支持虚拟表建立在多个不同类型物理表上。
This commit is contained in:
zhengchao
@@ -1135,7 +1135,7 @@ MAAT_PLUGIN_EX_DATA Maat_plugin_get_EX_data(Maat_feather_t feather, int table_id
|
|||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
table_desc=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
|
table_desc=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_PLUGIN, NULL);
|
||||||
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
|
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
|
||||||
exdata=Maat_table_runtime_plugin_get_ex_data(table_rt, table_desc, key);
|
exdata=Maat_table_runtime_plugin_get_ex_data(table_rt, table_desc, key);
|
||||||
|
|
||||||
@@ -1227,7 +1227,7 @@ int Maat_ip_plugin_get_EX_data(Maat_feather_t feather, int table_id, const struc
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
table_schema=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_IP_PLUGIN, NULL);
|
table_schema=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_IP_PLUGIN, NULL);
|
||||||
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
|
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
|
||||||
if(table_rt->table_type!=TABLE_TYPE_IP_PLUGIN)
|
if(table_rt->table_type!=TABLE_TYPE_IP_PLUGIN)
|
||||||
{
|
{
|
||||||
@@ -1273,7 +1273,7 @@ int Maat_fqdn_plugin_get_EX_data(Maat_feather_t feather, int table_id, const cha
|
|||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
table_schema=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_FQDN_PLUGIN, NULL);
|
table_schema=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_FQDN_PLUGIN, NULL);
|
||||||
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
|
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
|
||||||
if(table_rt->table_type!=TABLE_TYPE_FQDN_PLUGIN)
|
if(table_rt->table_type!=TABLE_TYPE_FQDN_PLUGIN)
|
||||||
{
|
{
|
||||||
@@ -1328,7 +1328,7 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id);
|
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_STRING, &virtual_table_id);
|
||||||
if(p_table==NULL)
|
if(p_table==NULL)
|
||||||
{
|
{
|
||||||
_feather->scan_err_cnt++;
|
_feather->scan_err_cnt++;
|
||||||
@@ -1466,7 +1466,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id
|
|||||||
_mid->scan_cnt++;
|
_mid->scan_cnt++;
|
||||||
|
|
||||||
int virtual_table_id=0;
|
int virtual_table_id=0;
|
||||||
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virtual_table_id);
|
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_INTERVAL, &virtual_table_id);
|
||||||
if(p_table==NULL)
|
if(p_table==NULL)
|
||||||
{
|
{
|
||||||
_feather->scan_err_cnt++;
|
_feather->scan_err_cnt++;
|
||||||
@@ -1568,7 +1568,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
|
|||||||
_mid->scan_cnt++;
|
_mid->scan_cnt++;
|
||||||
|
|
||||||
int virtual_table_id=0;
|
int virtual_table_id=0;
|
||||||
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_SIMILARITY, &virtual_table_id);
|
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_STRING, &virtual_table_id);
|
||||||
if(p_table==NULL)
|
if(p_table==NULL)
|
||||||
{
|
{
|
||||||
_feather->scan_err_cnt++;
|
_feather->scan_err_cnt++;
|
||||||
@@ -1632,7 +1632,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
|
|||||||
return compile_ret;
|
return compile_ret;
|
||||||
|
|
||||||
}
|
}
|
||||||
static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, unsigned short int proto, enum MAAT_TABLE_CHILD_TYPE child_type, int table_id)
|
static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, unsigned short int proto, enum MAAT_TABLE_COMPONENT_TYPE child_type, int table_id)
|
||||||
{
|
{
|
||||||
memset(scan_data, 0, sizeof(scan_data_t));
|
memset(scan_data, 0, sizeof(scan_data_t));
|
||||||
scan_data->sub_type=make_sub_type(table_id, CHARSET_NONE, 0);
|
scan_data->sub_type=make_sub_type(table_id, CHARSET_NONE, 0);
|
||||||
@@ -1643,15 +1643,15 @@ static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, u
|
|||||||
scan_data->ipv4_data.proto=proto;
|
scan_data->ipv4_data.proto=proto;
|
||||||
switch(child_type)
|
switch(child_type)
|
||||||
{
|
{
|
||||||
case CHILD_TABLE_TYPE_SOURCE_IP:
|
case COMPONENT_TABLE_TYPE_SOURCE_IP:
|
||||||
scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr);
|
scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr);
|
||||||
scan_data->ipv4_data.sport=ntohs(addr->v4->source);
|
scan_data->ipv4_data.sport=ntohs(addr->v4->source);
|
||||||
break;
|
break;
|
||||||
case CHILD_TABLE_TYPE_DESTINATION_IP:
|
case COMPONENT_TABLE_TYPE_DESTINATION_IP:
|
||||||
scan_data->ipv4_data.saddr=ntohl(addr->v4->daddr);
|
scan_data->ipv4_data.saddr=ntohl(addr->v4->daddr);
|
||||||
scan_data->ipv4_data.sport=ntohs(addr->v4->dest);
|
scan_data->ipv4_data.sport=ntohs(addr->v4->dest);
|
||||||
break;
|
break;
|
||||||
case CHILD_TABLE_TYPE_SESSION:
|
case COMPONENT_TABLE_TYPE_SESSION:
|
||||||
scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr);
|
scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr);
|
||||||
scan_data->ipv4_data.sport=ntohs(addr->v4->source);
|
scan_data->ipv4_data.sport=ntohs(addr->v4->source);
|
||||||
scan_data->ipv4_data.daddr=ntohl(addr->v4->daddr);
|
scan_data->ipv4_data.daddr=ntohl(addr->v4->daddr);
|
||||||
@@ -1667,17 +1667,17 @@ static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, u
|
|||||||
scan_data->ipv6_data.proto=proto;
|
scan_data->ipv6_data.proto=proto;
|
||||||
switch(child_type)
|
switch(child_type)
|
||||||
{
|
{
|
||||||
case CHILD_TABLE_TYPE_SOURCE_IP:
|
case COMPONENT_TABLE_TYPE_SOURCE_IP:
|
||||||
memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr));
|
memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr));
|
||||||
ipv6_ntoh(scan_data->ipv6_data.saddr);
|
ipv6_ntoh(scan_data->ipv6_data.saddr);
|
||||||
scan_data->ipv6_data.sport=ntohs(addr->v6->source);
|
scan_data->ipv6_data.sport=ntohs(addr->v6->source);
|
||||||
break;
|
break;
|
||||||
case CHILD_TABLE_TYPE_DESTINATION_IP:
|
case COMPONENT_TABLE_TYPE_DESTINATION_IP:
|
||||||
memcpy(scan_data->ipv6_data.saddr, addr->v6->daddr, sizeof(scan_data->ipv6_data.saddr));
|
memcpy(scan_data->ipv6_data.saddr, addr->v6->daddr, sizeof(scan_data->ipv6_data.saddr));
|
||||||
ipv6_ntoh(scan_data->ipv6_data.saddr);
|
ipv6_ntoh(scan_data->ipv6_data.saddr);
|
||||||
scan_data->ipv6_data.sport=ntohs(addr->v6->dest);
|
scan_data->ipv6_data.sport=ntohs(addr->v6->dest);
|
||||||
break;
|
break;
|
||||||
case CHILD_TABLE_TYPE_SESSION:
|
case COMPONENT_TABLE_TYPE_SESSION:
|
||||||
memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr));
|
memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr));
|
||||||
ipv6_ntoh(scan_data->ipv6_data.saddr);
|
ipv6_ntoh(scan_data->ipv6_data.saddr);
|
||||||
scan_data->ipv6_data.sport=ntohs(addr->v6->source);
|
scan_data->ipv6_data.sport=ntohs(addr->v6->source);
|
||||||
@@ -1697,7 +1697,7 @@ static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, u
|
|||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
static int IP_composition_scan(const struct ipaddr* addr, unsigned short int proto, Maat_table_schema* parent_table, enum MAAT_TABLE_CHILD_TYPE child_type,
|
static int IP_composition_scan(const struct ipaddr* addr, unsigned short int proto, int parent_table_id, enum MAAT_TABLE_COMPONENT_TYPE child_type,
|
||||||
scan_result_t *region_result, unsigned int result_num,
|
scan_result_t *region_result, unsigned int result_num,
|
||||||
int* virtual_table_id,
|
int* virtual_table_id,
|
||||||
rule_scanner_t ip_scanner, struct Maat_table_manager* table_mgr, struct Maat_table_runtime_manager* table_rt_mgr,
|
rule_scanner_t ip_scanner, struct Maat_table_manager* table_mgr, struct Maat_table_runtime_manager* table_rt_mgr,
|
||||||
@@ -1705,21 +1705,21 @@ static int IP_composition_scan(const struct ipaddr* addr, unsigned short int pro
|
|||||||
{
|
{
|
||||||
int child_table_id=0;
|
int child_table_id=0;
|
||||||
|
|
||||||
if(child_type==CHILD_TABLE_TYPE_NONE)
|
if(child_type==COMPONENT_TABLE_TYPE_NONE)
|
||||||
{
|
{
|
||||||
child_table_id=parent_table->table_id;
|
child_table_id=parent_table_id;
|
||||||
child_type=CHILD_TABLE_TYPE_SESSION;
|
child_type=COMPONENT_TABLE_TYPE_SESSION;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
child_table_id=Maat_table_get_child_id(parent_table, child_type);
|
child_table_id=Maat_table_get_child_id(table_mgr, parent_table_id, child_type);
|
||||||
}
|
}
|
||||||
if(child_table_id<0)
|
if(child_table_id<0)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
Maat_table_schema* real_table=Maat_table_get_scan_by_id(table_mgr, child_table_id, TABLE_TYPE_IP, virtual_table_id);
|
Maat_table_schema* real_table=Maat_table_get_scan_by_id(table_mgr, child_table_id, SCAN_TYPE_IP, virtual_table_id);
|
||||||
if(real_table==NULL)
|
if(real_table==NULL)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
@@ -1760,7 +1760,6 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|||||||
int region_ret=0, compile_ret=0;
|
int region_ret=0, compile_ret=0;
|
||||||
struct _OUTER_scan_status_t* _mid=NULL;
|
struct _OUTER_scan_status_t* _mid=NULL;
|
||||||
scan_result_t *region_result=NULL;
|
scan_result_t *region_result=NULL;
|
||||||
Maat_table_schema* p_table=NULL;
|
|
||||||
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
|
||||||
struct Maat_scanner* my_scanner=NULL;
|
struct Maat_scanner* my_scanner=NULL;
|
||||||
struct timespec start,end;
|
struct timespec start,end;
|
||||||
@@ -1771,8 +1770,9 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|||||||
_mid=grab_mid(mid, _feather, thread_num, 0);
|
_mid=grab_mid(mid, _feather, thread_num, 0);
|
||||||
_mid->scan_cnt++;
|
_mid->scan_cnt++;
|
||||||
int virtual_table_id=0;
|
int virtual_table_id=0;
|
||||||
p_table=Maat_table_get_by_id_raw(_feather->table_mgr, table_id);
|
enum MAAT_TABLE_TYPE table_type=TABLE_TYPE_INVALID;
|
||||||
if(p_table==NULL)
|
table_type=Maat_table_get_type_by_id(_feather->table_mgr, table_id);
|
||||||
|
if(table_type==TABLE_TYPE_INVALID)
|
||||||
{
|
{
|
||||||
_feather->scan_err_cnt++;
|
_feather->scan_err_cnt++;
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1791,12 +1791,12 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|||||||
alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
|
alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
|
||||||
INC_SCANNER_REF(my_scanner, thread_num);
|
INC_SCANNER_REF(my_scanner, thread_num);
|
||||||
|
|
||||||
if(p_table->table_type==TABLE_TYPE_COMPOSITION)
|
if(table_type==TABLE_TYPE_COMPOSITION)
|
||||||
{
|
{
|
||||||
enum MAAT_TABLE_CHILD_TYPE childs[3]={CHILD_TABLE_TYPE_SOURCE_IP, CHILD_TABLE_TYPE_DESTINATION_IP, CHILD_TABLE_TYPE_SESSION};
|
enum MAAT_TABLE_COMPONENT_TYPE childs[3]={COMPONENT_TABLE_TYPE_SOURCE_IP, COMPONENT_TABLE_TYPE_DESTINATION_IP, COMPONENT_TABLE_TYPE_SESSION};
|
||||||
for(int i=0; i<3; i++)
|
for(int i=0; i<3; i++)
|
||||||
{
|
{
|
||||||
region_ret=IP_composition_scan(addr, proto, p_table, childs[i],
|
region_ret=IP_composition_scan(addr, proto, table_id, childs[i],
|
||||||
region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id,
|
region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id,
|
||||||
my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num);
|
my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num);
|
||||||
if(region_ret<0)
|
if(region_ret<0)
|
||||||
@@ -1814,7 +1814,7 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
region_ret=IP_composition_scan(addr, proto, p_table, CHILD_TABLE_TYPE_NONE,
|
region_ret=IP_composition_scan(addr, proto, table_id, COMPONENT_TABLE_TYPE_NONE,
|
||||||
region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id,
|
region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id,
|
||||||
my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num);
|
my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num);
|
||||||
if(region_ret<0)
|
if(region_ret<0)
|
||||||
@@ -1834,7 +1834,7 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
|||||||
_mid=grab_mid(mid, _feather, thread_num, 1);
|
_mid=grab_mid(mid, _feather, thread_num, 1);
|
||||||
scan_region_hit_wraper_build_with_rulescan(®ion_hit_wraper, region_result, region_hit_cnt,
|
scan_region_hit_wraper_build_with_rulescan(®ion_hit_wraper, region_result, region_hit_cnt,
|
||||||
_mid->is_last_region, virtual_table_id, _mid->scan_cnt);
|
_mid->is_last_region, virtual_table_id, _mid->scan_cnt);
|
||||||
if(p_table->table_type==TABLE_TYPE_COMPOSITION)
|
if(table_type==TABLE_TYPE_COMPOSITION)
|
||||||
{
|
{
|
||||||
region_hit_wraper.virtual_table_ids=region_rslt_virtual_table_id;
|
region_hit_wraper.virtual_table_ids=region_rslt_virtual_table_id;
|
||||||
}
|
}
|
||||||
@@ -1884,7 +1884,7 @@ stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,
|
|||||||
struct Maat_table_schema *p_table=NULL;
|
struct Maat_table_schema *p_table=NULL;
|
||||||
int virtual_table_id=0;
|
int virtual_table_id=0;
|
||||||
assert(thread_num<_feather->scan_thread_num);
|
assert(thread_num<_feather->scan_thread_num);
|
||||||
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id);
|
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_STRING, &virtual_table_id);
|
||||||
if(p_table==NULL)
|
if(p_table==NULL)
|
||||||
{
|
{
|
||||||
_feather->scan_err_cnt++;
|
_feather->scan_err_cnt++;
|
||||||
@@ -2172,7 +2172,7 @@ stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,
|
|||||||
sfh_instance_t * tmp_fuzzy_handle=NULL;
|
sfh_instance_t * tmp_fuzzy_handle=NULL;
|
||||||
struct Maat_table_schema *p_table=NULL;
|
struct Maat_table_schema *p_table=NULL;
|
||||||
int virtual_table_id=0;
|
int virtual_table_id=0;
|
||||||
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_DIGEST, &virtual_table_id);
|
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_STRING, &virtual_table_id);
|
||||||
if(p_table==NULL)
|
if(p_table==NULL)
|
||||||
{
|
{
|
||||||
_feather->scan_err_cnt++;
|
_feather->scan_err_cnt++;
|
||||||
|
|||||||
@@ -1625,6 +1625,7 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx* m
|
|||||||
int update_type=CM_UPDATE_TYPE_INC;
|
int update_type=CM_UPDATE_TYPE_INC;
|
||||||
long long new_version=0;
|
long long new_version=0;
|
||||||
enum MAAT_TABLE_TYPE table_type;
|
enum MAAT_TABLE_TYPE table_type;
|
||||||
|
enum MAAT_SCAN_TYPE scan_type;
|
||||||
struct Maat_table_schema* table_schema=NULL;
|
struct Maat_table_schema* table_schema=NULL;
|
||||||
void* logger=feather->logger;
|
void* logger=feather->logger;
|
||||||
|
|
||||||
@@ -1714,7 +1715,9 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx* m
|
|||||||
}
|
}
|
||||||
table_type=Maat_table_get_type_by_id(feather->table_mgr, table_id);
|
table_type=Maat_table_get_type_by_id(feather->table_mgr, table_id);
|
||||||
if(rule_list[i].op==MAAT_OP_DEL)
|
if(rule_list[i].op==MAAT_OP_DEL)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
scan_type=Maat_table_get_scan_type(table_type);
|
||||||
table_schema=Maat_table_get_scan_by_id(feather->table_mgr, table_id, scan_type, NULL);
|
table_schema=Maat_table_get_scan_by_id(feather->table_mgr, table_id, scan_type, NULL);
|
||||||
valid_column=Maat_table_xx_plugin_table_get_valid_flag_column(table_schema);
|
valid_column=Maat_table_xx_plugin_table_get_valid_flag_column(table_schema);
|
||||||
ret=invalidate_line(rule_list[i].table_line, table_type, valid_column);
|
ret=invalidate_line(rule_list[i].table_line, table_type, valid_column);
|
||||||
|
|||||||
@@ -34,7 +34,7 @@
|
|||||||
#include "stream_fuzzy_hash.h"
|
#include "stream_fuzzy_hash.h"
|
||||||
#include "gram_index_engine.h"
|
#include "gram_index_engine.h"
|
||||||
|
|
||||||
int MAAT_FRAME_VERSION_3_0_20200919=1;
|
int MAAT_FRAME_VERSION_3_0_20200927=1;
|
||||||
|
|
||||||
int is_valid_table_name(const char* str)
|
int is_valid_table_name(const char* str)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -18,7 +18,45 @@ struct Maat_table_manager
|
|||||||
MESA_htable_handle map_tablename2id;
|
MESA_htable_handle map_tablename2id;
|
||||||
int active_plugin_table_num;
|
int active_plugin_table_num;
|
||||||
int is_last_plugin_table_updating;
|
int is_last_plugin_table_updating;
|
||||||
|
void* logger;
|
||||||
};
|
};
|
||||||
|
enum MAAT_SCAN_TYPE Maat_table_get_scan_type(enum MAAT_TABLE_TYPE table_type)
|
||||||
|
{
|
||||||
|
enum MAAT_SCAN_TYPE ret=SCAN_TYPE_INVALID;
|
||||||
|
switch(table_type)
|
||||||
|
{
|
||||||
|
case TABLE_TYPE_EXPR:
|
||||||
|
case TABLE_TYPE_EXPR_PLUS:
|
||||||
|
case TABLE_TYPE_SIMILARITY:
|
||||||
|
case TABLE_TYPE_DIGEST:
|
||||||
|
ret=SCAN_TYPE_STRING;
|
||||||
|
break;
|
||||||
|
case TABLE_TYPE_INTERVAL:
|
||||||
|
case TABLE_TYPE_INTERVAL_PLUS:
|
||||||
|
ret=SCAN_TYPE_INTERVAL;
|
||||||
|
break;
|
||||||
|
case TABLE_TYPE_IP:
|
||||||
|
case TABLE_TYPE_IP_PLUS:
|
||||||
|
case TABLE_TYPE_COMPOSITION:
|
||||||
|
ret=SCAN_TYPE_IP;
|
||||||
|
break;
|
||||||
|
case TABLE_TYPE_PLUGIN:
|
||||||
|
ret=SCAN_TYPE_PLUGIN;
|
||||||
|
break;
|
||||||
|
case TABLE_TYPE_IP_PLUGIN:
|
||||||
|
ret=SCAN_TYPE_IP;
|
||||||
|
break;
|
||||||
|
case TABLE_TYPE_FQDN_PLUGIN:
|
||||||
|
ret=SCAN_TYPE_FQDN_PLUGIN;
|
||||||
|
break;
|
||||||
|
case TABLE_TYPE_COMPILE:
|
||||||
|
ret=SCAN_TYPE_NONE;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
int read_expr_table_info(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map)
|
int read_expr_table_info(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map)
|
||||||
{
|
{
|
||||||
@@ -74,25 +112,7 @@ int read_expr_table_info(const char* line, struct Maat_table_schema* table, MESA
|
|||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
int read_virtual_table_schema(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map)
|
|
||||||
{
|
|
||||||
int ret=0;
|
|
||||||
char table_type[16];
|
|
||||||
ret=sscanf(line, "%d\t%s\t%s\t%s", &(table->table_id),
|
|
||||||
table->table_name[0],
|
|
||||||
table_type,
|
|
||||||
table->virtual_table.real_table_name);
|
|
||||||
if(ret!=4)
|
|
||||||
{
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
ret=map_str2int(string2int_map,str_tolower(table_type),(int*)&(table->table_type));
|
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
Maat_table_schema* table_info_new(void)
|
Maat_table_schema* table_info_new(void)
|
||||||
{
|
{
|
||||||
struct Maat_table_schema*p=ALLOC(struct Maat_table_schema, 1);
|
struct Maat_table_schema*p=ALLOC(struct Maat_table_schema, 1);
|
||||||
@@ -121,6 +141,81 @@ int _read_integer_arrary(char* string, int *array, int size)
|
|||||||
#define COLUMN_IP_PLUGIN_SCHEMA_JSON 4
|
#define COLUMN_IP_PLUGIN_SCHEMA_JSON 4
|
||||||
#define COLUMN_FQDN_PLUGIN_SHCEMA_JSON 4
|
#define COLUMN_FQDN_PLUGIN_SHCEMA_JSON 4
|
||||||
#define COLUMN_COMPOSITION_SCHEMA_JSON 4
|
#define COLUMN_COMPOSITION_SCHEMA_JSON 4
|
||||||
|
#define COLUMN_VIRUTAL_SCHEMA_JSON 4
|
||||||
|
int read_virtual_table_schema(struct Maat_table_manager* table_mgr, const char* line, struct Maat_table_schema* table, MESA_htable_handle reserved_word_map)
|
||||||
|
{
|
||||||
|
int ret=0, tmp_table_id=0;
|
||||||
|
enum MAAT_TABLE_TYPE physical_table_type=TABLE_TYPE_INVALID;
|
||||||
|
enum MAAT_SCAN_TYPE physical_table_scan_type=SCAN_TYPE_INVALID;
|
||||||
|
cJSON* json=NULL, *tmp=NULL;
|
||||||
|
char *json_str;
|
||||||
|
|
||||||
|
|
||||||
|
size_t offset=0, len=0;
|
||||||
|
char* copy_line=NULL;
|
||||||
|
copy_line=_maat_strdup(line);
|
||||||
|
ret=get_column_pos(copy_line, COLUMN_VIRUTAL_SCHEMA_JSON, &offset, &len);
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
if(offset+len<strlen(copy_line))
|
||||||
|
{
|
||||||
|
copy_line[offset+len]='\0';
|
||||||
|
}
|
||||||
|
json_str=copy_line+offset;
|
||||||
|
if(strchr(json_str,'{')||strchr(json_str,'['))//This is a json, mostly.
|
||||||
|
{
|
||||||
|
json=cJSON_Parse(json_str);
|
||||||
|
if(!json)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
if(json->type!=cJSON_Array)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
cJSON_ArrayForEach(tmp, json)
|
||||||
|
{
|
||||||
|
if(tmp->type!=cJSON_String)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
ret=map_str2int(table_mgr->map_tablename2id, tmp->valuestring, &tmp_table_id);
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
physical_table_type=table_mgr->p_table_info[tmp_table_id]->table_type;
|
||||||
|
physical_table_scan_type=Maat_table_get_scan_type(physical_table_type);
|
||||||
|
if(physical_table_scan_type<SCAN_TYPE_IP)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
table->virtual_table.physical_table_id[physical_table_scan_type]=tmp_table_id;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else //For compatible non-json physical description
|
||||||
|
{
|
||||||
|
ret=map_str2int(table_mgr->map_tablename2id, json_str, &tmp_table_id);
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
physical_table_type=table_mgr->p_table_info[tmp_table_id]->table_type;
|
||||||
|
physical_table_scan_type=Maat_table_get_scan_type(physical_table_type);
|
||||||
|
table->virtual_table.physical_table_id[physical_table_scan_type]=tmp_table_id;
|
||||||
|
}
|
||||||
|
cJSON_Delete(json);
|
||||||
|
free(copy_line);
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
error_out:
|
||||||
|
if(json) cJSON_Delete(json);
|
||||||
|
free(copy_line);
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
int read_plugin_table_schema(const char* line, struct Maat_table_schema* p)
|
int read_plugin_table_schema(const char* line, struct Maat_table_schema* p)
|
||||||
{
|
{
|
||||||
@@ -137,7 +232,7 @@ int read_plugin_table_schema(const char* line, struct Maat_table_schema* p)
|
|||||||
}
|
}
|
||||||
if(offset+len<strlen(copy_line))
|
if(offset+len<strlen(copy_line))
|
||||||
{
|
{
|
||||||
copy_line[offset+len+1]='\0';
|
copy_line[offset+len]='\0';
|
||||||
}
|
}
|
||||||
plug_info=copy_line+offset;
|
plug_info=copy_line+offset;
|
||||||
|
|
||||||
@@ -215,7 +310,7 @@ int read_ip_plugin_table_schema(const char* line, struct Maat_table_schema* p)
|
|||||||
}
|
}
|
||||||
if(offset+len<strlen(copy_line))
|
if(offset+len<strlen(copy_line))
|
||||||
{
|
{
|
||||||
copy_line[offset+len+1]='\0';
|
copy_line[offset+len]='\0';
|
||||||
}
|
}
|
||||||
ip_plugin_info=copy_line+offset;
|
ip_plugin_info=copy_line+offset;
|
||||||
|
|
||||||
@@ -298,7 +393,7 @@ int read_fqdn_plugin_table_schema(const char* line, struct Maat_table_schema* p)
|
|||||||
}
|
}
|
||||||
if(offset+len<strlen(copy_line))
|
if(offset+len<strlen(copy_line))
|
||||||
{
|
{
|
||||||
copy_line[offset+len+1]='\0';
|
copy_line[offset+len]='\0';
|
||||||
}
|
}
|
||||||
fqnd_plugin_schema_json=copy_line+offset;
|
fqnd_plugin_schema_json=copy_line+offset;
|
||||||
|
|
||||||
@@ -360,7 +455,7 @@ error_out:
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int read_composition_table_schema(const char* line, struct Maat_table_schema* p, MESA_htable_handle string2int_map)
|
int read_composition_table_schema(struct Maat_table_manager* table_mgr, const char* line, struct Maat_table_schema* p, MESA_htable_handle string2int_map)
|
||||||
{
|
{
|
||||||
int ret=0;
|
int ret=0;
|
||||||
size_t offset=0, len=0;
|
size_t offset=0, len=0;
|
||||||
@@ -375,7 +470,7 @@ int read_composition_table_schema(const char* line, struct Maat_table_schema* p,
|
|||||||
}
|
}
|
||||||
if(offset+len<strlen(copy_line))
|
if(offset+len<strlen(copy_line))
|
||||||
{
|
{
|
||||||
copy_line[offset+len+1]='\0';
|
copy_line[offset+len]='\0';
|
||||||
}
|
}
|
||||||
composition_info=copy_line+offset;
|
composition_info=copy_line+offset;
|
||||||
|
|
||||||
@@ -388,126 +483,55 @@ int read_composition_table_schema(const char* line, struct Maat_table_schema* p,
|
|||||||
tmp=cJSON_GetObjectItem(json, "source");
|
tmp=cJSON_GetObjectItem(json, "source");
|
||||||
if(tmp!=NULL && tmp->type==cJSON_String)
|
if(tmp!=NULL && tmp->type==cJSON_String)
|
||||||
{
|
{
|
||||||
strncpy(composition_schema->source_table.real_table_name, tmp->valuestring, sizeof(composition_schema->source_table.real_table_name));
|
ret=map_str2int(table_mgr->map_tablename2id, tmp->valuestring, &(composition_schema->component_table_id[COMPONENT_TABLE_TYPE_SOURCE_IP]));
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
MESA_handle_runtime_log(table_mgr->logger, RLOG_LV_FATAL, maat_module,
|
||||||
|
"Child table %s of table %s (id=%d) are not defined.",
|
||||||
|
tmp->valuestring,
|
||||||
|
p->table_name[0],
|
||||||
|
p->table_id);
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
tmp=cJSON_GetObjectItem(json, "destination");
|
tmp=cJSON_GetObjectItem(json, "destination");
|
||||||
if(tmp!=NULL && tmp->type==cJSON_String)
|
if(tmp!=NULL && tmp->type==cJSON_String)
|
||||||
{
|
{
|
||||||
strncpy(composition_schema->destination_table.real_table_name, tmp->valuestring, sizeof(composition_schema->destination_table.real_table_name));
|
ret=map_str2int(table_mgr->map_tablename2id, tmp->valuestring, &(composition_schema->component_table_id[COMPONENT_TABLE_TYPE_DESTINATION_IP]));
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
MESA_handle_runtime_log(table_mgr->logger, RLOG_LV_FATAL, maat_module,
|
||||||
|
"Child table %s of table %s (id=%d) are not defined.",
|
||||||
|
tmp->valuestring,
|
||||||
|
p->table_name[0],
|
||||||
|
p->table_id);
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
tmp=cJSON_GetObjectItem(json, "session");
|
tmp=cJSON_GetObjectItem(json, "session");
|
||||||
if(tmp!=NULL && tmp->type==cJSON_String)
|
if(tmp!=NULL && tmp->type==cJSON_String)
|
||||||
{
|
{
|
||||||
strncpy(composition_schema->session_table.real_table_name, tmp->valuestring, sizeof(composition_schema->session_table.real_table_name));
|
ret=map_str2int(table_mgr->map_tablename2id, tmp->valuestring, &(composition_schema->component_table_id[COMPONENT_TABLE_TYPE_SESSION]));
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
MESA_handle_runtime_log(table_mgr->logger, RLOG_LV_FATAL, maat_module,
|
||||||
|
"Child table %s of table %s (id=%d) are not defined.",
|
||||||
|
tmp->valuestring,
|
||||||
|
p->table_name[0],
|
||||||
|
p->table_id);
|
||||||
|
goto error_out;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
cJSON_Delete(json);
|
cJSON_Delete(json);
|
||||||
|
|
||||||
free(copy_line);
|
free(copy_line);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error_out:
|
error_out:
|
||||||
free(copy_line);
|
free(copy_line);
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
}
|
}
|
||||||
static int Maat_table_build_map(struct Maat_table_manager* table_mgr, void* logger)
|
|
||||||
{
|
|
||||||
struct Maat_table_schema** p_table_info=table_mgr->p_table_info;
|
|
||||||
size_t n_table=MAX_TABLE_NUM;
|
|
||||||
|
|
||||||
MESA_htable_handle map_tablename2id=map_create();
|
|
||||||
size_t i=0;
|
|
||||||
int j=0, ret=0;
|
|
||||||
for(i=0;i<n_table;i++)
|
|
||||||
{
|
|
||||||
if(p_table_info[i]==NULL)
|
|
||||||
{
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(p_table_info[i]->table_type)
|
|
||||||
{
|
|
||||||
case TABLE_TYPE_VIRTUAL:
|
|
||||||
ret=map_str2int(map_tablename2id, p_table_info[i]->virtual_table.real_table_name, &(p_table_info[i]->virtual_table.real_table_id));
|
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
|
|
||||||
"Undefined real table %s, virtual table %s of table id %d.",
|
|
||||||
p_table_info[i]->virtual_table.real_table_name,
|
|
||||||
p_table_info[i]->table_name[0],
|
|
||||||
p_table_info[i]->table_id);
|
|
||||||
goto failed;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case TABLE_TYPE_COMPOSITION:
|
|
||||||
if(strlen(p_table_info[i]->composition.source_table.real_table_name)>0)
|
|
||||||
{
|
|
||||||
ret=map_str2int(map_tablename2id, p_table_info[i]->composition.source_table.real_table_name,
|
|
||||||
&(p_table_info[i]->composition.source_table.real_table_id));
|
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
|
|
||||||
"Child table %s of table %s (id=%d) are not defined.",
|
|
||||||
p_table_info[i]->composition.source_table.real_table_name,
|
|
||||||
p_table_info[i]->table_name[0],
|
|
||||||
p_table_info[i]->table_id);
|
|
||||||
goto failed;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(strlen(p_table_info[i]->composition.destination_table.real_table_name)>0)
|
|
||||||
{
|
|
||||||
ret=map_str2int(map_tablename2id, p_table_info[i]->composition.destination_table.real_table_name,
|
|
||||||
&(p_table_info[i]->composition.destination_table.real_table_id));
|
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
|
|
||||||
"Child table %s of table %s (id=%d) are not defined.",
|
|
||||||
p_table_info[i]->composition.destination_table.real_table_name,
|
|
||||||
p_table_info[i]->table_name[0],
|
|
||||||
p_table_info[i]->table_id);
|
|
||||||
goto failed;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if(strlen(p_table_info[i]->composition.session_table.real_table_name)>0)
|
|
||||||
{
|
|
||||||
ret=map_str2int(map_tablename2id, p_table_info[i]->composition.session_table.real_table_name,
|
|
||||||
&(p_table_info[i]->composition.session_table.real_table_id));
|
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
|
|
||||||
"Child table %s of table %s (id=%d) are not defined.",
|
|
||||||
p_table_info[i]->composition.session_table.real_table_name,
|
|
||||||
p_table_info[i]->table_name[0],
|
|
||||||
p_table_info[i]->table_id);
|
|
||||||
goto failed;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
for(j=0; j<p_table_info[i]->conj_cnt; j++)
|
|
||||||
{
|
|
||||||
ret=map_register(map_tablename2id, p_table_info[i]->table_name[j], p_table_info[i]->table_id);
|
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
|
|
||||||
"Duplicate table %s of table id %d",
|
|
||||||
p_table_info[i]->table_name[j],
|
|
||||||
p_table_info[i]->table_id);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
table_mgr->map_tablename2id=map_tablename2id;
|
|
||||||
return 0;
|
|
||||||
failed:
|
|
||||||
map_destroy(map_tablename2id);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
void Maat_table_manager_destroy(struct Maat_table_manager* table_mgr)
|
void Maat_table_manager_destroy(struct Maat_table_manager* table_mgr)
|
||||||
{
|
{
|
||||||
size_t i=0;
|
size_t i=0;
|
||||||
@@ -532,7 +556,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
char line[MAX_TABLE_LINE_SIZE];
|
char line[MAX_TABLE_LINE_SIZE];
|
||||||
int i=0, ret=0;
|
int i=0, ret=0;
|
||||||
char table_type_str[16]={0},not_care[1024]={0}, tmp_str[32]={0};
|
char table_type_str[16]={0},not_care[1024]={0}, tmp_str[32]={0};
|
||||||
MESA_htable_handle string2int_map=NULL;;
|
MESA_htable_handle reserved_word_map=NULL;;
|
||||||
struct Maat_table_schema*p=NULL;
|
struct Maat_table_schema*p=NULL;
|
||||||
struct Maat_table_schema*conj_table=NULL;
|
struct Maat_table_schema*conj_table=NULL;
|
||||||
fp=fopen(table_info_path,"r");
|
fp=fopen(table_info_path,"r");
|
||||||
@@ -546,38 +570,40 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
table_mgr=ALLOC(struct Maat_table_manager, 1);
|
table_mgr=ALLOC(struct Maat_table_manager, 1);
|
||||||
struct Maat_table_schema** p_table_info=table_mgr->p_table_info;
|
struct Maat_table_schema** p_table_info=table_mgr->p_table_info;
|
||||||
size_t n_table=MAX_TABLE_NUM;
|
size_t n_table=MAX_TABLE_NUM;
|
||||||
|
table_mgr->logger=logger;
|
||||||
|
table_mgr->map_tablename2id=map_create();
|
||||||
|
|
||||||
string2int_map=map_create();
|
reserved_word_map=map_create();
|
||||||
map_register(string2int_map,"expr", TABLE_TYPE_EXPR);
|
map_register(reserved_word_map, "expr", TABLE_TYPE_EXPR);
|
||||||
map_register(string2int_map,"ip", TABLE_TYPE_IP);
|
map_register(reserved_word_map, "ip", TABLE_TYPE_IP);
|
||||||
map_register(string2int_map,"ip_plus", TABLE_TYPE_IP_PLUS);
|
map_register(reserved_word_map, "ip_plus", TABLE_TYPE_IP_PLUS);
|
||||||
map_register(string2int_map,"compile", TABLE_TYPE_COMPILE);
|
map_register(reserved_word_map, "compile", TABLE_TYPE_COMPILE);
|
||||||
map_register(string2int_map,"plugin", TABLE_TYPE_PLUGIN);
|
map_register(reserved_word_map, "plugin", TABLE_TYPE_PLUGIN);
|
||||||
map_register(string2int_map,"ip_plugin", TABLE_TYPE_IP_PLUGIN);
|
map_register(reserved_word_map, "ip_plugin", TABLE_TYPE_IP_PLUGIN);
|
||||||
map_register(string2int_map,"fqdn_plugin", TABLE_TYPE_FQDN_PLUGIN);
|
map_register(reserved_word_map, "fqdn_plugin", TABLE_TYPE_FQDN_PLUGIN);
|
||||||
map_register(string2int_map,"intval", TABLE_TYPE_INTERVAL);
|
map_register(reserved_word_map, "intval", TABLE_TYPE_INTERVAL);
|
||||||
map_register(string2int_map,"interval", TABLE_TYPE_INTERVAL);
|
map_register(reserved_word_map, "interval", TABLE_TYPE_INTERVAL);
|
||||||
map_register(string2int_map,"intval_plus", TABLE_TYPE_INTERVAL_PLUS);
|
map_register(reserved_word_map, "intval_plus", TABLE_TYPE_INTERVAL_PLUS);
|
||||||
map_register(string2int_map,"interval_plus", TABLE_TYPE_INTERVAL_PLUS);
|
map_register(reserved_word_map, "interval_plus", TABLE_TYPE_INTERVAL_PLUS);
|
||||||
map_register(string2int_map,"digest", TABLE_TYPE_DIGEST);
|
map_register(reserved_word_map, "digest", TABLE_TYPE_DIGEST);
|
||||||
map_register(string2int_map,"expr_plus", TABLE_TYPE_EXPR_PLUS);
|
map_register(reserved_word_map, "expr_plus", TABLE_TYPE_EXPR_PLUS);
|
||||||
map_register(string2int_map,"group", TABLE_TYPE_GROUP);
|
map_register(reserved_word_map, "group", TABLE_TYPE_GROUP);
|
||||||
map_register(string2int_map,"group2group", TABLE_TYPE_GROUP2GROUP);
|
map_register(reserved_word_map, "group2group", TABLE_TYPE_GROUP2GROUP);
|
||||||
map_register(string2int_map,"group2compile", TABLE_TYPE_GROUP2COMPILE);
|
map_register(reserved_word_map, "group2compile", TABLE_TYPE_GROUP2COMPILE);
|
||||||
map_register(string2int_map,"similar", TABLE_TYPE_SIMILARITY);
|
map_register(reserved_word_map, "similar", TABLE_TYPE_SIMILARITY);
|
||||||
map_register(string2int_map,"virtual", TABLE_TYPE_VIRTUAL);
|
map_register(reserved_word_map, "virtual", TABLE_TYPE_VIRTUAL);
|
||||||
map_register(string2int_map,"composition", TABLE_TYPE_COMPOSITION);
|
map_register(reserved_word_map, "composition", TABLE_TYPE_COMPOSITION);
|
||||||
map_register(string2int_map,"quickoff", 0);
|
map_register(reserved_word_map, "quickoff", 0);
|
||||||
map_register(string2int_map,"quickon", 1);
|
map_register(reserved_word_map, "quickon", 1);
|
||||||
map_register(string2int_map,"escape", USER_REGION_ENCODE_ESCAPE);
|
map_register(reserved_word_map, "escape", USER_REGION_ENCODE_ESCAPE);
|
||||||
// map_register(string2int_map,"base64",USER_REGION_ENCODE_BASE64); //NOT supported yet
|
// map_register(reserved_word_map,"base64",USER_REGION_ENCODE_BASE64); //NOT supported yet
|
||||||
|
|
||||||
const char** charset_name_list=charset_get_all_name();
|
const char** charset_name_list=charset_get_all_name();
|
||||||
for(i=0;i<MAX_CHARSET_NUM;i++)
|
for(i=0;i<MAX_CHARSET_NUM;i++)
|
||||||
{
|
{
|
||||||
if(strlen(charset_name_list[i])>0)
|
if(strlen(charset_name_list[i])>0)
|
||||||
{
|
{
|
||||||
map_register(string2int_map, charset_name_list[i], i);
|
map_register(reserved_word_map, charset_name_list[i], i);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -585,8 +611,8 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
map_register(string2int_map,"yes", 1);
|
map_register(reserved_word_map,"yes", 1);
|
||||||
map_register(string2int_map,"no", 0);
|
map_register(reserved_word_map,"no", 0);
|
||||||
|
|
||||||
|
|
||||||
i=0;
|
i=0;
|
||||||
@@ -610,7 +636,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
"Maat read table info %s line %d error: not enough column.",table_info_path,i);
|
"Maat read table info %s line %d error: not enough column.",table_info_path,i);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
ret=map_str2int(string2int_map,str_tolower(table_type_str),(int*)&(p->table_type));
|
ret=map_str2int(reserved_word_map,str_tolower(table_type_str),(int*)&(p->table_type));
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module,
|
MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module,
|
||||||
@@ -621,7 +647,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
{
|
{
|
||||||
case TABLE_TYPE_EXPR:
|
case TABLE_TYPE_EXPR:
|
||||||
case TABLE_TYPE_EXPR_PLUS:
|
case TABLE_TYPE_EXPR_PLUS:
|
||||||
ret=read_expr_table_info(line, p, string2int_map);
|
ret=read_expr_table_info(line, p, reserved_word_map);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
fprintf(stderr,"Maat read table info %s line %d error:illegal column.\n",table_info_path,i);
|
fprintf(stderr,"Maat read table info %s line %d error:illegal column.\n",table_info_path,i);
|
||||||
@@ -661,7 +687,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TABLE_TYPE_COMPOSITION:
|
case TABLE_TYPE_COMPOSITION:
|
||||||
ret=read_composition_table_schema(line, p, string2int_map);
|
ret=read_composition_table_schema(table_mgr, line, p, reserved_word_map);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
fprintf(stderr,"Maat read table info %s line %d error:illegal composition table schema.\n", table_info_path,i);
|
fprintf(stderr,"Maat read table info %s line %d error:illegal composition table schema.\n", table_info_path,i);
|
||||||
@@ -671,7 +697,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TABLE_TYPE_VIRTUAL:
|
case TABLE_TYPE_VIRTUAL:
|
||||||
ret=read_virtual_table_schema(line, p, string2int_map);
|
ret=read_virtual_table_schema(table_mgr, line, p, reserved_word_map);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
fprintf(stderr,"Maat read table info %s line %d error:illegal virtual table schema.\n", table_info_path,i);
|
fprintf(stderr,"Maat read table info %s line %d error:illegal virtual table schema.\n", table_info_path,i);
|
||||||
@@ -684,7 +710,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
ret=sscanf(not_care,"%[a-z0-9]",tmp_str);
|
ret=sscanf(not_care,"%[a-z0-9]",tmp_str);
|
||||||
if(ret>0)
|
if(ret>0)
|
||||||
{
|
{
|
||||||
ret=map_str2int(string2int_map,str_tolower(tmp_str),(int*)&(p->compile.user_region_encoding));
|
ret=map_str2int(reserved_word_map,str_tolower(tmp_str),(int*)&(p->compile.user_region_encoding));
|
||||||
}
|
}
|
||||||
if(ret!=1)
|
if(ret!=1)
|
||||||
{
|
{
|
||||||
@@ -703,6 +729,15 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
|
|
||||||
goto invalid_table;
|
goto invalid_table;
|
||||||
}
|
}
|
||||||
|
ret=map_register(table_mgr->map_tablename2id, p->table_name[0], p->table_id);
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
|
||||||
|
"Duplicate table %s of table id %d",
|
||||||
|
p->table_name[0],
|
||||||
|
p->table_id);
|
||||||
|
goto invalid_table;
|
||||||
|
}
|
||||||
if(p_table_info[p->table_id]!=NULL)//duplicate table_id,means conjunction table;
|
if(p_table_info[p->table_id]!=NULL)//duplicate table_id,means conjunction table;
|
||||||
{
|
{
|
||||||
conj_table=p_table_info[p->table_id];
|
conj_table=p_table_info[p->table_id];
|
||||||
@@ -722,21 +757,16 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
|
|||||||
//use goto to free the conjunctioned table_info
|
//use goto to free the conjunctioned table_info
|
||||||
goto invalid_table;
|
goto invalid_table;
|
||||||
}
|
}
|
||||||
|
|
||||||
p_table_info[p->table_id]=p;
|
p_table_info[p->table_id]=p;
|
||||||
table_mgr->table_cnt++;
|
table_mgr->table_cnt++;
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
invalid_table:
|
invalid_table:
|
||||||
table_info_free(p);
|
table_info_free(p);
|
||||||
p=NULL;
|
p=NULL;
|
||||||
}
|
}
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
ret=Maat_table_build_map(table_mgr, logger);
|
map_destroy(reserved_word_map);
|
||||||
if(ret<0)
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
map_destroy(string2int_map);
|
|
||||||
return table_mgr;
|
return table_mgr;
|
||||||
}
|
}
|
||||||
size_t Maat_table_manager_get_size(struct Maat_table_manager* table_mgr)
|
size_t Maat_table_manager_get_size(struct Maat_table_manager* table_mgr)
|
||||||
@@ -822,13 +852,13 @@ struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* t
|
|||||||
return table_mgr->p_table_info[table_id];
|
return table_mgr->p_table_info[table_id];
|
||||||
}
|
}
|
||||||
|
|
||||||
struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id)
|
struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_SCAN_TYPE scan_type, int* virutal_table_id)
|
||||||
{
|
{
|
||||||
|
enum MAAT_SCAN_TYPE tab_scan_type;
|
||||||
struct Maat_table_schema **p_table_info=table_mgr->p_table_info;
|
struct Maat_table_schema **p_table_info=table_mgr->p_table_info;
|
||||||
size_t n_table=MAX_TABLE_NUM;
|
size_t n_table=MAX_TABLE_NUM;
|
||||||
|
|
||||||
struct Maat_table_schema *p_table=NULL, *p_real_table=NULL;
|
struct Maat_table_schema *p_table=NULL, *p_physical_table=NULL;
|
||||||
if((unsigned int) table_id>n_table)
|
if((unsigned int) table_id>n_table)
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -844,23 +874,20 @@ struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager*
|
|||||||
}
|
}
|
||||||
if(p_table->table_type==TABLE_TYPE_VIRTUAL)
|
if(p_table->table_type==TABLE_TYPE_VIRTUAL)
|
||||||
{
|
{
|
||||||
p_real_table=p_table_info[p_table->virtual_table.real_table_id];
|
p_physical_table=p_table_info[p_table->virtual_table.physical_table_id[scan_type]];
|
||||||
*virutal_table_id=table_id;
|
*virutal_table_id=table_id;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
p_real_table=p_table;
|
p_physical_table=p_table;
|
||||||
if(virutal_table_id) *virutal_table_id=0;
|
if(virutal_table_id) *virutal_table_id=0;
|
||||||
}
|
}
|
||||||
if(p_real_table->table_type!=expect_type)
|
tab_scan_type=Maat_table_get_scan_type(p_physical_table->table_type);
|
||||||
{
|
if(tab_scan_type!=scan_type)
|
||||||
if((expect_type==TABLE_TYPE_EXPR && p_real_table->table_type!=TABLE_TYPE_EXPR_PLUS)||
|
|
||||||
(expect_type==TABLE_TYPE_IP && p_real_table->table_type!=TABLE_TYPE_IP_PLUS))
|
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
return p_physical_table;
|
||||||
return p_real_table;
|
|
||||||
}
|
}
|
||||||
int Maat_table_get_id_by_name(struct Maat_table_manager* table_mgr, const char* table_name)
|
int Maat_table_get_id_by_name(struct Maat_table_manager* table_mgr, const char* table_name)
|
||||||
{
|
{
|
||||||
@@ -883,7 +910,7 @@ int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr,
|
|||||||
void* u_para)
|
void* u_para)
|
||||||
{
|
{
|
||||||
int idx=0;
|
int idx=0;
|
||||||
struct Maat_table_schema *p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
|
struct Maat_table_schema *p_table=Maat_table_get_scan_by_id(table_mgr, table_id, SCAN_TYPE_PLUGIN, NULL);
|
||||||
struct plugin_table_schema *plugin_desc=&(p_table->plugin);
|
struct plugin_table_schema *plugin_desc=&(p_table->plugin);
|
||||||
if(p_table==NULL)
|
if(p_table==NULL)
|
||||||
{
|
{
|
||||||
@@ -913,7 +940,7 @@ struct compile_ex_data_idx* Maat_table_get_compile_rule_ex_desc(struct Maat_tabl
|
|||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL);
|
p_table=Maat_table_get_scan_by_id(table_mgr, table_id, SCAN_TYPE_NONE, NULL);
|
||||||
if(!p_table)
|
if(!p_table)
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -938,7 +965,7 @@ int Maat_table_new_compile_rule_ex_index(struct Maat_table_manager* table_mgr, c
|
|||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL);
|
p_table=Maat_table_get_scan_by_id(table_mgr, table_id, SCAN_TYPE_NONE, NULL);
|
||||||
if(!p_table)
|
if(!p_table)
|
||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1175,28 +1202,15 @@ void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char*
|
|||||||
assert(i<=p_table->conj_cnt);
|
assert(i<=p_table->conj_cnt);
|
||||||
}
|
}
|
||||||
|
|
||||||
int Maat_table_get_child_id(struct Maat_table_schema* p_table, enum MAAT_TABLE_CHILD_TYPE type)
|
int Maat_table_get_child_id(struct Maat_table_manager* table_mgr, int parent_table_id, enum MAAT_TABLE_COMPONENT_TYPE type)
|
||||||
{
|
{
|
||||||
int ret=-1;
|
int ret=-1;
|
||||||
|
struct Maat_table_schema* p_table=Maat_table_get_by_id_raw(table_mgr, parent_table_id);
|
||||||
if(p_table->table_type!=TABLE_TYPE_COMPOSITION)
|
if(p_table->table_type!=TABLE_TYPE_COMPOSITION)
|
||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
switch (type)
|
ret=p_table->composition.component_table_id[type];
|
||||||
{
|
|
||||||
case CHILD_TABLE_TYPE_SOURCE_IP:
|
|
||||||
ret=p_table->composition.source_table.real_table_id;
|
|
||||||
break;
|
|
||||||
case CHILD_TABLE_TYPE_DESTINATION_IP:
|
|
||||||
ret=p_table->composition.destination_table.real_table_id;
|
|
||||||
break;
|
|
||||||
case CHILD_TABLE_TYPE_SESSION:
|
|
||||||
ret=p_table->composition.session_table.real_table_id;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
assert(0);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
int Maat_table_xx_plugin_table_get_valid_flag_column(struct Maat_table_schema* p_table)
|
int Maat_table_xx_plugin_table_get_valid_flag_column(struct Maat_table_schema* p_table)
|
||||||
@@ -1219,3 +1233,4 @@ int Maat_table_xx_plugin_table_get_valid_flag_column(struct Maat_table_schema* p
|
|||||||
}
|
}
|
||||||
return valid_flag_column;
|
return valid_flag_column;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,28 @@ enum USER_REGION_ENCODE
|
|||||||
USER_REGION_ENCODE_ESCAPE,
|
USER_REGION_ENCODE_ESCAPE,
|
||||||
USER_REGION_ENCODE_BASE64
|
USER_REGION_ENCODE_BASE64
|
||||||
};
|
};
|
||||||
|
enum MAAT_SCAN_TYPE
|
||||||
|
{
|
||||||
|
SCAN_TYPE_INVALID=-1,
|
||||||
|
SCAN_TYPE_NONE=0,
|
||||||
|
SCAN_TYPE_PLUGIN,
|
||||||
|
SCAN_TYPE_IP_PLUGIN,
|
||||||
|
SCAN_TYPE_FQDN_PLUGIN,
|
||||||
|
SCAN_TYPE_IP,
|
||||||
|
SCAN_TYPE_INTERVAL,
|
||||||
|
SCAN_TYPE_STRING,
|
||||||
|
__SCAN_TYPE_MAX
|
||||||
|
};
|
||||||
|
|
||||||
|
enum MAAT_TABLE_COMPONENT_TYPE
|
||||||
|
{
|
||||||
|
COMPONENT_TABLE_TYPE_NONE=-1,
|
||||||
|
COMPONENT_TABLE_TYPE_SOURCE_IP=0,
|
||||||
|
COMPONENT_TABLE_TYPE_DESTINATION_IP,
|
||||||
|
COMPONENT_TABLE_TYPE_SESSION,
|
||||||
|
__COMPONENT_TABLE_TYPE_MAX
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
enum MAAT_TABLE_TYPE
|
enum MAAT_TABLE_TYPE
|
||||||
{
|
{
|
||||||
@@ -28,6 +50,8 @@ enum MAAT_TABLE_TYPE
|
|||||||
TABLE_TYPE_DIGEST,
|
TABLE_TYPE_DIGEST,
|
||||||
TABLE_TYPE_EXPR_PLUS,
|
TABLE_TYPE_EXPR_PLUS,
|
||||||
TABLE_TYPE_SIMILARITY,
|
TABLE_TYPE_SIMILARITY,
|
||||||
|
TABLE_TYPE_INTERVAL_PLUS,
|
||||||
|
//Above are physical table for scan
|
||||||
TABLE_TYPE_VIRTUAL,
|
TABLE_TYPE_VIRTUAL,
|
||||||
TABLE_TYPE_COMPOSITION,
|
TABLE_TYPE_COMPOSITION,
|
||||||
TABLE_TYPE_GROUP2GROUP,
|
TABLE_TYPE_GROUP2GROUP,
|
||||||
@@ -36,7 +60,6 @@ enum MAAT_TABLE_TYPE
|
|||||||
TABLE_TYPE_COMPILE,
|
TABLE_TYPE_COMPILE,
|
||||||
TABLE_TYPE_PLUGIN,
|
TABLE_TYPE_PLUGIN,
|
||||||
TABLE_TYPE_IP_PLUGIN,
|
TABLE_TYPE_IP_PLUGIN,
|
||||||
TABLE_TYPE_INTERVAL_PLUS,
|
|
||||||
TABLE_TYPE_FQDN_PLUGIN
|
TABLE_TYPE_FQDN_PLUGIN
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -69,12 +92,11 @@ struct expr_table_schema
|
|||||||
};
|
};
|
||||||
struct virtual_table_schema
|
struct virtual_table_schema
|
||||||
{
|
{
|
||||||
int real_table_id;
|
int physical_table_id[__SCAN_TYPE_MAX];
|
||||||
char real_table_name[MAX_TABLE_NAME_LEN];
|
|
||||||
};
|
};
|
||||||
struct composition_table_schema
|
struct composition_table_schema
|
||||||
{
|
{
|
||||||
struct virtual_table_schema source_table, destination_table, session_table;
|
int component_table_id[__COMPONENT_TABLE_TYPE_MAX];
|
||||||
};
|
};
|
||||||
struct plugin_table_callback_schema
|
struct plugin_table_callback_schema
|
||||||
{
|
{
|
||||||
@@ -155,8 +177,9 @@ void Maat_table_manager_destroy(struct Maat_table_manager* table_mgr);
|
|||||||
size_t Maat_table_manager_get_size(struct Maat_table_manager* table_mgr);
|
size_t Maat_table_manager_get_size(struct Maat_table_manager* table_mgr);
|
||||||
size_t Maat_table_manager_get_count(struct Maat_table_manager* table_mgr);
|
size_t Maat_table_manager_get_count(struct Maat_table_manager* table_mgr);
|
||||||
|
|
||||||
struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id);
|
struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_SCAN_TYPE scan_type, int* virutal_table_id);
|
||||||
struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id);
|
struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id);
|
||||||
|
enum MAAT_SCAN_TYPE Maat_table_get_scan_type(enum MAAT_TABLE_TYPE table_type);
|
||||||
|
|
||||||
int Maat_table_get_id_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
|
int Maat_table_get_id_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
|
||||||
int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr,
|
int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr,
|
||||||
@@ -206,13 +229,7 @@ void Maat_table_manager_all_plugin_cb_finish(struct Maat_table_manager* table_mg
|
|||||||
int Maat_table_manager_is_last_plugin_table_updating(struct Maat_table_manager* table_mgr);
|
int Maat_table_manager_is_last_plugin_table_updating(struct Maat_table_manager* table_mgr);
|
||||||
struct Maat_table_schema* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
|
struct Maat_table_schema* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
|
||||||
void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char* table_name);
|
void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char* table_name);
|
||||||
enum MAAT_TABLE_CHILD_TYPE
|
|
||||||
{
|
int Maat_table_get_child_id(struct Maat_table_manager* table_mgr, int parent_table_id, enum MAAT_TABLE_COMPONENT_TYPE type);
|
||||||
CHILD_TABLE_TYPE_NONE=-1,
|
|
||||||
CHILD_TABLE_TYPE_SOURCE_IP=0,
|
|
||||||
CHILD_TABLE_TYPE_DESTINATION_IP,
|
|
||||||
CHILD_TABLE_TYPE_SESSION
|
|
||||||
};
|
|
||||||
int Maat_table_get_child_id(struct Maat_table_schema* p_table, enum MAAT_TABLE_CHILD_TYPE type);
|
|
||||||
int Maat_table_xx_plugin_table_get_valid_flag_column(struct Maat_table_schema* p_table);
|
int Maat_table_xx_plugin_table_get_valid_flag_column(struct Maat_table_schema* p_table);
|
||||||
|
|
||||||
|
|||||||
@@ -60,7 +60,7 @@
|
|||||||
"regions": [
|
"regions": [
|
||||||
{
|
{
|
||||||
"table_name": "GeoLocation",
|
"table_name": "GeoLocation",
|
||||||
"table_type": "string",
|
"table_type": "expr",
|
||||||
"table_content": {
|
"table_content": {
|
||||||
"keywords": "Greece.Sparta",
|
"keywords": "Greece.Sparta",
|
||||||
"expr_type": "none",
|
"expr_type": "none",
|
||||||
@@ -69,6 +69,35 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"group_name": "FQDN_OBJ1",
|
||||||
|
"regions": [
|
||||||
|
{
|
||||||
|
"table_name": "KEYWORDS_TABLE",
|
||||||
|
"table_type": "expr",
|
||||||
|
"table_content": {
|
||||||
|
"keywords": "sports.example.com",
|
||||||
|
"expr_type": "none",
|
||||||
|
"match_method": "exact",
|
||||||
|
"format": "uncase plain"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"group_name": "FQDN_CAT1",
|
||||||
|
"regions": [
|
||||||
|
{
|
||||||
|
"table_name": "INTERGER_PLUS",
|
||||||
|
"table_type": "intval_plus",
|
||||||
|
"table_content": {
|
||||||
|
"district": "fqdn_cat_id",
|
||||||
|
"low_boundary": 1724,
|
||||||
|
"up_boundary": 1724
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"rules": [
|
"rules": [
|
||||||
@@ -1220,7 +1249,7 @@
|
|||||||
"do_blacklist": 0,
|
"do_blacklist": 0,
|
||||||
"do_log": 0,
|
"do_log": 0,
|
||||||
"effective_rage": 0,
|
"effective_rage": 0,
|
||||||
"user_region": "VirtualWithPhysical",
|
"user_region": "VirtualWithOnePhysical",
|
||||||
"is_valid": "yes",
|
"is_valid": "yes",
|
||||||
"groups": [
|
"groups": [
|
||||||
{
|
{
|
||||||
@@ -1850,6 +1879,30 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"compile_id": 180,
|
||||||
|
"service": 0,
|
||||||
|
"action": 0,
|
||||||
|
"do_blacklist": 0,
|
||||||
|
"do_log": 0,
|
||||||
|
"effective_rage": 0,
|
||||||
|
"user_region": "Hierarchy_VirtualWithTwoPhysical",
|
||||||
|
"is_valid": "yes",
|
||||||
|
"groups": [
|
||||||
|
{
|
||||||
|
"group_name":"FQDN_OBJ1",
|
||||||
|
"virtual_table":"VIRTUAL_SSL_SNI",
|
||||||
|
"not_flag" : 0,
|
||||||
|
"clause_index":0
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"group_name":"FQDN_CAT1",
|
||||||
|
"virtual_table":"VIRTUAL_SSL_SNI",
|
||||||
|
"not_flag" : 0,
|
||||||
|
"clause_index":0
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"plugin_table": [
|
"plugin_table": [
|
||||||
|
|||||||
@@ -57,3 +57,4 @@
|
|||||||
34 SOURCE_IP_GEO virtual GeoLocation --
|
34 SOURCE_IP_GEO virtual GeoLocation --
|
||||||
35 INTERGER_PLUS intval_plus --
|
35 INTERGER_PLUS intval_plus --
|
||||||
36 TEST_FQDN_PLUGIN_WITH_EXDATA fqdn_plugin {"row_id":1,"is_suffix_match":2,"fqdn":3,"valid":5} --
|
36 TEST_FQDN_PLUGIN_WITH_EXDATA fqdn_plugin {"row_id":1,"is_suffix_match":2,"fqdn":3,"valid":5} --
|
||||||
|
37 VIRTUAL_SSL_SNI virtual ["KEYWORDS_TABLE","INTERGER_PLUS"] --
|
||||||
@@ -1835,9 +1835,9 @@ TEST(ScanResult, LongerServiceDefine)
|
|||||||
free(buff);
|
free(buff);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
TEST(Hierarchy, VirtualWithPhysical)
|
TEST(Hierarchy, VirtualOfOnePhysical)
|
||||||
{
|
{
|
||||||
#define Hierarchy_VirtualWithPhysical
|
#define Hierarchy_VirtualOfOnePhysical
|
||||||
int ret=0, table_id=0;
|
int ret=0, table_id=0;
|
||||||
const char* http_content="Batman\\:Take me Home.Superman/:Fine,stay with me.";
|
const char* http_content="Batman\\:Take me Home.Superman/:Fine,stay with me.";
|
||||||
const char* http_url="https://blog.csdn.net/littlefang/article/details/8213058";
|
const char* http_url="https://blog.csdn.net/littlefang/article/details/8213058";
|
||||||
@@ -1876,6 +1876,42 @@ TEST(Hierarchy, VirtualWithPhysical)
|
|||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
TEST(Hierarchy, VirtualOfTwoPhysical)
|
||||||
|
{
|
||||||
|
#define Hierarchy_VirtualWithTwoPhysical
|
||||||
|
int ret=0, table_id=0;
|
||||||
|
const char* sni="sports.example.com";
|
||||||
|
int cat_id=1724;
|
||||||
|
|
||||||
|
|
||||||
|
struct Maat_rule_t result[4];
|
||||||
|
memset(result, 0, sizeof(result));
|
||||||
|
|
||||||
|
scan_status_t mid=NULL;
|
||||||
|
|
||||||
|
table_id=Maat_table_register(g_feather, "VIRTUAL_SSL_SNI");
|
||||||
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
|
ret=Maat_full_scan_string(g_feather, table_id, CHARSET_UTF8, sni, strlen(sni),
|
||||||
|
result, NULL, 4, &mid, 0);
|
||||||
|
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
EXPECT_EQ(result[0].config_id, 180);
|
||||||
|
Maat_clean_status(&mid);
|
||||||
|
|
||||||
|
memset(result, 0, sizeof(result));
|
||||||
|
ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, "fqdn_cat_id", strlen("fqdn_cat_id"));
|
||||||
|
ASSERT_EQ(ret, 0);
|
||||||
|
|
||||||
|
ret=Maat_scan_intval(g_feather, table_id, cat_id, result,4, &mid, 0);
|
||||||
|
EXPECT_EQ(ret, 1);
|
||||||
|
EXPECT_EQ(result[0].config_id, 180);
|
||||||
|
|
||||||
|
Maat_clean_status(&mid);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
TEST(Hierarchy, VirtualWithVirtual)
|
TEST(Hierarchy, VirtualWithVirtual)
|
||||||
{
|
{
|
||||||
#define Hierarchy_VirtualWithVirtual
|
#define Hierarchy_VirtualWithVirtual
|
||||||
@@ -1916,6 +1952,7 @@ TEST(Hierarchy, VirtualWithVirtual)
|
|||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST(Hierarchy, OneGroupInTwoVirtual)
|
TEST(Hierarchy, OneGroupInTwoVirtual)
|
||||||
{
|
{
|
||||||
#define Hierarchy_OneGroupInTwoVirtual
|
#define Hierarchy_OneGroupInTwoVirtual
|
||||||
|
|||||||
Reference in New Issue
Block a user