gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support ip+port+proto scan

Browse Source
This commit is contained in:
liuwentan
2023-03-27 15:52:47 +08:00
parent 7b49d7d52f
commit 73060d1c35
28 changed files with 1954 additions and 1447 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
deps/log/log.c vendored
View File

@@ -22,6 +22,7 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <strings.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
#include <pthread.h> #include <pthread.h>
@@ -277,4 +278,4 @@ void log_print(struct log_handle *handle, int level, const char *module, const c
log_print_file(handle, level, module, ap, fmt); log_print_file(handle, level, module, ap, fmt);
va_end(ap); va_end(ap);
} }
} }

11
include/maat.h
View File

@@ -172,8 +172,14 @@ int maat_scan_integer(struct maat *instance, int table_id, int thread_id,
long long integer, long long *results, size_t n_result, long long integer, long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state); size_t *n_hit_result, struct maat_state *state);
/**
* @param ip_addr: network ipv4 address
* @param port: network port
* @param protocol: -1(ANY protocol) 1(ICMP) 6(TCP) 17(UDP)
*/
int maat_scan_ipv4(struct maat *instance, int table_id, int thread_id, int maat_scan_ipv4(struct maat *instance, int table_id, int thread_id,
uint32_t ip_addr, long long *results, size_t n_result, uint32_t ip_addr, uint16_t port, int protocol,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state); size_t *n_hit_result, struct maat_state *state);
int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id, int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id,
@@ -182,7 +188,8 @@ int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id,
struct maat_state *state); struct maat_state *state);
int maat_scan_ipv6(struct maat *instance, int table_id, int thread_id, int maat_scan_ipv6(struct maat *instance, int table_id, int thread_id,
uint8_t *ip_addr, long long *results, size_t n_result, uint8_t *ip_addr, uint16_t port, int protocol,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state); size_t *n_hit_result, struct maat_state *state);
int maat_scan_ipv6_tuple4(struct maat *instance, int table_id, int thread_id, int maat_scan_ipv6_tuple4(struct maat *instance, int table_id, int thread_id,

7
src/CMakeLists.txt
View File

@@ -12,10 +12,9 @@ LINK_DIRECTORIES(/opt/MESA/lib /usr/lib64)
add_definitions(-D_GNU_SOURCE) add_definitions(-D_GNU_SOURCE)
add_definitions(-fPIC) add_definitions(-fPIC)
set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c
maat_rule.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_rule.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c
maat_table.c maat_compile.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_compile.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_fqdn.c maat_plugin.c
maat_expr.c maat_fqdn.c maat_port.c maat_plugin.c maat_ip_plugin.c maat_bool_plugin.c maat_ip_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_virtual.c)
maat_fqdn_plugin.c maat_virtual.c)
set(LIB_SOURCE_FILES set(LIB_SOURCE_FILES
${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c) ${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c)

10
src/inc_internal/maat_compile.h
View File

@@ -59,10 +59,10 @@ int compile_runtime_commit(void *compile_runtime, const char *table_name);
int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids, int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids,
size_t compile_ids_size, struct maat_state *state); size_t compile_ids_size, struct maat_state *state);
size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt,
struct maat_compile_state *compile_state, struct maat_compile_state *compile_state,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size, size_t hit_path_cnt); size_t array_size, size_t hit_path_cnt);
void *compile_runtime_get_ex_data(struct compile_runtime *compile_rt, void *compile_runtime_get_ex_data(struct compile_runtime *compile_rt,
struct compile_schema *compile_schema, struct compile_schema *compile_schema,
@@ -90,7 +90,7 @@ int maat_compile_state_update(struct rcu_hash_table *item_htable, int vtable_id,
long long *hit_item_ids, size_t hit_item_cnt, long long *hit_item_ids, size_t hit_item_cnt,
size_t *n_hit_group_id, struct maat_state *state); size_t *n_hit_group_id, struct maat_state *state);
size_t maat_compile_state_get_hit_paths(struct maat_compile_state *compile_state, size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *compile_state,
struct group2group_runtime *g2g_rt, struct group2group_runtime *g2g_rt,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size); size_t array_size);

3
src/inc_internal/maat_ip.h
View File

@@ -37,7 +37,8 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name);
/* ip runtime scan API */ /* ip runtime scan API */
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int vtable_id, struct maat_state *state); uint8_t *ip_addr, uint16_t port, int proto, int vtable_id,
struct maat_state *state);
void ip_runtime_scan_hit_inc(struct ip_runtime *ip_rt, int thread_id); void ip_runtime_scan_hit_inc(struct ip_runtime *ip_rt, int thread_id);
long long ip_runtime_scan_hit_sum(struct ip_runtime *ip_rt, int n_thread); long long ip_runtime_scan_hit_sum(struct ip_runtime *ip_rt, int n_thread);

54
src/inc_internal/maat_port.h
View File

@@ -1,54 +0,0 @@
/*
**********************************************************************************************
* File: maat_port.h
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_PORT_H_
#define _MAAT_PORT_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "cJSON/cJSON.h"
#include "maat_table.h"
#include "maat_rule.h"
/* port is short for port proto */
struct port_runtime;
void *port_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void port_schema_free(void *port_schema);
/* ip runtime API */
void *port_runtime_new(void *port_schema, int max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void port_runtime_free(void *port_runtime);
int port_runtime_update(void *port_runtime, void *port_schema,
const char *line, int valid_column);
int port_runtime_commit(void *port_runtime, const char *table_name);
struct ex_data_runtime *port_runtime_get_ex_data_rt(struct port_runtime *port_rt);
/* ip runtime scan API */
int port_runtime_scan(struct port_runtime *port_rt, int thread_id, int port,
int proto, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state);
void port_runtime_scan_hit_inc(struct port_runtime *port_rt, int thread_id);
long long port_runtime_scan_hit_sum(struct port_runtime *port_rt, int n_thread);
#ifdef __cplusplus
}
#endif
#endif

3
src/inc_internal/maat_rule.h
View File

@@ -285,8 +285,7 @@ long long maat_cmd_redis_server_time_s(redisContext *c);
long long maat_cmd_read_redis_integer(const redisReply *reply); long long maat_cmd_read_redis_integer(const redisReply *reply);
int maat_cmd_get_valid_flag_offset(const char *line, enum table_type table_type, int maat_cmd_get_valid_flag_offset(const char *line, int column_seq);
int valid_column_seq);
const char *maat_cmd_find_Nth_column(const char *line, int Nth, int *column_len); const char *maat_cmd_find_Nth_column(const char *line, int Nth, int *column_len);

1
src/inc_internal/maat_table.h
View File

@@ -29,7 +29,6 @@ enum table_type {
TABLE_TYPE_EXPR, TABLE_TYPE_EXPR,
TABLE_TYPE_EXPR_PLUS, TABLE_TYPE_EXPR_PLUS,
TABLE_TYPE_IP_PLUS, TABLE_TYPE_IP_PLUS,
TABLE_TYPE_PORT,
TABLE_TYPE_INTERVAL, TABLE_TYPE_INTERVAL,
TABLE_TYPE_INTERVAL_PLUS, TABLE_TYPE_INTERVAL_PLUS,
TABLE_TYPE_PLUGIN, TABLE_TYPE_PLUGIN,

17
src/inc_internal/maat_utils.h
View File

@@ -57,18 +57,25 @@ extern "C"
#define MAX_SCANNER_HIT_ITEM_NUM 4096 #define MAX_SCANNER_HIT_ITEM_NUM 4096
#define MAX_SCANNER_HIT_PATTERN_NUM 4096 * 8 #define MAX_SCANNER_HIT_PATTERN_NUM 4096 * 8
enum maat_ip_format { enum ip_format {
IP_FORMAT_SINGLE = 1,
IP_FORMAT_RANGE, IP_FORMAT_RANGE,
IP_FORMAT_MASK,
IP_FORMAT_CIDR, IP_FORMAT_CIDR,
IP_FORMAT_MASK,
IP_FORMAT_UNKNOWN IP_FORMAT_UNKNOWN
}; };
enum maat_ip_format ip_format_str2int(const char *format); enum port_format {
int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2, PORT_FORMAT_SINGLE = 1,
PORT_FORMAT_RANGE,
PORT_FORMAT_UNKNOWN
};
enum ip_format ip_format_str2int(const char *format);
int ip_format2range(int ip_type, enum ip_format format, const char *ip1, const char *ip2,
uint32_t range_begin[], uint32_t range_end[]); uint32_t range_begin[], uint32_t range_end[]);
enum port_format port_format_str2int(const char *format);
#define UNUSED __attribute__((unused)) #define UNUSED __attribute__((unused))

56
src/json2iris.c
View File

@@ -137,7 +137,6 @@ int set_iris_descriptor(const char *json_file, cJSON *json,
maat_kv_register(iris_cfg->str2int_map, "flag", TABLE_TYPE_FLAG); maat_kv_register(iris_cfg->str2int_map, "flag", TABLE_TYPE_FLAG);
maat_kv_register(iris_cfg->str2int_map, "flag_plus", TABLE_TYPE_FLAG_PLUS); maat_kv_register(iris_cfg->str2int_map, "flag_plus", TABLE_TYPE_FLAG_PLUS);
maat_kv_register(iris_cfg->str2int_map, "ip_plus", TABLE_TYPE_IP_PLUS); maat_kv_register(iris_cfg->str2int_map, "ip_plus", TABLE_TYPE_IP_PLUS);
maat_kv_register(iris_cfg->str2int_map, "port", TABLE_TYPE_PORT);
maat_kv_register(iris_cfg->str2int_map, "string", TABLE_TYPE_EXPR); maat_kv_register(iris_cfg->str2int_map, "string", TABLE_TYPE_EXPR);
maat_kv_register(iris_cfg->str2int_map, "expr", TABLE_TYPE_EXPR); maat_kv_register(iris_cfg->str2int_map, "expr", TABLE_TYPE_EXPR);
maat_kv_register(iris_cfg->str2int_map, "expr_plus", TABLE_TYPE_EXPR_PLUS); maat_kv_register(iris_cfg->str2int_map, "expr_plus", TABLE_TYPE_EXPR_PLUS);
@@ -511,73 +510,37 @@ int write_ip_plus_line(cJSON *region_json, struct iris_description *p_iris,
json_cmd[cmd_cnt].str2int_flag = 1; json_cmd[cmd_cnt].str2int_flag = 1;
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "saddr_format"; json_cmd[cmd_cnt].json_string = "addr_format";
json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "mask"; json_cmd[cmd_cnt].default_string = "mask";
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "src_ip1"; json_cmd[cmd_cnt].json_string = "ip1";
json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "0.0.0.0"; json_cmd[cmd_cnt].default_string = "0.0.0.0";
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "src_ip2"; json_cmd[cmd_cnt].json_string = "ip2";
json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "255.255.255.255"; json_cmd[cmd_cnt].default_string = "255.255.255.255";
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "sport_format"; json_cmd[cmd_cnt].json_string = "port_format";
json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "mask"; json_cmd[cmd_cnt].default_string = "mask";
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "src_port1"; json_cmd[cmd_cnt].json_string = "port1";
json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "0"; json_cmd[cmd_cnt].default_string = "0";
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "src_port2"; json_cmd[cmd_cnt].json_string = "port2";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "65535";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "daddr_format";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "dst_ip1";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "0.0.0.0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "dst_ip2";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "255.255.255.255";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "dport_format";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "dst_port1";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "dst_port2";
json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].empty_allowed = 1; json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "65535"; json_cmd[cmd_cnt].default_string = "65535";
@@ -589,13 +552,6 @@ int write_ip_plus_line(cJSON *region_json, struct iris_description *p_iris,
json_cmd[cmd_cnt].default_int = 0; json_cmd[cmd_cnt].default_int = 0;
cmd_cnt++; cmd_cnt++;
json_cmd[cmd_cnt].json_string = "direction";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].str2int_flag = 1;
json_cmd[cmd_cnt].empty_allowed = 1;
json_cmd[cmd_cnt].default_string = "double";
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "is_valid"; json_cmd[cmd_cnt].json_string = "is_valid";
json_cmd[cmd_cnt].json_type = cJSON_Number; json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++; cmd_cnt++;

51
src/maat_api.c
View File

@@ -597,6 +597,10 @@ int generic_plugin_table_set_ex_schema(struct table_manager *tbl_mgr, int table_
void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, int table_id, void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, int table_id,
enum table_type table_type, int valid_column) enum table_type table_type, int valid_column)
{ {
if (NULL == runtime || NULL == schema || valid_column < 0) {
return;
}
struct ex_data_schema *ex_schema = NULL; struct ex_data_schema *ex_schema = NULL;
struct ex_data_runtime *ex_data_rt = NULL; struct ex_data_runtime *ex_data_rt = NULL;
@@ -688,6 +692,10 @@ int generic_plugin_table_ex_schema_register(struct maat *maat_instance, int tabl
table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id); table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id); valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_INVALID || valid_column < 0) {
return -1;
}
generic_plugin_runtime_commit_ex_schema(runtime, schema, table_id, table_type, valid_column); generic_plugin_runtime_commit_ex_schema(runtime, schema, table_id, table_type, valid_column);
} }
@@ -1016,7 +1024,8 @@ int interval_scan(struct table_manager *tbl_mgr, int thread_id, long long intege
} }
int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
int physical_table_id, int vtable_id, struct maat_state *state) uint16_t port, int proto, int physical_table_id, int vtable_id,
struct maat_state *state)
{ {
enum table_type table_type = table_manager_get_table_type(tbl_mgr, physical_table_id); enum table_type table_type = table_manager_get_table_type(tbl_mgr, physical_table_id);
@@ -1030,7 +1039,8 @@ int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
} }
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4, int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, vtable_id, state); (uint8_t *)&ip_addr, port, proto, vtable_id,
state);
if (group_hit_cnt < 0) { if (group_hit_cnt < 0) {
return -1; return -1;
} }
@@ -1043,7 +1053,8 @@ int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
} }
int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
int physical_table_id, int vtable_id, struct maat_state *state) uint16_t port, int proto, int physical_table_id, int vtable_id,
struct maat_state *state)
{ {
enum table_type table_type = table_manager_get_table_type(tbl_mgr, physical_table_id); enum table_type table_type = table_manager_get_table_type(tbl_mgr, physical_table_id);
@@ -1057,7 +1068,7 @@ int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
} }
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
ip_addr, vtable_id, state); ip_addr, port, proto, vtable_id, state);
if (group_hit_cnt < 0) { if (group_hit_cnt < 0) {
return -1; return -1;
} }
@@ -1305,11 +1316,12 @@ int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id,
} }
int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id, int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id,
uint32_t ip_addr, long long *results, size_t n_result, uint32_t ip_addr, uint16_t port, int protocol,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state) size_t *n_hit_result, struct maat_state *state)
{ {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == results) || (0 == n_result) || (protocol < -1) || (thread_id < 0) || (NULL == results) || (0 == n_result)
|| (NULL == state)) { || (NULL == state)) {
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
@@ -1345,7 +1357,7 @@ int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id,
maat_runtime_ref_inc(maat_instance->maat_rt, thread_id); maat_runtime_ref_inc(maat_instance->maat_rt, thread_id);
alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1); alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1);
int hit_group_cnt = ipv4_scan(maat_instance->tbl_mgr, thread_id, ip_addr, int hit_group_cnt = ipv4_scan(maat_instance->tbl_mgr, thread_id, ip_addr, port, protocol,
physical_table_id, vtable_id, state); physical_table_id, vtable_id, state);
if (hit_group_cnt < 0) { if (hit_group_cnt < 0) {
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
@@ -1386,12 +1398,13 @@ int maat_scan_ipv4_tuple4(struct maat *instance, int table_id, int thread_id,
} }
int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id, int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id,
uint8_t *ip_addr, long long *results, size_t n_result, uint8_t *ip_addr, uint16_t port, int protocol,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state) size_t *n_hit_result, struct maat_state *state)
{ {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == ip_addr) || (NULL == results) || (protocol < -1) || (thread_id < 0) || (NULL == ip_addr)
|| (0 == n_result) || (NULL == state)) { || (NULL == results) || (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
@@ -1426,7 +1439,7 @@ int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id,
maat_runtime_ref_inc(maat_instance->maat_rt, thread_id); maat_runtime_ref_inc(maat_instance->maat_rt, thread_id);
alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1); alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1);
int hit_group_cnt = ipv6_scan(maat_instance->tbl_mgr, thread_id, ip_addr, int hit_group_cnt = ipv6_scan(maat_instance->tbl_mgr, thread_id, ip_addr, port, protocol,
physical_table_id, vtable_id, state); physical_table_id, vtable_id, state);
if (hit_group_cnt < 0) { if (hit_group_cnt < 0) {
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
@@ -1783,20 +1796,16 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
void *g2g_runtime = table_manager_get_runtime(maat_instance->tbl_mgr, maat_instance->g2g_table_id); void *g2g_runtime = table_manager_get_runtime(maat_instance->tbl_mgr, maat_instance->g2g_table_id);
assert(g2g_runtime != NULL); assert(g2g_runtime != NULL);
size_t compile_state_hit_path_cnt = maat_compile_state_get_hit_paths(state->compile_state, size_t internal_hit_path_cnt = maat_compile_state_get_internal_hit_paths(state->compile_state,
(struct group2group_runtime *)g2g_runtime, (struct group2group_runtime *)g2g_runtime,
paths, n_path); paths, n_path);
size_t new_hit_path_cnt = 0;
void *compile_rt = table_manager_get_runtime(maat_instance->tbl_mgr, compile_table_id); void *compile_rt = table_manager_get_runtime(maat_instance->tbl_mgr, compile_table_id);
assert(NULL != compile_rt); assert(NULL != compile_rt);
new_hit_path_cnt = compile_runtime_get_new_hit_paths((struct compile_runtime *)compile_rt, return compile_runtime_get_hit_paths((struct compile_runtime *)compile_rt,
state->compile_state, paths, n_path, state->compile_state, paths, n_path,
compile_state_hit_path_cnt); internal_hit_path_cnt);
return (compile_state_hit_path_cnt + new_hit_path_cnt);
} }
int maat_state_get_hit_objects(struct maat_state *state, struct maat_hit_object *objs, size_t n_obj) int maat_state_get_hit_objects(struct maat_state *state, struct maat_hit_object *objs, size_t n_obj)

38
src/maat_bool_plugin.c
View File

@@ -45,14 +45,17 @@ struct bool_plugin_runtime {
void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
size_t read_cnt = 0;
struct bool_plugin_schema *schema = ALLOC(struct bool_plugin_schema, 1); struct bool_plugin_schema *schema = ALLOC(struct bool_plugin_schema, 1);
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
schema->table_id = item->valueint; schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] table %s has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
@@ -66,13 +69,21 @@ void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "item_id"); custom_item = cJSON_GetObjectItem(item, "item_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->item_id_column = custom_item->valueint; schema->item_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] table %s has no item_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "bool_expr"); custom_item = cJSON_GetObjectItem(item, "bool_expr");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->bool_expr_column = custom_item->valueint; schema->bool_expr_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] table %s has no bool_expr column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
// rule_tag is optional // rule_tag is optional
@@ -82,11 +93,6 @@ void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
} }
schema->ref_tbl_mgr = tbl_mgr; schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 3) {
goto error;
}
return schema; return schema;
error: error:
FREE(schema); FREE(schema);
@@ -440,12 +446,14 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
struct bool_matcher *new_bool_matcher = NULL; struct bool_matcher *new_bool_matcher = NULL;
struct bool_matcher *old_bool_matcher = NULL; struct bool_matcher *old_bool_matcher = NULL;
new_bool_matcher = bool_matcher_new(rules, rule_cnt, &mem_used); if (rule_cnt > 0) {
if (NULL == new_bool_matcher) { new_bool_matcher = bool_matcher_new(rules, rule_cnt, &mem_used);
log_error(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, if (NULL == new_bool_matcher) {
"[%s:%d] table[%s] rebuild bool_matcher engine failed when update %zu bool_plugin rules", log_error(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN,
__FUNCTION__, __LINE__, table_name, rule_cnt); "[%s:%d] table[%s] rebuild bool_matcher engine failed when update %zu bool_plugin rules",
ret = -1; __FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_bool_matcher = bool_plugin_rt->matcher; old_bool_matcher = bool_plugin_rt->matcher;

60
src/maat_command.c
View File

@@ -244,54 +244,11 @@ void maat_cmd_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
} }
} }
int maat_cmd_get_valid_flag_offset(const char *line, enum table_type table_type, int maat_cmd_get_valid_flag_offset(const char *line, int column_seq)
int valid_column_seq) {
{
int column_seq = 0;
switch (table_type) {
case TABLE_TYPE_FLAG:
case TABLE_TYPE_FLAG_PLUS: //TODO:
column_seq = 5;
break;
case TABLE_TYPE_EXPR:
column_seq = 7;
break;
case TABLE_TYPE_EXPR_PLUS:
column_seq = 8;
break;
case TABLE_TYPE_IP_PLUS:
column_seq = 18;
break;
case TABLE_TYPE_COMPILE:
column_seq = 8;
break;
case TABLE_TYPE_PLUGIN:
case TABLE_TYPE_IP_PLUGIN:
case TABLE_TYPE_FQDN_PLUGIN:
case TABLE_TYPE_BOOL_PLUGIN:
if (valid_column_seq < 0) {
return -1;
}
column_seq = valid_column_seq;
break;
case TABLE_TYPE_INTERVAL:
column_seq = 5;
break;
case TABLE_TYPE_INTERVAL_PLUS:
column_seq = 6;
break;
case TABLE_TYPE_GROUP2COMPILE:
case TABLE_TYPE_GROUP2GROUP:
column_seq = 3;
break;
default:
assert(0);
}
size_t offset = 0; size_t offset = 0;
size_t len = 0; size_t len = 0;
int ret = get_column_pos(line, column_seq, &offset, &len); int ret = get_column_pos(line, column_seq, &offset, &len);
// 0 is also a valid value for some non-MAAT producer. // 0 is also a valid value for some non-MAAT producer.
if (ret < 0 || offset >= strlen(line) || (line[offset] != '1' && if (ret < 0 || offset >= strlen(line) || (line[offset] != '1' &&
@@ -392,9 +349,16 @@ int maat_cmd_set_line(struct maat *maat_instance, const struct maat_cmd_line *li
FREE(s_rule); FREE(s_rule);
return -1; return -1;
} }
int valid_offset = maat_cmd_get_valid_flag_offset(line_rule->table_line, valid_column);
if (valid_offset < 0) {
log_error(maat_instance->logger, MODULE_MAAT_COMMAND,
"[%s:%d] Command set line id %lld failed: table %s valid_offset error",
__FUNCTION__, __LINE__, line_rule->rule_id, line_rule->table_name);
FREE(s_rule);
return -1;
}
enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
int valid_offset = maat_cmd_get_valid_flag_offset(line_rule->table_line, table_type, valid_column);
int is_valid = atoi(line_rule->table_line + valid_offset); int is_valid = atoi(line_rule->table_line + valid_offset);
if (line_rule->expire_after > 0) { if (line_rule->expire_after > 0) {
absolute_expire_time = server_time + line_rule->expire_after; absolute_expire_time = server_time + line_rule->expire_after;

105
src/maat_compile.c
View File

@@ -54,7 +54,7 @@ struct group2compile_schema {
struct compile_item { struct compile_item {
long long compile_id; long long compile_id;
int declared_clause_num; int declared_clause_num;
int evaluation_order; double evaluation_order;
}; };
struct group2compile_item { struct group2compile_item {
@@ -241,15 +241,16 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, const char *table_name,
struct log_handle *logger) struct log_handle *logger)
{ {
int read_cnt = 0;
struct compile_schema *compile_schema = ALLOC(struct compile_schema, 1); struct compile_schema *compile_schema = ALLOC(struct compile_schema, 1);
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
compile_schema->table_id = item->valueint; compile_schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no table_id column", table_name);
goto error;
} }
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
@@ -263,33 +264,27 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "compile_id"); custom_item = cJSON_GetObjectItem(item, "compile_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
compile_schema->compile_id_column = custom_item->valueint; compile_schema->compile_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no compile_id column", table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "tags"); custom_item = cJSON_GetObjectItem(item, "tags");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
compile_schema->rule_tag_column = custom_item->valueint; compile_schema->rule_tag_column = custom_item->valueint;
read_cnt++;
} }
custom_item = cJSON_GetObjectItem(item, "clause_num"); custom_item = cJSON_GetObjectItem(item, "clause_num");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
compile_schema->declared_clause_num_column = custom_item->valueint; compile_schema->declared_clause_num_column = custom_item->valueint;
read_cnt++; } else {
} log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no clause_num column", table_name);
custom_item = cJSON_GetObjectItem(item, "evaluation_order"); goto error;
if (custom_item != NULL && custom_item->type == cJSON_Number) {
compile_schema->evaluation_order_column = custom_item->valueint;
read_cnt++;
} }
compile_schema->ref_tbl_mgr = tbl_mgr; compile_schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 5) {
goto error;
}
return compile_schema; return compile_schema;
error: error:
FREE(compile_schema); FREE(compile_schema);
@@ -304,20 +299,27 @@ void compile_schema_free(void *compile_schema)
void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
int read_cnt = 0;
struct group2compile_schema *g2c_schema = ALLOC(struct group2compile_schema, 1); struct group2compile_schema *g2c_schema = ALLOC(struct group2compile_schema, 1);
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
g2c_schema->table_id = item->valueint; g2c_schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
item = cJSON_GetObjectItem(json, "associated_compile_table_id"); item = cJSON_GetObjectItem(json, "associated_compile_table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
g2c_schema->associated_compile_table_id = item->valueint; g2c_schema->associated_compile_table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no associated_compile_table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
@@ -331,39 +333,54 @@ void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "group_id"); custom_item = cJSON_GetObjectItem(item, "group_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->group_id_column = custom_item->valueint; g2c_schema->group_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no group_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "compile_id"); custom_item = cJSON_GetObjectItem(item, "compile_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->compile_id_column = custom_item->valueint; g2c_schema->compile_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no compile_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "not_flag"); custom_item = cJSON_GetObjectItem(item, "not_flag");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->not_flag_column = custom_item->valueint; g2c_schema->not_flag_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no not_flag column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "virtual_table_name"); custom_item = cJSON_GetObjectItem(item, "virtual_table_name");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->vtable_name_column = custom_item->valueint; g2c_schema->vtable_name_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no virtual_table_name column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "clause_index"); custom_item = cJSON_GetObjectItem(item, "clause_index");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->clause_index_column = custom_item->valueint; g2c_schema->clause_index_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_COMPILE,
"[%s:%d] table %s has no clause_index column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
g2c_schema->ref_tbl_mgr = tbl_mgr; g2c_schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 7) {
goto error;
}
return g2c_schema; return g2c_schema;
error: error:
FREE(g2c_schema); FREE(g2c_schema);
@@ -456,16 +473,6 @@ compile_item_new(const char *line, struct compile_schema *compile_schema,
} }
compile_item->declared_clause_num = atoi(line + column_offset); compile_item->declared_clause_num = atoi(line + column_offset);
ret = get_column_pos(line, compile_schema->evaluation_order_column,
&column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_COMPILE,
"[%s:%d] compile table(table_id:%d) line:%s has no evaluation_order",
__FUNCTION__, __LINE__, compile_schema->table_id, line);
goto error;
}
compile_item->evaluation_order = atoi(line + column_offset);
return compile_item; return compile_item;
error: error:
FREE(compile_item); FREE(compile_item);
@@ -1291,10 +1298,10 @@ static int maat_compile_is_hit_path_existed(const struct maat_hit_path *hit_path
return 0; return 0;
} }
size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt, size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt,
struct maat_compile_state *compile_state, struct maat_compile_state *compile_state,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size, size_t hit_path_cnt) size_t array_size, size_t n_internal_hit_path)
{ {
/* assign hit_path_array[].compile_id */ /* assign hit_path_array[].compile_id */
size_t new_hit_path_cnt = 0; size_t new_hit_path_cnt = 0;
@@ -1313,11 +1320,11 @@ size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt,
compile = (struct maat_compile *)expr_match[idx].user_tag; compile = (struct maat_compile *)expr_match[idx].user_tag;
assert(compile->magic == MAAT_COMPILE_MAGIC); assert(compile->magic == MAAT_COMPILE_MAGIC);
assert((unsigned long long)compile->compile_id == expr_match[idx].expr_id); assert((unsigned long long)compile->compile_id == expr_match[idx].expr_id);
if (0 == compile->actual_clause_num) { if (0 == compile->actual_clause_num || NULL == compile->user_data) {
continue; continue;
} }
for (size_t j = 0; j < hit_path_cnt && (hit_path_cnt + new_hit_path_cnt) < array_size; j++) { for (size_t j = 0; j < n_internal_hit_path && (n_internal_hit_path + new_hit_path_cnt) < array_size; j++) {
if (hit_path_array[j].top_group_id < 0) { if (hit_path_array[j].top_group_id < 0) {
continue; continue;
} }
@@ -1331,8 +1338,8 @@ size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt,
// means same literal_id hit more than one compile_id // means same literal_id hit more than one compile_id
tmp_path = hit_path_array[j]; tmp_path = hit_path_array[j];
tmp_path.compile_id = compile->compile_id; tmp_path.compile_id = compile->compile_id;
if(maat_compile_is_hit_path_existed(hit_path_array, hit_path_cnt + new_hit_path_cnt, &tmp_path)) { if(maat_compile_is_hit_path_existed(hit_path_array, n_internal_hit_path + new_hit_path_cnt, &tmp_path)) {
hit_path_array[hit_path_cnt + new_hit_path_cnt] = tmp_path; hit_path_array[n_internal_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++; new_hit_path_cnt++;
} }
} }
@@ -1341,7 +1348,7 @@ size_t compile_runtime_get_new_hit_paths(struct compile_runtime *compile_rt,
} }
pthread_rwlock_unlock(&compile_rt->rwlock); pthread_rwlock_unlock(&compile_rt->rwlock);
return new_hit_path_cnt; return (n_internal_hit_path + new_hit_path_cnt);
} }
void maat_compile_state_update_hit_path(struct maat_compile_state *compile_state, void maat_compile_state_update_hit_path(struct maat_compile_state *compile_state,
@@ -1819,7 +1826,7 @@ int maat_compile_state_update(struct rcu_hash_table *item_htable, int vtable_id,
return 0; return 0;
} }
size_t maat_compile_state_get_hit_paths(struct maat_compile_state *compile_state, size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *compile_state,
struct group2group_runtime *g2g_rt, struct group2group_runtime *g2g_rt,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size) size_t array_size)

42
src/maat_expr.c
View File

@@ -283,7 +283,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->table_id = item->valueint; expr_schema->table_id = item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no table_id column", table_name); "[%s:%d] table %s has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -294,7 +295,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
if (item == NULL || item->type != cJSON_Object) { if (item == NULL || item->type != cJSON_Object) {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no custom column", table_name); "[%s:%d] table %s has no custom column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -303,7 +305,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->item_id_column = custom_item->valueint; expr_schema->item_id_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no item_id column", table_name); "[%s:%d] table %s has no item_id column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -312,7 +315,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->group_id_column = custom_item->valueint; expr_schema->group_id_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no group_id column", table_name); "[%s:%d] table %s has no group_id column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -321,7 +325,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->keywords_column = custom_item->valueint; expr_schema->keywords_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no keywords column", table_name); "[%s:%d] table %s has no keywords column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -332,7 +337,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->district_column = custom_item->valueint; expr_schema->district_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] expr_plus table %s has no district column", table_name); "[%s:%d] expr_plus table %s has no district column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
} }
@@ -342,7 +348,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->expr_type_column = custom_item->valueint; expr_schema->expr_type_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no expr_type column", table_name); "[%s:%d] table %s has no expr_type column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -351,7 +358,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->match_method_column = custom_item->valueint; expr_schema->match_method_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no match_method column", table_name); "[%s:%d] table %s has no match_method column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -360,7 +368,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->is_hexbin_column = custom_item->valueint; expr_schema->is_hexbin_column = custom_item->valueint;
} else { } else {
log_error(logger, MODULE_EXPR, log_error(logger, MODULE_EXPR,
"[%s:%d] table %s has no is_hexbin column", table_name); "[%s:%d] table %s has no is_hexbin column",
__FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
@@ -783,12 +792,15 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name)
int ret = 0; int ret = 0;
struct adapter_hs *new_adapter_hs = NULL; struct adapter_hs *new_adapter_hs = NULL;
struct adapter_hs *old_adapter_hs = NULL; struct adapter_hs *old_adapter_hs = NULL;
new_adapter_hs = adapter_hs_new(expr_rt->n_worker_thread, rules, rule_cnt, expr_rt->logger);
if (NULL == new_adapter_hs) { if (rule_cnt > 0) {
log_error(expr_rt->logger, MODULE_EXPR, new_adapter_hs = adapter_hs_new(expr_rt->n_worker_thread, rules, rule_cnt, expr_rt->logger);
"[%s:%d] table[%s] rebuild adapter_hs engine failed when update %zu expr rules", if (NULL == new_adapter_hs) {
__FUNCTION__, __LINE__, table_name, rule_cnt); log_error(expr_rt->logger, MODULE_EXPR,
ret = -1; "[%s:%d] table[%s] rebuild adapter_hs engine failed when update %zu expr rules",
__FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_adapter_hs = expr_rt->hs; old_adapter_hs = expr_rt->hs;

71
src/maat_flag.c
View File

@@ -57,16 +57,24 @@ struct flag_runtime {
void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
int read_cnt = 0;
struct flag_schema *schema = ALLOC(struct flag_schema, 1); struct flag_schema *schema = ALLOC(struct flag_schema, 1);
char table_type[NAME_MAX] = {0};
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
schema->table_id = item->valueint; schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FLAG,
"[%s:%d] table %s has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
/* table_type already validate in maat_table_new() */
item = cJSON_GetObjectItem(json, "table_type");
memcpy(table_type, item->valuestring, strlen(item->valuestring));
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
if (item == NULL || item->type != cJSON_Object) { if (item == NULL || item->type != cJSON_Object) {
log_error(logger, MODULE_FLAG, log_error(logger, MODULE_FLAG,
@@ -78,39 +86,57 @@ void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "item_id"); custom_item = cJSON_GetObjectItem(item, "item_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->item_id_column = custom_item->valueint; schema->item_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FLAG,
"[%s:%d] table %s has no item_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "group_id"); custom_item = cJSON_GetObjectItem(item, "group_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->group_id_column = custom_item->valueint; schema->group_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FLAG,
"[%s:%d] table %s has no group_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "district"); /* flag_plus has district */
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (strcmp(table_type, "flag_plus") == 0) {
schema->district_column = custom_item->valueint; custom_item = cJSON_GetObjectItem(item, "district");
read_cnt++; if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->district_column = custom_item->valueint;
} else {
log_error(logger, MODULE_FLAG,
"[%s:%d] flag_plus table %s has no district column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
} }
custom_item = cJSON_GetObjectItem(item, "flag"); custom_item = cJSON_GetObjectItem(item, "flag");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->flag_column = custom_item->valueint; schema->flag_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FLAG,
"[%s:%d] table %s has no flag column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "flag_mask"); custom_item = cJSON_GetObjectItem(item, "flag_mask");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->flag_mask_column = custom_item->valueint; schema->flag_mask_column = custom_item->valueint;
read_cnt++; } else {
} log_error(logger, MODULE_FLAG,
"[%s:%d] table %s has no flag_mask column",
schema->ref_tbl_mgr = tbl_mgr; __FUNCTION__, __LINE__, table_name);
if (read_cnt < 5) {
goto error; goto error;
} }
schema->ref_tbl_mgr = tbl_mgr;
return schema; return schema;
error: error:
FREE(schema); FREE(schema);
@@ -408,12 +434,15 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name)
int ret = 0; int ret = 0;
struct flag_matcher *new_flag_matcher = NULL; struct flag_matcher *new_flag_matcher = NULL;
struct flag_matcher *old_flag_matcher = NULL; struct flag_matcher *old_flag_matcher = NULL;
new_flag_matcher = flag_matcher_new(rules, rule_cnt);
if (NULL == new_flag_matcher) { if (rule_cnt > 0) {
log_error(flag_rt->logger, MODULE_FLAG, new_flag_matcher = flag_matcher_new(rules, rule_cnt);
"[%s:%d] table[%s] rebuild flag_matcher engine failed when update %zu flag rules", if (NULL == new_flag_matcher) {
__FUNCTION__, __LINE__, table_name, rule_cnt); log_error(flag_rt->logger, MODULE_FLAG,
ret = -1; "[%s:%d] table[%s] rebuild flag_matcher engine failed when update %zu flag rules",
__FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_flag_matcher = flag_rt->matcher; old_flag_matcher = flag_rt->matcher;

46
src/maat_fqdn_plugin.c
View File

@@ -46,14 +46,17 @@ struct fqdn_plugin_runtime {
void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
size_t read_cnt = 0;
struct fqdn_plugin_schema *schema = ALLOC(struct fqdn_plugin_schema, 1); struct fqdn_plugin_schema *schema = ALLOC(struct fqdn_plugin_schema, 1);
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
schema->table_id = item->valueint; schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] table %s has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
@@ -67,20 +70,32 @@ void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "item_id"); custom_item = cJSON_GetObjectItem(item, "item_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->item_id_column = custom_item->valueint; schema->item_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] table %s has no item_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "suffix_match_method"); custom_item = cJSON_GetObjectItem(item, "suffix_match_method");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->suffix_flag_column = custom_item->valueint; schema->suffix_flag_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] table %s has no suffix_match_method column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
// rule_tag is optional // rule_tag is optional
custom_item = cJSON_GetObjectItem(item, "fqdn"); custom_item = cJSON_GetObjectItem(item, "fqdn");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->fqdn_column = custom_item->valueint; schema->fqdn_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] table %s has no fqdn column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
// rule_tag is optional // rule_tag is optional
@@ -90,11 +105,6 @@ void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
} }
schema->ref_tbl_mgr = tbl_mgr; schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 4) {
goto error;
}
return schema; return schema;
error: error:
FREE(schema); FREE(schema);
@@ -421,12 +431,14 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
struct FQDN_engine *new_fqdn_engine = NULL; struct FQDN_engine *new_fqdn_engine = NULL;
struct FQDN_engine *old_fqdn_engine = NULL; struct FQDN_engine *old_fqdn_engine = NULL;
new_fqdn_engine = FQDN_engine_new(rules, rule_cnt); if (rule_cnt > 0) {
if (NULL == new_fqdn_engine) { new_fqdn_engine = FQDN_engine_new(rules, rule_cnt);
log_error(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, if (NULL == new_fqdn_engine) {
"[%s:%d] table[%s] rebuild FQDN engine failed when update %zu fqdn_plugin rules", log_error(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN,
__FUNCTION__, __LINE__, table_name, rule_cnt); "[%s:%d] table[%s] rebuild FQDN engine failed when update %zu fqdn_plugin rules",
ret = -1; __FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_fqdn_engine = fqdn_plugin_rt->engine; old_fqdn_engine = fqdn_plugin_rt->engine;

21
src/maat_group.c
View File

@@ -70,14 +70,16 @@ struct group2group_runtime {
void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
int read_cnt = 0;
struct group2group_schema *g2g_schema = ALLOC(struct group2group_schema, 1); struct group2group_schema *g2g_schema = ALLOC(struct group2group_schema, 1);
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
g2g_schema->table_id = item->valueint; g2g_schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_GROUP,
"[%s:%d] table %s has no table_id column", table_name);
goto error;
} }
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
@@ -91,21 +93,22 @@ void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "group_id"); custom_item = cJSON_GetObjectItem(item, "group_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2g_schema->group_id_column = custom_item->valueint; g2g_schema->group_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_GROUP,
"[%s:%d] table %s has no group_id column", table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "super_group_id"); custom_item = cJSON_GetObjectItem(item, "super_group_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2g_schema->super_group_id_column = custom_item->valueint; g2g_schema->super_group_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_GROUP,
"[%s:%d] table %s has no super_group_id column", table_name);
goto error;
} }
g2g_schema->ref_tbl_mgr = tbl_mgr; g2g_schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 3) {
goto error;
}
return g2g_schema; return g2g_schema;
error: error:
FREE(g2g_schema); FREE(g2g_schema);

70
src/maat_interval.c
View File

@@ -54,16 +54,24 @@ struct interval_runtime {
void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
int read_cnt = 0;
struct interval_schema *schema = ALLOC(struct interval_schema, 1); struct interval_schema *schema = ALLOC(struct interval_schema, 1);
char table_type[NAME_MAX] = {0};
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
schema->table_id = item->valueint; schema->table_id = item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_INTERVAL,
"[%s:%d] table %s has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
/* table_type already validate in maat_table_new() */
item = cJSON_GetObjectItem(json, "table_type");
memcpy(table_type, item->valuestring, strlen(item->valuestring));
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
if (item == NULL || item->type != cJSON_Object) { if (item == NULL || item->type != cJSON_Object) {
log_error(logger, MODULE_INTERVAL, log_error(logger, MODULE_INTERVAL,
@@ -75,39 +83,57 @@ void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "item_id"); custom_item = cJSON_GetObjectItem(item, "item_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->item_id_column = custom_item->valueint; schema->item_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_INTERVAL,
"[%s:%d] table %s has no item_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "group_id"); custom_item = cJSON_GetObjectItem(item, "group_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->group_id_column = custom_item->valueint; schema->group_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_INTERVAL,
"[%s:%d] table %s has no group_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "district"); /* interval_plus has district */
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (strcmp(table_type, "intval_plus") == 0) {
schema->district_column = custom_item->valueint; custom_item = cJSON_GetObjectItem(item, "district");
read_cnt++; if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->district_column = custom_item->valueint;
} else {
log_error(logger, MODULE_INTERVAL,
"[%s:%d] interval_plus table %s has no district column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
} }
custom_item = cJSON_GetObjectItem(item, "low_bound"); custom_item = cJSON_GetObjectItem(item, "low_bound");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->low_bound_column = custom_item->valueint; schema->low_bound_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_INTERVAL,
"[%s:%d] table %s has no low_bound column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "up_bound"); custom_item = cJSON_GetObjectItem(item, "up_bound");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->up_bound_column = custom_item->valueint; schema->up_bound_column = custom_item->valueint;
read_cnt++; } else {
} log_error(logger, MODULE_INTERVAL,
"[%s:%d] table %s has no up_bound column",
schema->ref_tbl_mgr = tbl_mgr; __FUNCTION__, __LINE__, table_name);
if (read_cnt < 5) {
goto error; goto error;
} }
schema->ref_tbl_mgr = tbl_mgr;
return schema; return schema;
error: error:
FREE(schema); FREE(schema);
@@ -405,12 +431,14 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name)
struct interval_matcher *new_interval_matcher = NULL; struct interval_matcher *new_interval_matcher = NULL;
struct interval_matcher *old_interval_matcher = NULL; struct interval_matcher *old_interval_matcher = NULL;
new_interval_matcher = interval_matcher_new(rules, rule_cnt); if (rule_cnt > 0) {
if (NULL == new_interval_matcher) { new_interval_matcher = interval_matcher_new(rules, rule_cnt);
log_error(interval_rt->logger, MODULE_INTERVAL, if (NULL == new_interval_matcher) {
"[%s:%d] table[%s]rebuild interval_matcher engine failed when update %zu interval rules", log_error(interval_rt->logger, MODULE_INTERVAL,
__FUNCTION__, __LINE__, table_name, rule_cnt); "[%s:%d] table[%s]rebuild interval_matcher engine failed when update %zu interval rules",
ret = -1; __FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_interval_matcher = interval_rt->matcher; old_interval_matcher = interval_rt->matcher;

401
src/maat_ip.c
View File

@@ -15,6 +15,7 @@
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_ex_data.h" #include "maat_ex_data.h"
#include "ip_matcher.h" #include "ip_matcher.h"
#include "interval_matcher.h"
#include "maat_ip.h" #include "maat_ip.h"
#include "maat_rule.h" #include "maat_rule.h"
#include "maat_compile.h" #include "maat_compile.h"
@@ -27,21 +28,25 @@ struct ip_schema {
int item_id_column; int item_id_column;
int group_id_column; int group_id_column;
int addr_type_column; int addr_type_column;
int saddr_format_column; int addr_format_column;
int sip1_column; int ip1_column;
int sip2_column; int ip2_column;
int port_format_column;
int port1_column;
int port2_column;
int protocol_column;
int table_id; //ugly int table_id; //ugly
struct table_manager *ref_tbl_mgr; struct table_manager *ref_tbl_mgr;
}; };
struct ipv4_item_rule { struct ipv4_item_rule {
uint32_t min_sip; /* 源地址下界0表示忽略本字段 */ uint32_t min_ip; /* 源地址下界0表示忽略本字段 */
uint32_t max_sip; /* 源地址上界0表示固定IP=min_saddr */ uint32_t max_ip; /* 源地址上界0表示固定IP=min_addr */
}; };
struct ipv6_item_rule { struct ipv6_item_rule {
uint32_t min_sip[4]; /* 源地址下界全0表示忽略本字段 */ uint32_t min_ip[4]; /* 源地址下界全0表示忽略本字段 */
uint32_t max_sip[4]; /* 源地址上界全0表示固定IP=min_saddr */ uint32_t max_ip[4]; /* 源地址上界全0表示固定IP=min_addr */
}; };
struct ip_item { struct ip_item {
@@ -52,11 +57,17 @@ struct ip_item {
struct ipv4_item_rule ipv4; struct ipv4_item_rule ipv4;
struct ipv6_item_rule ipv6; struct ipv6_item_rule ipv6;
}; };
enum ip_format ip_format;
enum port_format port_format;
uint16_t min_port;
uint16_t max_port;
int proto;
}; };
struct ip_runtime { struct ip_runtime {
struct ip_matcher* ip_matcher; struct ip_matcher *ip_matcher;
struct rcu_hash_table* htable; //store ip rule for rebuild ip_matcher instance struct interval_matcher *intval_matcher;
struct rcu_hash_table *htable; //store ip rule for rebuild ip_matcher instance
struct rcu_hash_table *item_htable; //store this ip table's all maat_item which will be used in ip_runtime_scan struct rcu_hash_table *item_htable; //store this ip table's all maat_item which will be used in ip_runtime_scan
uint32_t rule_num; uint32_t rule_num;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;
@@ -69,14 +80,12 @@ struct ip_runtime {
void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
size_t read_cnt = 0;
struct ip_schema *ip_schema = ALLOC(struct ip_schema, 1); struct ip_schema *ip_schema = ALLOC(struct ip_schema, 1);
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
ip_schema->table_id = item->valueint; ip_schema->table_id = item->valueint;
read_cnt++;
} }
item = cJSON_GetObjectItem(json, "custom"); item = cJSON_GetObjectItem(json, "custom");
@@ -90,45 +99,104 @@ void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "item_id"); custom_item = cJSON_GetObjectItem(item, "item_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->item_id_column = custom_item->valueint; ip_schema->item_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no item_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "group_id"); custom_item = cJSON_GetObjectItem(item, "group_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->group_id_column = custom_item->valueint; ip_schema->group_id_column = custom_item->valueint;
read_cnt++; } else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no group_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
} }
custom_item = cJSON_GetObjectItem(item, "addr_type"); custom_item = cJSON_GetObjectItem(item, "addr_type");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->addr_type_column = custom_item->valueint; ip_schema->addr_type_column = custom_item->valueint;
read_cnt++; } else {
} log_error(logger, MODULE_IP,
"[%s:%d] table %s has no add_type column",
custom_item = cJSON_GetObjectItem(item, "saddr_format"); __FUNCTION__, __LINE__, table_name);
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->saddr_format_column = custom_item->valueint;
read_cnt++;
}
custom_item = cJSON_GetObjectItem(item, "sip1");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->sip1_column = custom_item->valueint;
read_cnt++;
}
custom_item = cJSON_GetObjectItem(item, "sip2");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->sip2_column = custom_item->valueint;
read_cnt++;
}
ip_schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 7) {
goto error; goto error;
} }
custom_item = cJSON_GetObjectItem(item, "addr_format");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->addr_format_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no addr_format column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "ip1");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->ip1_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no ip1 column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "ip2");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->ip2_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no ip2 column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "port_format");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->port_format_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no port_format column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "port1");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->port1_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no port1 column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "port2");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->port2_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no port2 column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "protocol");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->protocol_column = custom_item->valueint;
} else {
log_error(logger, MODULE_IP,
"[%s:%d] table %s has no protocol column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
ip_schema->ref_tbl_mgr = tbl_mgr;
return ip_schema; return ip_schema;
error: error:
FREE(ip_schema); FREE(ip_schema);
@@ -145,9 +213,10 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema,
{ {
size_t column_offset = 0; size_t column_offset = 0;
size_t column_len = 0; size_t column_len = 0;
char saddr_format[16] = {0}; char addr_format[16] = {0};
char sip1_str[40] = {0}; char port_format[16] = {0};
char sip2_str[40] = {0}; char ip1_str[40] = {0};
char ip2_str[40] = {0};
struct ip_item *ip_item = ALLOC(struct ip_item, 1); struct ip_item *ip_item = ALLOC(struct ip_item, 1);
int ret = get_column_pos(line, ip_schema->item_id_column, &column_offset, &column_len); int ret = get_column_pos(line, ip_schema->item_id_column, &column_offset, &column_len);
@@ -184,42 +253,42 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema,
goto error; goto error;
} }
ret = get_column_pos(line, ip_schema->saddr_format_column, &column_offset, &column_len); ret = get_column_pos(line, ip_schema->addr_format_column, &column_offset, &column_len);
if (ret < 0) { if (ret < 0) {
log_error(logger, MODULE_IP, log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no saddr_format", "[%s:%d] ip table(table_id:%d) line:%s has no addr_format",
__FUNCTION__, __LINE__, ip_schema->table_id, line); __FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error; goto error;
} }
memcpy(saddr_format, (line + column_offset), column_len); memcpy(addr_format, (line + column_offset), column_len);
if (IP_FORMAT_UNKNOWN == ip_format_str2int(saddr_format)) { if (IP_FORMAT_UNKNOWN == ip_format_str2int(addr_format)) {
log_error(logger, MODULE_IP, log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has invalid saddr_format, should be range/mask/CIDR", "[%s:%d] ip table(table_id:%d) line:%s has invalid saddr_format, should be single/range/CIDR",
__FUNCTION__, __LINE__, ip_schema->table_id, line); __FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error; goto error;
} }
ret = get_column_pos(line, ip_schema->sip1_column, &column_offset, &column_len); ret = get_column_pos(line, ip_schema->ip1_column, &column_offset, &column_len);
if (ret < 0) { if (ret < 0) {
log_error(logger, MODULE_IP, log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no sip1", "[%s:%d] ip table(table_id:%d) line:%s has no ip1",
__FUNCTION__, __LINE__, ip_schema->table_id, line); __FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error; goto error;
} }
memcpy(sip1_str, (line + column_offset), column_len); memcpy(ip1_str, (line + column_offset), column_len);
ret = get_column_pos(line, ip_schema->sip2_column, &column_offset, &column_len); ret = get_column_pos(line, ip_schema->ip2_column, &column_offset, &column_len);
if (ret < 0) { if (ret < 0) {
log_error(logger, MODULE_IP, log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no sip2", "[%s:%d] ip table(table_id:%d) line:%s has no ip2",
__FUNCTION__, __LINE__, ip_schema->table_id, line); __FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error; goto error;
} }
memcpy(sip2_str, (line + column_offset), column_len); memcpy(ip2_str, (line + column_offset), column_len);
if (IPv4 == ip_item->addr_type) { if (IPv4 == ip_item->addr_type) {
ret = ip_format2range(ip_item->addr_type, ip_format_str2int(saddr_format), sip1_str, sip2_str, ret = ip_format2range(ip_item->addr_type, ip_format_str2int(addr_format), ip1_str, ip2_str,
&ip_item->ipv4.min_sip, &ip_item->ipv4.max_sip); &ip_item->ipv4.min_ip, &ip_item->ipv4.max_ip);
if (ret < 0) { if (ret < 0) {
log_error(logger, MODULE_IP, log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s ip_format2range(ip4) failed", "[%s:%d] ip table(table_id:%d) line:%s ip_format2range(ip4) failed",
@@ -228,8 +297,8 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema,
} }
} else { } else {
//ipv6 //ipv6
ret = ip_format2range(ip_item->addr_type, ip_format_str2int(saddr_format), sip1_str, sip2_str, ret = ip_format2range(ip_item->addr_type, ip_format_str2int(addr_format), ip1_str, ip2_str,
ip_item->ipv6.min_sip, ip_item->ipv6.max_sip); ip_item->ipv6.min_ip, ip_item->ipv6.max_ip);
if (ret < 0) { if (ret < 0) {
log_error(logger, MODULE_IP, log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s ip_format2range(ip6) failed", "[%s:%d] ip table(table_id:%d) line:%s ip_format2range(ip6) failed",
@@ -238,6 +307,50 @@ struct ip_item *ip_item_new(const char *line, struct ip_schema *ip_schema,
} }
} }
ret = get_column_pos(line, ip_schema->port_format_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no port_format",
__FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error;
}
memcpy(port_format, (line + column_offset), column_len);
if (PORT_FORMAT_UNKNOWN == port_format_str2int(port_format)) {
log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has invalid port_format, should be single/range",
__FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error;
}
ip_item->port_format = port_format_str2int(port_format);
ret = get_column_pos(line, ip_schema->port1_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no port1",
__FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error;
}
ip_item->min_port = atoi(line + column_offset);
ret = get_column_pos(line, ip_schema->port2_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no port2",
__FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error;
}
ip_item->max_port = atoi(line + column_offset);
ret = get_column_pos(line, ip_schema->protocol_column, &column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_IP,
"[%s:%d] ip table(table_id:%d) line:%s has no protocol",
__FUNCTION__, __LINE__, ip_schema->table_id, line);
goto error;
}
ip_item->proto = atoi(line + column_offset);
return ip_item; return ip_item;
error: error:
FREE(ip_item); FREE(ip_item);
@@ -317,18 +430,25 @@ void ip_item_to_ip_rule(struct ip_item *item, struct ip_rule *rule)
{ {
if (IPv4 == item->addr_type) { if (IPv4 == item->addr_type) {
rule->type = IPv4; rule->type = IPv4;
rule->ipv4_rule.start_ip = item->ipv4.min_sip; rule->ipv4_rule.start_ip = item->ipv4.min_ip;
rule->ipv4_rule.end_ip = item->ipv4.max_sip; rule->ipv4_rule.end_ip = item->ipv4.max_ip;
} else { } else {
rule->type = IPv6; rule->type = IPv6;
memcpy(rule->ipv6_rule.start_ip, item->ipv6.min_sip, memcpy(rule->ipv6_rule.start_ip, item->ipv6.min_ip,
sizeof(item->ipv6.min_sip)); sizeof(item->ipv6.min_ip));
memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_sip, memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_ip,
sizeof(item->ipv6.max_sip)); sizeof(item->ipv6.max_ip));
} }
rule->rule_id = item->item_id; rule->rule_id = item->item_id;
} }
void ip_item_to_port_rule(struct ip_item *item, struct interval_rule *rule)
{
rule->start = item->min_port;
rule->end = item->max_port;
rule->result.rule_id = item->item_id;
}
int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len, int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len,
struct ip_item *item, int is_valid) struct ip_item *item, int is_valid)
{ {
@@ -370,7 +490,6 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
} }
int is_valid = get_column_value(line, valid_column); int is_valid = get_column_value(line, valid_column);
//printf("<ip_runtime_update> item_id:%lld is_valid:%d\n", item_id, is_valid);
if (is_valid < 0) { if (is_valid < 0) {
return -1; return -1;
} else if (0 == is_valid) { } else if (0 == is_valid) {
@@ -425,14 +544,16 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name)
rcu_hash_commit(ip_rt->htable); rcu_hash_commit(ip_rt->htable);
struct ip_rule *rules = NULL; struct ip_rule *rules = NULL;
struct interval_rule *intval_rules = NULL;
void **ex_data_array = NULL; void **ex_data_array = NULL;
size_t rule_cnt = rcu_hash_list(ip_rt->htable, &ex_data_array); size_t rule_cnt = rcu_hash_list(ip_rt->htable, &ex_data_array);
if (rule_cnt > 0) { if (rule_cnt > 0) {
rules = ALLOC(struct ip_rule, rule_cnt); rules = ALLOC(struct ip_rule, rule_cnt);
intval_rules = ALLOC(struct interval_rule, rule_cnt);
for (size_t i = 0; i < rule_cnt; i++) { for (size_t i = 0; i < rule_cnt; i++) {
struct ip_item *item = (struct ip_item *)ex_data_array[i]; struct ip_item *item = (struct ip_item *)ex_data_array[i];
//printf("<ip_runtime_commit> item_id:%lld\n", item->item_id);
ip_item_to_ip_rule(item, &rules[i]); ip_item_to_ip_rule(item, &rules[i]);
ip_item_to_port_rule(item, &intval_rules[i]);
} }
} }
@@ -445,20 +566,40 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name)
struct ip_matcher *new_ip_matcher = NULL; struct ip_matcher *new_ip_matcher = NULL;
struct ip_matcher *old_ip_matcher = NULL; struct ip_matcher *old_ip_matcher = NULL;
new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_rt->logger); struct interval_matcher *new_intval_matcher = NULL;
if (NULL == new_ip_matcher) { struct interval_matcher *old_intval_matcher = NULL;
log_error(ip_rt->logger, MODULE_IP, if (rule_cnt > 0) {
"[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip rules", new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_rt->logger);
__FUNCTION__, __LINE__, table_name, rule_cnt); if (NULL == new_ip_matcher) {
ret = -1; log_error(ip_rt->logger, MODULE_IP,
"[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip rules",
__FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
new_intval_matcher = interval_matcher_new(intval_rules, rule_cnt);
if (NULL == new_intval_matcher) {
log_error(ip_rt->logger, MODULE_IP,
"[%s:%d] table[%s] rebuild interval_matcher engine failed when update %zu ip rules",
__FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_ip_matcher = ip_rt->ip_matcher; old_ip_matcher = ip_rt->ip_matcher;
ip_rt->ip_matcher = new_ip_matcher; ip_rt->ip_matcher = new_ip_matcher;
if (old_ip_matcher != NULL) { if (old_ip_matcher != NULL) {
maat_garbage_bagging(ip_rt->ref_garbage_bin, old_ip_matcher, maat_garbage_bagging(ip_rt->ref_garbage_bin, old_ip_matcher,
(void (*)(void*))ip_matcher_free); (void (*)(void *))ip_matcher_free);
} }
old_intval_matcher = ip_rt->intval_matcher;
ip_rt->intval_matcher = new_intval_matcher;
if (old_intval_matcher != NULL) {
maat_garbage_bagging(ip_rt->ref_garbage_bin, old_intval_matcher,
(void (*)(void *))interval_matcher_free);
}
rcu_hash_commit(ip_rt->item_htable); rcu_hash_commit(ip_rt->item_htable);
ip_rt->rule_num = rule_cnt; ip_rt->rule_num = rule_cnt;
@@ -473,50 +614,130 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name)
return ret; return ret;
} }
int validate_port(struct rcu_hash_table *htable, const char *key, size_t key_len,
uint16_t port, int proto)
{
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(htable, key, key_len);
if (NULL == ip_item) {
return -1;
}
uint16_t host_port = ntohs(port);
if (ip_item->min_port > host_port || ip_item->max_port < host_port) {
return -1;
}
if (ip_item->proto != -1 && ip_item->proto != proto) {
return -1;
}
return 0;
}
int validate_proto(struct rcu_hash_table *htable, const char *key, size_t key_len, int proto)
{
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(htable, key, key_len);
if (NULL == ip_item) {
return -1;
}
if (ip_item->proto != -1 && ip_item->proto != proto) {
return -1;
}
return 0;
}
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int vtable_id, struct maat_state *state) uint8_t *ip_addr, uint16_t port, int proto, int vtable_id,
struct maat_state *state)
{ {
if (0 == ip_rt->rule_num) { if (0 == ip_rt->rule_num) {
//empty ip table //empty ip table
return 0; return 0;
} }
int n_hit_item = 0;
struct scan_result scan_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; struct scan_result ip_results[MAX_SCANNER_HIT_ITEM_NUM] = {0};
/* if ip_addr = "0.0.0.0" means any ip */
int any_ip_flag = 0;
struct ip_data scan_data; struct ip_data scan_data;
if (ip_type == IPv4) { if (ip_type == IPv4) {
scan_data.type = IPv4; scan_data.type = IPv4;
scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr); scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr);
if (0 == scan_data.ipv4) {
any_ip_flag = 1;
}
} else { } else {
scan_data.type = IPv6; scan_data.type = IPv6;
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
scan_data.ipv6[i] = *((uint32_t *)ip_addr + i); scan_data.ipv6[i] = *((uint32_t *)ip_addr + i);
} }
ipv6_ntoh(scan_data.ipv6); ipv6_ntoh(scan_data.ipv6);
if (0 == scan_data.ipv6[0] && 0 == scan_data.ipv6[1] &&
0 == scan_data.ipv6[2] && 0 == scan_data.ipv6[3]) {
any_ip_flag = 1;
}
} }
n_hit_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data, scan_results, MAX_SCANNER_HIT_ITEM_NUM); int ret = 0;
if (n_hit_item <= 0) { size_t real_hit_index = 0;
return n_hit_item;
}
if (n_hit_item > MAX_SCANNER_HIT_ITEM_NUM) {
log_info(ip_rt->logger, MODULE_IP,
"hit ip item count:%d exceed maxium:%d",
n_hit_item, MAX_SCANNER_HIT_ITEM_NUM);
n_hit_item = MAX_SCANNER_HIT_ITEM_NUM;
}
long long hit_item_ids[MAX_SCANNER_HIT_ITEM_NUM]; long long hit_item_ids[MAX_SCANNER_HIT_ITEM_NUM];
memset(hit_item_ids, 0, sizeof(hit_item_ids)); memset(hit_item_ids, 0, sizeof(hit_item_ids));
for (int i = 0; i < n_hit_item; i++) { // any ip, so scan port+proto
hit_item_ids[i] = scan_results[i].rule_id; if (1 == any_ip_flag) {
struct interval_result port_results[MAX_SCANNER_HIT_ITEM_NUM] = {0};
uint16_t host_port = ntohs(port);
int n_hit_port_item = interval_matcher_match(ip_rt->intval_matcher, host_port,
port_results, MAX_SCANNER_HIT_ITEM_NUM);
if (n_hit_port_item <= 0) {
return n_hit_port_item;
}
if (n_hit_port_item > MAX_SCANNER_HIT_ITEM_NUM) {
log_info(ip_rt->logger, MODULE_IP,
"hit port item count:%d exceed maxium:%d",
n_hit_port_item, MAX_SCANNER_HIT_ITEM_NUM);
n_hit_port_item = MAX_SCANNER_HIT_ITEM_NUM;
}
for (size_t i = 0; i < n_hit_port_item; i++) {
long long item_id = port_results[i].rule_id;
ret = validate_proto(ip_rt->htable, (char *)&item_id, sizeof(item_id), proto);
if (ret < 0) {
continue;
}
hit_item_ids[real_hit_index++] = port_results[i].rule_id;
}
} else {
int n_hit_ip_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data,
ip_results, MAX_SCANNER_HIT_ITEM_NUM);
if (n_hit_ip_item <= 0) {
return n_hit_ip_item;
}
if (n_hit_ip_item > MAX_SCANNER_HIT_ITEM_NUM) {
log_info(ip_rt->logger, MODULE_IP,
"hit ip item count:%d exceed maxium:%d",
n_hit_ip_item, MAX_SCANNER_HIT_ITEM_NUM);
n_hit_ip_item = MAX_SCANNER_HIT_ITEM_NUM;
}
for (size_t i = 0; i < n_hit_ip_item; i++) {
long long item_id = ip_results[i].rule_id;
ret = validate_port(ip_rt->htable, (char *)&item_id, sizeof(item_id), port, proto);
if (ret < 0) {
continue;
}
hit_item_ids[real_hit_index++] = ip_results[i].rule_id;
}
} }
size_t group_hit_cnt = 0; size_t group_hit_cnt = 0;
int ret = maat_compile_state_update(ip_rt->item_htable, vtable_id, hit_item_ids, n_hit_item, ret = maat_compile_state_update(ip_rt->item_htable, vtable_id, hit_item_ids,
&group_hit_cnt, state); real_hit_index, &group_hit_cnt, state);
if (ret < 0) { if (ret < 0) {
return -1; return -1;
} }

14
src/maat_ip_plugin.c
View File

@@ -471,12 +471,14 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name)
struct ip_matcher *new_ip_matcher = NULL; struct ip_matcher *new_ip_matcher = NULL;
struct ip_matcher *old_ip_matcher = NULL; struct ip_matcher *old_ip_matcher = NULL;
new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_plugin_rt->logger); if (rule_cnt > 0) {
if (NULL == new_ip_matcher) { new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used, ip_plugin_rt->logger);
log_error(ip_plugin_rt->logger, MODULE_IP_PLUGIN, if (NULL == new_ip_matcher) {
"[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip_plugin rules", log_error(ip_plugin_rt->logger, MODULE_IP_PLUGIN,
__FUNCTION__, __LINE__, table_name, rule_cnt); "[%s:%d] table[%s] rebuild ip_matcher engine failed when update %zu ip_plugin rules",
ret = -1; __FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
}
} }
old_ip_matcher = ip_plugin_rt->ip_matcher; old_ip_matcher = ip_plugin_rt->ip_matcher;

68
src/maat_port.c
View File

@@ -1,68 +0,0 @@
/*
**********************************************************************************************
* File: maat_port.c
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#include "maat_port.h"
void *port_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger)
{
return NULL;
}
void port_schema_free(void *port_schema)
{
}
/* ip runtime API */
void *port_runtime_new(void *port_schema, int max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
return NULL;
}
void port_runtime_free(void *port_runtime)
{
}
int port_runtime_update(void *port_runtime, void *port_schema,
const char *line, int valid_column)
{
return 0;
}
int port_runtime_commit(void *port_runtime, const char *table_name)
{
return 0;
}
struct ex_data_runtime *port_runtime_get_ex_data_rt(struct port_runtime *port_rt)
{
return NULL;
}
int port_runtime_scan(struct port_runtime *port_rt, int thread_id, int port,
int proto, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state)
{
return 0;
}
void port_runtime_scan_hit_inc(struct port_runtime *port_rt, int thread_id)
{
}
long long port_runtime_scan_hit_sum(struct port_runtime *port_rt, int n_thread)
{
return 0;
}

19
src/maat_redis_monitor.c
View File

@@ -829,14 +829,18 @@ void maat_cmd_get_foreign_conts(redisContext *c, struct serial_rule *rule_list,
} }
} }
int invalidate_line(char *line, enum table_type table_type, int valid_column_seq) int invalidate_line(char *line, int column_seq)
{ {
int i = maat_cmd_get_valid_flag_offset(line, table_type, valid_column_seq); if (NULL == line || column_seq < 0) {
if (i < 0) { return -1;
}
int offset = maat_cmd_get_valid_flag_offset(line, column_seq);
if (offset < 0) {
return -1; return -1;
} }
line[i] = '0'; line[offset] = '0';
return 0; return 0;
} }
@@ -1354,7 +1358,6 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx,
int no_table_num = 0; int no_table_num = 0;
int call_update_num = 0; int call_update_num = 0;
int valid_column = -1; int valid_column = -1;
enum table_type table_type;
struct maat *maat_instance = (struct maat *)u_param; struct maat *maat_instance = (struct maat *)u_param;
//authorized to write //authorized to write
@@ -1464,12 +1467,8 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx,
} }
if (rule_list[i].op == MAAT_OP_DEL) { if (rule_list[i].op == MAAT_OP_DEL) {
//TODO: by luis
//scan_type = table_schema_get_scan_type(table_schema);
table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
//table_schema = table_schema_get_by_scan_type(maat_instance->table_schema_mgr, table_id, scan_type, NULL);
valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id); valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id);
ret = invalidate_line(rule_list[i].table_line, table_type, valid_column); ret = invalidate_line(rule_list[i].table_line, valid_column);
if (ret < 0) { if (ret < 0) {
log_error(maat_instance->logger, MODULE_REDIS_MONITOR, log_error(maat_instance->logger, MODULE_REDIS_MONITOR,
"[%s:%d] Invalidate line failed, invaid format %s", "[%s:%d] Invalidate line failed, invaid format %s",

10
src/maat_table.c
View File

@@ -122,15 +122,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.update_runtime = ip_runtime_update, .update_runtime = ip_runtime_update,
.commit_runtime = ip_runtime_commit .commit_runtime = ip_runtime_commit
}, },
{
.type = TABLE_TYPE_PORT,
.new_schema = NULL,
.free_schema = NULL,
.new_runtime = NULL,
.free_runtime = NULL,
.update_runtime = NULL,
.commit_runtime = NULL
},
{ {
.type = TABLE_TYPE_INTERVAL, .type = TABLE_TYPE_INTERVAL,
.new_schema = interval_schema_new, .new_schema = interval_schema_new,
@@ -269,7 +260,6 @@ static void register_reserved_word(struct maat_kv_store *reserved_word_map)
maat_kv_register(reserved_word_map, "intval", TABLE_TYPE_INTERVAL); maat_kv_register(reserved_word_map, "intval", TABLE_TYPE_INTERVAL);
maat_kv_register(reserved_word_map, "intval_plus", TABLE_TYPE_INTERVAL_PLUS); maat_kv_register(reserved_word_map, "intval_plus", TABLE_TYPE_INTERVAL_PLUS);
maat_kv_register(reserved_word_map, "ip_plus", TABLE_TYPE_IP_PLUS); maat_kv_register(reserved_word_map, "ip_plus", TABLE_TYPE_IP_PLUS);
maat_kv_register(reserved_word_map, "port", TABLE_TYPE_PORT);
maat_kv_register(reserved_word_map, "plugin", TABLE_TYPE_PLUGIN); maat_kv_register(reserved_word_map, "plugin", TABLE_TYPE_PLUGIN);
maat_kv_register(reserved_word_map, "ip_plugin", TABLE_TYPE_IP_PLUGIN); maat_kv_register(reserved_word_map, "ip_plugin", TABLE_TYPE_IP_PLUGIN);
maat_kv_register(reserved_word_map, "bool_plugin", TABLE_TYPE_BOOL_PLUGIN); maat_kv_register(reserved_word_map, "bool_plugin", TABLE_TYPE_BOOL_PLUGIN);

36
src/maat_utils.c
View File

@@ -415,21 +415,35 @@ size_t memcat(void **dest, size_t offset, size_t *n_dest, const void *src, size_
return n_src; return n_src;
} }
enum maat_ip_format ip_format_str2int(const char *format) enum ip_format ip_format_str2int(const char *format)
{ {
if (0 == strcasecmp(format, "range")) { if (0 == strcasecmp(format, "single")) {
return IP_FORMAT_SINGLE;
}else if (0 == strcasecmp(format, "range")) {
return IP_FORMAT_RANGE; return IP_FORMAT_RANGE;
} else if(0 == strcasecmp(format, "mask")) { } else if (0 == strcasecmp(format, "CIDR")) {
return IP_FORMAT_MASK;
} else if(0 == strcasecmp(format, "CIDR")) {
return IP_FORMAT_CIDR; return IP_FORMAT_CIDR;
} else { } else if (0 == strcasecmp(format, "mask")) {
return IP_FORMAT_MASK;
} else {
assert(0); assert(0);
} }
return IP_FORMAT_UNKNOWN; return IP_FORMAT_UNKNOWN;
} }
int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2, enum port_format port_format_str2int(const char *format)
{
if (0 == strcasecmp(format, "single")) {
return PORT_FORMAT_SINGLE;
} else if (0 == strcasecmp(format, "range")) {
return PORT_FORMAT_RANGE;
} else {
assert(0);
}
return PORT_FORMAT_UNKNOWN;
}
int ip_format2range(int ip_type, enum ip_format format, const char *ip1, const char *ip2,
uint32_t range_begin[], uint32_t range_end[]) uint32_t range_begin[], uint32_t range_end[])
{ {
int cidr = 0; int cidr = 0;
@@ -451,6 +465,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
uint32_t ipv4_range_end = 0; uint32_t ipv4_range_end = 0;
uint32_t ipv4_mask = 0; uint32_t ipv4_mask = 0;
switch (format) { switch (format) {
case IP_FORMAT_SINGLE:
case IP_FORMAT_RANGE: case IP_FORMAT_RANGE:
range_begin[0] = ipv4_addr; range_begin[0] = ipv4_addr;
ret = inet_pton(AF_INET, ip2, &ipv4_range_end); ret = inet_pton(AF_INET, ip2, &ipv4_range_end);
@@ -460,8 +475,8 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
ipv4_range_end = ntohl(ipv4_range_end); ipv4_range_end = ntohl(ipv4_range_end);
range_end[0] = ipv4_range_end; range_end[0] = ipv4_range_end;
break; break;
case IP_FORMAT_MASK: case IP_FORMAT_MASK:
ret = inet_pton(AF_INET, ip2, &ipv4_mask); ret = inet_pton(AF_INET, ip2, &ipv4_mask);
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
@@ -495,6 +510,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
ipv6_ntoh(ipv6_addr); ipv6_ntoh(ipv6_addr);
switch (format) { switch (format) {
case IP_FORMAT_SINGLE:
case IP_FORMAT_RANGE: case IP_FORMAT_RANGE:
ret = inet_pton(AF_INET6, ip2, ipv6_range_end); ret = inet_pton(AF_INET6, ip2, ipv6_range_end);
if (ret <= 0) { if (ret <= 0) {
@@ -505,7 +521,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr)); memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr));
memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end)); memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end));
break; break;
case IP_FORMAT_MASK: case IP_FORMAT_MASK:
ret = inet_pton(AF_INET6, ip2, ipv6_mask); ret = inet_pton(AF_INET6, ip2, ipv6_mask);
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;

638
test/maat_framework_gtest.cpp
View File

@@ -232,8 +232,8 @@ int expr_table_set_line(struct maat *maat_instance, const char *table_name, enum
} }
int ip_table_set_line(struct maat *maat_instance, const char *table_name, enum maat_operation op, int ip_table_set_line(struct maat *maat_instance, const char *table_name, enum maat_operation op,
long long item_id, long long group_id, enum IP_TYPE type, const char *saddr_format, long long item_id, long long group_id, enum IP_TYPE type, const char *ip1,
const char *src_ip, const char *src_ip_mask, int expire_after) const char *ip2, uint16_t port_min, uint16_t port_max, int expire_after)
{ {
char table_line[1024] = {0}; char table_line[1024] = {0};
int table_id = maat_get_table_id(maat_instance, table_name); int table_id = maat_get_table_id(maat_instance, table_name);
@@ -249,10 +249,10 @@ int ip_table_set_line(struct maat *maat_instance, const char *table_name, enum m
ip_type = 6; ip_type = 6;
} }
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%s\t%s\t%s\t0\t65535\t%s\t%s\t%s\t%s\t0\t65535\t6\t0\t%d", sprintf(table_line, "%lld\t%lld\t%d\t%s\t%s\t%s\t%s\t%u\t%u\t6\t%d", item_id, group_id, ip_type,
item_id, group_id, ip_type, saddr_format, src_ip, src_ip_mask, "range", "range", "0.0.0.0", "range", ip1, ip2, "range", port_min, port_max, op);
"255.255.255.255", "range", op);
struct maat_cmd_line line_rule; struct maat_cmd_line line_rule;
line_rule.rule_id = item_id; line_rule.rule_id = item_id;
line_rule.table_line = table_line; line_rule.table_line = table_line;
line_rule.table_name = table_name; line_rule.table_name = table_name;
@@ -1083,7 +1083,29 @@ TEST_F(MaatStringScan, OffsetChunk1460) {
maat_state_free(state); maat_state_free(state);
state = NULL; state = NULL;
} }
#if 0
TEST_F(MaatStringScan, GBKEncodedURL) {
const char *table_name = "HTTP_URL";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
struct maat *maat_instance = MaatStringScan::_shared_maat_instance;
struct maat_state *state = maat_state_new(maat_instance, thread_id);
const char *url_gb2312 = "www.baidu.com/?wd=C%23%D6%D0%B9%FA";
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
int ret = maat_scan_string(maat_instance, table_id, thread_id, url_gb2312,
strlen(url_gb2312), results, ARRAY_SIZE, &n_hit_result,
state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 129);
maat_state_free(state);
state = NULL;
}
#endif
TEST_F(MaatStringScan, StreamInput) { TEST_F(MaatStringScan, StreamInput) {
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
@@ -1225,7 +1247,7 @@ protected:
struct maat *MaatIPScan::_shared_maat_instance; struct maat *MaatIPScan::_shared_maat_instance;
struct log_handle *MaatIPScan::logger; struct log_handle *MaatIPScan::logger;
TEST_F(MaatIPScan, IPv4) { TEST_F(MaatIPScan, IPv4_IPPort) {
const char *table_name = "IP_PLUS_CONFIG"; const char *table_name = "IP_PLUS_CONFIG";
struct maat *maat_instance = MaatIPScan::_shared_maat_instance; struct maat *maat_instance = MaatIPScan::_shared_maat_instance;
int thread_id = 0; int thread_id = 0;
@@ -1237,12 +1259,14 @@ TEST_F(MaatIPScan, IPv4) {
uint32_t sip; uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip); int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
uint16_t port = htons(65529);
int proto = 6;
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_instance, thread_id); struct maat_state *state = maat_state_new(maat_instance, thread_id);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto,
&n_hit_result, state); results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 154); EXPECT_EQ(results[0], 154);
@@ -1250,7 +1274,41 @@ TEST_F(MaatIPScan, IPv4) {
state = NULL; state = NULL;
} }
TEST_F(MaatIPScan, IPv6) { TEST_F(MaatIPScan, IPv4_Port) {
const char *table_name = "IP_PLUS_CONFIG";
struct maat *maat_instance = MaatIPScan::_shared_maat_instance;
int thread_id = 0;
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
char ip_str[32] = "0.0.0.0";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1);
uint16_t port = htons(65528);
int proto = 6;
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_instance, thread_id);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto,
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_state_reset(state);
port = htons(65529);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto,
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 154);
maat_state_free(state);
state = NULL;
}
TEST_F(MaatIPScan, IPv6_IPPort) {
const char *table_name = "IP_PLUS_CONFIG"; const char *table_name = "IP_PLUS_CONFIG";
struct maat *maat_instance = MaatIPScan::_shared_maat_instance; struct maat *maat_instance = MaatIPScan::_shared_maat_instance;
int thread_id = 0; int thread_id = 0;
@@ -1260,12 +1318,14 @@ TEST_F(MaatIPScan, IPv6) {
uint8_t sip[16]; uint8_t sip[16];
int ret = inet_pton(AF_INET6, ip_str, &sip); int ret = inet_pton(AF_INET6, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
uint16_t port = htons(65510);
int proto = 6;
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_instance, thread_id); struct maat_state *state = maat_state_new(maat_instance, thread_id);
ret = maat_scan_ipv6(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv6(maat_instance, table_id, thread_id, sip, port, proto,
&n_hit_result, state); results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 155); EXPECT_EQ(results[0], 155);
@@ -1284,12 +1344,14 @@ TEST_F(MaatIPScan, dynamic_config) {
uint32_t sip; uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip); int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
uint16_t port = htons(100);
int proto = 6;
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_instance, thread_id); struct maat_state *state = maat_state_new(maat_instance, thread_id);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto,
&n_hit_result, state); results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0); EXPECT_EQ(n_hit_result, 0);
maat_state_reset(state); maat_state_reset(state);
@@ -1299,25 +1361,26 @@ TEST_F(MaatIPScan, dynamic_config) {
/* compile table add line */ /* compile table add line */
long long compile_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1); long long compile_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1);
ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_ADD, compile_id, NULL, 1, 0); ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_ADD,
compile_id, NULL, 1, 0);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
/* group2compile table add line */ /* group2compile table add line */
long long group_id = maat_cmd_incrby(maat_instance, "SEQUENCE_GROUP", 1); long long group_id = maat_cmd_incrby(maat_instance, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_instance, g2c_table_name, MAAT_OP_ADD, group_id, ret = group2compile_table_set_line(maat_instance, g2c_table_name, MAAT_OP_ADD,
compile_id, 0, "null", 1, 0); group_id, compile_id, 0, "null", 1, 0);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
/* ip table add line */ /* ip table add line */
long long item_id = maat_cmd_incrby(maat_instance, "SEQUENCE_REGION", 1); long long item_id = maat_cmd_incrby(maat_instance, "SEQUENCE_REGION", 1);
ret = ip_table_set_line(maat_instance, table_name, MAAT_OP_ADD, item_id, group_id, ret = ip_table_set_line(maat_instance, table_name, MAAT_OP_ADD, item_id, group_id,
IPv4, "range", "100.100.100.100", "100.100.100.100", 0); IPv4, "100.100.100.100", "100.100.100.100", 100, 100, 0);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2); sleep(WAIT_FOR_EFFECTIVE_S * 2);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, results,
&n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], compile_id); EXPECT_EQ(results[0], compile_id);
@@ -1325,7 +1388,7 @@ TEST_F(MaatIPScan, dynamic_config) {
/* ip table del line */ /* ip table del line */
ret = ip_table_set_line(maat_instance, table_name, MAAT_OP_DEL, item_id, group_id, ret = ip_table_set_line(maat_instance, table_name, MAAT_OP_DEL, item_id, group_id,
IPv4, "range", "100.100.100.100", "100.100.100.100", 0); IPv4, "100.100.100.100", "100.100.100.100", 100, 100, 0);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
/* group2compile table del line */ /* group2compile table del line */
@@ -1334,13 +1397,14 @@ TEST_F(MaatIPScan, dynamic_config) {
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
/* compile table del line */ /* compile table del line */
ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_DEL, compile_id, NULL, 1, 0); ret = compile_table_set_line(maat_instance, compile_table_name, MAAT_OP_DEL,
compile_id, NULL, 1, 0);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2); sleep(WAIT_FOR_EFFECTIVE_S * 2);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, results,
&n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_state_free(state); maat_state_free(state);
@@ -1592,12 +1656,14 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) {
uint32_t sip; uint32_t sip;
inet_pton(AF_INET, "10.0.8.186", &sip); inet_pton(AF_INET, "10.0.8.186", &sip);
uint16_t port = htons(18611);
int proto = 6;
int hit_table_id = maat_get_table_id(maat_instance, hit_table_name); int hit_table_id = maat_get_table_id(maat_instance, hit_table_name);
ASSERT_GT(hit_table_id, 0); ASSERT_GT(hit_table_id, 0);
ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip, ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip,
results, ARRAY_SIZE, &n_hit_result, state); port, proto, results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
int empty_table_id = maat_get_table_id(maat_instance, empty_table_name); int empty_table_id = maat_get_table_id(maat_instance, empty_table_name);
@@ -1635,11 +1701,13 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) {
uint32_t sip; uint32_t sip;
inet_pton(AF_INET, "10.0.8.187", &sip); inet_pton(AF_INET, "10.0.8.187", &sip);
uint16_t port = htons(18611);
int proto = 6;
int hit_table_id = maat_get_table_id(maat_instance, hit_table_name); int hit_table_id = maat_get_table_id(maat_instance, hit_table_name);
ASSERT_GT(hit_table_id, 0); ASSERT_GT(hit_table_id, 0);
ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip, ret = maat_scan_ipv4(maat_instance, hit_table_id, thread_id, sip, port, proto,
results, ARRAY_SIZE, &n_hit_result, state); results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
@@ -1674,13 +1742,15 @@ TEST_F(NOTLogic, ScanNotIP) {
uint32_t sip; uint32_t sip;
inet_pton(AF_INET, "10.0.6.205", &sip); inet_pton(AF_INET, "10.0.6.205", &sip);
uint16_t port = htons(50001);
int proto = 6;
int not_hit_table_id = maat_get_table_id(maat_instance, not_hit_table_name); int not_hit_table_id = maat_get_table_id(maat_instance, not_hit_table_name);
ASSERT_GT(not_hit_table_id, 0); ASSERT_GT(not_hit_table_id, 0);
maat_state_set_last_scan(state); maat_state_set_last_scan(state);
ret = maat_scan_ipv4(maat_instance, not_hit_table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_instance, not_hit_table_id, thread_id, sip, port, proto,
&n_hit_result, state); results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(state); maat_state_free(state);
state = NULL; state = NULL;
@@ -1927,7 +1997,7 @@ struct ip_plugin_ud {
char *buffer; char *buffer;
int ref_cnt; int ref_cnt;
}; };
void ip_plugin_EX_new_cb(int table_id, const char *key, const char *table_line, void ip_plugin_ex_new_cb(int table_id, const char *key, const char *table_line,
void **ad, long argl, void *argp) void **ad, long argl, void *argp)
{ {
int *counter = (int *)argp; int *counter = (int *)argp;
@@ -1949,7 +2019,7 @@ void ip_plugin_EX_new_cb(int table_id, const char *key, const char *table_line,
(*counter)++; (*counter)++;
} }
void ip_plugin_EX_free_cb(int table_id, void **ad, long argl, void *argp) void ip_plugin_ex_free_cb(int table_id, void **ad, long argl, void *argp)
{ {
struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*ad); struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*ad);
if ((__sync_sub_and_fetch(&ud->ref_cnt, 1) == 0)) { if ((__sync_sub_and_fetch(&ud->ref_cnt, 1) == 0)) {
@@ -1959,7 +2029,7 @@ void ip_plugin_EX_free_cb(int table_id, void **ad, long argl, void *argp)
} }
} }
void ip_plugin_EX_dup_cb(int table_id, void **to, void **from, long argl, void *argp) void ip_plugin_ex_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
{ {
struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*from); struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*from);
__sync_add_and_fetch(&(ud->ref_cnt), 1); __sync_add_and_fetch(&(ud->ref_cnt), 1);
@@ -1975,9 +2045,9 @@ TEST_F(IPPluginTable, EX_DATA) {
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
int ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, int ret = maat_plugin_table_ex_schema_register(maat_instance, table_id,
ip_plugin_EX_new_cb, ip_plugin_ex_new_cb,
ip_plugin_EX_free_cb, ip_plugin_ex_free_cb,
ip_plugin_EX_dup_cb, ip_plugin_ex_dup_cb,
0, &ip_plugin_ex_data_counter); 0, &ip_plugin_ex_data_counter);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(ip_plugin_ex_data_counter, 5); EXPECT_EQ(ip_plugin_ex_data_counter, 5);
@@ -1996,7 +2066,7 @@ TEST_F(IPPluginTable, EX_DATA) {
int i = 0; int i = 0;
for (i = 0; i < ret; i++) { for (i = 0; i < ret; i++) {
ip_plugin_EX_free_cb(0, (void**)&(results[i]), 0, NULL); ip_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL);
} }
struct ip_addr ipv6; struct ip_addr ipv6;
@@ -2011,7 +2081,7 @@ TEST_F(IPPluginTable, EX_DATA) {
EXPECT_EQ(results[1]->rule_id, 103); EXPECT_EQ(results[1]->rule_id, 103);
for (i = 0; i < ret; i++) { for (i = 0; i < ret; i++) {
ip_plugin_EX_free_cb(0, (void**)&(results[i]), 0, NULL); ip_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL);
} }
//Reproduce BugReport-Liumengyan-20210515 //Reproduce BugReport-Liumengyan-20210515
@@ -2870,6 +2940,11 @@ int test_add_expr_command(struct maat *maat_instance, const char *expr_table,
return ret; return ret;
} }
int del_command(struct maat *maat_instance, int compile_id)
{
return compile_table_set_line(maat_instance, "COMPILE", MAAT_OP_DEL, compile_id, NULL, 1, 0);
}
#if 0 #if 0
TEST_F(MaatCmdTest, HitPath) { TEST_F(MaatCmdTest, HitPath) {
const char *g2g_table_name = "GROUP2GROUP"; const char *g2g_table_name = "GROUP2GROUP";
@@ -2935,25 +3010,29 @@ TEST_F(MaatCmdTest, SetIP) {
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
/* item table add line */ /* item table add line */
const char *src_ip = "172.0.0.1"; const char *ip1 = "172.0.0.1";
const char *src_ip_mask = "255.255.255.255"; const char *ip2 = "172.0.0.1";
uint16_t port_min = 53331;
uint16_t port_max = 53331;
long long item_id = maat_cmd_incrby(maat_instance, "SEQUENCE_REGION", 1); long long item_id = maat_cmd_incrby(maat_instance, "SEQUENCE_REGION", 1);
ret = ip_table_set_line(maat_instance, ip_table_name, MAAT_OP_ADD, item_id, group_id, ret = ip_table_set_line(maat_instance, ip_table_name, MAAT_OP_ADD, item_id, group_id,
IPv4, "mask", src_ip, src_ip_mask, 0); IPv4, ip1, ip2, port_min, port_max, 0);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
version_before = maat_cmd_get_config_version(maat_instance); version_before = maat_cmd_get_config_version(maat_instance);
wait_for_cmd_effective(maat_instance, version_before); wait_for_cmd_effective(maat_instance, version_before);
uint32_t sip; uint32_t sip;
ret = inet_pton(AF_INET, src_ip, &sip); ret = inet_pton(AF_INET, ip1, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
uint16_t port = htons(53331);
int proto = 6;
int table_id = maat_get_table_id(maat_instance, ip_table_name); int table_id = maat_get_table_id(maat_instance, ip_table_name);
ASSERT_GE(table_id, 0); ASSERT_GE(table_id, 0);
ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_instance, table_id, thread_id, sip, port, proto, results,
&n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], compile_id); EXPECT_EQ(results[0], compile_id);
@@ -3088,6 +3167,153 @@ TEST_F(MaatCmdTest, SetExpr8) {
state = NULL; state = NULL;
} }
TEST_F(MaatCmdTest, RuleIDRecycle) {
const char *table_name = "HTTP_URL";
const char *scan_data = "Reuse rule ID is allowed.";
const char *keywords = "Reuse&rule";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
struct maat *maat_instance = MaatCmdTest::_shared_maat_instance;
struct maat_state *state = maat_state_new(maat_instance, thread_id);
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
long long rule_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1);
test_add_expr_command(maat_instance, table_name, rule_id, 0, keywords);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
int ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
maat_state_reset(state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], rule_id);
del_command(maat_instance, rule_id);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
maat_state_reset(state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
test_add_expr_command(maat_instance, table_name, rule_id, 0, keywords);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
memset(results, 0, sizeof(results));
ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
maat_state_free(state);
state = NULL;
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], rule_id);
}
TEST_F(MaatCmdTest, ReturnRuleIDWithDescendingOrder) {
const char *table_name = "HTTP_URL";
const char *scan_data = "This string will hit mulptiple rules.";
const char *keywords = "string\\bwill\\bhit";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
struct maat *maat_instance = MaatCmdTest::_shared_maat_instance;
struct maat_state *state = maat_state_new(maat_instance, thread_id);
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
int i = 0;
int repeat_times = 4;
long long expect_rule_id[ARRAY_SIZE] = {0};
long long rule_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", repeat_times);
for (i = 0; i < repeat_times; i++) {
//add in ascending order
expect_rule_id[i] = rule_id + 1 - repeat_times + i;
test_add_expr_command(maat_instance, table_name, expect_rule_id[i], 0, keywords);
}
sleep(WAIT_FOR_EFFECTIVE_S * 2);
memset(results, 0, sizeof(results));
int ret = maat_scan_string(maat_instance, table_id, thread_id, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
maat_state_free(state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, repeat_times);
for (i = 0; i < repeat_times; i++) {
EXPECT_EQ(results[i], expect_rule_id[repeat_times -i - 1]);
}
}
TEST_F(MaatCmdTest, SubGroup) {
}
TEST_F(MaatCmdTest, RefGroup) {
}
TEST_F(MaatCmdTest, VirtualTable) {
}
TEST_F(MaatCmdTest, SetLines) {
int i = 0;
const int TEST_CMD_LINE_NUM = 4;
const char *table_name = "QD_ENTRY_INFO";
struct maat_cmd_line line_rule;
struct maat *maat_instance = MaatCmdTest::_shared_maat_instance;
long long expect_rule_id[TEST_CMD_LINE_NUM] = {0};
const char *table_line_add[TEST_CMD_LINE_NUM] = {
"1\t192.168.0.1\t100\t1",
"1\t192.168.0.1\t101\t1",
"1\t192.168.0.1\t102\t1",
"1\t192.168.0.1\t103\t1",
};
const char *table_line_del[TEST_CMD_LINE_NUM] = {
"1\t192.168.0.1\t100\t0",
"1\t192.168.0.1\t101\t0",
"1\t192.168.0.1\t102\t0",
"1\t192.168.0.1\t103\t0",
};
int ret = 0;
for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
expect_rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.rule_id = expect_rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = expect_rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_del[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
}
TEST_F(MaatCmdTest, PauseUpdate) {
}
TEST_F(MaatCmdTest, SetFile) {
}
struct user_info { struct user_info {
char name[256]; char name[256];
char ip_addr[32]; char ip_addr[32];
@@ -3140,50 +3366,23 @@ TEST_F(MaatCmdTest, PluginEXData) {
int table_id = maat_get_table_id(maat_instance, table_name); int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
long long item_id = -1; int i = 0, ret = 0;
struct maat_cmd_line line_rule; struct maat_cmd_line line_rule;
long long rule_id[TEST_CMD_LINE_NUM] = {0};
/* 1st line */ /* 1st line */
memset(&line_rule, 0, sizeof(line_rule)); for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1); memset(&line_rule, 0, sizeof(line_rule));
line_rule.table_name = table_name; rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.table_line = table_line_add[0]; line_rule.rule_id = rule_id[i];
line_rule.expire_after = 0; line_rule.table_name = table_name;
line_rule.table_line = table_line_add[i];
line_rule.expire_after = 0;
int ret = maat_cmd_set_line(maat_instance, &line_rule); ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0); EXPECT_GT(ret, 0);
}
/* 2nd line */
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[1];
line_rule.expire_after = 0;
item_id = line_rule.rule_id;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
/* 3rd line */
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[2];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
/* 4th line */
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[3];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
sleep(WAIT_FOR_EFFECTIVE_S); sleep(WAIT_FOR_EFFECTIVE_S * 2);
int ex_data_counter = 0; int ex_data_counter = 0;
ret = maat_plugin_table_ex_schema_register(maat_instance, table_id, ret = maat_plugin_table_ex_schema_register(maat_instance, table_id,
plugin_ex_new_cb, plugin_ex_new_cb,
@@ -3203,7 +3402,7 @@ TEST_F(MaatCmdTest, PluginEXData) {
plugin_ex_free_cb(table_id, (void**)&uinfo, 0, NULL); plugin_ex_free_cb(table_id, (void**)&uinfo, 0, NULL);
memset(&line_rule, 0, sizeof(line_rule)); memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = item_id; line_rule.rule_id = rule_id[1];
line_rule.table_name = table_name; line_rule.table_name = table_name;
line_rule.table_line = table_line_del[1]; line_rule.table_line = table_line_del[1];
line_rule.expire_after = 0; line_rule.expire_after = 0;
@@ -3218,6 +3417,281 @@ TEST_F(MaatCmdTest, PluginEXData) {
ASSERT_TRUE(uinfo == NULL); ASSERT_TRUE(uinfo == NULL);
} }
TEST_F(MaatCmdTest, UpdateIPPlugin) {
const char *table_name = "TEST_IP_PLUGIN_WITH_EXDATA";
const int TEST_CMD_LINE_NUM = 4;
struct maat *maat_instance = MaatCmdTest::_shared_maat_instance;
const char *table_line_add[TEST_CMD_LINE_NUM] = {
"101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t1\trange",
"102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t1\trange",
"103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t1\trange",
"104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t1\trange"};
const char *table_line_del[TEST_CMD_LINE_NUM] = {
"101\t4\t192.168.30.99\t192.168.30.101\tSomething-like-json\t0\trange",
"102\t4\t192.168.30.90\t192.168.30.128\tBigger-range-should-in-the-back\t0\trange",
"103\t6\t2001:db8:1234::\t2001:db8:1235::\tBigger-range-should-in-the-back\t0\trange",
"104\t6\t2001:db8:1234::1\t2001:db8:1234::5210\tSomething-like-json\t0\trange"};
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
int i = 0, ret = 0;
struct maat_cmd_line line_rule;
long long rule_id[TEST_CMD_LINE_NUM] = {0};
//add lines
for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.rule_id = rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
sleep(WAIT_FOR_EFFECTIVE_S);
int ex_data_counter = 0;
ret = maat_plugin_table_ex_schema_register(maat_instance, table_id,
ip_plugin_ex_new_cb,
ip_plugin_ex_free_cb,
ip_plugin_ex_dup_cb,
0, &ex_data_counter);
ASSERT_TRUE(ret >= 0);
EXPECT_EQ(ex_data_counter, TEST_CMD_LINE_NUM);
struct ip_addr ipv4, ipv6;
struct ip_plugin_ud *results[ARRAY_SIZE];
ipv4.ip_type = 4;
inet_pton(AF_INET, "192.168.30.100", &(ipv4.ipv4));
memset(results, 0, sizeof(results));
ret = maat_ip_plugin_table_get_ex_data(maat_instance, table_id, &ipv4, (void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 2);
EXPECT_EQ(results[0]->rule_id, 101);
EXPECT_EQ(results[1]->rule_id, 102);
for (i = 0; i < ret; i++) {
ip_plugin_ex_free_cb(table_id, (void **)&(results[i]), 0, NULL);
}
ipv6.ip_type = 6;
inet_pton(AF_INET6, "2001:db8:1234::5210", &(ipv6.ipv6));
memset(results, 0, sizeof(results));
ret = maat_ip_plugin_table_get_ex_data(maat_instance, table_id, &ipv6, (void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 2);
EXPECT_EQ(results[0]->rule_id, 104);
EXPECT_EQ(results[1]->rule_id, 103);
for (i = 0; i < ret; i++) {
ip_plugin_ex_free_cb(table_id, (void **)&(results[i]), 0, NULL);
}
//del lines
for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_del[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
sleep(WAIT_FOR_EFFECTIVE_S * 2);
memset(results, 0, sizeof(results));
ret = maat_ip_plugin_table_get_ex_data(maat_instance, table_id, &ipv4, (void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 0);
}
TEST_F(MaatCmdTest, UpdateFQDNPlugin) {
const char *table_name = "TEST_FQDN_PLUGIN_WITH_EXDATA";
const int TEST_CMD_LINE_NUM = 5;
struct maat *maat_instance = MaatCmdTest::_shared_maat_instance;
const char *table_line_add[TEST_CMD_LINE_NUM]={
"201\t0\twww.example1.com\tcatid=1\t1",
"202\t1\t.example1.com\tcatid=1\t1",
"203\t0\tnews.example1.com\tcatid=2\t1",
"204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1",
"205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t1"};
const char *table_line_del[TEST_CMD_LINE_NUM]={
"201\t0\twww.example1.com\tcatid=1\t0",
"202\t1\t.example1.com\tcatid=1\t0",
"203\t0\tnews.example1.com\tcatid=2\t0",
"204\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t0",
"205\t0\tr3---sn-i3belne6.example2.com\tcatid=3\t0"};
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
int i = 0, ret = 0;
long long rule_id[TEST_CMD_LINE_NUM] = {0};
struct maat_cmd_line line_rule;
//add lines
for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.rule_id = rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
sleep(WAIT_FOR_EFFECTIVE_S * 2);
int ex_data_counter = 0;
ret = maat_plugin_table_ex_schema_register(maat_instance, table_id,
fqdn_plugin_ex_new_cb,
fqdn_plugin_ex_free_cb,
fqdn_plugin_ex_dup_cb,
0, &ex_data_counter);
ASSERT_TRUE(ret >= 0);
EXPECT_EQ(ex_data_counter, 5);
struct fqdn_plugin_ud *results[ARRAY_SIZE];
memset(results, 0, sizeof(results));
ret = maat_fqdn_plugin_table_get_ex_data(maat_instance, table_id,
"r3---sn-i3belne6.example2.com",
(void**)results, ARRAY_SIZE);
ASSERT_EQ(ret, 2);
for (i = 0; i < ret; i++) {
fqdn_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL);
}
//del lines
for (i = 3; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_del[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
sleep(WAIT_FOR_EFFECTIVE_S);
ret = maat_fqdn_plugin_table_get_ex_data(maat_instance, table_id,
"r3---sn-i3belne6.example2.com",
(void**)results, ARRAY_SIZE);
ASSERT_EQ(ret, 0);
}
TEST_F(MaatCmdTest, UpdateBoolPlugin) {
const char *table_name = "TEST_BOOL_PLUGIN_WITH_EXDATA";
const int TEST_CMD_LINE_NUM = 6;
struct maat *maat_instance = MaatCmdTest::_shared_maat_instance;
const char *table_line_add[TEST_CMD_LINE_NUM] = {
"301\t1&2&1000\ttunnel1\t1",
"302\t101&102\ttunnel2\t1",
"303\t102\ttunnel3\t1",
"304\t101\ttunnel4\t1",
"305\t0&1&2&3&4&5&6&7\ttunnel5\t1",
"306\t101&101\tinvalid\t1"};
const char *table_line_del[TEST_CMD_LINE_NUM] = {
"301\t1&2&1000\ttunnel1\t0",
"302\t101&102\ttunnel2\t0",
"303\t102\ttunnel3\t0",
"304\t101\ttunnel4\t0",
"305\t0&1&2&3&4&5&6&7\ttunnel5\t0",
"306\t101&101\tinvalid\t0"};
int table_id = maat_get_table_id(maat_instance, table_name);
ASSERT_GT(table_id, 0);
long long rule_id[TEST_CMD_LINE_NUM] = {0};
struct maat_cmd_line line_rule;
int i = 0, ret = 0;
for (i = 0; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
rule_id[i] = maat_cmd_incrby(maat_instance, "TEST_PLUG_SEQ", 1);
line_rule.rule_id = rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_add[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
sleep(WAIT_FOR_EFFECTIVE_S);
int ex_data_counter = 0;
ret = maat_plugin_table_ex_schema_register(maat_instance, table_id,
bool_plugin_ex_new_cb,
bool_plugin_ex_free_cb,
bool_plugin_ex_dup_cb,
0, &ex_data_counter);
ASSERT_TRUE(ret>=0);
EXPECT_EQ(ex_data_counter, 6);
unsigned long long items[] = {101, 102, 1000};
struct bool_plugin_ud *results[ARRAY_SIZE];
memset(results, 0, sizeof(results));
ret = maat_bool_plugin_table_get_ex_data(maat_instance, table_id, items, 3,
(void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 4);
for (i = 0; i < ret; i++) {
bool_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL);
}
for (i = 3; i < TEST_CMD_LINE_NUM; i++) {
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = rule_id[i];
line_rule.table_name = table_name;
line_rule.table_line = table_line_del[i];
line_rule.expire_after = 0;
ret = maat_cmd_set_line(maat_instance, &line_rule);
EXPECT_GT(ret, 0);
}
sleep(WAIT_FOR_EFFECTIVE_S);
memset(results, 0, sizeof(results));
ret = maat_bool_plugin_table_get_ex_data(maat_instance, table_id, items, 3,
(void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 2);
for (i = 0; i < ret; i++) {
bool_plugin_ex_free_cb(0, (void**)&(results[i]), 0, NULL);
}
}
TEST_F(MaatCmdTest, GroupInMassCompiles) {
}
TEST_F(MaatCmdTest, HitPath) {
}
TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419) {
}
TEST_F(MaatCmdTest, GroupEdit) {
}
TEST_F(MaatCmdTest, CompileDelete_TSG6548) {
}
TEST_F(MaatCmdTest, UpdateDeadLockDetection) {
}
TEST_F(MaatCmdTest, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
}
int main(int argc, char ** argv) int main(int argc, char ** argv)
{ {
int ret=0; int ret=0;

1509
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

37
test/table_info.conf
View File

@@ -8,8 +8,7 @@
"custom": { "custom": {
"compile_id":1, "compile_id":1,
"tags":6, "tags":6,
"clause_num":9, "clause_num":9
"evaluation_order":10
} }
}, },
{ {
@@ -35,8 +34,7 @@
"custom": { "custom": {
"compile_id":1, "compile_id":1,
"tags":6, "tags":6,
"clause_num":9, "clause_num":9
"evaluation_order":10
} }
}, },
{ {
@@ -96,14 +94,18 @@
"table_id":7, "table_id":7,
"table_name":"IP_CONFIG", "table_name":"IP_CONFIG",
"table_type":"ip_plus", "table_type":"ip_plus",
"valid_column":18, "valid_column":11,
"custom": { "custom": {
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"addr_type":3, "addr_type":3,
"saddr_format":4, "addr_format":4,
"sip1":5, "ip1":5,
"sip2":6 "ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
} }
}, },
{ {
@@ -122,7 +124,12 @@
"table_id":9, "table_id":9,
"table_name":"QD_ENTRY_INFO", "table_name":"QD_ENTRY_INFO",
"table_type":"plugin", "table_type":"plugin",
"valid_column":4 "valid_column":4,
"custom": {
"key_type":"integer",
"key":1,
"tag":5
}
}, },
{ {
"table_id":10, "table_id":10,
@@ -246,14 +253,18 @@
"table_id":19, "table_id":19,
"table_name":"IP_PLUS_CONFIG", "table_name":"IP_PLUS_CONFIG",
"table_type":"ip_plus", "table_type":"ip_plus",
"valid_column":18, "valid_column":11,
"custom": { "custom": {
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"addr_type":3, "addr_type":3,
"saddr_format":4, "addr_format":4,
"sip1":5, "ip1":5,
"sip2":6 "ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
} }
}, },
{ {