end(stream_para_t* stream_para);
|
|
|
|
|
|
2015-11-09 16:18:38 +08:00
|
|
|
stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,unsigned long long total_len,int thread_num);
|
|
|
|
|
int Maat_stream_scan_digest(stream_para_t* stream_para
|
2015-11-10 18:29:42 +08:00
|
|
|
,const char* data,int data_len,unsigned long long offset
|
2015-11-09 16:18:38 +08:00
|
|
|
,struct Maat_rule_t*result,int rule_num
|
|
|
|
|
,scan_status_t* mid);
|
|
|
|
|
void Maat_stream_scan_digest_end(stream_para_t* stream_para);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-10-10 18:30:12 +08:00
|
|
|
void Maat_clean_status(scan_status_t* mid);
|
|
|
|
|
|
|
|
|
|
#endif // H_MAAT_RULE_H_INCLUDE
|
|
|
|
|
|
