diff --git a/deps/log/log.c b/deps/log/log.c index 89808eb..920b658 100644 --- a/deps/log/log.c +++ b/deps/log/log.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -277,4 +278,4 @@ void log_print(struct log_handle *handle, int level, const char *module, const c log_print_file(handle, level, module, ap, fmt); va_end(ap); } -} \ No newline at end of file +} diff --git a/include/maat.h b/include/maat.h index b954b2e..6d9ea13 100644 --- a/include/maat.h +++ b/include/maat.h @@ -172,8 +172,14 @@ int maat_scan_integer(struct maat *instance, int table_id, int thread_id, long long integer, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); +/** + * @param ip_addr: network ipv4 address + * @param port: network port + * @param protocol: -1(ANY protocol) 1(ICMP) 6(TCP) 17(UDP) +*/ int maat_scan_ipv4(struct maat *instance, int table_id, int thread_id, - uint32_t ip_addr, long long *results, size_t n_result, + uint32_t ip_addr, uint16_t port, int protocol, + long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id, @@ -182,7 +188,8 @@ int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id, struct maat_state *state); int maat_scan_ipv6(struct maat *instance, int table_id, int thread_id, - uint8_t *ip_addr, long long *results, size_t n_result, + uint8_t *ip_addr, uint16_t port, int protocol, + long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); int maat_scan_ipv6_tuple4(struct maat *instance, int table_id, int thread_id, diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 268e83b..0213e22 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -12,10 +12,9 @@ LINK_DIRECTORIES(/opt/MESA/lib /usr/lib64) add_definitions(-D_GNU_SOURCE) add_definitions(-fPIC) set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c - maat_rule.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c - maat_table.c maat_compile.c maat_group.c maat_ip.c maat_flag.c maat_interval.c - maat_expr.c maat_fqdn.c maat_port.c maat_plugin.c maat_ip_plugin.c maat_bool_plugin.c - maat_fqdn_plugin.c maat_virtual.c) + maat_rule.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c + maat_compile.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_fqdn.c maat_plugin.c + maat_ip_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_virtual.c) set(LIB_SOURCE_FILES ${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c) diff --git a/src/inc_internal/maat_compile.h b/src/inc_internal/maat_compile.h index 7d96213..8b65a20 100644 --- a/src/inc_internal/maat_compile.h +++ b/src/inc_internal/maat_compile.h @@ -59,10 +59,10 @@ int compile_runtime_commit(void *compile_runtime, const char *table_name); int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids, size_t compile_ids_size, struct maat_state *state); -size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, - struct maat_compile_state *compile_state, - struct maat_hit_path *hit_path_array, - size_t array_size, size_t hit_path_cnt); +size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, + struct maat_compile_state *compile_state, + struct maat_hit_path *hit_path_array, + size_t array_size, size_t hit_path_cnt); void *compile_runtime_get_ex_data(struct compile_runtime *compile_rt, struct compile_schema *compile_schema, @@ -90,7 +90,7 @@ int maat_compile_state_update(struct rcu_hash_table *item_htable, int vtable_id, long long *hit_item_ids, size_t hit_item_cnt, size_t *n_hit_group_id, struct maat_state *state); -size_t maat_compile_state_get_hit_paths(struct maat_compile_state *compile_state, +size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *compile_state, struct group2group_runtime *g2g_rt, struct maat_hit_path *hit_path_array, size_t array_size); diff --git a/src/inc_internal/maat_ip.h b/src/inc_internal/maat_ip.h index e4e7968..a458679 100644 --- a/src/inc_internal/maat_ip.h +++ b/src/inc_internal/maat_ip.h @@ -37,7 +37,8 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name); /* ip runtime scan API */ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, - uint8_t *ip_addr, int vtable_id, struct maat_state *state); + uint8_t *ip_addr, uint16_t port, int proto, int vtable_id, + struct maat_state *state); void ip_runtime_scan_hit_inc(struct ip_runtime *ip_rt, int thread_id); long long ip_runtime_scan_hit_sum(struct ip_runtime *ip_rt, int n_thread); diff --git a/src/inc_internal/maat_port.h b/src/inc_internal/maat_port.h deleted file mode 100644 index 05684a8..0000000 --- a/src/inc_internal/maat_port.h +++ /dev/null @@ -1,54 +0,0 @@ -/* -********************************************************************************************** -* File: maat_port.h -* Description: -* Authors: Liu WenTan -* Date: 2022-10-31 -* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved. -*********************************************************************************************** -*/ - -#ifndef _MAAT_PORT_H_ -#define _MAAT_PORT_H_ - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include "cJSON/cJSON.h" -#include "maat_table.h" -#include "maat_rule.h" - -/* port is short for port proto */ -struct port_runtime; - -void *port_schema_new(cJSON *json, struct table_manager *tbl_mgr, - const char *table_name, struct log_handle *logger); -void port_schema_free(void *port_schema); - -/* ip runtime API */ -void *port_runtime_new(void *port_schema, int max_thread_num, - struct maat_garbage_bin *garbage_bin, - struct log_handle *logger); -void port_runtime_free(void *port_runtime); - -int port_runtime_update(void *port_runtime, void *port_schema, - const char *line, int valid_column); -int port_runtime_commit(void *port_runtime, const char *table_name); - -struct ex_data_runtime *port_runtime_get_ex_data_rt(struct port_runtime *port_rt); - -/* ip runtime scan API */ -int port_runtime_scan(struct port_runtime *port_rt, int thread_id, int port, - int proto, int *group_ids, size_t group_id_size, - int vtable_id, struct maat_state *state); - -void port_runtime_scan_hit_inc(struct port_runtime *port_rt, int thread_id); -long long port_runtime_scan_hit_sum(struct port_runtime *port_rt, int n_thread); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index 3010c8b..d3887fb 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -285,8 +285,7 @@ long long maat_cmd_redis_server_time_s(redisContext *c); long long maat_cmd_read_redis_integer(const redisReply *reply); -int maat_cmd_get_valid_flag_offset(const char *line, enum table_type table_type, - int valid_column_seq); +int maat_cmd_get_valid_flag_offset(const char *line, int column_seq); const char *maat_cmd_find_Nth_column(const char *line, int Nth, int *column_len); diff --git a/src/inc_internal/maat_table.h b/src/inc_internal/maat_table.h index e0a0867..2589653 100644 --- a/src/inc_internal/maat_table.h +++ b/src/inc_internal/maat_table.h @@ -29,7 +29,6 @@ enum table_type { TABLE_TYPE_EXPR, TABLE_TYPE_EXPR_PLUS, TABLE_TYPE_IP_PLUS, - TABLE_TYPE_PORT, TABLE_TYPE_INTERVAL, TABLE_TYPE_INTERVAL_PLUS, TABLE_TYPE_PLUGIN, diff --git a/src/inc_internal/maat_utils.h b/src/inc_internal/maat_utils.h index 9212e72..ca76217 100644 --- a/src/inc_internal/maat_utils.h +++ b/src/inc_internal/maat_utils.h @@ -57,18 +57,25 @@ extern "C" #define MAX_SCANNER_HIT_ITEM_NUM 4096 #define MAX_SCANNER_HIT_PATTERN_NUM 4096 * 8 -enum maat_ip_format { +enum ip_format { + IP_FORMAT_SINGLE = 1, IP_FORMAT_RANGE, - IP_FORMAT_MASK, IP_FORMAT_CIDR, + IP_FORMAT_MASK, IP_FORMAT_UNKNOWN }; -enum maat_ip_format ip_format_str2int(const char *format); -int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2, +enum port_format { + PORT_FORMAT_SINGLE = 1, + PORT_FORMAT_RANGE, + PORT_FORMAT_UNKNOWN +}; + +enum ip_format ip_format_str2int(const char *format); +int ip_format2range(int ip_type, enum ip_format format, const char *ip1, const char *ip2, uint32_t range_begin[], uint32_t range_end[]); - +enum port_format port_format_str2int(const char *format); #define UNUSED __attribute__((unused)) diff --git a/src/json2iris.c b/src/json2iris.c index 725c47e..08fa729 100644 --- a/src/json2iris.c +++ b/src/json2iris.c @@ -137,7 +137,6 @@ int set_iris_descriptor(const char *json_file, cJSON *json, maat_kv_register(iris_cfg->str2int_map, "flag", TABLE_TYPE_FLAG); maat_kv_register(iris_cfg->str2int_map, "flag_plus", TABLE_TYPE_FLAG_PLUS); maat_kv_register(iris_cfg->str2int_map, "ip_plus", TABLE_TYPE_IP_PLUS); - maat_kv_register(iris_cfg->str2int_map, "port", TABLE_TYPE_PORT); maat_kv_register(iris_cfg->str2int_map, "string", TABLE_TYPE_EXPR); maat_kv_register(iris_cfg->str2int_map, "expr", TABLE_TYPE_EXPR); maat_kv_register(iris_cfg->str2int_map, "expr_plus", TABLE_TYPE_EXPR_PLUS); @@ -511,73 +510,37 @@ int write_ip_plus_line(cJSON *region_json, struct iris_description *p_iris, json_cmd[cmd_cnt].str2int_flag = 1; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "saddr_format"; + json_cmd[cmd_cnt].json_string = "addr_format"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].default_string = "mask"; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "src_ip1"; + json_cmd[cmd_cnt].json_string = "ip1"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].default_string = "0.0.0.0"; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "src_ip2"; + json_cmd[cmd_cnt].json_string = "ip2"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].default_string = "255.255.255.255"; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "sport_format"; + json_cmd[cmd_cnt].json_string = "port_format"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].default_string = "mask"; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "src_port1"; + json_cmd[cmd_cnt].json_string = "port1"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].default_string = "0"; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "src_port2"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "65535"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "daddr_format"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "mask"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "dst_ip1"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "0.0.0.0"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "dst_ip2"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "255.255.255.255"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "dport_format"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "mask"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "dst_port1"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "0"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "dst_port2"; + json_cmd[cmd_cnt].json_string = "port2"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].default_string = "65535"; @@ -589,13 +552,6 @@ int write_ip_plus_line(cJSON *region_json, struct iris_description *p_iris, json_cmd[cmd_cnt].default_int = 0; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "direction"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].str2int_flag = 1; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "double"; - cmd_cnt++; - json_cmd[cmd_cnt].json_string = "is_valid"; json_cmd[cmd_cnt].json_type = cJSON_Number; cmd_cnt++; diff --git a/src/maat_api.c b/src/maat_api.c index c20b5a2..cf7b44f 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -597,6 +597,10 @@ int generic_plugin_table_set_ex_schema(struct table_manager *tbl_mgr, int table_ void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, int table_id, enum table_type table_type, int valid_column) { + if (NULL == runtime || NULL == schema || valid_column < 0) { + return; + } + struct ex_data_schema *ex_schema = NULL; struct ex_data_runtime *ex_data_rt = NULL; @@ -688,6 +692,10 @@ int generic_plugin_table_ex_schema_register(struct maat *maat_instance, int tabl table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id); valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id); + if (table_type == TABLE_TYPE_INVALID || valid_column < 0) { + return -1; + } + generic_plugin_runtime_commit_ex_schema(runtime, schema, table_id, table_type, valid_column); } @@ -1016,7 +1024,8 @@ int interval_scan(struct table_manager *tbl_mgr, int thread_id, long long intege } int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, - int physical_table_id, int vtable_id, struct maat_state *state) + uint16_t port, int proto, int physical_table_id, int vtable_id, + struct maat_state *state) { enum table_type table_type = table_manager_get_table_type(tbl_mgr, physical_table_id); @@ -1030,7 +1039,8 @@ int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, } int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4, - (uint8_t *)&ip_addr, vtable_id, state); + (uint8_t *)&ip_addr, port, proto, vtable_id, + state); if (group_hit_cnt < 0) { return -1; } @@ -1043,7 +1053,8 @@ int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, } int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, - int physical_table_id, int vtable_id, struct maat_state *state) + uint16_t port, int proto, int physical_table_id, int vtable_id, + struct maat_state *state) { enum table_type table_type = table_manager_get_table_type(tbl_mgr, physical_table_id); @@ -1057,7 +1068,7 @@ int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, } int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, - ip_addr, vtable_id, state); + ip_addr, port, proto, vtable_id, state); if (group_hit_cnt < 0) { return -1; } @@ -1305,11 +1316,12 @@ int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id, } int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id, - uint32_t ip_addr, long long *results, size_t n_result, + uint32_t ip_addr, uint16_t port, int protocol, + long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM - || (thread_id < 0) || (NULL == results) || (0 == n_result) + || (protocol < -1) || (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) { return MAAT_SCAN_ERR; } @@ -1345,7 +1357,7 @@ int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id, maat_runtime_ref_inc(maat_instance->maat_rt, thread_id); alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1); - int hit_group_cnt = ipv4_scan(maat_instance->tbl_mgr, thread_id, ip_addr, + int hit_group_cnt = ipv4_scan(maat_instance->tbl_mgr, thread_id, ip_addr, port, protocol, physical_table_id, vtable_id, state); if (hit_group_cnt < 0) { return MAAT_SCAN_ERR; @@ -1386,12 +1398,13 @@ int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id, } int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id, - uint8_t *ip_addr, long long *results, size_t n_result, + uint8_t *ip_addr, uint16_t port, int protocol, + long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM - || (thread_id < 0) || (NULL == ip_addr) || (NULL == results) - || (0 == n_result) || (NULL == state)) { + || (protocol < -1) || (thread_id < 0) || (NULL == ip_addr) + || (NULL == results) || (0 == n_result) || (NULL == state)) { return MAAT_SCAN_ERR; } @@ -1426,7 +1439,7 @@ int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id, maat_runtime_ref_inc(maat_instance->maat_rt, thread_id); alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1); - int hit_group_cnt = ipv6_scan(maat_instance->tbl_mgr, thread_id, ip_addr, + int hit_group_cnt = ipv6_scan(maat_instance->tbl_mgr, thread_id, ip_addr, port, protocol, physical_table_id, vtable_id, state); if (hit_group_cnt < 0) { return MAAT_SCAN_ERR; @@ -1783,20 +1796,16 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat void *g2g_runtime = table_manager_get_runtime(maat_instance->tbl_mgr, maat_instance->g2g_table_id); assert(g2g_runtime != NULL); - size_t compile_state_hit_path_cnt = maat_compile_state_get_hit_paths(state->compile_state, - (struct group2group_runtime *)g2g_runtime, - paths, n_path); - size_t new_hit_path_cnt = 0; + size_t internal_hit_path_cnt = maat_compile_state_get_internal_hit_paths(state->compile_state, + (struct group2group_runtime *)g2g_runtime, + paths, n_path); void *compile_rt = table_manager_get_runtime(maat_instance->tbl_mgr, compile_table_id); assert(NULL != compile_rt); - new_hit_path_cnt = compile_runtime_get_new_hit_paths((struct compile_runtime *)compile_rt, - state->compile_state, paths, n_path, - compile_state_hit_path_cnt); - - - return (compile_state_hit_path_cnt + new_hit_path_cnt); + return compile_runtime_get_hit_paths((struct compile_runtime *)compile_rt, + state->compile_state, paths, n_path, + internal_hit_path_cnt); } int maat_state_get_hit_objects(struct maat_state *state, struct maat_hit_object *objs, size_t n_obj) diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index bfae01f..a248dee 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -45,14 +45,17 @@ struct bool_plugin_runtime { void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - size_t read_cnt = 0; struct bool_plugin_schema *schema = ALLOC(struct bool_plugin_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_BOOL_PLUGIN, + "[%s:%d] table %s has no table_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } item = cJSON_GetObjectItem(json, "custom"); @@ -66,13 +69,21 @@ void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "item_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->item_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_BOOL_PLUGIN, + "[%s:%d] table %s has no item_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "bool_expr"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->bool_expr_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_BOOL_PLUGIN, + "[%s:%d] table %s has no bool_expr column", + __FUNCTION__, __LINE__, table_name); + goto error; } // rule_tag is optional @@ -82,11 +93,6 @@ void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, } schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 3) { - goto error; - } - return schema; error: FREE(schema); @@ -440,12 +446,14 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name struct bool_matcher *new_bool_matcher = NULL; struct bool_matcher *old_bool_matcher = NULL; - new_bool_matcher = bool_matcher_new(rules, rule_cnt, &mem_used); - if (NULL == new_bool_matcher) { - log_error(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, - "[%s:%d] table[%s] rebuild bool_matcher engine failed when update %zu bool_plugin rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + if (rule_cnt > 0) { + new_bool_matcher = bool_matcher_new(rules, rule_cnt, &mem_used); + if (NULL == new_bool_matcher) { + log_error(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, + "[%s:%d] table[%s] rebuild bool_matcher engine failed when update %zu bool_plugin rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_bool_matcher = bool_plugin_rt->matcher; diff --git a/src/maat_command.c b/src/maat_command.c index b3d0959..5ac5005 100644 --- a/src/maat_command.c +++ b/src/maat_command.c @@ -244,54 +244,11 @@ void maat_cmd_set_serial_rule(struct serial_rule *rule, enum maat_operation op, } } -int maat_cmd_get_valid_flag_offset(const char *line, enum table_type table_type, - int valid_column_seq) -{ - int column_seq = 0; - - switch (table_type) { - case TABLE_TYPE_FLAG: - case TABLE_TYPE_FLAG_PLUS: //TODO: - column_seq = 5; - break; - case TABLE_TYPE_EXPR: - column_seq = 7; - break; - case TABLE_TYPE_EXPR_PLUS: - column_seq = 8; - break; - case TABLE_TYPE_IP_PLUS: - column_seq = 18; - break; - case TABLE_TYPE_COMPILE: - column_seq = 8; - break; - case TABLE_TYPE_PLUGIN: - case TABLE_TYPE_IP_PLUGIN: - case TABLE_TYPE_FQDN_PLUGIN: - case TABLE_TYPE_BOOL_PLUGIN: - if (valid_column_seq < 0) { - return -1; - } - - column_seq = valid_column_seq; - break; - case TABLE_TYPE_INTERVAL: - column_seq = 5; - break; - case TABLE_TYPE_INTERVAL_PLUS: - column_seq = 6; - break; - case TABLE_TYPE_GROUP2COMPILE: - case TABLE_TYPE_GROUP2GROUP: - column_seq = 3; - break; - default: - assert(0); - } - +int maat_cmd_get_valid_flag_offset(const char *line, int column_seq) +{ size_t offset = 0; size_t len = 0; + int ret = get_column_pos(line, column_seq, &offset, &len); // 0 is also a valid value for some non-MAAT producer. if (ret < 0 || offset >= strlen(line) || (line[offset] != '1' && @@ -392,9 +349,16 @@ int maat_cmd_set_line(struct maat *maat_instance, const struct maat_cmd_line *li FREE(s_rule); return -1; } + + int valid_offset = maat_cmd_get_valid_flag_offset(line_rule->table_line, valid_column); + if (valid_offset < 0) { + log_error(maat_instance->logger, MODULE_MAAT_COMMAND, + "[%s:%d] Command set line id %lld failed: table %s valid_offset error", + __FUNCTION__, __LINE__, line_rule->rule_id, line_rule->table_name); + FREE(s_rule); + return -1; + } - enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id); - int valid_offset = maat_cmd_get_valid_flag_offset(line_rule->table_line, table_type, valid_column); int is_valid = atoi(line_rule->table_line + valid_offset); if (line_rule->expire_after > 0) { absolute_expire_time = server_time + line_rule->expire_after; diff --git a/src/maat_compile.c b/src/maat_compile.c index 62530b4..7f20484 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -54,7 +54,7 @@ struct group2compile_schema { struct compile_item { long long compile_id; int declared_clause_num; - int evaluation_order; + double evaluation_order; }; struct group2compile_item { @@ -241,15 +241,16 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - int read_cnt = 0; - struct compile_schema *compile_schema = ALLOC(struct compile_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { compile_schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no table_id column", table_name); + goto error; } item = cJSON_GetObjectItem(json, "custom"); @@ -263,33 +264,27 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "compile_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { compile_schema->compile_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no compile_id column", table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "tags"); if (custom_item != NULL && custom_item->type == cJSON_Number) { compile_schema->rule_tag_column = custom_item->valueint; - read_cnt++; } custom_item = cJSON_GetObjectItem(item, "clause_num"); if (custom_item != NULL && custom_item->type == cJSON_Number) { compile_schema->declared_clause_num_column = custom_item->valueint; - read_cnt++; - } - - custom_item = cJSON_GetObjectItem(item, "evaluation_order"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - compile_schema->evaluation_order_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no clause_num column", table_name); + goto error; } compile_schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 5) { - goto error; - } - return compile_schema; error: FREE(compile_schema); @@ -304,20 +299,27 @@ void compile_schema_free(void *compile_schema) void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - int read_cnt = 0; struct group2compile_schema *g2c_schema = ALLOC(struct group2compile_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { g2c_schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no table_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } item = cJSON_GetObjectItem(json, "associated_compile_table_id"); if (item != NULL && item->type == cJSON_Number) { g2c_schema->associated_compile_table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no associated_compile_table_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } item = cJSON_GetObjectItem(json, "custom"); @@ -331,39 +333,54 @@ void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "group_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2c_schema->group_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no group_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "compile_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2c_schema->compile_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no compile_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "not_flag"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2c_schema->not_flag_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no not_flag column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "virtual_table_name"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2c_schema->vtable_name_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no virtual_table_name column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "clause_index"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2c_schema->clause_index_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_COMPILE, + "[%s:%d] table %s has no clause_index column", + __FUNCTION__, __LINE__, table_name); + goto error; } g2c_schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 7) { - goto error; - } - return g2c_schema; error: FREE(g2c_schema); @@ -456,16 +473,6 @@ compile_item_new(const char *line, struct compile_schema *compile_schema, } compile_item->declared_clause_num = atoi(line + column_offset); - ret = get_column_pos(line, compile_schema->evaluation_order_column, - &column_offset, &column_len); - if (ret < 0) { - log_error(logger, MODULE_COMPILE, - "[%s:%d] compile table(table_id:%d) line:%s has no evaluation_order", - __FUNCTION__, __LINE__, compile_schema->table_id, line); - goto error; - } - compile_item->evaluation_order = atoi(line + column_offset); - return compile_item; error: FREE(compile_item); @@ -1291,10 +1298,10 @@ static int maat_compile_is_hit_path_existed(const struct maat_hit_path *hit_path return 0; } -size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, +size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, struct maat_compile_state *compile_state, struct maat_hit_path *hit_path_array, - size_t array_size, size_t hit_path_cnt) + size_t array_size, size_t n_internal_hit_path) { /* assign hit_path_array[].compile_id */ size_t new_hit_path_cnt = 0; @@ -1313,11 +1320,11 @@ size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, compile = (struct maat_compile *)expr_match[idx].user_tag; assert(compile->magic == MAAT_COMPILE_MAGIC); assert((unsigned long long)compile->compile_id == expr_match[idx].expr_id); - if (0 == compile->actual_clause_num) { + if (0 == compile->actual_clause_num || NULL == compile->user_data) { continue; } - for (size_t j = 0; j < hit_path_cnt && (hit_path_cnt + new_hit_path_cnt) < array_size; j++) { + for (size_t j = 0; j < n_internal_hit_path && (n_internal_hit_path + new_hit_path_cnt) < array_size; j++) { if (hit_path_array[j].top_group_id < 0) { continue; } @@ -1331,8 +1338,8 @@ size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, // means same literal_id hit more than one compile_id tmp_path = hit_path_array[j]; tmp_path.compile_id = compile->compile_id; - if(maat_compile_is_hit_path_existed(hit_path_array, hit_path_cnt + new_hit_path_cnt, &tmp_path)) { - hit_path_array[hit_path_cnt + new_hit_path_cnt] = tmp_path; + if(maat_compile_is_hit_path_existed(hit_path_array, n_internal_hit_path + new_hit_path_cnt, &tmp_path)) { + hit_path_array[n_internal_hit_path + new_hit_path_cnt] = tmp_path; new_hit_path_cnt++; } } @@ -1341,7 +1348,7 @@ size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, } pthread_rwlock_unlock(&compile_rt->rwlock); - return new_hit_path_cnt; + return (n_internal_hit_path + new_hit_path_cnt); } void maat_compile_state_update_hit_path(struct maat_compile_state *compile_state, @@ -1819,7 +1826,7 @@ int maat_compile_state_update(struct rcu_hash_table *item_htable, int vtable_id, return 0; } -size_t maat_compile_state_get_hit_paths(struct maat_compile_state *compile_state, +size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *compile_state, struct group2group_runtime *g2g_rt, struct maat_hit_path *hit_path_array, size_t array_size) diff --git a/src/maat_expr.c b/src/maat_expr.c index 9cad79d..56fcb43 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -283,7 +283,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->table_id = item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no table_id column", table_name); + "[%s:%d] table %s has no table_id column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -294,7 +295,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, item = cJSON_GetObjectItem(json, "custom"); if (item == NULL || item->type != cJSON_Object) { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no custom column", table_name); + "[%s:%d] table %s has no custom column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -303,7 +305,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->item_id_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no item_id column", table_name); + "[%s:%d] table %s has no item_id column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -312,7 +315,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->group_id_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no group_id column", table_name); + "[%s:%d] table %s has no group_id column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -321,7 +325,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->keywords_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no keywords column", table_name); + "[%s:%d] table %s has no keywords column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -332,7 +337,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->district_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] expr_plus table %s has no district column", table_name); + "[%s:%d] expr_plus table %s has no district column", + __FUNCTION__, __LINE__, table_name); goto error; } } @@ -342,7 +348,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->expr_type_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no expr_type column", table_name); + "[%s:%d] table %s has no expr_type column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -351,7 +358,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->match_method_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no match_method column", table_name); + "[%s:%d] table %s has no match_method column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -360,7 +368,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, expr_schema->is_hexbin_column = custom_item->valueint; } else { log_error(logger, MODULE_EXPR, - "[%s:%d] table %s has no is_hexbin column", table_name); + "[%s:%d] table %s has no is_hexbin column", + __FUNCTION__, __LINE__, table_name); goto error; } @@ -783,12 +792,15 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name) int ret = 0; struct adapter_hs *new_adapter_hs = NULL; struct adapter_hs *old_adapter_hs = NULL; - new_adapter_hs = adapter_hs_new(expr_rt->n_worker_thread, rules, rule_cnt, expr_rt->logger); - if (NULL == new_adapter_hs) { - log_error(expr_rt->logger, MODULE_EXPR, - "[%s:%d] table[%s] rebuild adapter_hs engine failed when update %zu expr rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + + if (rule_cnt > 0) { + new_adapter_hs = adapter_hs_new(expr_rt->n_worker_thread, rules, rule_cnt, expr_rt->logger); + if (NULL == new_adapter_hs) { + log_error(expr_rt->logger, MODULE_EXPR, + "[%s:%d] table[%s] rebuild adapter_hs engine failed when update %zu expr rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_adapter_hs = expr_rt->hs; diff --git a/src/maat_flag.c b/src/maat_flag.c index d378882..c2acd44 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -57,16 +57,24 @@ struct flag_runtime { void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - int read_cnt = 0; struct flag_schema *schema = ALLOC(struct flag_schema, 1); + char table_type[NAME_MAX] = {0}; cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FLAG, + "[%s:%d] table %s has no table_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } + /* table_type already validate in maat_table_new() */ + item = cJSON_GetObjectItem(json, "table_type"); + memcpy(table_type, item->valuestring, strlen(item->valuestring)); + item = cJSON_GetObjectItem(json, "custom"); if (item == NULL || item->type != cJSON_Object) { log_error(logger, MODULE_FLAG, @@ -78,39 +86,57 @@ void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "item_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->item_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FLAG, + "[%s:%d] table %s has no item_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "group_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->group_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FLAG, + "[%s:%d] table %s has no group_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } - custom_item = cJSON_GetObjectItem(item, "district"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->district_column = custom_item->valueint; - read_cnt++; + /* flag_plus has district */ + if (strcmp(table_type, "flag_plus") == 0) { + custom_item = cJSON_GetObjectItem(item, "district"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + schema->district_column = custom_item->valueint; + } else { + log_error(logger, MODULE_FLAG, + "[%s:%d] flag_plus table %s has no district column", + __FUNCTION__, __LINE__, table_name); + goto error; + } } custom_item = cJSON_GetObjectItem(item, "flag"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->flag_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FLAG, + "[%s:%d] table %s has no flag column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "flag_mask"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->flag_mask_column = custom_item->valueint; - read_cnt++; - } - - schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 5) { + } else { + log_error(logger, MODULE_FLAG, + "[%s:%d] table %s has no flag_mask column", + __FUNCTION__, __LINE__, table_name); goto error; } + schema->ref_tbl_mgr = tbl_mgr; return schema; error: FREE(schema); @@ -408,12 +434,15 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name) int ret = 0; struct flag_matcher *new_flag_matcher = NULL; struct flag_matcher *old_flag_matcher = NULL; - new_flag_matcher = flag_matcher_new(rules, rule_cnt); - if (NULL == new_flag_matcher) { - log_error(flag_rt->logger, MODULE_FLAG, - "[%s:%d] table[%s] rebuild flag_matcher engine failed when update %zu flag rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + + if (rule_cnt > 0) { + new_flag_matcher = flag_matcher_new(rules, rule_cnt); + if (NULL == new_flag_matcher) { + log_error(flag_rt->logger, MODULE_FLAG, + "[%s:%d] table[%s] rebuild flag_matcher engine failed when update %zu flag rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_flag_matcher = flag_rt->matcher; diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index 4e91761..85b98da 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -46,14 +46,17 @@ struct fqdn_plugin_runtime { void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - size_t read_cnt = 0; struct fqdn_plugin_schema *schema = ALLOC(struct fqdn_plugin_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); - if (item != NULL && item->type == cJSON_Number) { + if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FQDN_PLUGIN, + "[%s:%d] table %s has no table_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } item = cJSON_GetObjectItem(json, "custom"); @@ -67,20 +70,32 @@ void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "item_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->item_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FQDN_PLUGIN, + "[%s:%d] table %s has no item_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "suffix_match_method"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->suffix_flag_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FQDN_PLUGIN, + "[%s:%d] table %s has no suffix_match_method column", + __FUNCTION__, __LINE__, table_name); + goto error; } // rule_tag is optional custom_item = cJSON_GetObjectItem(item, "fqdn"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->fqdn_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_FQDN_PLUGIN, + "[%s:%d] table %s has no fqdn column", + __FUNCTION__, __LINE__, table_name); + goto error; } // rule_tag is optional @@ -90,11 +105,6 @@ void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, } schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 4) { - goto error; - } - return schema; error: FREE(schema); @@ -421,12 +431,14 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name struct FQDN_engine *new_fqdn_engine = NULL; struct FQDN_engine *old_fqdn_engine = NULL; - new_fqdn_engine = FQDN_engine_new(rules, rule_cnt); - if (NULL == new_fqdn_engine) { - log_error(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, - "[%s:%d] table[%s] rebuild FQDN engine failed when update %zu fqdn_plugin rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + if (rule_cnt > 0) { + new_fqdn_engine = FQDN_engine_new(rules, rule_cnt); + if (NULL == new_fqdn_engine) { + log_error(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, + "[%s:%d] table[%s] rebuild FQDN engine failed when update %zu fqdn_plugin rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_fqdn_engine = fqdn_plugin_rt->engine; diff --git a/src/maat_group.c b/src/maat_group.c index 434863f..728bb8a 100644 --- a/src/maat_group.c +++ b/src/maat_group.c @@ -70,14 +70,16 @@ struct group2group_runtime { void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - int read_cnt = 0; struct group2group_schema *g2g_schema = ALLOC(struct group2group_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { g2g_schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_GROUP, + "[%s:%d] table %s has no table_id column", table_name); + goto error; } item = cJSON_GetObjectItem(json, "custom"); @@ -91,21 +93,22 @@ void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "group_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2g_schema->group_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_GROUP, + "[%s:%d] table %s has no group_id column", table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "super_group_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { g2g_schema->super_group_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_GROUP, + "[%s:%d] table %s has no super_group_id column", table_name); + goto error; } g2g_schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 3) { - goto error; - } - return g2g_schema; error: FREE(g2g_schema); diff --git a/src/maat_interval.c b/src/maat_interval.c index 6a00f37..bf55ae0 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -54,16 +54,24 @@ struct interval_runtime { void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - int read_cnt = 0; struct interval_schema *schema = ALLOC(struct interval_schema, 1); + char table_type[NAME_MAX] = {0}; cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_INTERVAL, + "[%s:%d] table %s has no table_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } + /* table_type already validate in maat_table_new() */ + item = cJSON_GetObjectItem(json, "table_type"); + memcpy(table_type, item->valuestring, strlen(item->valuestring)); + item = cJSON_GetObjectItem(json, "custom"); if (item == NULL || item->type != cJSON_Object) { log_error(logger, MODULE_INTERVAL, @@ -75,39 +83,57 @@ void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "item_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->item_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_INTERVAL, + "[%s:%d] table %s has no item_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "group_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->group_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_INTERVAL, + "[%s:%d] table %s has no group_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } - custom_item = cJSON_GetObjectItem(item, "district"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->district_column = custom_item->valueint; - read_cnt++; + /* interval_plus has district */ + if (strcmp(table_type, "intval_plus") == 0) { + custom_item = cJSON_GetObjectItem(item, "district"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + schema->district_column = custom_item->valueint; + } else { + log_error(logger, MODULE_INTERVAL, + "[%s:%d] interval_plus table %s has no district column", + __FUNCTION__, __LINE__, table_name); + goto error; + } } custom_item = cJSON_GetObjectItem(item, "low_bound"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->low_bound_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_INTERVAL, + "[%s:%d] table %s has no low_bound column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "up_bound"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->up_bound_column = custom_item->valueint; - read_cnt++; - } - - schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 5) { + } else { + log_error(logger, MODULE_INTERVAL, + "[%s:%d] table %s has no up_bound column", + __FUNCTION__, __LINE__, table_name); goto error; } + schema->ref_tbl_mgr = tbl_mgr; return schema; error: FREE(schema); @@ -405,12 +431,14 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name) struct interval_matcher *new_interval_matcher = NULL; struct interval_matcher *old_interval_matcher = NULL; - new_interval_matcher = interval_matcher_new(rules, rule_cnt); - if (NULL == new_interval_matcher) { - log_error(interval_rt->logger, MODULE_INTERVAL, - "[%s:%d] table[%s]rebuild interval_matcher engine failed when update %zu interval rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + if (rule_cnt > 0) { + new_interval_matcher = interval_matcher_new(rules, rule_cnt); + if (NULL == new_interval_matcher) { + log_error(interval_rt->logger, MODULE_INTERVAL, + "[%s:%d] table[%s]rebuild interval_matcher engine failed when update %zu interval rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_interval_matcher = interval_rt->matcher; diff --git a/src/maat_ip.c b/src/maat_ip.c index b175285..2999831 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -15,6 +15,7 @@ #include "maat_utils.h" #include "maat_ex_data.h" #include "ip_matcher.h" +#include "interval_matcher.h" #include "maat_ip.h" #include "maat_rule.h" #include "maat_compile.h" @@ -27,21 +28,25 @@ struct ip_schema { int item_id_column; int group_id_column; int addr_type_column; - int saddr_format_column; - int sip1_column; - int sip2_column; + int addr_format_column; + int ip1_column; + int ip2_column; + int port_format_column; + int port1_column; + int port2_column; + int protocol_column; int table_id; //ugly struct table_manager *ref_tbl_mgr; }; struct ipv4_item_rule { - uint32_t min_sip; /* 源地址下界;0表示忽略本字段 */ - uint32_t max_sip; /* 源地址上界;0表示固定IP=min_saddr */ + uint32_t min_ip; /* 源地址下界;0表示忽略本字段 */ + uint32_t max_ip; /* 源地址上界;0表示固定IP=min_addr */ }; struct ipv6_item_rule { - uint32_t min_sip[4]; /* 源地址下界;全0表示忽略本字段 */ - uint32_t max_sip[4]; /* 源地址上界;全0表示固定IP=min_saddr */ + uint32_t min_ip[4]; /* 源地址下界;全0表示忽略本字段 */ + uint32_t max_ip[4]; /* 源地址上界;全0表示固定IP=min_addr */ }; struct ip_item { @@ -52,11 +57,17 @@ struct ip_item { struct ipv4_item_rule ipv4; struct ipv6_item_rule ipv6; }; + enum ip_format ip_format; + enum port_format port_format; + uint16_t min_port; + uint16_t max_port; + int proto; }; struct ip_runtime { - struct ip_matcher* ip_matcher; - struct rcu_hash_table* htable; //store ip rule for rebuild ip_matcher instance + struct ip_matcher *ip_matcher; + struct interval_matcher *intval_matcher; + struct rcu_hash_table *htable; //store ip rule for rebuild ip_matcher instance struct rcu_hash_table *item_htable; //store this ip table's all maat_item which will be used in ip_runtime_scan uint32_t rule_num; struct maat_garbage_bin *ref_garbage_bin; @@ -69,14 +80,12 @@ struct ip_runtime { void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { - size_t read_cnt = 0; struct ip_schema *ip_schema = ALLOC(struct ip_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { ip_schema->table_id = item->valueint; - read_cnt++; } item = cJSON_GetObjectItem(json, "custom"); @@ -90,45 +99,104 @@ void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr, custom_item = cJSON_GetObjectItem(item, "item_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_schema->item_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no item_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "group_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_schema->group_id_column = custom_item->valueint; - read_cnt++; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no group_id column", + __FUNCTION__, __LINE__, table_name); + goto error; } custom_item = cJSON_GetObjectItem(item, "addr_type"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_schema->addr_type_column = custom_item->valueint; - read_cnt++; - } - - custom_item = cJSON_GetObjectItem(item, "saddr_format"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->saddr_format_column = custom_item->valueint; - read_cnt++; - } - - custom_item = cJSON_GetObjectItem(item, "sip1"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->sip1_column = custom_item->valueint; - read_cnt++; - } - - custom_item = cJSON_GetObjectItem(item, "sip2"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->sip2_column = custom_item->valueint; - read_cnt++; - } - - ip_schema->ref_tbl_mgr = tbl_mgr; - - if (read_cnt < 7) { + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no add_type column", + __FUNCTION__, __LINE__, table_name); goto error; } + custom_item = cJSON_GetObjectItem(item, "addr_format"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->addr_format_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no addr_format column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "ip1"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->ip1_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no ip1 column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "ip2"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->ip2_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no ip2 column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "port_format"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->port_format_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no port_format column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "port1"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->port1_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no port1 column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "port2"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->port2_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no port2 column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "protocol"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + ip_schema->protocol_column = custom_item->valueint; + } else { + log_error(logger, MODULE_IP, + "[%s:%d] table %s has no protocol column", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + ip_schema->ref_tbl_mgr = tbl_mgr; return ip_schema; error: FREE(ip_schema); @@ -145,9 +213,10 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema, { size_t column_offset = 0; size_t column_len = 0; - char saddr_format[16] = {0}; - char sip1_str[40] = {0}; - char sip2_str[40] = {0}; + char addr_format[16] = {0}; + char port_format[16] = {0}; + char ip1_str[40] = {0}; + char ip2_str[40] = {0}; struct ip_item *ip_item = ALLOC(struct ip_item, 1); int ret = get_column_pos(line, ip_schema->item_id_column, &column_offset, &column_len); @@ -184,42 +253,42 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema, goto error; } - ret = get_column_pos(line, ip_schema->saddr_format_column, &column_offset, &column_len); + ret = get_column_pos(line, ip_schema->addr_format_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP, - "[%s:%d] ip table(table_id:%d) line:%s has no saddr_format", + "[%s:%d] ip table(table_id:%d) line:%s has no addr_format", __FUNCTION__, __LINE__, ip_schema->table_id, line); goto error; } - memcpy(saddr_format, (line + column_offset), column_len); - if (IP_FORMAT_UNKNOWN == ip_format_str2int(saddr_format)) { + memcpy(addr_format, (line + column_offset), column_len); + if (IP_FORMAT_UNKNOWN == ip_format_str2int(addr_format)) { log_error(logger, MODULE_IP, - "[%s:%d] ip table(table_id:%d) line:%s has invalid saddr_format, should be range/mask/CIDR", + "[%s:%d] ip table(table_id:%d) line:%s has invalid saddr_format, should be single/range/CIDR", __FUNCTION__, __LINE__, ip_schema->table_id, line); goto error; } - ret = get_column_pos(line, ip_schema->sip1_column, &column_offset, &column_len); + ret = get_column_pos(line, ip_schema->ip1_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP, - "[%s:%d] ip table(table_id:%d) line:%s has no sip1", + "[%s:%d] ip table(table_id:%d) line:%s has no ip1", __FUNCTION__, __LINE__, ip_schema->table_id, line); goto error; } - memcpy(sip1_str, (line + column_offset), column_len); + memcpy(ip1_str, (line + column_offset), column_len); - ret = get_column_pos(line, ip_schema->sip2_column, &column_offset, &column_len); + ret = get_column_pos(line, ip_schema->ip2_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP, - "[%s:%d] ip table(table_id:%d) line:%s has no sip2", + "[%s:%d] ip table(table_id:%d) line:%s has no ip2", __FUNCTION__, __LINE__, ip_schema->table_id, line); goto error; } - memcpy(sip2_str, (line + column_offset), column_len); + memcpy(ip2_str, (line + column_offset), column_len); if (IPv4 == ip_item->addr_type) { - ret = ip_format2range(ip_item->addr_type, ip_format_str2int(saddr_format), sip1_str, sip2_str, - &ip_item->ipv4.min_sip, &ip_item->ipv4.max_sip); + ret = ip_format2range(ip_item->addr_type, ip_format_str2int(addr_format), ip1_str, ip2_str, + &ip_item->ipv4.min_ip, &ip_item->ipv4.max_ip); if (ret < 0) { log_error(logger, MODULE_IP, "[%s:%d] ip table(table_id:%d) line:%s ip_format2range(ip4) failed", @@ -228,8 +297,8 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema, } } else { //ipv6 - ret = ip_format2range(ip_item->addr_type, ip_format_str2int(saddr_format), sip1_str, sip2_str, - ip_item->ipv6.min_sip, ip_item->ipv6.max_sip); + ret = ip_format2range(ip_item->addr_type, ip_format_str2int(addr_format), ip1_str, ip2_str, + ip_item->ipv6.min_ip, ip_item->ipv6.max_ip); if (ret < 0) { log_error(logger, MODULE_IP, "[%s:%d] ip table(table_id:%d) line:%s ip_format2range(ip6) failed", @@ -238,6 +307,50 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema, } } + ret = get_column_pos(line, ip_schema->port_format_column, &column_offset, &column_len); + if (ret < 0) { + log_error(logger, MODULE_IP, + "[%s:%d] ip table(table_id:%d) line:%s has no port_format", + __FUNCTION__, __LINE__, ip_schema->table_id, line); + goto error; + } + + memcpy(port_format, (line + column_offset), column_len); + if (PORT_FORMAT_UNKNOWN == port_format_str2int(port_format)) { + log_error(logger, MODULE_IP, + "[%s:%d] ip table(table_id:%d) line:%s has invalid port_format, should be single/range", + __FUNCTION__, __LINE__, ip_schema->table_id, line); + goto error; + } + ip_item->port_format = port_format_str2int(port_format); + + ret = get_column_pos(line, ip_schema->port1_column, &column_offset, &column_len); + if (ret < 0) { + log_error(logger, MODULE_IP, + "[%s:%d] ip table(table_id:%d) line:%s has no port1", + __FUNCTION__, __LINE__, ip_schema->table_id, line); + goto error; + } + ip_item->min_port = atoi(line + column_offset); + + ret = get_column_pos(line, ip_schema->port2_column, &column_offset, &column_len); + if (ret < 0) { + log_error(logger, MODULE_IP, + "[%s:%d] ip table(table_id:%d) line:%s has no port2", + __FUNCTION__, __LINE__, ip_schema->table_id, line); + goto error; + } + ip_item->max_port = atoi(line + column_offset); + + ret = get_column_pos(line, ip_schema->protocol_column, &column_offset, &column_len); + if (ret < 0) { + log_error(logger, MODULE_IP, + "[%s:%d] ip table(table_id:%d) line:%s has no protocol", + __FUNCTION__, __LINE__, ip_schema->table_id, line); + goto error; + } + ip_item->proto = atoi(line + column_offset); + return ip_item; error: FREE(ip_item); @@ -317,18 +430,25 @@ void ip_item_to_ip_rule(struct ip_item *item, struct ip_rule *rule) { if (IPv4 == item->addr_type) { rule->type = IPv4; - rule->ipv4_rule.start_ip = item->ipv4.min_sip; - rule->ipv4_rule.end_ip = item->ipv4.max_sip; + rule->ipv4_rule.start_ip = item->ipv4.min_ip; + rule->ipv4_rule.end_ip = item->ipv4.max_ip; } else { rule->type = IPv6; - memcpy(rule->ipv6_rule.start_ip, item->ipv6.min_sip, - sizeof(item->ipv6.min_sip)); - memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_sip, - sizeof(item->ipv6.max_sip)); + memcpy(rule->ipv6_rule.start_ip, item->ipv6.min_ip, + sizeof(item->ipv6.min_ip)); + memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_ip, + sizeof(item->ipv6.max_ip)); } rule->rule_id = item->item_id; } +void ip_item_to_port_rule(struct ip_item *item, struct interval_rule *rule) +{ + rule->start = item->min_port; + rule->end = item->max_port; + rule->result.rule_id = item->item_id; +} + int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len, struct ip_item *item, int is_valid) { @@ -370,7 +490,6 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema, } int is_valid = get_column_value(line, valid_column); - //printf(" item_id:%lld is_valid:%d\n", item_id, is_valid); if (is_valid < 0) { return -1; } else if (0 == is_valid) { @@ -425,14 +544,16 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name) rcu_hash_commit(ip_rt->htable); struct ip_rule *rules = NULL; + struct interval_rule *intval_rules = NULL; void **ex_data_array = NULL; size_t rule_cnt = rcu_hash_list(ip_rt->htable, &ex_data_array); if (rule_cnt > 0) { rules = ALLOC(struct ip_rule, rule_cnt); + intval_rules = ALLOC(struct interval_rule, rule_cnt); for (size_t i = 0; i < rule_cnt; i++) { struct ip_item *item = (struct ip_item *)ex_data_array[i]; - //printf(" item_id:%lld\n", item->item_id); ip_item_to_ip_rule(item, &rules[i]); + ip_item_to_port_rule(item, &intval_rules[i]); } } @@ -445,20 +566,40 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name) struct ip_matcher *new_ip_matcher = NULL; struct ip_matcher *old_ip_matcher = NULL; - new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_rt->logger); - if (NULL == new_ip_matcher) { - log_error(ip_rt->logger, MODULE_IP, - "[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + struct interval_matcher *new_intval_matcher = NULL; + struct interval_matcher *old_intval_matcher = NULL; + if (rule_cnt > 0) { + new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_rt->logger); + if (NULL == new_ip_matcher) { + log_error(ip_rt->logger, MODULE_IP, + "[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } + + new_intval_matcher = interval_matcher_new(intval_rules, rule_cnt); + if (NULL == new_intval_matcher) { + log_error(ip_rt->logger, MODULE_IP, + "[%s:%d] table[%s] rebuild interval_matcher engine failed when update %zu ip rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_ip_matcher = ip_rt->ip_matcher; ip_rt->ip_matcher = new_ip_matcher; if (old_ip_matcher != NULL) { maat_garbage_bagging(ip_rt->ref_garbage_bin, old_ip_matcher, - (void (*)(void*))ip_matcher_free); + (void (*)(void *))ip_matcher_free); } + + old_intval_matcher = ip_rt->intval_matcher; + ip_rt->intval_matcher = new_intval_matcher; + if (old_intval_matcher != NULL) { + maat_garbage_bagging(ip_rt->ref_garbage_bin, old_intval_matcher, + (void (*)(void *))interval_matcher_free); + } + rcu_hash_commit(ip_rt->item_htable); ip_rt->rule_num = rule_cnt; @@ -473,50 +614,130 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name) return ret; } +int validate_port(struct rcu_hash_table *htable, const char *key, size_t key_len, + uint16_t port, int proto) +{ + struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(htable, key, key_len); + if (NULL == ip_item) { + return -1; + } + + uint16_t host_port = ntohs(port); + if (ip_item->min_port > host_port || ip_item->max_port < host_port) { + return -1; + } + + if (ip_item->proto != -1 && ip_item->proto != proto) { + return -1; + } + + return 0; +} + +int validate_proto(struct rcu_hash_table *htable, const char *key, size_t key_len, int proto) +{ + struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(htable, key, key_len); + if (NULL == ip_item) { + return -1; + } + + if (ip_item->proto != -1 && ip_item->proto != proto) { + return -1; + } + + return 0; +} + int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, - uint8_t *ip_addr, int vtable_id, struct maat_state *state) + uint8_t *ip_addr, uint16_t port, int proto, int vtable_id, + struct maat_state *state) { if (0 == ip_rt->rule_num) { //empty ip table return 0; } - int n_hit_item = 0; - struct scan_result scan_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; + + struct scan_result ip_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; + + /* if ip_addr = "0.0.0.0" means any ip */ + int any_ip_flag = 0; struct ip_data scan_data; if (ip_type == IPv4) { scan_data.type = IPv4; scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr); + if (0 == scan_data.ipv4) { + any_ip_flag = 1; + } } else { scan_data.type = IPv6; for (int i = 0; i < 4; i++) { scan_data.ipv6[i] = *((uint32_t *)ip_addr + i); } ipv6_ntoh(scan_data.ipv6); + if (0 == scan_data.ipv6[0] && 0 == scan_data.ipv6[1] && + 0 == scan_data.ipv6[2] && 0 == scan_data.ipv6[3]) { + any_ip_flag = 1; + } } - n_hit_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data, scan_results, MAX_SCANNER_HIT_ITEM_NUM); - if (n_hit_item <= 0) { - return n_hit_item; - } - - if (n_hit_item > MAX_SCANNER_HIT_ITEM_NUM) { - log_info(ip_rt->logger, MODULE_IP, - "hit ip item count:%d exceed maxium:%d", - n_hit_item, MAX_SCANNER_HIT_ITEM_NUM); - n_hit_item = MAX_SCANNER_HIT_ITEM_NUM; - } - + int ret = 0; + size_t real_hit_index = 0; long long hit_item_ids[MAX_SCANNER_HIT_ITEM_NUM]; memset(hit_item_ids, 0, sizeof(hit_item_ids)); - - for (int i = 0; i < n_hit_item; i++) { - hit_item_ids[i] = scan_results[i].rule_id; + + // any ip, so scan port+proto + if (1 == any_ip_flag) { + struct interval_result port_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; + uint16_t host_port = ntohs(port); + int n_hit_port_item = interval_matcher_match(ip_rt->intval_matcher, host_port, + port_results, MAX_SCANNER_HIT_ITEM_NUM); + if (n_hit_port_item <= 0) { + return n_hit_port_item; + } + + if (n_hit_port_item > MAX_SCANNER_HIT_ITEM_NUM) { + log_info(ip_rt->logger, MODULE_IP, + "hit port item count:%d exceed maxium:%d", + n_hit_port_item, MAX_SCANNER_HIT_ITEM_NUM); + n_hit_port_item = MAX_SCANNER_HIT_ITEM_NUM; + } + + for (size_t i = 0; i < n_hit_port_item; i++) { + long long item_id = port_results[i].rule_id; + ret = validate_proto(ip_rt->htable, (char *)&item_id, sizeof(item_id), proto); + if (ret < 0) { + continue; + } + hit_item_ids[real_hit_index++] = port_results[i].rule_id; + } + } else { + int n_hit_ip_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data, + ip_results, MAX_SCANNER_HIT_ITEM_NUM); + if (n_hit_ip_item <= 0) { + return n_hit_ip_item; + } + + if (n_hit_ip_item > MAX_SCANNER_HIT_ITEM_NUM) { + log_info(ip_rt->logger, MODULE_IP, + "hit ip item count:%d exceed maxium:%d", + n_hit_ip_item, MAX_SCANNER_HIT_ITEM_NUM); + n_hit_ip_item = MAX_SCANNER_HIT_ITEM_NUM; + } + + for (size_t i = 0; i < n_hit_ip_item; i++) { + long long item_id = ip_results[i].rule_id; + ret = validate_port(ip_rt->htable, (char *)&item_id, sizeof(item_id), port, proto); + if (ret < 0) { + continue; + } + hit_item_ids[real_hit_index++] = ip_results[i].rule_id; + } } size_t group_hit_cnt = 0; - int ret = maat_compile_state_update(ip_rt->item_htable, vtable_id, hit_item_ids, n_hit_item, - &group_hit_cnt, state); + ret = maat_compile_state_update(ip_rt->item_htable, vtable_id, hit_item_ids, + real_hit_index, &group_hit_cnt, state); if (ret < 0) { return -1; } diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index ec0e30b..4499428 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -471,12 +471,14 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name) struct ip_matcher *new_ip_matcher = NULL; struct ip_matcher *old_ip_matcher = NULL; - new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_plugin_rt->logger); - if (NULL == new_ip_matcher) { - log_error(ip_plugin_rt->logger, MODULE_IP_PLUGIN, - "[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip_plugin rules", - __FUNCTION__, __LINE__, table_name, rule_cnt); - ret = -1; + if (rule_cnt > 0) { + new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_plugin_rt->logger); + if (NULL == new_ip_matcher) { + log_error(ip_plugin_rt->logger, MODULE_IP_PLUGIN, + "[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip_plugin rules", + __FUNCTION__, __LINE__, table_name, rule_cnt); + ret = -1; + } } old_ip_matcher = ip_plugin_rt->ip_matcher; diff --git a/src/maat_port.c b/src/maat_port.c deleted file mode 100644 index f590c59..0000000 --- a/src/maat_port.c +++ /dev/null @@ -1,68 +0,0 @@ -/* -********************************************************************************************** -* File: maat_port.c -* Description: -* Authors: Liu WenTan -* Date: 2022-10-31 -* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved. -*********************************************************************************************** -*/ - -#include "maat_port.h" - -void *port_schema_new(cJSON *json, struct table_manager *tbl_mgr, - const char *table_name, struct log_handle *logger) -{ - return NULL; -} - -void port_schema_free(void *port_schema) -{ - -} - -/* ip runtime API */ -void *port_runtime_new(void *port_schema, int max_thread_num, - struct maat_garbage_bin *garbage_bin, - struct log_handle *logger) -{ - return NULL; -} - -void port_runtime_free(void *port_runtime) -{ - -} - -int port_runtime_update(void *port_runtime, void *port_schema, - const char *line, int valid_column) -{ - return 0; -} - -int port_runtime_commit(void *port_runtime, const char *table_name) -{ - return 0; -} - -struct ex_data_runtime *port_runtime_get_ex_data_rt(struct port_runtime *port_rt) -{ - return NULL; -} - -int port_runtime_scan(struct port_runtime *port_rt, int thread_id, int port, - int proto, int *group_ids, size_t group_id_size, - int vtable_id, struct maat_state *state) -{ - return 0; -} - -void port_runtime_scan_hit_inc(struct port_runtime *port_rt, int thread_id) -{ - -} - -long long port_runtime_scan_hit_sum(struct port_runtime *port_rt, int n_thread) -{ - return 0; -} diff --git a/src/maat_redis_monitor.c b/src/maat_redis_monitor.c index 2947e4f..1ccf3e3 100644 --- a/src/maat_redis_monitor.c +++ b/src/maat_redis_monitor.c @@ -829,14 +829,18 @@ void maat_cmd_get_foreign_conts(redisContext *c, struct serial_rule *rule_list, } } -int invalidate_line(char *line, enum table_type table_type, int valid_column_seq) +int invalidate_line(char *line, int column_seq) { - int i = maat_cmd_get_valid_flag_offset(line, table_type, valid_column_seq); - if (i < 0) { + if (NULL == line || column_seq < 0) { + return -1; + } + + int offset = maat_cmd_get_valid_flag_offset(line, column_seq); + if (offset < 0) { return -1; } - line[i] = '0'; + line[offset] = '0'; return 0; } @@ -1354,7 +1358,6 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx, int no_table_num = 0; int call_update_num = 0; int valid_column = -1; - enum table_type table_type; struct maat *maat_instance = (struct maat *)u_param; //authorized to write @@ -1464,12 +1467,8 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx, } if (rule_list[i].op == MAAT_OP_DEL) { - //TODO: by luis - //scan_type = table_schema_get_scan_type(table_schema); - table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id); - //table_schema = table_schema_get_by_scan_type(maat_instance->table_schema_mgr, table_id, scan_type, NULL); valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id); - ret = invalidate_line(rule_list[i].table_line, table_type, valid_column); + ret = invalidate_line(rule_list[i].table_line, valid_column); if (ret < 0) { log_error(maat_instance->logger, MODULE_REDIS_MONITOR, "[%s:%d] Invalidate line failed, invaid format %s", diff --git a/src/maat_table.c b/src/maat_table.c index 2862f15..82768ad 100644 --- a/src/maat_table.c +++ b/src/maat_table.c @@ -122,15 +122,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .update_runtime = ip_runtime_update, .commit_runtime = ip_runtime_commit }, - { - .type = TABLE_TYPE_PORT, - .new_schema = NULL, - .free_schema = NULL, - .new_runtime = NULL, - .free_runtime = NULL, - .update_runtime = NULL, - .commit_runtime = NULL - }, { .type = TABLE_TYPE_INTERVAL, .new_schema = interval_schema_new, @@ -269,7 +260,6 @@ static void register_reserved_word(struct maat_kv_store *reserved_word_map) maat_kv_register(reserved_word_map, "intval", TABLE_TYPE_INTERVAL); maat_kv_register(reserved_word_map, "intval_plus", TABLE_TYPE_INTERVAL_PLUS); maat_kv_register(reserved_word_map, "ip_plus", TABLE_TYPE_IP_PLUS); - maat_kv_register(reserved_word_map, "port", TABLE_TYPE_PORT); maat_kv_register(reserved_word_map, "plugin", TABLE_TYPE_PLUGIN); maat_kv_register(reserved_word_map, "ip_plugin", TABLE_TYPE_IP_PLUGIN); maat_kv_register(reserved_word_map, "bool_plugin", TABLE_TYPE_BOOL_PLUGIN); diff --git a/src/maat_utils.c b/src/maat_utils.c index 76a827e..9498997 100644 --- a/src/maat_utils.c +++ b/src/maat_utils.c @@ -415,21 +415,35 @@ size_t memcat(void **dest, size_t offset, size_t *n_dest, const void *src, size_ return n_src; } -enum maat_ip_format ip_format_str2int(const char *format) +enum ip_format ip_format_str2int(const char *format) { - if (0 == strcasecmp(format, "range")) { + if (0 == strcasecmp(format, "single")) { + return IP_FORMAT_SINGLE; + }else if (0 == strcasecmp(format, "range")) { return IP_FORMAT_RANGE; - } else if(0 == strcasecmp(format, "mask")) { - return IP_FORMAT_MASK; - } else if(0 == strcasecmp(format, "CIDR")) { + } else if (0 == strcasecmp(format, "CIDR")) { return IP_FORMAT_CIDR; - } else { + } else if (0 == strcasecmp(format, "mask")) { + return IP_FORMAT_MASK; + } else { assert(0); } return IP_FORMAT_UNKNOWN; } -int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2, +enum port_format port_format_str2int(const char *format) +{ + if (0 == strcasecmp(format, "single")) { + return PORT_FORMAT_SINGLE; + } else if (0 == strcasecmp(format, "range")) { + return PORT_FORMAT_RANGE; + } else { + assert(0); + } + return PORT_FORMAT_UNKNOWN; +} + +int ip_format2range(int ip_type, enum ip_format format, const char *ip1, const char *ip2, uint32_t range_begin[], uint32_t range_end[]) { int cidr = 0; @@ -451,6 +465,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co uint32_t ipv4_range_end = 0; uint32_t ipv4_mask = 0; switch (format) { + case IP_FORMAT_SINGLE: case IP_FORMAT_RANGE: range_begin[0] = ipv4_addr; ret = inet_pton(AF_INET, ip2, &ipv4_range_end); @@ -460,8 +475,8 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co ipv4_range_end = ntohl(ipv4_range_end); range_end[0] = ipv4_range_end; break; - case IP_FORMAT_MASK: - ret = inet_pton(AF_INET, ip2, &ipv4_mask); + case IP_FORMAT_MASK: + ret = inet_pton(AF_INET, ip2, &ipv4_mask); if (ret <= 0) { return -1; } @@ -495,6 +510,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co ipv6_ntoh(ipv6_addr); switch (format) { + case IP_FORMAT_SINGLE: case IP_FORMAT_RANGE: ret = inet_pton(AF_INET6, ip2, ipv6_range_end); if (ret <= 0) { @@ -505,7 +521,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr)); memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end)); break; - case IP_FORMAT_MASK: + case IP_FORMAT_MASK: ret = inet_pton(AF_INET6, ip2, ipv6_mask); if (ret <= 0) { return -1; diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 9132b9f..0eaca79 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -232,8 +232,8 @@ int expr_table_set_line(struct maat *maat_instance, const char *table_name, enum } int ip_table_set_line(struct maat *maat_instance, const char *table_name, enum maat_operation op, - long long item_id, long long group_id, enum IP_TYPE type, const char *saddr_format, - const char *src_ip, const char *src_ip_mask, int expire_after) + long long item_id, long long group_id, enum IP_TYPE type, const char *ip1, + const char *ip2, uint16_t port_min, uint16_t port_max, int expire_after) { char table_line[1024] = {0}; int table_id = maat_get_table_id(maat_instance, table_name); @@ -249,10 +249,10 @@ int ip_table_set_line(struct maat *maat_instance, const char *table_name, enum m ip_type = 6; } - sprintf(table_line, "%lld\t%lld\t%d\t%s\t%s\t%s\t%s\t0\t65535\t%s\t%s\t%s\t%s\t0\t65535\t6\t0\t%d", - item_id, group_id, ip_type, saddr_format, src_ip, src_ip_mask, "range", "range", "0.0.0.0", - "255.255.255.255", "range", op); + sprintf(table_line, "%lld\t%lld\t%d\t%s\t%s\t%s\t%s\t%u\t%u\t6\t%d", item_id, group_id, ip_type, + "range", ip1, ip2, "range", port_min, port_max, op); struct maat_cmd_line line_rule; + line_rule.rule_id = item_id; line_rule.table_line = table_line; line_rule.table_name = table_name; @@ -1083,7 +1083,29 @@ TEST_F(MaatStringScan, OffsetChunk1460) { maat_state_free(state); state = NULL; } +#if 0 +TEST_F(MaatStringScan, GBKEncodedURL) { + const char *table_name = "HTTP_URL"; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + int thread_id = 0; + struct maat *maat_instance = MaatStringScan::_shared_maat_instance; + struct maat_state *state = maat_state_new(maat_instance, thread_id); + const char *url_gb2312 = "www.baidu.com/?wd=C%23%D6%D0%B9%FA"; + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + int ret = maat_scan_string(maat_instance, table_id, thread_id, url_gb2312, + strlen(url_gb2312), results, ARRAY_SIZE, &n_hit_result, + state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], 129); + maat_state_free(state); + state = NULL; +} +#endif TEST_F(MaatStringScan, StreamInput) { long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; @@ -1225,7 +1247,7 @@ protected: struct maat *MaatIPScan::_shared_maat_instance; struct log_handle *MaatIPScan::logger; -TEST_F(MaatIPScan, IPv4) { +TEST_F(MaatIPScan, IPv4_IPPort) { const char *table_name = "IP_PLUS_CONFIG"; struct maat *maat_instance = MaatIPScan::_shared_maat_instance; int thread_id = 0; @@ -1237,12 +1259,14 @@ TEST_F(MaatIPScan, IPv4) { uint32_t sip; int ret = inet_pton(AF_INET, ip_str, &sip); EXPECT_EQ(ret, 1); + uint16_t port = htons(65529); + int proto = 6; long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; struct maat_state *state = maat_state_new(maat_instance, thread_id); - ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, + results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(results[0], 154); @@ -1250,7 +1274,41 @@ TEST_F(MaatIPScan, IPv4) { state = NULL; } -TEST_F(MaatIPScan, IPv6) { +TEST_F(MaatIPScan, IPv4_Port) { + const char *table_name = "IP_PLUS_CONFIG"; + struct maat *maat_instance = MaatIPScan::_shared_maat_instance; + int thread_id = 0; + + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + char ip_str[32] = "0.0.0.0"; + uint32_t sip; + int ret = inet_pton(AF_INET, ip_str, &sip); + EXPECT_EQ(ret, 1); + uint16_t port = htons(65528); + int proto = 6; + + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + struct maat_state *state = maat_state_new(maat_instance, thread_id); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_OK); + maat_state_reset(state); + + port = htons(65529); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], 154); + + maat_state_free(state); + state = NULL; +} + +TEST_F(MaatIPScan, IPv6_IPPort) { const char *table_name = "IP_PLUS_CONFIG"; struct maat *maat_instance = MaatIPScan::_shared_maat_instance; int thread_id = 0; @@ -1260,12 +1318,14 @@ TEST_F(MaatIPScan, IPv6) { uint8_t sip[16]; int ret = inet_pton(AF_INET6, ip_str, &sip); EXPECT_EQ(ret, 1); + uint16_t port = htons(65510); + int proto = 6; long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; struct maat_state *state = maat_state_new(maat_instance, thread_id); - ret = maat_scan_ipv6(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv6(maat_instance, table_id, thread_id, sip, port, proto, + results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(results[0], 155); @@ -1284,12 +1344,14 @@ TEST_F(MaatIPScan, dynamic_config) { uint32_t sip; int ret = inet_pton(AF_INET, ip_str, &sip); EXPECT_EQ(ret, 1); + uint16_t port = htons(100); + int proto = 6; long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; struct maat_state *state = maat_state_new(maat_instance, thread_id); - ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, + results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); maat_state_reset(state); @@ -1299,25 +1361,26 @@ TEST_F(MaatIPScan, dynamic_config) { /* compile table add line */ long long compile_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1); - ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_ADD, compile_id, NULL, 1, 0); + ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_ADD, + compile_id, NULL, 1, 0); EXPECT_EQ(ret, 1); /* group2compile table add line */ long long group_id = maat_cmd_incrby(maat_instance, "SEQUENCE_GROUP", 1); - ret = group2compile_table_set_line(maat_instance, g2c_table_name, MAAT_OP_ADD, group_id, - compile_id, 0, "null", 1, 0); + ret = group2compile_table_set_line(maat_instance, g2c_table_name, MAAT_OP_ADD, + group_id, compile_id, 0, "null", 1, 0); EXPECT_EQ(ret, 1); /* ip table add line */ long long item_id = maat_cmd_incrby(maat_instance, "SEQUENCE_REGION", 1); ret = ip_table_set_line(maat_instance, table_name, MAAT_OP_ADD, item_id, group_id, - IPv4, "range", "100.100.100.100", "100.100.100.100", 0); + IPv4, "100.100.100.100", "100.100.100.100", 100, 100, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); - ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, results, + ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(results[0], compile_id); @@ -1325,7 +1388,7 @@ TEST_F(MaatIPScan, dynamic_config) { /* ip table del line */ ret = ip_table_set_line(maat_instance, table_name, MAAT_OP_DEL, item_id, group_id, - IPv4, "range", "100.100.100.100", "100.100.100.100", 0); + IPv4, "100.100.100.100", "100.100.100.100", 100, 100, 0); EXPECT_EQ(ret, 1); /* group2compile table del line */ @@ -1334,13 +1397,14 @@ TEST_F(MaatIPScan, dynamic_config) { EXPECT_EQ(ret, 1); /* compile table del line */ - ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_DEL, compile_id, NULL, 1, 0); + ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_DEL, + compile_id, NULL, 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); - ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, results, + ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_free(state); @@ -1592,12 +1656,14 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) { uint32_t sip; inet_pton(AF_INET, "10.0.8.186", &sip); + uint16_t port = htons(18611); + int proto = 6; int hit_table_id = maat_get_table_id(maat_instance, hit_table_name); ASSERT_GT(hit_table_id, 0); ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip, - results, ARRAY_SIZE, &n_hit_result, state); + port, proto, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); int empty_table_id = maat_get_table_id(maat_instance, empty_table_name); @@ -1635,11 +1701,13 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) { uint32_t sip; inet_pton(AF_INET, "10.0.8.187", &sip); + uint16_t port = htons(18611); + int proto = 6; int hit_table_id = maat_get_table_id(maat_instance, hit_table_name); ASSERT_GT(hit_table_id, 0); - ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip, + ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip, port, proto, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -1674,13 +1742,15 @@ TEST_F(NOTLogic, ScanNotIP) { uint32_t sip; inet_pton(AF_INET, "10.0.6.205", &sip); + uint16_t port = htons(50001); + int proto = 6; int not_hit_table_id = maat_get_table_id(maat_instance, not_hit_table_name); ASSERT_GT(not_hit_table_id, 0); maat_state_set_last_scan(state); - ret = maat_scan_ipv4(maat_instance, not_hit_table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv4(maat_instance, not_hit_table_id, thread_id, sip, port, proto, + results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); maat_state_free(state); state = NULL; @@ -1927,7 +1997,7 @@ struct ip_plugin_ud { char *buffer; int ref_cnt; }; -void ip_plugin_EX_new_cb(int table_id, const char *key, const char *table_line, +void ip_plugin_ex_new_cb(int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp) { int *counter = (int *)argp; @@ -1949,7 +2019,7 @@ void ip_plugin_EX_new_cb(int table_id, const char *key, const char *table_line, (*counter)++; } -void ip_plugin_EX_free_cb(int table_id, void **ad, long argl, void *argp) +void ip_plugin_ex_free_cb(int table_id, void **ad, long argl, void *argp) { struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*ad); if ((__sync_sub_and_fetch(&ud->ref_cnt, 1) == 0)) { @@ -1959,7 +2029,7 @@ void ip_plugin_EX_free_cb(int table_id, void **ad, long argl, void *argp) } } -void ip_plugin_EX_dup_cb(int table_id, void **to, void **from, long argl, void *argp) +void ip_plugin_ex_dup_cb(int table_id, void **to, void **from, long argl, void *argp) { struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*from); __sync_add_and_fetch(&(ud->ref_cnt), 1); @@ -1975,9 +2045,9 @@ TEST_F(IPPluginTable, EX_DATA) { ASSERT_GT(table_id, 0); int ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, - ip_plugin_EX_new_cb, - ip_plugin_EX_free_cb, - ip_plugin_EX_dup_cb, + ip_plugin_ex_new_cb, + ip_plugin_ex_free_cb, + ip_plugin_ex_dup_cb, 0, &ip_plugin_ex_data_counter); EXPECT_EQ(ret, 0); EXPECT_EQ(ip_plugin_ex_data_counter, 5); @@ -1996,7 +2066,7 @@ TEST_F(IPPluginTable, EX_DATA) { int i = 0; for (i = 0; i < ret; i++) { - ip_plugin_EX_free_cb(0, (void**)&(results[i]), 0, NULL); + ip_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL); } struct ip_addr ipv6; @@ -2011,7 +2081,7 @@ TEST_F(IPPluginTable, EX_DATA) { EXPECT_EQ(results[1]->rule_id, 103); for (i = 0; i < ret; i++) { - ip_plugin_EX_free_cb(0, (void**)&(results[i]), 0, NULL); + ip_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL); } //Reproduce BugReport-Liumengyan-20210515 @@ -2870,6 +2940,11 @@ int test_add_expr_command(struct maat *maat_instance, const char *expr_table, return ret; } +int del_command(struct maat *maat_instance, int compile_id) +{ + return compile_table_set_line(maat_instance, "COMPILE", MAAT_OP_DEL, compile_id, NULL, 1, 0); +} + #if 0 TEST_F(MaatCmdTest, HitPath) { const char *g2g_table_name = "GROUP2GROUP"; @@ -2935,25 +3010,29 @@ TEST_F(MaatCmdTest, SetIP) { EXPECT_EQ(ret, 1); /* item table add line */ - const char *src_ip = "172.0.0.1"; - const char *src_ip_mask = "255.255.255.255"; + const char *ip1 = "172.0.0.1"; + const char *ip2 = "172.0.0.1"; + uint16_t port_min = 53331; + uint16_t port_max = 53331; long long item_id = maat_cmd_incrby(maat_instance, "SEQUENCE_REGION", 1); ret = ip_table_set_line(maat_instance, ip_table_name, MAAT_OP_ADD, item_id, group_id, - IPv4, "mask", src_ip, src_ip_mask, 0); + IPv4, ip1, ip2, port_min, port_max, 0); EXPECT_EQ(ret, 1); version_before = maat_cmd_get_config_version(maat_instance); wait_for_cmd_effective(maat_instance, version_before); uint32_t sip; - ret = inet_pton(AF_INET, src_ip, &sip); + ret = inet_pton(AF_INET, ip1, &sip); EXPECT_EQ(ret, 1); + uint16_t port = htons(53331); + int proto = 6; int table_id = maat_get_table_id(maat_instance, ip_table_name); ASSERT_GE(table_id, 0); - ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, - &n_hit_result, state); + ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, results, + ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(results[0], compile_id); @@ -3088,6 +3167,153 @@ TEST_F(MaatCmdTest, SetExpr8) { state = NULL; } +TEST_F(MaatCmdTest, RuleIDRecycle) { + const char *table_name = "HTTP_URL"; + const char *scan_data = "Reuse rule ID is allowed."; + const char *keywords = "Reuse&rule"; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + int thread_id = 0; + struct maat *maat_instance = MaatCmdTest::_shared_maat_instance; + struct maat_state *state = maat_state_new(maat_instance, thread_id); + + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + long long rule_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1); + test_add_expr_command(maat_instance, table_name, rule_id, 0, keywords); + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + int ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, state); + maat_state_reset(state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], rule_id); + + del_command(maat_instance, rule_id); + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, state); + maat_state_reset(state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + test_add_expr_command(maat_instance, table_name, rule_id, 0, keywords); + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + memset(results, 0, sizeof(results)); + ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, state); + maat_state_free(state); + state = NULL; + + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], rule_id); +} + +TEST_F(MaatCmdTest, ReturnRuleIDWithDescendingOrder) { + const char *table_name = "HTTP_URL"; + const char *scan_data = "This string will hit mulptiple rules."; + const char *keywords = "string\\bwill\\bhit"; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + int thread_id = 0; + struct maat *maat_instance = MaatCmdTest::_shared_maat_instance; + struct maat_state *state = maat_state_new(maat_instance, thread_id); + + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + int i = 0; + int repeat_times = 4; + long long expect_rule_id[ARRAY_SIZE] = {0}; + long long rule_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", repeat_times); + + for (i = 0; i < repeat_times; i++) { + //add in ascending order + expect_rule_id[i] = rule_id + 1 - repeat_times + i; + test_add_expr_command(maat_instance, table_name, expect_rule_id[i], 0, keywords); + } + + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + memset(results, 0, sizeof(results)); + int ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, state); + maat_state_free(state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, repeat_times); + for (i = 0; i < repeat_times; i++) { + EXPECT_EQ(results[i], expect_rule_id[repeat_times -i - 1]); + } +} + +TEST_F(MaatCmdTest, SubGroup) { + +} + +TEST_F(MaatCmdTest, RefGroup) { + +} + +TEST_F(MaatCmdTest, VirtualTable) { + +} + +TEST_F(MaatCmdTest, SetLines) { + int i = 0; + const int TEST_CMD_LINE_NUM = 4; + const char *table_name = "QD_ENTRY_INFO"; + struct maat_cmd_line line_rule; + struct maat *maat_instance = MaatCmdTest::_shared_maat_instance; + long long expect_rule_id[TEST_CMD_LINE_NUM] = {0}; + const char *table_line_add[TEST_CMD_LINE_NUM] = { + "1\t192.168.0.1\t100\t1", + "1\t192.168.0.1\t101\t1", + "1\t192.168.0.1\t102\t1", + "1\t192.168.0.1\t103\t1", + }; + const char *table_line_del[TEST_CMD_LINE_NUM] = { + "1\t192.168.0.1\t100\t0", + "1\t192.168.0.1\t101\t0", + "1\t192.168.0.1\t102\t0", + "1\t192.168.0.1\t103\t0", + }; + int ret = 0; + + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + expect_rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); + line_rule.rule_id = expect_rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_add[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + line_rule.rule_id = expect_rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_del[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } +} + +TEST_F(MaatCmdTest, PauseUpdate) { + +} + +TEST_F(MaatCmdTest, SetFile) { + +} + struct user_info { char name[256]; char ip_addr[32]; @@ -3140,50 +3366,23 @@ TEST_F(MaatCmdTest, PluginEXData) { int table_id = maat_get_table_id(maat_instance, table_name); ASSERT_GT(table_id, 0); - long long item_id = -1; + int i = 0, ret = 0; struct maat_cmd_line line_rule; + long long rule_id[TEST_CMD_LINE_NUM] = {0}; /* 1st line */ - memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); - line_rule.table_name = table_name; - line_rule.table_line = table_line_add[0]; - line_rule.expire_after = 0; + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_add[i]; + line_rule.expire_after = 0; - int ret = maat_cmd_set_line(maat_instance, &line_rule); - EXPECT_GT(ret, 0); - - /* 2nd line */ - memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); - line_rule.table_name = table_name; - line_rule.table_line = table_line_add[1]; - line_rule.expire_after = 0; - item_id = line_rule.rule_id; - - ret = maat_cmd_set_line(maat_instance, &line_rule); - EXPECT_GT(ret, 0); - - /* 3rd line */ - memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); - line_rule.table_name = table_name; - line_rule.table_line = table_line_add[2]; - line_rule.expire_after = 0; - - ret = maat_cmd_set_line(maat_instance, &line_rule); - EXPECT_GT(ret, 0); - - /* 4th line */ - memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); - line_rule.table_name = table_name; - line_rule.table_line = table_line_add[3]; - line_rule.expire_after = 0; - - ret = maat_cmd_set_line(maat_instance, &line_rule); - EXPECT_GT(ret, 0); + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } - sleep(WAIT_FOR_EFFECTIVE_S); + sleep(WAIT_FOR_EFFECTIVE_S * 2); int ex_data_counter = 0; ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, plugin_ex_new_cb, @@ -3203,7 +3402,7 @@ TEST_F(MaatCmdTest, PluginEXData) { plugin_ex_free_cb(table_id, (void**)&uinfo, 0, NULL); memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = item_id; + line_rule.rule_id = rule_id[1]; line_rule.table_name = table_name; line_rule.table_line = table_line_del[1]; line_rule.expire_after = 0; @@ -3218,6 +3417,281 @@ TEST_F(MaatCmdTest, PluginEXData) { ASSERT_TRUE(uinfo == NULL); } +TEST_F(MaatCmdTest, UpdateIPPlugin) { + const char *table_name = "TEST_IP_PLUGIN_WITH_EXDATA"; + const int TEST_CMD_LINE_NUM = 4; + struct maat *maat_instance = MaatCmdTest::_shared_maat_instance; + const char *table_line_add[TEST_CMD_LINE_NUM] = { + "101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t1\trange", + "102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t1\trange", + "103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t1\trange", + "104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t1\trange"}; + const char *table_line_del[TEST_CMD_LINE_NUM] = { + "101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t0\trange", + "102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t0\trange", + "103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t0\trange", + "104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t0\trange"}; + + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + int i = 0, ret = 0; + struct maat_cmd_line line_rule; + long long rule_id[TEST_CMD_LINE_NUM] = {0}; + //add lines + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_add[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + + sleep(WAIT_FOR_EFFECTIVE_S); + + int ex_data_counter = 0; + ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, + ip_plugin_ex_new_cb, + ip_plugin_ex_free_cb, + ip_plugin_ex_dup_cb, + 0, &ex_data_counter); + ASSERT_TRUE(ret >= 0); + EXPECT_EQ(ex_data_counter, TEST_CMD_LINE_NUM); + + struct ip_addr ipv4, ipv6; + struct ip_plugin_ud *results[ARRAY_SIZE]; + ipv4.ip_type = 4; + inet_pton(AF_INET, "192.168.30.100", &(ipv4.ipv4)); + + memset(results, 0, sizeof(results)); + ret = maat_ip_plugin_table_get_ex_data(maat_instance, table_id, &ipv4, (void **)results, ARRAY_SIZE); + EXPECT_EQ(ret, 2); + EXPECT_EQ(results[0]->rule_id, 101); + EXPECT_EQ(results[1]->rule_id, 102); + for (i = 0; i < ret; i++) { + ip_plugin_ex_free_cb(table_id, (void **)&(results[i]), 0, NULL); + } + + ipv6.ip_type = 6; + inet_pton(AF_INET6, "2001:db8:1234::5210", &(ipv6.ipv6)); + + memset(results, 0, sizeof(results)); + ret = maat_ip_plugin_table_get_ex_data(maat_instance, table_id, &ipv6, (void **)results, ARRAY_SIZE); + EXPECT_EQ(ret, 2); + EXPECT_EQ(results[0]->rule_id, 104); + EXPECT_EQ(results[1]->rule_id, 103); + for (i = 0; i < ret; i++) { + ip_plugin_ex_free_cb(table_id, (void **)&(results[i]), 0, NULL); + } + + //del lines + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_del[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + memset(results, 0, sizeof(results)); + ret = maat_ip_plugin_table_get_ex_data(maat_instance, table_id, &ipv4, (void **)results, ARRAY_SIZE); + EXPECT_EQ(ret, 0); +} + +TEST_F(MaatCmdTest, UpdateFQDNPlugin) { + const char *table_name = "TEST_FQDN_PLUGIN_WITH_EXDATA"; + const int TEST_CMD_LINE_NUM = 5; + struct maat *maat_instance = MaatCmdTest::_shared_maat_instance; + const char *table_line_add[TEST_CMD_LINE_NUM]={ + "201\t0\twww.example1.com\tcatid=1\t1", + "202\t1\t.example1.com\tcatid=1\t1", + "203\t0\tnews.example1.com\tcatid=2\t1", + "204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1", + "205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1"}; + const char *table_line_del[TEST_CMD_LINE_NUM]={ + "201\t0\twww.example1.com\tcatid=1\t0", + "202\t1\t.example1.com\tcatid=1\t0", + "203\t0\tnews.example1.com\tcatid=2\t0", + "204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t0", + "205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t0"}; + + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + int i = 0, ret = 0; + long long rule_id[TEST_CMD_LINE_NUM] = {0}; + struct maat_cmd_line line_rule; + //add lines + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_add[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + int ex_data_counter = 0; + ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, + fqdn_plugin_ex_new_cb, + fqdn_plugin_ex_free_cb, + fqdn_plugin_ex_dup_cb, + 0, &ex_data_counter); + ASSERT_TRUE(ret >= 0); + EXPECT_EQ(ex_data_counter, 5); + + struct fqdn_plugin_ud *results[ARRAY_SIZE]; + memset(results, 0, sizeof(results)); + + ret = maat_fqdn_plugin_table_get_ex_data(maat_instance, table_id, + "r3---sn-i3belne6.example2.com", + (void**)results, ARRAY_SIZE); + ASSERT_EQ(ret, 2); + for (i = 0; i < ret; i++) { + fqdn_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL); + } + + //del lines + for (i = 3; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_del[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + + sleep(WAIT_FOR_EFFECTIVE_S); + ret = maat_fqdn_plugin_table_get_ex_data(maat_instance, table_id, + "r3---sn-i3belne6.example2.com", + (void**)results, ARRAY_SIZE); + ASSERT_EQ(ret, 0); +} + +TEST_F(MaatCmdTest, UpdateBoolPlugin) { + const char *table_name = "TEST_BOOL_PLUGIN_WITH_EXDATA"; + const int TEST_CMD_LINE_NUM = 6; + struct maat *maat_instance = MaatCmdTest::_shared_maat_instance; + const char *table_line_add[TEST_CMD_LINE_NUM] = { + "301\t1&2&1000\ttunnel1\t1", + "302\t101&102\ttunnel2\t1", + "303\t102\ttunnel3\t1", + "304\t101\ttunnel4\t1", + "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", + "306\t101&101\tinvalid\t1"}; + const char *table_line_del[TEST_CMD_LINE_NUM] = { + "301\t1&2&1000\ttunnel1\t0", + "302\t101&102\ttunnel2\t0", + "303\t102\ttunnel3\t0", + "304\t101\ttunnel4\t0", + "305\t0&1&2&3&4&5&6&7\ttunnel5\t0", + "306\t101&101\tinvalid\t0"}; + + int table_id = maat_get_table_id(maat_instance, table_name); + ASSERT_GT(table_id, 0); + + long long rule_id[TEST_CMD_LINE_NUM] = {0}; + struct maat_cmd_line line_rule; + int i = 0, ret = 0; + + for (i = 0; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_add[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + + sleep(WAIT_FOR_EFFECTIVE_S); + + int ex_data_counter = 0; + ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, + bool_plugin_ex_new_cb, + bool_plugin_ex_free_cb, + bool_plugin_ex_dup_cb, + 0, &ex_data_counter); + ASSERT_TRUE(ret>=0); + EXPECT_EQ(ex_data_counter, 6); + + unsigned long long items[] = {101, 102, 1000}; + struct bool_plugin_ud *results[ARRAY_SIZE]; + memset(results, 0, sizeof(results)); + ret = maat_bool_plugin_table_get_ex_data(maat_instance, table_id, items, 3, + (void **)results, ARRAY_SIZE); + EXPECT_EQ(ret, 4); + for (i = 0; i < ret; i++) { + bool_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL); + } + + for (i = 3; i < TEST_CMD_LINE_NUM; i++) { + memset(&line_rule, 0, sizeof(line_rule)); + line_rule.rule_id = rule_id[i]; + line_rule.table_name = table_name; + line_rule.table_line = table_line_del[i]; + line_rule.expire_after = 0; + + ret = maat_cmd_set_line(maat_instance, &line_rule); + EXPECT_GT(ret, 0); + } + sleep(WAIT_FOR_EFFECTIVE_S); + + memset(results, 0, sizeof(results)); + ret = maat_bool_plugin_table_get_ex_data(maat_instance, table_id, items, 3, + (void **)results, ARRAY_SIZE); + EXPECT_EQ(ret, 2); + for (i = 0; i < ret; i++) { + bool_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL); + } +} + +TEST_F(MaatCmdTest, GroupInMassCompiles) { + +} + +TEST_F(MaatCmdTest, HitPath) { + +} + +TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419) { + +} + +TEST_F(MaatCmdTest, GroupEdit) { + +} + +TEST_F(MaatCmdTest, CompileDelete_TSG6548) { + +} + +TEST_F(MaatCmdTest, UpdateDeadLockDetection) { + +} + +TEST_F(MaatCmdTest, StreamScanSegfaultWhenVersionRollBack_TSG6324) { + +} + int main(int argc, char ** argv) { int ret=0; diff --git a/test/maat_json.json b/test/maat_json.json index 6a686b3..4b50bfe 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1,186 +1,158 @@ { - "compile_table": "COMPILE_DEFAULT", - "group2compile_table": "GROUP2COMPILE_DEFAULT", - "group2group_table": "GROUP2GROUP", - "groups": [ - { - "group_name": "ASN1234", - "regions": [ - { - "table_name": "AS_NUMBER", - "table_type": "expr", - "table_content": { - "keywords": "AS1234", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" - } - } - ] - }, - { - "group_name": "ASN2345", - "regions": [ - { - "table_name": "AS_NUMBER", - "table_type": "expr", - "table_content": { - "keywords": "AS2345", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" - } - } - ] - }, - { - "group_name": "financial-department-ip", - "regions": [ - { - "table_name": "IP_CONFIG", - "table_type": "ip_plus", - "table_content": { - "addr_type": "ipv4", - "saddr_format": "mask", - "src_ip1": "192.168.40.88", - "src_ip2": "255.255.255.255", - "sport_format": "range", - "src_port1": "0", - "src_port2": "65535", - "daddr_format": "mask", - "dst_ip1": "0.0.0.0", - "dst_ip2": "255.255.255.255", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - }, - { - "group_name": "Country-Sparta-IP", - "regions": [ - { - "table_name": "GeoLocation", - "table_type": "expr", - "table_content": { - "keywords": "Greece.Sparta", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" - } - } - ] - }, - { - "group_name": "IPv4-composition-source-only", - "regions": [ - { - "table_type": "ip_plus", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "192.168.50.24", - "src_ip2": "192.168.50.24", - "sport_format": "range", - "src_port1": "1", - "src_port2": "40000", - "daddr_format": "mask", - "dst_ip1": "0.0.0.0", - "dst_ip2": "255.255.255.0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - }, - { - "group_name": "FQDN_OBJ1", - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "sports.example.com", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" - } - } - ] - }, - { - "group_name": "FQDN_CAT1", - "regions": [ - { - "table_name": "INTERGER_PLUS", - "table_type": "interval_plus", - "table_content": { - "district": "fqdn_cat_id", - "low_boundary": 1724, - "up_boundary": 1724 - } - } - ] - }, - { - "group_name": "IPv4-composition-NOT-client-ip", - "regions": [ - { - "table_type": "ip_plus", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "192.168.58.19", - "src_ip2": "192.168.58.19", - "sport_format": "range", - "src_port1": "20000", - "src_port2": "20000", - "daddr_format": "mask", - "dst_ip1": "0.0.0.0", - "dst_ip2": "255.255.255.0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - }, - { - "group_name": "IPv4-composition-NOT-server-ip", - "regions": [ - { - "table_type": "ip_plus", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "10.0.1.20", - "src_ip2": "10.0.1.25", - "sport_format": "range", - "src_port1": "1", - "src_port2": "443", - "daddr_format": "mask", - "dst_ip1": "0.0.0.0", - "dst_ip2": "255.255.255.0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" - } - } - ] - } + "compile_table": "COMPILE_DEFAULT", + "group2compile_table": "GROUP2COMPILE_DEFAULT", + "group2group_table": "GROUP2GROUP", + "groups": [ + { + "group_name": "ASN1234", + "regions": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "AS1234", + "expr_type": "none", + "match_method": "exact", + "format": "uncase plain" + } + } + ] + }, + { + "group_name": "ASN2345", + "regions": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "AS2345", + "expr_type": "none", + "match_method": "exact", + "format": "uncase plain" + } + } + ] + }, + { + "group_name": "financial-department-ip", + "regions": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip_plus", + "table_content": { + "addr_type": "ipv4", + "addr_format": "mask", + "ip1": "192.168.40.88", + "ip2": "255.255.255.255", + "port_format": "range", + "port1": "0", + "port2": "65535", + "protocol": 6 + } + } + ] + }, + { + "group_name": "Country-Sparta-IP", + "regions": [ + { + "table_name": "GeoLocation", + "table_type": "expr", + "table_content": { + "keywords": "Greece.Sparta", + "expr_type": "none", + "match_method": "exact", + "format": "uncase plain" + } + } + ] + }, + { + "group_name": "IPv4-composition-source-only", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "addr_format": "single", + "ip1": "192.168.50.24", + "ip2": "192.168.50.24", + "port_format": "range", + "port1": "39000", + "port2": "40000", + "protocol": 6 + } + } + ] + }, + { + "group_name": "FQDN_OBJ1", + "regions": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "sports.example.com", + "expr_type": "none", + "match_method": "exact", + "format": "uncase plain" + } + } + ] + }, + { + "group_name": "FQDN_CAT1", + "regions": [ + { + "table_name": "INTERGER_PLUS", + "table_type": "interval_plus", + "table_content": { + "district": "fqdn_cat_id", + "low_boundary": 1724, + "up_boundary": 1724 + } + } + ] + }, + { + "group_name": "IPv4-composition-NOT-client-ip", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "addr_format": "single", + "ip1": "192.168.58.19", + "ip2": "192.168.58.19", + "port_format": "single", + "port1": "20000", + "port2": "20000", + "protocol": 6 + } + } + ] + }, + { + "group_name": "IPv4-composition-NOT-server-ip", + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "addr_format": "range", + "ip1": "10.0.1.20", + "ip2": "10.0.1.25", + "port_format": "range", + "port1": "1", + "port2": "443", + "protocol": 6 + } + } + ] + } ], "rules": [ { @@ -200,20 +172,13 @@ "table_type": "ip_plus", "table_content": { "addr_type": "ipv4", - "saddr_format": "mask", - "src_ip1": "10.0.6.201", - "src_ip2": "255.255.0.0", - "sport_format": "range", - "src_port1": "0", - "src_port2": "65535", - "daddr_format": "mask", - "dst_ip1": "0.0.0.0", - "dst_ip2": "255.255.255.255", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" + "addr_format": "mask", + "ip1": "10.0.6.201", + "ip2": "255.255.0.0", + "port_format": "range", + "port1": "0", + "port2": "65535", + "protocol": 6 } }, { @@ -221,20 +186,13 @@ "table_type": "ip_plus", "table_content": { "addr_type": "ipv6", - "saddr_format": "mask", - "src_ip1": "2001:da8:205:1::101", - "src_ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", - "sport_format": "range", - "src_port1": "0", - "src_port2": "65535", - "daddr_format": "mask", - "dst_ip1": "0::0", - "dst_ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" + "addr_format": "mask", + "ip1": "2001:da8:205:1::101", + "ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", + "port_format": "range", + "port1": "0", + "port2": "65535", + "protocol": 6 } } ] @@ -363,7 +321,7 @@ "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { - "district": "HtTP\\bUrL", + "district": "HtTP\\bUrL", "keywords": "abckkk&123", "expr_type": "and", "match_method": "sub", @@ -589,7 +547,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "tags":"{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}", + "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}", "user_region": "Not\\baccepted\\btags", "is_valid": "yes", "groups": [ @@ -616,7 +574,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "tags":"{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}", + "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}", "user_region": "Accepted\\btags", "is_valid": "yes", "groups": [ @@ -725,7 +683,7 @@ "is_valid": "yes", "groups": [ { - "not_flag":0, + "not_flag": 0, "regions": [ { "table_name": "HTTP_URL", @@ -736,11 +694,11 @@ "match_method": "sub", "format": "uncase plain" } - } + } ] }, { - "not_flag":1, + "not_flag": 1, "regions": [ { "table_name": "HTTP_URL", @@ -766,7 +724,7 @@ "is_valid": "yes", "groups": [ { - "not_flag":0, + "not_flag": 0, "regions": [ { "table_name": "HTTP_URL", @@ -781,7 +739,7 @@ ] }, { - "not_flag":1, + "not_flag": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -807,7 +765,7 @@ "is_valid": "yes", "groups": [ { - "not_flag":0, + "not_flag": 0, "regions": [ { "table_name": "HTTP_URL", @@ -822,8 +780,8 @@ ] }, { - "not_flag":1, - "group_name": "123_IP_group" + "not_flag": 1, + "group_name": "123_IP_group" } ] }, @@ -1037,7 +995,9 @@ { "group_name": "interval_group_refered", "sub_groups": [ - {"group_name": "126_interval_group"} + { + "group_name": "126_interval_group" + } ] } ] @@ -1067,14 +1027,18 @@ ], "group_name": "Untitled", "sub_groups": [ - {"group_name": "152_mail_addr"} + { + "group_name": "152_mail_addr" + } ], - "not_flag" : 0 + "not_flag": 0 }, { "group_name": "IP_group_refered", "sub_groups": [ - {"group_name": "123_IP_group"} + { + "group_name": "123_IP_group" + } ] } ] @@ -1096,24 +1060,17 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "10.0.7.100", - "src_ip2": "10.0.7.106", - "sport_format": "range", - "src_port1": "5000", - "src_port2": "5001", - "daddr_format": "mask", - "dst_ip1": "123.56.104.218", - "dst_ip2": "255.255.255.0", - "dport_format": "range", - "dst_port1": "7400", - "dst_port2": "7400", - "protocol": 6, - "direction": "double" + "addr_format": "range", + "ip1": "10.0.7.100", + "ip2": "10.0.7.106", + "port_format": "range", + "port1": "65529", + "port2": "65535", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 } ] }, @@ -1134,24 +1091,17 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv6", - "saddr_format": "range", - "src_ip1": "1001:da8:205:1::101", - "src_ip2": "1001:da8:205:1::201", - "sport_format": "mask", - "src_port1": "5210", - "src_port2": "65520", - "daddr_format": "mask", - "dst_ip1": "3001:da8:205:1::401", - "dst_ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", - "dport_format": "mask", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" + "addr_format": "range", + "ip1": "1001:da8:205:1::101", + "ip2": "1001:da8:205:1::201", + "port_format": "range", + "port1": "65510", + "port2": "65520", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 } ] }, @@ -1171,7 +1121,7 @@ "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { - "district": "Content-Type", + "district": "Content-Type", "keywords": "2f68746d6c", "expr_type": "none", "match_method": "sub", @@ -1225,24 +1175,17 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.0.1", - "src_ip2": "32", - "sport_format": "range", - "src_port1": "5210", - "src_port2": "5211", - "daddr_format": "CIDR", - "dst_ip1": "10.0.6.1", - "dst_ip2": "24", - "dport_format": "mask", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" + "addr_format": "CIDR", + "ip1": "192.168.0.1", + "ip2": "32", + "port_format": "range", + "port1": "5210", + "port2": "5211", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 } ] }, @@ -1263,160 +1206,153 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv6", - "saddr_format": "CIDR", - "src_ip1": "2001:db8::", - "src_ip2": "120", - "sport_format": "mask", - "src_port1": "5210", - "src_port2": "65520", - "daddr_format": "CIDR", - "dst_ip1": "2001:4860:4860::8888", - "dst_ip2": "65", - "dport_format": "mask", - "dst_port1": "0", - "dst_port2": "65535", - "protocol": 6, - "direction": "double" + "addr_format": "CIDR", + "ip1": "2001:db8::", + "ip2": "120", + "port_format": "range", + "port1": "65510", + "port2": "65520", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 } - ] - }, - { - "compile_id": 160, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "VirtualWithOnePhysical", - "is_valid": "yes", - "groups": [ - { - "group_name":"TakeMeHome", - "virtual_table":"HTTP_RESPONSE_KEYWORDS", - "not_flag" : 0 - }, - { - "not_flag":0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 161, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "virtual_table_test_temp", - "is_valid": "yes", - "groups": [ - { - "group_name":"vt_grp_http_sig1", - "not_flag":0, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "User-Agent", + ] + }, + { + "compile_id": 160, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "VirtualWithOnePhysical", + "is_valid": "yes", + "groups": [ + { + "group_name": "TakeMeHome", + "virtual_table": "HTTP_RESPONSE_KEYWORDS", + "not_flag": 0 + }, + { + "not_flag": 0, + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 161, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "virtual_table_test_temp", + "is_valid": "yes", + "groups": [ + { + "group_name": "vt_grp_http_sig1", + "not_flag": 0, + "regions": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "User-Agent", "keywords": "Chrome/78.0.3904.108", "expr_type": "none", "match_method": "sub", "format": "uncase plain" } - } - ] - }, - { - "group_name":"vt_grp_http_sig2", - "not_flag":0, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "Cookie", + } + ] + }, + { + "group_name": "vt_grp_http_sig2", + "not_flag": 0, + "regions": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "Cookie", "keywords": "uid=12345678", "expr_type": "none", "match_method": "sub", "format": "uncase plain" } - }, - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "Cookie", + }, + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "Cookie", "keywords": "sessionid=888888", "expr_type": "none", "match_method": "sub", "format": "uncase plain" } - } - ] - } - ] - }, - { - "compile_id": 162, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "VirtualWithVirtual", - "is_valid": "yes", - "groups": [ - { - "group_name":"vt_grp_http_sig1", - "virtual_table":"HTTP_REQUEST_HEADER", - "not_flag":0 - }, - { - "group_name":"vt_grp_http_sig2", - "virtual_table":"HTTP_RESPONSE_HEADER", - "not_flag":0 - } - ] - }, - { - "compile_id": 163, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "OneGroupInTwoVirtual", - "is_valid": "yes", - "groups": [ - { - "group_name":"vt_grp_http_sig2", - "virtual_table":"HTTP_REQUEST_HEADER", - "not_flag":0 - }, - { - "group_name":"vt_grp_http_sig2", - "virtual_table":"HTTP_RESPONSE_HEADER", - "not_flag":0 - } - ] - }, + } + ] + } + ] + }, + { + "compile_id": 162, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "VirtualWithVirtual", + "is_valid": "yes", + "groups": [ + { + "group_name": "vt_grp_http_sig1", + "virtual_table": "HTTP_REQUEST_HEADER", + "not_flag": 0 + }, + { + "group_name": "vt_grp_http_sig2", + "virtual_table": "HTTP_RESPONSE_HEADER", + "not_flag": 0 + } + ] + }, + { + "compile_id": 163, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "OneGroupInTwoVirtual", + "is_valid": "yes", + "groups": [ + { + "group_name": "vt_grp_http_sig2", + "virtual_table": "HTTP_REQUEST_HEADER", + "not_flag": 0 + }, + { + "group_name": "vt_grp_http_sig2", + "virtual_table": "HTTP_RESPONSE_HEADER", + "not_flag": 0 + } + ] + }, { "compile_id": 164, "service": 1, @@ -1451,7 +1387,7 @@ "do_log": 1, "user_region": "EvaluationOrder", "is_valid": "yes", - "evaluation_order":"2.111", + "evaluation_order": "2.111", "groups": [ { "group_name": "Untitled", @@ -1468,104 +1404,108 @@ } ] }, - { - "regions": [ - { - "table_type": "ip_plus", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.23.1", - "src_ip2": "24" - } - } - ], - "not_flag" : 0 - } + { + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "addr_format": "CIDR", + "ip1": "192.168.23.1", + "ip2": "24", + "port_format": "range", + "port1": "65530", + "port2": "65535", + "protocol": -1 + } + } + ], + "not_flag": 0 + } ] - }, - { - "compile_id": 166, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order":"100.233", - "groups": [ - { - "group_name": "Untitled", - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "2019/12/27/pretty-girls-6", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } + }, + { + "compile_id": 166, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "100.233", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "2019/12/27/pretty-girls-6", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" } - ] - } - ] - }, - { - "compile_id": 167, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order":"300.999", - "groups": [ - { - "group_name": "Untitled", - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "2019/12/27", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } + } + ] + } + ] + }, + { + "compile_id": 167, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "300.999", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "2019/12/27", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" } - ] - } - ] - }, - { - "compile_id": 168, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order":"0", - "groups": [ - { - "group_name": "Untitled", - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "2019/12/27", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } + } + ] + } + ] + }, + { + "compile_id": 168, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "0", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "2019/12/27", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" } - ] - } - ] - }, + } + ] + } + ] + }, { "compile_id": 170, "service": 0, @@ -1577,31 +1517,24 @@ "is_valid": "no", "groups": [ { - "group_name": "ipv4_virtual.source", + "group_name": "ipv4_virtual.source", "regions": [ { "table_type": "ip_plus", "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.40.10", - "src_ip2": "32", - "sport_format": "mask", - "src_port1": "443", - "src_port2": "65535", - "daddr_format": "CIDR", - "dst_ip1": "0.0.0.0", - "dst_ip2": "0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "0", - "protocol": 6, - "direction": "double" + "addr_format": "CIDR", + "ip1": "192.168.40.10", + "ip2": "32", + "port_format": "range", + "port1": "65531", + "port2": "65535", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 } ] }, @@ -1616,56 +1549,49 @@ "is_valid": "no", "groups": [ { - "group_name": "ipv4_virtual.destination", + "group_name": "ipv4_virtual.destination", "regions": [ { "table_type": "ip_plus", "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.231.46", - "src_ip2": "32", - "sport_format": "mask", - "src_port1": "25705", - "src_port2": "65535", - "daddr_format": "CIDR", - "dst_ip1": "0.0.0.0", - "dst_ip2": "0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "0", - "protocol": 6, - "direction": "double" + "addr_format": "CIDR", + "ip1": "192.168.231.46", + "ip2": "32", + "port_format": "range", + "port1": "65532", + "port2": "65535", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 + } + ] + }, + { + "compile_id": 172, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_virtual.match", + "is_valid": "yes", + "groups": [ + { + "group_name": "ipv4_virtual.source", + "virtual_table": "VIRTUAL_IP_PLUS_SOURCE", + "not_flag": 0 + }, + { + "group_name": "ipv4_virtual.destination", + "virtual_table": "VIRTUAL_IP_PLUS_DESTINATION", + "not_flag": 0 } ] }, - { - "compile_id": 172, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_virtual.match", - "is_valid": "yes", - "groups": [ - { - "group_name":"ipv4_virtual.source", - "virtual_table":"VIRTUAL_IP_PLUS_SOURCE", - "not_flag":0 - }, - { - "group_name":"ipv4_virtual.destination", - "virtual_table":"VIRTUAL_IP_PLUS_DESTINATION", - "not_flag":0 - } - ] - }, { "compile_id": 173, "service": 0, @@ -1677,31 +1603,24 @@ "is_valid": "no", "groups": [ { - "group_name": "ipv4_composition.source", + "group_name": "ipv4_composition.source", "regions": [ { "table_type": "ip_plus", "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.40.11", - "src_ip2": "32", - "sport_format": "mask", - "src_port1": "443", - "src_port2": "65535", - "daddr_format": "CIDR", - "dst_ip1": "0.0.0.0", - "dst_ip2": "0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "0", - "protocol": 6, - "direction": "double" + "addr_format": "CIDR", + "ip1": "192.168.40.11", + "ip2": "32", + "port_format": "range", + "port1": "65530", + "port2": "65535", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 } ] }, @@ -1716,56 +1635,49 @@ "is_valid": "no", "groups": [ { - "group_name": "ipv4_composition.destination", + "group_name": "ipv4_composition.destination", "regions": [ { "table_type": "ip_plus", "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.231.47", - "src_ip2": "32", - "sport_format": "mask", - "src_port1": "25715", - "src_port2": "65535", - "daddr_format": "CIDR", - "dst_ip1": "0.0.0.0", - "dst_ip2": "0", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "0", - "protocol": 6, - "direction": "double" + "addr_format": "CIDR", + "ip1": "192.168.231.47", + "ip2": "32", + "port_format": "range", + "port1": "65530", + "port2": "65535", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 + } + ] + }, + { + "compile_id": 175, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.match", + "is_valid": "yes", + "groups": [ + { + "group_name": "ipv4_composition.source", + "virtual_table": "COMPOSITION_IP_SOURCE", + "not_flag": 0 + }, + { + "group_name": "ipv4_composition.destination", + "virtual_table": "COMPOSITION_IP_DESTINATION", + "not_flag": 0 } ] }, - { - "compile_id": 175, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_composition.match", - "is_valid": "yes", - "groups": [ - { - "group_name":"ipv4_composition.source", - "virtual_table":"COMPOSITION_IP_SOURCE", - "not_flag":0 - }, - { - "group_name":"ipv4_composition.destination", - "virtual_table":"COMPOSITION_IP_DESTINATION", - "not_flag":0 - } - ] - }, { "compile_id": 176, "service": 0, @@ -1777,53 +1689,45 @@ "is_valid": "no", "groups": [ { - "group_name": "ipv4_composition.session", + "group_name": "ipv4_composition.session", "regions": [ { "table_type": "ip_plus", "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "192.168.40.11", - "src_ip2": "2", - "sport_format": "mask", - "src_port1": "443", - "src_port2": "65535", - "daddr_format": "CIDR", - "dst_ip1": "192.168.231.47", - "dst_ip2": "32", - "dport_format": "range", - "dst_port1": "25715", - "dst_port2": "25715", - "protocol": 6, - "direction": "single" + "addr_format": "CIDR", + "ip1": "192.168.40.11", + "ip2": "2", + "port_format": "range", + "port1": "65530", + "port2": "65535", + "protocol": 6 } - } + } ], - "not_flag" : 0 + "not_flag": 0 + } + ] + }, + { + "compile_id": 177, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.session.match", + "is_valid": "yes", + "groups": [ + { + "group_name": "ipv4_composition.session", + "virtual_table": "COMPOSITION_IP_SESSION", + "not_flag": 0, + "clause_index": 1 } ] }, - { - "compile_id": 177, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_composition.session.match", - "is_valid": "yes", - "groups": [ - { - "group_name":"ipv4_composition.session", - "virtual_table":"COMPOSITION_IP_SESSION", - "not_flag":0, - "clause_index":1 - - } - ] - }, { "compile_id": 178, "service": 1, @@ -1833,30 +1737,30 @@ "user_region": "Hierarchy.TwoVirtualInOneClause", "is_valid": "yes", "groups": [ - { - "group_name":"ASN1234", - "virtual_table":"SOURCE_IP_ASN", - "not_flag":0, - "clause_index":0 - }, - { - "group_name":"financial-department-ip", - "virtual_table":"null", - "not_flag":0, - "clause_index":0 - }, - { - "group_name":"Country-Sparta-IP", - "virtual_table":"SOURCE_IP_GEO", - "not_flag":0, - "clause_index":0 - }, - { - "group_name":"ASN2345", - "virtual_table":"DESTINATION_IP_ASN", - "not_flag":0, - "clause_index":1 - } + { + "group_name": "ASN1234", + "virtual_table": "SOURCE_IP_ASN", + "not_flag": 0, + "clause_index": 0 + }, + { + "group_name": "financial-department-ip", + "virtual_table": "null", + "not_flag": 0, + "clause_index": 0 + }, + { + "group_name": "Country-Sparta-IP", + "virtual_table": "SOURCE_IP_GEO", + "not_flag": 0, + "clause_index": 0 + }, + { + "group_name": "ASN2345", + "virtual_table": "DESTINATION_IP_ASN", + "not_flag": 0, + "clause_index": 1 + } ] }, { @@ -1884,47 +1788,47 @@ } ] }, - { - "compile_id": 180, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "Hierarchy_VirtualWithTwoPhysical", - "is_valid": "yes", - "groups": [ - { - "group_name":"FQDN_OBJ1", - "virtual_table":"VIRTUAL_SSL_SNI", - "not_flag" : 0, - "clause_index":0 - }, - { - "group_name":"FQDN_CAT1", - "virtual_table":"VIRTUAL_SSL_SNI", - "not_flag" : 0, - "clause_index":0 - } - ] - }, - { - "compile_id": 181, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_composition.match", - "is_valid": "yes", - "groups": [ - { - "group_name":"IPv4-composition-source-only", - "virtual_table":"COMPOSITION_IP_SOURCE", - "not_flag":0 - } - ] - }, + { + "compile_id": 180, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "Hierarchy_VirtualWithTwoPhysical", + "is_valid": "yes", + "groups": [ + { + "group_name": "FQDN_OBJ1", + "virtual_table": "VIRTUAL_SSL_SNI", + "not_flag": 0, + "clause_index": 0 + }, + { + "group_name": "FQDN_CAT1", + "virtual_table": "VIRTUAL_SSL_SNI", + "not_flag": 0, + "clause_index": 0 + } + ] + }, + { + "compile_id": 181, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.match", + "is_valid": "yes", + "groups": [ + { + "group_name": "IPv4-composition-source-only", + "virtual_table": "COMPOSITION_IP_SOURCE", + "not_flag": 0 + } + ] + }, { "compile_id": 182, "service": 1, @@ -1989,26 +1893,18 @@ { "group_name": "Untitled", "regions": [ - { "table_name": "IP_CONFIG", "table_type": "ip_plus", "table_content": { - "protocol": 0, "addr_type": "ipv6", - "saddr_format": "mask", - "src_ip1": "::", - "src_ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", - "sport_format": "range", - "src_port1": "0", - "src_port2": "0", - "daddr_format": "mask", - "dst_ip1": "2620:100:3000::", - "dst_ip2": "ffff:ffff:ff00:0000:0000:0000:0000:0000", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "65535", - "direction": "double" + "addr_format": "mask", + "ip1": "::", + "ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "port_format": "single", + "port1": "0", + "port2": "0", + "protocol": 0 } } ] @@ -2026,15 +1922,15 @@ "is_valid": "yes", "groups": [ { - "group_name":"IPv4-composition-NOT-client-ip", - "virtual_table":"COMPOSITION_IP_SOURCE", - "not_flag":0 + "group_name": "IPv4-composition-NOT-client-ip", + "virtual_table": "COMPOSITION_IP_SOURCE", + "not_flag": 0 }, { - "group_name":"IPv4-composition-NOT-server-ip", - "virtual_table":"COMPOSITION_IP_DESTINATION", - "not_flag":1 - } + "group_name": "IPv4-composition-NOT-server-ip", + "virtual_table": "COMPOSITION_IP_DESTINATION", + "not_flag": 1 + } ] }, { @@ -2068,20 +1964,13 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "10.0.8.186", - "src_ip2": "10.0.8.186", - "sport_format": "range", - "src_port1": "18611", - "src_port2": "18611", - "daddr_format": "range", - "dst_ip1": "10.0.8.20", - "dst_ip2": "10.0.8.20", - "dport_format": "range", - "dst_port1": "80", - "dst_port2": "80", - "protocol": 6, - "direction": "single" + "addr_format": "single", + "ip1": "10.0.8.186", + "ip2": "10.0.8.186", + "port_format": "single", + "port1": "18611", + "port2": "18611", + "protocol": 6 } } ], @@ -2120,20 +2009,13 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "10.0.8.187", - "src_ip2": "10.0.8.187", - "sport_format": "range", - "src_port1": "18611", - "src_port2": "18611", - "daddr_format": "range", - "dst_ip1": "10.0.8.20", - "dst_ip2": "10.0.8.20", - "dport_format": "range", - "dst_port1": "80", - "dst_port2": "80", - "protocol": 6, - "direction": "single" + "addr_format": "single", + "ip1": "10.0.8.187", + "ip2": "10.0.8.187", + "port_format": "single", + "port1": "18611", + "port2": "18611", + "protocol": 6 } } ], @@ -2172,20 +2054,13 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "10.0.8.188", - "src_ip2": "10.0.8.188", - "sport_format": "range", - "src_port1": "18611", - "src_port2": "18611", - "daddr_format": "range", - "dst_ip1": "10.0.8.20", - "dst_ip2": "10.0.8.20", - "dport_format": "range", - "dst_port1": "80", - "dst_port2": "80", - "protocol": 6, - "direction": "single" + "addr_format": "single", + "ip1": "10.0.8.188", + "ip2": "10.0.8.188", + "port_format": "single", + "port1": "18611", + "port2": "18611", + "protocol": 6 } } ], @@ -2237,7 +2112,7 @@ "table_name": "HTTP_SIGNATURE", "table_type": "expr_plus", "table_content": { - "district": "我的DistrIct", + "district": "我的DistrIct", "keywords": "addis&sapphire", "expr_type": "and", "match_method": "sub", @@ -2481,17 +2356,17 @@ { "table_name": "QD_ENTRY_INFO", "table_content": [ - "1\t192.168.0.1\t101\t1", - "2\t192.168.0.2\t101\t1", - "3\t192.168.1.1\t102\t1" + "1\t192.168.0.1\t101\t1", + "2\t192.168.0.2\t101\t1", + "3\t192.168.1.1\t102\t1" ] }, { "table_name": "TEST_PLUGIN_TABLE", "table_content": [ - "1\t3388\t99\t1", - "2\t3355\t66\t1", - "3\tcccc\t11\t1" + "1\t3388\t99\t1", + "2\t3355\t66\t1", + "3\tcccc\t11\t1" ] }, { @@ -2515,51 +2390,51 @@ { "table_name": "TEST_EFFECTIVE_RANGE_TABLE", "table_content": [ - "1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111", - "2\tSUCCESS\t66\t1\t0\t222", - "3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333", - "4\tSUCCESS\t66\t1\t{}\t444", - "5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444", - "6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444" + "1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111", + "2\tSUCCESS\t66\t1\t0\t222", + "3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333", + "4\tSUCCESS\t66\t1\t{}\t444", + "5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444", + "6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444" ] }, { "table_name": "IR_INTERCEPT_IP", "table_content": [ - "1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34", - "161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42" + "1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34", + "161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42" ] }, { "table_name": "TEST_IP_PLUGIN_WITH_EXDATA", "table_content": [ - "101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t1\trange", - "102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t1\trange", - "103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t1\trange", - "104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t1\trange", - "105\t6\t2620:100:3000::\t2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1\trange" + "101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t1\trange", + "102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t1\trange", + "103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t1\trange", + "104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t1\trange", + "105\t6\t2620:100:3000::\t2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1\trange" ] }, { "table_name": "TEST_FQDN_PLUGIN_WITH_EXDATA", "table_content": [ - "201\t0\twww.example1.com\tcatid=1\t1", - "202\t1\t.example1.com\tcatid=1\t1", - "203\t0\tnews.example1.com\tcatid=2\t1", - "204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1", - "205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1" + "201\t0\twww.example1.com\tcatid=1\t1", + "202\t1\t.example1.com\tcatid=1\t1", + "203\t0\tnews.example1.com\tcatid=2\t1", + "204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1", + "205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1" ] }, { - "table_name":"TEST_BOOL_PLUGIN_WITH_EXDATA", - "table_content": [ - "301\t1&2&1000\ttunnel1\t1", - "302\t101&102\ttunnel2\t1", - "303\t102\ttunnel3\t1", - "304\t101\ttunnel4\t1", - "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", - "306\t101&101\tinvalid\t1" - ] + "table_name": "TEST_BOOL_PLUGIN_WITH_EXDATA", + "table_content": [ + "301\t1&2&1000\ttunnel1\t1", + "302\t101&102\ttunnel2\t1", + "303\t102\ttunnel3\t1", + "304\t101\ttunnel4\t1", + "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", + "306\t101&101\tinvalid\t1" + ] } ] -} +} \ No newline at end of file diff --git a/test/table_info.conf b/test/table_info.conf index e40e7b2..9b6764f 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -8,8 +8,7 @@ "custom": { "compile_id":1, "tags":6, - "clause_num":9, - "evaluation_order":10 + "clause_num":9 } }, { @@ -35,8 +34,7 @@ "custom": { "compile_id":1, "tags":6, - "clause_num":9, - "evaluation_order":10 + "clause_num":9 } }, { @@ -96,14 +94,18 @@ "table_id":7, "table_name":"IP_CONFIG", "table_type":"ip_plus", - "valid_column":18, + "valid_column":11, "custom": { "item_id":1, "group_id":2, "addr_type":3, - "saddr_format":4, - "sip1":5, - "sip2":6 + "addr_format":4, + "ip1":5, + "ip2":6, + "port_format":7, + "port1":8, + "port2":9, + "protocol":10 } }, { @@ -122,7 +124,12 @@ "table_id":9, "table_name":"QD_ENTRY_INFO", "table_type":"plugin", - "valid_column":4 + "valid_column":4, + "custom": { + "key_type":"integer", + "key":1, + "tag":5 + } }, { "table_id":10, @@ -246,14 +253,18 @@ "table_id":19, "table_name":"IP_PLUS_CONFIG", "table_type":"ip_plus", - "valid_column":18, + "valid_column":11, "custom": { "item_id":1, "group_id":2, "addr_type":3, - "saddr_format":4, - "sip1":5, - "sip2":6 + "addr_format":4, + "ip1":5, + "ip2":6, + "port_format":7, + "port1":8, + "port2":9, + "protocol":10 } }, {