diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index be99465..1af8467 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -32,12 +32,6 @@ struct bool_plugin_schema { unsigned long long unmatch_tag_cnt; }; -struct bool_plugin_item { - long long item_id; - size_t n_bool_item; - unsigned long long bool_item_id[MAX_ITEMS_PER_BOOL_EXPR]; -}; - struct bool_plugin_runtime { struct bool_matcher *matcher; struct ex_data_runtime *ex_data_rt; @@ -150,6 +144,33 @@ int bool_plugin_table_set_ex_data_schema(void *bool_plugin_schema, return 0; } + +static int cmp_ull_p(const void *p1, const void *p2) +{ + if(* (unsigned long long*) p1 > * (unsigned long long*) p2) { + return 1; + } else if(* (unsigned long long*) p1 < * (unsigned long long*) p2) { + return -1; + } else { + return 0; + } +} + +size_t ull_dedup(unsigned long long item_ids[], size_t n_item) +{ + size_t index = 0; + + qsort(item_ids, n_item, sizeof(unsigned long long), cmp_ull_p); + + for (size_t i = 1; i < n_item; i++) { + if (item_ids[i] != item_ids[index]) { + item_ids[++index] = item_ids[i]; + } + } + + return index + 1; +} + void *bool_plugin_runtime_new(void *bool_plugin_schema, int max_thread_num, struct maat_garbage_bin *garbage_bin, struct log_handle *logger) @@ -189,38 +210,27 @@ void bool_plugin_runtime_free(void *bool_plugin_runtime) FREE(bool_plugin_rt); } -int bool_plugin_table_ex_data_schema_flag(struct bool_plugin_schema *bool_plugin_schema) -{ - return 0; -} - -int bool_plugin_runtime_update_row(struct bool_plugin_runtime *rt, - struct bool_plugin_schema *schema, +int bool_plugin_runtime_update_row(struct bool_plugin_runtime *bool_plugin_rt, const char *row, char *key, size_t key_len, struct bool_expr *expr, int is_valid) { int ret = -1; - struct ex_data_runtime *ex_data_rt = rt->ex_data_rt; - int set_flag = bool_plugin_table_ex_data_schema_flag(schema); + struct ex_data_runtime *ex_data_rt = bool_plugin_rt->ex_data_rt; - if (1 == set_flag) { - if (0 == is_valid) { - //delete - ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); - if (ret < 0) { - return -1; - } - } else { - //add - void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len); - struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)expr); - ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container); - if (ret < 0) { - return -1; - } + if (0 == is_valid) { + // delete + ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); + if (ret < 0) { + return -1; } } else { - ex_data_runtime_cache_row_put(ex_data_rt, row); + // add + void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len); + struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)expr); + ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container); + if (ret < 0) { + return -1; + } } return 0; @@ -267,8 +277,8 @@ int bool_plugin_accept_tag_match(struct bool_plugin_schema *schema, const char * return TAG_MATCH_MATCHED; } -struct bool_plugin_item * -bool_plugin_item_new(const char *line, struct bool_plugin_schema *schema, +struct bool_expr * +bool_plugin_expr_new(const char *line, struct bool_plugin_schema *schema, struct log_handle *logger) { int ret = bool_plugin_accept_tag_match(schema, line, logger); @@ -280,8 +290,9 @@ bool_plugin_item_new(const char *line, struct bool_plugin_schema *schema, size_t column_len = 0; size_t n_item = 0; char expr_buffer[BUFSIZ] = {0}; + unsigned long long items[MAX_ITEMS_PER_BOOL_EXPR] = {0}; char *token = NULL, *sub_token = NULL, *saveptr; - struct bool_plugin_item *item = ALLOC(struct bool_plugin_item, 1); + struct bool_expr *bool_expr = ALLOC(struct bool_expr, 1); ret = get_column_pos(line, schema->item_id_column, &column_offset, &column_len); if (ret < 0) { @@ -290,7 +301,7 @@ bool_plugin_item_new(const char *line, struct bool_plugin_schema *schema, schema->table_id, line); goto error; } - item->item_id = atoll(line + column_offset); + bool_expr->expr_id = atoll(line + column_offset); ret = get_column_pos(line, schema->bool_expr_column, &column_offset, &column_len); if (ret < 0) { @@ -307,7 +318,7 @@ bool_plugin_item_new(const char *line, struct bool_plugin_schema *schema, break; } - ret = sscanf(sub_token, "%llu", item->bool_item_id + n_item); + ret = sscanf(sub_token, "%llu", items + n_item); n_item++; if (ret != 1 || n_item > MAX_ITEMS_PER_BOOL_EXPR) { log_error(logger, MODULE_BOOL_PLUGIN, @@ -316,59 +327,24 @@ bool_plugin_item_new(const char *line, struct bool_plugin_schema *schema, goto error; } } - item->n_bool_item = n_item; - return item; + n_item = ull_dedup(items, n_item); + for (size_t i = 0; i < n_item; i++) { + bool_expr->items[i].item_id = items[i]; + bool_expr->items[i].not_flag = 0; + } + + bool_expr->item_num = n_item; + + return bool_expr; error: - FREE(item); + FREE(bool_expr); return NULL; } -void bool_plugin_item_free(struct bool_plugin_item *item) +void bool_plugin_expr_free(struct bool_expr *expr) { - FREE(item); -} - -static int cmp_ull_p(const void *p1, const void *p2) -{ - if(* (unsigned long long*) p1 > * (unsigned long long*) p2) { - return 1; - } else if(* (unsigned long long*) p1 < * (unsigned long long*) p2) { - return -1; - } else { - return 0; - } -} - -size_t ull_dedup(unsigned long long item_ids[], size_t n_item) -{ - size_t index = 0; - - qsort(item_ids, n_item, sizeof(unsigned long long), cmp_ull_p); - - for (size_t i = 1; i < n_item; i++) { - if (item_ids[i] != item_ids[index]) { - item_ids[++index] = item_ids[i]; - } - } - - return index + 1; -} - -struct bool_expr *bool_expr_new(long long item_id, struct bool_plugin_item *item) -{ - struct bool_expr *expr = ALLOC(struct bool_expr, 1); - - expr->expr_id = item_id; - size_t n_item = ull_dedup(item->bool_item_id, item->n_bool_item); - for (size_t i = 0; i < n_item; i++) { - expr->items[i].item_id = item->bool_item_id[i]; - expr->items[i].not_flag = 0; - } - - expr->item_num = n_item; - - return expr; + FREE(expr); } int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_schema, @@ -379,8 +355,7 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_sche return -1; } - struct bool_plugin_item *item = NULL; - struct bool_expr *expr = NULL; + struct bool_expr *bool_expr = NULL; struct bool_plugin_schema *schema = (struct bool_plugin_schema *)bool_plugin_schema; struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime; long long item_id = get_column_value(line, schema->item_id_column); @@ -396,22 +371,18 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_sche if (schema->ex_schema != NULL) { if (1 == is_valid) { // add - item = bool_plugin_item_new(line, schema, bool_plugin_rt->logger); - if (NULL == item) { + bool_expr = bool_plugin_expr_new(line, schema, bool_plugin_rt->logger); + if (NULL == bool_expr) { return -1; } - - expr = bool_expr_new(item_id, item); - assert(expr != NULL); - bool_plugin_item_free(item); } char *key = (char *)&item_id; - int ret = bool_plugin_runtime_update_row(bool_plugin_rt, schema, line, key, - sizeof(long long), expr, is_valid); + int ret = bool_plugin_runtime_update_row(bool_plugin_rt, line, key, + sizeof(long long), bool_expr, is_valid); if (ret < 0) { - if (item != NULL) { - FREE(item); + if (bool_expr != NULL) { + bool_plugin_expr_free(bool_expr); } return -1; } else { diff --git a/src/maat_compile.c b/src/maat_compile.c index e8ae258..01ab2fe 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -1034,7 +1034,7 @@ maat_compile_bool_matcher_new(struct maat_compile *compile_hash, #if 0 struct maat_literal_id *p = NULL; for(p = (struct maat_literal_id *)utarray_front(compile->clause_states[i].literal_ids); p!=NULL; p=(struct maat_literal_id *)utarray_next(compile->clause_states[i].literal_ids,p)) { - printf("compile_id:%lu, clause_id:%llu, literal{%lu: %d}\n", + printf("compile_id:%llu, clause_id:%llu, literal{%llu: %d}\n", compile->compile_id, compile->clause_states[i].clause_id, p->group_id, p->vtable_id); } #endif diff --git a/src/maat_ex_data.c b/src/maat_ex_data.c index b803e9c..edbff71 100644 --- a/src/maat_ex_data.c +++ b/src/maat_ex_data.c @@ -72,7 +72,7 @@ void ex_data_runtime_free(struct ex_data_runtime *ex_data_rt) } void ex_data_runtime_commit(struct ex_data_runtime *ex_data_rt) -{ +{ rcu_hash_commit(ex_data_rt->htable); } @@ -220,7 +220,7 @@ int ex_data_runtime_add_ex_container(struct ex_data_runtime *ex_data_rt, } rcu_hash_add(ex_data_rt->htable, key, key_len, ex_container); - + return 0; } @@ -246,6 +246,7 @@ void *ex_data_runtime_get_ex_data_by_key(struct ex_data_runtime *ex_data_rt, const char *key, size_t key_len) { struct ex_data_container *ex_container = NULL; + ex_container = (struct ex_data_container *)rcu_hash_find(ex_data_rt->htable, key, key_len); if (NULL == ex_container) { diff --git a/src/maat_expr.c b/src/maat_expr.c index e063c98..2a97b5c 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -186,6 +186,8 @@ struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schem assert(strlen(district) > 0); str_unescape(district); expr_item->district_id = table_manager_get_district_id(expr_schema->ref_tbl_mgr, district); + } else { + expr_item->district_id = DISTRICT_ANY; } ret = get_column_pos(line, expr_schema->expr_type_column, &column_offset, &column_len); @@ -877,7 +879,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *d for (size_t i = 0; i < n_hit_item; i++) { item = (struct maat_item_inner *)(hit_results[i].user_tag); - if (item->district_id == district_id || district_id == DISTRICT_ANY) { + if (item->district_id == district_id || item->district_id == DISTRICT_ANY) { hit_item_ids[real_hit_item_cnt++] = hit_results[i].item_id; } } diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index 55b70a5..3af7c68 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -34,12 +34,6 @@ struct fqdn_plugin_schema { unsigned long long unmatch_tag_cnt; }; -struct fqdn_plugin_item { - long long item_id; - int suffix_flag; - -}; - struct fqdn_plugin_runtime { struct FQDN_engine *engine; struct ex_data_runtime *ex_data_rt; @@ -238,8 +232,8 @@ int fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema, const char * return TAG_MATCH_MATCHED; } -struct fqdn_plugin_item * -fqdn_plugin_item_new(const char *line, struct fqdn_plugin_schema *schema, +struct FQDN_rule * +fqdn_plugin_rule_new(const char *line, struct fqdn_plugin_schema *schema, struct log_handle *logger) { int ret = fqdn_plugin_accept_tag_match(schema, line, logger); @@ -249,7 +243,9 @@ fqdn_plugin_item_new(const char *line, struct fqdn_plugin_schema *schema, size_t column_offset = 0; size_t column_len = 0; - struct fqdn_plugin_item *item = ALLOC(struct fqdn_plugin_item, 1); + const char *fqdn = NULL; + size_t fqdn_len = 0; + struct FQDN_rule *fqdn_plugin_rule = ALLOC(struct FQDN_rule, 1); ret = get_column_pos(line, schema->item_id_column, &column_offset, &column_len); if (ret < 0) { @@ -258,7 +254,7 @@ fqdn_plugin_item_new(const char *line, struct fqdn_plugin_schema *schema, schema->table_id, line); goto error; } - item->item_id = atoll(line + column_offset); + fqdn_plugin_rule->id = atoi(line + column_offset); ret = get_column_pos(line, schema->suffix_flag_column, &column_offset, &column_len); if (ret < 0) { @@ -267,7 +263,7 @@ fqdn_plugin_item_new(const char *line, struct fqdn_plugin_schema *schema, schema->table_id, line); goto error; } - item->suffix_flag = atoi(line + column_offset); + fqdn_plugin_rule->is_suffix_match = atoi(line + column_offset); ret = get_column_pos(line, schema->fqdn_column, &column_offset, &column_len); if (ret < 0) { @@ -277,38 +273,60 @@ fqdn_plugin_item_new(const char *line, struct fqdn_plugin_schema *schema, goto error; } - return item; + fqdn = line + column_offset; + fqdn_len = column_len; + + if (fqdn[0] == '.') { + fqdn++; + fqdn_len--; + } + + if (fqdn[fqdn_len] == '/') { + fqdn_len--; + } + + fqdn_plugin_rule->FQDN = ALLOC(char, fqdn_len + 1); + memcpy(fqdn_plugin_rule->FQDN, fqdn, fqdn_len); + fqdn_plugin_rule->len = fqdn_len; + + return fqdn_plugin_rule; error: - FREE(item); + FREE(fqdn_plugin_rule); return NULL; } -struct FQDN_rule *fqdn_rule_new(unsigned int id, const char* fqdn, size_t fqdn_len, int is_suffix_match) +void fqdn_plugin_rule_free(struct FQDN_rule *rule) { - struct FQDN_rule *fqdn_rule=ALLOC(struct FQDN_rule, 1); - //Todo: check FQDN format with regex ^([a-zA-Z0-9._-])+$ - if(fqdn[0]=='.') - { - fqdn++; - fqdn_len--; - } - if(fqdn[fqdn_len]=='/') - { - fqdn_len--; - } - fqdn_rule->FQDN=ALLOC(char, fqdn_len+1); - memcpy(fqdn_rule->FQDN, fqdn, fqdn_len); - fqdn_rule->len=fqdn_len; - fqdn_rule->is_suffix_match=is_suffix_match; - fqdn_rule->id=id; - return fqdn_rule; + if (rule->FQDN != NULL) { + FREE(rule->FQDN); + } + + FREE(rule); } -int fqdn_plugin_runtime_update_row(struct fqdn_plugin_runtime *rt, - struct fqdn_plugin_schema *schema, - const char *row, char *key, size_t key_len, - struct FQDN_rule *rule, int is_valid) +int fqdn_plugin_runtime_update_row(struct fqdn_plugin_runtime *fqdn_plugin_rt, + const char *row, const char *key, size_t key_len, + struct FQDN_rule *fqdn_plugin_rule, int is_valid) { + int ret = -1; + struct ex_data_runtime *ex_data_rt = fqdn_plugin_rt->ex_data_rt; + + if (0 == is_valid) { + // delete + ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); + if (ret < 0) { + return -1; + } + } else { + // add + void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len); + struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)fqdn_plugin_rule); + ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container); + if (ret < 0) { + return -1; + } + } + return 0; } @@ -320,8 +338,7 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, void *fqdn_plugin_sche return -1; } - struct fqdn_plugin_item *item = NULL; - struct FQDN_rule *rule = NULL; + struct FQDN_rule *fqdn_plugin_rule = NULL; struct fqdn_plugin_schema *schema = (struct fqdn_plugin_schema *)fqdn_plugin_schema; struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime; long long item_id = get_column_value(line, schema->item_id_column); @@ -337,22 +354,18 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, void *fqdn_plugin_sche if (schema->ex_schema != NULL) { if (1 == is_valid) { // add - item = fqdn_plugin_item_new(line, schema, fqdn_plugin_rt->logger); - if (NULL == item) { + fqdn_plugin_rule = fqdn_plugin_rule_new(line, schema, fqdn_plugin_rt->logger); + if (NULL == fqdn_plugin_rule) { return -1; } - - //rule = fqdn_rule_new(line, schema, fqdn_plugin_rt->logger); - assert(rule != NULL); - //fqdn_plugin_item_free(item); } char *key = (char *)&item_id; - int ret = fqdn_plugin_runtime_update_row(fqdn_plugin_rt, schema, line, key, - sizeof(long long), rule, is_valid); + int ret = fqdn_plugin_runtime_update_row(fqdn_plugin_rt, line, key, sizeof(long long), + fqdn_plugin_rule, is_valid); if (ret < 0) { - if (item != NULL) { - FREE(item); + if (fqdn_plugin_rule != NULL) { + fqdn_plugin_rule_free(fqdn_plugin_rule); } return -1; } else { @@ -391,8 +404,8 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name struct FQDN_rule *rules = ALLOC(struct FQDN_rule, rule_cnt); for (size_t i = 0; i < rule_cnt; i++) { - rules[i] = *(struct FQDN_rule *)ex_container[i]->custom_data; - assert(rules[i].user_tag == ex_container[i] || NULL == rules[i].user_tag); + rules[i] = *(struct FQDN_rule *)ex_container[i]->custom_data; + assert(rules[i].user_tag == ex_container[i] || rules[i].user_tag == NULL); rules[i].user_tag = ex_container[i]; } diff --git a/src/maat_interval.c b/src/maat_interval.c index cae9fe0..bd69239 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -227,6 +227,8 @@ struct interval_item *interval_item_new(const char *line, struct interval_schema assert(strlen(district) > 0); str_unescape(district); item->district_id = table_manager_get_district_id(schema->ref_tbl_mgr, district); + } else { + item->district_id = DISTRICT_ANY; } ret = get_column_pos(line, schema->low_bound_column, &column_offset, &column_len); diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index ef66d45..6633398 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -22,26 +22,6 @@ #define MODULE_IP_PLUGIN module_name_str("maat.ip_plugin") #define MAX_IP_STR 128 -struct ipv4_item_rule { - uint32_t min_sip; /* 源地址下界;0表示忽略本字段 */ - uint32_t max_sip; /* 源地址上界;0表示固定IP=min_saddr */ -}; - -struct ipv6_item_rule { - uint32_t min_sip[4]; /* 源地址下界;全0表示忽略本字段 */ - uint32_t max_sip[4]; /* 源地址上界;全0表示固定IP=min_saddr */ -}; - -struct ip_plugin_item { - long long item_id; - int ip_type; - union { - struct ipv4_item_rule ipv4; - struct ipv6_item_rule ipv6; - }; - int rule_tag; -}; - struct ip_plugin_schema { int item_id_column; int ip_type_column; @@ -203,8 +183,8 @@ int ip_plugin_accept_tag_match(struct ip_plugin_schema *schema, const char *line return TAG_MATCH_MATCHED; } -struct ip_plugin_item * -ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, +struct ip_rule * +ip_plugin_rule_new(const char *line, struct ip_plugin_schema *schema, struct log_handle *logger) { int ret = ip_plugin_accept_tag_match(schema, line, logger); @@ -217,7 +197,7 @@ ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, char addr_format[16] = {0}; char start_ip_str[40] = {0}; char end_ip_str[40] = {0}; - struct ip_plugin_item *ip_plugin_item = ALLOC(struct ip_plugin_item, 1); + struct ip_rule *ip_plugin_rule = ALLOC(struct ip_rule, 1); ret = get_column_pos(line, schema->item_id_column, &column_offset, &column_len); if (ret < 0) { @@ -226,7 +206,7 @@ ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, schema->table_id, line); goto error; } - ip_plugin_item->item_id = atoll(line + column_offset); + ip_plugin_rule->rule_id = atoi(line + column_offset); ret = get_column_pos(line, schema->ip_type_column, &column_offset, &column_len); if (ret < 0) { @@ -235,11 +215,11 @@ ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, schema->table_id, line); goto error; } - ip_plugin_item->ip_type = atoi(line + column_offset); - if (ip_plugin_item->ip_type != IPv4 && ip_plugin_item->ip_type != IPv6) { + ip_plugin_rule->type = atoi(line + column_offset); + if (ip_plugin_rule->type != IPv4 && ip_plugin_rule->type != IPv6) { log_error(logger, MODULE_IP_PLUGIN, "ip_plugin table(table_id:%d) line:%s ip_type[%d] invalid", - schema->table_id, line, ip_plugin_item->ip_type); + schema->table_id, line, ip_plugin_rule->type); goto error; } @@ -282,9 +262,11 @@ ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, } strncpy(end_ip_str, line + column_offset, column_len); - if (IPv4 == ip_plugin_item->ip_type) { - ret = ip_format2range(ip_plugin_item->ip_type, ip_format_str2int(addr_format), start_ip_str, end_ip_str, - &ip_plugin_item->ipv4.min_sip, &ip_plugin_item->ipv4.max_sip); + if (IPv4 == ip_plugin_rule->type) { + ret = ip_format2range(ip_plugin_rule->type, ip_format_str2int(addr_format), + start_ip_str, end_ip_str, + &ip_plugin_rule->ipv4_rule.start_ip, + &ip_plugin_rule->ipv4_rule.end_ip); if (ret < 0) { log_error(logger, MODULE_IP_PLUGIN, "ip_plugin table(table_id:%d) line:%s ip_format2range(ip4) failed", @@ -293,8 +275,10 @@ ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, } } else { //ipv6 - ret = ip_format2range(ip_plugin_item->ip_type, ip_format_str2int(addr_format), start_ip_str, end_ip_str, - ip_plugin_item->ipv6.min_sip, ip_plugin_item->ipv6.max_sip); + ret = ip_format2range(ip_plugin_rule->type, ip_format_str2int(addr_format), + start_ip_str, end_ip_str, + ip_plugin_rule->ipv6_rule.start_ip, + ip_plugin_rule->ipv6_rule.end_ip); if (ret < 0) { log_error(logger, MODULE_IP_PLUGIN, "ip_plugin table(table_id:%d) line:%s ip_format2range(ip6) failed", @@ -303,15 +287,15 @@ ip_plugin_item_new(const char *line, struct ip_plugin_schema *schema, } } - return ip_plugin_item; + return ip_plugin_rule; error: - FREE(ip_plugin_item); + FREE(ip_plugin_rule); return NULL; } -void ip_plugin_item_free(struct ip_plugin_item *item) +void ip_plugin_rule_free(struct ip_rule *rule) { - FREE(item); + FREE(rule); } void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema, @@ -328,7 +312,7 @@ void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema, int ip_plugin_runtime_update_row(struct ip_plugin_runtime *ip_plugin_rt, const char *row, char *key, size_t key_len, - struct ip_plugin_item *ip_plugin_item, int is_valid) + struct ip_rule *ip_plugin_rule, int is_valid) { int ret = -1; struct ex_data_runtime *ex_data_rt = ip_plugin_rt->ex_data_rt; @@ -342,7 +326,7 @@ int ip_plugin_runtime_update_row(struct ip_plugin_runtime *ip_plugin_rt, } else { // add void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len); - struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)ip_plugin_item); + struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)ip_plugin_rule); ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container); if (ret < 0) { return -1; @@ -391,24 +375,6 @@ void ip_plugin_runtime_free(void *ip_plugin_runtime) FREE(ip_plugin_rt); } -void ip_plugin_item_to_ip_rule(struct ip_plugin_item *item, struct ip_rule *rule) -{ - if (IPv4 == item->ip_type) { - rule->type = IPv4; - rule->ipv4_rule.start_ip = item->ipv4.min_sip; - rule->ipv4_rule.end_ip = item->ipv4.max_sip; - } else { - rule->type = IPv6; - memcpy(rule->ipv6_rule.start_ip, item->ipv6.min_sip, - sizeof(item->ipv6.min_sip)); - memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_sip, - sizeof(item->ipv6.max_sip)); - } - - rule->rule_id = item->item_id; - rule->user_tag = NULL; -} - int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, const char *line, int valid_column) { @@ -417,7 +383,8 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, return -1; } - struct ip_plugin_item *ip_plugin_item = NULL; + //struct ip_plugin_item *ip_plugin_item = NULL; + struct ip_rule *ip_plugin_rule = NULL; struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema; struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; long long item_id = get_column_value(line, schema->item_id_column); @@ -433,18 +400,18 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, if (schema->ex_schema != NULL) { if (1 == is_valid) { // add - ip_plugin_item = ip_plugin_item_new(line, schema, ip_plugin_rt->logger); - if (NULL == ip_plugin_item) { + ip_plugin_rule = ip_plugin_rule_new(line, schema, ip_plugin_rt->logger); + if (NULL == ip_plugin_rule) { return -1; } } char *key = (char *)&item_id; int ret = ip_plugin_runtime_update_row(ip_plugin_rt, line, key, sizeof(long long), - ip_plugin_item, is_valid); + ip_plugin_rule, is_valid); if (ret < 0) { - if (ip_plugin_item != NULL) { - FREE(ip_plugin_item); + if (ip_plugin_rule != NULL) { + ip_plugin_rule_free(ip_plugin_rule); } return -1; } else { @@ -483,9 +450,8 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name) struct ip_rule *rules = ALLOC(struct ip_rule, rule_cnt); for (size_t i = 0; i < rule_cnt; i++) { - struct ip_plugin_item *item = (struct ip_plugin_item *)ex_container[i]->custom_data; - assert(item != NULL); - ip_plugin_item_to_ip_rule(item, &rules[i]); + rules[i] = *(struct ip_rule *)ex_container[i]->custom_data; + assert(rules[i].user_tag == ex_container[i] || rules[i].user_tag == NULL); rules[i].user_tag = ex_container[i]; } diff --git a/src/maat_plugin.c b/src/maat_plugin.c index 2eb2529..bbe3223 100644 --- a/src/maat_plugin.c +++ b/src/maat_plugin.c @@ -262,25 +262,29 @@ void plugin_runtime_free(void *plugin_runtime) int plugin_runtime_update_row(struct plugin_runtime *plugin_rt, struct plugin_schema *plugin_schema, - const char *row, char *key, size_t key_len, - int is_valid) + const char *row, const char *key, + size_t key_len, int is_valid) { int ret = -1; struct ex_data_schema *ex_schema = plugin_schema->ex_schema; + char hash_key[key_len + 1]; + memset(hash_key, 0, sizeof(hash_key)); + memcpy(hash_key, key, key_len); + /* already set plugin_table_schema's ex_data_schema */ if (ex_schema != NULL) { if (is_valid == 0) { // delete - ret = ex_data_runtime_del_ex_container(plugin_rt->ex_data_rt, key, key_len); + ret = ex_data_runtime_del_ex_container(plugin_rt->ex_data_rt, hash_key, key_len); if (ret < 0) { return -1; } } else { // add - void *ex_data = ex_data_runtime_row2ex_data(plugin_rt->ex_data_rt, row, key, key_len); + void *ex_data = ex_data_runtime_row2ex_data(plugin_rt->ex_data_rt, row, hash_key, key_len); struct ex_data_container *ex_container = ex_data_container_new(ex_data, NULL); - ret = ex_data_runtime_add_ex_container(plugin_rt->ex_data_rt, key, key_len, ex_container); + ret = ex_data_runtime_add_ex_container(plugin_rt->ex_data_rt, hash_key, key_len, ex_container); if (ret < 0) { return -1; } @@ -362,9 +366,14 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema, return -1; } - long long item_id = get_column_value(line, schema->key_column); - char *key = (char *)&item_id; - ret = plugin_runtime_update_row(plugin_rt, schema, line, key, sizeof(long long), is_valid); + size_t key_offset = 0, key_len = 0; + ret = get_column_pos(line, schema->key_column, &key_offset, &key_len); + if (ret < 0) { + return -1; + } + + const char *key = line + key_offset; + ret = plugin_runtime_update_row(plugin_rt, schema, line, key, key_len, is_valid); if (ret < 0) { schema->update_err_cnt++; return -1; @@ -435,6 +444,6 @@ void *plugin_runtime_get_ex_data(void *plugin_runtime, void *plugin_schema, cons if (NULL == schema->ex_schema) { return NULL; } - + return ex_data_runtime_get_ex_data_by_key(plugin_rt->ex_data_rt, key, strlen(key)); } \ No newline at end of file diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 2c0a7e6..ba3e8bc 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -234,6 +234,35 @@ TEST_F(MaatStringScan, ExprPlus) { maat_state_free(&state); } +TEST_F(MaatStringScan, ExprAndExprPlus) { + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + struct maat_state *state = NULL; + const char *expr_table_name = "HTTP_URL_LITERAL"; + const char *expr_plus_table_name = "HTTP_SIGNATURE"; + const char *region_name = "I love China"; + const char *scan_data = "today is Monday and yesterday is Tuesday"; + int expr_table_id = maat_table_get_id(g_maat_instance, expr_table_name); + int expr_plus_table_id = maat_table_get_id(g_maat_instance, expr_plus_table_name); + + int ret = maat_scan_string(g_maat_instance, expr_plus_table_id, 0, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, &state); + EXPECT_EQ(ret, MAAT_SCAN_ERR); + + ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name)); + ASSERT_EQ(ret, 0); + ret = maat_scan_string(g_maat_instance, expr_plus_table_id, 0, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, &state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + ret = maat_scan_string(g_maat_instance, expr_table_id, 0, scan_data, strlen(scan_data), + results, ARRAY_SIZE, &n_hit_result, &state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(results[0], 195); + maat_state_free(&state); + +} + //TODO: #if 0 TEST_F(MaatStringScan, ShouldNotHitExprPlus) { diff --git a/test/maat_json.json b/test/maat_json.json index 6108473..56c958f 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -2402,6 +2402,46 @@ ] } ] + }, + { + "compile_id": 195, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "I love China", + "keywords": "today&yesterday", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + }, + { + "regions": [ + { + "table_name": "HTTP_URL_LITERAL", + "table_type": "expr", + "table_content": { + "keywords": "Monday", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] } ], "plugin_table": [