gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add temp code

Browse Source
This commit is contained in:
root
2024-09-26 11:14:06 +00:00
parent be3b474f69
commit 3315428974
40 changed files with 19039 additions and 3564 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -15,7 +15,7 @@ include_directories(/opt/MESA/include/)
set(CMAKE_C_STANDARD 11)
set(CMAKE_C_FLAGS "-fPIC -Wall")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall")
set(MAAT_DEPEND_DYN_LIB pthread m crypto z fieldstat4)
set(MAAT_DEPEND_DYN_LIB pthread m crypto z fieldstat4 uuid)
include_directories(include)
#for ASAN

21
deps/yyjson/LICENSE vendored Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2020 YaoYuan <ibireme@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

9447
deps/yyjson/yyjson.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

7814
deps/yyjson/yyjson.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

3
include/maat.h
View File

@@ -176,9 +176,6 @@ void maat_reload_log_level(struct maat *instance, enum log_level level);
*/
void maat_register_thread(struct maat *instance);
/* maat helper API */
int maat_helper_read_column(const char *table_line, int Nth_column,
size_t *column_offset, size_t *column_len);
/**
* verify if regex expression is legal
*

2
scanner/expr_matcher/expr_matcher.cpp
View File

@@ -228,7 +228,6 @@ static struct bool_expr *bool_exprs_new(struct expr_rule *rules, size_t n_rule,
uuid_copy(bool_exprs[i].expr_uuid, rules[i].expr_uuid);
bool_exprs[i].item_num = rules[i].n_patterns;
bool_exprs[i].user_tag = rules[i].tag;
}
return bool_exprs;
@@ -435,7 +434,6 @@ static int expr_matcher_bool_matcher_match(struct bool_matcher *bm, struct bool_
for (int index = 0; index < bool_matcher_ret; index++) {
uuid_copy(result_array[index].rule_uuid, match_buff[index].expr_uuid);
result_array[index].user_tag = match_buff[index].user_tag;
}
*n_hit_result = bool_matcher_ret;

2
scanner/expr_matcher/expr_matcher.h
View File

@@ -67,7 +67,6 @@ struct expr_pattern {
struct expr_scan_result {
uuid_t rule_uuid;
void *user_tag;
};
/* logic AND expression, such as (rule1 & rule2) */
@@ -75,7 +74,6 @@ struct expr_rule {
uuid_t expr_uuid; /* AND expression ID */
size_t n_patterns;
struct expr_pattern patterns[MAX_EXPR_PATTERN_NUM];
void *tag; /* user defined data, return with hit result */
};
int expr_matcher_verify_regex_expression(const char *regex_expr,

1
scanner/flag_matcher/flag_matcher.cpp
View File

@@ -72,7 +72,6 @@ int flag_matcher_match(struct flag_matcher *flag_matcher, uint64_t flag, struct
if (!((flag ^ flag_matcher->rule_table[i].flag) & flag_matcher->rule_table[i].mask))
{
uuid_copy(result[result_number].rule_uuid, flag_matcher->rule_table[i].rule_uuid);
result[result_number ++].user_tag = flag_matcher->rule_table[i].user_tag;
if (result_number >= n_result)
{

5
scanner/flag_matcher/flag_matcher.h
View File

@@ -22,10 +22,6 @@ struct flag_rule
uint64_t flag;
uint64_t mask;
uuid_t rule_uuid; // unique for a rule;
/* A transparent user tag for convenient accessing,
the caller is responsible for its memory management. */
void *user_tag;
};
@@ -33,7 +29,6 @@ struct flag_rule
struct flag_result
{
uuid_t rule_uuid; // unique for a rule;
void *user_tag;
};

4
scanner/interval_matcher/interval_matcher.h
View File

@@ -19,10 +19,6 @@ extern "C"
struct interval_result
{
uuid_t rule_uuid;
/* A transparent user tag for convenient accessing,
the caller is responsible for its memory management. */
void *user_tag;
};
struct interval_rule

2
src/CMakeLists.txt
View File

@@ -17,7 +17,7 @@ set(MAAT_SRC alignment.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_co
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_stat.c)
set(LIB_SOURCE_FILES
${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c)
${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/yyjson/yyjson.c ${PROJECT_SOURCE_DIR}/deps/log/log.c)
include_directories(/opt/MESA/include/MESA/)
include_directories(${PROJECT_SOURCE_DIR}/include/)

7
src/inc_internal/maat_core.h
View File

@@ -35,12 +35,7 @@ extern "C"
#include "hiredis/hiredis.h"
#define MAX_TABLE_NUM 1024
#define MAX_ATTRIBUTE_NUM 1024
#define DISTRICT_ANY -1
#define DISTRICT_UNKNOWN -2
#define MAX_DISTRICT_STR_LEN 128
#define INVALID_VERSION -1
#define mr_region_id_var "SEQUENCE_REGION"
@@ -189,10 +184,8 @@ struct maat_state {
struct maat *maat_inst;
struct rule_compile_state *rule_compile_state;
int Nth_scan;
int district_id; //-1: Any District; -2: Unkonwn District;
uint16_t thread_id;
int16_t rule_table_id;
uint8_t district_flag;
uint8_t logic_negate_option;
};

1
src/inc_internal/maat_ex_data.h
View File

@@ -36,6 +36,7 @@ struct ex_container {
struct ex_container_schema {
int table_id;
int set_flag;
char *table_name;
struct ex_data_schema ex_schema;
void (*custom_data_free)(void *);
};

3
src/inc_internal/maat_expr.h
View File

@@ -59,9 +59,6 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const c
void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream);
int expr_runtime_set_scan_district(struct expr_runtime *expr_rt, const char *district,
size_t district_len, long long *district_id);
void expr_runtime_perf_stat(struct expr_runtime *flag_rt, size_t scan_len,
struct timespec *start, struct timespec *end,
int thread_id);

5
src/inc_internal/maat_flag.h
View File

@@ -50,11 +50,6 @@ long long flag_runtime_rule_count(void *flag_runtime);
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
int attribute_id, struct maat_state *state);
int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *district,
size_t district_len, long long *district_id);
void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start,
struct timespec *end, int thread_id);

4
src/inc_internal/maat_interval.h
View File

@@ -51,10 +51,6 @@ long long interval_runtime_rule_count(void *interval_runtime);
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state);
int interval_runtime_set_scan_district(struct interval_runtime *interval_rt,
const char *district, size_t district_len,
long long *district_id);
void interval_runtime_perf_stat(struct interval_runtime *interval_rt,
struct timespec *start, struct timespec *end,
int thread_id);

1
src/inc_internal/maat_plugin.h
View File

@@ -17,6 +17,7 @@ extern "C"
#endif
#include "cJSON/cJSON.h"
#include "yyjson/yyjson.h"
#include "maat.h"
#include "maat_ex_data.h"

2
src/inc_internal/maat_rule.h
View File

@@ -104,7 +104,7 @@ size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_c
size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state);
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id);
uuid_t rule_id);
#ifdef __cplusplus
}

8
src/inc_internal/maat_table.h
View File

@@ -26,12 +26,9 @@ extern "C"
enum table_type {
TABLE_TYPE_INVALID = -1,
TABLE_TYPE_FLAG = 0,
TABLE_TYPE_FLAG_PLUS,
TABLE_TYPE_EXPR,
TABLE_TYPE_EXPR_PLUS,
TABLE_TYPE_IP,
TABLE_TYPE_INTERVAL,
TABLE_TYPE_INTERVAL_PLUS,
TABLE_TYPE_PLUGIN,
TABLE_TYPE_IP_PLUGIN,
TABLE_TYPE_IPPORT_PLUGIN,
@@ -60,7 +57,8 @@ size_t table_manager_table_num(struct table_manager *tbl_mgr);
int table_manager_get_table_id(struct table_manager *tbl_mgr, const char *table_name);
int table_manager_get_attribute_id(struct table_manager *tbl_mgr, const char *attribute_name);
int table_manager_attribute_get_table_id(struct table_manager *tbl_mgr, int attr_id);
int table_manager_attribute_register(struct table_manager *tbl_mgr, const char *attribute_name, struct log_handle *logger);
/**
* @brief get table_name's all conjunction parents' table_id
*
@@ -76,7 +74,7 @@ int table_manager_attribute_get_table_id(struct table_manager *tbl_mgr, int attr
*/
int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const char *table_name,
long long *table_ids_array, size_t n_table_ids_array);
int maat_get_table_id(struct maat *maat_inst, const char *table_name);
const char *table_manager_get_table_name(struct table_manager *tbl_mgr,
int table_id);
const char *table_manager_get_attribute_name(struct table_manager *tbl_mgr, int attr_id);

410
src/maat_api.c
View File

@@ -43,11 +43,6 @@
#define MODULE_MAAT_API module_name_str("maat.api")
enum district_flag {
DISTRICT_FLAG_UNSET,
DISTRICT_FLAG_SET
};
enum logic_negate_option {
LOGIC_NEGATE_OPTION_UNSET,
LOGIC_NEGATE_OPTION_SET
@@ -475,12 +470,6 @@ static int _get_tid(struct maat *maat_inst)
return _thread_local_tid;
}
int maat_helper_read_column(const char *table_line, int Nth_column,
size_t *column_offset, size_t *column_len)
{
return get_column_pos(table_line, Nth_column, column_offset, column_len);
}
int maat_helper_verify_regex_expression(const char *regex_expr)
{
if (NULL == regex_expr) {
@@ -490,30 +479,15 @@ int maat_helper_verify_regex_expression(const char *regex_expr)
return expr_matcher_verify_regex_expression(regex_expr, NULL);
}
int maat_get_table_id(struct maat *maat_inst, const char *table_name)
{
if (NULL == maat_inst || NULL == table_name) {
return -1;
}
struct table_manager *table_mgr = maat_inst->tbl_mgr;
return table_manager_get_table_id(table_mgr, table_name);
}
int maat_get_attribute_id(struct maat *instance, const char *attribute_name)
{
if (NULL == instance || NULL == attribute_name) {
return -1;
}
struct table_manager *table_mgr = instance->tbl_mgr;
return table_manager_get_attribute_id(table_mgr, attribute_name);
}
const char *
maat_get_table_schema_tag(struct maat *maat_inst, int table_id)
maat_get_table_schema_tag(struct maat *maat_inst, const char *table_name)
{
if (NULL == maat_inst || table_id < 0) {
if (NULL == maat_inst || table_name == NULL) {
return NULL;
}
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0) {
return NULL;
}
@@ -542,22 +516,31 @@ maat_runtime_ref_dec(struct maat_runtime *maat_rt, int thread_id)
}
/* must be plugin table */
int maat_table_callback_register(struct maat *maat_inst, int table_id,
int maat_table_callback_register(struct maat *maat_inst, const char *table_name,
maat_start_callback_t *start,
maat_update_callback_t *update,
maat_finish_callback_t *finish,
void *u_para)
{
int ret = -1;
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0) {
log_fatal(maat_inst->logger, MODULE_MAAT_API,
"[%s:%d] table(table_name:%s) is not registered, "
"register callback failed", __FUNCTION__,
__LINE__, table_name);
return -1;
}
pthread_mutex_lock(&(maat_inst->background_update_mutex));
void *schema = table_manager_get_schema(maat_inst->tbl_mgr, table_id);
if (NULL == schema) {
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
log_fatal(maat_inst->logger, MODULE_MAAT_API,
"[%s:%d] table(table_id:%d) schema is NULL, "
"[%s:%d] table(table_name:%s) schema is NULL, "
"register callback failed", __FUNCTION__,
__LINE__, table_id);
__LINE__, table_name);
return -1;
}
@@ -597,7 +580,7 @@ int maat_table_callback_register(struct maat *maat_inst, int table_id,
break;
}
update(table_id, ex_data_row->row, ex_data_row->op, u_para);
update(table_name, ex_data_row->row, ex_data_row->op, u_para);
}
if (finish != NULL) {
@@ -870,12 +853,16 @@ int maat_plugin_table_ex_schema_register(struct maat *maat_inst,
return ret;
}
void *maat_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
void *maat_plugin_table_get_ex_data(struct maat *maat_inst, const char *table_name,
const char *key, size_t key_len)
{
if (NULL == maat_inst || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == key) {
if (NULL == maat_inst || NULL == key) {
return NULL;
}
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0 || table_id >= MAX_TABLE_NUM) {
return NULL;
}
@@ -909,12 +896,16 @@ void *maat_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
return ret;
}
int maat_ip_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
int maat_ip_plugin_table_get_ex_data(struct maat *maat_inst, const char *table_name,
const struct ip_addr *ip_addr,
void **ex_data_array, size_t array_size)
{
if (NULL == maat_inst || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == ip_addr || NULL == ex_data_array || 0 == array_size) {
if (NULL == maat_inst || NULL == ip_addr || NULL == ex_data_array || 0 == array_size) {
return -1;
}
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0 || table_id >= MAX_TABLE_NUM) {
return -1;
}
@@ -936,12 +927,16 @@ int maat_ip_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
return ip_plugin_runtime_get_ex_data(ip_plugin_rt, ip_addr, ex_data_array, array_size);
}
int maat_ipport_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
int maat_ipport_plugin_table_get_ex_data(struct maat *maat_inst, const char *table_name,
const struct ip_addr *ip_addr, uint16_t port,
void **ex_data_array, size_t array_size)
{
if (NULL == maat_inst || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == ip_addr || NULL == ex_data_array || 0 == array_size) {
if (NULL == maat_inst || NULL == ip_addr || NULL == ex_data_array || 0 == array_size) {
return -1;
}
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0 || table_id >= MAX_TABLE_NUM) {
return -1;
}
@@ -964,12 +959,16 @@ int maat_ipport_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
ex_data_array, array_size);
}
int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_inst, const char *table_name,
const char *fqdn, void **ex_data_array,
size_t array_size)
{
if (NULL == maat_inst || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == fqdn || NULL == ex_data_array || 0 == array_size) {
if (NULL == maat_inst || NULL == fqdn || NULL == ex_data_array || 0 == array_size) {
return -1;
}
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0 || table_id >= MAX_TABLE_NUM) {
return -1;
}
@@ -991,12 +990,16 @@ int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
return fqdn_plugin_runtime_get_ex_data(fqdn_plugin_rt, fqdn, ex_data_array, array_size);
}
int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, const char *table_name,
unsigned long long *item_ids, size_t n_item,
void **ex_data_array, size_t array_size)
{
if (NULL == maat_inst || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == item_ids || NULL == ex_data_array || 0 == array_size) {
if (NULL == maat_inst || NULL == item_ids || NULL == ex_data_array || 0 == array_size) {
return -1;
}
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0 || table_id >= MAX_TABLE_NUM) {
return -1;
}
@@ -1025,13 +1028,8 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
if (table_type == TABLE_TYPE_FLAG_PLUS &&
DISTRICT_FLAG_UNSET == state->district_flag) {
return -1;
}
if (table_type != TABLE_TYPE_FLAG &&
table_type != TABLE_TYPE_FLAG_PLUS) {
if (table_type != TABLE_TYPE_FLAG) {
return -1;
}
@@ -1060,13 +1058,8 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS &&
DISTRICT_FLAG_UNSET == state->district_flag) {
return -1;
}
if (table_type != TABLE_TYPE_INTERVAL &&
table_type != TABLE_TYPE_INTERVAL_PLUS) {
if (table_type != TABLE_TYPE_INTERVAL) {
return -1;
}
@@ -1153,13 +1146,8 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
if (table_type == TABLE_TYPE_EXPR_PLUS &&
DISTRICT_FLAG_UNSET == state->district_flag) {
return -1;
}
if (table_type != TABLE_TYPE_EXPR &&
table_type != TABLE_TYPE_EXPR_PLUS) {
if (table_type != TABLE_TYPE_EXPR) {
return -1;
}
@@ -1204,12 +1192,11 @@ object_to_rule(struct maat *maat_inst, uuid_t *results, size_t n_result,
results, n_result, state);
}
int maat_scan_flag(struct maat *maat_inst, int attribute_id,
int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *attribute_name,
long long flag, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
if ((NULL == maat_inst) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
(NULL == state) || (state->thread_id < 0)) {
return MAAT_SCAN_ERR;
}
@@ -1221,22 +1208,25 @@ int maat_scan_flag(struct maat *maat_inst, int attribute_id,
state->Nth_scan++;
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
enum table_type table_type = TABLE_TYPE_INVALID;
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_FLAG && table_type != TABLE_TYPE_FLAG_PLUS) {
if (table_type != TABLE_TYPE_FLAG) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1283,12 +1273,11 @@ int maat_scan_flag(struct maat *maat_inst, int attribute_id,
}
}
int maat_scan_integer(struct maat *maat_inst, int attribute_id,
int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *attribute_name,
long long integer, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
if ((NULL == maat_inst) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
(NULL == state) || (state->thread_id < 0)) {
return MAAT_SCAN_ERR;
}
@@ -1300,23 +1289,25 @@ int maat_scan_integer(struct maat *maat_inst, int attribute_id,
state->Nth_scan++;
int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
enum table_type table_type = TABLE_TYPE_INVALID;
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_INTERVAL &&
table_type != TABLE_TYPE_INTERVAL_PLUS) {
if (table_type != TABLE_TYPE_INTERVAL) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1363,12 +1354,11 @@ int maat_scan_integer(struct maat *maat_inst, int attribute_id,
}
}
int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_addr,
int port, uuid_t *results, size_t n_result,
int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *attribute_name,
uint32_t ip_addr, int port, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
if ((NULL == maat_inst) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
(NULL == state) || (state->thread_id < 0)) {
return MAAT_SCAN_ERR;
}
@@ -1380,20 +1370,23 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_ad
state->Nth_scan++;
int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
enum table_type table_type = TABLE_TYPE_INVALID;
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_IP) {
maat_inst->stat->scan_err_cnt++;
@@ -1442,12 +1435,11 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_ad
}
}
int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_addr,
int port, uuid_t *results, size_t n_result,
int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *attribute_name,
uint8_t *ip_addr, int port, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == ip_addr) || (NULL == results) || (0 == n_result) ||
if ((NULL == maat_inst) || (NULL == ip_addr) || (NULL == results) || (0 == n_result) ||
(NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) {
return MAAT_SCAN_ERR;
}
@@ -1459,20 +1451,23 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_ad
state->Nth_scan++;
int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
enum table_type table_type = TABLE_TYPE_INVALID;
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_IP) {
maat_inst->stat->scan_err_cnt++;
@@ -1522,29 +1517,27 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_ad
}
#define PORT_IGNORED -1
inline int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_addr,
uuid_t *results, size_t n_result, size_t *n_hit_result,
inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name,
uint8_t *ip_addr, uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
return maat_scan_ipv6_port(instance, attribute_id, ip_addr, PORT_IGNORED,
return maat_scan_ipv6_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED,
results, n_result, n_hit_result, state);
}
inline int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_addr,
uuid_t *results, size_t n_result, size_t *n_hit_result,
inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name,
uint32_t ip_addr, uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
return maat_scan_ipv4_port(instance, attribute_id, ip_addr, PORT_IGNORED,
return maat_scan_ipv4_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED,
results, n_result, n_hit_result, state);
}
int maat_scan_string(struct maat *maat_inst, int attribute_id,
const char *data, size_t data_len,
uuid_t *results, size_t n_result,
int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *attribute_name,
const char *data, size_t data_len, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == data) || (0 == data_len) || (NULL == results) ||
if ((NULL == maat_inst) || (NULL == data) || (0 == data_len) || (NULL == results) ||
(0 == n_result) || (NULL == n_hit_result) || (NULL == state) ||
(state->thread_id < 0)) {
return MAAT_SCAN_ERR;
@@ -1557,22 +1550,25 @@ int maat_scan_string(struct maat *maat_inst, int attribute_id,
state->Nth_scan++;
int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
enum table_type table_type = TABLE_TYPE_INVALID;
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_EXPR && table_type != TABLE_TYPE_EXPR_PLUS) {
if (table_type != TABLE_TYPE_EXPR) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1680,13 +1676,12 @@ maat_state_activate_hit_not_object(struct maat_state *state, int attribute_id)
attribute_id, state->Nth_scan);
}
int maat_scan_object(struct maat *maat_inst, int attribute_id,
int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *attribute_name,
struct maat_hit_object *objects, size_t n_object,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == objects) || (0 == n_object) || (NULL == results) ||
if ((NULL == maat_inst) || (NULL == objects) || (0 == n_object) || (NULL == results) ||
(0 == n_result) || (NULL == n_hit_result) || (NULL == state) ||
(state->thread_id < 0)) {
return -1;
@@ -1694,17 +1689,21 @@ int maat_scan_object(struct maat *maat_inst, int attribute_id,
state->Nth_scan++;
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
@@ -1723,12 +1722,11 @@ int maat_scan_object(struct maat *maat_inst, int attribute_id,
return MAAT_SCAN_OK;
}
int maat_scan_not_logic(struct maat *maat_inst, int attribute_id,
int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *attribute_name,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
if ((NULL == maat_inst) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) ||
(NULL == state) || (state->thread_id < 0)) {
return -1;
}
@@ -1737,6 +1735,11 @@ int maat_scan_not_logic(struct maat *maat_inst, int attribute_id,
return 0;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
return -1;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
@@ -1759,11 +1762,9 @@ int maat_scan_not_logic(struct maat *maat_inst, int attribute_id,
return MAAT_SCAN_OK;
}
struct maat_stream *maat_stream_new(struct maat *maat_inst, int attribute_id,
struct maat_state *state)
struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *attribute_name, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
(NULL == state) || (state->thread_id < 0)) {
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
return NULL;
}
@@ -1771,8 +1772,8 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int attribute_id,
stream->ref_maat_inst = maat_inst;
stream->last_full_version = maat_inst->last_full_version;
stream->thread_id = state->thread_id;
stream->table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
stream->attribute_id = attribute_id;
stream->table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
stream->attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
stream->logger = maat_inst->logger;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1780,11 +1781,13 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int attribute_id,
if (stream->table_id < 0) {
goto error;
}
if (stream->attribute_id < 0) {
goto error;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr,
stream->table_id);
if (table_type != TABLE_TYPE_EXPR &&
table_type != TABLE_TYPE_EXPR_PLUS) {
if (table_type != TABLE_TYPE_EXPR) {
goto error;
}
@@ -1822,13 +1825,8 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
enum table_type table_type = TABLE_TYPE_INVALID;
struct table_manager *tbl_mgr = stream->ref_maat_inst->tbl_mgr;
table_type = table_manager_get_table_type(tbl_mgr, stream->table_id);
if (table_type == TABLE_TYPE_EXPR_PLUS &&
DISTRICT_FLAG_UNSET == state->district_flag) {
return -1;
}
if (table_type != TABLE_TYPE_EXPR &&
table_type != TABLE_TYPE_EXPR_PLUS) {
if (table_type != TABLE_TYPE_EXPR) {
return -1;
}
@@ -1951,8 +1949,6 @@ struct maat_state *maat_state_new(struct maat *maat_inst, int thread_id)
struct maat_state *state = ALLOC(struct maat_state, 1);
state->maat_inst = maat_inst;
state->district_flag = DISTRICT_FLAG_UNSET;
state->district_id = DISTRICT_ANY;
state->thread_id = thread_id;
/* state->rule_state no need to alloc memory at this point,
@@ -1970,8 +1966,6 @@ void maat_state_reset(struct maat_state *state)
}
state->rule_table_id = 0;
state->district_flag = DISTRICT_FLAG_UNSET;
state->district_id = DISTRICT_ANY;
state->Nth_scan = 0;
if (state->rule_compile_state != NULL) {
@@ -2008,72 +2002,14 @@ void maat_state_free(struct maat_state *state)
thread_id, sizeof(struct maat_state));
}
int maat_state_set_scan_district(struct maat_state *state, int attribute_id,
const char *district, size_t district_len)
int maat_state_set_scan_rule_table(struct maat_state *state, const char *rule_table_name)
{
if (NULL == state || NULL == district || 0 == district_len) {
if (NULL == state) {
return -1;
}
struct maat *maat_inst = state->maat_inst;
assert(maat_inst != NULL);
if (NULL == maat_inst->maat_rt) {
return -1;
}
int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id);
if (table_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_FLAG_PLUS && table_type != TABLE_TYPE_EXPR_PLUS &&
table_type != TABLE_TYPE_INTERVAL_PLUS) {
return -1;
}
int ret = -1;
long long district_id = DISTRICT_UNKNOWN;
void *runtime = table_manager_get_runtime(maat_inst->tbl_mgr, table_id);
assert(runtime != NULL);
switch (table_type) {
case TABLE_TYPE_FLAG_PLUS:
ret = flag_runtime_set_scan_district((struct flag_runtime *)runtime,
district, district_len, &district_id);
break;
case TABLE_TYPE_EXPR_PLUS:
ret = expr_runtime_set_scan_district((struct expr_runtime *)runtime,
district, district_len, &district_id);
break;
case TABLE_TYPE_INTERVAL_PLUS:
ret = interval_runtime_set_scan_district((struct interval_runtime *)runtime,
district, district_len, &district_id);
break;
default:
break;
}
if (ret < 0) {
state->district_id = DISTRICT_UNKNOWN;
} else {
state->district_id = (int)district_id;
}
state->district_flag = DISTRICT_FLAG_SET;
return 0;
}
int maat_state_set_scan_rule_table(struct maat_state *state,
int rule_table_id)
{
if (NULL == state || rule_table_id < 0) {
int rule_table_id = table_manager_get_table_id(state->maat_inst->tbl_mgr, rule_table_name);
if (rule_table_id < 0) {
return -1;
}
@@ -2089,17 +2025,17 @@ int maat_state_set_scan_rule_table(struct maat_state *state,
return 0;
}
int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids,
size_t n_rule_ids, int *rule_table_ids)
int maat_state_get_rule_table_names(struct maat_state *state, uuid_t *rule_ids,
size_t n_rule_ids, char *rule_table_names[])
{
if (NULL == state || NULL == rule_ids || 0 == n_rule_ids ||
NULL == rule_table_ids) {
NULL == rule_table_names) {
return -1;
}
for (size_t i = 0; i < n_rule_ids; i++) {
rule_table_ids[i] = rule_compile_state_get_rule_table_id(state->rule_compile_state,
rule_ids[i]);
int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, rule_ids[i]);
rule_table_names[i] = (char *)table_manager_get_table_name(state->maat_inst->tbl_mgr, table_id);
}
return n_rule_ids;

1
src/maat_bool_plugin.c
View File

@@ -115,6 +115,7 @@ int bool_plugin_table_set_ex_container_schema(void *bool_plugin_schema, int tabl
}
schema->container_schema.table_id = table_id;
schema->container_schema.table_name = (char*)table_manager_get_table_name(schema->ref_tbl_mgr, table_id);
schema->container_schema.custom_data_free = custom_data_free;
schema->container_schema.ex_schema.new_func = new_func;
schema->container_schema.ex_schema.free_func = free_func;

83
src/maat_config_monitor.c
View File

@@ -127,6 +127,7 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
cJSON *tmp_obj = NULL;
cJSON *rule_table = cJSON_GetObjectItem(json_root, "rule_table");
cJSON *object2object_table = cJSON_GetObjectItem(json_root, "object2object_table");
cJSON *plugin_table = cJSON_GetObjectItem(json_root, "plugin_table");
tmp_obj = cJSON_GetObjectItem(json_root, "items");
if (tmp_obj != NULL) {
@@ -156,7 +157,16 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
if (object2object_table) {
config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn);
}
if (rule_table) {
config_load_json_content(json_root, rule_table->valuestring, "rules", u_param, update_fn);
}
if (plugin_table) {
cJSON *plugin_item;
cJSON_ArrayForEach(plugin_item, plugin_table) {
cJSON *table_name = cJSON_GetObjectItem(plugin_item, "table_name");
config_load_json_content(plugin_item, table_name->valuestring, "table_content", u_param, update_fn);
}
}
if (finish_fn != NULL) {
finish_fn(u_param);
@@ -169,9 +179,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
cJSON *top_items = cJSON_GetObjectItem(*json_root, "items");
cJSON *top_objects = cJSON_GetObjectItem(*json_root, "objects");
cJSON *rules = cJSON_GetObjectItem(*json_root, "rules");
long long item_id = 1;
long long object_id = 1;
char str[10];
uuid_t tmp_uuid;
if (top_items == NULL) {
top_items = cJSON_CreateArray();
@@ -182,9 +190,9 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
"objects": [ "items": [
{ {
"object_name": "ASN1234", "table_name": "AS_NUMBER",
"object_id": 1, "table_content": {
"items": [ "item_id": "1",
{ "object_id": "1",
"uuid": 1, "table_content": {
"items": [ "uuid": "1",
{ "object_uuid": "1",
"table_name": "AS_NUMBER", --------------------> "keywords": "^AS1234$",
"table_type": "expr", "expr_type": "and"
"table_content": { }
@@ -198,7 +206,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
*/
cJSON *tmp_node = NULL;
cJSON_ArrayForEach(tmp_node, top_objects) {
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_node, "object_id");
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_node, "uuid");
cJSON *items = cJSON_GetObjectItem(tmp_node, "items");
cJSON *tmp_item = NULL;
cJSON_ArrayForEach(tmp_item, items) {
@@ -208,19 +216,19 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
cJSON *new_table_content = cJSON_Duplicate(table_content, 0);
if (object_id_obj == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", object_id);
cJSON_AddStringToObject(new_table_content, "object_id", str);
object_id++;
char uuid_str[UUID_STR_LEN];
uuid_generate(tmp_uuid);
uuid_unparse(tmp_uuid, uuid_str);
cJSON_AddStringToObject(new_table_content, "object_uuid", uuid_str);
} else {
cJSON_AddStringToObject(new_table_content, "object_id", object_id_obj->valuestring);
cJSON_AddStringToObject(new_table_content, "object_uuid", object_id_obj->valuestring);
}
if (cJSON_GetObjectItem(table_content, "item_id") == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", item_id);
cJSON_AddStringToObject(new_table_content, "item_id", str);
item_id++;
if (cJSON_GetObjectItem(table_content, "uuid") == NULL) {
char uuid_str[UUID_STR_LEN];
uuid_generate(tmp_uuid);
uuid_unparse(tmp_uuid, uuid_str);
cJSON_AddStringToObject(new_table_content, "uuid", uuid_str);
}
cJSON_AddStringToObject(new_item, "table_name", table_name->valuestring);
@@ -232,10 +240,10 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
/*
"rules": [ "items":[
{ {
"rule_id": "201", "table_name": "ATTR_APP_ID",
"uuid": "201", "table_name": "ATTR_APP_ID",
"conditions": [ "table_content": {
{ "item_id": "1",
"attribute_name": "ATTR_APP_ID", "object_id": "1",
{ "uuid": "1",
"attribute_name": "ATTR_APP_ID", "object_uuid": "1",
"objects": [ "interval": "4001"
{
"items":[ --------------> }
@@ -244,11 +252,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
"interval": "4001"
]
} "rules": [{
] "rule_id": "201",
] "uuid": "201",
} "conditions": [
], {
"misc": "blah, blah" "attribute_name": "ATTR_APP_ID",
} "object_ids": [1]
} "object_uuids": ["1"]
] }
]
"misc": "blah, blah"
@@ -261,7 +269,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "conditions");
cJSON_ArrayForEach(tmp_condition, condition_array) {
cJSON *tmp_object = NULL;
cJSON *object_id_array = cJSON_CreateArray();
cJSON *object_uuid_array = cJSON_CreateArray();
cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects");
if (object_array == NULL) {
@@ -270,17 +278,18 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
cJSON_ArrayForEach(tmp_object, object_array) {
//find items, generate item_id and object_id
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "object_id");
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid");
cJSON *items = cJSON_GetObjectItem(tmp_object, "items");
cJSON *item = NULL;
memset(str, 0, sizeof(str));
char obj_uuid_str[UUID_STR_LEN];
memset(obj_uuid_str, 0, sizeof(obj_uuid_str));
if (object_id_obj != NULL) {
snprintf(str, sizeof(str), "%s", object_id_obj->valuestring);
snprintf(obj_uuid_str, sizeof(obj_uuid_str), "%s", object_id_obj->valuestring);
} else {
snprintf(str, sizeof(str), "%lld", object_id);
object_id++;
uuid_generate(tmp_uuid);
uuid_unparse(tmp_uuid, obj_uuid_str);
}
cJSON_ArrayForEach(item, items) {
cJSON *table_name = cJSON_GetObjectItem(item, "table_name");
cJSON *tmp_item = cJSON_CreateObject();
@@ -288,23 +297,23 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
cJSON *dup = cJSON_Duplicate(cJSON_GetObjectItem(item, "table_content"), 1);
if (cJSON_GetObjectItem(dup, "item_id") == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", item_id);
cJSON_AddStringToObject(dup, "item_id", str);
item_id++;
if (cJSON_GetObjectItem(dup, "uuid") == NULL) {
char uuid_str[UUID_STR_LEN];
uuid_generate(tmp_uuid);
uuid_unparse(tmp_uuid, uuid_str);
cJSON_AddStringToObject(dup, "uuid", uuid_str);
}
cJSON_AddStringToObject(dup, "object_id", str);
cJSON_AddStringToObject(dup, "object_uuid", obj_uuid_str);
cJSON_AddItemToObject(tmp_item, "table_content", dup);
cJSON_AddItemToArray(top_items, tmp_item);
}
cJSON_AddItemToArray(object_id_array, cJSON_CreateString(str));
cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(obj_uuid_str));
}
//replace object content with object_id
cJSON_DeleteItemFromObject(tmp_condition, "objects");
cJSON_AddItemToObject(tmp_condition, "object_ids", object_id_array);
cJSON_AddItemToObject(tmp_condition, "object_uuids", object_uuid_array);
}
}

8
src/maat_ex_data.c
View File

@@ -157,7 +157,7 @@ void *ex_data_runtime_row2ex_data(struct ex_data_runtime *ex_data_rt,
{
void *ex_data = NULL;
struct ex_container_schema *container_schema = ex_data_rt->ref_container_schema;
container_schema->ex_schema.new_func(table_name, ex_data_rt->table_id, key, row,
container_schema->ex_schema.new_func(table_name, key, row,
&ex_data, container_schema->ex_schema.argl,
container_schema->ex_schema.argp);
return ex_data;
@@ -192,7 +192,7 @@ void ex_container_free(void *ex_data_runtime, void *ex_container)
/* free ex_container->ex_data */
if (container->ex_data != NULL && container_schema->ex_schema.free_func != NULL) {
container_schema->ex_schema.free_func(container_schema->table_id,
container_schema->ex_schema.free_func(container_schema->table_name,
&(container->ex_data),
container_schema->ex_schema.argl,
container_schema->ex_schema.argp);
@@ -251,7 +251,7 @@ void *ex_data_runtime_get_ex_data_by_key(struct ex_data_runtime *ex_data_rt,
}
void *dup_ex_data = NULL;
container_schema->ex_schema.dup_func(ex_data_rt->table_id, &dup_ex_data,
container_schema->ex_schema.dup_func(container_schema->table_name, &dup_ex_data,
&(ex_container->ex_data),
container_schema->ex_schema.argl,
container_schema->ex_schema.argp);
@@ -271,7 +271,7 @@ void *ex_data_runtime_get_ex_data_by_container(struct ex_data_runtime *ex_data_r
}
void *dup_ex_data = NULL;
container_schema->ex_schema.dup_func(ex_data_rt->table_id, &dup_ex_data,
container_schema->ex_schema.dup_func(container_schema->table_name, &dup_ex_data,
&(ex_container->ex_data),
container_schema->ex_schema.argl,
container_schema->ex_schema.argp);

97
src/maat_expr.c
View File

@@ -61,8 +61,6 @@ struct expr_item {
uuid_t object_uuid;
char keywords[MAX_KEYWORDS_STR_LEN + 1];
enum expr_type expr_type;
void *user_data;
int district_id;
};
struct expr_runtime {
@@ -78,9 +76,6 @@ struct expr_runtime {
struct maat_garbage_bin *ref_garbage_bin;
enum expr_engine_type engine_type;
int district_num;
struct maat_kv_store *district_map;
struct maat_kv_store *tmp_district_map;
long long *scan_times;
long long *scan_cpu_time;
@@ -117,45 +112,11 @@ static enum expr_type int_to_expr_type(int expr_type) {
return type;
}
static int expr_runtime_get_district_id(struct expr_runtime *expr_rt,
const char *district)
{
long long district_id = DISTRICT_ANY;
int map_ret = maat_kv_read(expr_rt->district_map, district, &district_id, 1);
if (map_ret < 0) {
if (NULL == expr_rt->tmp_district_map) {
expr_rt->tmp_district_map = maat_kv_store_duplicate(expr_rt->district_map);
}
map_ret = maat_kv_read(expr_rt->tmp_district_map, district, &district_id, 1);
if (map_ret < 0) {
district_id = expr_rt->district_num;
maat_kv_register(expr_rt->tmp_district_map, district, district_id);
expr_rt->district_num++;
}
}
return (int)district_id;
}
int expr_runtime_set_scan_district(struct expr_runtime *expr_rt, const char *district,
size_t district_len, long long *district_id)
{
if (NULL == expr_rt || NULL == district || 0 == district_len) {
return -1;
}
return maat_kv_read_unNull(expr_rt->district_map, district, district_len,
district_id, 1);
}
static struct expr_item *
expr_item_new(struct expr_schema *expr_schema, const char *table_name,
const cJSON *json, struct expr_runtime *expr_rt, uuid_t item_uuid)
{
int expr_type = -1;
enum table_type table_type = TABLE_TYPE_INVALID;
struct expr_item *expr_item = ALLOC(struct expr_item, 1);
cJSON *tmp_obj = NULL;
size_t len = 0;
@@ -217,34 +178,6 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
}
}
table_type = table_manager_get_table_type(expr_schema->ref_tbl_mgr, expr_schema->table_id);
if (table_type == TABLE_TYPE_EXPR_PLUS) {
tmp_obj = cJSON_GetObjectItem(json, "district");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no district in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
len = strlen(tmp_obj->valuestring);
if (len > MAX_DISTRICT_STR_LEN) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> district length exceed maximum:%d"
" in line:%s", __FUNCTION__, __LINE__, table_name,
MAX_DISTRICT_STR_LEN, cJSON_Print(json));
goto error;
}
char district[MAX_DISTRICT_STR_LEN + 1] = {0};
memcpy(district, tmp_obj->valuestring, len);
assert(strlen(district) > 0);
str_unescape(district);
expr_item->district_id = expr_runtime_get_district_id(expr_rt, district);
} else {
expr_item->district_id = DISTRICT_ANY;
}
return expr_item;
error:
FREE(expr_item);
@@ -316,10 +249,6 @@ static void expr_item_free(struct expr_item *item)
return;
}
if (item->user_data != NULL) {
FREE(item->user_data);
}
FREE(item);
}
@@ -344,7 +273,7 @@ void *expr_runtime_new(void *expr_schema, size_t max_thread_num,
expr_rt->n_worker_thread = max_thread_num;
expr_rt->ref_garbage_bin = garbage_bin;
expr_rt->logger = logger;
expr_rt->district_map = maat_kv_store_new();
if (schema->engine_type == MAAT_EXPR_ENGINE_AUTO) {
expr_rt->engine_type = table_manager_get_expr_engine(schema->ref_tbl_mgr);
} else {
@@ -379,13 +308,6 @@ void expr_runtime_free(void *expr_runtime)
expr_rt->item_hash = NULL;
}
assert(expr_rt->tmp_district_map == NULL);
if (expr_rt->district_map != NULL) {
maat_kv_store_free(expr_rt->district_map);
expr_rt->district_map = NULL;
}
if (expr_rt->scan_times != NULL) {
alignment_int64_array_free(expr_rt->scan_times);
expr_rt->scan_times = NULL;
@@ -658,7 +580,6 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
}
uuid_copy(expr_rule->expr_uuid, expr_item->item_uuid);
expr_rule->tag = expr_item->user_data;
expr_rule->n_patterns = sub_expr_cnt;
return 0;
@@ -714,11 +635,6 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
expr_rt->update_err_cnt++;
goto ERROR;
}
int *item_district_id = ALLOC(int, 1);
*item_district_id = expr_item->district_id;
expr_item->user_data = item_district_id;
}
int ret = expr_runtime_update_row(expr_rt, (char *)&item_uuid, sizeof(item_uuid),
@@ -771,14 +687,6 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name,
return 0;
}
if (expr_rt->tmp_district_map != NULL) {
struct maat_kv_store *tmp_map = expr_rt->district_map;
expr_rt->district_map = expr_rt->tmp_district_map;
expr_rt->tmp_district_map = NULL;
maat_garbage_bagging(expr_rt->ref_garbage_bin, tmp_map, NULL,
garbage_maat_kv_store_free);
}
int ret = 0;
size_t i = 0;
size_t real_rule_cnt = 0;
@@ -943,8 +851,6 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
}
for (size_t i = 0; i < n_hit_item; i++) {
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id || tag_district_id == DISTRICT_ANY) {
struct expr_item *expr_item = (struct expr_item *)rcu_hash_find(expr_rt->item_hash,
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
@@ -957,7 +863,6 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
uuid_copy(hit_maat_items[real_hit_item_num].object_uuid, expr_item->object_uuid);
real_hit_item_num++;
}
}
if (real_hit_item_num > 0) {
alignment_int64_array_add(expr_rt->hit_item_num, state->thread_id,

97
src/maat_flag.c
View File

@@ -34,8 +34,6 @@ struct flag_item {
uuid_t object_uuid;
long long flag;
long long flag_mask;
void *user_data;
int district_id;
};
struct flag_runtime {
@@ -47,10 +45,6 @@ struct flag_runtime {
struct log_handle *logger;
struct maat_garbage_bin *ref_garbage_bin;
int district_num;
struct maat_kv_store *district_map;
struct maat_kv_store *tmp_district_map;
long long *scan_times;
long long *scan_cpu_time;
@@ -98,10 +92,6 @@ static void flag_item_free(struct flag_item *item)
return;
}
if (item->user_data != NULL) {
FREE(item->user_data);
}
FREE(item);
}
@@ -126,7 +116,6 @@ void *flag_runtime_new(void *flag_schema, size_t max_thread_num,
flag_rt->n_worker_thread = max_thread_num;
flag_rt->ref_garbage_bin = garbage_bin;
flag_rt->logger = logger;
flag_rt->district_map = maat_kv_store_new();
flag_rt->scan_times = alignment_int64_array_alloc(max_thread_num);
flag_rt->scan_cpu_time = alignment_int64_array_alloc(max_thread_num);
@@ -154,13 +143,6 @@ void flag_runtime_free(void *flag_runtime)
flag_rt->matcher = NULL;
}
assert(flag_rt->tmp_district_map == NULL);
if (flag_rt->district_map != NULL) {
maat_kv_store_free(flag_rt->district_map);
flag_rt->district_map = NULL;
}
if (flag_rt->scan_times != NULL) {
alignment_int64_array_free(flag_rt->scan_times);
flag_rt->scan_times = NULL;
@@ -209,45 +191,11 @@ static int flag_runtime_update_row(struct flag_runtime *flag_rt, char *key,
return 0;
}
static int flag_runtime_get_district_id(struct flag_runtime *flag_rt,
const char *district)
{
long long district_id = DISTRICT_ANY;
int map_ret = maat_kv_read(flag_rt->district_map, district, &district_id, 1);
if (map_ret < 0) {
if (NULL == flag_rt->tmp_district_map) {
flag_rt->tmp_district_map = maat_kv_store_duplicate(flag_rt->district_map);
}
map_ret = maat_kv_read(flag_rt->tmp_district_map, district, &district_id, 1);
if (map_ret < 0) {
district_id = flag_rt->district_num;
maat_kv_register(flag_rt->tmp_district_map, district, district_id);
flag_rt->district_num++;
}
}
return (int)district_id;
}
int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *district,
size_t district_len, long long *district_id)
{
if (NULL == flag_rt || NULL == district || 0 == district_len) {
return -1;
}
return maat_kv_read_unNull(flag_rt->district_map, district, district_len,
district_id, 1);
}
static struct flag_item *
flag_item_new(struct flag_schema *schema, const char *table_name,
const cJSON *json, struct flag_runtime *flag_rt, uuid_t item_uuid)
{
cJSON *tmp_obj = NULL;
enum table_type table_type = TABLE_TYPE_INVALID;
struct flag_item *item = ALLOC(struct flag_item, 1);
uuid_copy(item->item_uuid, item_uuid);
@@ -261,33 +209,6 @@ flag_item_new(struct flag_schema *schema, const char *table_name,
}
uuid_parse(tmp_obj->valuestring, item->object_uuid);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
tmp_obj = cJSON_GetObjectItem(json, "district");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag_plus table:<%s> has no district in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
size_t len = strlen(tmp_obj->valuestring);
if (len > MAX_DISTRICT_STR_LEN) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag_plus table:<%s> district length exceed "
"maximum:%d in json:%s", __FUNCTION__, __LINE__,
table_name, MAX_DISTRICT_STR_LEN, cJSON_Print(json));
goto error;
}
char district[MAX_DISTRICT_STR_LEN + 1] = {0};
memcpy(district, tmp_obj->valuestring, len);
assert(strlen(district) > 0);
item->district_id = flag_runtime_get_district_id(flag_rt, district);
} else {
item->district_id = DISTRICT_ANY;
}
tmp_obj = cJSON_GetObjectItem(json, "flag");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(flag_rt->logger, MODULE_FLAG,
@@ -321,7 +242,6 @@ static struct flag_rule flag_item_to_flag_rule(struct flag_item *item)
uuid_copy(rule.rule_uuid, item->item_uuid);
rule.flag = item->flag;
rule.mask = item->flag_mask;
rule.user_tag = item->user_data;
return rule;
}
@@ -364,11 +284,6 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
flag_rt->update_err_cnt++;
goto ERROR;
}
int *item_district_id = ALLOC(int, 1);
*item_district_id = flag_item->district_id;
flag_item->user_data = item_district_id;
}
int ret = flag_runtime_update_row(flag_rt, (char *)&item_uuid, sizeof(item_uuid),
@@ -410,14 +325,6 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name,
return 0;
}
if (flag_rt->tmp_district_map != NULL) {
struct maat_kv_store *tmp_map = flag_rt->district_map;
flag_rt->district_map = flag_rt->tmp_district_map;
flag_rt->tmp_district_map = NULL;
maat_garbage_bagging(flag_rt->ref_garbage_bin, tmp_map, NULL,
garbage_maat_kv_store_free);
}
struct flag_rule *rules = NULL;
void **ex_data_array = NULL;
@@ -520,9 +427,6 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
}
for (int i = 0; i < n_hit_item; i++) {
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id ||
tag_district_id == DISTRICT_ANY) {
struct flag_item *flag_item =
(struct flag_item *)rcu_hash_find(flag_rt->item_hash,
(char *)&hit_results[i].rule_uuid,
@@ -536,7 +440,6 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, flag_item->object_uuid);
real_hit_item_cnt++;
}
}
if (real_hit_item_cnt > 0) {
alignment_int64_array_add(flag_rt->hit_item_num, state->thread_id,

1
src/maat_fqdn_plugin.c
View File

@@ -114,6 +114,7 @@ int fqdn_plugin_table_set_ex_container_schema(void *fqdn_plugin_schema, int tabl
}
schema->container_schema.table_id = table_id;
schema->container_schema.table_name = (char*)table_manager_get_table_name(schema->ref_tbl_mgr, table_id);
schema->container_schema.custom_data_free = custom_data_free;
schema->container_schema.ex_schema.new_func = new_func;
schema->container_schema.ex_schema.free_func = free_func;

99
src/maat_interval.c
View File

@@ -31,8 +31,6 @@ struct interval_item {
uuid_t object_uuid;
int low_boundary;
int up_boundary;
void *user_data;
int district_id;
};
struct interval_runtime {
@@ -44,10 +42,6 @@ struct interval_runtime {
struct log_handle *logger;
struct maat_garbage_bin *ref_garbage_bin;
int district_num;
struct maat_kv_store *district_map;
struct maat_kv_store *tmp_district_map;
long long *scan_times;
long long *scan_cpu_time;
@@ -95,10 +89,6 @@ static void interval_item_free(struct interval_item *item)
return;
}
if (item->user_data != NULL) {
FREE(item->user_data);
}
FREE(item);
}
@@ -122,7 +112,6 @@ void *interval_runtime_new(void *interval_schema, size_t max_thread_num,
interval_rt->n_worker_thread = max_thread_num;
interval_rt->ref_garbage_bin = garbage_bin;
interval_rt->logger = logger;
interval_rt->district_map = maat_kv_store_new();
interval_rt->hit_times = alignment_int64_array_alloc(max_thread_num);
interval_rt->scan_times = alignment_int64_array_alloc(max_thread_num);
@@ -149,13 +138,6 @@ void interval_runtime_free(void *interval_runtime)
interval_rt->matcher = NULL;
}
assert(interval_rt->tmp_district_map == NULL);
if (interval_rt->district_map != NULL) {
maat_kv_store_free(interval_rt->district_map);
interval_rt->district_map = NULL;
}
if (interval_rt->hit_times != NULL) {
alignment_int64_array_free(interval_rt->hit_times);
interval_rt->hit_times = NULL;
@@ -179,45 +161,10 @@ void interval_runtime_free(void *interval_runtime)
FREE(interval_rt);
}
static int interval_runtime_get_district_id(struct interval_runtime *interval_rt,
const char *district)
{
long long district_id = DISTRICT_ANY;
int map_ret = maat_kv_read(interval_rt->district_map, district, &district_id, 1);
if (map_ret < 0) {
if (NULL == interval_rt->tmp_district_map) {
interval_rt->tmp_district_map = maat_kv_store_duplicate(interval_rt->district_map);
}
map_ret = maat_kv_read(interval_rt->tmp_district_map, district, &district_id, 1);
if (map_ret < 0) {
district_id = interval_rt->district_num;
maat_kv_register(interval_rt->tmp_district_map, district, district_id);
interval_rt->district_num++;
}
}
return (int)district_id;
}
int interval_runtime_set_scan_district(struct interval_runtime *interval_rt,
const char *district, size_t district_len,
long long *district_id)
{
if (NULL == interval_rt || NULL == district || 0 == district_len) {
return -1;
}
return maat_kv_read_unNull(interval_rt->district_map, district, district_len,
district_id, 1);
}
static struct interval_item *
interval_item_new(struct interval_schema *schema, const char *table_name,
const cJSON *json, struct interval_runtime *interval_rt, uuid_t item_uuid)
{
enum table_type table_type = TABLE_TYPE_INVALID;
char port_str[16] = {0};
struct interval_item *item = ALLOC(struct interval_item, 1);
cJSON *tmp_obj = NULL;
@@ -233,34 +180,6 @@ interval_item_new(struct interval_schema *schema, const char *table_name,
}
uuid_parse(tmp_obj->valuestring, item->object_uuid);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
tmp_obj = cJSON_GetObjectItem(json, "district");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval_plus table:<%s> has no district in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
size_t len = strlen(tmp_obj->valuestring);
if (len > MAX_DISTRICT_STR_LEN) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval_plus table:<%s> district length exceed "
"maximum:%d in line:%s", __FUNCTION__, __LINE__, table_name,
MAX_DISTRICT_STR_LEN, cJSON_Print(json));
goto error;
}
char district[MAX_DISTRICT_STR_LEN + 1] = {0};
memcpy(district, tmp_obj->valuestring, len);
assert(strlen(district) > 0);
item->district_id = interval_runtime_get_district_id(interval_rt, district);
} else {
item->district_id = DISTRICT_ANY;
}
tmp_obj = cJSON_GetObjectItem(json, "interval");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
@@ -290,7 +209,6 @@ interval_item_to_interval_rule(struct interval_item *item)
rule.start = item->low_boundary;
rule.end = item->up_boundary;
uuid_copy(rule.result.rule_uuid, item->item_uuid);
rule.result.user_tag = item->user_data;
return rule;
}
@@ -372,11 +290,6 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
interval_rt->update_err_cnt++;
goto ERROR;
}
int *item_district_id = ALLOC(int, 1);
*item_district_id = interval_item->district_id;
interval_item->user_data = item_district_id;
}
int ret = interval_runtime_update_row(interval_rt, (char *)&item_uuid, sizeof(uuid_t),
@@ -419,14 +332,6 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name,
return 0;
}
if (interval_rt->tmp_district_map != NULL) {
struct maat_kv_store *tmp_map = interval_rt->district_map;
interval_rt->district_map = interval_rt->tmp_district_map;
interval_rt->tmp_district_map = NULL;
maat_garbage_bagging(interval_rt->ref_garbage_bin, tmp_map, NULL,
garbage_maat_kv_store_free);
}
void **ex_data_array = NULL;
struct interval_rule *rules = NULL;
@@ -531,9 +436,6 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
}
for (int i = 0; i < n_hit_item; i++) {
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id ||
tag_district_id == DISTRICT_ANY) {
struct interval_item *int_item =
(struct interval_item *)rcu_hash_find(interval_rt->item_hash,
(char *)&hit_results[i].rule_uuid,
@@ -547,7 +449,6 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, int_item->object_uuid);
real_hit_item_cnt++;
}
}
if (real_hit_item_cnt > 0) {
alignment_int64_array_add(interval_rt->hit_item_num, state->thread_id,

1
src/maat_ip_plugin.c
View File

@@ -226,6 +226,7 @@ int ip_plugin_table_set_ex_container_schema(void *ip_plugin_schema, int table_id
}
schema->container_schema.table_id = table_id;
schema->container_schema.table_name = (char*)table_manager_get_table_name(schema->ref_tbl_mgr, table_id);
schema->container_schema.custom_data_free = custom_data_free;
schema->container_schema.ex_schema.new_func = new_func;
schema->container_schema.ex_schema.free_func = free_func;

3
src/maat_ipport_plugin.c
View File

@@ -143,6 +143,7 @@ int ipport_plugin_table_set_ex_container_schema(void *ipport_plugin_schema, int
}
schema->container_schema.table_id = table_id;
schema->container_schema.table_name = (char*)table_manager_get_table_name(schema->ref_tbl_mgr, table_id);
schema->container_schema.custom_data_free = custom_data_free;
schema->container_schema.ex_schema.new_func = new_func;
schema->container_schema.ex_schema.free_func = free_func;
@@ -231,7 +232,7 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name,
int ret = 0;
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
if (NULL == tmp_obj || tmp_obj->type != cJSON_Number) {
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_IPPORT_PLUGIN,
"[%s:%d] ipport table:<%s> has no key or invalid format, line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));

109
src/maat_plugin.c
View File

@@ -47,7 +47,8 @@ enum plugin_key_type {
PLUGIN_KEY_TYPE_INVALID = 0,
PLUGIN_KEY_TYPE_POINTER,
PLUGIN_KEY_TYPE_INTEGER,
PLUGIN_KEY_TYPE_IP_ADDR
PLUGIN_KEY_TYPE_IP_ADDR,
PLUGIN_KEY_TYPE_UUID
};
#define MAX_PLUGIN_PER_TABLE 32
@@ -118,6 +119,8 @@ void *plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
schema->key_len = custom_item->valueint;
} else if (strcmp(custom_item->valuestring, "ip_addr") == 0) {
schema->key_type = PLUGIN_KEY_TYPE_IP_ADDR;
} else if (strcmp(custom_item->valuestring, "uuid") == 0) {
schema->key_type = PLUGIN_KEY_TYPE_UUID;
} else {
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d]plugin table:<%s> schema key_type:%s is illegal, "
@@ -251,6 +254,7 @@ int plugin_table_set_ex_container_schema(void *plugin_schema, int table_id,
}
schema->container_schema.table_id = table_id;
schema->container_schema.table_name = (char *)table_manager_get_table_name(schema->ref_tbl_mgr, table_id);
schema->container_schema.custom_data_free = custom_data_free;
schema->container_schema.ex_schema.new_func = new_func;
schema->container_schema.ex_schema.free_func = free_func;
@@ -355,7 +359,7 @@ static int plugin_runtime_update_row(struct plugin_runtime *plugin_rt,
size_t cb_count = plugin_schema->cb_cnt;
if (cb_count > 0) {
for (size_t i = 0; i < cb_count; i++) {
plugin_schema->cb[i].update(plugin_schema->table_id, row, op,
plugin_schema->cb[i].update(table_name, row, op,
plugin_schema->cb[i].u_para);
}
}
@@ -369,13 +373,14 @@ static int plugin_runtime_update_row(struct plugin_runtime *plugin_rt,
}
static int plugin_accept_tag_match(struct plugin_schema *schema,
const char *table_name, const cJSON *json,
const char *table_name, const char *line,
struct log_handle *logger)
{
size_t tag_len = 0;
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL;
int ret = 0;
cJSON *json = cJSON_Parse(line);
tmp_obj = cJSON_GetObjectItem(json, "tag");
@@ -410,21 +415,25 @@ static int plugin_accept_tag_match(struct plugin_schema *schema,
}
}
cJSON_Delete(json);
return TAG_MATCH_MATCHED;
}
static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
const char *table_name, const cJSON *json,
const char *table_name, const char *line,
const char *src_key, size_t src_key_len,
char *dst_key, size_t *dst_key_len,
struct log_handle *logger)
{
cJSON *json = cJSON_Parse(line);
if (src_key_len >= INET6_ADDRSTRLEN) {
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> ip_key too long exceed maximum:%d in "
"table_line:%s", __FUNCTION__, __LINE__, table_name,
INET6_ADDRSTRLEN, cJSON_Print(json));
return -1;
goto ERROR;
}
cJSON *tmp_obj = NULL;
@@ -435,7 +444,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> has no addr_type or not string format in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
return -1;
goto ERROR;
}
char ip_key[INET6_ADDRSTRLEN] = {0};
@@ -451,7 +460,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
"[%s:%d] plugin table:<%s> ipv4 key"
" illegal in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
return -1;
goto ERROR;
}
memcpy(dst_key, (char *)&ipv4_addr, sizeof(ipv4_addr));
@@ -464,7 +473,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
"[%s:%d] plugin table:<%s> ipv6 key"
" illegal in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
return -1;
goto ERROR;
}
memcpy(dst_key, (char *)&ipv6_addr, sizeof(ipv6_addr));
@@ -474,33 +483,32 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
"[%s:%d] plugin table:<%s> addr_type:%d illegal, just"
" allow{4, 6}, table_line:%s",
__FUNCTION__, __LINE__, table_name, addr_type, cJSON_Print(json));
return -1;
goto ERROR;
}
return 0;
ERROR:
if (json) {
cJSON_Delete(json);
}
return -1;
}
static int plugin_table_line_get_key(struct plugin_schema *schema,
const char *table_name, const cJSON *json,
const char *table_name, const char *line,
const char *src_key, size_t src_key_len,
char *dst_key, size_t *dst_key_len,
struct log_handle *logger)
{
if (schema->key_type == PLUGIN_KEY_TYPE_POINTER) {
if (schema->key_type == PLUGIN_KEY_TYPE_POINTER || schema->key_type == PLUGIN_KEY_TYPE_UUID) {
memcpy(dst_key, src_key, src_key_len);
*dst_key_len = src_key_len;
} else if (schema->key_type == PLUGIN_KEY_TYPE_INTEGER) {
if (schema->key_len == sizeof(long long)) {
long long key_ll = atoll(src_key);
memcpy(dst_key, (char *)&key_ll, schema->key_len);
} else {
int key_int = atoi(src_key);
memcpy(dst_key, (char *)&key_int, schema->key_len);
}
memcpy(dst_key, src_key, schema->key_len);
*dst_key_len = schema->key_len;
} else {
//PLUGIN_KEY_TYPE_IP_ADDR
return plugin_table_line_get_ip_key(schema, table_name, json, src_key,
return plugin_table_line_get_ip_key(schema, table_name, line, src_key,
src_key_len, dst_key, dst_key_len,
logger);
}
@@ -519,31 +527,58 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
struct plugin_schema *schema = (struct plugin_schema *)plugin_schema;
struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime;
cJSON *tmp_obj = NULL;
cJSON *json = cJSON_Parse(line);
yyjson_doc *doc = yyjson_read(line, strlen(line), 0);
if (NULL == json) {
const char *raw_key = NULL;
int tmp_int_key = 0;
long long tmp_long_key = 0;
uuid_t uuid_key;
if (NULL == doc) {
log_fatal(plugin_rt->logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> line is not json format, line:%s",
__FUNCTION__, __LINE__, table_name, line);
return -1;
}
yyjson_val *json_root = yyjson_doc_get_root(doc);
int ret = plugin_accept_tag_match(schema, table_name, json, plugin_rt->logger);
int ret = plugin_accept_tag_match(schema, table_name, line, plugin_rt->logger);
if (ret == TAG_MATCH_UNMATCHED) {
plugin_rt->update_err_cnt++;
goto ERROR;
}
size_t raw_key_len = 0;
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
yyjson_val *tmp_obj = yyjson_obj_get(json_root, schema->key_name);
if (tmp_obj == NULL) {
log_fatal(plugin_rt->logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> has no key_name or invalid format in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
"[%s:%d] plugin table:<%s> has no key_name %s in table_line:%s",
__FUNCTION__, __LINE__, table_name, schema->key_name, line);
goto ERROR;
}
raw_key_len = strlen(tmp_obj->valuestring);
if (schema->key_type == PLUGIN_KEY_TYPE_INTEGER) {
if (schema->key_len == sizeof(int)) {
tmp_int_key = yyjson_get_int(tmp_obj);
raw_key = (char*)&tmp_int_key;
} else {
tmp_long_key = yyjson_get_int(tmp_obj);
raw_key = (char*)&tmp_long_key;
}
raw_key_len = schema->key_len;
} else if (schema->key_type == PLUGIN_KEY_TYPE_UUID){
const char *uuid_str = yyjson_get_str(tmp_obj);
if (uuid_parse(uuid_str, uuid_key) == -1) {
log_fatal(plugin_rt->logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> uuid key illegal in table_line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto ERROR;
}
raw_key = (char*)&uuid_key;
raw_key_len = sizeof(uuid_t);
} else {
raw_key = yyjson_get_str(tmp_obj);
raw_key_len = strlen(raw_key);
if (raw_key_len > MAX_KEYWORDS_STR_LEN) {
log_fatal(plugin_rt->logger, MODULE_PLUGIN,
@@ -552,12 +587,12 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
MAX_KEYWORDS_STR_LEN, line);
goto ERROR;
}
}
const char *raw_key = tmp_obj->valuestring;
char hash_key[MAX_KEYWORDS_STR_LEN + 1] = {0};
size_t hash_key_len = 0;
ret = plugin_table_line_get_key(schema, table_name, json, raw_key, raw_key_len,
ret = plugin_table_line_get_key(schema, table_name, line, raw_key, raw_key_len,
hash_key, &hash_key_len, plugin_rt->logger);
if (ret < 0) {
plugin_rt->update_err_cnt++;
@@ -572,7 +607,17 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
}
char print_key[MAX_KEYWORDS_STR_LEN + 1] = {0};
if (schema->key_type == PLUGIN_KEY_TYPE_INTEGER) {
if (schema->key_len == sizeof(long long)) {
snprintf(print_key, sizeof(print_key), "%lld", *(long long*)raw_key);
} else {
snprintf(print_key, sizeof(print_key), "%d", *(int*)raw_key);
}
} else if(schema->key_type == PLUGIN_KEY_TYPE_UUID) {
uuid_unparse(uuid_key, print_key);
} else {
memcpy(print_key, raw_key, raw_key_len);
}
log_debug(plugin_rt->logger, MODULE_PLUGIN,
"plugin table:<%s> update one line, key:%s, key_len:%zu, maat_operation:%d",
table_name, print_key, raw_key_len, op);
@@ -580,8 +625,8 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
return 0;
ERROR:
if (json) {
cJSON_Delete(json);
if (doc) {
yyjson_doc_free(doc);
}
return -1;
}

45
src/maat_rule.c
View File

@@ -271,12 +271,15 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
condition->attribute_id = table_manager_get_attribute_id(schema->ref_tbl_mgr, tmp_obj->valuestring);
if (condition->attribute_id < 0) {
condition->attribute_id = table_manager_attribute_register(schema->ref_tbl_mgr, tmp_obj->valuestring, logger);
if (condition->attribute_id < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> attribute_name:%s is illegal",
"[%s:%d] table: <%s> attribute_name:%s register failed",
__FUNCTION__, __LINE__, table_name, tmp_obj->valuestring);
goto error;
}
}
tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option");
if (tmp_obj) {
@@ -1056,9 +1059,9 @@ maat_rule_is_hit_path_existed(const struct maat_hit_path *hit_paths,
return 0;
}
void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
size_t array_idx, size_t n_hit_path,
size_t *n_new_hit_path,
size_t *n_new_hit_path, int attribute_id,
struct maat_rule *rule)
{
size_t i = 0;
@@ -1076,7 +1079,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid);
// find out which condition in rule hit
n_condition_index =
maat_rule_get_hit_condition_index(rule, hit_path_array[idx].attribute_id,
maat_rule_get_hit_condition_index(rule, attribute_id,
hit_path_array[idx].top_object_uuid,
condition_index_array,
MAX_ITEMS_PER_BOOL_EXPR);
@@ -1097,7 +1100,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++;
n_condition_index =
maat_rule_get_hit_condition_index(rule, tmp_path.attribute_id, tmp_path.top_object_uuid,
maat_rule_get_hit_condition_index(rule, attribute_id, tmp_path.top_object_uuid,
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
if (n_condition_index > 1) {
@@ -1150,12 +1153,14 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
} else {
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
int attribute_id = table_manager_get_attribute_id(rule_rt->ref_maat_rt->ref_tbl_mgr,
hit_path_array[j].attribute_name);
key.attribute_id = hit_path_array[j].attribute_id;
key.attribute_id = attribute_id;
key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
&n_new_hit_path, rule);
&n_new_hit_path, attribute_id, rule);
}
}
}
@@ -1166,7 +1171,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
static void
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items,
size_t n_hit_items, int attribute_id)
size_t n_hit_items, char *attribute_name)
{
if (NULL == rule_compile_state || NULL == hit_items) {
return;
@@ -1176,7 +1181,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
for (size_t i = 0; i < n_hit_items; i++) {
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_id = attribute_id;
hit_object.attribute_name = attribute_name;
utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object);
}
}
@@ -1184,7 +1189,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
uuid_t *object_uuids,
size_t n_object_uuids, int attribute_id)
size_t n_object_uuids, char *attribute_name)
{
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
@@ -1194,7 +1199,7 @@ rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_comp
for (size_t i = 0; i < n_object_uuids; i++) {
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, object_uuids[i]);
hit_object.attribute_id = attribute_id;
hit_object.attribute_name = attribute_name;
utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object);
}
}
@@ -1364,7 +1369,7 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
}
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id)
uuid_t rule_id)
{
struct rule2table_id *tmp = NULL;
@@ -1673,6 +1678,7 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
size_t hit_cnt = n_hit_item;
uuid_t hit_object_uuids[MAX_HIT_OBJECT_NUM];
struct maat_hit_object hit_object;
char *attribute_name = (char*)table_manager_get_attribute_name(maat_inst->tbl_mgr, attribute_id);
utarray_clear(rule_compile_state->this_scan_hit_conditions);
rule_compile_state->this_scan_not_logic = 0;
@@ -1683,7 +1689,7 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_id = attribute_id;
hit_object.attribute_name = attribute_name;
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
@@ -1697,7 +1703,7 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
for (i = 0; i < super_object_cnt; i++) {
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, super_object_uuids[i]);
hit_object.attribute_id = attribute_id;
hit_object.attribute_name = attribute_name;
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
@@ -1709,9 +1715,9 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
}
if (1 == maat_inst->opts.hit_object_on) {
rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_id);
rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_name);
rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_uuids,
super_object_cnt, attribute_id);
super_object_cnt, attribute_name);
}
/* update hit condition */
@@ -1802,7 +1808,7 @@ size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *ru
(struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i);
uuid_copy(object_array[i].item_uuid, hit_object->item_uuid);
uuid_copy(object_array[i].object_uuid, hit_object->object_uuid);
object_array[i].attribute_id = hit_object->attribute_id;
object_array[i].attribute_name = hit_object->attribute_name;
}
utarray_clear(rule_compile_state->indirect_hit_objects);
@@ -1846,7 +1852,7 @@ size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule
object = (struct maat_hit_object *)utarray_eltptr(direct_hit_object, i);
uuid_copy(object_array[i].item_uuid, object->item_uuid);
uuid_copy(object_array[i].object_uuid, object->object_uuid);
object_array[i].attribute_id = object->attribute_id;
object_array[i].attribute_name = object->attribute_name;
}
utarray_clear(rule_compile_state->direct_hit_objects);
@@ -1906,7 +1912,8 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
uuid_copy(tmp_path.item_uuid, internal_path->item_uuid);
uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid);
uuid_copy(tmp_path.top_object_uuid, *p);
tmp_path.attribute_id = internal_path->attribute_id;
tmp_path.attribute_name = (char*)table_manager_get_attribute_name(rule_rt->ref_maat_rt->ref_tbl_mgr,
internal_path->attribute_id);
tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1;
uuid_clear(tmp_path.rule_uuid);

4
src/maat_stat.c
View File

@@ -276,7 +276,6 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
o2o_excl_rule_num += object2object_runtime_exclude_rule_count(runtime);
break;
case TABLE_TYPE_EXPR:
case TABLE_TYPE_EXPR_PLUS:
regex_rule_num = expr_runtime_regex_rule_count(runtime);
break;
case TABLE_TYPE_IP:
@@ -329,8 +328,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
total_update_err +=
table_manager_runtime_update_err_count(stat->ref_tbl_mgr, i);
if (table_type == TABLE_TYPE_EXPR ||
table_type == TABLE_TYPE_EXPR_PLUS) {
if (table_type == TABLE_TYPE_EXPR) {
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->fs_column_id[COLUMN_REGEX_NUM],
&cell_tag, 1, regex_rule_num);

150
src/maat_table.c
View File

@@ -51,8 +51,8 @@ struct maat_attribute {
struct table_manager {
struct maat_table *tbl[MAX_TABLE_NUM];
size_t n_table;
struct maat_attribute *attr[MAX_ATTRIBUTE_NUM];
size_t n_attr;
UT_array *attr_array;
struct rule_tag *accept_tags;
size_t n_accept_tag;
@@ -119,21 +119,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.hit_item_num = flag_runtime_hit_item_num,
.update_err_count = flag_runtime_update_err_count
},
{
.type = TABLE_TYPE_FLAG_PLUS,
.new_schema = flag_schema_new,
.free_schema = flag_schema_free,
.new_runtime = flag_runtime_new,
.free_runtime = flag_runtime_free,
.update_runtime = flag_runtime_update,
.commit_runtime = flag_runtime_commit,
.rule_count = flag_runtime_rule_count,
.scan_times = flag_runtime_scan_times,
.scan_cpu_time = flag_runtime_scan_cpu_time,
.hit_times = flag_runtime_hit_times,
.hit_item_num = flag_runtime_hit_item_num,
.update_err_count = flag_runtime_update_err_count
},
{
.type = TABLE_TYPE_EXPR,
.new_schema = expr_schema_new,
@@ -150,22 +135,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.hit_item_num = expr_runtime_hit_item_num,
.update_err_count = expr_runtime_update_err_count
},
{
.type = TABLE_TYPE_EXPR_PLUS,
.new_schema = expr_schema_new,
.free_schema = expr_schema_free,
.new_runtime = expr_runtime_new,
.free_runtime = expr_runtime_free,
.update_runtime = expr_runtime_update,
.commit_runtime = expr_runtime_commit,
.rule_count = expr_runtime_rule_count,
.scan_times = expr_runtime_scan_times,
.scan_bytes = expr_runtime_scan_bytes,
.scan_cpu_time = expr_runtime_scan_cpu_time,
.hit_times = expr_runtime_hit_times,
.hit_item_num = expr_runtime_hit_item_num,
.update_err_count = expr_runtime_update_err_count
},
{
.type = TABLE_TYPE_IP,
.new_schema = ip_schema_new,
@@ -196,21 +165,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.hit_item_num = interval_runtime_hit_item_num,
.update_err_count = interval_runtime_update_err_cnt
},
{
.type = TABLE_TYPE_INTERVAL_PLUS,
.new_schema = interval_schema_new,
.free_schema = interval_schema_free,
.new_runtime = interval_runtime_new,
.free_runtime = interval_runtime_free,
.update_runtime = interval_runtime_update,
.commit_runtime = interval_runtime_commit,
.rule_count = interval_runtime_rule_count,
.scan_times = interval_runtime_scan_times,
.scan_cpu_time = interval_runtime_scan_cpu_time,
.hit_times = interval_runtime_hit_times,
.hit_item_num = interval_runtime_hit_item_num,
.update_err_count = interval_runtime_update_err_cnt
},
{
.type = TABLE_TYPE_PLUGIN,
.new_schema = plugin_schema_new,
@@ -485,11 +439,8 @@ static void register_reserved_word(struct maat_kv_store *reserved_word_map)
maat_kv_register(reserved_word_map, "rule", TABLE_TYPE_RULE);
maat_kv_register(reserved_word_map, "object2object", TABLE_TYPE_OBJECT2OBJECT);
maat_kv_register(reserved_word_map, "flag", TABLE_TYPE_FLAG);
maat_kv_register(reserved_word_map, "flag_plus", TABLE_TYPE_FLAG_PLUS);
maat_kv_register(reserved_word_map, "expr", TABLE_TYPE_EXPR);
maat_kv_register(reserved_word_map, "expr_plus", TABLE_TYPE_EXPR_PLUS);
maat_kv_register(reserved_word_map, "interval", TABLE_TYPE_INTERVAL);
maat_kv_register(reserved_word_map, "interval_plus", TABLE_TYPE_INTERVAL_PLUS);
maat_kv_register(reserved_word_map, "ip", TABLE_TYPE_IP);
maat_kv_register(reserved_word_map, "plugin", TABLE_TYPE_PLUGIN);
maat_kv_register(reserved_word_map, "ip_plugin", TABLE_TYPE_IP_PLUGIN);
@@ -811,51 +762,25 @@ static long long maat_table_get_sequence(struct maat_kv_store *sequence_map,
return sequence;
}
static void maat_table_attribute_update(struct table_manager *tbl_mgr, cJSON *json,
int table_id, struct log_handle *logger)
int table_manager_attribute_register(struct table_manager *tbl_mgr, const char *attribute_name, struct log_handle *logger)
{
cJSON *item = cJSON_GetObjectItem(json, "supported_attributes");
if (NULL == item) {
return;
int attr_id = maat_table_get_sequence(tbl_mgr->sequence_map, "attribute_id");
if (attr_id < 0) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] attribute %s register get id failed", __FUNCTION__, __LINE__, attribute_name);
return -1;
}
if (item->type != cJSON_Array) {
if (register_single_attribute_name2id(tbl_mgr->attr_name2id_map, attribute_name, attr_id, logger) < 0) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] table_id:%d supported_attributes should be an array",
__FUNCTION__, __LINE__, table_id);
return;
"[%s:%d] attribute %s register failed", __FUNCTION__, __LINE__, attribute_name);
return -1;
}
int n_attr = cJSON_GetArraySize(item);
for (int i = 0; i < n_attr; i++) {
cJSON *attr = cJSON_GetArrayItem(item, i);
if (NULL == attr || attr->type != cJSON_String) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] table_id:%d supported_attributes element should be string",
__FUNCTION__, __LINE__, table_id);
return;
}
utarray_insert(tbl_mgr->attr_array, &attribute_name, attr_id);
struct maat_attribute *pattr = ALLOC(struct maat_attribute, 1);
pattr->table_id = table_id;
pattr->attr_id = maat_table_get_sequence(tbl_mgr->sequence_map, "attribute_id");
if (pattr->attr_id < 0) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] table_id:%d attribute %s get id failed",
__FUNCTION__, __LINE__, table_id, attr->valuestring);
return;
}
if (register_single_attribute_name2id(tbl_mgr->attr_name2id_map, attr->valuestring, pattr->attr_id, logger) < 0) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] table_id:%d attribute %s register failed",
__FUNCTION__, __LINE__, table_id, attr->valuestring);
return;
}
strncpy(pattr->attr_name, attr->valuestring, MAX_NAME_STR_LEN);
tbl_mgr->attr[pattr->attr_id] = pattr;
tbl_mgr->n_attr++;
}
return attr_id;
}
struct table_manager *
@@ -907,6 +832,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
tbl_mgr->sequence_map = maat_kv_store_new();
tbl_mgr->engine_type = engine_type;
tbl_mgr->ref_garbage_bin = garbage_bin;
utarray_new(tbl_mgr->attr_array, &ut_str_icd);
ret = register_tbl_name2id(tbl_mgr->tbl_name2id_map, root, table_info_path, logger);
if (ret < 0) {
@@ -970,10 +896,6 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
o2o_table_id = maat_tbl->table_id;
}
if (maat_tbl->table_type >= TABLE_TYPE_FLAG && maat_tbl->table_type <= TABLE_TYPE_INTERVAL_PLUS) {
maat_table_attribute_update(tbl_mgr, json, maat_tbl->table_id, logger);
}
tbl_mgr->tbl[maat_tbl->table_id] = maat_tbl;
tbl_mgr->n_table++;
@@ -1103,6 +1025,21 @@ void table_manager_destroy(struct table_manager *tbl_mgr)
tbl_mgr->conj_tbl_name2id_map = NULL;
}
if (tbl_mgr->attr_name2id_map != NULL) {
maat_kv_store_free(tbl_mgr->attr_name2id_map);
tbl_mgr->attr_name2id_map = NULL;
}
if (tbl_mgr->sequence_map != NULL) {
maat_kv_store_free(tbl_mgr->sequence_map);
tbl_mgr->sequence_map = NULL;
}
if (tbl_mgr->attr_array != NULL) {
utarray_free(tbl_mgr->attr_array);
tbl_mgr->attr_array = NULL;
}
FREE(tbl_mgr);
}
@@ -1161,6 +1098,16 @@ int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const
table_ids_array, n_table_ids_array);
}
int maat_get_table_id(struct maat *maat_inst, const char *table_name)
{
if (NULL == maat_inst || NULL == table_name) {
return -1;
}
struct table_manager *table_mgr = maat_inst->tbl_mgr;
return table_manager_get_table_id(table_mgr, table_name);
}
const char *table_manager_get_table_name(struct table_manager *tbl_mgr, int table_id)
{
if (NULL == tbl_mgr || table_id < 0) {
@@ -1180,24 +1127,15 @@ const char *table_manager_get_attribute_name(struct table_manager *tbl_mgr, int
return NULL;
}
if (NULL == tbl_mgr->attr[attr_id]) {
if (NULL == tbl_mgr->attr_array) {
return NULL;
}
return tbl_mgr->attr[attr_id]->attr_name;
}
int table_manager_attribute_get_table_id(struct table_manager *tbl_mgr, int attr_id)
{
if (NULL == tbl_mgr || attr_id < 0) {
return -1;
if (attr_id >= utarray_len(tbl_mgr->attr_array)) {
return NULL;
}
if (NULL == tbl_mgr->attr[attr_id]) {
return -1;
}
return tbl_mgr->attr[attr_id]->table_id;
return *(char **)utarray_eltptr(tbl_mgr->attr_array, attr_id);
}
const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, int table_id)

36
test/CMakeLists.txt
View File

@@ -10,35 +10,35 @@ include_directories(${PROJECT_SOURCE_DIR}/scanner/ip_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/ipport_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/bool_matcher)
add_executable(rcu_hash_gtest rcu_hash_gtest.cpp)
target_link_libraries(rcu_hash_gtest maat_frame_static gtest_static)
# add_executable(rcu_hash_gtest rcu_hash_gtest.cpp)
# target_link_libraries(rcu_hash_gtest maat_frame_static gtest_static)
add_executable(maat_input_mode_gtest maat_input_mode_gtest.cpp test_utils.cpp)
target_link_libraries(maat_input_mode_gtest maat_frame_static gtest_static)
# add_executable(maat_input_mode_gtest maat_input_mode_gtest.cpp test_utils.cpp)
# target_link_libraries(maat_input_mode_gtest maat_frame_static gtest_static)
add_executable(maat_framework_gtest maat_framework_gtest.cpp test_utils.cpp)
target_link_libraries(maat_framework_gtest maat_frame_static gtest_static)
add_executable(maat_framework_perf_gtest maat_framework_perf_gtest.cpp test_utils.cpp)
target_link_libraries(maat_framework_perf_gtest maat_frame_static gtest_static)
# add_executable(maat_framework_perf_gtest maat_framework_perf_gtest.cpp test_utils.cpp)
# target_link_libraries(maat_framework_perf_gtest maat_frame_static gtest_static)
add_executable(expr_matcher_gtest expr_matcher_gtest.cpp)
target_link_libraries(expr_matcher_gtest maat_frame_static gtest_static)
# add_executable(expr_matcher_gtest expr_matcher_gtest.cpp)
# target_link_libraries(expr_matcher_gtest maat_frame_static gtest_static)
add_executable(ip_matcher_gtest ip_matcher_gtest.cpp)
target_link_libraries(ip_matcher_gtest maat_frame_static gtest_static)
# add_executable(ip_matcher_gtest ip_matcher_gtest.cpp)
# target_link_libraries(ip_matcher_gtest maat_frame_static gtest_static)
add_executable(ipport_matcher_gtest ipport_matcher_gtest.cpp)
target_link_libraries(ipport_matcher_gtest maat_frame_static gtest_static)
# add_executable(ipport_matcher_gtest ipport_matcher_gtest.cpp)
# target_link_libraries(ipport_matcher_gtest maat_frame_static gtest_static)
add_executable(bool_matcher_gtest bool_matcher_gtest.cpp)
target_link_libraries(bool_matcher_gtest maat_frame_static gtest_static)
# add_executable(bool_matcher_gtest bool_matcher_gtest.cpp)
# target_link_libraries(bool_matcher_gtest maat_frame_static gtest_static)
add_executable(maat_ex_data_gtest maat_ex_data_gtest.cpp)
target_link_libraries(maat_ex_data_gtest maat_frame_static gtest_static)
# add_executable(maat_ex_data_gtest maat_ex_data_gtest.cpp)
# target_link_libraries(maat_ex_data_gtest maat_frame_static gtest_static)
add_subdirectory(object_nesting)
add_subdirectory(ipport_plugin)
# add_subdirectory(object_nesting)
# add_subdirectory(ipport_plugin)
#add_subdirectory(benchmark) //TODO: convert iris rule to json rule
configure_file(table_info.json table_info.json COPYONLY)

2
test/json_update/corrupted.json
View File

@@ -3,7 +3,7 @@
"object_table": "OBJECT",
"rules": [
{
"rule_id": "1",
"rule_id": "9c5ee166-3af6-fb23-f8f8-8c7062ed3717",
"service": 1,
"action": 1,
"do_blacklist": 1,

2
test/json_update/new.json
View File

@@ -3,7 +3,7 @@
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": "2",
"rule_id": "9b0d44a1-1e9e-7988-6ab2-c619d5906818",
"service": 1,
"action": 1,
"do_blacklist": 1,

3
test/json_update/old.json
View File

@@ -3,7 +3,7 @@
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": "1",
"uuid": "9c5ee166-3af6-fb23-f8f8-8c7062ed3717",
"service": 1,
"action": 1,
"do_blacklist": 1,
@@ -12,7 +12,6 @@
"is_valid": "yes",
"conditions": [
{
"object_name": "Untitled",
"attribute_name": "HTTP_URL",
"objects": [
{

2981
test/maat_framework_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

1008
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

21
test/test_utils.cpp
View File

@@ -189,16 +189,11 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name,
enum table_type table_type =
table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
assert(table_type == TABLE_TYPE_EXPR ||
table_type == TABLE_TYPE_EXPR_PLUS);
assert(table_type == TABLE_TYPE_EXPR);
if (table_type == TABLE_TYPE_EXPR_PLUS) {
sprintf(table_line, "%lld\t%lld\t%s\t%d\t%s\t%d",
item_id, object_id, district, expr_type, keywords, op);
} else {
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d",
item_id, object_id, expr_type, keywords, op);
}
item_id, object_id, expr_type, keywords, op);//TODO
struct maat_cmd_line line_rule;
line_rule.rule_id = item_id;
@@ -221,16 +216,10 @@ int interval_table_set_line(struct maat *maat_inst, const char *table_name,
enum table_type table_type =
table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
assert(table_type == TABLE_TYPE_INTERVAL ||
table_type == TABLE_TYPE_INTERVAL_PLUS);
assert(table_type == TABLE_TYPE_INTERVAL);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
sprintf(table_line, "%lld\t%lld\t%s\t%s\t%d",
item_id, object_id, district, port_str, op);
} else {
sprintf(table_line, "%lld\t%lld\t%s\t%d",
item_id, object_id, port_str, op);
}
item_id, object_id, port_str, op);//TODO
struct maat_cmd_line line_rule;
line_rule.rule_id = item_id;