diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index 23c7c30..b56226f 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -250,8 +250,6 @@ int my_scandir(const char *dir, struct dirent ***namelist, int(*filter)(const struct dirent *), int(*compar)(const void *, const void *)); -enum scan_type maat_table_get_scan_type(enum table_type table_type); - size_t parse_accept_tag(const char *value, struct rule_tag **result, struct log_handle *logger); int compare_accept_tag(const char *value, const struct rule_tag *accept_tags, size_t n_accept_tag); @@ -274,7 +272,7 @@ void *rule_monitor_loop(void *arg); long long maat_runtime_get_sequence(struct maat_runtime *maat_rt, const char *key); -void maat_read_full_config(struct maat *maat_instance); +int maat_read_full_config(struct maat *maat_instance); /* maat command API for internal */ redisContext *maat_cmd_connect_redis(const char *redis_ip, int redis_port, diff --git a/src/json2iris.c b/src/json2iris.c index e1236b0..93e1bf7 100644 --- a/src/json2iris.c +++ b/src/json2iris.c @@ -90,6 +90,11 @@ struct iris_table *query_table_info(struct iris_description *p_iris, const char *table_name, enum table_type table_type) { + if (NULL == p_iris || NULL == table_name || + table_type == TABLE_TYPE_INVALID) { + return NULL; + } + struct iris_table *table_info = NULL; HASH_FIND(hh, p_iris->iris_table_map, table_name, strlen(table_name), table_info); if (NULL == table_info) { @@ -672,9 +677,13 @@ int write_group2compile_line(int group_id, int compile_id, int group_not_flag, { char buff[4096] = {0}; struct iris_table *table = NULL; + if (g2c_table != NULL) { table = g2c_table; } else { + if (NULL == p_iris->group2compile_table) { + return -1; + } table = p_iris->group2compile_table; } @@ -692,6 +701,9 @@ int write_group2group_line(int group_id, int super_group_id, { char buff[4096] = {0}; struct iris_table *table = p_iris->group2group_table; + if (NULL == table) { + return -1; + } snprintf(buff, sizeof(buff), "%d\t%d\t1\n", group_id, super_group_id); @@ -899,6 +911,9 @@ int write_compile_line(cJSON *compile, struct iris_description *p_iris, struct iris_table *table_info = NULL; item = cJSON_GetObjectItem(compile,"compile_table_name"); if (NULL == item || item->type != cJSON_String) { + if (NULL == p_iris->compile_table) { + return -1; + } table_info = p_iris->compile_table; } else { table_info = query_table_info(p_iris, item->valuestring, TABLE_TYPE_COMPILE); diff --git a/src/maat_api.c b/src/maat_api.c index 8a7683b..1b34081 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -52,48 +52,6 @@ struct maat_stream { struct log_handle *logger; }; -enum scan_type maat_table_get_scan_type(enum table_type table_type) -{ - enum scan_type ret = SCAN_TYPE_INVALID; - - switch (table_type) { - case TABLE_TYPE_FLAG: - case TABLE_TYPE_FLAG_PLUS: - ret = SCAN_TYPE_FLAG; - break; - case TABLE_TYPE_EXPR: - case TABLE_TYPE_EXPR_PLUS: - ret = SCAN_TYPE_STRING; - break; - case TABLE_TYPE_INTERVAL: - case TABLE_TYPE_INTERVAL_PLUS: - ret = SCAN_TYPE_INTERVAL; - break; - case TABLE_TYPE_IP_PLUS: - ret = SCAN_TYPE_IP; - break; - case TABLE_TYPE_PLUGIN: - ret = SCAN_TYPE_PLUGIN; - break; - case TABLE_TYPE_IP_PLUGIN: - ret = SCAN_TYPE_IP; - break; - case TABLE_TYPE_FQDN_PLUGIN: - ret = SCAN_TYPE_FQDN_PLUGIN; - break; - case TABLE_TYPE_BOOL_PLUGIN: - ret = SCAN_TYPE_BOOL_PLUGIN; - break; - case TABLE_TYPE_COMPILE: - ret = SCAN_TYPE_NONE; - break; - default: - break; - } - - return ret; -} - struct maat_options* maat_options_new(void) { struct maat_options *options = ALLOC(struct maat_options, 1); @@ -259,7 +217,7 @@ int maat_options_set_logger(struct maat_options *opts, const char *log_path, enu return 0; } -void maat_read_full_config(struct maat *maat_instance) +int maat_read_full_config(struct maat *maat_instance) { int ret = -1; char err_str[NAME_MAX] = {0}; @@ -286,6 +244,7 @@ void maat_read_full_config(struct maat *maat_instance) "[%s:%d] At initiation: NO effective rule in redis %s:%hu db%d", __FUNCTION__, __LINE__, mr_ctx->redis_ip, mr_ctx->redis_port, mr_ctx->redis_db); + return -1; } break; case DATA_SOURCE_IRIS_FILE: @@ -297,6 +256,7 @@ void maat_read_full_config(struct maat *maat_instance) log_error(maat_instance->logger, MODULE_MAAT_API, "[%s:%d] At initiation: NO effective rule in %s", __FUNCTION__, __LINE__, maat_instance->iris_ctx.full_idx_dir); + return -1; } break; case DATA_SOURCE_JSON_FILE: @@ -306,7 +266,7 @@ void maat_read_full_config(struct maat *maat_instance) log_error(maat_instance->logger, MODULE_MAAT_API, "[%s:%d] Maat re-initiate with JSON file %s failed: %s", __FUNCTION__, __LINE__, maat_instance->json_ctx.json_file, err_str); - return; + return -1; } config_monitor_traverse(maat_instance->maat_version, @@ -317,6 +277,7 @@ void maat_read_full_config(struct maat *maat_instance) log_error(maat_instance->logger, MODULE_MAAT_API, "[%s:%d] At initiation: NO effective rule in %s", __FUNCTION__, __LINE__, maat_instance->json_ctx.iris_file); + return -1; } break; default: @@ -330,6 +291,8 @@ void maat_read_full_config(struct maat *maat_instance) maat_instance->maat_version = maat_instance->maat_rt->version; maat_instance->last_full_version = maat_instance->maat_rt->version; } + + return 0; } struct maat *maat_new(struct maat_options *opts, const char *table_info_path) @@ -404,6 +367,11 @@ struct maat *maat_new(struct maat_options *opts, const char *table_info_path) garbage_gc_timeout_s = (maat_instance->rule_effect_interval_ms / 1000) + (maat_instance->gc_timeout_ms / 1000); maat_instance->garbage_bin = maat_garbage_bin_new(garbage_gc_timeout_s); + maat_instance->thread_call_cnt = alignment_int64_array_alloc(opts->nr_worker_threads); + maat_instance->hit_cnt = alignment_int64_array_alloc(opts->nr_worker_threads); + maat_instance->not_grp_hit_cnt = alignment_int64_array_alloc(opts->nr_worker_threads); + + pthread_mutex_init(&(maat_instance->background_update_mutex), NULL); maat_instance->tbl_mgr = table_manager_create(table_info_path, opts->accept_tags, maat_instance->garbage_bin, maat_instance->logger); @@ -414,20 +382,26 @@ struct maat *maat_new(struct maat_options *opts, const char *table_info_path) maat_instance->default_compile_table_id = table_manager_get_defaut_compile_table_id(maat_instance->tbl_mgr); maat_instance->g2g_table_id = table_manager_get_group2group_table_id(maat_instance->tbl_mgr); - maat_instance->thread_call_cnt = alignment_int64_array_alloc(opts->nr_worker_threads); - maat_instance->hit_cnt = alignment_int64_array_alloc(opts->nr_worker_threads); - maat_instance->not_grp_hit_cnt = alignment_int64_array_alloc(opts->nr_worker_threads); - - pthread_mutex_init(&(maat_instance->background_update_mutex), NULL); - if (0 == maat_instance->deferred_load) { - maat_read_full_config(maat_instance); + int ret = maat_read_full_config(maat_instance); + if (ret < 0) { + log_error(maat_instance->logger, MODULE_MAAT_API, + "[%s:%d] maat read full config failed", __FUNCTION__, __LINE__); + goto failed; + } } pthread_create(&(maat_instance->cfg_mon_thread), NULL, rule_monitor_loop, (void *)maat_instance); return maat_instance; failed: + log_handle_destroy(maat_instance->logger); + table_manager_destroy(maat_instance->tbl_mgr); + maat_garbage_bin_free(maat_instance->garbage_bin); + alignment_int64_array_free(maat_instance->thread_call_cnt); + alignment_int64_array_free(maat_instance->hit_cnt); + alignment_int64_array_free(maat_instance->not_grp_hit_cnt); + pthread_mutex_destroy(&(maat_instance->background_update_mutex)); FREE(maat_instance); return NULL; } diff --git a/src/maat_redis_monitor.c b/src/maat_redis_monitor.c index 91708c0..e3d102b 100644 --- a/src/maat_redis_monitor.c +++ b/src/maat_redis_monitor.c @@ -364,12 +364,12 @@ int get_inc_key_list(long long instance_version, long long target_version, int i = 0; int j = 0; - char op_str[256] = {0}; // reply->element[i]->str length less than 256 + char op_str[4] = {0}; struct serial_rule *s_rule = ALLOC(struct serial_rule, reply->elements); for (i = 0, j = 0; i < (int)reply->elements; i++) { assert(reply->element[i]->type == REDIS_REPLY_STRING); - int ret = sscanf(reply->element[i]->str, "%[^,],%[^,],%lld", + int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%lld", op_str, s_rule[j].table_name, &(s_rule[j].rule_id)); if (ret != 3 || s_rule[i].rule_id < 0) { log_error(logger, MODULE_REDIS_MONITOR, diff --git a/src/maat_rule.c b/src/maat_rule.c index c4a38f1..47a7be3 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -475,7 +475,14 @@ void *rule_monitor_loop(void *arg) if (maat_instance->deferred_load != 0) { log_info(maat_instance->logger, MODULE_MAAT_RULE, "Deferred Loading ON, updating in %s:%d", __FUNCTION__, __LINE__); - maat_read_full_config(maat_instance); + ret = maat_read_full_config(maat_instance); + if (ret < 0) { + log_error(maat_instance->logger, MODULE_MAAT_RULE, + "[%s:%d] maat read full config failed, exit rule_monitor_loop thread.", + __FUNCTION__, __LINE__); + pthread_mutex_unlock(&(maat_instance->background_update_mutex)); + return NULL; + } } pthread_mutex_unlock(&(maat_instance->background_update_mutex));