gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unfinished work

Browse Source
This commit is contained in:
liuwentan
2023-01-30 21:59:35 +08:00
parent 3d4b833e48
commit 25f944a1d1
49 changed files with 6537 additions and 6149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

448
src/maat_ip_plugin.cpp Normal file
View File

@@ -0,0 +1,448 @@
/*
**********************************************************************************************
* File: maat_ip_plugin.cpp
* Description:
* Authors: Liu wentan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#include "maat_ip_plugin.h"
#include "cJSON/cJSON.h"
#include "log/log.h"
#include "utils.h"
#include "maat_utils.h"
#include "maat_ex_data.h"
#include "IPMatcher.h"
#include "maat_rule.h"
#define MODULE_IP_PLUGIN module_name_str("maat.ip_plugin")
#define MAX_IP_STR 128
struct ip_plugin_item {
int item_id;
int ip_type;
char start_ip[MAX_IP_STR];
char end_ip[MAX_IP_STR];
int rule_tag;
};
struct ip_plugin_schema {
int item_id_column;
int ip_type_column;
int start_ip_column;
int end_ip_column;
int rule_tag_column;
struct ex_data_schema *ex_schema;
int table_id; //ugly
};
struct ip_plugin_runtime {
struct ip_matcher *ip_matcher;
struct ex_data_runtime *ex_data_rt;
uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_item *item_hash;
void (*item_user_data_free)(void *);
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
// long long *scan_cnt;
// long long *hit_cnt;
// long long *not_grp_hit_cnt;
// long long *stream_num;
};
void *ip_plugin_schema_new(cJSON *json, const char *table_name, struct log_handle *logger)
{
size_t read_cnt = 0;
struct ip_plugin_schema *ip_plugin_schema = ALLOC(struct ip_plugin_schema, 1);
cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (NULL == item || item->type != cJSON_Number) {
goto error;
}
ip_plugin_schema->table_id = item->valueint;
item = cJSON_GetObjectItem(json, "custom");
if (NULL == item || item->type != cJSON_Object) {
log_error(logger, MODULE_IP_PLUGIN, "table %s has no custom column", table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "item_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_plugin_schema->item_id_column = custom_item->valueint;
read_cnt++;
}
custom_item = cJSON_GetObjectItem(item, "ip_type");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_plugin_schema->ip_type_column = custom_item->valueint;
read_cnt++;
}
custom_item = cJSON_GetObjectItem(item, "start_ip");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_plugin_schema->start_ip_column = custom_item->valueint;
read_cnt++;
}
custom_item = cJSON_GetObjectItem(item, "end_ip");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_plugin_schema->end_ip_column = custom_item->valueint;
read_cnt++;
}
if (read_cnt < 4) {
goto error;
}
return ip_plugin_schema;
error:
FREE(ip_plugin_schema);
return NULL;
}
void ip_plugin_schema_free(void *ip_plugin_schema)
{
if (NULL == ip_plugin_schema) {
return;
}
struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema;
if (schema->ex_schema != NULL) {
ex_data_schema_free(schema->ex_schema);
schema->ex_schema = NULL;
}
FREE(schema);
}
struct ex_data_schema *ip_plugin_table_get_ex_data_schema(void *ip_plugin_schema)
{
if (NULL == ip_plugin_schema) {
return NULL;
}
struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema;
return schema->ex_schema;
}
struct ip_plugin_item *ip_plugin_item_new(const char *line, struct ip_plugin_schema *ip_plugin_schema,
struct log_handle *logger)
{
size_t column_offset = 0;
size_t column_len = 0;
struct ip_plugin_item *ip_plugin_item = ALLOC(struct ip_plugin_item, 1);
int ret = get_column_pos(line, ip_plugin_schema->item_id_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP_PLUGIN, "ip plugin table(table_id:%d) line:%s has no item_id",
ip_plugin_schema->table_id, line);
goto error;
}
ip_plugin_item->item_id = atoi(line + column_offset);
ret = get_column_pos(line, ip_plugin_schema->ip_type_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP_PLUGIN, "ip plugin table(table_id:%d) line:%s has no ip_type",
ip_plugin_schema->table_id, line);
goto error;
}
ip_plugin_item->ip_type = atoi(line + column_offset);
if (ip_plugin_item->ip_type != 4 && ip_plugin_item->ip_type != 6) {
log_error(logger, MODULE_IP_PLUGIN,
"ip_plugin table(table_id:%d) line:%s ip_type[%d] invalid",
ip_plugin_schema->table_id, line, ip_plugin_item->ip_type);
goto error;
}
ret = get_column_pos(line, ip_plugin_schema->start_ip_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP_PLUGIN,
"ip_plugin table(table_id:%d) line:%s has no start_ip",
ip_plugin_schema->table_id, line);
goto error;
}
strncpy(ip_plugin_item->start_ip, line + column_offset, MIN(column_len, sizeof(ip_plugin_item->start_ip)));
ret = get_column_pos(line, ip_plugin_schema->end_ip_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP_PLUGIN,
"ip_plugin table(table_id:%d) line:%s has no end_ip",
ip_plugin_schema->table_id, line);
goto error;
}
strncpy(ip_plugin_item->end_ip, line + column_offset, MIN(column_len, sizeof(ip_plugin_item->end_ip)));
return ip_plugin_item;
error:
FREE(ip_plugin_item);
return NULL;
}
void ip_plugin_item_free(struct ip_plugin_item *item)
{
FREE(item);
}
int ip_plugin_table_ex_data_schema_flag(struct ip_plugin_schema *ip_plugin_schema)
{
}
int ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema,
maat_plugin_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func,
long argl, void *argp)
{
struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema;
struct ex_data_schema *ex_schema = schema->ex_schema;
if (ex_schema->set_flag) {
assert(0);
log_error(logger, MODULE_TABLE, "Error: %s, EX data schema already registed",
__FUNCTION__);
return -1;
}
ex_schema->new_func = new_func;
ex_schema->free_func = free_func;
ex_schema->dup_func = dup_func;
ex_schema->argl = argl;
ex_schema->argp = argp;
//ex_schema->set_flag = 1;
return 0;
}
int ip_plugin_runtime_update_row(struct ip_plugin_runtime *rt, struct ip_plugin_schema *schema,
const char *row, char *key, size_t key_len, struct ip_plugin_item *item,
int is_valid)
{
int ret = -1;
struct ex_data_runtime *ex_data_rt = rt->ex_data_rt;
int set_flag = ip_plugin_table_schema_ex_data_schema_flag(schema);
if (1 == set_flag) {
if (0 == is_valid) {
//delete
ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len);
if (ret < 0) {
return -1;
}
} else {
//add
void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len);
struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)item);
ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container);
if (ret < 0) {
return -1;
}
}
} else {
ex_data_runtime_cache_row_put(ex_data_rt, row);
}
return 0;
}
void *ip_plugin_runtime_new(void *ip_plugin_schema, struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
if (NULL == ip_plugin_schema) {
return NULL;
}
struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema;
struct ip_plugin_runtime *ip_plugin_rt = ALLOC(struct ip_plugin_runtime, 1);
ip_plugin_rt->ex_data_rt = ex_data_runtime_new(schema->table_id, ex_data_container_free);
ip_plugin_rt->item_user_data_free = maat_item_inner_free;
ip_plugin_rt->ref_garbage_bin = garbage_bin;
ip_plugin_rt->logger = logger;
return ip_plugin_rt;
}
void ip_plugin_runtime_free(void *ip_plugin_runtime)
{
if (NULL == ip_plugin_runtime) {
return;
}
struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime;
if (ip_plugin_rt->ip_matcher != NULL) {
ip_matcher_free(ip_plugin_rt->ip_matcher);
}
if (ip_plugin_rt->ex_data_rt != NULL) {
ex_data_runtime_free(ip_plugin_rt->ex_data_rt);
}
struct maat_item *item = NULL, *tmp_item = NULL;
HASH_ITER(hh, ip_plugin_rt->item_hash, item, tmp_item) {
HASH_DELETE(hh, ip_plugin_rt->item_hash, item);
maat_item_free(item, ip_plugin_rt->item_user_data_free);
}
FREE(ip_plugin_rt);
}
int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, const char *line,
int valid_column)
{
if (NULL == ip_plugin_runtime || NULL == ip_plugin_schema || NULL == line) {
return -1;
}
struct maat_item *item = NULL;
struct ip_plugin_item *ip_plugin_item = NULL;
struct maat_item_inner *u_para = NULL;
struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema;
struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime;
int item_id = get_column_value(line, schema->item_id_column);
int is_valid = get_column_value(line, valid_column);
if (is_valid < 0) {
return -1;
} else if (0 == is_valid) {
//delete
HASH_FIND_INT(ip_plugin_rt->item_hash, &item_id, item);
if (NULL == item) {
return -1;
}
u_para = (struct maat_item_inner *)item->user_data;
item->user_data = NULL;
if (NULL == u_para) {
return -1;
}
HASH_DELETE(hh, ip_plugin_rt->item_hash, item);
maat_garbage_bagging(ip_plugin_rt->ref_garbage_bin, u_para, (void (*)(void *))maat_item_inner_free);
} else {
//add
HASH_FIND_INT(ip_plugin_rt->item_hash, &item_id, item);
if (item) {
log_error(ip_plus_rt->logger, MODULE_IP_PLUGIN,
"ip_plugin runtime add item %d to item_hash failed, already exist", item_id);
return -1;
}
ip_plugin_item = ip_plugin_item_new(line, schema, ip_plugin_rt->logger);
if (NULL == ip_plugin_item) {
log_error(ip_plugin_rt->logger, MODULE_IP_PLUGIN, "ip_plugin line:%s to item failed", line);
return -1;
}
u_para = maat_item_inner_new(ip_plugin_item->group_id, item_id, 0);
item = maat_item_new(item_id, group_id, u_para);
HASH_ADD_INT(ip_plugin_rt->item_hash, item_id, item);
}
char *key = (char *)&item_id;
int ret = ip_plugin_runtime_update_row(ip_plugin_rt, schema, row, key, sizeof(int), ip_plugin_item, is_valid);
if (ret < 0) {
if (ip_plugin_item != NULL) {
ip_plugin_item_free(ip_plugin_item);
ip_plugin_item = NULL;
}
return -1;
} else {
if (0 == is_valid) {
ip_plugin_rt->rule_num--;
} else {
ip_plugin_rt->rule_num++;
}
}
return 0;
}
void ip_plugin_item_to_ip_rule(struct ip_plugin_item *item, struct ip_rule *rule)
{
if (4 == item->ip_type) {
rule->type = IPv4;
ip_format2range(item->ip_type, IP_FORMAT_RANGE, item->start_ip, item->end_ip, &(rule->ipv4_rule.start_ip), &(rule->ipv4_rule.end_ip));
} else {
rule->type = IPv6;
ip_format2range(item->ip_type, IP_FORMAT_RANGE, item->start_ip, item->end_ip, &(rule->ipv6_rule.start_ip), &(rule->ipv6_rule.end_ip));
}
rule->rule_id = item->item_id;
rule->user_tag = NULL;
}
int ip_plugin_runtime_commit(void *ip_plugin_runtime)
{
if (NULL == ip_plugin_runtime) {
return -1;
}
int ret = 0;
struct ex_data_container **ex_container = NULL;
struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime;
struct ex_data_runtime *ex_data_rt = ip_plugin_rt->ex_data_rt;
size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt, &ex_container);
if (0 == rule_cnt) {
FREE(ex_container);
return 0;
}
struct ip_rule *rules = ALLOC(struct ip_rule, rule_cnt);
for (size_t i = 0; i < rule_cnt; i++) {
struct ip_plugin_item *item = (struct ip_plugin_item *)ex_container[i]->custom_data;
ip_plugin_item_to_ip_rule(item, &rules[i]);
}
struct ip_matcher *new_ip_matcher = NULL;
struct ip_matcher *old_ip_matcher = NULL;
size_t mem_used = 0;
if (rule_cnt > 0) {
log_info(ip_plugin_rt->logger, MODULE_TABLE_RUNTIME,
"committing %zu ip_plugin rules for rebuilding ip_matcher engine", rule_cnt);
new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used);
if (NULL == new_ip_matcher) {
log_error(ip_plugin_rt->logger, MODULE_TABLE_RUNTIME,
"rebuild ip_matcher engine failed when update %zu ip_plugin rules", rule_cnt);
ret = -1;
}
}
old_ip_matcher = ip_plugin_rt->ip_matcher;
ip_plugin_rt->ip_matcher = new_ip_matcher;
maat_garbage_bagging(ip_plugin_rt->ref_garbage_bin, old_ip_matcher, (void (*)(void*))ip_matcher_free);
ex_data_runtime_commit(ex_data_rt);
ip_plugin_rt->rule_num = ex_data_runtime_ex_container_count(ex_data_rt);
FREE(rules);
FREE(ex_container);
return ret;
}
int ip_plugin_runtime_updating_flag(struct ip_plugin_runtime *ip_plugin_rt)
{
return ex_data_runtime_updating_flag(ip_plugin_rt->ex_data_rt);
}
struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime)
{
if (NULL == ip_plugin_runtime) {
return NULL;
}
struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime;
return ip_plugin_rt->ex_data_rt;
}