gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

compile/plugin table callback function normalization

Browse Source
This commit is contained in:
liuwentan
2023-02-23 11:37:02 +08:00
parent 9578be5ff3
commit d1aee82fe2
16 changed files with 156 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
include/maat.h
View File

@@ -48,14 +48,6 @@ enum maat_scan_status {
MAAT_SCAN_HIT //scan hit compile MAAT_SCAN_HIT //scan hit compile
}; };
#define MAX_SERVICE_DEFINE_LEN 128
struct maat_rule {
long long config_id;
uint8_t reserved;
int serv_def_len;
char service_defined[MAX_SERVICE_DEFINE_LEN];
};
struct ip_addr { struct ip_addr {
int ip_type; //4: IPv4, 6: IPv6 int ip_type; //4: IPv4, 6: IPv6
union { union {
@@ -68,15 +60,9 @@ typedef void maat_start_callback_t(int update_type, void *u_param);
typedef void maat_update_callback_t(int table_id, const char *table_line, void *u_para); typedef void maat_update_callback_t(int table_id, const char *table_line, void *u_para);
typedef void maat_finish_callback_t(void *u_para); typedef void maat_finish_callback_t(void *u_para);
typedef void maat_plugin_ex_new_func_t(int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp); typedef void maat_ex_new_func_t(int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp);
typedef void maat_plugin_ex_free_func_t(int table_id, void **ad, long argl, void *argp); typedef void maat_ex_free_func_t(int table_id, void **ad, long argl, void *argp);
typedef void maat_plugin_ex_dup_func_t(int table_id, void **to, void **from, long argl, void *argp); typedef void maat_ex_dup_func_t(int table_id, void **to, void **from, long argl, void *argp);
typedef void maat_rule_ex_new_func_t(int idx, const struct maat_rule *rule, const char *srv_def_large,
void **ex_data, long argl, void *argp);
typedef void maat_rule_ex_free_func_t(int idx, const struct maat_rule *rule, const char *srv_def_large,
void **ex_data, long argl, void *argp);
typedef void maat_rule_ex_dup_func_t(int idx, void **to, void **from, long argl, void *argp);
/* maat_instance options API */ /* maat_instance options API */
struct maat_options; struct maat_options;
@@ -111,18 +97,18 @@ int maat_table_callback_register(struct maat *instance, int table_id,
/* maat compile table API */ /* maat compile table API */
int maat_compile_table_ex_schema_register(struct maat *instance, int table_id, int maat_compile_table_ex_schema_register(struct maat *instance, int table_id,
maat_rule_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_rule_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_rule_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp); long argl, void *argp);
void *maat_compile_table_get_ex_data(struct maat *instance, int compile_table_id, void *maat_compile_table_get_ex_data(struct maat *instance, int compile_table_id,
long long compile_id, size_t idx); long long compile_id);
/* maat plugin table API */ /* maat plugin table API */
int maat_plugin_table_ex_schema_register(struct maat *instance, int table_id, int maat_plugin_table_ex_schema_register(struct maat *instance, int table_id,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp); long argl, void *argp);
/* returned data is duplicated by dup_func of maat_plugin_table_ex_schema_register, /* returned data is duplicated by dup_func of maat_plugin_table_ex_schema_register,
caller is responsible to free the data. */ caller is responsible to free the data. */

6
src/inc_internal/maat_bool_plugin.h
View File

@@ -33,9 +33,9 @@ void bool_plugin_schema_free(void *bool_plugin_schema);
struct ex_data_schema *bool_plugin_table_get_ex_data_schema(void *bool_plugin_schema); struct ex_data_schema *bool_plugin_table_get_ex_data_schema(void *bool_plugin_schema);
int bool_plugin_table_set_ex_data_schema(void *bool_plugin_schema, int bool_plugin_table_set_ex_data_schema(void *bool_plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger); struct log_handle *logger);

29
src/inc_internal/maat_compile.h
View File

@@ -21,16 +21,6 @@ extern "C"
#include "maat_kv.h" #include "maat_kv.h"
#include "maat_rule.h" #include "maat_rule.h"
struct compile_ex_data_schema {
maat_rule_ex_new_func_t *new_func;
maat_rule_ex_free_func_t *free_func;
maat_rule_ex_dup_func_t *dup_func;
long argl;
void *argp;
int idx;
int table_id;
};
struct compile_schema; struct compile_schema;
struct compile_runtime; struct compile_runtime;
struct maat_compile_state; struct maat_compile_state;
@@ -46,17 +36,14 @@ void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
void group2compile_schema_free(void *g2c_schema); void group2compile_schema_free(void *g2c_schema);
int group2compile_associated_compile_table_id(void *g2c_schema); int group2compile_associated_compile_table_id(void *g2c_schema);
int compile_table_set_rule_ex_data_schema(struct compile_schema *compile_schema, int compile_table_set_ex_data_schema(struct compile_schema *compile_schema, int table_id,
int table_id, maat_ex_new_func_t *new_func,
maat_rule_ex_new_func_t *new_func, maat_ex_free_func_t *free_func,
maat_rule_ex_free_func_t *free_func, maat_ex_dup_func_t *dup_func,
maat_rule_ex_dup_func_t *dup_func, long argl, void *argp,
long argl, void *argp, struct log_handle *logger);
struct log_handle *logger); void *compile_table_get_ex_data(struct compile_schema *compile_schema, long long compile_id);
void *compile_table_get_rule_ex_data(struct compile_schema *compile_schema, long long compile_id, size_t idx); void compile_table_ex_data_iterate(struct compile_schema *compile_schema);
void compile_table_rule_ex_data_iterate(struct compile_schema *compile_schema, int idx);
size_t compile_table_rule_ex_data_schema_count(struct compile_schema *compile_schema);
/* compile runtime API */ /* compile runtime API */
void *compile_runtime_new(void *compile_schema, int max_thread_num, void *compile_runtime_new(void *compile_schema, int max_thread_num,

14
src/inc_internal/maat_ex_data.h
View File

@@ -30,6 +30,14 @@ struct ex_container_ctx {
struct ex_data_schema *ex_schema; struct ex_data_schema *ex_schema;
}; };
struct ex_data_schema {
maat_ex_new_func_t *new_func;
maat_ex_free_func_t *free_func;
maat_ex_dup_func_t *dup_func;
long argl;
void *argp;
};
struct ex_data_runtime; struct ex_data_runtime;
/* ex_data_runtime API */ /* ex_data_runtime API */
@@ -49,9 +57,9 @@ size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt);
void ex_data_runtime_clear_row_cache(struct ex_data_runtime *ex_data_rt); void ex_data_runtime_clear_row_cache(struct ex_data_runtime *ex_data_rt);
/* set schema API */ /* set schema API */
struct ex_data_schema *ex_data_schema_new(maat_plugin_ex_new_func_t *new_func, struct ex_data_schema *ex_data_schema_new(maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp); long argl, void *argp);
void ex_data_schema_free(struct ex_data_schema *ex_schema); void ex_data_schema_free(struct ex_data_schema *ex_schema);

6
src/inc_internal/maat_fqdn_plugin.h
View File

@@ -33,9 +33,9 @@ void fqdn_plugin_schema_free(void *fqdn_plugin_schema);
struct ex_data_schema *fqdn_plugin_table_get_ex_data_schema(void *fqdn_plugin_schema); struct ex_data_schema *fqdn_plugin_table_get_ex_data_schema(void *fqdn_plugin_schema);
int fqdn_plugin_table_set_ex_data_schema(void *fqdn_plugin_schema, int fqdn_plugin_table_set_ex_data_schema(void *fqdn_plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger); struct log_handle *logger);

6
src/inc_internal/maat_ip_plugin.h
View File

@@ -33,9 +33,9 @@ void ip_plugin_schema_free(void *ip_plugin_schema);
struct ex_data_schema *ip_plugin_table_get_ex_data_schema(void *ip_plugin_schema); struct ex_data_schema *ip_plugin_table_get_ex_data_schema(void *ip_plugin_schema);
void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema, void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger); struct log_handle *logger);

6
src/inc_internal/maat_plugin.h
View File

@@ -41,9 +41,9 @@ int plugin_table_get_foreign_column(struct plugin_schema *plugin_schema, int *fo
/* plugin table ex data API */ /* plugin table ex data API */
void plugin_table_set_ex_data_schema(void *plugin_schema, void plugin_table_set_ex_data_schema(void *plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger); struct log_handle *logger);
struct ex_data_schema *plugin_table_get_ex_data_schema(void *custom_schema); struct ex_data_schema *plugin_table_get_ex_data_schema(void *custom_schema);

10
src/inc_internal/maat_rule.h
View File

@@ -60,12 +60,6 @@ enum tag_match {
TAG_MATCH_MATCHED TAG_MATCH_MATCHED
}; };
struct maat_rule_head {
long long config_id;
char resevered;
int serv_def_len;
};
#define ITEM_RULE_MAGIC 0x4d3c2b1a #define ITEM_RULE_MAGIC 0x4d3c2b1a
struct maat_item_inner { struct maat_item_inner {
long long magic_num; long long magic_num;
@@ -88,8 +82,8 @@ struct maat_item {
struct compile_rule { struct compile_rule {
long long magic_num; long long magic_num;
long long compile_id; long long compile_id;
struct maat_rule_head head;// fix len of Maat_rule_t char *table_line;
char *service_defined; size_t table_line_len;
int declared_clause_num; int declared_clause_num;
double evaluation_order; double evaluation_order;
struct compile_schema *ref_table; struct compile_schema *ref_table;

30
src/maat_api.c
View File

@@ -455,9 +455,9 @@ int maat_table_callback_register(struct maat *maat_instance, int table_id,
} }
int maat_compile_table_ex_schema_register(struct maat *maat_instance, int table_id, int maat_compile_table_ex_schema_register(struct maat *maat_instance, int table_id,
maat_rule_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_rule_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_rule_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp) long argl, void *argp)
{ {
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM) { if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM) {
@@ -475,36 +475,36 @@ int maat_compile_table_ex_schema_register(struct maat *maat_instance, int table_
assert(compile_schema != NULL); assert(compile_schema != NULL);
pthread_mutex_lock(&(maat_instance->background_update_mutex)); pthread_mutex_lock(&(maat_instance->background_update_mutex));
int idx = compile_table_set_rule_ex_data_schema((struct compile_schema *)compile_schema, table_id, int ret = compile_table_set_ex_data_schema((struct compile_schema *)compile_schema, table_id,
new_func, free_func, dup_func, new_func, free_func, dup_func,
argl, argp, maat_instance->logger); argl, argp, maat_instance->logger);
if (idx < 0) { if (ret < 0) {
pthread_mutex_unlock(&(maat_instance->background_update_mutex)); pthread_mutex_unlock(&(maat_instance->background_update_mutex));
return -1; return -1;
} }
if (maat_instance->maat_rt != NULL) { if (maat_instance->maat_rt != NULL) {
compile_table_rule_ex_data_iterate((struct compile_schema *)compile_schema, idx); compile_table_ex_data_iterate((struct compile_schema *)compile_schema);
} }
pthread_mutex_unlock(&(maat_instance->background_update_mutex)); pthread_mutex_unlock(&(maat_instance->background_update_mutex));
return idx; return 0;
} }
void *maat_compile_table_get_ex_data(struct maat *maat_instance, int compile_table_id, void *maat_compile_table_get_ex_data(struct maat *maat_instance, int compile_table_id,
long long compile_id, size_t idx) long long compile_id)
{ {
struct compile_schema *schema = (struct compile_schema *)table_manager_get_schema(maat_instance->tbl_mgr, struct compile_schema *schema = (struct compile_schema *)table_manager_get_schema(maat_instance->tbl_mgr,
compile_table_id); compile_table_id);
enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, compile_table_id); enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, compile_table_id);
assert(table_type == TABLE_TYPE_COMPILE); assert(table_type == TABLE_TYPE_COMPILE);
return compile_table_get_rule_ex_data(schema, compile_id, idx); return compile_table_get_ex_data(schema, compile_id);
} }
int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, int table_id, int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, int table_id,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, struct log_handle *logger) long argl, void *argp, struct log_handle *logger)
{ {
if (NULL == tbl_mgr || NULL == new_func || NULL == free_func || NULL == dup_func) { if (NULL == tbl_mgr || NULL == new_func || NULL == free_func || NULL == dup_func) {
@@ -650,9 +650,9 @@ void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, int ta
} }
int maat_plugin_table_ex_schema_register(struct maat *maat_instance, int table_id, int maat_plugin_table_ex_schema_register(struct maat *maat_instance, int table_id,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp) long argl, void *argp)
{ {
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM) { if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM) {

6
src/maat_bool_plugin.c
View File

@@ -127,9 +127,9 @@ struct ex_data_schema *bool_plugin_table_get_ex_data_schema(void *bool_plugin_sc
} }
int bool_plugin_table_set_ex_data_schema(void *bool_plugin_schema, int bool_plugin_table_set_ex_data_schema(void *bool_plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger) struct log_handle *logger)
{ {

149
src/maat_compile.c
View File

@@ -21,12 +21,12 @@
#include "maat_compile.h" #include "maat_compile.h"
#include "maat_garbage_collection.h" #include "maat_garbage_collection.h"
#include "maat_group.h" #include "maat_group.h"
#include "maat_ex_data.h"
#include "rcu_hash.h" #include "rcu_hash.h"
#include "maat_table.h" #include "maat_table.h"
#define MODULE_COMPILE module_name_str("maat.compile") #define MODULE_COMPILE module_name_str("maat.compile")
#define MAX_TABLE_LINE_SIZE (1024 * 16) #define MAX_TABLE_LINE_SIZE (1024 * 16)
#define MAX_COMPILE_EX_DATA_NUM 2
enum user_region_encode { enum user_region_encode {
USER_REGION_ENCODE_NONE = 0, USER_REGION_ENCODE_NONE = 0,
@@ -41,8 +41,7 @@ struct compile_schema {
int declared_clause_num_column; int declared_clause_num_column;
int evaluation_order_column; int evaluation_order_column;
enum user_region_encode user_region_encoding; enum user_region_encode user_region_encoding;
size_t n_ex_schema; struct ex_data_schema *ex_schema;
struct compile_ex_data_schema ex_schema[MAX_COMPILE_EX_DATA_NUM];
int table_id; //ugly int table_id; //ugly
struct table_manager *ref_tbl_mgr; struct table_manager *ref_tbl_mgr;
size_t unmatched_tag_cnt; size_t unmatched_tag_cnt;
@@ -157,31 +156,30 @@ struct maat_compile_state {
UT_array *this_scan_hit_clauses; UT_array *this_scan_hit_clauses;
}; };
int compile_table_set_rule_ex_data_schema(struct compile_schema *compile_schema, int compile_table_set_ex_data_schema(struct compile_schema *compile_schema,
int table_id, int table_id,
maat_rule_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_rule_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_rule_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger) struct log_handle *logger)
{ {
if (compile_schema->n_ex_schema == MAX_COMPILE_EX_DATA_NUM) { if (compile_schema->ex_schema != NULL) {
log_error(logger, MODULE_COMPILE, log_error(logger, MODULE_COMPILE,
"compile ex schema num reach maxium, can't set anymore"); "compile ex schema has been set already, can't set anymore");
return -1; return -1;
} }
int idx = compile_schema->n_ex_schema; //compile_schema->ex_schema[idx].table_id = table_id;
compile_schema->ex_schema[idx].idx = idx; compile_schema->ex_schema = ALLOC(struct ex_data_schema, 1);
compile_schema->ex_schema[idx].table_id = table_id;
compile_schema->ex_schema[idx].argl = argl;
compile_schema->ex_schema[idx].argp = argp;
compile_schema->ex_schema[idx].new_func = new_func;
compile_schema->ex_schema[idx].free_func = free_func;
compile_schema->ex_schema[idx].dup_func = dup_func;
compile_schema->n_ex_schema++;
return idx; compile_schema->ex_schema->argl = argl;
compile_schema->ex_schema->argp = argp;
compile_schema->ex_schema->new_func = new_func;
compile_schema->ex_schema->free_func = free_func;
compile_schema->ex_schema->dup_func = dup_func;
return 0;
} }
void *compile_runtime_get_user_data(struct compile_runtime *compile_rt, long long compile_id, int is_dettach) void *compile_runtime_get_user_data(struct compile_runtime *compile_rt, long long compile_id, int is_dettach)
@@ -202,83 +200,68 @@ void *compile_runtime_get_user_data(struct compile_runtime *compile_rt, long lon
return ret; return ret;
} }
void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head, void *rule_ex_data_new(int table_id, const char *table_line,
const char *srv_def, int srv_def_len) const struct ex_data_schema *ex_schema)
{
memcpy(rule, rule_head, sizeof(struct maat_rule_head));
memcpy(rule->service_defined, srv_def, MIN(srv_def_len, MAX_SERVICE_DEFINE_LEN));
}
void *rule_ex_data_new(const struct maat_rule_head *rule_head, const char *srv_def,
const struct compile_ex_data_schema *ex_schema)
{ {
void *ex_data = NULL; void *ex_data = NULL;
struct maat_rule rule;
fill_maat_rule(&rule, rule_head, srv_def, strlen(srv_def)+1); ex_schema->new_func(table_id, NULL, table_line, &ex_data, ex_schema->argl, ex_schema->argp);
ex_schema->new_func(ex_schema->idx, &rule, srv_def, &ex_data, ex_schema->argl, ex_schema->argp);
return ex_data; return ex_data;
} }
void rule_ex_data_free(const struct maat_rule_head *rule_head, const char *srv_def, void rule_ex_data_free(int table_id, void **ex_data, const struct ex_data_schema *ex_schema)
void *ex_data, const struct compile_ex_data_schema *ex_schema)
{ {
struct maat_rule rule; ex_schema->free_func(table_id, ex_data, ex_schema->argl, ex_schema->argp);
memset(&rule, 0, sizeof(rule));
fill_maat_rule(&rule, rule_head, srv_def, strlen(srv_def)+1);
ex_schema->free_func(ex_schema->idx, &rule, srv_def, ex_data,
ex_schema->argl, ex_schema->argp);
} }
void rule_ex_data_new_cb(void *user_data, void *param) void rule_ex_data_new_cb(void *user_data, void *param, int table_id)
{ {
struct compile_ex_data_schema *ex_schema = (struct compile_ex_data_schema *)param; struct ex_data_schema *ex_schema = (struct ex_data_schema *)param;
struct compile_rule *compile = (struct compile_rule *)user_data; struct compile_rule *compile = (struct compile_rule *)user_data;
// if(compile->ref_table->table_id!=ex_desc->table_id) // if(compile->ref_table->table_id!=ex_desc->table_id)
// { // {
// return; // return;
// } // }
void *ad = rule_ex_data_new(&(compile->head), compile->service_defined, ex_schema); void *ad = rule_ex_data_new(table_id, compile->table_line, ex_schema);
compile->ex_data[ex_schema->idx] = ad; *compile->ex_data = ad;
} }
void compile_runtime_user_data_iterate(struct compile_runtime *compile_rt, void compile_runtime_user_data_iterate(struct compile_runtime *compile_rt,
void (*callback)(void *user_data, void *param), void (*callback)(void *user_data, void *param, int table_id),
void *param) void *param, int table_id)
{ {
struct maat_compile *compile = NULL, *tmp_compile = NULL; struct maat_compile *compile = NULL, *tmp_compile = NULL;
pthread_rwlock_rdlock(&compile_rt->rwlock); pthread_rwlock_rdlock(&compile_rt->rwlock);
HASH_ITER(hh, compile_rt->compile_hash, compile, tmp_compile) { HASH_ITER(hh, compile_rt->compile_hash, compile, tmp_compile) {
if (compile->user_data) { if (compile->user_data) {
callback(compile->user_data, param); callback(compile->user_data, param, table_id);
} }
} }
pthread_rwlock_unlock(&compile_rt->rwlock); pthread_rwlock_unlock(&compile_rt->rwlock);
} }
void compile_table_rule_ex_data_iterate(struct compile_schema *compile_schema, int idx) void compile_table_ex_data_iterate(struct compile_schema *compile_schema)
{ {
if (NULL == compile_schema) { if (NULL == compile_schema) {
return; return;
} }
if (idx >= compile_schema->n_ex_schema) { if (NULL == compile_schema->ex_schema) {
return; return;
} }
struct compile_ex_data_schema *ex_schema = (compile_schema->ex_schema + idx); struct ex_data_schema *ex_schema = compile_schema->ex_schema;
struct compile_runtime *compile_rt = NULL; struct compile_runtime *compile_rt = NULL;
compile_rt = (struct compile_runtime *)table_manager_get_runtime(compile_schema->ref_tbl_mgr, compile_rt = (struct compile_runtime *)table_manager_get_runtime(compile_schema->ref_tbl_mgr,
compile_schema->table_id); compile_schema->table_id);
compile_runtime_user_data_iterate(compile_rt, rule_ex_data_new_cb, ex_schema); compile_runtime_user_data_iterate(compile_rt, rule_ex_data_new_cb, ex_schema, compile_schema->table_id);
} }
void *compile_table_get_rule_ex_data(struct compile_schema *compile_schema, long long compile_id, size_t idx) void *compile_table_get_ex_data(struct compile_schema *compile_schema, long long compile_id)
{ {
if (NULL == compile_schema) { if (NULL == compile_schema) {
return NULL; return NULL;
@@ -293,24 +276,14 @@ void *compile_table_get_rule_ex_data(struct compile_schema *compile_schema, long
if (NULL == compile_rule) { if (NULL == compile_rule) {
return NULL; return NULL;
} }
void *ex_data = NULL; void *ex_data = NULL;
assert(idx < compile_schema->n_ex_schema); struct ex_data_schema *ex_schema = compile_schema->ex_schema;
struct compile_ex_data_schema *ex_schema = &(compile_schema->ex_schema[idx]); ex_schema->dup_func(compile_schema->table_id, &ex_data, compile_rule->ex_data, ex_schema->argl, ex_schema->argp);
ex_schema->dup_func(ex_schema->idx, &ex_data, compile_rule->ex_data + idx, ex_schema->argl, ex_schema->argp);
return ex_data; return ex_data;
} }
size_t compile_table_rule_ex_data_schema_count(struct compile_schema *compile_schema)
{
if (NULL == compile_schema) {
return 0;
}
return compile_schema->n_ex_schema;
}
UT_icd ut_literal_id_icd = {sizeof(struct maat_literal_id), NULL, NULL, NULL}; UT_icd ut_literal_id_icd = {sizeof(struct maat_literal_id), NULL, NULL, NULL};
UT_icd ut_clause_id_icd = {sizeof(long long), NULL, NULL, NULL}; UT_icd ut_clause_id_icd = {sizeof(long long), NULL, NULL, NULL};
UT_icd ut_hit_path_icd = {sizeof(struct maat_internal_hit_path), NULL, NULL, NULL}; UT_icd ut_hit_path_icd = {sizeof(struct maat_internal_hit_path), NULL, NULL, NULL};
@@ -1484,29 +1457,23 @@ int maat_compile_state_has_NOT_clause(struct maat_compile_state *compile_state)
void compile_item_to_compile_rule(struct compile_item *compile_item, void compile_item_to_compile_rule(struct compile_item *compile_item,
struct compile_schema *compile_schema, struct compile_schema *compile_schema,
struct compile_rule *compile_rule) struct compile_rule *compile_rule,
const char *table_line)
{ {
struct maat_rule_head rule_head;
rule_head.config_id = compile_item->compile_id;
compile_rule->magic_num = COMPILE_RULE_MAGIC; compile_rule->magic_num = COMPILE_RULE_MAGIC;
compile_rule->head = rule_head;
compile_rule->declared_clause_num = compile_item->declared_clause_num; compile_rule->declared_clause_num = compile_item->declared_clause_num;
compile_rule->ex_data = ALLOC(void *, MAX_COMPILE_EX_DATA_NUM);
compile_rule->ref_table = compile_schema; compile_rule->ref_table = compile_schema;
compile_rule->head.serv_def_len = strlen(compile_item->user_region); compile_rule->ex_data = ALLOC(void *, 1);
compile_rule->service_defined = ALLOC(char, compile_rule->head.serv_def_len); compile_rule->table_line_len = strlen(table_line) + 1;
memcpy(compile_rule->service_defined, compile_item->user_region, compile_rule->table_line = ALLOC(char, compile_rule->table_line_len);
compile_rule->head.serv_def_len); memcpy(compile_rule->table_line, table_line, compile_rule->table_line_len);
compile_rule->evaluation_order = compile_item->evaluation_order; compile_rule->evaluation_order = compile_item->evaluation_order;
size_t n_rule_ex_schema =compile_schema->n_ex_schema; if (compile_schema->ex_schema != NULL) {
for (size_t i = 0; i < n_rule_ex_schema; i++) { *(compile_rule->ex_data) = rule_ex_data_new(compile_schema->table_id, compile_rule->table_line,
struct compile_ex_data_schema *ex_schema = &(compile_schema->ex_schema[i]); compile_schema->ex_schema);
compile_rule->ex_data[i] = rule_ex_data_new(&compile_rule->head,
compile_rule->service_defined, ex_schema);
} }
compile_rule->compile_id = compile_item->compile_id; compile_rule->compile_id = compile_item->compile_id;
pthread_rwlock_init(&compile_rule->rwlock, NULL); pthread_rwlock_init(&compile_rule->rwlock, NULL);
} }
@@ -1516,18 +1483,14 @@ void destroy_compile_rule(struct compile_rule *compile_rule)
struct compile_schema *schema = compile_rule->ref_table; struct compile_schema *schema = compile_rule->ref_table;
assert(compile_rule->magic_num==COMPILE_RULE_MAGIC); assert(compile_rule->magic_num==COMPILE_RULE_MAGIC);
size_t n_rule_ex_schema = schema->n_ex_schema; if (schema->ex_schema != NULL) {
for (size_t i = 0; i < n_rule_ex_schema; i++) { rule_ex_data_free(schema->table_id, compile_rule->ex_data, schema->ex_schema);
struct compile_ex_data_schema *ex_schema = &(schema->ex_schema[i]); *compile_rule->ex_data = NULL;
rule_ex_data_free(&(compile_rule->head), compile_rule->service_defined, }
compile_rule->ex_data+i, ex_schema); FREE(compile_rule->ex_data);
compile_rule->ex_data[i] = NULL;
}
free(compile_rule->ex_data);
compile_rule->declared_clause_num = -1; compile_rule->declared_clause_num = -1;
free(compile_rule->service_defined); FREE(compile_rule->table_line);
compile_rule->service_defined = NULL; FREE(compile_rule);
free(compile_rule);
} }
int compile_runtime_update(void *compile_runtime, void *compile_schema, int compile_runtime_update(void *compile_runtime, void *compile_schema,
@@ -1582,7 +1545,7 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema,
} }
struct compile_rule *compile_rule = ALLOC(struct compile_rule, 1); struct compile_rule *compile_rule = ALLOC(struct compile_rule, 1);
compile_item_to_compile_rule(compile_item, schema, compile_rule); compile_item_to_compile_rule(compile_item, schema, compile_rule, line);
compile_item_free(compile_item); compile_item_free(compile_item);
compile_item = NULL; compile_item = NULL;

14
src/maat_ex_data.c
View File

@@ -19,14 +19,6 @@
#define MODULE_EX_DATA module_name_str("maat.ex_data") #define MODULE_EX_DATA module_name_str("maat.ex_data")
struct ex_data_schema {
maat_plugin_ex_new_func_t *new_func;
maat_plugin_ex_free_func_t *free_func;
maat_plugin_ex_dup_func_t *dup_func;
long argl;
void *argp;
};
struct ex_data_runtime { struct ex_data_runtime {
UT_array *cache_rows; UT_array *cache_rows;
size_t cache_row_num; size_t cache_row_num;
@@ -127,9 +119,9 @@ void ex_data_runtime_clear_row_cache(struct ex_data_runtime *ex_data_rt)
ex_data_rt->cache_size = 0; ex_data_rt->cache_size = 0;
} }
struct ex_data_schema *ex_data_schema_new(maat_plugin_ex_new_func_t *new_func, struct ex_data_schema *ex_data_schema_new(maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp) long argl, void *argp)
{ {
struct ex_data_schema *ex_schema = ALLOC(struct ex_data_schema, 1); struct ex_data_schema *ex_schema = ALLOC(struct ex_data_schema, 1);

6
src/maat_fqdn_plugin.c
View File

@@ -135,9 +135,9 @@ struct ex_data_schema *fqdn_plugin_table_get_ex_data_schema(void *fqdn_plugin_sc
} }
int fqdn_plugin_table_set_ex_data_schema(void *fqdn_plugin_schema, int fqdn_plugin_table_set_ex_data_schema(void *fqdn_plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger) struct log_handle *logger)
{ {

6
src/maat_ip_plugin.c
View File

@@ -315,9 +315,9 @@ void ip_plugin_item_free(struct ip_plugin_item *item)
} }
void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema, void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger) struct log_handle *logger)
{ {

6
src/maat_plugin.c
View File

@@ -206,9 +206,9 @@ int plugin_table_get_foreign_column(struct plugin_schema *plugin_schema,
} }
void plugin_table_set_ex_data_schema(void *plugin_schema, void plugin_table_set_ex_data_schema(void *plugin_schema,
maat_plugin_ex_new_func_t *new_func, maat_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func, maat_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func, maat_ex_dup_func_t *dup_func,
long argl, void *argp, long argl, void *argp,
struct log_handle *logger) struct log_handle *logger)
{ {

43
test/maat_framework_gtest.cpp
View File

@@ -453,6 +453,8 @@ protected:
TEST_F(MaatIPScan, IPv4) { TEST_F(MaatIPScan, IPv4) {
const char *table_name = "IP_PLUS_CONFIG"; const char *table_name = "IP_PLUS_CONFIG";
int table_id = maat_table_get_id(g_maat_instance, table_name); int table_id = maat_table_get_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
char ip_str[32] = "10.0.7.100"; char ip_str[32] = "10.0.7.100";
uint32_t sip; uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip); int ret = inet_pton(AF_INET, ip_str, &sip);
@@ -881,25 +883,32 @@ struct rule_ex_param {
pthread_mutex_t lock; pthread_mutex_t lock;
}; };
void compile_ex_param_new(int idx, const struct maat_rule *rule, const char *srv_def_large, void compile_ex_param_new(int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
void **ad, long argl, void *argp)
{ {
int *counter = (int *)argp; int *counter = (int *)argp;
*ad = NULL; *ad = NULL;
ASSERT_GT(rule->serv_def_len, 4);
struct rule_ex_param *param = (struct rule_ex_param *)calloc(sizeof(struct rule_ex_param), 1); struct rule_ex_param *param = (struct rule_ex_param *)calloc(sizeof(struct rule_ex_param), 1);
param->ref_cnt = 1; param->ref_cnt = 1;
pthread_mutex_init(&(param->lock), NULL); pthread_mutex_init(&(param->lock), NULL);
sscanf(srv_def_large, "%*[^:]:%[^,],%d", param->name, &(param->id)); int compile_id = 0;
int service_id = 0;
int action = 0;
int do_blacklist = 0;
int do_log = 0;
char tags[1024] = {0};
sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%s\t%*[^:]:%[^,],%d",
&compile_id, &service_id, &action, &do_blacklist, &do_log,
tags, param->name, &(param->id));
(*counter)++; (*counter)++;
*ad = param; *ad = param;
} }
void compile_ex_param_free(int idx, const struct maat_rule *rule, const char *srv_def_large, void compile_ex_param_free(int table_id, void **ad, long argl, void *argp)
void **ad, long argl, void *argp)
{ {
if (*ad == NULL) { if (*ad == NULL) {
return; return;
@@ -915,7 +924,7 @@ void compile_ex_param_free(int idx, const struct maat_rule *rule, const char *sr
free(param); free(param);
} }
void compile_ex_param_dup(int idx, void **to, void **from, long argl, void *argp) void compile_ex_param_dup(int table_id, void **to, void **from, long argl, void *argp)
{ {
struct rule_ex_param *from_param = *((struct rule_ex_param **)from); struct rule_ex_param *from_param = *((struct rule_ex_param **)from);
pthread_mutex_lock(&(from_param->lock)); pthread_mutex_lock(&(from_param->lock));
@@ -936,25 +945,27 @@ TEST_F(CompileTable, CompileEXData) {
int compile_table_id = maat_table_get_id(g_maat_instance, compile_table_name); int compile_table_id = maat_table_get_id(g_maat_instance, compile_table_name);
int ex_data_counter = 0; int ex_data_counter = 0;
int ex_param_idx = maat_compile_table_ex_schema_register(g_maat_instance, compile_table_id, int ret = maat_compile_table_ex_schema_register(g_maat_instance, compile_table_id,
compile_ex_param_new, compile_ex_param_new,
compile_ex_param_free, compile_ex_param_free,
compile_ex_param_dup, compile_ex_param_dup,
0, &ex_data_counter); 0, &ex_data_counter);
ASSERT_TRUE(ex_param_idx >= 0); ASSERT_TRUE(ret == 0);
int ret = maat_scan_string(g_maat_instance, table_id, 0, url, strlen(url), ret = maat_scan_string(g_maat_instance, table_id, 0, url, strlen(url),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 141); EXPECT_EQ(results[0], 141);
void *ex_data = maat_compile_table_get_ex_data(g_maat_instance, compile_table_id, results[0], ex_param_idx); void *ex_data = maat_compile_table_get_ex_data(g_maat_instance, compile_table_id, results[0]);
ASSERT_TRUE(ex_data!=NULL); ASSERT_TRUE(ex_data!=NULL);
struct rule_ex_param *param = (struct rule_ex_param *)ex_data; struct rule_ex_param *param = (struct rule_ex_param *)ex_data;
EXPECT_EQ(param->id, 7799); EXPECT_EQ(param->id, 7799);
str_unescape(param->name);
EXPECT_EQ(strcmp(param->name, expect_name), 0); EXPECT_EQ(strcmp(param->name, expect_name), 0);
compile_ex_param_free(0, NULL, NULL, &ex_data, 0, NULL); compile_ex_param_free(compile_table_id, &ex_data, 0, NULL);
maat_state_free(&state); maat_state_free(&state);
} }