support scan ip

2022-12-09 17:12:18 +08:00
parent 6ba2f6241e
commit 0536083cbe
27 changed files with 1894 additions and 480 deletions
--- a/src/inc_internal/json2iris.h
+++ b/src/inc_internal/json2iris.h
@@ -20,7 +20,8 @@ extern "C"

 int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, 
              const char* group2compile_tn, const char* group2group_tn, redisContext *redis_write_ctx, 
-              char* iris_dir_buf, int buf_len, char* encrypt_key, char* encrypt_algo);
+              char* iris_dir_buf, int buf_len, char* encrypt_key, char* encrypt_algo,
+              struct log_handle *logger);

 #ifdef __cpluscplus
 }
--- a/src/inc_internal/maat_common.h
+++ b/src/inc_internal/maat_common.h
@@ -18,14 +18,18 @@ extern "C"

 #include <stddef.h>

+#include "log/log.h"
 #include "maat_rule.h"

 struct maat_options {
+    char instance_name[NAME_MAX];
    size_t nr_worker_threads;
    int rule_effect_interval_ms;
    int rule_update_checking_interval_ms;
    int gc_timeout_ms;
    int deferred_load_on;
+    int log_level;
+    struct log_handle *logger;
    enum data_source input_mode;
    union {
        struct source_iris_ctx iris_ctx;
--- a/src/inc_internal/maat_config_monitor.h
+++ b/src/inc_internal/maat_config_monitor.h
@@ -25,8 +25,8 @@ extern "C"
 void config_monitor_traverse(long long version, const char *idx_dir,
 							void (*start_fn)(long long, int, void *),
 							int (*update_fn)(const char *, const char *, void *),
-							void (*finish_fn)(void *),
-							void *u_param);
+							void (*finish_fn)(void *), void *u_param,
+                            struct log_handle *logger);

 int load_maat_json_file(struct maat *maat_instance, const char *json_filename, char *err_str, size_t err_str_sz);

--- a/src/inc_internal/maat_ex_data.h
+++ b/src/inc_internal/maat_ex_data.h
@@ -18,6 +18,11 @@ extern "C"

 #include "rcu_hash.h"

+struct ex_data_container {
+    void *ex_data;
+    void *custom_data;
+};
+
 struct ex_data_runtime;

 /* ex_data_runtime API */
@@ -40,20 +45,24 @@ void ex_data_runtime_clear_row_cache(struct ex_data_runtime *ex_data_rt);
 void ex_data_runtime_set_schema(struct ex_data_runtime *ex_data_rt, struct ex_data_schema *schema);

 /* set user_ctx API */
-void ex_data_runtime_set_user_ctx(struct ex_data_runtime *ex_data_rt, void *user_ctx);
+void ex_data_runtime_set_ex_container_ctx(struct ex_data_runtime *ex_data_rt, struct ex_container_ctx *container_ctx);
+
+struct ex_container_ctx *ex_data_runtime_get_ex_container_ctx(struct ex_data_runtime *ex_data_rt);

 /* ex_data_runtime ex data API */
 void *ex_data_runtime_row2ex_data(struct ex_data_runtime *ex_data_rt, const char *row, const char *key, size_t key_len);

-void ex_data_runtime_add_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len, void *data);
+void ex_data_runtime_add_ex_container(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len, struct ex_data_container *ex_container);

-void ex_data_runtime_del_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len);
+void ex_data_runtime_del_ex_container(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len, struct log_handle *logger);

-void *ex_data_runtime_get_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len);
+size_t ex_data_runtime_list_updating_ex_container(struct ex_data_runtime *ex_data_rt, struct ex_data_container ***ex_container);

-size_t ex_data_runtime_ex_data_count(struct ex_data_runtime *ex_data_rt);
+void *ex_data_runtime_dup_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len);

-size_t ex_data_runtime_list_updating_ex_data(struct ex_data_runtime *ex_data_rt, void ***ex_data_array);
+void *ex_data_runtime_get_custom_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len);
+
+size_t ex_data_runtime_ex_container_count(struct ex_data_runtime *ex_data_rt);

 int ex_data_runtime_updating_flag(struct ex_data_runtime *ex_data_rt);

--- a/src/inc_internal/maat_redis_monitor.h
+++ b/src/inc_internal/maat_redis_monitor.h
@@ -23,8 +23,7 @@ extern "C"
 void redis_monitor_traverse(long long version, struct source_redis_ctx* mr_ctx,
 							void (*start_fn)(long long, int, void *),
 							int (*update_fn)(const char *, const char *, void *),
-							void (*finish_fn)(void *),
-							void *u_param);
+							void (*finish_fn)(void *), void *u_param);

 #ifdef __cpluscplus
 }
--- a/src/inc_internal/maat_rule.h
+++ b/src/inc_internal/maat_rule.h
@@ -24,6 +24,7 @@ extern "C"
 #include <sys/queue.h>
 #include <openssl/md5.h>

+#include "log/log.h"
 #include "hiredis/hiredis.h"
 #include "uthash/uthash.h"
 #include "maat_table_schema.h"
@@ -114,6 +115,7 @@ struct maat {
        struct source_redis_ctx mr_ctx;
    };
    
+    struct log_handle *logger;
    int deferred_load;

    int is_running;
@@ -159,7 +161,7 @@ void *rule_monitor_loop(void *arg);
 void maat_read_full_config(struct maat *maat_instance);

 /* maat command API for internal */
-redisContext *maat_cmd_connect_redis(const char *redis_ip, int redis_port, int redis_db);
+redisContext *maat_cmd_connect_redis(const char *redis_ip, int redis_port, int redis_db, struct log_handle *logger);

 redisReply *maat_cmd_wrap_redis_command(redisContext *c, const char *format, ...);

@@ -173,19 +175,24 @@ int maat_cmd_get_valid_flag_offset(const char *line, enum table_type table_type,

 const char *maat_cmd_find_Nth_column(const char *line, int Nth, int *column_len);

-int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule, size_t serial_rule_num, long long server_time);
+int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule, size_t serial_rule_num, 
+                        long long server_time, struct log_handle *logger);

 void maat_cmd_clear_rule_cache(struct serial_rule *s_rule);

 int maat_cmd_get_rm_key_list(redisContext *c, long long instance_version, long long desired_version, 
                             long long *new_version, struct table_schema_manager* table_schema_mgr, 
-                             struct serial_rule **list, int *update_type, int cumulative_off);
+                             struct serial_rule **list, int *update_type, int cumulative_off,
+                             struct log_handle *logger);

-int maat_cmd_get_redis_value(redisContext *c, struct serial_rule *rule_list, int rule_num, int print_process);
+int maat_cmd_get_redis_value(redisContext *c, struct serial_rule *rule_list, int rule_num, int print_process,
+                             struct log_handle *logger);

-int maat_cmd_get_foreign_keys_by_prefix(redisContext *ctx, struct serial_rule *rule_list, int rule_num, const char* dir);
+int maat_cmd_get_foreign_keys_by_prefix(redisContext *ctx, struct serial_rule *rule_list, int rule_num, 
+                                        const char *dir, struct log_handle *logger);

-void maat_cmd_get_foreign_conts(redisContext *ctx, struct serial_rule *rule_list, int rule_num, int print_fn);
+void maat_cmd_get_foreign_conts(redisContext *ctx, struct serial_rule *rule_list, int rule_num, int print_fn,
+                                struct log_handle *logger);

 void maat_cmd_rewrite_table_line_with_foreign(struct serial_rule *s_rule);

--- a/src/inc_internal/maat_table_runtime.h
+++ b/src/inc_internal/maat_table_runtime.h
@@ -16,16 +16,27 @@ extern "C"
 {
 #endif

+#include "maat/maat.h"
 #include "maat_table_schema.h"
 #include "maat_garbage_collection.h"

+struct table_rt_2tuple {
+    enum ip_type ip_type;
+    uint16_t port;
+	union {
+		uint32_t ipv4;
+		uint32_t ipv6[4];
+	};
+};
+
 struct table_item;
 struct table_runtime;
 struct table_runtime_manager;

 /* table runtime manager API */
-struct table_runtime_manager *table_runtime_manager_create(struct table_schema_manager *table_schema_mgr, int max_thread_num, 
-                                                           struct maat_garbage_bin *bin);
+struct table_runtime_manager *
+table_runtime_manager_create(struct table_schema_manager *table_schema_mgr, int max_thread_num, 
+                             struct maat_garbage_bin *bin);

 void table_runtime_manager_destroy(struct table_runtime_manager *table_rt_mgr);

@@ -36,7 +47,8 @@ size_t table_runtime_rule_count(struct table_runtime *table_rt);

 enum table_type table_runtime_get_type(struct table_runtime* table_rt);

-void table_runtime_update(struct table_runtime *table_rt, struct table_schema *table_schema, const char *line, struct table_item *table_item);
+void table_runtime_update(struct table_runtime *table_rt, struct table_schema *table_schema, 
+                          const char *line, struct table_item *table_item, struct log_handle *logger);

 /**
 * @brief if table_runtime is updating
@@ -52,19 +64,21 @@ int table_runtime_scan_string(struct table_runtime *table_rt, int thread_id, con
                              int results[], size_t *n_result);

 void table_runtime_stream_open(struct table_runtime *table_rt, int thread_id);
-int table_runtime_scan_stream(struct table_runtime *table_rt, const char *data, size_t data_len,
-                              int result[], size_t n_result);
+int table_runtime_scan_stream(struct table_runtime *table_rt, const char *data, size_t data_len, int results[], size_t *n_result);
 void table_runtime_stream_close(struct table_runtime *table_rt);

+int table_runtime_scan_ip(struct table_runtime *table_rt, int thread_id, struct table_rt_2tuple *data, int results[], size_t *n_result);
+
 /* table runtime cached row API */
 size_t table_runtime_cached_row_count(struct table_runtime *table_rt);

 const char* table_runtime_get_cached_row(struct table_runtime *table_rt, size_t row_seq);

 /* table runtime ex data API */
-void *table_runtime_get_ex_data(struct table_runtime *table_rt, struct table_schema *table_schema, const char *key, size_t key_len);
+struct ex_data_runtime *table_runtime_get_ex_data_rt(struct table_runtime *table_rt);

-void table_runtime_commit_ex_data_schema(struct table_runtime *table_rt, struct table_schema *table_schema);
+void table_runtime_commit_ex_data_schema(struct table_runtime *table_rt, struct table_schema *table_schema,
+                                         struct log_handle *logger);

 #ifdef __cpluscplus
 }
--- a/src/inc_internal/maat_table_schema.h
+++ b/src/inc_internal/maat_table_schema.h
@@ -27,6 +27,13 @@ extern "C"
 #define MAX_KEYWORDS_STR 1024
 #define	MAX_FOREIGN_CLMN_NUM 8

+enum table_composition_type {
+    COMPOSITION_TYPE_SIP = 0,
+    COMPOSITION_TYPE_DIP,
+    COMPOSITION_TYPE_SESSION,
+    COMPOSITION_TYPE_MAX
+};
+
 enum table_type {
 	TABLE_TYPE_EXPR = 0,
    TABLE_TYPE_EXPR_PLUS,
@@ -90,6 +97,35 @@ struct expr_item {
    int is_valid;
 };

+struct ipv4_item_rule {
+    uint32_t min_sip;   /* 源地址下界；0表示忽略本字段 */
+    uint32_t max_sip;   /* 源地址上界；0表示固定IP=min_saddr */
+    uint16_t min_sport; /* 源端口范围下界；0表示忽略本字段 */
+    uint16_t max_sport; /* 源端口范围上界；0表示固定端口=min_sport */
+    uint16_t proto;     /* 传输层协议，6表示TCP，17表示UDP；0表示忽略本字段 */
+    uint16_t direction; /* 方向，0表示双向，1表示单向 */
+};
+
+struct ipv6_item_rule {
+    uint32_t min_sip[4]; /* 源地址下界；全0表示忽略本字段 */
+    uint32_t max_sip[4]; /* 源地址上界；全0表示固定IP=min_saddr */
+    uint16_t min_sport;  /* 源端口范围下界；0表示忽略本字段 */
+    uint16_t max_sport;  /* 源端口范围上界；0表示固定端口=min_sport */
+    uint16_t proto;      /* 传输层协议，6表示TCP，17表示UDP，无限制默认为0 */
+    uint16_t direction;  /* 方向，0表示双向，1表示单向 */
+};
+
+struct ip_plus_item {
+    int item_id;
+    int group_id;
+    int addr_type;
+    union {
+        struct ipv4_item_rule ipv4;
+        struct ipv6_item_rule ipv6;
+    };
+    int is_valid;
+};
+
 struct plugin_item {
    char key[MAX_KEYWORDS_STR];
    size_t key_len;
@@ -111,6 +147,7 @@ struct table_item {
    enum table_type table_type;
    union {
        struct expr_item expr_item;
+        struct ip_plus_item ip_plus_item;
        struct plugin_item plugin_item;
        struct ip_plugin_item ip_plugin_item;
    };
@@ -139,10 +176,17 @@ struct table_schema;
 struct table_schema_manager;

 /* table schema manager API */
-struct table_schema_manager *table_schema_manager_create(const char *table_info_path);
+struct table_schema_manager *table_schema_manager_create(const char *table_info_path, struct log_handle *logger);
 void table_schema_manager_destroy(struct table_schema_manager *table_schema_mgr);

 int table_schema_manager_get_table_id(struct table_schema_manager* table_schema_mgr, const char *table_name);
+
+/**
+ * @brief get composition table's child table(specified by type) id 
+*/
+int table_schema_manager_get_child_table_id(struct table_schema_manager *table_schema_mgr, int parent_table_id, 
+                                            enum table_composition_type type);
+
 enum table_type table_schema_manager_get_table_type(struct table_schema_manager *table_schema_mgr, int table_id);

 size_t table_schema_manager_get_size(struct table_schema_manager* table_schema_mgr);
@@ -162,7 +206,8 @@ int table_schema_get_table_id(struct table_schema *table_schema);

 enum scan_type table_schema_get_scan_type(struct table_schema *table_schema);

-struct table_item *table_schema_line_to_item(const char *line, struct table_schema *table_schema);
+struct table_item *table_schema_line_to_item(const char *line, struct table_schema *table_schema,
+                                             struct log_handle *logger);

 int table_schema_get_valid_flag_column(struct table_schema *table_schema);

--- a/src/inc_internal/maat_utils.h
+++ b/src/inc_internal/maat_utils.h
@@ -18,6 +18,7 @@ extern "C"

 #include <stdlib.h>
 #include <stddef.h>
+#include <arpa/inet.h>

 #define	TRUE	1
 #define	FALSE	0
@@ -30,8 +31,28 @@ extern "C"
 #define MIN(a, b)  	(((a) < (b)) ? (a) : (b))
 #endif

+enum maat_ip_format {
+	IP_FORMAT_RANGE,
+	IP_FORMAT_MASK,
+	IP_FORMAT_CIDR,
+	IP_FORMAT_UNKNOWN
+};
+
+enum maat_ip_format ip_format_str2int(const char *format);
+int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2, 
+                    uint32_t range_begin[], uint32_t range_end[]);
+
+inline void ipv6_ntoh(unsigned int *v6_addr)
+{
+	for (unsigned int i = 0; i < 4; i++) {
+		v6_addr[i] = ntohl(v6_addr[i]);
+	}
+}
+
 #define UNUSED	__attribute__((unused))

+const char *module_name_str(const char *name);
+
 char *maat_strdup(const char *s);

 int get_column_pos(const char *line, int column_seq, size_t *offset, size_t *len);
--- a/src/inc_internal/rcu_hash.h
+++ b/src/inc_internal/rcu_hash.h
@@ -29,6 +29,8 @@ void rcu_hash_free(struct rcu_hash_table *htable);

 void rcu_hash_set_user_ctx(struct rcu_hash_table *htable, void *user_ctx);

+void *rcu_hash_get_user_ctx(struct rcu_hash_table *htable);
+
 /**
 * @brief just means add to the updating nodes
 *        after call rcu_hash_commit, they become effective nodes