gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

framework work well

Browse Source
This commit is contained in:
liuwentan
2022-11-25 16:32:29 +08:00
parent 2a83517894
commit 7e6d131c9e
51 changed files with 3499 additions and 3139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
src/inc_internal/adapter_hs.h
View File

@@ -1,103 +0,0 @@
/*
**********************************************************************************************
* File: adapter_hs.h
* Description: wrapper for raw hyperscan
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#ifndef _ADAPTER_HS_H_
#define _ADAPTER_HS_H_
#ifdef __cpluscplus
extern "C"
{
#endif
#include <stddef.h>
#include <stdint.h>
#define MAX_EXPR_PATTERN_NUM 8
struct adapter_hs;
/* scan mode */
enum {
SCAN_MODE_BLOCK = 1,
SCAN_MODE_STREAM,
};
/* pattern type: PATTERN_TYPE_STR(pure literal string) or PATTERN_TYPE_REG(regex expression) */
enum {
PATTERN_TYPE_STR = 1,
PATTERN_TYPE_REG,
};
typedef struct {
/* pattern type */
int type;
/* start pointer of pattern */
char *pat;
/* pattern length */
size_t pat_len;
} scan_pattern_t;
/* logic AND expression, such as (pattern1 & pattern2) */
typedef struct {
uint32_t expr_id;
size_t n_patterns;
scan_pattern_t patterns[MAX_EXPR_PATTERN_NUM];
} and_expr_t;
/**
* @brief initialize adapter_hs instance
*
* @param scan_mode: the following scan as block or stream mode
* @param nr_worker_threads: the number of scan threads which will call adapter_hs_scan()
* @param expr_array: logic AND expression's array
* @param n_expr_arrays: the number of logic AND expression's array
*
* @retval the pointer to adapter_hs instance
*/
struct adapter_hs *adapter_hs_initialize(int scan_mode, size_t nr_worker_threads, and_expr_t *expr_array, size_t n_expr_array);
/**
* @brief scan input data to match logic AND expression, return all matched expr_id
*
* @param instance: adapter_hs instance obtained by adapter_hs_initialize()
* @param thread_id: the thread_id of caller
* @param data: data to be scanned
* @param data_len: the length of data to be scanned
* @param results: the array of expr_id
* @param n_results: number of elements in array of expr_id
*/
int adapter_hs_scan(struct adapter_hs *instance, int thread_id, const char *data, size_t data_len,
int results[], size_t *n_results);
/**
* @brief destroy adapter_hs instance
*
* @param instance: adapter_hs instance obtained by adapter_hs_initialize()
*/
void adapter_hs_destroy(struct adapter_hs *instance);
struct adapter_hs_stream;
/**
* @brief open adapter_hs stream after adapter_hs instance initialized for stream scan
*
*/
struct adapter_hs_stream *adapter_hs_stream_open(struct adapter_hs *hs_instance, int thread_id);
int adapter_hs_scan_stream(struct adapter_hs_stream *stream, const char *data, size_t data_len,
int results[], size_t *n_results);
void adapter_hs_stream_close(struct adapter_hs_stream *stream);
#ifdef __cpluscplus
}
#endif
#endif

66
src/inc_internal/bool_matcher.h
View File

@@ -1,66 +0,0 @@
/*
*
* Copyright (c) 2018
* String Algorithms Research Group
* Institute of Information Engineering, Chinese Academy of Sciences (IIE-CAS)
* National Engineering Laboratory for Information Security Technologies (NELIST)
* All rights reserved
*
* Written by: LIU YANBING (liuyanbing@iie.ac.cn)
* Last modification: 2021-06-12
*
* This code is the exclusive and proprietary property of IIE-CAS and NELIST.
* Usage for direct or indirect commercial advantage is not allowed without
* written permission from the authors.
*
*/
#ifndef INCLUDE_BOOL_MATCHER_H
#define INCLUDE_BOOL_MATCHER_H
#ifdef __cplusplus
extern "C"
{
#endif
#include <stddef.h>
#define MAX_ITEMS_PER_BOOL_EXPR 8
/* not_flag=0表示布尔项item_id必须出现not_flag=1表示布尔项item_id不能出现 */
struct bool_item
{
unsigned long long item_id;
unsigned char not_flag;
};
/* At least one item's not_flag should be 0. */
struct bool_expr
{
unsigned long long expr_id;
void *user_tag;
size_t item_num;
struct bool_item items[MAX_ITEMS_PER_BOOL_EXPR];
};
struct bool_expr_match
{
unsigned long long expr_id;
void *user_tag;
};
struct bool_matcher;
struct bool_matcher *bool_matcher_new(struct bool_expr *exprs, size_t expr_num, size_t *mem_size);
/* Returned results are sorted by expr_id in descending order. */
// Input item_ids MUST be ASCENDING order and NO duplication.
int bool_matcher_match(struct bool_matcher *matcher, unsigned long long *item_ids, size_t item_num, struct bool_expr_match *results, size_t n_result);
void bool_matcher_free(struct bool_matcher *matcher);
#ifdef __cplusplus
}
#endif
#endif

277
src/inc_internal/cJSON.h
View File

@@ -1,277 +0,0 @@
/*
Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
#ifndef cJSON__h
#define cJSON__h
#ifdef __cplusplus
extern "C"
{
#endif
/* project version */
#define CJSON_VERSION_MAJOR 1
#define CJSON_VERSION_MINOR 7
#define CJSON_VERSION_PATCH 7
#include <stddef.h>
/* cJSON Types: */
#define cJSON_Invalid (0)
#define cJSON_False (1 << 0)
#define cJSON_True (1 << 1)
#define cJSON_NULL (1 << 2)
#define cJSON_Number (1 << 3)
#define cJSON_String (1 << 4)
#define cJSON_Array (1 << 5)
#define cJSON_Object (1 << 6)
#define cJSON_Raw (1 << 7) /* raw json */
#define cJSON_IsReference 256
#define cJSON_StringIsConst 512
/* The cJSON structure: */
typedef struct cJSON
{
/* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */
struct cJSON *next;
struct cJSON *prev;
/* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */
struct cJSON *child;
/* The type of the item, as above. */
int type;
/* The item's string, if type==cJSON_String and type == cJSON_Raw */
char *valuestring;
/* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */
int valueint;
/* The item's number, if type==cJSON_Number */
double valuedouble;
/* The item's name string, if this item is the child of, or is in the list of subitems of an object. */
char *string;
} cJSON;
typedef struct cJSON_Hooks
{
void *(*malloc_fn)(size_t sz);
void (*free_fn)(void *ptr);
} cJSON_Hooks;
typedef int cJSON_bool;
#if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32))
#define __WINDOWS__
#endif
#ifdef __WINDOWS__
/* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention. For windows you have 2 define options:
CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols
CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default)
CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol
For *nix builds that support visibility attribute, you can define similar behavior by
setting default visibility to hidden by adding
-fvisibility=hidden (for gcc)
or
-xldscope=hidden (for sun cc)
to CFLAGS
then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does
*/
/* export symbols by default, this is necessary for copy pasting the C and header file */
#if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS)
#define CJSON_EXPORT_SYMBOLS
#endif
#if defined(CJSON_HIDE_SYMBOLS)
#define CJSON_PUBLIC(type) type __stdcall
#elif defined(CJSON_EXPORT_SYMBOLS)
#define CJSON_PUBLIC(type) __declspec(dllexport) type __stdcall
#elif defined(CJSON_IMPORT_SYMBOLS)
#define CJSON_PUBLIC(type) __declspec(dllimport) type __stdcall
#endif
#else /* !WIN32 */
#if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY)
#define CJSON_PUBLIC(type) __attribute__((visibility("default"))) type
#else
#define CJSON_PUBLIC(type) type
#endif
#endif
/* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them.
* This is to prevent stack overflows. */
#ifndef CJSON_NESTING_LIMIT
#define CJSON_NESTING_LIMIT 1000
#endif
/* returns the version of cJSON as a string */
CJSON_PUBLIC(const char*) cJSON_Version(void);
/* Supply malloc, realloc and free functions to cJSON */
CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
/* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
/* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
/* Render a cJSON entity to text for transfer/storage. */
CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
/* Render a cJSON entity to text for transfer/storage without any formatting. */
CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item);
/* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */
CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt);
/* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */
/* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */
CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format);
/* Delete a cJSON entity and all subentities. */
CJSON_PUBLIC(void) cJSON_Delete(cJSON *c);
/* Returns the number of items in an array (or object). */
CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array);
/* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */
CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index);
/* Get item "string" from object. Case insensitive. */
CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string);
CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string);
CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string);
/* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */
CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void);
/* Check if the item is a string and return its valuestring */
CJSON_PUBLIC(char *) cJSON_GetStringValue(cJSON *item);
/* These functions check the type of an item */
CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item);
/* These calls create a cJSON item of the appropriate type. */
CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean);
CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num);
CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string);
/* raw json */
CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw);
CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void);
/* Create a string where valuestring references a string so
* it will not be freed by cJSON_Delete */
CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string);
/* Create an object/arrray that only references it's elements so
* they will not be freed by cJSON_Delete */
CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child);
CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child);
/* These utilities create an Array of count items. */
CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char **strings, int count);
/* Append item to the specified array/object. */
CJSON_PUBLIC(void) cJSON_AddItemToArray(cJSON *array, cJSON *item);
CJSON_PUBLIC(void) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item);
/* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object.
* WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before
* writing to `item->string` */
CJSON_PUBLIC(void) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item);
/* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */
CJSON_PUBLIC(void) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item);
CJSON_PUBLIC(void) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item);
/* Remove/Detatch items from Arrays/Objects. */
CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which);
CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string);
CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string);
CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string);
/* Update array items. */
CJSON_PUBLIC(void) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement);
CJSON_PUBLIC(void) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem);
CJSON_PUBLIC(void) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem);
CJSON_PUBLIC(void) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem);
/* Duplicate a cJSON item */
CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse);
/* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will
need to be released. With recurse!=0, it will duplicate any children connected to the item.
The item->next and ->prev pointers are always zero on return from Duplicate. */
/* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal.
* case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */
CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
CJSON_PUBLIC(void) cJSON_Minify(char *json);
/* Helper functions for creating and adding items to an object at the same time.
* They return the added item or NULL on failure. */
CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean);
CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number);
CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string);
CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw);
CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name);
/* When assigning an integer value, it needs to be propagated to valuedouble too. */
#define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number))
/* helper for the cJSON_SetNumberValue macro */
CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number);
#define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number))
/* Macro for iterating over an array or object */
#define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next)
/* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */
CJSON_PUBLIC(void *) cJSON_malloc(size_t size);
CJSON_PUBLIC(void) cJSON_free(void *object);
#ifdef __cplusplus
}
#endif
#endif

7
src/inc_internal/maat_common.h
View File

@@ -20,6 +20,13 @@ extern "C"
struct maat_options {
size_t nr_worker_threads;
int rule_effect_interval_ms;
int rule_update_checking_interval_ms;
int gc_timeout_ms;
int deferred_load_on;
enum data_source input_mode;
char iris_full_dir[NAME_MAX];
char iris_inc_dir[NAME_MAX];
};
#ifdef __cpluscplus

13
src/inc_internal/maat_config_monitor.h
View File

@@ -18,15 +18,14 @@ extern "C"
#include <stdint.h>
#define CONFIG_UPDATE_TYPE_NONE 0
#define CONFIG_UPDATE_TYPE_FULL 1
#define CONFIG_UPDATE_TYPE_INC 2
#define CM_UPDATE_TYPE_NONE 0
#define CM_UPDATE_TYPE_FULL 1
#define CM_UPDATE_TYPE_INC 2
void config_monitor_traverse(uint64_t version, const char *idx_dir,
void (*pre_fn)(uint64_t, int, void *),
void config_monitor_traverse(long long version, const char *idx_dir,
void (*start_fn)(long long, int, void *),
int (*update_fn)(const char *, const char *, void *),
void (*post_fn)(void *),
void (*finish_fn)(void *),
void *u_param);
#ifdef __cpluscplus

37
src/inc_internal/maat_ex_data.h
View File

@@ -16,12 +16,47 @@ extern "C"
{
#endif
#include "rcu_hash.h"
struct ex_data_runtime;
struct ex_data_runtime *ex_data_runtime_new(void (* data_free)(void *data));
/* ex_data_runtime API */
struct ex_data_runtime *ex_data_runtime_new(int table_id, rcu_hash_data_free_fn *data_free_fn);
void ex_data_runtime_free(struct ex_data_runtime *ex_data_rt);
void ex_data_runtime_commit(struct ex_data_runtime *ex_data_rt);
/* ex_data_runtime cache row API */
void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const char *row);
const char *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index);
size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt);
void ex_data_runtime_clear_row_cache(struct ex_data_runtime *ex_data_rt);
/* set schema API */
void ex_data_runtime_set_schema(struct ex_data_runtime *ex_data_rt, struct ex_data_schema *schema);
/* set user_ctx API */
void ex_data_runtime_set_user_ctx(struct ex_data_runtime *ex_data_rt, void *user_ctx);
/* ex_data_runtime ex data API */
void *ex_data_runtime_row2ex_data(struct ex_data_runtime *ex_data_rt, const char *row, const char *key, size_t key_len);
void ex_data_runtime_add_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len, void *data);
void ex_data_runtime_del_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len);
void *ex_data_runtime_get_ex_data(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len);
size_t ex_data_runtime_ex_data_count(struct ex_data_runtime *ex_data_rt);
size_t ex_data_runtime_list_updating_ex_data(struct ex_data_runtime *ex_data_rt, void ***ex_data_array);
int ex_data_runtime_updating_flag(struct ex_data_runtime *ex_data_rt);
#ifdef __cpluscplus
}
#endif

4
src/inc_internal/maat_kv.h
View File

@@ -8,8 +8,8 @@
***********************************************************************************************
*/
#ifndef _MAAT_KV_MAP_H_
#define _MAAT_KV_MAP_H_
#ifndef _MAAT_KV_H_
#define _MAAT_KV_H_
#ifdef __cpluscplus
extern "C"

48
src/inc_internal/maat_rule.h
View File

@@ -24,49 +24,67 @@ extern "C"
struct maat_runtime {
/* maat_runtime can be created and destroy dynamic, so need version info */
uint64_t version;
long long version;
time_t last_update_time;
struct maat_table_runtime_manager *table_rt_mgr;
struct table_runtime_manager *table_rt_mgr;
size_t max_table_num;
int max_thread_num;
size_t max_thread_num;
uint32_t rule_num;
};
enum rule_import_type {
RULE_IMPORT_TYPE_IRIS = 1,
RULE_IMPORT_TYPE_MAX
enum data_source {
DATA_SOURCE_NONE = 0,
DATA_SOURCE_IRIS_FILE
};
struct rule_import_iris_ctx {
struct source_iris_ctx {
char inc_dir[NAME_MAX];
char full_dir[NAME_MAX];
};
struct maat {
struct maat_runtime *maat_rt;
struct maat_runtime *rebuilding_maat_rt; //TODO: creating
//struct maat_garbage_collector *gc;
struct maat_table_manager *table_mgr;
char instance_name[NAME_MAX];
enum rule_import_type rule_import_type;
struct maat_runtime *maat_rt;
struct maat_runtime *creating_maat_rt;
struct table_schema_manager *table_schema_mgr;
enum data_source input_mode;
union {
struct rule_import_iris_ctx iris_ctx;
struct source_iris_ctx iris_ctx;
};
int deferred_load;
int is_running;
pthread_mutex_t background_update_mutex;
int nr_worker_thread;
uint64_t maat_version;
uint64_t last_full_version;
long long maat_version;
long long last_full_version;
pthread_t cfg_mon_thread;
int rule_effect_interval_ms;
int rule_update_checking_interval_ms;
int gc_timeout_ms; //garbage collection timeout_ms;
struct maat_garbage_bin *garbage_bin;
};
void maat_start_cb(long long new_version, int update_type, void *u_para);
int maat_update_cb(const char *table_name, const char *line, void *u_para);
void maat_finish_cb(void *u_para);
void *rule_monitor_loop(void *arg);
void maat_read_full_config(struct maat *maat_instance);
#ifdef __cpluscplus
}
#endif

48
src/inc_internal/maat_table_runtime.h
View File

@@ -19,19 +19,51 @@ extern "C"
#include "maat_table_schema.h"
#include "maat_garbage_collection.h"
struct maat_table_item;
struct maat_table_runtime;
struct maat_table_runtime_manager;
struct table_item;
struct table_runtime;
struct table_runtime_manager;
struct maat_table_runtime_manager *maat_table_runtime_manager_create(struct maat_table_manager *table_mgr, int max_thread_num, struct maat_garbage_bin* bin);
/* table runtime manager API */
struct table_runtime_manager *table_runtime_manager_create(struct table_schema_manager *table_schema_mgr, int max_thread_num,
struct maat_garbage_bin *bin);
void maat_table_runtime_manager_destroy(struct maat_table_runtime_manager *table_rt_mgr);
void table_runtime_manager_destroy(struct table_runtime_manager *table_rt_mgr);
struct maat_table_runtime *maat_table_runtime_get(struct maat_table_runtime_manager *table_rt_mgr, int table_id);
/* table runtime API */
struct table_runtime *table_runtime_get(struct table_runtime_manager *table_rt_mgr, int table_id);
enum maat_table_type maat_table_runtime_get_type(struct maat_table_runtime* table_rt);
size_t table_runtime_rule_count(struct table_runtime *table_rt);
void maat_table_runtime_item_add(struct maat_table_runtime *table_rt, struct maat_table_item *table_item);
enum table_type table_runtime_get_type(struct table_runtime* table_rt);
void table_runtime_update(struct table_runtime *table_rt, struct table_schema *table_schema, const char *line, struct table_item *table_item);
/**
* @brief if table_runtime is updating
*
* @retval 1(yes) 0(no)
*/
int table_runtime_updating_flag(struct table_runtime *table_rt);
void table_runtime_commit(struct table_runtime *table_rt, size_t nr_worker_thread);
/* table runtime scan API */
int table_runtime_scan_string(struct table_runtime *table_rt, int thread_id, const char *data, size_t data_len,
int results[], size_t *n_result);
void table_runtime_stream_open(struct table_runtime *table_rt, int thread_id);
int table_runtime_scan_stream(struct table_runtime *table_rt, const char *data, size_t data_len,
int result[], size_t n_result);
void table_runtime_stream_close(struct table_runtime *table_rt);
/* plugin table runtime API */
size_t plugin_table_runtime_cached_row_count(struct table_runtime *table_rt);
const char* plugin_table_runtime_get_cached_row(struct table_runtime *table_rt, size_t row_seq);
void *plugin_table_runtime_get_ex_data(struct table_runtime *table_rt, struct table_schema *table_schema, const char *key, size_t key_len);
void plugin_table_runtime_commit_ex_data_schema(struct table_runtime *table_rt, struct table_schema *table_schema);
#ifdef __cpluscplus
}

147
src/inc_internal/maat_table_schema.h
View File

@@ -18,27 +18,152 @@ extern "C"
#include <stddef.h>
#include "sds/sds.h"
#include "maat/maat.h"
#include "adapter_hs.h"
enum maat_table_type {
#define MAX_DISTRICT_STR 128
#define MAX_IP_STR 128
#define MAX_KEYWORDS_STR 1024
enum table_type {
TABLE_TYPE_EXPR = 0,
TABLE_TYPE_EXPR_PLUS,
TABLE_TYPE_IP,
TABLE_TYPE_PLUGIN,
TABLE_TYPE_IP_PLUGIN,
TABLE_TYPE_MAX
};
struct maat_table_schema;
struct maat_table_manager;
struct maat_table_item;
enum expr_type {
EXPR_TYPE_STRING = 1,
EXPR_TYPE_REGEX,
EXPR_TYPE_AND,
EXPR_TYPE_OFFSET,
EXPR_TYPE_MAX
};
struct maat_table_manager *maat_table_manager_create(sds table_info_path);
void maat_table_manager_destroy(struct maat_table_manager *table_mgr);
enum match_method {
MATCH_METHOD_SUB=0,
MATCH_METHOD_RIGHT,
MATCH_METHOD_LEFT,
MATCH_METHOD_COMPLETE,
MATCH_METHOD_MAX
};
int maat_table_manager_get_table_id(struct maat_table_manager* table_mgr, sds table_name);
enum maat_table_type maat_table_manager_get_table_type(struct maat_table_manager *table_mgr, int id);
struct expr_item {
int item_id;
int group_id;
char district[MAX_DISTRICT_STR];
char keywords[MAX_KEYWORDS_STR];
enum expr_type expr_type;
enum match_method match_method;
int is_hexbin;
int is_case_sensitive;
int is_valid;
//rule_tag; 只存在schema里
//int have_exdata;
//struct ex_data *ex_data; //hash表
};
size_t maat_table_manager_get_size(struct maat_table_manager* table_mgr);
struct plugin_item {
char key[MAX_KEYWORDS_STR];
size_t key_len;
int is_valid;
};
struct maat_table_item *maat_table_line_to_item(sds line, struct maat_table_schema *table_schema);
struct ip_plugin_item {
int item_id;
int ip_type;
char start_ip[MAX_IP_STR];
char end_ip[MAX_IP_STR];
int is_valid;
int rule_tag;
int have_exdata;
void *ex_data;
};
struct table_item {
enum table_type table_type;
union {
struct expr_item expr_item;
struct plugin_item plugin_item;
struct ip_plugin_item ip_plugin_item;
};
};
struct plugin_table_callback_schema
{
maat_start_callback_t *start;
maat_update_callback_t *update;
maat_finish_callback_t *finish;
void* u_para;
};
struct ex_data_schema
{
maat_plugin_ex_new_func_t *new_func;
maat_plugin_ex_free_func_t *free_func;
maat_plugin_ex_dup_func_t *dup_func;
//Maat_plugin_EX_key2index_func_t* key2index_func;
long argl;
void *argp;
int set_flag;
};
struct table_schema;
struct table_schema_manager;
/* table schema manager API */
struct table_schema_manager *table_schema_manager_create(const char *table_info_path);
void table_schema_manager_destroy(struct table_schema_manager *table_schema_mgr);
int table_schema_manager_get_table_id(struct table_schema_manager* table_schema_mgr, const char *table_name);
enum table_type table_schema_manager_get_table_type(struct table_schema_manager *table_schema_mgr, int table_id);
size_t table_schema_manager_get_size(struct table_schema_manager* table_schema_mgr);
void table_schema_manager_all_plugin_cb_start(struct table_schema_manager* table_schema_mgr, int update_type);
void table_schema_manager_all_plugin_cb_finish(struct table_schema_manager* table_schema_mgr);
/* table schema generic API */
struct table_schema *table_schema_get(struct table_schema_manager *table_schema_mgr, int table_id);
enum table_type table_schema_get_table_type(struct table_schema *table_schema);
int table_schema_get_table_id(struct table_schema *table_schema);
struct table_item *table_schema_line_to_item(const char *line, struct table_schema *table_schema);
/* expr table schema API */
enum scan_mode expr_table_schema_get_scan_mode(struct table_schema *table_schema);
/* plugin table schema API */
int plugin_table_schema_set_ex_data_schema(struct table_schema *table_schema,
maat_plugin_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func,
long argl, void *argp);
struct ex_data_schema *plugin_table_schema_get_ex_data_schema(struct table_schema *table_schema);
/**
* @brief if plugin table schema's ex data schema set
*
* @retval 1(already Set) 0(Not set yet)
*/
int plugin_table_schema_ex_data_schema_flag(struct table_schema *table_schema);
int plugin_table_schema_add_callback(struct table_schema_manager* table_schema_mgr, int table_id,
maat_start_callback_t *start,//MAAT_RULE_UPDATE_TYPE_*,u_para
maat_update_callback_t *update,//table line ,u_para
maat_finish_callback_t *finish,//u_para
void *u_para);
/**
* @brief the number of callback function stored in plugin table schema
*/
size_t plugin_table_schema_callback_count(struct table_schema *table_schema);
void plugin_table_schema_all_cb_update(struct table_schema *table_schema, const char *row);
#ifdef __cpluscplus
}

23
src/inc_internal/maat_utils.h
View File

@@ -19,11 +19,28 @@ extern "C"
#include <stdlib.h>
#include <stddef.h>
#include "sds/sds.h"
#define TRUE 1
#define FALSE 0
#define ALLOC(type, number) ((type *)calloc(sizeof(type), number))
#ifndef MAX
#define MAX(a, b) (((a) > (b)) ? (a) : (b))
#endif
int get_column_pos(sds line, int column_seq, size_t *offset, size_t *len);
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
char *maat_strdup(const char *s);
int get_column_pos(const char *line, int column_seq, size_t *offset, size_t *len);
int load_file_to_memory(const char *file_name, unsigned char **pp_out, size_t *out_sz);
char *strtok_r_esc(char *s, const char delim, char **save_ptr);
char *str_unescape_and(char *s);
char *str_unescape(char *s);
#ifdef __cpluscplus
}

24
src/inc_internal/rcu_hash.h
View File

@@ -18,16 +18,20 @@ extern "C"
#include "uthash/uthash.h"
typedef void rcu_hash_data_free_fn(void *user_ctx, void *data);
/* rcu hash table */
struct rcu_hash_table;
struct rcu_hash_table *rcu_hash_new(void (* data_free)(void *data));
struct rcu_hash_table *rcu_hash_new(rcu_hash_data_free_fn *free_fn);
void rcu_hash_free(struct rcu_hash_table *htable);
void rcu_hash_set_user_ctx(struct rcu_hash_table *htable, void *user_ctx);
/**
* @brief the data added just in updating stage
* after call rcu_hash_commit, it in effective stage
* @brief just means add to the updating nodes
* after call rcu_hash_commit, they become effective nodes
*/
void rcu_hash_add(struct rcu_hash_table *htable, const char *key, size_t key_len, void *data);
@@ -44,14 +48,24 @@ void rcu_hash_del(struct rcu_hash_table *htable, const char *key, size_t key_len
*/
void *rcu_hash_find(struct rcu_hash_table *htable, const char *key, size_t key_len);
size_t rcu_hash_counts(struct rcu_hash_table *htable);
size_t rcu_hash_count(struct rcu_hash_table *htable);
/**
* @brief make add/del effective
*/
void rcu_hash_commit(struct rcu_hash_table *htable);
size_t rcu_hash_garbage_queue_len(struct rcu_hash_table *htable);
size_t rcu_hash_list_updating_data(struct rcu_hash_table *htable, void ***data_array);
/**
* @brief check if rcu hash table is updating
*
* @retval 1 means htable is updating, otherwise 0
*/
int rcu_hash_updating_flag(struct rcu_hash_table *htable);
#ifdef __cpluscplus
}
#endif