gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加ip_plus类型表,可以支持范围和掩码两种描述IP和端口的方式。

Browse Source
This commit is contained in:
zhengchao
2019-05-23 18:29:59 +08:00
parent c0dd6799df
commit 879da71422
10 changed files with 541 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/entry/Maat_api.cpp
View File

@@ -34,8 +34,8 @@ struct Maat_table_desc * acqurie_table(struct _Maat_feather_t* _feather,int tabl
}
if(p_table->table_type!=expect_type)
{
if(expect_type!=TABLE_TYPE_EXPR||
p_table->table_type!=TABLE_TYPE_EXPR_PLUS)
if((expect_type==TABLE_TYPE_EXPR && p_table->table_type!=TABLE_TYPE_EXPR_PLUS)||
(expect_type==TABLE_TYPE_IP && p_table->table_type!=TABLE_TYPE_IP_PLUS))
{
return NULL;
}

3
src/entry/Maat_command.cpp
View File

@@ -192,6 +192,9 @@ int get_valid_flag_offset(const char* line, enum MAAT_TABLE_TYPE type,int valid_
case TABLE_TYPE_IP:
column_seq=14;
break;
case TABLE_TYPE_IP_PLUS:
column_seq=18;
break;
case TABLE_TYPE_COMPILE:
column_seq=8;
break;

315
src/entry/Maat_rule.cpp
View File

@@ -707,6 +707,7 @@ int read_table_description(struct Maat_table_desc** p_table_info,int num,const c
string2int_map=map_create();
map_register(string2int_map,"expr", TABLE_TYPE_EXPR);
map_register(string2int_map,"ip", TABLE_TYPE_IP);
map_register(string2int_map,"ip_plus", TABLE_TYPE_IP_PLUS);
map_register(string2int_map,"compile", TABLE_TYPE_COMPILE);
map_register(string2int_map,"plugin", TABLE_TYPE_PLUGIN);
map_register(string2int_map,"intval", TABLE_TYPE_INTERVAL);
@@ -1598,6 +1599,7 @@ void rulescan_batch_update(rule_scanner_t rs_handle,MESA_lqueue_head expr_queue,
assert(table_rt->expr.regex_rule_cnt>=0);
break;
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
table_rt->ip.ipv4_rule_cnt+=region_counter[i].ipv4_rule_cnt;
table_rt->ip.ipv6_rule_cnt+=region_counter[i].ipv6_rule_cnt;
break;
@@ -2306,6 +2308,7 @@ int del_region_rule(struct Maat_table_desc* table,int region_id,int group_id,int
switch(table->table_type)
{
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
case TABLE_TYPE_EXPR:
case TABLE_TYPE_EXPR_PLUS:
case TABLE_TYPE_INTERVAL:
@@ -2761,90 +2764,269 @@ error_out:
free(maat_str_rule);
maat_str_rule=NULL;
}
enum MAAT_IP_FORMAT
{
FORMAT_RANGE,
FORMAT_MASK,
FORMAT_UNKNOWN
};
enum MAAT_IP_FORMAT ip_format_str2int(const char* format)
{
if(0==strcasecmp(format, "range"))
{
return FORMAT_RANGE;
}
else if(0==strcasecmp(format, "mask"))
{
return FORMAT_MASK;
}
else
{
assert(0);
}
return FORMAT_UNKNOWN;
}
void ipv6_mask2range(const unsigned int ip[], unsigned int mask[], unsigned int range_begin[], unsigned int range_end[])
{
int i=0;
for(i=0; i<4; i++)
{
range_begin[i]=ip[i]&mask[i];
range_end[i] = ip[i]|~mask[i];
}
return;
}
void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner_t *scanner, void* logger, int group_mode_on)
{
struct db_ip_rule_t* ip_rule=(struct db_ip_rule_t*)calloc(sizeof(struct db_ip_rule_t),1);
char src_ip[40],mask_src_ip[40],dst_ip[40],mask_dst_ip[40];
char src_ip1[40]={0}, src_ip2[40]={0}, dst_ip1[40]={0}, dst_ip2[40]={0};
char saddr_format[16]={0}, sport_format[16]={0}, daddr_format[16]={0}, dport_format[16]={0};
struct Maat_table_runtime* table_rt=scanner->table_rt[table->table_id];
unsigned short i_src_port,i_sport_mask,i_dst_port,i_dport_mask;
unsigned short src_port1=0, src_port2=0, dst_port1=0, dst_port2=0;
int protocol=0,direction=0;
int ret=0,rule_type=0;
int ret=0;
int ret_array[8]={1},i=0;
ret=sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t%d"
,&(ip_rule->region_id)
,&(ip_rule->group_id)
,&(ip_rule->addr_type)
,src_ip
,mask_src_ip
,&i_src_port
,&i_sport_mask
,dst_ip
,mask_dst_ip
,&i_dst_port
,&i_dport_mask
,&protocol
,&direction
,&(ip_rule->is_valid));
if(ret!=14||(ip_rule->addr_type!=4&&ip_rule->addr_type!=6)
||protocol>65535||protocol<0
||(direction!=0&&direction!=1))
unsigned int ipv4_addr1=0, ipv4_addr2=0, ipv6_addr1[4]={0}, ipv6_addr2[4]={0};
switch(table->table_type)
{
case TABLE_TYPE_IP:
strncpy(saddr_format, "mask", sizeof(saddr_format));
strncpy(sport_format, "mask", sizeof(sport_format));
strncpy(daddr_format, "mask", sizeof(daddr_format));
strncpy(dport_format, "mask", sizeof(dport_format));
ret=sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t%d",
&(ip_rule->region_id),
&(ip_rule->group_id),
&(ip_rule->addr_type),
src_ip1,
src_ip2,
&src_port1,
&src_port2,
dst_ip1,
dst_ip2,
&dst_port1,
&dst_port2,
&protocol,
&direction,
&(ip_rule->is_valid));
if(ret!=14)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error,invalid format of ip table %s:%s"
"update error, invalid column number of ip table %s:%s"
,table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
break;
case TABLE_TYPE_IP_PLUS:
ret=sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%hu\t%hu\t%s\t%s\t%s\t%s\t%hu\t%hu\t%d\t%d\t%d",
&(ip_rule->region_id),
&(ip_rule->group_id),
&(ip_rule->addr_type),
saddr_format,
src_ip1,
src_ip2,
sport_format,
&src_port1,
&src_port2,
daddr_format,
dst_ip1,
dst_ip2,
dport_format,
&dst_port1,
&dst_port2,
&protocol,
&direction,
&(ip_rule->is_valid));
if(ret!=18)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error, invalid column number of ip_plus table %s:%s"
,table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
break;
default:
table->udpate_err_cnt++;
goto error_out;
break;
}
if(ip_rule->addr_type!=4&&ip_rule->addr_type!=6)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid addr type %d of ip/ip_plus table %s:%s",
ip_rule->addr_type,
table->table_name[table->updating_name], table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(protocol>65535 || protocol<0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid protocol value %d of ip/ip_plus table %s:%s",
protocol,
table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(direction!=0 && direction!=1)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid direction value %d of ip/ip_plus table %s:%s",
direction,
table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(FORMAT_UNKNOWN==ip_format_str2int(saddr_format)||
FORMAT_UNKNOWN==ip_format_str2int(sport_format)||
FORMAT_UNKNOWN==ip_format_str2int(daddr_format)||
FORMAT_UNKNOWN==ip_format_str2int(dport_format))
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid addr format of ip/ip_plus table %s:%s, should be range or mask",
table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(ip_rule->addr_type==4)
{
ret_array[0]=inet_pton(AF_INET,src_ip,&(ip_rule->ipv4_rule.saddr));
ip_rule->ipv4_rule.saddr=ntohl(ip_rule->ipv4_rule.saddr);
ret_array[1]=inet_pton(AF_INET,mask_src_ip,&(ip_rule->ipv4_rule.smask));
ip_rule->ipv4_rule.smask=ntohl(ip_rule->ipv4_rule.smask);
ret_array[2]=inet_pton(AF_INET,dst_ip,&(ip_rule->ipv4_rule.daddr));
ip_rule->ipv4_rule.daddr=ntohl(ip_rule->ipv4_rule.daddr);
ret_array[3]=inet_pton(AF_INET,mask_dst_ip,&(ip_rule->ipv4_rule.dmask));
ip_rule->ipv4_rule.dmask=ntohl(ip_rule->ipv4_rule.dmask);
ip_rule->ipv4_rule.min_sport=i_src_port&i_sport_mask;
ip_rule->ipv4_rule.max_sport=(i_src_port&i_sport_mask)+(~i_sport_mask);
ip_rule->ipv4_rule.min_dport=i_dst_port&i_dport_mask;
ip_rule->ipv4_rule.max_dport=(i_dst_port&i_dport_mask)+(~i_dport_mask);
ip_rule->ipv4_rule.proto=protocol;
ip_rule->ipv4_rule.direction=direction;
rule_type=RULETYPE_IPv4;
ret_array[0]=inet_pton(AF_INET, src_ip1, &ipv4_addr1);
ipv4_addr1=ntohl(ipv4_addr1);
ret_array[1]=inet_pton(AF_INET, src_ip2, &ipv4_addr2);
ipv4_addr2=ntohl(ipv4_addr2);
if(FORMAT_MASK==ip_format_str2int(saddr_format))
{
// min_saddr=(saddr&mask) max_saddr=(saddr|~mask)
ip_rule->ipv4_rule.min_saddr=ipv4_addr1&ipv4_addr2;
ip_rule->ipv4_rule.max_saddr=ipv4_addr1|~ipv4_addr2;
}
else
{
ret_array[0]=inet_pton(AF_INET6,src_ip,&(ip_rule->ipv6_rule.saddr));
ipv6_ntoh(ip_rule->ipv6_rule.saddr);
ret_array[1]=inet_pton(AF_INET6,mask_src_ip,&(ip_rule->ipv6_rule.smask));
ipv6_ntoh(ip_rule->ipv6_rule.smask);
ip_rule->ipv4_rule.min_saddr=ipv4_addr1;
ip_rule->ipv4_rule.max_saddr=ipv4_addr2;
}
if(FORMAT_MASK==ip_format_str2int(sport_format))
{
ip_rule->ipv4_rule.min_sport=src_port1&src_port2;
ip_rule->ipv4_rule.max_sport=src_port1|~src_port2;
}
else
{
ip_rule->ipv4_rule.min_sport=src_port1;
ip_rule->ipv4_rule.max_sport=src_port2;
}
ret_array[2]=inet_pton(AF_INET6,dst_ip,&(ip_rule->ipv6_rule.daddr));
ipv6_ntoh(ip_rule->ipv6_rule.daddr);
ret_array[3]=inet_pton(AF_INET6,mask_dst_ip,&(ip_rule->ipv6_rule.dmask));
ipv6_ntoh(ip_rule->ipv6_rule.dmask);
ip_rule->ipv6_rule.min_sport=i_src_port&i_sport_mask;
ip_rule->ipv6_rule.max_sport=(i_src_port&i_sport_mask)+(~i_sport_mask);
ip_rule->ipv6_rule.min_dport=i_dst_port&i_dport_mask;
ip_rule->ipv6_rule.max_dport=(i_dst_port&i_dport_mask)+~(i_dport_mask);
ret_array[2]=inet_pton(AF_INET, dst_ip1, &ipv4_addr1);
ipv4_addr1=ntohl(ipv4_addr1);
ret_array[3]=inet_pton(AF_INET, dst_ip2, &ipv4_addr2);
ipv4_addr2=ntohl(ipv4_addr2);
if(FORMAT_MASK==ip_format_str2int(daddr_format))
{
ip_rule->ipv4_rule.min_daddr=ipv4_addr1&ipv4_addr2;
ip_rule->ipv4_rule.max_daddr=ipv4_addr1|~ipv4_addr2;
}
else
{
ip_rule->ipv4_rule.min_daddr=ipv4_addr1;
ip_rule->ipv4_rule.max_daddr=ipv4_addr2;
}
if(FORMAT_MASK==ip_format_str2int(dport_format))
{
ip_rule->ipv4_rule.min_dport=dst_port1&dst_port2;
ip_rule->ipv4_rule.max_dport=dst_port1|~dst_port2;
}
else
{
ip_rule->ipv4_rule.min_dport=dst_port1;
ip_rule->ipv4_rule.max_dport=dst_port2;
}
ip_rule->ipv4_rule.proto=protocol;
ip_rule->ipv4_rule.direction=direction;
}
else
{
ret_array[0]=inet_pton(AF_INET6, src_ip1, ipv6_addr1);
ipv6_ntoh(ipv6_addr1);
ret_array[1]=inet_pton(AF_INET6, src_ip2, ipv6_addr2);
ipv6_ntoh(ipv6_addr2);
if(FORMAT_MASK==ip_format_str2int(saddr_format))
{
// min_saddr=(saddr&mask) max_saddr=(saddr|~mask)
ipv6_mask2range(ipv6_addr1, ipv6_addr2, ip_rule->ipv6_rule.min_saddr, ip_rule->ipv6_rule.max_saddr);
}
else
{
memcpy(ip_rule->ipv6_rule.min_saddr, ipv6_addr1, sizeof(ip_rule->ipv6_rule.min_saddr));
memcpy(ip_rule->ipv6_rule.max_saddr, ipv6_addr2, sizeof(ip_rule->ipv6_rule.max_saddr));
}
if(FORMAT_MASK==ip_format_str2int(sport_format))
{
ip_rule->ipv6_rule.min_sport=src_port1&src_port2;
ip_rule->ipv6_rule.max_sport=src_port1|~src_port2;
}
else
{
ip_rule->ipv6_rule.min_sport=src_port1;
ip_rule->ipv6_rule.max_sport=src_port2;
}
ret_array[2]=inet_pton(AF_INET6, dst_ip1, &ipv6_addr1);
ipv6_ntoh(ipv6_addr1);
ret_array[3]=inet_pton(AF_INET6, dst_ip2, &ipv6_addr2);
ipv6_ntoh(ipv6_addr2);
if(FORMAT_MASK==ip_format_str2int(daddr_format))
{
// min_saddr=(saddr&mask) max_saddr=(saddr|~mask)
ipv6_mask2range(ipv6_addr1, ipv6_addr2, ip_rule->ipv6_rule.min_daddr, ip_rule->ipv6_rule.max_daddr);
}
else
{
memcpy(ip_rule->ipv6_rule.min_daddr, ipv6_addr1, sizeof(ip_rule->ipv6_rule.min_daddr));
memcpy(ip_rule->ipv6_rule.max_daddr, ipv6_addr2, sizeof(ip_rule->ipv6_rule.max_daddr));
}
if(FORMAT_MASK==ip_format_str2int(dport_format))
{
ip_rule->ipv6_rule.min_dport=dst_port1&dst_port2;
ip_rule->ipv6_rule.max_dport=dst_port1|~dst_port2;
}
else
{
ip_rule->ipv6_rule.min_sport=dst_port1;
ip_rule->ipv6_rule.max_sport=dst_port2;
}
ip_rule->ipv6_rule.proto=protocol;
ip_rule->ipv6_rule.direction=direction;
rule_type=RULETYPE_IPv6;
}
for(i=0;i<4;i++)
{
if(ret_array[i]<=0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error,invalid format of ip table %s:%s"
"update error, invalid IP address format of ip table %s:%s"
,table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
@@ -2861,19 +3043,19 @@ void update_ip_rule(struct Maat_table_desc* table,const char* table_line,struct
}
if(group_mode_on==FALSE)//for compatible old version
{
compatible_group_udpate(table
,ip_rule->region_id
,ip_rule->group_id
,ip_rule->is_valid
,scanner
,logger);
compatible_group_udpate(table,
ip_rule->region_id,
ip_rule->group_id,
ip_rule->is_valid,
scanner,
logger);
ip_rule->group_id=ip_rule->region_id;
}
if(ip_rule->is_valid==FALSE)
{
ret=del_region_rule(table
,ip_rule->region_id,ip_rule->group_id,rule_type
,scanner, logger);
ret=del_region_rule(table,
ip_rule->region_id, ip_rule->group_id, ip_rule->addr_type==6?RULETYPE_IPv6:RULETYPE_IPv4,
scanner, logger);
if(ret<0)
{
table->udpate_err_cnt++;
@@ -3689,6 +3871,7 @@ int maat_update_cb(const char* table_name,const char* line,void *u_para)
update_expr_rule(feather->p_table_info[table_id], line, scanner,feather->logger,feather->GROUP_MODE_ON);
break;
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
update_ip_rule(feather->p_table_info[table_id], line, scanner,feather->logger,feather->GROUP_MODE_ON);
break;
case TABLE_TYPE_INTERVAL:

1
src/entry/Maat_stat.cpp
View File

@@ -234,6 +234,7 @@ void maat_stat_output(struct _Maat_feather_t* feather)
total_iconv_error=p_table->expr.iconv_err_cnt;
break;
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
table_regex_ipv6_num=table_rt->ip.ipv6_rule_cnt;
break;
default:

116
src/entry/json2iris.cpp
View File

@@ -141,6 +141,7 @@ int set_iris_descriptor(const char* json_file,cJSON *json,const char*compile_tn,
map_register(iris_cfg->str2int_map, "no",0);
map_register(iris_cfg->str2int_map, "ip",TABLE_TYPE_IP);
map_register(iris_cfg->str2int_map, "ip_plus",TABLE_TYPE_IP_PLUS);
map_register(iris_cfg->str2int_map, "string",TABLE_TYPE_EXPR);
map_register(iris_cfg->str2int_map, "expr",TABLE_TYPE_EXPR);
map_register(iris_cfg->str2int_map, "expr_plus",TABLE_TYPE_EXPR_PLUS);
@@ -407,6 +408,118 @@ int write_ip_line(cJSON *region_json, struct iris_description_t *p_iris, const c
return direct_write_rule(region_json, p_iris->str2int_map,json_cmd, cmd_cnt,path,logger);
}
int write_ip_plus_line(cJSON *region_json, struct iris_description_t *p_iris, const char* path, void * logger)
{
struct traslate_command_t json_cmd[MAX_COLUMN_NUM];
int cmd_cnt=0;
memset(json_cmd,0,sizeof(json_cmd));
json_cmd[cmd_cnt].json_string="region_id";
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="group_id";
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="addr_type";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].str2int_flag=1;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="saddr_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_ip1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0.0.0.0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_ip2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="255.255.255.255";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="sport_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_port1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_port2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="65535";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="daddr_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_ip1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0.0.0.0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_ip2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="255.255.255.255";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dport_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_port1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_port2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="65535";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="protocol";
json_cmd[cmd_cnt].json_type=cJSON_Number;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_int=0;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="direction";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].str2int_flag=1;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="double";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="is_valid";
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
return direct_write_rule(region_json, p_iris->str2int_map,json_cmd, cmd_cnt,path,logger);
}
int write_expr_line(cJSON *region_json,struct iris_description_t *p_iris,const char* path,enum MAAT_TABLE_TYPE table_type,void * logger)
{
struct traslate_command_t json_cmd[MAX_COLUMN_NUM];
@@ -670,6 +783,9 @@ int write_region_rule(cJSON* region_json,int compile_id,int group_id,iris_descri
case TABLE_TYPE_IP:
ret=write_ip_line(table_content, p_iris, table_info->table_path, logger);
break;
case TABLE_TYPE_IP_PLUS:
write_ip_plus_line(table_content, p_iris, table_info->table_path, logger);
break;
case TABLE_TYPE_INTERVAL:
ret=write_intval_line(table_content, p_iris, table_info->table_path, logger);
break;

1
src/inc_internal/Maat_table_description.h
View File

@@ -18,6 +18,7 @@ enum MAAT_TABLE_TYPE
{
TABLE_TYPE_EXPR=0,
TABLE_TYPE_IP,
TABLE_TYPE_IP_PLUS,
TABLE_TYPE_INTERVAL,
TABLE_TYPE_DIGEST,
TABLE_TYPE_EXPR_PLUS,

50
src/inc_internal/view_only/rulescan.h
View File

@@ -28,7 +28,9 @@ extern "C"
{
RULESCAN_DETAIL_RESULT=1, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8><EFBFBD><EFBFBD>λ<EFBFBD>õ<EFBFBD><C3B5><EFBFBD>Ϣ, optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8>Ϣ*/
RULESCAN_REGEX_GROUP =2, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽƥ<CABD><C6A5><EFBFBD>ķ<EFBFBD><C4B7><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶΣ<D6B6><CEA3><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>RULESCAN_DETAIL_RESULT<4C><54>־λ,optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD>ط<EFBFBD><D8B7><EFBFBD><EFBFBD><EFBFBD>Ϣ */
RULESCAN_QUICK_SCAN /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>sub_type, <20><><EFBFBD>û<EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>optval<EFBFBD><EFBFBD>ֵΪ0-4096<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ4<EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨɨ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>*/
RULEACAN_ERRLOG_CLOSE, /* <20><><EFBFBD><EFBFBD>־λ<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>optval<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ0<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õĻ<EFBFBD>Ĭ<EFBFBD>ϴ<EFBFBD><EFBFBD><EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
RULESCAN_ERRLOG_FILE_PATH, /* <20><><EFBFBD><EFBFBD>Rulescan<61><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><D6BE>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD>룬optval<61><6C>ֵΪ<D6B5><CEAA><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־·<D6BE><C2B7><EFBFBD><EFBFBD>optlenΪ·<CEAA><C2B7><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><E8B6A8>
<09><><EFBFBD><EFBFBD>־Ĭ<D6BE>ϴ洢<CFB4>ڿ<EFBFBD>ִ<EFBFBD>г<EFBFBD><D0B3><EFBFBD><EFBFBD><EFBFBD>ǰĿ¼<C4BF>µ<EFBFBD>rulescan_tmp<6D><70> */
};
#define MAX_REGEX_GROUP_NUM 5 /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>֧<EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD> */
@@ -65,34 +67,34 @@ extern "C"
unsigned int ub; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½磨<C2BD><E7A3A8><EFBFBD><EFBFBD>ub<75><62><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
}interval_rule_t;
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv4<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
/* IPv4<76><34><EFBFBD><EFBFBD> */
typedef struct _ipv4_rule_t
{
unsigned int saddr; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int smask; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=saddr */
unsigned int daddr; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int dmask; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=daddr */
unsigned short int min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short int min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short int proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50>0<EFBFBD><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
unsigned int min_saddr; /* Դ<><D4B4>ַ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_saddr; /* Դ<><D4B4>ַ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
unsigned int min_daddr; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_daddr; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */
unsigned short min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50>0<EFBFBD><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
}ipv4_rule_t;
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv6<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
/* IPv6<76><36><EFBFBD><EFBFBD> */
typedef struct _ipv6_rule_t
{
unsigned int saddr[4]; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int smask[4]; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=saddr */
unsigned int daddr[4]; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int dmask[4]; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=daddr */
unsigned short int min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short int min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short int proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
unsigned short int direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
unsigned int min_saddr[4]; /* Դ<><D4B4>ַ<EFBFBD>½磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_saddr[4]; /* Դ<><D4B4>ַ<EFBFBD>Ͻ磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
unsigned int min_daddr[4]; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>½磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_daddr[4]; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */
unsigned short min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
unsigned short direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
}ipv6_rule_t;
/* ͨ<>õĹ<C3B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
@@ -188,7 +190,7 @@ extern "C"
unsigned int length[MAX_MATCH_POS_NUM]; /* <20>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD>ij<EFBFBD><C4B3>ȣ<EFBFBD><C8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еģ<D0B5><C4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>Ӧ<EFBFBD><D3A6>length=0, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<49><EFBFBD><E0A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0*/
}rule_result_t;
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD>quickģʽ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD>expr_id<EFBFBD>Լ<EFBFBD>tag<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч */
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
typedef struct _scan_result_t
{
unsigned int expr_id; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ID */

76
test/maat_json.json
View File

@@ -937,6 +937,82 @@
]
}
]
},
{
"compile_id": 154,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_plus",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "range",
"src_ip1": "10.0.7.100",
"src_ip2": "10.0.7.106",
"sport_format": "range",
"src_port1": "5000",
"src_port2": "5001",
"daddr_format": "mask",
"dst_ip1": "123.56.104.218",
"dst_ip2": "255.255.255.0",
"dport_format": "range",
"dst_port1": "7400",
"dst_port2": "7400",
"protocol": 6,
"direction": "double"
}
}
],
"not_flag" : 0
}
]
},
{
"compile_id": 155,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv6_plus",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv6",
"saddr_format": "range",
"src_ip1": "1001:da8:205:1::101",
"src_ip2": "1001:da8:205:1::201",
"sport_format": "mask",
"src_port1": "5210",
"src_port2": "65520",
"daddr_format": "mask",
"dst_ip1": "3001:da8:205:1::401",
"dst_ip2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
"dport_format": "mask",
"dst_port1": "0",
"dst_port2": "65535",
"protocol": 6,
"direction": "double"
}
}
],
"not_flag" : 0
}
]
}
],
"plugin_table": [

3
test/table_info.conf
View File

@@ -1,7 +1,7 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#type one of ip, ip_plus, expr, expr_plus, digest, intval, compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege [yes/no]
@@ -35,3 +35,4 @@
16 APP_PAYLOAD expr_plus UTF8 UTF8 yes 0 quickoff
17 TROJAN_PAYLOAD expr UTF8 UTF8 yes 0 quickoff
18 MAIL_ADDR expr UTF8 UTF8 yes 0 quickoff
19 IP_PLUS_CONFIG ip_plus --

61
test/test_maatframe.cpp
View File

@@ -422,7 +422,7 @@ TEST(StringScan, ExprPlusWithOffset)
EXPECT_EQ(result[0].config_id, 148);
return;
}
TEST(IPScan, IPv4)
TEST(IPScan, IPv4_mask)
{
int table_id=0,ret=0;
const char* table_name="IP_CONFIG";
@@ -455,7 +455,7 @@ TEST(IPScan, IPv4)
Maat_clean_status(&mid);
return;
}
TEST(IPScan, IPv6)
TEST(IPScan, IPv6_mask)
{
int table_id=0,ret=0;
struct Maat_rule_t result[4];
@@ -480,6 +480,63 @@ TEST(IPScan, IPv6)
Maat_clean_status(&mid);
return;
}
TEST(IPScan, IPv4_range)
{
int table_id=0,ret=0;
const char* table_name="IP_PLUS_CONFIG";
struct Maat_rule_t result[4];
scan_status_t mid=NULL;
struct ipaddr ipv4_addr;
struct stream_tuple4_v4 v4_addr;
ipv4_addr.addrtype=ADDR_TYPE_IPV4;
inet_pton(AF_INET, "10.0.7.106", &(v4_addr.saddr));
v4_addr.source=htons(5000);
inet_pton(AF_INET, "123.56.104.254", &(v4_addr.daddr));
v4_addr.dest=htons(7400);
ipv4_addr.v4=&v4_addr;
table_id=Maat_table_register(g_feather, table_name);
EXPECT_GT(table_id, 0);
ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0);
EXPECT_EQ(ret, 1);
EXPECT_EQ(result[0].config_id, 154);
Maat_clean_status(&mid);
return;
}
TEST(IPScan, IPv6_range)
{
int table_id=0,ret=0;
struct Maat_rule_t result[4];
struct ipaddr ipv6_addr;
struct stream_tuple4_v6 v6_addr;
scan_status_t mid=NULL;
ipv6_addr.addrtype=ADDR_TYPE_IPV6;
inet_pton(AF_INET6,"1001:da8:205:1::151",&(v6_addr.saddr));
v6_addr.source=htons(5204);//5200~5299?
inet_pton(AF_INET6,"3001:da8:205:1::901",&(v6_addr.daddr));
v6_addr.dest=htons(80);//any
ipv6_addr.v6=&v6_addr;
const char* table_name="IP_PLUS_CONFIG";
table_id=Maat_table_register(g_feather,table_name);
EXPECT_GT(table_id, 0);
//for improving performance.
Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION,NULL, 0);
ret=Maat_scan_proto_addr(g_feather, table_id, &ipv6_addr, 6, result,4, &mid, 0);
EXPECT_EQ(ret, 1);
EXPECT_EQ(result[0].config_id, 155);
Maat_clean_status(&mid);
return;
}
TEST(NOTLogic, OneRegion)
{
const char* string_should_hit="This string ONLY contains must-contained-string-of-rule-143.";