diff --git a/src/entry/Maat_api.cpp b/src/entry/Maat_api.cpp index 24e6723..b12234b 100644 --- a/src/entry/Maat_api.cpp +++ b/src/entry/Maat_api.cpp @@ -192,6 +192,7 @@ struct scan_region_hit_wraper { int Nth_scan; void* elem_array; + int* virtual_table_ids; size_t elem_size; size_t n_elem; size_t group_offset; @@ -358,6 +359,7 @@ void scan_region_hit_wraper_build_with_rulescan(struct scan_region_hit_wraper* r region_hit->is_last_region=is_last_region; region_hit->virtual_table_id=virtual_table_id; region_hit->Nth_scan=Nth_scan; + region_hit->virtual_table_ids=NULL; return; } void scan_region_hit_wraper_build_with_GIE(struct scan_region_hit_wraper* region_hit, GIE_result_t* GIE_rslt, size_t n_rslt, int is_last_region, int virtual_table_id, int Nth_scan) @@ -371,6 +373,7 @@ void scan_region_hit_wraper_build_with_GIE(struct scan_region_hit_wraper* region region_hit->is_last_region=is_last_region; region_hit->virtual_table_id=virtual_table_id; region_hit->Nth_scan=Nth_scan; + region_hit->virtual_table_ids=NULL; return; } @@ -393,7 +396,7 @@ int region_compile(_Maat_feather_t*feather, struct scan_hit_status *_mid, const struct Maat_group_inner* group_rule=NULL; struct Maat_compile_group_relation* relation_array[MAX_SCANNER_HIT_NUM]; struct Maat_compile_group_relation* relation=NULL; - + int virtual_table_id=0; const unsigned long long* hit_group_ids=NULL; size_t hit_group_id_cnt=0; @@ -408,8 +411,16 @@ int region_compile(_Maat_feather_t*feather, struct scan_hit_status *_mid, const assert(group_rule->ref_by_parent_cnt>=0); expr_id=*(unsigned int*)((char*)region_hit+region_type_size*i+expr_id_offset); region_id=exprid2region_id(group_rule, expr_id, &tmp, feather->scanner); + if(region_hit_wraper->virtual_table_ids) + { + virtual_table_id=region_hit_wraper->virtual_table_ids[i]; + } + else + { + virtual_table_id=region_hit_wraper->virtual_table_id; + } scan_hit_status_update_by_group(_mid, group_rule, region_id, - region_hit_wraper->virtual_table_id, region_hit_wraper->Nth_scan, i); + virtual_table_id, region_hit_wraper->Nth_scan, i); } if(bm) @@ -1276,7 +1287,7 @@ MAAT_RULE_EX_DATA Maat_rule_get_ex_data(Maat_feather_t feather, const struct Maa struct _Maat_feather_t *_feather=(struct _Maat_feather_t *)feather; struct Maat_compile_group_relation *relation=NULL; struct Maat_compile_rule* compile=NULL; - const struct compile_table_desc* compile_desc=NULL; + const struct compile_table_schema* compile_desc=NULL; const struct compile_ex_data_idx* ex_desc=NULL; MAAT_RULE_EX_DATA ad=NULL; @@ -1325,7 +1336,7 @@ int Maat_plugin_EX_register(Maat_feather_t feather, int table_id, pthread_mutex_unlock(&(_feather->background_update_mutex)); return -1; } - struct Maat_table_desc *table_desc=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); + struct Maat_table_schema *table_desc=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); struct Maat_table_runtime* table_rt=NULL; @@ -1341,14 +1352,14 @@ int Maat_plugin_EX_register(Maat_feather_t feather, int table_id, MAAT_PLUGIN_EX_DATA Maat_plugin_get_EX_data(Maat_feather_t feather, int table_id, const char* key) { struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; - struct Maat_table_desc *table_desc=NULL; + struct Maat_table_schema *table_desc=NULL; struct Maat_table_runtime *table_rt=NULL; MAAT_RULE_EX_DATA exdata=NULL; if(_feather->scanner==NULL) { return NULL; } - table_desc=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); + table_desc=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id); exdata=Maat_table_runtime_plugin_get_ex_data(table_rt, table_desc, key); return exdata; @@ -1366,8 +1377,8 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id struct _OUTER_scan_status_t* _mid=(struct _OUTER_scan_status_t*)(*mid); scan_result_t *region_result=NULL; - struct Maat_table_desc *p_table=NULL; - struct expr_table_desc* expr_desc=NULL; + struct Maat_table_schema *p_table=NULL; + struct expr_table_schema* expr_desc=NULL; struct timespec start,end; Maat_scanner* my_scanner=NULL; @@ -1387,7 +1398,7 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id return 0; } - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id); + p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id); if(p_table==NULL) { _feather->scan_err_cnt++; @@ -1515,7 +1526,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; struct Maat_scanner* my_scanner=NULL; - Maat_table_desc* p_table=NULL; + Maat_table_schema* p_table=NULL; struct timespec start,end; if(_feather->perf_on==1) { @@ -1525,7 +1536,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id _mid->scan_cnt++; int virtual_table_id=0; - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virtual_table_id); + p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virtual_table_id); if(p_table==NULL) { _feather->scan_err_cnt++; @@ -1606,7 +1617,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id struct _OUTER_scan_status_t* _mid=NULL; struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; struct Maat_scanner* my_scanner=NULL; - Maat_table_desc* p_table=NULL; + Maat_table_schema* p_table=NULL; struct timespec start,end; if(_feather->perf_on==1) { @@ -1616,7 +1627,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id _mid->scan_cnt++; int virtual_table_id=0; - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_SIMILARITY, &virtual_table_id); + p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_SIMILARITY, &virtual_table_id); if(p_table==NULL) { _feather->scan_err_cnt++; @@ -1680,18 +1691,135 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id return compile_ret; } +static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, unsigned short int proto, enum MAAT_TABLE_CHILD_TYPE child_type, int table_id) +{ + memset(scan_data, 0, sizeof(scan_data_t)); + scan_data->sub_type=make_sub_type(table_id, CHARSET_NONE, 0); + switch(addr->addrtype) + { + case ADDR_TYPE_IPV4: + scan_data->rule_type=RULETYPE_IPv4; + scan_data->ipv4_data.proto=proto; + switch(child_type) + { + case CHILD_TABLE_TYPE_SOURCE_IP: + scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr); + scan_data->ipv4_data.sport=ntohs(addr->v4->source); + break; + case CHILD_TABLE_TYPE_DESTINATION_IP: + scan_data->ipv4_data.saddr=ntohl(addr->v4->daddr); + scan_data->ipv4_data.sport=ntohs(addr->v4->dest); + break; + case CHILD_TABLE_TYPE_SESSION: + scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr); + scan_data->ipv4_data.sport=ntohs(addr->v4->source); + scan_data->ipv4_data.daddr=ntohl(addr->v4->daddr); + scan_data->ipv4_data.dport=ntohs(addr->v4->dest); + break; + default: + assert(0); + return -1; + } + break; + case ADDR_TYPE_IPV6: + scan_data->rule_type=RULETYPE_IPv6; + scan_data->ipv6_data.proto=proto; + switch(child_type) + { + case CHILD_TABLE_TYPE_SOURCE_IP: + memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr)); + ipv6_ntoh(scan_data->ipv6_data.saddr); + scan_data->ipv6_data.sport=ntohs(addr->v6->source); + break; + case CHILD_TABLE_TYPE_DESTINATION_IP: + memcpy(scan_data->ipv6_data.saddr, addr->v6->daddr, sizeof(scan_data->ipv6_data.saddr)); + ipv6_ntoh(scan_data->ipv6_data.saddr); + scan_data->ipv6_data.sport=ntohs(addr->v6->dest); + break; + case CHILD_TABLE_TYPE_SESSION: + memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr)); + ipv6_ntoh(scan_data->ipv6_data.saddr); + scan_data->ipv6_data.sport=ntohs(addr->v6->source); + + memcpy(scan_data->ipv6_data.daddr, addr->v6->daddr, sizeof(scan_data->ipv6_data.daddr)); + ipv6_ntoh(scan_data->ipv6_data.daddr); + scan_data->ipv6_data.dport=ntohs(addr->v6->dest); + break; + default: + assert(0); + return -1; + break; + } + break; + default: + return -1; + } + return 0; +} +static int IP_composition_scan(const struct ipaddr* addr, unsigned short int proto, Maat_table_schema* parent_table, enum MAAT_TABLE_CHILD_TYPE child_type, + scan_result_t *region_result, unsigned int result_num, + int* virtual_table_id, + rule_scanner_t ip_scanner, struct Maat_table_manager* table_mgr, struct Maat_table_runtime_manager* table_rt_mgr, + int thread_num) +{ + int child_table_id=0; + + if(child_type==CHILD_TABLE_TYPE_NONE) + { + child_table_id=parent_table->table_id; + child_type=CHILD_TABLE_TYPE_SESSION; + } + else + { + child_table_id=Maat_table_get_child_id(parent_table, child_type); + } + if(child_table_id<0) + { + return 0; + } + + Maat_table_schema* real_table=Maat_table_get_scan_by_id(table_mgr, child_table_id, TABLE_TYPE_IP, virtual_table_id); + if(real_table==NULL) + { + return 0; + } + struct Maat_table_runtime* table_rt=Maat_table_runtime_get(table_rt_mgr, real_table->table_id); + if(table_rt->origin_rule_num==0) + { + return 0; + } + if(table_rt->ip.ipv4_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV4) + { + return 0; + } + if(table_rt->ip.ipv6_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV6) + { + return 0; + } + scan_data_t scan_data; + int ret=ip_scan_data_set(&scan_data, addr, proto, child_type, real_table->table_id); + if(ret<0) + { + return -1; + } + int region_ret=rulescan_search(ip_scanner, thread_num, &scan_data, region_result, result_num); + if(region_ret>0) + { + alignment_int64_array_add(table_rt->hit_cnt, thread_num, 1); + } + return region_ret; +} int Maat_scan_proto_addr(Maat_feather_t feather,int table_id ,struct ipaddr* addr,unsigned short int proto ,struct Maat_rule_t*result,int rule_num ,scan_status_t *mid,int thread_num) + { - int region_ret=0,compile_ret=0; + int region_ret=0, compile_ret=0; struct _OUTER_scan_status_t* _mid=NULL; - scan_data_t ip_scan_data; scan_result_t *region_result=NULL; - Maat_table_desc* p_table=NULL; - + Maat_table_schema* p_table=NULL; struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; struct Maat_scanner* my_scanner=NULL; struct timespec start,end; @@ -1702,80 +1830,73 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id _mid=grab_mid(mid, _feather, thread_num, 0); _mid->scan_cnt++; int virtual_table_id=0; - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_IP, &virtual_table_id); + p_table=Maat_table_get_by_id_raw(_feather->table_mgr, table_id); if(p_table==NULL) { _feather->scan_err_cnt++; return -1; } + my_scanner=_feather->scanner; if(my_scanner==NULL) { return 0; } - struct Maat_table_runtime* table_rt=Maat_table_runtime_get(my_scanner->table_rt_mgr, p_table->table_id); - if(table_rt->origin_rule_num==0) - { - return 0; - } + struct Maat_table_runtime* table_rt=Maat_table_runtime_get(my_scanner->table_rt_mgr, table_id); - if(table_rt->ip.ipv4_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV4) - { - return 0; - } - if(table_rt->ip.ipv6_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV6) - { - return 0; - } - alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1); - - ip_scan_data.rule_type=RULETYPE_IPv4; - ip_scan_data.sub_type=make_sub_type(p_table->table_id, CHARSET_NONE, 0); - switch(addr->addrtype) - { - case ADDR_TYPE_IPV4: - ip_scan_data.ipv4_data.saddr=ntohl(addr->v4->saddr); - ip_scan_data.ipv4_data.daddr=ntohl(addr->v4->daddr); - ip_scan_data.ipv4_data.sport=ntohs(addr->v4->source); - ip_scan_data.ipv4_data.dport=ntohs(addr->v4->dest); - ip_scan_data.ipv4_data.proto=proto; - break; - case ADDR_TYPE_IPV6: - ip_scan_data.rule_type=RULETYPE_IPv6; - memcpy(ip_scan_data.ipv6_data.saddr,addr->v6->saddr,sizeof(ip_scan_data.ipv6_data.saddr)); - ipv6_ntoh(ip_scan_data.ipv6_data.saddr); - memcpy(ip_scan_data.ipv6_data.daddr,addr->v6->daddr,sizeof(ip_scan_data.ipv6_data.daddr)); - ipv6_ntoh(ip_scan_data.ipv6_data.daddr); - ip_scan_data.ipv6_data.sport=ntohs(addr->v6->source); - ip_scan_data.ipv6_data.dport=ntohs(addr->v6->dest); - ip_scan_data.ipv6_data.proto=proto; - break; - default: - _feather->scan_err_cnt++; - return -1; - break; - } - - region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num; - INC_SCANNER_REF(my_scanner,thread_num); - region_ret=rulescan_search(my_scanner->region, thread_num, &ip_scan_data, region_result, MAX_SCANNER_HIT_NUM); - if(region_ret<0) + int region_hit_cnt=0; + int region_rslt_virtual_table_id[MAX_SCANNER_HIT_NUM]; + alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1); + INC_SCANNER_REF(my_scanner, thread_num); + + if(p_table->table_type==TABLE_TYPE_COMPOSITION) { - DEC_SCANNER_REF(my_scanner,thread_num); - _feather->scan_err_cnt++; - return -1; - } - else if(region_ret>0 || scan_status_should_compile_NOT(_mid) ) - { - if(region_ret>0) + enum MAAT_TABLE_CHILD_TYPE childs[3]={CHILD_TABLE_TYPE_SOURCE_IP, CHILD_TABLE_TYPE_DESTINATION_IP, CHILD_TABLE_TYPE_SESSION}; + for(int i=0; i<3; i++) { - alignment_int64_array_add(table_rt->hit_cnt, thread_num,1); + region_ret=IP_composition_scan(addr, proto, p_table, childs[i], + region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id, + my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num); + if(region_ret<0) + { + _feather->scan_err_cnt++; + } + else if(region_ret>0) + { + for(int j=0; jregion, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num); + if(region_ret<0) + { + _feather->scan_err_cnt++; + } + else if(region_ret>0) + { + region_hit_cnt+=region_ret; + } + + } + + struct scan_region_hit_wraper region_hit_wraper; + if(region_hit_cnt>0 || scan_status_should_compile_NOT(_mid) ) + { _mid=grab_mid(mid, _feather, thread_num, 1); - struct scan_region_hit_wraper region_hit_wraper; - scan_region_hit_wraper_build_with_rulescan(®ion_hit_wraper, region_result, region_ret, + scan_region_hit_wraper_build_with_rulescan(®ion_hit_wraper, region_result, region_hit_cnt, _mid->is_last_region, virtual_table_id, _mid->scan_cnt); + if(p_table->table_type==TABLE_TYPE_COMPOSITION) + { + region_hit_wraper.virtual_table_ids=region_rslt_virtual_table_id; + } compile_ret=region_compile(_feather,_mid->inner, ®ion_hit_wraper, result, rule_num, @@ -1796,7 +1917,7 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id { maat_stat_table(table_rt, 0, NULL, NULL, thread_num); } - if(compile_ret==0&®ion_ret>0) + if(compile_ret==0&®ion_hit_cnt>0) { return -2; } @@ -1819,17 +1940,17 @@ stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id, struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; struct Maat_scanner* scanner=NULL; - struct Maat_table_desc *p_table=NULL; + struct Maat_table_schema *p_table=NULL; int virtual_table_id=0; assert(thread_num<_feather->scan_thread_num); - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id); + p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id); if(p_table==NULL) { _feather->scan_err_cnt++; return NULL; } - struct expr_table_desc* expr_desc=&(p_table->expr); + struct expr_table_schema* expr_desc=&(p_table->expr); struct _stream_para_t* sp=ALLOC(struct _stream_para_t ,1); scanner=_feather->scanner; sp->feather=_feather; @@ -2108,9 +2229,9 @@ stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id, struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; struct Maat_scanner* scanner=NULL; sfh_instance_t * tmp_fuzzy_handle=NULL; - struct Maat_table_desc *p_table=NULL; + struct Maat_table_schema *p_table=NULL; int virtual_table_id=0; - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_DIGEST, &virtual_table_id); + p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_DIGEST, &virtual_table_id); if(p_table==NULL) { _feather->scan_err_cnt++; diff --git a/src/entry/Maat_command.cpp b/src/entry/Maat_command.cpp index a51b4de..b8062d6 100644 --- a/src/entry/Maat_command.cpp +++ b/src/entry/Maat_command.cpp @@ -1660,8 +1660,8 @@ int get_foreign_keys_define(redisContext *ctx, struct serial_rule_t* rule_list, { int i=0; int rule_with_foreign_key=0; - struct Maat_table_desc* p_table=NULL; - struct plugin_table_desc* plugin_desc=NULL; + struct Maat_table_schema* p_table=NULL; + struct plugin_table_schema* plugin_desc=NULL; for(i=0; ilogger; if(mr_ctx->write_ctx!=NULL&&mr_ctx->write_ctx->err==0)//authorized to write @@ -1925,7 +1925,7 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx* m { if(table_type==TABLE_TYPE_PLUGIN) { - table_desc=Maat_table_get_by_id(feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); + table_desc=Maat_table_get_scan_by_id(feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); plugin_desc=&(table_desc->plugin); valid_column=plugin_desc->valid_flag_column; } @@ -2091,8 +2091,8 @@ int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_line_t** line_ru _Maat_feather_t* _feather=(_Maat_feather_t*)feather; int ret=0, table_id=0,success_cnt=0; struct serial_rule_t *s_rule=NULL; - struct Maat_table_desc* p_table=NULL; - struct plugin_table_desc* plugin_desc=NULL; + struct Maat_table_schema* p_table=NULL; + struct plugin_table_schema* plugin_desc=NULL; long long server_time=0,absolute_expire_time=0; const char* p_foreign=NULL; int foreign_key_size=0; @@ -2119,7 +2119,7 @@ int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_line_t** line_ru ret=-1; goto error_out; } - p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); + p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); if(!p_table) { MESA_handle_runtime_log(_feather->logger,RLOG_LV_FATAL,maat_command diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp index a33ac11..052001f 100644 --- a/src/entry/Maat_rule.cpp +++ b/src/entry/Maat_rule.cpp @@ -746,7 +746,7 @@ void EMPTY_FREE(void*p) return; } -struct Maat_compile_rule* create_compile_rule(struct Maat_rule_head* p_head, const char* service_define, int declared_grp_num, double exec_seq, const struct Maat_table_desc* table) +struct Maat_compile_rule* create_compile_rule(struct Maat_rule_head* p_head, const char* service_define, int declared_grp_num, double exec_seq, const struct Maat_table_schema* table) { int i=0; struct Maat_compile_rule*p=ALLOC(struct Maat_compile_rule, 1); @@ -772,7 +772,7 @@ struct Maat_compile_rule* create_compile_rule(struct Maat_rule_head* p_head, con void destroy_compile_rule(struct Maat_compile_rule* compile_rule) { int i=0; - const struct compile_table_desc* compile_desc= &(compile_rule->ref_table->compile); + const struct compile_table_schema* compile_desc= &(compile_rule->ref_table->compile); for(i=0; iex_data_num; i++) { @@ -1573,13 +1573,13 @@ int get_district_id(Maat_scanner *scanner,const char* district_str) } return district_id; } -int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,struct Maat_scanner *scanner,void* logger) +int add_expr_rule(struct Maat_table_schema* table,struct db_str_rule_t* db_rule,struct Maat_scanner *scanner,void* logger) { unsigned int i=0,j=0; char* p=NULL,*saveptr=NULL,*region_string=NULL; int region_str_len=0,ret=0,k=0; int expr_id=0,district_id=-1; - struct expr_table_desc* expr_desc=&(table->expr); + struct expr_table_schema* expr_desc=&(table->expr); scan_rule_t*p_rule=NULL; struct Maat_group_inner* group_rule=NULL; enum MAAT_CHARSET dst_charset=CHARSET_NONE; @@ -1837,7 +1837,7 @@ int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,st } return 0; } -int add_ip_rule(struct Maat_table_desc* table,struct db_ip_rule_t* db_ip_rule,struct Maat_scanner *scanner,void* logger) +int add_ip_rule(struct Maat_table_schema* table,struct db_ip_rule_t* db_ip_rule,struct Maat_scanner *scanner,void* logger) { struct Maat_group_inner* group_rule=NULL; scan_rule_t* p_rule=NULL; @@ -1868,7 +1868,7 @@ int add_ip_rule(struct Maat_table_desc* table,struct db_ip_rule_t* db_ip_rule,st MESA_lqueue_join_tail(scanner->region_update_q, &op_expr, sizeof(void*)); return 0; } -int add_intval_rule(struct Maat_table_desc* table,struct db_intval_rule* intval_rule,struct Maat_scanner *scanner,void* logger) +int add_intval_rule(struct Maat_table_schema* table,struct db_intval_rule* intval_rule,struct Maat_scanner *scanner,void* logger) { struct Maat_group_inner* group_rule=NULL; scan_rule_t* p_rule=NULL; @@ -1898,7 +1898,7 @@ int add_intval_rule(struct Maat_table_desc* table,struct db_intval_rule* intval_ MESA_lqueue_join_tail(scanner->region_update_q, &op_expr, sizeof(void*)); return 0; } -int add_digest_rule(struct Maat_table_desc* table, struct db_digest_rule* db_rule, struct Maat_scanner *scanner,void* logger) +int add_digest_rule(struct Maat_table_schema* table, struct db_digest_rule* db_rule, struct Maat_scanner *scanner,void* logger) { struct Maat_group_inner* group_rule=NULL; struct Maat_group_inner* u_para=NULL; @@ -1920,7 +1920,7 @@ int add_digest_rule(struct Maat_table_desc* table, struct db_digest_rule* db_rul scanner->gie_update_q_size++; return 0; } -int del_region_rule(struct Maat_table_desc* table,int region_id,int group_id,int rule_type,struct Maat_scanner *maat_scanner,void* logger) +int del_region_rule(struct Maat_table_schema* table,int region_id,int group_id,int rule_type,struct Maat_scanner *maat_scanner,void* logger) { int i=0; unsigned int expr_id[MAAT_MAX_EXPR_ITEM_NUM*MAX_CHARSET_NUM]={0}; @@ -1978,7 +1978,7 @@ int del_region_rule(struct Maat_table_desc* table,int region_id,int group_id,int return 0; } -int add_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger) +int add_group_rule(struct Maat_table_schema* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger) { struct Maat_group_inner* group_rule=NULL, *parent_group=NULL; struct Maat_compile_group_relation*compile_rule=NULL; @@ -2034,7 +2034,7 @@ int add_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_gro scanner->to_update_group_cnt++; return 1; } -int del_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger) +int del_group_rule(struct Maat_table_schema* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger) { struct Maat_compile_group_relation* relation=NULL; struct Maat_group_inner* group_rule=NULL, *parent_group=NULL; @@ -2122,7 +2122,7 @@ int del_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_gro scanner->to_update_group_cnt++; return 1; } -int add_compile_rule(struct Maat_table_desc* table, struct Maat_compile_rule* db_compile_rule, struct Maat_scanner *scanner, void* logger) +int add_compile_rule(struct Maat_table_schema* table, struct Maat_compile_rule* db_compile_rule, struct Maat_scanner *scanner, void* logger) { struct Maat_compile_group_relation *cg_relation=NULL; struct Maat_rule_head *p_maat_rule_head=&(db_compile_rule->head); @@ -2144,7 +2144,7 @@ int add_compile_rule(struct Maat_table_desc* table, struct Maat_compile_rule* db return 0; } -int del_compile_rule(struct Maat_table_desc* table, int compile_id, struct Maat_scanner *scanner, void* logger) +int del_compile_rule(struct Maat_table_schema* table, int compile_id, struct Maat_scanner *scanner, void* logger) { struct Maat_compile_group_relation *cg_relation=NULL; cg_relation=(struct Maat_compile_group_relation*)HASH_fetch_by_id(scanner->compile_hash, compile_id); @@ -2169,7 +2169,7 @@ int del_compile_rule(struct Maat_table_desc* table, int compile_id, struct Maat_ scanner->to_update_compile_cnt++; return 1; } -void update_group_rule(struct Maat_table_desc* table,const char* table_line,struct Maat_scanner *scanner, struct Maat_table_manager* table_mgr, void* logger) +void update_group_rule(struct Maat_table_schema* table,const char* table_line,struct Maat_scanner *scanner, struct Maat_table_manager* table_mgr, void* logger) { struct db_group_rule_t db_group_rule; struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id); @@ -2259,7 +2259,7 @@ void update_group_rule(struct Maat_table_desc* table,const char* table_line,stru return; } -void update_expr_rule(struct Maat_table_desc* table,const char* table_line,struct Maat_scanner *scanner,void* logger) +void update_expr_rule(struct Maat_table_schema* table,const char* table_line,struct Maat_scanner *scanner,void* logger) { struct db_str_rule_t* maat_str_rule=ALLOC(struct db_str_rule_t, 1); int ret=0,db_hexbin=0,rule_type=0; @@ -2546,7 +2546,7 @@ int ip_format2range(int ip_type, enum MAAT_IP_FORMAT format, const char* ip1, co } return 0; } -void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner *scanner, void* logger) +void update_ip_rule(struct Maat_table_schema* table, const char* table_line, struct Maat_scanner *scanner, void* logger) { struct db_ip_rule_t* ip_rule=(struct db_ip_rule_t*)calloc(sizeof(struct db_ip_rule_t),1); char src_ip1[40]={0}, src_ip2[40]={0}, dst_ip1[40]={0}, dst_ip2[40]={0}; @@ -2779,7 +2779,7 @@ error_out: ip_rule=NULL; } -void update_intval_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner *scanner, void* logger) +void update_intval_rule(struct Maat_table_schema* table, const char* table_line, struct Maat_scanner *scanner, void* logger) { struct db_intval_rule* intval_rule=ALLOC(struct db_intval_rule, 1); struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id); @@ -2845,9 +2845,9 @@ error_out: intval_rule=NULL; } -void update_compile_rule(struct Maat_table_desc* table,const char* table_line ,struct Maat_scanner *scanner, const struct rule_tag* tags, int n_tags,void* logger) +void update_compile_rule(struct Maat_table_schema* table,const char* table_line ,struct Maat_scanner *scanner, const struct rule_tag* tags, int n_tags,void* logger) { - struct compile_table_desc* compile_desc=&(table->compile); + struct compile_table_schema* compile_desc=&(table->compile); struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id); struct Maat_compile_rule *p_compile=NULL; @@ -2933,7 +2933,7 @@ error_out: return; } -void update_digest_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner *scanner, void* logger) +void update_digest_rule(struct Maat_table_schema* table, const char* table_line, struct Maat_scanner *scanner, void* logger) { struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id); struct db_digest_rule* digest_rule=ALLOC(struct db_digest_rule, 1); @@ -3131,11 +3131,11 @@ void garbage_bury(MESA_lqueue_head garbage_q,int timeout,void *logger) q_cnt,bury_cnt); } } -void update_plugin_table(struct Maat_table_desc* table,const char* table_line,Maat_scanner* scanner, const struct rule_tag* tags, int n_tags, void* logger) +void update_plugin_table(struct Maat_table_schema* table,const char* table_line,Maat_scanner* scanner, const struct rule_tag* tags, int n_tags, void* logger) { int i=0, ret=1, matched_tag=1; unsigned int len=strlen(table_line)+1; - struct plugin_table_desc* plugin_desc=&(table->plugin); + struct plugin_table_schema* plugin_desc=&(table->plugin); struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id); char *p=NULL; char* copy=NULL; @@ -3470,7 +3470,7 @@ int maat_update_cb(const char* table_name,const char* line,void *u_para) { struct _Maat_feather_t *feather=(struct _Maat_feather_t *)u_para; Maat_scanner* scanner=NULL; - struct Maat_table_desc* p_table=NULL; + struct Maat_table_schema* p_table=NULL; if(feather->update_tmp_scanner!=NULL) { scanner=feather->update_tmp_scanner; diff --git a/src/entry/Maat_stat.cpp b/src/entry/Maat_stat.cpp index bcf3bfb..f26d1d9 100644 --- a/src/entry/Maat_stat.cpp +++ b/src/entry/Maat_stat.cpp @@ -43,7 +43,7 @@ void maat_stat_init(struct _Maat_feather_t* feather) { int value=0; int i=0,j=0,offset=0; - struct Maat_table_desc* p_table=NULL; + struct Maat_table_schema* p_table=NULL; char conj_table_name[(MAX_TABLE_NAME_LEN+1)*MAX_CONJUNCTION_TABLE_NUM]={0}; feather->stat_handle=FS_create_handle(); @@ -173,7 +173,7 @@ void maat_stat_output(struct _Maat_feather_t* feather) long long compile_rule_num=0, group_rule_num=0, not_group_rule_num=0, plugin_cache_num=0, plugin_acc_num=0; int i=0; time_t now; - struct Maat_table_desc* p_table=NULL; + struct Maat_table_schema* p_table=NULL; struct Maat_table_runtime* table_rt=NULL; time(&now); if(feather->scanner==NULL) diff --git a/src/entry/Maat_table.cpp b/src/entry/Maat_table.cpp index 32b2c39..65ea347 100644 --- a/src/entry/Maat_table.cpp +++ b/src/entry/Maat_table.cpp @@ -13,19 +13,19 @@ struct Maat_table_manager { - struct Maat_table_desc* p_table_info[MAX_TABLE_NUM]; + struct Maat_table_schema* p_table_info[MAX_TABLE_NUM]; size_t table_cnt; MESA_htable_handle map_tablename2id; int active_plugin_table_num; int is_last_plugin_table_updating; }; -int read_expr_table_info(const char* line, struct Maat_table_desc* table, MESA_htable_handle string2int_map) +int read_expr_table_info(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map) { int j=0,ret[4]={0}; char table_type[16],src_charset[256],dst_charset[256],merge[4],quick_str_scan[32]={0}; char *token=NULL,*sub_token=NULL,*saveptr; - struct expr_table_desc* p=&(table->expr); + struct expr_table_schema* p=&(table->expr); sscanf(line,"%d\t%s\t%s\t%s\t%s\t%s\t%d\t%s",&(table->table_id) ,table->table_name[0] ,table_type @@ -74,7 +74,7 @@ int read_expr_table_info(const char* line, struct Maat_table_desc* table, MESA_h } return 0; } -int read_virtual_table_info(const char* line, struct Maat_table_desc* table, MESA_htable_handle string2int_map) +int read_virtual_table_info(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map) { int ret=0; char table_type[16]; @@ -93,13 +93,13 @@ int read_virtual_table_info(const char* line, struct Maat_table_desc* table, MES } return 0; } -Maat_table_desc* table_info_new(void) +Maat_table_schema* table_info_new(void) { - struct Maat_table_desc*p=ALLOC(struct Maat_table_desc, 1); + struct Maat_table_schema*p=ALLOC(struct Maat_table_schema, 1); p->conj_cnt=1; return p; } -void table_info_free(struct Maat_table_desc*p) +void table_info_free(struct Maat_table_schema*p) { free(p); return; @@ -118,16 +118,16 @@ int _read_integer_arrary(char* string, int *array, int size) return i; } #define COLUMN_PLUGIN_DESCR_JSON 4 -int read_plugin_table_description(const char* line, struct Maat_table_desc* p) +int read_plugin_table_description(const char* line, struct Maat_table_schema* p) { int i=0,ret=0; size_t offset=0, len=0; cJSON* json=NULL, *tmp=NULL, *array_item=NULL; char* copy_line=NULL, *plug_info=NULL; - struct plugin_table_desc* plugin_desc=&(p->plugin); + struct plugin_table_schema* plugin_desc=&(p->plugin); copy_line=_maat_strdup(line); ret=get_column_pos(copy_line, COLUMN_PLUGIN_DESCR_JSON, &offset, &len); - if(i<0) + if(ret<0) { goto error_out; } @@ -202,10 +202,60 @@ error_out: free(copy_line); return -1; } +#define COLUMN_COMPOSITION_SCHEMA_JSON 4 +int read_composition_table_schema(const char* line, struct Maat_table_schema* p, MESA_htable_handle string2int_map) +{ + int ret=0; + size_t offset=0, len=0; + cJSON* json=NULL, *tmp=NULL; + char* copy_line=NULL, *composition_info=NULL; + struct composition_table_schema* composition_schema=&(p->composition); + copy_line=_maat_strdup(line); + ret=get_column_pos(copy_line, COLUMN_COMPOSITION_SCHEMA_JSON, &offset, &len); + if(ret<0) + { + goto error_out; + } + if(offset+lentype==cJSON_String) + { + strncpy(composition_schema->source_table.real_table_name, tmp->valuestring, sizeof(composition_schema->source_table.real_table_name)); + } + tmp=cJSON_GetObjectItem(json, "destination"); + if(tmp!=NULL && tmp->type==cJSON_String) + { + strncpy(composition_schema->destination_table.real_table_name, tmp->valuestring, sizeof(composition_schema->destination_table.real_table_name)); + } + tmp=cJSON_GetObjectItem(json, "session"); + if(tmp!=NULL && tmp->type==cJSON_String) + { + strncpy(composition_schema->session_table.real_table_name, tmp->valuestring, sizeof(composition_schema->session_table.real_table_name)); + } + cJSON_Delete(json); + + free(copy_line); + return 0; +error_out: + free(copy_line); + return -1; + +} static int Maat_table_build_map(struct Maat_table_manager* table_mgr, void* logger) { - struct Maat_table_desc** p_table_info=table_mgr->p_table_info; + struct Maat_table_schema** p_table_info=table_mgr->p_table_info; size_t n_table=MAX_TABLE_NUM; MESA_htable_handle map_tablename2id=map_create(); @@ -227,11 +277,55 @@ static int Maat_table_build_map(struct Maat_table_manager* table_mgr, void* logg MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module, "Undefined real table %s, virtual table %s of table id %d.", p_table_info[i]->virtual_table.real_table_name, - p_table_info[i]->table_name[j], + p_table_info[i]->table_name[0], p_table_info[i]->table_id); goto failed; } break; + case TABLE_TYPE_COMPOSITION: + if(strlen(p_table_info[i]->composition.source_table.real_table_name)>0) + { + ret=map_str2int(map_tablename2id, p_table_info[i]->composition.source_table.real_table_name, + &(p_table_info[i]->composition.source_table.real_table_id)); + if(ret<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module, + "Child table %s of table %s (id=%d) are not defined.", + p_table_info[i]->composition.source_table.real_table_name, + p_table_info[i]->table_name[0], + p_table_info[i]->table_id); + goto failed; + } + } + + if(strlen(p_table_info[i]->composition.destination_table.real_table_name)>0) + { + ret=map_str2int(map_tablename2id, p_table_info[i]->composition.destination_table.real_table_name, + &(p_table_info[i]->composition.destination_table.real_table_id)); + if(ret<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module, + "Child table %s of table %s (id=%d) are not defined.", + p_table_info[i]->composition.destination_table.real_table_name, + p_table_info[i]->table_name[0], + p_table_info[i]->table_id); + goto failed; + } + } + if(strlen(p_table_info[i]->composition.session_table.real_table_name)>0) + { + ret=map_str2int(map_tablename2id, p_table_info[i]->composition.session_table.real_table_name, + &(p_table_info[i]->composition.session_table.real_table_id)); + if(ret<0) + { + MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module, + "Child table %s of table %s (id=%d) are not defined.", + p_table_info[i]->composition.session_table.real_table_name, + p_table_info[i]->table_name[0], + p_table_info[i]->table_id); + goto failed; + } + } default: break; } @@ -283,8 +377,8 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path int i=0, ret=0; char table_type_str[16]={0},not_care[1024]={0}, tmp_str[32]={0}; MESA_htable_handle string2int_map=NULL;; - struct Maat_table_desc*p=NULL; - struct Maat_table_desc*conj_table=NULL; + struct Maat_table_schema*p=NULL; + struct Maat_table_schema*conj_table=NULL; fp=fopen(table_info_path,"r"); if(fp==NULL) { @@ -294,7 +388,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path return NULL; } table_mgr=ALLOC(struct Maat_table_manager, 1); - struct Maat_table_desc** p_table_info=table_mgr->p_table_info; + struct Maat_table_schema** p_table_info=table_mgr->p_table_info; size_t n_table=MAX_TABLE_NUM; string2int_map=map_create(); @@ -309,6 +403,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path map_register(string2int_map,"group", TABLE_TYPE_GROUP); map_register(string2int_map,"similar", TABLE_TYPE_SIMILARITY); map_register(string2int_map,"virtual", TABLE_TYPE_VIRTUAL); + map_register(string2int_map,"composition", TABLE_TYPE_COMPOSITION); map_register(string2int_map,"quickoff", 0); map_register(string2int_map,"quickon", 1); map_register(string2int_map,"escape", USER_REGION_ENCODE_ESCAPE); @@ -376,9 +471,19 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path ret=read_plugin_table_description(line, p); if(ret<0) { - fprintf(stderr,"Maat read table info %s line %d error:illegal plugin info.\n",table_info_path,i); + fprintf(stderr,"Maat read table info %s line %d error:illegal plugin info.\n", table_info_path,i); MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module, - "Maat read table info %s line %d error:illegal plugin info.",table_info_path,i); + "Maat read table info %s line %d error:illegal plugin info.", table_info_path,i); + goto invalid_table; + } + break; + case TABLE_TYPE_COMPOSITION: + ret=read_composition_table_schema(line, p, string2int_map); + if(ret<0) + { + fprintf(stderr,"Maat read table info %s line %d error:illegal composition info.\n", table_info_path,i); + MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module, + "Maat read table info %s line %d error:illegal composition info.", table_info_path,i); goto invalid_table; } break; @@ -386,9 +491,9 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path ret=read_virtual_table_info(line, p, string2int_map); if(ret<0) { - fprintf(stderr,"Maat read table info %s line %d error:illegal virtual info.\n",table_info_path,i); + fprintf(stderr,"Maat read table info %s line %d error:illegal virtual info.\n", table_info_path,i); MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module, - "Maat read table info %s line %d error:illegal virtual info.",table_info_path,i); + "Maat read table info %s line %d error:illegal virtual info.", table_info_path,i); goto invalid_table; } break; @@ -509,9 +614,9 @@ enum MAAT_TABLE_TYPE Maat_table_get_type_by_id(struct Maat_table_manager* table_ return TABLE_TYPE_INVALID; } -struct Maat_table_desc * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id) +struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id) { - if(table_id>MAX_TABLE_NUM) + if(table_id>MAX_TABLE_NUM||table_id<0) { return NULL; } @@ -519,13 +624,13 @@ struct Maat_table_desc * Maat_table_get_by_id_raw(struct Maat_table_manager* tab return table_mgr->p_table_info[table_id]; } -struct Maat_table_desc * Maat_table_get_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id) +struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id) { - struct Maat_table_desc **p_table_info=table_mgr->p_table_info; + struct Maat_table_schema **p_table_info=table_mgr->p_table_info; size_t n_table=MAX_TABLE_NUM; - struct Maat_table_desc *p_table=NULL, *p_real_table=NULL; + struct Maat_table_schema *p_table=NULL, *p_real_table=NULL; if((unsigned int) table_id>n_table) { return NULL; @@ -580,8 +685,8 @@ int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr, void* u_para) { int idx=0; - struct Maat_table_desc *p_table=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); - struct plugin_table_desc *plugin_desc=&(p_table->plugin); + struct Maat_table_schema *p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); + struct plugin_table_schema *plugin_desc=&(p_table->plugin); if(p_table==NULL) { return -1; @@ -603,14 +708,14 @@ int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr, struct compile_ex_data_idx* Maat_table_get_compile_rule_ex_desc(struct Maat_table_manager* table_mgr, const char* compile_table_name, int idx) { int table_id=-1; - struct Maat_table_desc *p_table=NULL; + struct Maat_table_schema *p_table=NULL; table_id=Maat_table_get_id_by_name(table_mgr, compile_table_name); if(table_id<0) { return NULL; } - p_table=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL); + p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL); if(!p_table) { return NULL; @@ -629,20 +734,20 @@ int Maat_table_new_compile_rule_ex_index(struct Maat_table_manager* table_mgr, c long argl, void *argp) { int table_id=-1; - struct Maat_table_desc *p_table=NULL; + struct Maat_table_schema *p_table=NULL; table_id=Maat_table_get_id_by_name(table_mgr, compile_table_name); if(table_id<0) { return -1; } - p_table=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL); + p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL); if(!p_table) { return -1; } int idx=-1; - struct compile_table_desc* compile_desc=&(p_table->compile); + struct compile_table_schema* compile_desc=&(p_table->compile); if(compile_desc->ex_data_num==MAX_COMPILE_EX_DATA_NUM) { return -1; @@ -668,9 +773,9 @@ int Maat_table_plugin_new_ex_index(struct Maat_table_manager* table_mgr, int tab long argl, void *argp) { - struct Maat_table_desc *table_desc=NULL;; - table_desc=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); - struct plugin_table_desc* plugin_desc=&(table_desc->plugin); + struct Maat_table_schema *table_desc=NULL;; + table_desc=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL); + struct plugin_table_schema* plugin_desc=&(table_desc->plugin); if(plugin_desc->have_exdata || plugin_desc->key_column==0 || plugin_desc->valid_flag_column==0) @@ -690,8 +795,8 @@ void Maat_table_manager_all_plugin_cb_start(struct Maat_table_manager* table_mgr { table_mgr->active_plugin_table_num=0; int i=0, j=0; - struct Maat_table_desc* p_table=NULL; - struct plugin_table_desc* plugin_desc=NULL; + struct Maat_table_schema* p_table=NULL; + struct plugin_table_schema* plugin_desc=NULL; for(i=0; iis_last_plugin_table_updating; } -struct Maat_table_desc* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name) +struct Maat_table_schema* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name) { - struct Maat_table_desc * p_table=NULL; + struct Maat_table_schema * p_table=NULL; int table_id=0; table_id=Maat_table_get_id_by_name(table_mgr, table_name); if(table_id<0) @@ -769,7 +874,7 @@ struct Maat_table_desc* Maat_table_get_desc_by_name(struct Maat_table_manager* t p_table=table_mgr->p_table_info[table_id]; return p_table; } -void Maat_table_set_updating_name(struct Maat_table_desc* p_table, const char* table_name) +void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char* table_name) { int i=0; for(i=0; iconj_cnt; i++) @@ -782,3 +887,28 @@ void Maat_table_set_updating_name(struct Maat_table_desc* p_table, const char* t assert(i<=p_table->conj_cnt); } +int Maat_table_get_child_id(struct Maat_table_schema* p_table, enum MAAT_TABLE_CHILD_TYPE type) +{ + int ret=-1; + if(p_table->table_type!=TABLE_TYPE_COMPOSITION) + { + return -1; + } + switch (type) + { + case CHILD_TABLE_TYPE_SOURCE_IP: + ret=p_table->composition.source_table.real_table_id; + break; + case CHILD_TABLE_TYPE_DESTINATION_IP: + ret=p_table->composition.destination_table.real_table_id; + break; + case CHILD_TABLE_TYPE_SESSION: + ret=p_table->composition.session_table.real_table_id; + break; + default: + assert(0); + break; + } + return ret; +} + diff --git a/src/entry/Maat_table_runtime.cpp b/src/entry/Maat_table_runtime.cpp index 5b9dbc0..d145e31 100644 --- a/src/entry/Maat_table_runtime.cpp +++ b/src/entry/Maat_table_runtime.cpp @@ -9,12 +9,12 @@ struct wrap_plugin_EX_data { MAAT_RULE_EX_DATA exdata; - const struct Maat_table_desc* ref_plugin_table; + const struct Maat_table_schema* ref_plugin_table; }; void wrap_plugin_EX_data_free(void *data) { struct wrap_plugin_EX_data* wrap_data=(struct wrap_plugin_EX_data*)data; - const struct plugin_table_ex_data_desc* ex_desc= &(wrap_data->ref_plugin_table->plugin.ex_desc); + const struct plugin_table_ex_data_schema* ex_desc= &(wrap_data->ref_plugin_table->plugin.ex_desc); ex_desc->free_func(wrap_data->ref_plugin_table->table_id, &(wrap_data->exdata), ex_desc->argl, ex_desc->argp); wrap_data->ref_plugin_table=NULL; free(wrap_data); @@ -51,11 +51,11 @@ MESA_htable_handle wrap_plugin_EX_hash_new(long long estimate_size, Maat_plugin_ return key2ex_hash; } -int plugin_EX_data_free(const struct Maat_table_desc* plugin_table, const char* line, +int plugin_EX_data_free(const struct Maat_table_schema* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger) { size_t key_offset=0, key_len=0; - const struct plugin_table_desc* plugin_desc= &(plugin_table->plugin); + const struct plugin_table_schema* plugin_desc= &(plugin_table->plugin); int ret=0; ret=get_column_pos(line, plugin_desc->key_column, &key_offset, &key_len); if(ret<0) @@ -76,14 +76,14 @@ int plugin_EX_data_free(const struct Maat_table_desc* plugin_table, const char* return 0; } -int plugin_EX_data_new(const struct Maat_table_desc* plugin_table, const char* line, +int plugin_EX_data_new(const struct Maat_table_schema* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger) { char* key=NULL; size_t key_offset=0, key_len=0; MAAT_RULE_EX_DATA exdata=NULL; struct wrap_plugin_EX_data* wrap_data=NULL; - const struct plugin_table_desc* plugin_desc= &(plugin_table->plugin); + const struct plugin_table_schema* plugin_desc= &(plugin_table->plugin); int ret=0; ret=get_column_pos(line, plugin_desc->key_column, &key_offset, &key_len); if(ret<0) @@ -149,7 +149,7 @@ static void destroy_digest_rule(GIE_digest_t*rule) return; } -static struct Maat_table_runtime* table_runtime_new(const struct Maat_table_desc* table_desc, int max_thread_num) +static struct Maat_table_runtime* table_runtime_new(const struct Maat_table_schema* table_desc, int max_thread_num) { struct Maat_table_runtime* table_rt= ALLOC(struct Maat_table_runtime, 1); @@ -233,7 +233,7 @@ static void table_runtime_free(struct Maat_table_runtime* p) struct Maat_table_runtime_manager* Maat_table_runtime_manager_create(struct Maat_table_manager* table_manager, int max_thread_num) { - const struct Maat_table_desc* table_desc=NULL; + const struct Maat_table_schema* table_desc=NULL; struct Maat_table_runtime* table_rt=NULL; struct Maat_table_runtime_manager* table_rt_mgr=ALLOC(struct Maat_table_runtime_manager, 1); size_t i=0; @@ -281,13 +281,13 @@ const char* Maat_table_runtime_plugin_get_cached_line(struct Maat_table_runtime* line=(const char*)dynamic_array_read(plugin_rt->cache_lines, Nth_line); return line; } -MESA_htable_handle plugin_EX_htable_new(const struct Maat_table_desc* plugin_table, +MESA_htable_handle plugin_EX_htable_new(const struct Maat_table_schema* plugin_table, struct dynamic_array_t* lines, size_t line_cnt, void* logger) { MESA_htable_handle key2ex_hash=NULL; size_t i=0; const char* line=NULL; - const struct plugin_table_desc* plugin_desc= &(plugin_table->plugin); + const struct plugin_table_schema* plugin_desc= &(plugin_table->plugin); key2ex_hash=wrap_plugin_EX_hash_new(plugin_desc->estimate_size, plugin_desc->ex_desc.key2index_func); @@ -298,7 +298,7 @@ MESA_htable_handle plugin_EX_htable_new(const struct Maat_table_desc* plugin_tab } return key2ex_hash; } -int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, void* logger) +int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, void* logger) { assert(table_rt->plugin.key2ex_hash==NULL); if(table_rt->plugin.key2ex_hash) @@ -309,9 +309,9 @@ int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, st table_rt->plugin.cache_line_num, logger); return 0; } -MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, const char* key) +MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, const char* key) { - struct plugin_table_desc* plugin_desc=NULL; + struct plugin_table_schema* plugin_desc=NULL; struct wrap_plugin_EX_data* wrap_data=NULL; MAAT_RULE_EX_DATA exdata=NULL; diff --git a/src/entry/json2iris.cpp b/src/entry/json2iris.cpp index 4ff85c5..5305426 100644 --- a/src/entry/json2iris.cpp +++ b/src/entry/json2iris.cpp @@ -25,6 +25,7 @@ const int json_version=1; struct group_info_t { int group_id; + char group_name[MAX_PATH_LINE]; }; struct iris_table_t { @@ -978,7 +979,7 @@ int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int trac } group_info=(struct group_info_t*)MESA_htable_search(p_iris->group_name_map, (const unsigned char*)group_name, strlen(group_name)); - if(group_info==NULL)//exist group name, region already read + if(group_info==NULL)//exist group name, regions and sub groups will be ommit. { if(0==strncasecmp(group_name, untitled_group_name, strlen(untitled_group_name))) { @@ -989,9 +990,43 @@ int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int trac { group_info=ALLOC(struct group_info_t, 1); group_info->group_id=get_group_seq(p_iris); + strncpy(group_info->group_name, group_name, sizeof(group_info->group_name)); MESA_htable_add(p_iris->group_name_map, (const unsigned char*)group_name, strlen(group_name), group_info); } - } + region_json=cJSON_GetObjectItem(group_json,"regions"); + if(region_json!=NULL) + { + cJSON_ArrayForEach(region_rule, region_json) + { + ret=write_region_rule(region_rule, tracking_compile_id, group_info->group_id, p_iris, logger); + if(ret<0) + { + MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json, + "compile rule %d write region error.", tracking_compile_id); + return -1; + } + } + } + sub_groups=cJSON_GetObjectItem(group_json,"sub_groups"); + if(sub_groups!=NULL) + { + //recursively + + cJSON_ArrayForEach(item, sub_groups) + { + ret=write_group_rule(item, group_info->group_id, PARENT_TYPE_GROUP, tracking_compile_id, p_iris, logger); + if(ret<0) + { + return -1; + } + } + } + if(region_json==NULL && sub_groups==NULL) + { + MESA_handle_runtime_log(logger, RLOG_LV_INFO, maat_json, + "A group of compile rule %d has neither regions, sub groups, nor refered another exisited group.", tracking_compile_id); + } + } ret=write_group_line(group_info->group_id, parent_id, group_not_flag, parent_type, virtual_table, p_iris, logger); if(ret<0) { @@ -999,34 +1034,7 @@ int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int trac "%s rule %d write group error.", _str_parent_type[parent_type], parent_id); return -1; } - region_json=cJSON_GetObjectItem(group_json,"regions"); - if(region_json!=NULL) - { - cJSON_ArrayForEach(region_rule, region_json) - { - ret=write_region_rule(region_rule, tracking_compile_id, group_info->group_id, p_iris, logger); - if(ret<0) - { - MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json, - "compile rule %d write region error.", tracking_compile_id); - return -1; - } - } - } - sub_groups=cJSON_GetObjectItem(group_json,"sub_groups"); - if(sub_groups!=NULL) - { - //recursively - - cJSON_ArrayForEach(item, sub_groups) - { - ret=write_group_rule(item, group_info->group_id, PARENT_TYPE_GROUP, tracking_compile_id, p_iris, logger); - if(ret<0) - { - return -1; - } - } - } + return 0; } int write_iris(cJSON *json, struct iris_description_t *p_iris, void* logger) diff --git a/src/inc_internal/Maat_rule_internal.h b/src/inc_internal/Maat_rule_internal.h index 130e6c4..57772e0 100644 --- a/src/inc_internal/Maat_rule_internal.h +++ b/src/inc_internal/Maat_rule_internal.h @@ -95,7 +95,7 @@ struct Maat_compile_rule int is_valid; int declared_grp_num; double evaluation_order; - const struct Maat_table_desc* ref_table; + const struct Maat_table_schema* ref_table; MAAT_RULE_EX_DATA* ads; }; @@ -214,7 +214,7 @@ struct iconv_handle_t struct _stream_para_t { struct _Maat_feather_t* feather; - const struct Maat_table_desc* p_real_table; + const struct Maat_table_schema* p_real_table; int virtual_table_id; int version; int thread_num; @@ -455,8 +455,8 @@ void fill_maat_rule(struct Maat_rule_t *rule, const struct Maat_rule_head* rule_ MAAT_RULE_EX_DATA rule_ex_data_new(const struct Maat_rule_head * rule_head, const char* srv_def, const struct compile_ex_data_idx* ex_desc); void rule_ex_data_free(const struct Maat_rule_head * rule_head, const char* srv_def, MAAT_RULE_EX_DATA *ad, const struct compile_ex_data_idx* ex_desc); MESA_htable_handle wrap_plugin_EX_hash_new(long long estimate_size, Maat_plugin_EX_key2index_func_t * key2index); -int plugin_EX_data_new(const struct Maat_table_desc* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger); -int plugin_EX_data_free(const struct Maat_table_desc* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger); +int plugin_EX_data_new(const struct Maat_table_schema* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger); +int plugin_EX_data_free(const struct Maat_table_schema* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger); void set_serial_rule(struct serial_rule_t* rule,enum MAAT_OPERATION op,int rule_id,int label_id,const char* table_name,const char* line, long long timeout); diff --git a/src/inc_internal/Maat_table.h b/src/inc_internal/Maat_table.h index d056b2d..3e14f98 100644 --- a/src/inc_internal/Maat_table.h +++ b/src/inc_internal/Maat_table.h @@ -29,6 +29,7 @@ enum MAAT_TABLE_TYPE TABLE_TYPE_EXPR_PLUS, TABLE_TYPE_SIMILARITY, TABLE_TYPE_VIRTUAL, + TABLE_TYPE_COMPOSITION, TABLE_TYPE_GROUP, TABLE_TYPE_COMPILE, TABLE_TYPE_PLUGIN @@ -44,14 +45,14 @@ struct compile_ex_data_idx int idx; int table_id; }; -struct compile_table_desc +struct compile_table_schema { enum USER_REGION_ENCODE user_region_encoding; int ex_data_num; struct compile_ex_data_idx ex_desc[MAX_COMPILE_EX_DATA_NUM]; }; -struct expr_table_desc +struct expr_table_schema { enum MAAT_CHARSET src_charset; enum MAAT_CHARSET dst_charset[MAX_CHARSET_NUM]; @@ -61,19 +62,23 @@ struct expr_table_desc int quick_expr_switch;//obsolete since 20190401 long long iconv_err_cnt; }; -struct virtual_table_desc +struct virtual_table_schema { int real_table_id; char real_table_name[MAX_TABLE_NAME_LEN]; }; -struct plugin_table_callback_desc +struct composition_table_schema +{ + struct virtual_table_schema source_table, destination_table, session_table; +}; +struct plugin_table_callback_schema { Maat_start_callback_t *start; Maat_update_callback_t *update; Maat_finish_callback_t *finish; void* u_para; }; -struct plugin_table_ex_data_desc +struct plugin_table_ex_data_schema { Maat_plugin_EX_new_func_t* new_func; Maat_plugin_EX_free_func_t* free_func; @@ -82,7 +87,7 @@ struct plugin_table_ex_data_desc long argl; void *argp; }; -struct plugin_table_desc +struct plugin_table_schema { int key_column; int valid_flag_column; @@ -92,11 +97,11 @@ struct plugin_table_desc int cb_plug_cnt; int have_exdata; long long estimate_size; - struct plugin_table_callback_desc cb_plug[MAX_PLUGIN_PER_TABLE]; - struct plugin_table_ex_data_desc ex_desc; + struct plugin_table_callback_schema cb_plug[MAX_PLUGIN_PER_TABLE]; + struct plugin_table_ex_data_schema ex_desc; }; -struct Maat_table_desc +struct Maat_table_schema { int table_id; int conj_cnt; @@ -105,12 +110,13 @@ struct Maat_table_desc enum MAAT_TABLE_TYPE table_type; union { - struct compile_table_desc compile; - struct expr_table_desc expr; - struct plugin_table_desc plugin; - struct virtual_table_desc virtual_table;; + struct compile_table_schema compile; + struct expr_table_schema expr; + struct plugin_table_schema plugin; + struct virtual_table_schema virtual_table; + struct composition_table_schema composition; void* others;//group, ip, interval and digest don't have sperate description info. - }; + }; //for stat>>>>>>>> unsigned long long udpate_err_cnt; unsigned long long unmatch_tag_cnt; @@ -122,8 +128,8 @@ void Maat_table_manager_destroy(struct Maat_table_manager* table_mgr); size_t Maat_table_manager_get_size(struct Maat_table_manager* table_mgr); size_t Maat_table_manager_get_count(struct Maat_table_manager* table_mgr); -struct Maat_table_desc * Maat_table_get_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id); -struct Maat_table_desc * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id); +struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id); +struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id); int Maat_table_get_id_by_name(struct Maat_table_manager* table_mgr, const char* table_name); int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr, @@ -153,6 +159,14 @@ void Maat_table_manager_all_plugin_cb_start(struct Maat_table_manager* table_mgr void Maat_table_manager_all_plugin_cb_finish(struct Maat_table_manager* table_mgr); int Maat_table_manager_is_last_plugin_table_updating(struct Maat_table_manager* table_mgr); -struct Maat_table_desc* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name); -void Maat_table_set_updating_name(struct Maat_table_desc* p_table, const char* table_name); +struct Maat_table_schema* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name); +void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char* table_name); +enum MAAT_TABLE_CHILD_TYPE +{ + CHILD_TABLE_TYPE_NONE=-1, + CHILD_TABLE_TYPE_SOURCE_IP=0, + CHILD_TABLE_TYPE_DESTINATION_IP, + CHILD_TABLE_TYPE_SESSION +}; +int Maat_table_get_child_id(struct Maat_table_schema* p_table, enum MAAT_TABLE_CHILD_TYPE type); diff --git a/src/inc_internal/Maat_table_runtime.h b/src/inc_internal/Maat_table_runtime.h index caeae5d..acd1a69 100644 --- a/src/inc_internal/Maat_table_runtime.h +++ b/src/inc_internal/Maat_table_runtime.h @@ -60,8 +60,8 @@ struct Maat_table_runtime* Maat_table_runtime_get(struct Maat_table_runtime_mana long long Maat_table_runtime_plugin_cached_line_count(struct Maat_table_runtime* table_rt); const char* Maat_table_runtime_plugin_get_cached_line(struct Maat_table_runtime* table_rt, long long Nth_line); -int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, void* logger); -MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, const char* key); +int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, void* logger); +MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, const char* key); void Maat_table_runtime_digest_add(struct Maat_table_runtime* table_rt, int expr_id, const char* digest, short confidence_degree, void* tag); void Maat_table_runtime_digest_del(struct Maat_table_runtime* table_rt, int expr_id); int Maat_table_runtime_digest_batch_udpate(struct Maat_table_runtime* table_rt); diff --git a/test/maat_json.json b/test/maat_json.json index 4de4373..00e00bb 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1470,11 +1470,11 @@ "do_blacklist": 0, "do_log": 0, "effective_rage": 0, - "user_region": "IPScan.IPv4_component.source", + "user_region": "IPScan.IPv4_virtual.source", "is_valid": "no", "groups": [ { - "group_name": "ipv4_component.source", + "group_name": "ipv4_virtual.source", "regions": [ { "table_type": "ip_plus", @@ -1483,7 +1483,7 @@ "addr_type": "ipv4", "saddr_format": "CIDR", "src_ip1": "192.168.40.10", - "src_ip2": "0", + "src_ip2": "32", "sport_format": "mask", "src_port1": "443", "src_port2": "65535", @@ -1509,11 +1509,11 @@ "do_blacklist": 0, "do_log": 0, "effective_rage": 0, - "user_region": "IPScan.IPv4_component.destination", + "user_region": "IPScan.IPv4_virtual.destination", "is_valid": "no", "groups": [ { - "group_name": "ipv4_component.destination", + "group_name": "ipv4_virtual.destination", "regions": [ { "table_type": "ip_plus", @@ -1522,7 +1522,7 @@ "addr_type": "ipv4", "saddr_format": "CIDR", "src_ip1": "192.168.231.46", - "src_ip2": "0", + "src_ip2": "32", "sport_format": "mask", "src_port1": "25705", "src_port2": "65535", @@ -1548,20 +1548,176 @@ "do_blacklist": 0, "do_log": 0, "effective_rage": 0, - "user_region": "ipv4_component.match", + "user_region": "ipv4_virtual.match", "is_valid": "yes", "groups": [ { - "group_name":"ipv4_component.source", + "group_name":"ipv4_virtual.source", "virtual_table":"VIRTUAL_IP_PLUS_SOURCE", "not_flag":0 }, { - "group_name":"ipv4_component.destination", + "group_name":"ipv4_virtual.destination", "virtual_table":"VIRTUAL_IP_PLUS_DESTINATION", "not_flag":0 } ] + }, + { + "compile_id": 173, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "IPScan.IPv4_composition.source", + "is_valid": "no", + "groups": [ + { + "group_name": "ipv4_composition.source", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "192.168.40.11", + "src_ip2": "32", + "sport_format": "mask", + "src_port1": "443", + "src_port2": "65535", + "daddr_format": "CIDR", + "dst_ip1": "0.0.0.0", + "dst_ip2": "0", + "dport_format": "range", + "dst_port1": "0", + "dst_port2": "0", + "protocol": 6, + "direction": "double" + } + } + ], + "not_flag" : 0 + } + ] + }, + { + "compile_id": 174, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "IPScan.IPv4_composition.destination", + "is_valid": "no", + "groups": [ + { + "group_name": "ipv4_composition.destination", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "192.168.231.47", + "src_ip2": "32", + "sport_format": "mask", + "src_port1": "25715", + "src_port2": "65535", + "daddr_format": "CIDR", + "dst_ip1": "0.0.0.0", + "dst_ip2": "0", + "dport_format": "range", + "dst_port1": "0", + "dst_port2": "0", + "protocol": 6, + "direction": "double" + } + } + ], + "not_flag" : 0 + } + ] + }, + { + "compile_id": 175, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.match", + "is_valid": "yes", + "groups": [ + { + "group_name":"ipv4_composition.source", + "virtual_table":"COMPOSITION_IP_SOURCE", + "not_flag":0 + }, + { + "group_name":"ipv4_composition.destination", + "virtual_table":"COMPOSITION_IP_DESTINATION", + "not_flag":0 + } + ] + }, + { + "compile_id": 176, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "IPScan.IPv4_composition.session", + "is_valid": "no", + "groups": [ + { + "group_name": "ipv4_composition.session", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "192.168.40.11", + "src_ip2": "2", + "sport_format": "mask", + "src_port1": "443", + "src_port2": "65535", + "daddr_format": "CIDR", + "dst_ip1": "192.168.231.47", + "dst_ip2": "32", + "dport_format": "range", + "dst_port1": "25715", + "dst_port2": "25715", + "protocol": 6, + "direction": "single" + } + } + ], + "not_flag" : 0 + } + ] + }, + { + "compile_id": 177, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.session.match", + "is_valid": "yes", + "groups": [ + { + "group_name":"ipv4_composition.session", + "virtual_table":"COMPOSITION_IP_SESSION", + "not_flag":0 + } + ] } ], "plugin_table": [ diff --git a/test/table_info.conf b/test/table_info.conf index f76bf5b..82e6924 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -6,7 +6,6 @@ #dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' #do_merege [yes/no] #cross cache [number] -#quick mode [quickon/quickoff], default [quickoff] #For ip/intval/digest/compile/group table. #id name type # @@ -17,11 +16,11 @@ #id name type real_table_name # #For expr/expr_plus Table -#id name type src_charset dst_charset do_merge cross_cache quick_mode +#id name type src_charset dst_charset do_merge cross_cache 0 COMPILE compile escape -- 1 GROUP group -- -2 HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff -2 HTTP_HOST expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff +2 HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 +2 HTTP_HOST expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 3 KEYWORDS_TABLE expr UTF8 GBK/BIG5/UNICODE/UTF8/unicode_ascii_esc/unicode_ascii_aligned/unicode_ncr_dec/unicode_ncr_hex/windows-1251 yes 0 4 IP_CONFIG ip -- 5 CONTENT_SIZE intval -- @@ -44,4 +43,8 @@ 22 HTTP_RESPONSE_HEADER virtual HTTP_SIGNATURE -- 23 VIRTUAL_IP_PLUS_TABLE virtual IP_PLUS_CONFIG -- 23 VIRTUAL_IP_PLUS_SOURCE virtual IP_PLUS_CONFIG -- -23 VIRTUAL_IP_PLUS_DESTINATION virtual IP_PLUS_CONFIG -- \ No newline at end of file +23 VIRTUAL_IP_PLUS_DESTINATION virtual IP_PLUS_CONFIG -- +24 COMPOSITION_IP_SOURCE virtual IP_PLUS_CONFIG -- +25 COMPOSITION_IP_DESTINATION virtual IP_PLUS_CONFIG -- +26 COMPOSITION_IP_SESSION virtual IP_PLUS_CONFIG -- +27 COMPOSITION_IP composition {"source":"COMPOSITION_IP_SOURCE","destination":"COMPOSITION_IP_DESTINATION","session":"COMPOSITION_IP_SESSION"} \ No newline at end of file diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index 687338a..f58a74d 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -725,6 +725,29 @@ TEST(IPScan, IPv4_virtual) Maat_clean_status(&mid); return; } +TEST(IPScan, IPv4_composition) +{ + int table_id=0,ret=0; + const char* table_name="COMPOSITION_IP"; + struct Maat_rule_t result[4]; + scan_status_t mid=NULL; + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.40.11", 443, "192.168.231.47", 25715); + + table_id=Maat_table_register(g_feather, table_name); + + EXPECT_GT(table_id, 0); + + ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0); + + EXPECT_EQ(ret, 2); + EXPECT_EQ(result[0].config_id, 177); + EXPECT_EQ(result[1].config_id, 175); + + Maat_clean_status(&mid); + return; +} #define TEST_NOTLogic 1