gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增composition类型表,支持IP构成功能,可将Source和Destination两个子表组合为待扫描的IP表,子表可以是虚拟表。

Browse Source
This commit is contained in:
zhengchao
2020-03-11 23:26:55 +08:00
parent 7bf6dd6278
commit 54c5cf9d86
13 changed files with 689 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
src/entry/Maat_api.cpp
View File

@@ -192,6 +192,7 @@ struct scan_region_hit_wraper
{
int Nth_scan;
void* elem_array;
int* virtual_table_ids;
size_t elem_size;
size_t n_elem;
size_t group_offset;
@@ -358,6 +359,7 @@ void scan_region_hit_wraper_build_with_rulescan(struct scan_region_hit_wraper* r
region_hit->is_last_region=is_last_region;
region_hit->virtual_table_id=virtual_table_id;
region_hit->Nth_scan=Nth_scan;
region_hit->virtual_table_ids=NULL;
return;
}
void scan_region_hit_wraper_build_with_GIE(struct scan_region_hit_wraper* region_hit, GIE_result_t* GIE_rslt, size_t n_rslt, int is_last_region, int virtual_table_id, int Nth_scan)
@@ -371,6 +373,7 @@ void scan_region_hit_wraper_build_with_GIE(struct scan_region_hit_wraper* region
region_hit->is_last_region=is_last_region;
region_hit->virtual_table_id=virtual_table_id;
region_hit->Nth_scan=Nth_scan;
region_hit->virtual_table_ids=NULL;
return;
}
@@ -393,7 +396,7 @@ int region_compile(_Maat_feather_t*feather, struct scan_hit_status *_mid, const
struct Maat_group_inner* group_rule=NULL;
struct Maat_compile_group_relation* relation_array[MAX_SCANNER_HIT_NUM];
struct Maat_compile_group_relation* relation=NULL;
int virtual_table_id=0;
const unsigned long long* hit_group_ids=NULL;
size_t hit_group_id_cnt=0;
@@ -408,8 +411,16 @@ int region_compile(_Maat_feather_t*feather, struct scan_hit_status *_mid, const
assert(group_rule->ref_by_parent_cnt>=0);
expr_id=*(unsigned int*)((char*)region_hit+region_type_size*i+expr_id_offset);
region_id=exprid2region_id(group_rule, expr_id, &tmp, feather->scanner);
if(region_hit_wraper->virtual_table_ids)
{
virtual_table_id=region_hit_wraper->virtual_table_ids[i];
}
else
{
virtual_table_id=region_hit_wraper->virtual_table_id;
}
scan_hit_status_update_by_group(_mid, group_rule, region_id,
region_hit_wraper->virtual_table_id, region_hit_wraper->Nth_scan, i);
virtual_table_id, region_hit_wraper->Nth_scan, i);
}
if(bm)
@@ -1276,7 +1287,7 @@ MAAT_RULE_EX_DATA Maat_rule_get_ex_data(Maat_feather_t feather, const struct Maa
struct _Maat_feather_t *_feather=(struct _Maat_feather_t *)feather;
struct Maat_compile_group_relation *relation=NULL;
struct Maat_compile_rule* compile=NULL;
const struct compile_table_desc* compile_desc=NULL;
const struct compile_table_schema* compile_desc=NULL;
const struct compile_ex_data_idx* ex_desc=NULL;
MAAT_RULE_EX_DATA ad=NULL;
@@ -1325,7 +1336,7 @@ int Maat_plugin_EX_register(Maat_feather_t feather, int table_id,
pthread_mutex_unlock(&(_feather->background_update_mutex));
return -1;
}
struct Maat_table_desc *table_desc=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
struct Maat_table_schema *table_desc=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
struct Maat_table_runtime* table_rt=NULL;
@@ -1341,14 +1352,14 @@ int Maat_plugin_EX_register(Maat_feather_t feather, int table_id,
MAAT_PLUGIN_EX_DATA Maat_plugin_get_EX_data(Maat_feather_t feather, int table_id, const char* key)
{
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
struct Maat_table_desc *table_desc=NULL;
struct Maat_table_schema *table_desc=NULL;
struct Maat_table_runtime *table_rt=NULL;
MAAT_RULE_EX_DATA exdata=NULL;
if(_feather->scanner==NULL)
{
return NULL;
}
table_desc=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
table_desc=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
table_rt=Maat_table_runtime_get(_feather->scanner->table_rt_mgr, table_id);
exdata=Maat_table_runtime_plugin_get_ex_data(table_rt, table_desc, key);
return exdata;
@@ -1366,8 +1377,8 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
struct _OUTER_scan_status_t* _mid=(struct _OUTER_scan_status_t*)(*mid);
scan_result_t *region_result=NULL;
struct Maat_table_desc *p_table=NULL;
struct expr_table_desc* expr_desc=NULL;
struct Maat_table_schema *p_table=NULL;
struct expr_table_schema* expr_desc=NULL;
struct timespec start,end;
Maat_scanner* my_scanner=NULL;
@@ -1387,7 +1398,7 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
return 0;
}
p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id);
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id);
if(p_table==NULL)
{
_feather->scan_err_cnt++;
@@ -1515,7 +1526,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
struct Maat_scanner* my_scanner=NULL;
Maat_table_desc* p_table=NULL;
Maat_table_schema* p_table=NULL;
struct timespec start,end;
if(_feather->perf_on==1)
{
@@ -1525,7 +1536,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id
_mid->scan_cnt++;
int virtual_table_id=0;
p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virtual_table_id);
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virtual_table_id);
if(p_table==NULL)
{
_feather->scan_err_cnt++;
@@ -1606,7 +1617,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
struct _OUTER_scan_status_t* _mid=NULL;
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
struct Maat_scanner* my_scanner=NULL;
Maat_table_desc* p_table=NULL;
Maat_table_schema* p_table=NULL;
struct timespec start,end;
if(_feather->perf_on==1)
{
@@ -1616,7 +1627,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
_mid->scan_cnt++;
int virtual_table_id=0;
p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_SIMILARITY, &virtual_table_id);
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_SIMILARITY, &virtual_table_id);
if(p_table==NULL)
{
_feather->scan_err_cnt++;
@@ -1680,18 +1691,135 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
return compile_ret;
}
static int ip_scan_data_set(scan_data_t* scan_data, const struct ipaddr* addr, unsigned short int proto, enum MAAT_TABLE_CHILD_TYPE child_type, int table_id)
{
memset(scan_data, 0, sizeof(scan_data_t));
scan_data->sub_type=make_sub_type(table_id, CHARSET_NONE, 0);
switch(addr->addrtype)
{
case ADDR_TYPE_IPV4:
scan_data->rule_type=RULETYPE_IPv4;
scan_data->ipv4_data.proto=proto;
switch(child_type)
{
case CHILD_TABLE_TYPE_SOURCE_IP:
scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr);
scan_data->ipv4_data.sport=ntohs(addr->v4->source);
break;
case CHILD_TABLE_TYPE_DESTINATION_IP:
scan_data->ipv4_data.saddr=ntohl(addr->v4->daddr);
scan_data->ipv4_data.sport=ntohs(addr->v4->dest);
break;
case CHILD_TABLE_TYPE_SESSION:
scan_data->ipv4_data.saddr=ntohl(addr->v4->saddr);
scan_data->ipv4_data.sport=ntohs(addr->v4->source);
scan_data->ipv4_data.daddr=ntohl(addr->v4->daddr);
scan_data->ipv4_data.dport=ntohs(addr->v4->dest);
break;
default:
assert(0);
return -1;
}
break;
case ADDR_TYPE_IPV6:
scan_data->rule_type=RULETYPE_IPv6;
scan_data->ipv6_data.proto=proto;
switch(child_type)
{
case CHILD_TABLE_TYPE_SOURCE_IP:
memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr));
ipv6_ntoh(scan_data->ipv6_data.saddr);
scan_data->ipv6_data.sport=ntohs(addr->v6->source);
break;
case CHILD_TABLE_TYPE_DESTINATION_IP:
memcpy(scan_data->ipv6_data.saddr, addr->v6->daddr, sizeof(scan_data->ipv6_data.saddr));
ipv6_ntoh(scan_data->ipv6_data.saddr);
scan_data->ipv6_data.sport=ntohs(addr->v6->dest);
break;
case CHILD_TABLE_TYPE_SESSION:
memcpy(scan_data->ipv6_data.saddr, addr->v6->saddr, sizeof(scan_data->ipv6_data.saddr));
ipv6_ntoh(scan_data->ipv6_data.saddr);
scan_data->ipv6_data.sport=ntohs(addr->v6->source);
memcpy(scan_data->ipv6_data.daddr, addr->v6->daddr, sizeof(scan_data->ipv6_data.daddr));
ipv6_ntoh(scan_data->ipv6_data.daddr);
scan_data->ipv6_data.dport=ntohs(addr->v6->dest);
break;
default:
assert(0);
return -1;
break;
}
break;
default:
return -1;
}
return 0;
}
static int IP_composition_scan(const struct ipaddr* addr, unsigned short int proto, Maat_table_schema* parent_table, enum MAAT_TABLE_CHILD_TYPE child_type,
scan_result_t *region_result, unsigned int result_num,
int* virtual_table_id,
rule_scanner_t ip_scanner, struct Maat_table_manager* table_mgr, struct Maat_table_runtime_manager* table_rt_mgr,
int thread_num)
{
int child_table_id=0;
if(child_type==CHILD_TABLE_TYPE_NONE)
{
child_table_id=parent_table->table_id;
child_type=CHILD_TABLE_TYPE_SESSION;
}
else
{
child_table_id=Maat_table_get_child_id(parent_table, child_type);
}
if(child_table_id<0)
{
return 0;
}
Maat_table_schema* real_table=Maat_table_get_scan_by_id(table_mgr, child_table_id, TABLE_TYPE_IP, virtual_table_id);
if(real_table==NULL)
{
return 0;
}
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(table_rt_mgr, real_table->table_id);
if(table_rt->origin_rule_num==0)
{
return 0;
}
if(table_rt->ip.ipv4_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV4)
{
return 0;
}
if(table_rt->ip.ipv6_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV6)
{
return 0;
}
scan_data_t scan_data;
int ret=ip_scan_data_set(&scan_data, addr, proto, child_type, real_table->table_id);
if(ret<0)
{
return -1;
}
int region_ret=rulescan_search(ip_scanner, thread_num, &scan_data, region_result, result_num);
if(region_ret>0)
{
alignment_int64_array_add(table_rt->hit_cnt, thread_num, 1);
}
return region_ret;
}
int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
,struct ipaddr* addr,unsigned short int proto
,struct Maat_rule_t*result,int rule_num
,scan_status_t *mid,int thread_num)
{
int region_ret=0,compile_ret=0;
struct _OUTER_scan_status_t* _mid=NULL;
scan_data_t ip_scan_data;
scan_result_t *region_result=NULL;
Maat_table_desc* p_table=NULL;
{
int region_ret=0, compile_ret=0;
struct _OUTER_scan_status_t* _mid=NULL;
scan_result_t *region_result=NULL;
Maat_table_schema* p_table=NULL;
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
struct Maat_scanner* my_scanner=NULL;
struct timespec start,end;
@@ -1702,80 +1830,73 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
_mid=grab_mid(mid, _feather, thread_num, 0);
_mid->scan_cnt++;
int virtual_table_id=0;
p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_IP, &virtual_table_id);
p_table=Maat_table_get_by_id_raw(_feather->table_mgr, table_id);
if(p_table==NULL)
{
_feather->scan_err_cnt++;
return -1;
}
my_scanner=_feather->scanner;
if(my_scanner==NULL)
{
return 0;
}
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(my_scanner->table_rt_mgr, p_table->table_id);
if(table_rt->origin_rule_num==0)
{
return 0;
}
if(table_rt->ip.ipv4_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV4)
{
return 0;
}
if(table_rt->ip.ipv6_rule_cnt==0&&addr->addrtype==ADDR_TYPE_IPV6)
{
return 0;
}
alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
ip_scan_data.rule_type=RULETYPE_IPv4;
ip_scan_data.sub_type=make_sub_type(p_table->table_id, CHARSET_NONE, 0);
switch(addr->addrtype)
{
case ADDR_TYPE_IPV4:
ip_scan_data.ipv4_data.saddr=ntohl(addr->v4->saddr);
ip_scan_data.ipv4_data.daddr=ntohl(addr->v4->daddr);
ip_scan_data.ipv4_data.sport=ntohs(addr->v4->source);
ip_scan_data.ipv4_data.dport=ntohs(addr->v4->dest);
ip_scan_data.ipv4_data.proto=proto;
break;
case ADDR_TYPE_IPV6:
ip_scan_data.rule_type=RULETYPE_IPv6;
memcpy(ip_scan_data.ipv6_data.saddr,addr->v6->saddr,sizeof(ip_scan_data.ipv6_data.saddr));
ipv6_ntoh(ip_scan_data.ipv6_data.saddr);
memcpy(ip_scan_data.ipv6_data.daddr,addr->v6->daddr,sizeof(ip_scan_data.ipv6_data.daddr));
ipv6_ntoh(ip_scan_data.ipv6_data.daddr);
ip_scan_data.ipv6_data.sport=ntohs(addr->v6->source);
ip_scan_data.ipv6_data.dport=ntohs(addr->v6->dest);
ip_scan_data.ipv6_data.proto=proto;
break;
default:
_feather->scan_err_cnt++;
return -1;
break;
}
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(my_scanner->table_rt_mgr, table_id);
region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num;
INC_SCANNER_REF(my_scanner,thread_num);
region_ret=rulescan_search(my_scanner->region, thread_num, &ip_scan_data, region_result, MAX_SCANNER_HIT_NUM);
if(region_ret<0)
int region_hit_cnt=0;
int region_rslt_virtual_table_id[MAX_SCANNER_HIT_NUM];
alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1);
INC_SCANNER_REF(my_scanner, thread_num);
if(p_table->table_type==TABLE_TYPE_COMPOSITION)
{
DEC_SCANNER_REF(my_scanner,thread_num);
_feather->scan_err_cnt++;
return -1;
}
else if(region_ret>0 || scan_status_should_compile_NOT(_mid) )
{
if(region_ret>0)
enum MAAT_TABLE_CHILD_TYPE childs[3]={CHILD_TABLE_TYPE_SOURCE_IP, CHILD_TABLE_TYPE_DESTINATION_IP, CHILD_TABLE_TYPE_SESSION};
for(int i=0; i<3; i++)
{
alignment_int64_array_add(table_rt->hit_cnt, thread_num,1);
region_ret=IP_composition_scan(addr, proto, p_table, childs[i],
region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id,
my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num);
if(region_ret<0)
{
_feather->scan_err_cnt++;
}
else if(region_ret>0)
{
for(int j=0; j<region_ret; j++)
{
region_rslt_virtual_table_id[region_hit_cnt++]=virtual_table_id;
}
}
}
}
else
{
region_ret=IP_composition_scan(addr, proto, p_table, CHILD_TABLE_TYPE_NONE,
region_result+region_hit_cnt, MAX_SCANNER_HIT_NUM-region_hit_cnt, &virtual_table_id,
my_scanner->region, _feather->table_mgr, _feather->scanner->table_rt_mgr, thread_num);
if(region_ret<0)
{
_feather->scan_err_cnt++;
}
else if(region_ret>0)
{
region_hit_cnt+=region_ret;
}
}
struct scan_region_hit_wraper region_hit_wraper;
if(region_hit_cnt>0 || scan_status_should_compile_NOT(_mid) )
{
_mid=grab_mid(mid, _feather, thread_num, 1);
struct scan_region_hit_wraper region_hit_wraper;
scan_region_hit_wraper_build_with_rulescan(&region_hit_wraper, region_result, region_ret,
scan_region_hit_wraper_build_with_rulescan(&region_hit_wraper, region_result, region_hit_cnt,
_mid->is_last_region, virtual_table_id, _mid->scan_cnt);
if(p_table->table_type==TABLE_TYPE_COMPOSITION)
{
region_hit_wraper.virtual_table_ids=region_rslt_virtual_table_id;
}
compile_ret=region_compile(_feather,_mid->inner,
&region_hit_wraper,
result, rule_num,
@@ -1796,7 +1917,7 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
{
maat_stat_table(table_rt, 0, NULL, NULL, thread_num);
}
if(compile_ret==0&&region_ret>0)
if(compile_ret==0&&region_hit_cnt>0)
{
return -2;
}
@@ -1819,17 +1940,17 @@ stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
struct Maat_scanner* scanner=NULL;
struct Maat_table_desc *p_table=NULL;
struct Maat_table_schema *p_table=NULL;
int virtual_table_id=0;
assert(thread_num<_feather->scan_thread_num);
p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id);
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_EXPR, &virtual_table_id);
if(p_table==NULL)
{
_feather->scan_err_cnt++;
return NULL;
}
struct expr_table_desc* expr_desc=&(p_table->expr);
struct expr_table_schema* expr_desc=&(p_table->expr);
struct _stream_para_t* sp=ALLOC(struct _stream_para_t ,1);
scanner=_feather->scanner;
sp->feather=_feather;
@@ -2108,9 +2229,9 @@ stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,
struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
struct Maat_scanner* scanner=NULL;
sfh_instance_t * tmp_fuzzy_handle=NULL;
struct Maat_table_desc *p_table=NULL;
struct Maat_table_schema *p_table=NULL;
int virtual_table_id=0;
p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_DIGEST, &virtual_table_id);
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_DIGEST, &virtual_table_id);
if(p_table==NULL)
{
_feather->scan_err_cnt++;

16
src/entry/Maat_command.cpp
View File

@@ -1660,8 +1660,8 @@ int get_foreign_keys_define(redisContext *ctx, struct serial_rule_t* rule_list,
{
int i=0;
int rule_with_foreign_key=0;
struct Maat_table_desc* p_table=NULL;
struct plugin_table_desc* plugin_desc=NULL;
struct Maat_table_schema* p_table=NULL;
struct plugin_table_schema* plugin_desc=NULL;
for(i=0; i<rule_num; i++)
{
if(rule_list[i].table_line==NULL)
@@ -1833,8 +1833,8 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx* m
int update_type=CM_UPDATE_TYPE_INC;
long long new_version=0;
enum MAAT_TABLE_TYPE table_type;
struct Maat_table_desc* table_desc=NULL;
const struct plugin_table_desc* plugin_desc=NULL;
struct Maat_table_schema* table_desc=NULL;
const struct plugin_table_schema* plugin_desc=NULL;
void* logger=feather->logger;
if(mr_ctx->write_ctx!=NULL&&mr_ctx->write_ctx->err==0)//authorized to write
@@ -1925,7 +1925,7 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx* m
if(rule_list[i].op==MAAT_OP_DEL)
{
if(table_type==TABLE_TYPE_PLUGIN)
{
{
table_desc=Maat_table_get_scan_by_id(feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
plugin_desc=&(table_desc->plugin);
valid_column=plugin_desc->valid_flag_column;
@@ -2091,8 +2091,8 @@ int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_line_t** line_ru
int i=0, j=0;
_Maat_feather_t* _feather=(_Maat_feather_t*)feather;
int ret=0, table_id=0,success_cnt=0;
struct serial_rule_t *s_rule=NULL;
struct Maat_table_desc* p_table=NULL;
struct serial_rule_t *s_rule=NULL;
struct Maat_table_schema* p_table=NULL;
struct plugin_table_schema* plugin_desc=NULL;
long long server_time=0,absolute_expire_time=0;
const char* p_foreign=NULL;
@@ -2119,7 +2119,7 @@ int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_line_t** line_ru
, line_rule[i]->table_name);
ret=-1;
goto error_out;
}
}
p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
if(!p_table)
{

44
src/entry/Maat_rule.cpp
View File

@@ -746,7 +746,7 @@ void EMPTY_FREE(void*p)
return;
}
struct Maat_compile_rule* create_compile_rule(struct Maat_rule_head* p_head, const char* service_define, int declared_grp_num, double exec_seq, const struct Maat_table_desc* table)
struct Maat_compile_rule* create_compile_rule(struct Maat_rule_head* p_head, const char* service_define, int declared_grp_num, double exec_seq, const struct Maat_table_schema* table)
{
int i=0;
struct Maat_compile_rule*p=ALLOC(struct Maat_compile_rule, 1);
@@ -772,7 +772,7 @@ struct Maat_compile_rule* create_compile_rule(struct Maat_rule_head* p_head, con
void destroy_compile_rule(struct Maat_compile_rule* compile_rule)
{
int i=0;
const struct compile_table_desc* compile_desc= &(compile_rule->ref_table->compile);
const struct compile_table_schema* compile_desc= &(compile_rule->ref_table->compile);
for(i=0; i<compile_desc->ex_data_num; i++)
{
@@ -1573,13 +1573,13 @@ int get_district_id(Maat_scanner *scanner,const char* district_str)
}
return district_id;
}
int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,struct Maat_scanner *scanner,void* logger)
int add_expr_rule(struct Maat_table_schema* table,struct db_str_rule_t* db_rule,struct Maat_scanner *scanner,void* logger)
{
unsigned int i=0,j=0;
char* p=NULL,*saveptr=NULL,*region_string=NULL;
int region_str_len=0,ret=0,k=0;
int expr_id=0,district_id=-1;
struct expr_table_desc* expr_desc=&(table->expr);
struct expr_table_schema* expr_desc=&(table->expr);
scan_rule_t*p_rule=NULL;
struct Maat_group_inner* group_rule=NULL;
enum MAAT_CHARSET dst_charset=CHARSET_NONE;
@@ -1837,7 +1837,7 @@ int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,st
}
return 0;
}
int add_ip_rule(struct Maat_table_desc* table,struct db_ip_rule_t* db_ip_rule,struct Maat_scanner *scanner,void* logger)
int add_ip_rule(struct Maat_table_schema* table,struct db_ip_rule_t* db_ip_rule,struct Maat_scanner *scanner,void* logger)
{
struct Maat_group_inner* group_rule=NULL;
scan_rule_t* p_rule=NULL;
@@ -1868,7 +1868,7 @@ int add_ip_rule(struct Maat_table_desc* table,struct db_ip_rule_t* db_ip_rule,st
MESA_lqueue_join_tail(scanner->region_update_q, &op_expr, sizeof(void*));
return 0;
}
int add_intval_rule(struct Maat_table_desc* table,struct db_intval_rule* intval_rule,struct Maat_scanner *scanner,void* logger)
int add_intval_rule(struct Maat_table_schema* table,struct db_intval_rule* intval_rule,struct Maat_scanner *scanner,void* logger)
{
struct Maat_group_inner* group_rule=NULL;
scan_rule_t* p_rule=NULL;
@@ -1898,7 +1898,7 @@ int add_intval_rule(struct Maat_table_desc* table,struct db_intval_rule* intval_
MESA_lqueue_join_tail(scanner->region_update_q, &op_expr, sizeof(void*));
return 0;
}
int add_digest_rule(struct Maat_table_desc* table, struct db_digest_rule* db_rule, struct Maat_scanner *scanner,void* logger)
int add_digest_rule(struct Maat_table_schema* table, struct db_digest_rule* db_rule, struct Maat_scanner *scanner,void* logger)
{
struct Maat_group_inner* group_rule=NULL;
struct Maat_group_inner* u_para=NULL;
@@ -1920,7 +1920,7 @@ int add_digest_rule(struct Maat_table_desc* table, struct db_digest_rule* db_rul
scanner->gie_update_q_size++;
return 0;
}
int del_region_rule(struct Maat_table_desc* table,int region_id,int group_id,int rule_type,struct Maat_scanner *maat_scanner,void* logger)
int del_region_rule(struct Maat_table_schema* table,int region_id,int group_id,int rule_type,struct Maat_scanner *maat_scanner,void* logger)
{
int i=0;
unsigned int expr_id[MAAT_MAX_EXPR_ITEM_NUM*MAX_CHARSET_NUM]={0};
@@ -1978,7 +1978,7 @@ int del_region_rule(struct Maat_table_desc* table,int region_id,int group_id,int
return 0;
}
int add_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger)
int add_group_rule(struct Maat_table_schema* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger)
{
struct Maat_group_inner* group_rule=NULL, *parent_group=NULL;
struct Maat_compile_group_relation*compile_rule=NULL;
@@ -2034,7 +2034,7 @@ int add_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_gro
scanner->to_update_group_cnt++;
return 1;
}
int del_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger)
int del_group_rule(struct Maat_table_schema* table, struct db_group_rule_t* db_group_rule, struct Maat_scanner *scanner, void* logger)
{
struct Maat_compile_group_relation* relation=NULL;
struct Maat_group_inner* group_rule=NULL, *parent_group=NULL;
@@ -2122,7 +2122,7 @@ int del_group_rule(struct Maat_table_desc* table, struct db_group_rule_t* db_gro
scanner->to_update_group_cnt++;
return 1;
}
int add_compile_rule(struct Maat_table_desc* table, struct Maat_compile_rule* db_compile_rule, struct Maat_scanner *scanner, void* logger)
int add_compile_rule(struct Maat_table_schema* table, struct Maat_compile_rule* db_compile_rule, struct Maat_scanner *scanner, void* logger)
{
struct Maat_compile_group_relation *cg_relation=NULL;
struct Maat_rule_head *p_maat_rule_head=&(db_compile_rule->head);
@@ -2144,7 +2144,7 @@ int add_compile_rule(struct Maat_table_desc* table, struct Maat_compile_rule* db
return 0;
}
int del_compile_rule(struct Maat_table_desc* table, int compile_id, struct Maat_scanner *scanner, void* logger)
int del_compile_rule(struct Maat_table_schema* table, int compile_id, struct Maat_scanner *scanner, void* logger)
{
struct Maat_compile_group_relation *cg_relation=NULL;
cg_relation=(struct Maat_compile_group_relation*)HASH_fetch_by_id(scanner->compile_hash, compile_id);
@@ -2169,7 +2169,7 @@ int del_compile_rule(struct Maat_table_desc* table, int compile_id, struct Maat_
scanner->to_update_compile_cnt++;
return 1;
}
void update_group_rule(struct Maat_table_desc* table,const char* table_line,struct Maat_scanner *scanner, struct Maat_table_manager* table_mgr, void* logger)
void update_group_rule(struct Maat_table_schema* table,const char* table_line,struct Maat_scanner *scanner, struct Maat_table_manager* table_mgr, void* logger)
{
struct db_group_rule_t db_group_rule;
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id);
@@ -2259,7 +2259,7 @@ void update_group_rule(struct Maat_table_desc* table,const char* table_line,stru
return;
}
void update_expr_rule(struct Maat_table_desc* table,const char* table_line,struct Maat_scanner *scanner,void* logger)
void update_expr_rule(struct Maat_table_schema* table,const char* table_line,struct Maat_scanner *scanner,void* logger)
{
struct db_str_rule_t* maat_str_rule=ALLOC(struct db_str_rule_t, 1);
int ret=0,db_hexbin=0,rule_type=0;
@@ -2546,7 +2546,7 @@ int ip_format2range(int ip_type, enum MAAT_IP_FORMAT format, const char* ip1, co
}
return 0;
}
void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner *scanner, void* logger)
void update_ip_rule(struct Maat_table_schema* table, const char* table_line, struct Maat_scanner *scanner, void* logger)
{
struct db_ip_rule_t* ip_rule=(struct db_ip_rule_t*)calloc(sizeof(struct db_ip_rule_t),1);
char src_ip1[40]={0}, src_ip2[40]={0}, dst_ip1[40]={0}, dst_ip2[40]={0};
@@ -2779,7 +2779,7 @@ error_out:
ip_rule=NULL;
}
void update_intval_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner *scanner, void* logger)
void update_intval_rule(struct Maat_table_schema* table, const char* table_line, struct Maat_scanner *scanner, void* logger)
{
struct db_intval_rule* intval_rule=ALLOC(struct db_intval_rule, 1);
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id);
@@ -2845,9 +2845,9 @@ error_out:
intval_rule=NULL;
}
void update_compile_rule(struct Maat_table_desc* table,const char* table_line ,struct Maat_scanner *scanner, const struct rule_tag* tags, int n_tags,void* logger)
void update_compile_rule(struct Maat_table_schema* table,const char* table_line ,struct Maat_scanner *scanner, const struct rule_tag* tags, int n_tags,void* logger)
{
struct compile_table_desc* compile_desc=&(table->compile);
struct compile_table_schema* compile_desc=&(table->compile);
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id);
struct Maat_compile_rule *p_compile=NULL;
@@ -2933,7 +2933,7 @@ error_out:
return;
}
void update_digest_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner *scanner, void* logger)
void update_digest_rule(struct Maat_table_schema* table, const char* table_line, struct Maat_scanner *scanner, void* logger)
{
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id);
struct db_digest_rule* digest_rule=ALLOC(struct db_digest_rule, 1);
@@ -3131,11 +3131,11 @@ void garbage_bury(MESA_lqueue_head garbage_q,int timeout,void *logger)
q_cnt,bury_cnt);
}
}
void update_plugin_table(struct Maat_table_desc* table,const char* table_line,Maat_scanner* scanner, const struct rule_tag* tags, int n_tags, void* logger)
void update_plugin_table(struct Maat_table_schema* table,const char* table_line,Maat_scanner* scanner, const struct rule_tag* tags, int n_tags, void* logger)
{
int i=0, ret=1, matched_tag=1;
unsigned int len=strlen(table_line)+1;
struct plugin_table_desc* plugin_desc=&(table->plugin);
struct plugin_table_schema* plugin_desc=&(table->plugin);
struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, table->table_id);
char *p=NULL;
char* copy=NULL;
@@ -3470,7 +3470,7 @@ int maat_update_cb(const char* table_name,const char* line,void *u_para)
{
struct _Maat_feather_t *feather=(struct _Maat_feather_t *)u_para;
Maat_scanner* scanner=NULL;
struct Maat_table_desc* p_table=NULL;
struct Maat_table_schema* p_table=NULL;
if(feather->update_tmp_scanner!=NULL)
{
scanner=feather->update_tmp_scanner;

4
src/entry/Maat_stat.cpp
View File

@@ -43,7 +43,7 @@ void maat_stat_init(struct _Maat_feather_t* feather)
{
int value=0;
int i=0,j=0,offset=0;
struct Maat_table_desc* p_table=NULL;
struct Maat_table_schema* p_table=NULL;
char conj_table_name[(MAX_TABLE_NAME_LEN+1)*MAX_CONJUNCTION_TABLE_NUM]={0};
feather->stat_handle=FS_create_handle();
@@ -173,7 +173,7 @@ void maat_stat_output(struct _Maat_feather_t* feather)
long long compile_rule_num=0, group_rule_num=0, not_group_rule_num=0, plugin_cache_num=0, plugin_acc_num=0;
int i=0;
time_t now;
struct Maat_table_desc* p_table=NULL;
struct Maat_table_schema* p_table=NULL;
struct Maat_table_runtime* table_rt=NULL;
time(&now);
if(feather->scanner==NULL)

212
src/entry/Maat_table.cpp
View File

@@ -13,19 +13,19 @@
struct Maat_table_manager
{
struct Maat_table_desc* p_table_info[MAX_TABLE_NUM];
struct Maat_table_schema* p_table_info[MAX_TABLE_NUM];
size_t table_cnt;
MESA_htable_handle map_tablename2id;
int active_plugin_table_num;
int is_last_plugin_table_updating;
};
int read_expr_table_info(const char* line, struct Maat_table_desc* table, MESA_htable_handle string2int_map)
int read_expr_table_info(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map)
{
int j=0,ret[4]={0};
char table_type[16],src_charset[256],dst_charset[256],merge[4],quick_str_scan[32]={0};
char *token=NULL,*sub_token=NULL,*saveptr;
struct expr_table_desc* p=&(table->expr);
struct expr_table_schema* p=&(table->expr);
sscanf(line,"%d\t%s\t%s\t%s\t%s\t%s\t%d\t%s",&(table->table_id)
,table->table_name[0]
,table_type
@@ -74,7 +74,7 @@ int read_expr_table_info(const char* line, struct Maat_table_desc* table, MESA_h
}
return 0;
}
int read_virtual_table_info(const char* line, struct Maat_table_desc* table, MESA_htable_handle string2int_map)
int read_virtual_table_info(const char* line, struct Maat_table_schema* table, MESA_htable_handle string2int_map)
{
int ret=0;
char table_type[16];
@@ -93,13 +93,13 @@ int read_virtual_table_info(const char* line, struct Maat_table_desc* table, MES
}
return 0;
}
Maat_table_desc* table_info_new(void)
Maat_table_schema* table_info_new(void)
{
struct Maat_table_desc*p=ALLOC(struct Maat_table_desc, 1);
struct Maat_table_schema*p=ALLOC(struct Maat_table_schema, 1);
p->conj_cnt=1;
return p;
}
void table_info_free(struct Maat_table_desc*p)
void table_info_free(struct Maat_table_schema*p)
{
free(p);
return;
@@ -118,16 +118,16 @@ int _read_integer_arrary(char* string, int *array, int size)
return i;
}
#define COLUMN_PLUGIN_DESCR_JSON 4
int read_plugin_table_description(const char* line, struct Maat_table_desc* p)
int read_plugin_table_description(const char* line, struct Maat_table_schema* p)
{
int i=0,ret=0;
size_t offset=0, len=0;
cJSON* json=NULL, *tmp=NULL, *array_item=NULL;
char* copy_line=NULL, *plug_info=NULL;
struct plugin_table_desc* plugin_desc=&(p->plugin);
struct plugin_table_schema* plugin_desc=&(p->plugin);
copy_line=_maat_strdup(line);
ret=get_column_pos(copy_line, COLUMN_PLUGIN_DESCR_JSON, &offset, &len);
if(i<0)
if(ret<0)
{
goto error_out;
}
@@ -202,10 +202,60 @@ error_out:
free(copy_line);
return -1;
}
#define COLUMN_COMPOSITION_SCHEMA_JSON 4
int read_composition_table_schema(const char* line, struct Maat_table_schema* p, MESA_htable_handle string2int_map)
{
int ret=0;
size_t offset=0, len=0;
cJSON* json=NULL, *tmp=NULL;
char* copy_line=NULL, *composition_info=NULL;
struct composition_table_schema* composition_schema=&(p->composition);
copy_line=_maat_strdup(line);
ret=get_column_pos(copy_line, COLUMN_COMPOSITION_SCHEMA_JSON, &offset, &len);
if(ret<0)
{
goto error_out;
}
if(offset+len<strlen(copy_line))
{
copy_line[offset+len+1]='\0';
}
composition_info=copy_line+offset;
json=cJSON_Parse(composition_info);
if(!json)
{
goto error_out;
}
tmp=cJSON_GetObjectItem(json, "source");
if(tmp!=NULL && tmp->type==cJSON_String)
{
strncpy(composition_schema->source_table.real_table_name, tmp->valuestring, sizeof(composition_schema->source_table.real_table_name));
}
tmp=cJSON_GetObjectItem(json, "destination");
if(tmp!=NULL && tmp->type==cJSON_String)
{
strncpy(composition_schema->destination_table.real_table_name, tmp->valuestring, sizeof(composition_schema->destination_table.real_table_name));
}
tmp=cJSON_GetObjectItem(json, "session");
if(tmp!=NULL && tmp->type==cJSON_String)
{
strncpy(composition_schema->session_table.real_table_name, tmp->valuestring, sizeof(composition_schema->session_table.real_table_name));
}
cJSON_Delete(json);
free(copy_line);
return 0;
error_out:
free(copy_line);
return -1;
}
static int Maat_table_build_map(struct Maat_table_manager* table_mgr, void* logger)
{
struct Maat_table_desc** p_table_info=table_mgr->p_table_info;
struct Maat_table_schema** p_table_info=table_mgr->p_table_info;
size_t n_table=MAX_TABLE_NUM;
MESA_htable_handle map_tablename2id=map_create();
@@ -227,11 +277,55 @@ static int Maat_table_build_map(struct Maat_table_manager* table_mgr, void* logg
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
"Undefined real table %s, virtual table %s of table id %d.",
p_table_info[i]->virtual_table.real_table_name,
p_table_info[i]->table_name[j],
p_table_info[i]->table_name[0],
p_table_info[i]->table_id);
goto failed;
}
break;
case TABLE_TYPE_COMPOSITION:
if(strlen(p_table_info[i]->composition.source_table.real_table_name)>0)
{
ret=map_str2int(map_tablename2id, p_table_info[i]->composition.source_table.real_table_name,
&(p_table_info[i]->composition.source_table.real_table_id));
if(ret<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
"Child table %s of table %s (id=%d) are not defined.",
p_table_info[i]->composition.source_table.real_table_name,
p_table_info[i]->table_name[0],
p_table_info[i]->table_id);
goto failed;
}
}
if(strlen(p_table_info[i]->composition.destination_table.real_table_name)>0)
{
ret=map_str2int(map_tablename2id, p_table_info[i]->composition.destination_table.real_table_name,
&(p_table_info[i]->composition.destination_table.real_table_id));
if(ret<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
"Child table %s of table %s (id=%d) are not defined.",
p_table_info[i]->composition.destination_table.real_table_name,
p_table_info[i]->table_name[0],
p_table_info[i]->table_id);
goto failed;
}
}
if(strlen(p_table_info[i]->composition.session_table.real_table_name)>0)
{
ret=map_str2int(map_tablename2id, p_table_info[i]->composition.session_table.real_table_name,
&(p_table_info[i]->composition.session_table.real_table_id));
if(ret<0)
{
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_module,
"Child table %s of table %s (id=%d) are not defined.",
p_table_info[i]->composition.session_table.real_table_name,
p_table_info[i]->table_name[0],
p_table_info[i]->table_id);
goto failed;
}
}
default:
break;
}
@@ -283,8 +377,8 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
int i=0, ret=0;
char table_type_str[16]={0},not_care[1024]={0}, tmp_str[32]={0};
MESA_htable_handle string2int_map=NULL;;
struct Maat_table_desc*p=NULL;
struct Maat_table_desc*conj_table=NULL;
struct Maat_table_schema*p=NULL;
struct Maat_table_schema*conj_table=NULL;
fp=fopen(table_info_path,"r");
if(fp==NULL)
{
@@ -294,7 +388,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
return NULL;
}
table_mgr=ALLOC(struct Maat_table_manager, 1);
struct Maat_table_desc** p_table_info=table_mgr->p_table_info;
struct Maat_table_schema** p_table_info=table_mgr->p_table_info;
size_t n_table=MAX_TABLE_NUM;
string2int_map=map_create();
@@ -309,6 +403,7 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
map_register(string2int_map,"group", TABLE_TYPE_GROUP);
map_register(string2int_map,"similar", TABLE_TYPE_SIMILARITY);
map_register(string2int_map,"virtual", TABLE_TYPE_VIRTUAL);
map_register(string2int_map,"composition", TABLE_TYPE_COMPOSITION);
map_register(string2int_map,"quickoff", 0);
map_register(string2int_map,"quickon", 1);
map_register(string2int_map,"escape", USER_REGION_ENCODE_ESCAPE);
@@ -376,9 +471,19 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
ret=read_plugin_table_description(line, p);
if(ret<0)
{
fprintf(stderr,"Maat read table info %s line %d error:illegal plugin info.\n",table_info_path,i);
fprintf(stderr,"Maat read table info %s line %d error:illegal plugin info.\n", table_info_path,i);
MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module,
"Maat read table info %s line %d error:illegal plugin info.",table_info_path,i);
"Maat read table info %s line %d error:illegal plugin info.", table_info_path,i);
goto invalid_table;
}
break;
case TABLE_TYPE_COMPOSITION:
ret=read_composition_table_schema(line, p, string2int_map);
if(ret<0)
{
fprintf(stderr,"Maat read table info %s line %d error:illegal composition info.\n", table_info_path,i);
MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module,
"Maat read table info %s line %d error:illegal composition info.", table_info_path,i);
goto invalid_table;
}
break;
@@ -386,9 +491,9 @@ struct Maat_table_manager* Maat_table_manager_create(const char* table_info_path
ret=read_virtual_table_info(line, p, string2int_map);
if(ret<0)
{
fprintf(stderr,"Maat read table info %s line %d error:illegal virtual info.\n",table_info_path,i);
fprintf(stderr,"Maat read table info %s line %d error:illegal virtual info.\n", table_info_path,i);
MESA_handle_runtime_log(logger, RLOG_LV_FATAL,maat_module,
"Maat read table info %s line %d error:illegal virtual info.",table_info_path,i);
"Maat read table info %s line %d error:illegal virtual info.", table_info_path,i);
goto invalid_table;
}
break;
@@ -509,9 +614,9 @@ enum MAAT_TABLE_TYPE Maat_table_get_type_by_id(struct Maat_table_manager* table_
return TABLE_TYPE_INVALID;
}
struct Maat_table_desc * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id)
struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id)
{
if(table_id>MAX_TABLE_NUM)
if(table_id>MAX_TABLE_NUM||table_id<0)
{
return NULL;
}
@@ -519,13 +624,13 @@ struct Maat_table_desc * Maat_table_get_by_id_raw(struct Maat_table_manager* tab
return table_mgr->p_table_info[table_id];
}
struct Maat_table_desc * Maat_table_get_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id)
struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id)
{
struct Maat_table_desc **p_table_info=table_mgr->p_table_info;
struct Maat_table_schema **p_table_info=table_mgr->p_table_info;
size_t n_table=MAX_TABLE_NUM;
struct Maat_table_desc *p_table=NULL, *p_real_table=NULL;
struct Maat_table_schema *p_table=NULL, *p_real_table=NULL;
if((unsigned int) table_id>n_table)
{
return NULL;
@@ -580,8 +685,8 @@ int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr,
void* u_para)
{
int idx=0;
struct Maat_table_desc *p_table=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
struct plugin_table_desc *plugin_desc=&(p_table->plugin);
struct Maat_table_schema *p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
struct plugin_table_schema *plugin_desc=&(p_table->plugin);
if(p_table==NULL)
{
return -1;
@@ -603,14 +708,14 @@ int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr,
struct compile_ex_data_idx* Maat_table_get_compile_rule_ex_desc(struct Maat_table_manager* table_mgr, const char* compile_table_name, int idx)
{
int table_id=-1;
struct Maat_table_desc *p_table=NULL;
struct Maat_table_schema *p_table=NULL;
table_id=Maat_table_get_id_by_name(table_mgr, compile_table_name);
if(table_id<0)
{
return NULL;
}
p_table=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL);
p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL);
if(!p_table)
{
return NULL;
@@ -629,20 +734,20 @@ int Maat_table_new_compile_rule_ex_index(struct Maat_table_manager* table_mgr, c
long argl, void *argp)
{
int table_id=-1;
struct Maat_table_desc *p_table=NULL;
struct Maat_table_schema *p_table=NULL;
table_id=Maat_table_get_id_by_name(table_mgr, compile_table_name);
if(table_id<0)
{
return -1;
}
p_table=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL);
p_table=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_COMPILE, NULL);
if(!p_table)
{
return -1;
}
int idx=-1;
struct compile_table_desc* compile_desc=&(p_table->compile);
struct compile_table_schema* compile_desc=&(p_table->compile);
if(compile_desc->ex_data_num==MAX_COMPILE_EX_DATA_NUM)
{
return -1;
@@ -668,9 +773,9 @@ int Maat_table_plugin_new_ex_index(struct Maat_table_manager* table_mgr, int tab
long argl, void *argp)
{
struct Maat_table_desc *table_desc=NULL;;
table_desc=Maat_table_get_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
struct plugin_table_desc* plugin_desc=&(table_desc->plugin);
struct Maat_table_schema *table_desc=NULL;;
table_desc=Maat_table_get_scan_by_id(table_mgr, table_id, TABLE_TYPE_PLUGIN, NULL);
struct plugin_table_schema* plugin_desc=&(table_desc->plugin);
if(plugin_desc->have_exdata
|| plugin_desc->key_column==0 || plugin_desc->valid_flag_column==0)
@@ -690,8 +795,8 @@ void Maat_table_manager_all_plugin_cb_start(struct Maat_table_manager* table_mgr
{
table_mgr->active_plugin_table_num=0;
int i=0, j=0;
struct Maat_table_desc* p_table=NULL;
struct plugin_table_desc* plugin_desc=NULL;
struct Maat_table_schema* p_table=NULL;
struct plugin_table_schema* plugin_desc=NULL;
for(i=0; i<MAX_TABLE_NUM; i++)
{
@@ -717,8 +822,8 @@ void Maat_table_manager_all_plugin_cb_start(struct Maat_table_manager* table_mgr
void Maat_table_manager_all_plugin_cb_finish(struct Maat_table_manager* table_mgr)
{
int i=0, j=0;
struct Maat_table_desc* p_table=NULL;
struct plugin_table_desc* plugin_desc=NULL;
struct Maat_table_schema* p_table=NULL;
struct plugin_table_schema* plugin_desc=NULL;
int call_plugin_table_cnt=0;
for(i=0;i<MAX_TABLE_NUM;i++)
@@ -757,9 +862,9 @@ int Maat_table_manager_is_last_plugin_table_updating(struct Maat_table_manager*
{
return table_mgr->is_last_plugin_table_updating;
}
struct Maat_table_desc* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name)
struct Maat_table_schema* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name)
{
struct Maat_table_desc * p_table=NULL;
struct Maat_table_schema * p_table=NULL;
int table_id=0;
table_id=Maat_table_get_id_by_name(table_mgr, table_name);
if(table_id<0)
@@ -769,7 +874,7 @@ struct Maat_table_desc* Maat_table_get_desc_by_name(struct Maat_table_manager* t
p_table=table_mgr->p_table_info[table_id];
return p_table;
}
void Maat_table_set_updating_name(struct Maat_table_desc* p_table, const char* table_name)
void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char* table_name)
{
int i=0;
for(i=0; i<p_table->conj_cnt; i++)
@@ -782,3 +887,28 @@ void Maat_table_set_updating_name(struct Maat_table_desc* p_table, const char* t
assert(i<=p_table->conj_cnt);
}
int Maat_table_get_child_id(struct Maat_table_schema* p_table, enum MAAT_TABLE_CHILD_TYPE type)
{
int ret=-1;
if(p_table->table_type!=TABLE_TYPE_COMPOSITION)
{
return -1;
}
switch (type)
{
case CHILD_TABLE_TYPE_SOURCE_IP:
ret=p_table->composition.source_table.real_table_id;
break;
case CHILD_TABLE_TYPE_DESTINATION_IP:
ret=p_table->composition.destination_table.real_table_id;
break;
case CHILD_TABLE_TYPE_SESSION:
ret=p_table->composition.session_table.real_table_id;
break;
default:
assert(0);
break;
}
return ret;
}

26
src/entry/Maat_table_runtime.cpp
View File

@@ -9,12 +9,12 @@
struct wrap_plugin_EX_data
{
MAAT_RULE_EX_DATA exdata;
const struct Maat_table_desc* ref_plugin_table;
const struct Maat_table_schema* ref_plugin_table;
};
void wrap_plugin_EX_data_free(void *data)
{
struct wrap_plugin_EX_data* wrap_data=(struct wrap_plugin_EX_data*)data;
const struct plugin_table_ex_data_desc* ex_desc= &(wrap_data->ref_plugin_table->plugin.ex_desc);
const struct plugin_table_ex_data_schema* ex_desc= &(wrap_data->ref_plugin_table->plugin.ex_desc);
ex_desc->free_func(wrap_data->ref_plugin_table->table_id, &(wrap_data->exdata), ex_desc->argl, ex_desc->argp);
wrap_data->ref_plugin_table=NULL;
free(wrap_data);
@@ -51,11 +51,11 @@ MESA_htable_handle wrap_plugin_EX_hash_new(long long estimate_size, Maat_plugin_
return key2ex_hash;
}
int plugin_EX_data_free(const struct Maat_table_desc* plugin_table, const char* line,
int plugin_EX_data_free(const struct Maat_table_schema* plugin_table, const char* line,
MESA_htable_handle key2ex_hash, void *logger)
{
size_t key_offset=0, key_len=0;
const struct plugin_table_desc* plugin_desc= &(plugin_table->plugin);
const struct plugin_table_schema* plugin_desc= &(plugin_table->plugin);
int ret=0;
ret=get_column_pos(line, plugin_desc->key_column, &key_offset, &key_len);
if(ret<0)
@@ -76,14 +76,14 @@ int plugin_EX_data_free(const struct Maat_table_desc* plugin_table, const char*
return 0;
}
int plugin_EX_data_new(const struct Maat_table_desc* plugin_table, const char* line,
int plugin_EX_data_new(const struct Maat_table_schema* plugin_table, const char* line,
MESA_htable_handle key2ex_hash, void *logger)
{
char* key=NULL;
size_t key_offset=0, key_len=0;
MAAT_RULE_EX_DATA exdata=NULL;
struct wrap_plugin_EX_data* wrap_data=NULL;
const struct plugin_table_desc* plugin_desc= &(plugin_table->plugin);
const struct plugin_table_schema* plugin_desc= &(plugin_table->plugin);
int ret=0;
ret=get_column_pos(line, plugin_desc->key_column, &key_offset, &key_len);
if(ret<0)
@@ -149,7 +149,7 @@ static void destroy_digest_rule(GIE_digest_t*rule)
return;
}
static struct Maat_table_runtime* table_runtime_new(const struct Maat_table_desc* table_desc, int max_thread_num)
static struct Maat_table_runtime* table_runtime_new(const struct Maat_table_schema* table_desc, int max_thread_num)
{
struct Maat_table_runtime* table_rt= ALLOC(struct Maat_table_runtime, 1);
@@ -233,7 +233,7 @@ static void table_runtime_free(struct Maat_table_runtime* p)
struct Maat_table_runtime_manager* Maat_table_runtime_manager_create(struct Maat_table_manager* table_manager, int max_thread_num)
{
const struct Maat_table_desc* table_desc=NULL;
const struct Maat_table_schema* table_desc=NULL;
struct Maat_table_runtime* table_rt=NULL;
struct Maat_table_runtime_manager* table_rt_mgr=ALLOC(struct Maat_table_runtime_manager, 1);
size_t i=0;
@@ -281,13 +281,13 @@ const char* Maat_table_runtime_plugin_get_cached_line(struct Maat_table_runtime*
line=(const char*)dynamic_array_read(plugin_rt->cache_lines, Nth_line);
return line;
}
MESA_htable_handle plugin_EX_htable_new(const struct Maat_table_desc* plugin_table,
MESA_htable_handle plugin_EX_htable_new(const struct Maat_table_schema* plugin_table,
struct dynamic_array_t* lines, size_t line_cnt, void* logger)
{
MESA_htable_handle key2ex_hash=NULL;
size_t i=0;
const char* line=NULL;
const struct plugin_table_desc* plugin_desc= &(plugin_table->plugin);
const struct plugin_table_schema* plugin_desc= &(plugin_table->plugin);
key2ex_hash=wrap_plugin_EX_hash_new(plugin_desc->estimate_size, plugin_desc->ex_desc.key2index_func);
@@ -298,7 +298,7 @@ MESA_htable_handle plugin_EX_htable_new(const struct Maat_table_desc* plugin_tab
}
return key2ex_hash;
}
int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, void* logger)
int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, void* logger)
{
assert(table_rt->plugin.key2ex_hash==NULL);
if(table_rt->plugin.key2ex_hash)
@@ -309,9 +309,9 @@ int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, st
table_rt->plugin.cache_line_num, logger);
return 0;
}
MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, const char* key)
MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, const char* key)
{
struct plugin_table_desc* plugin_desc=NULL;
struct plugin_table_schema* plugin_desc=NULL;
struct wrap_plugin_EX_data* wrap_data=NULL;
MAAT_RULE_EX_DATA exdata=NULL;

64
src/entry/json2iris.cpp
View File

@@ -25,6 +25,7 @@ const int json_version=1;
struct group_info_t
{
int group_id;
char group_name[MAX_PATH_LINE];
};
struct iris_table_t
{
@@ -978,7 +979,7 @@ int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int trac
}
group_info=(struct group_info_t*)MESA_htable_search(p_iris->group_name_map, (const unsigned char*)group_name, strlen(group_name));
if(group_info==NULL)//exist group name, region already read
if(group_info==NULL)//exist group name, regions and sub groups will be ommit.
{
if(0==strncasecmp(group_name, untitled_group_name, strlen(untitled_group_name)))
{
@@ -989,8 +990,42 @@ int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int trac
{
group_info=ALLOC(struct group_info_t, 1);
group_info->group_id=get_group_seq(p_iris);
strncpy(group_info->group_name, group_name, sizeof(group_info->group_name));
MESA_htable_add(p_iris->group_name_map, (const unsigned char*)group_name, strlen(group_name), group_info);
}
region_json=cJSON_GetObjectItem(group_json,"regions");
if(region_json!=NULL)
{
cJSON_ArrayForEach(region_rule, region_json)
{
ret=write_region_rule(region_rule, tracking_compile_id, group_info->group_id, p_iris, logger);
if(ret<0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
"compile rule %d write region error.", tracking_compile_id);
return -1;
}
}
}
sub_groups=cJSON_GetObjectItem(group_json,"sub_groups");
if(sub_groups!=NULL)
{
//recursively
cJSON_ArrayForEach(item, sub_groups)
{
ret=write_group_rule(item, group_info->group_id, PARENT_TYPE_GROUP, tracking_compile_id, p_iris, logger);
if(ret<0)
{
return -1;
}
}
}
if(region_json==NULL && sub_groups==NULL)
{
MESA_handle_runtime_log(logger, RLOG_LV_INFO, maat_json,
"A group of compile rule %d has neither regions, sub groups, nor refered another exisited group.", tracking_compile_id);
}
}
ret=write_group_line(group_info->group_id, parent_id, group_not_flag, parent_type, virtual_table, p_iris, logger);
if(ret<0)
@@ -999,34 +1034,7 @@ int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int trac
"%s rule %d write group error.", _str_parent_type[parent_type], parent_id);
return -1;
}
region_json=cJSON_GetObjectItem(group_json,"regions");
if(region_json!=NULL)
{
cJSON_ArrayForEach(region_rule, region_json)
{
ret=write_region_rule(region_rule, tracking_compile_id, group_info->group_id, p_iris, logger);
if(ret<0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
"compile rule %d write region error.", tracking_compile_id);
return -1;
}
}
}
sub_groups=cJSON_GetObjectItem(group_json,"sub_groups");
if(sub_groups!=NULL)
{
//recursively
cJSON_ArrayForEach(item, sub_groups)
{
ret=write_group_rule(item, group_info->group_id, PARENT_TYPE_GROUP, tracking_compile_id, p_iris, logger);
if(ret<0)
{
return -1;
}
}
}
return 0;
}
int write_iris(cJSON *json, struct iris_description_t *p_iris, void* logger)

8
src/inc_internal/Maat_rule_internal.h
View File

@@ -95,7 +95,7 @@ struct Maat_compile_rule
int is_valid;
int declared_grp_num;
double evaluation_order;
const struct Maat_table_desc* ref_table;
const struct Maat_table_schema* ref_table;
MAAT_RULE_EX_DATA* ads;
};
@@ -214,7 +214,7 @@ struct iconv_handle_t
struct _stream_para_t
{
struct _Maat_feather_t* feather;
const struct Maat_table_desc* p_real_table;
const struct Maat_table_schema* p_real_table;
int virtual_table_id;
int version;
int thread_num;
@@ -455,8 +455,8 @@ void fill_maat_rule(struct Maat_rule_t *rule, const struct Maat_rule_head* rule_
MAAT_RULE_EX_DATA rule_ex_data_new(const struct Maat_rule_head * rule_head, const char* srv_def, const struct compile_ex_data_idx* ex_desc);
void rule_ex_data_free(const struct Maat_rule_head * rule_head, const char* srv_def, MAAT_RULE_EX_DATA *ad, const struct compile_ex_data_idx* ex_desc);
MESA_htable_handle wrap_plugin_EX_hash_new(long long estimate_size, Maat_plugin_EX_key2index_func_t * key2index);
int plugin_EX_data_new(const struct Maat_table_desc* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger);
int plugin_EX_data_free(const struct Maat_table_desc* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger);
int plugin_EX_data_new(const struct Maat_table_schema* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger);
int plugin_EX_data_free(const struct Maat_table_schema* plugin_table, const char* line, MESA_htable_handle key2ex_hash, void *logger);
void set_serial_rule(struct serial_rule_t* rule,enum MAAT_OPERATION op,int rule_id,int label_id,const char* table_name,const char* line, long long timeout);

48
src/inc_internal/Maat_table.h
View File

@@ -29,6 +29,7 @@ enum MAAT_TABLE_TYPE
TABLE_TYPE_EXPR_PLUS,
TABLE_TYPE_SIMILARITY,
TABLE_TYPE_VIRTUAL,
TABLE_TYPE_COMPOSITION,
TABLE_TYPE_GROUP,
TABLE_TYPE_COMPILE,
TABLE_TYPE_PLUGIN
@@ -44,14 +45,14 @@ struct compile_ex_data_idx
int idx;
int table_id;
};
struct compile_table_desc
struct compile_table_schema
{
enum USER_REGION_ENCODE user_region_encoding;
int ex_data_num;
struct compile_ex_data_idx ex_desc[MAX_COMPILE_EX_DATA_NUM];
};
struct expr_table_desc
struct expr_table_schema
{
enum MAAT_CHARSET src_charset;
enum MAAT_CHARSET dst_charset[MAX_CHARSET_NUM];
@@ -61,19 +62,23 @@ struct expr_table_desc
int quick_expr_switch;//obsolete since 20190401
long long iconv_err_cnt;
};
struct virtual_table_desc
struct virtual_table_schema
{
int real_table_id;
char real_table_name[MAX_TABLE_NAME_LEN];
};
struct plugin_table_callback_desc
struct composition_table_schema
{
struct virtual_table_schema source_table, destination_table, session_table;
};
struct plugin_table_callback_schema
{
Maat_start_callback_t *start;
Maat_update_callback_t *update;
Maat_finish_callback_t *finish;
void* u_para;
};
struct plugin_table_ex_data_desc
struct plugin_table_ex_data_schema
{
Maat_plugin_EX_new_func_t* new_func;
Maat_plugin_EX_free_func_t* free_func;
@@ -82,7 +87,7 @@ struct plugin_table_ex_data_desc
long argl;
void *argp;
};
struct plugin_table_desc
struct plugin_table_schema
{
int key_column;
int valid_flag_column;
@@ -92,11 +97,11 @@ struct plugin_table_desc
int cb_plug_cnt;
int have_exdata;
long long estimate_size;
struct plugin_table_callback_desc cb_plug[MAX_PLUGIN_PER_TABLE];
struct plugin_table_ex_data_desc ex_desc;
struct plugin_table_callback_schema cb_plug[MAX_PLUGIN_PER_TABLE];
struct plugin_table_ex_data_schema ex_desc;
};
struct Maat_table_desc
struct Maat_table_schema
{
int table_id;
int conj_cnt;
@@ -105,10 +110,11 @@ struct Maat_table_desc
enum MAAT_TABLE_TYPE table_type;
union
{
struct compile_table_desc compile;
struct expr_table_desc expr;
struct plugin_table_desc plugin;
struct virtual_table_desc virtual_table;;
struct compile_table_schema compile;
struct expr_table_schema expr;
struct plugin_table_schema plugin;
struct virtual_table_schema virtual_table;
struct composition_table_schema composition;
void* others;//group, ip, interval and digest don't have sperate description info.
};
//for stat>>>>>>>>
@@ -122,8 +128,8 @@ void Maat_table_manager_destroy(struct Maat_table_manager* table_mgr);
size_t Maat_table_manager_get_size(struct Maat_table_manager* table_mgr);
size_t Maat_table_manager_get_count(struct Maat_table_manager* table_mgr);
struct Maat_table_desc * Maat_table_get_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id);
struct Maat_table_desc * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id);
struct Maat_table_schema * Maat_table_get_scan_by_id(struct Maat_table_manager* table_mgr, int table_id, enum MAAT_TABLE_TYPE expect_type, int* virutal_table_id);
struct Maat_table_schema * Maat_table_get_by_id_raw(struct Maat_table_manager* table_mgr, int table_id);
int Maat_table_get_id_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
int Maat_table_add_callback_func(struct Maat_table_manager* table_mgr,
@@ -153,6 +159,14 @@ void Maat_table_manager_all_plugin_cb_start(struct Maat_table_manager* table_mgr
void Maat_table_manager_all_plugin_cb_finish(struct Maat_table_manager* table_mgr);
int Maat_table_manager_is_last_plugin_table_updating(struct Maat_table_manager* table_mgr);
struct Maat_table_desc* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
void Maat_table_set_updating_name(struct Maat_table_desc* p_table, const char* table_name);
struct Maat_table_schema* Maat_table_get_desc_by_name(struct Maat_table_manager* table_mgr, const char* table_name);
void Maat_table_set_updating_name(struct Maat_table_schema* p_table, const char* table_name);
enum MAAT_TABLE_CHILD_TYPE
{
CHILD_TABLE_TYPE_NONE=-1,
CHILD_TABLE_TYPE_SOURCE_IP=0,
CHILD_TABLE_TYPE_DESTINATION_IP,
CHILD_TABLE_TYPE_SESSION
};
int Maat_table_get_child_id(struct Maat_table_schema* p_table, enum MAAT_TABLE_CHILD_TYPE type);

4
src/inc_internal/Maat_table_runtime.h
View File

@@ -60,8 +60,8 @@ struct Maat_table_runtime* Maat_table_runtime_get(struct Maat_table_runtime_mana
long long Maat_table_runtime_plugin_cached_line_count(struct Maat_table_runtime* table_rt);
const char* Maat_table_runtime_plugin_get_cached_line(struct Maat_table_runtime* table_rt, long long Nth_line);
int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, void* logger);
MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_desc* table_desc, const char* key);
int Maat_table_runtime_plugin_new_ex_idx(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, void* logger);
MAAT_PLUGIN_EX_DATA Maat_table_runtime_plugin_get_ex_data(struct Maat_table_runtime* table_rt, struct Maat_table_schema* table_desc, const char* key);
void Maat_table_runtime_digest_add(struct Maat_table_runtime* table_rt, int expr_id, const char* digest, short confidence_degree, void* tag);
void Maat_table_runtime_digest_del(struct Maat_table_runtime* table_rt, int expr_id);
int Maat_table_runtime_digest_batch_udpate(struct Maat_table_runtime* table_rt);

174
test/maat_json.json
View File

@@ -1470,11 +1470,11 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_component.source",
"user_region": "IPScan.IPv4_virtual.source",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_component.source",
"group_name": "ipv4_virtual.source",
"regions": [
{
"table_type": "ip_plus",
@@ -1483,7 +1483,7 @@
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.40.10",
"src_ip2": "0",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "443",
"src_port2": "65535",
@@ -1509,11 +1509,11 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_component.destination",
"user_region": "IPScan.IPv4_virtual.destination",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_component.destination",
"group_name": "ipv4_virtual.destination",
"regions": [
{
"table_type": "ip_plus",
@@ -1522,7 +1522,7 @@
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.231.46",
"src_ip2": "0",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "25705",
"src_port2": "65535",
@@ -1548,20 +1548,176 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_component.match",
"user_region": "ipv4_virtual.match",
"is_valid": "yes",
"groups": [
{
"group_name":"ipv4_component.source",
"group_name":"ipv4_virtual.source",
"virtual_table":"VIRTUAL_IP_PLUS_SOURCE",
"not_flag":0
},
{
"group_name":"ipv4_component.destination",
"group_name":"ipv4_virtual.destination",
"virtual_table":"VIRTUAL_IP_PLUS_DESTINATION",
"not_flag":0
}
]
},
{
"compile_id": 173,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.source",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.source",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.40.11",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "443",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "0.0.0.0",
"dst_ip2": "0",
"dport_format": "range",
"dst_port1": "0",
"dst_port2": "0",
"protocol": 6,
"direction": "double"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 174,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.destination",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.destination",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.231.47",
"src_ip2": "32",
"sport_format": "mask",
"src_port1": "25715",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "0.0.0.0",
"dst_ip2": "0",
"dport_format": "range",
"dst_port1": "0",
"dst_port2": "0",
"protocol": 6,
"direction": "double"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 175,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.match",
"is_valid": "yes",
"groups": [
{
"group_name":"ipv4_composition.source",
"virtual_table":"COMPOSITION_IP_SOURCE",
"not_flag":0
},
{
"group_name":"ipv4_composition.destination",
"virtual_table":"COMPOSITION_IP_DESTINATION",
"not_flag":0
}
]
},
{
"compile_id": 176,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_composition.session",
"is_valid": "no",
"groups": [
{
"group_name": "ipv4_composition.session",
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "192.168.40.11",
"src_ip2": "2",
"sport_format": "mask",
"src_port1": "443",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "192.168.231.47",
"dst_ip2": "32",
"dport_format": "range",
"dst_port1": "25715",
"dst_port2": "25715",
"protocol": 6,
"direction": "single"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 177,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.session.match",
"is_valid": "yes",
"groups": [
{
"group_name":"ipv4_composition.session",
"virtual_table":"COMPOSITION_IP_SESSION",
"not_flag":0
}
]
}
],
"plugin_table": [

11
test/table_info.conf
View File

@@ -6,7 +6,6 @@
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege [yes/no]
#cross cache [number]
#quick mode [quickon/quickoff], default [quickoff]
#For ip/intval/digest/compile/group table.
#id name type
#
@@ -17,11 +16,11 @@
#id name type real_table_name
#
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
#id name type src_charset dst_charset do_merge cross_cache
0 COMPILE compile escape --
1 GROUP group --
2 HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff
2 HTTP_HOST expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff
2 HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128
2 HTTP_HOST expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128
3 KEYWORDS_TABLE expr UTF8 GBK/BIG5/UNICODE/UTF8/unicode_ascii_esc/unicode_ascii_aligned/unicode_ncr_dec/unicode_ncr_hex/windows-1251 yes 0
4 IP_CONFIG ip --
5 CONTENT_SIZE intval --
@@ -45,3 +44,7 @@
23 VIRTUAL_IP_PLUS_TABLE virtual IP_PLUS_CONFIG --
23 VIRTUAL_IP_PLUS_SOURCE virtual IP_PLUS_CONFIG --
23 VIRTUAL_IP_PLUS_DESTINATION virtual IP_PLUS_CONFIG --
24 COMPOSITION_IP_SOURCE virtual IP_PLUS_CONFIG --
25 COMPOSITION_IP_DESTINATION virtual IP_PLUS_CONFIG --
26 COMPOSITION_IP_SESSION virtual IP_PLUS_CONFIG --
27 COMPOSITION_IP composition {"source":"COMPOSITION_IP_SOURCE","destination":"COMPOSITION_IP_DESTINATION","session":"COMPOSITION_IP_SESSION"}

23
test/test_maatframe.cpp
View File

@@ -725,6 +725,29 @@ TEST(IPScan, IPv4_virtual)
Maat_clean_status(&mid);
return;
}
TEST(IPScan, IPv4_composition)
{
int table_id=0,ret=0;
const char* table_name="COMPOSITION_IP";
struct Maat_rule_t result[4];
scan_status_t mid=NULL;
struct ipaddr ipv4_addr;
struct stream_tuple4_v4 v4_addr;
ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.40.11", 443, "192.168.231.47", 25715);
table_id=Maat_table_register(g_feather, table_name);
EXPECT_GT(table_id, 0);
ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0);
EXPECT_EQ(ret, 2);
EXPECT_EQ(result[0].config_id, 177);
EXPECT_EQ(result[1].config_id, 175);
Maat_clean_status(&mid);
return;
}
#define TEST_NOTLogic 1