diff --git a/scanner/CMakeLists.txt b/scanner/CMakeLists.txt index 827602b..f3569cc 100644 --- a/scanner/CMakeLists.txt +++ b/scanner/CMakeLists.txt @@ -4,6 +4,7 @@ add_definitions(-fPIC) include_directories(${PROJECT_SOURCE_DIR}/deps) include_directories(${PROJECT_SOURCE_DIR}/include) include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal) +include_directories(${PROJECT_SOURCE_DIR}/scanner/ip_matcher) add_subdirectory(ip_matcher/IntervalIndex) diff --git a/scanner/ipport_matcher/ipport_matcher.c b/scanner/ipport_matcher/ipport_matcher.c index c4271c3..d7bf610 100644 --- a/scanner/ipport_matcher/ipport_matcher.c +++ b/scanner/ipport_matcher/ipport_matcher.c @@ -7,6 +7,7 @@ * Copyright: (c) Since 2023 Geedge Networks, Ltd. All rights reserved. *********************************************************************************************** */ +#include #include "uthash/utarray.h" #include "uthash/uthash.h" @@ -23,13 +24,25 @@ struct port_range { struct ipport_node { int ip_type; //IPV4 or IPV6 - uint32_t ip_addr[4]; + uint32_t start_ip_addr[4]; + uint32_t end_ip_addr[4]; UT_array *port_range_list; //array to store UT_hash_handle hh; }; struct ipport_matcher { struct ipport_node *ipport_hash; + struct ip_matcher *ip_matcher; +}; + +struct ipport_hash_key_ipv4 { + uint32_t start_ip_addr; + uint32_t end_ip_addr; +}; + +struct ipport_hash_key_ipv6 { + uint32_t start_ip_addr[4]; + uint32_t end_ip_addr[4]; }; UT_icd ut_port_range_icd = {sizeof(struct port_range), NULL, NULL, NULL}; @@ -70,36 +83,39 @@ struct ipport_matcher *ipport_matcher_new(struct ipport_rule *rules, size_t rule return NULL; } + struct ip_rule *ip_rules = NULL; struct ipport_matcher *matcher = ALLOC(struct ipport_matcher, 1); struct ipport_node *node = NULL; char *key = NULL; size_t key_len = 0; for (size_t i = 0; i < rule_num; i++) { - if (rules[i].ip.ip_type == IPV4) { - key = (char *)&rules[i].ip.ipv4; - key_len = 4; + if (rules[i].ip_type == IPV4) { + key = (char *)&rules[i].ipv4; + key_len = sizeof(rules[i].ipv4); } else { - key = (char *)rules[i].ip.ipv6; - key_len = 16; + key = (char *)&rules[i].ipv6; + key_len = sizeof(rules[i].ipv6); } HASH_FIND(hh, matcher->ipport_hash, key, key_len, node); if (NULL == node) { node = ALLOC(struct ipport_node, 1); - if (rules[i].ip.ip_type == IPV4) { + if (rules[i].ip_type == IPV4) { node->ip_type = IPV4; - node->ip_addr[0] = rules[i].ip.ipv4; + node->start_ip_addr[0] = rules[i].ipv4.start_ip; + node->end_ip_addr[0] = rules[i].ipv4.end_ip; } else { node->ip_type = IPV6; for (size_t j = 0; j < 4; j++) { - node->ip_addr[j] = rules[i].ip.ipv6[j]; + node->start_ip_addr[j] = rules[i].ipv6.start_ip[j]; + node->end_ip_addr[j] = rules[i].ipv6.end_ip[j]; } } utarray_new(node->port_range_list, &ut_port_range_icd); - HASH_ADD_KEYPTR(hh, matcher->ipport_hash, (char *)node->ip_addr, key_len, node); + HASH_ADD_KEYPTR(hh, matcher->ipport_hash, key, key_len, node); } struct port_range range; @@ -110,11 +126,41 @@ struct ipport_matcher *ipport_matcher_new(struct ipport_rule *rules, size_t rule utarray_push_back(node->port_range_list, &range); } + int ip_matcher_cnt = HASH_COUNT(matcher->ipport_hash); + int ip_matcher_idx = 0; + ip_rules = ALLOC(struct ip_rule, ip_matcher_cnt); + struct ipport_node *tmp_node = NULL; HASH_ITER(hh, matcher->ipport_hash, node, tmp_node) { utarray_sort(node->port_range_list, compare_port_range_for_sort); + struct port_range *range = utarray_front(node->port_range_list); + ip_rules[ip_matcher_idx].type = node->ip_type; + ip_rules[ip_matcher_idx].rule_id = range->rule_id; + ip_rules[ip_matcher_idx].user_tag = node; + if (node->ip_type == IPV4) { + ip_rules[ip_matcher_idx].ipv4_rule.start_ip = node->start_ip_addr[0]; + ip_rules[ip_matcher_idx].ipv4_rule.end_ip = node->end_ip_addr[0]; + } else { + for (size_t j = 0; j < 4; j++) { + ip_rules[ip_matcher_idx].ipv6_rule.start_ip[j] = node->start_ip_addr[j]; + ip_rules[ip_matcher_idx].ipv6_rule.end_ip[j] = node->end_ip_addr[j]; + } + } + ip_matcher_idx++; } + assert(ip_matcher_idx == ip_matcher_cnt); + + size_t mem_used = 0; + struct ip_matcher *ip_matcher = ip_matcher_new(ip_rules, ip_matcher_cnt, &mem_used); + if (NULL == ip_matcher) { + FREE(ip_rules); + ipport_matcher_free(matcher); + return NULL; + } + + matcher->ip_matcher = ip_matcher; + return matcher; } @@ -125,23 +171,22 @@ int ipport_matcher_match(struct ipport_matcher *matcher, const struct ip_addr *i return -1; } - char *key = NULL; - size_t key_len = 0; + struct scan_result result; + struct ip_data ip_data = *(const struct ip_data *)ip_addr; + if (ip_data.type == IPv4) { + ip_data.ipv4 = ntohl(ip_data.ipv4); + } else { + memcpy(ip_data.ipv6, ip_data.ipv6, sizeof(ip_data.ipv6)); + } - if (ip_addr->ip_type == IPV4) { - key = (char *)&ip_addr->ipv4; - key_len = 4; - } else { - key = (char *)ip_addr->ipv6; - key_len = 16; - } - - struct ipport_node *node = NULL; - HASH_FIND(hh, matcher->ipport_hash, key, key_len, node); - if (NULL == node) { + int n_result = ip_matcher_match(matcher->ip_matcher, &ip_data, + &result, 1); + if (n_result <= 0) { return 0; } + struct ipport_node *node = result.tag; + uint16_t host_port = ntohs(port); struct port_range range; range.min_port = host_port; diff --git a/scanner/ipport_matcher/ipport_matcher.h b/scanner/ipport_matcher/ipport_matcher.h index 51bdc44..ebf9d54 100644 --- a/scanner/ipport_matcher/ipport_matcher.h +++ b/scanner/ipport_matcher/ipport_matcher.h @@ -18,12 +18,17 @@ extern "C" #include +#include "ip_matcher.h" #include "maat.h" struct ipport_rule { long long rule_id; /* rule id */ void *user_tag; /* point to user-defined data which will return with hit results */ - struct ip_addr ip; + int ip_type; + union { + struct ipv4_range ipv4; + struct ipv6_range ipv6; + }; uint16_t min_port; /* host order */ uint16_t max_port; /* host order */ }; diff --git a/src/maat_ipport_plugin.c b/src/maat_ipport_plugin.c index b953369..62c6657 100644 --- a/src/maat_ipport_plugin.c +++ b/src/maat_ipport_plugin.c @@ -25,7 +25,8 @@ struct ipport_plugin_schema { int item_id_column; int ip_type_column; - int ip_addr_column; + int ip1_column; + int ip2_column; int port1_column; int port2_column; int gc_timeout_s; @@ -117,13 +118,24 @@ void *ipport_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "ip_addr"); + custom_item = cJSON_GetObjectItem(item, "start_ip"); if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->ip_addr_column = custom_item->valueint; + schema->ip1_column = custom_item->valueint; } else { log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport_plugin table:<%s> schema has no" - " ip_addr column", __FUNCTION__, __LINE__, + " ip1 column", __FUNCTION__, __LINE__, + table_name); + goto error; + } + + custom_item = cJSON_GetObjectItem(item, "end_ip"); + if (custom_item != NULL && custom_item->type == cJSON_Number) { + schema->ip2_column = custom_item->valueint; + } else { + log_fatal(logger, MODULE_IPPORT_PLUGIN, + "[%s:%d] ipport_plugin table:<%s> schema has no" + " ip2 column", __FUNCTION__, __LINE__, table_name); goto error; } @@ -273,7 +285,8 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, { size_t column_offset = 0; size_t column_len = 0; - char ip_str[40] = {0}; + char ip1_str[40] = {0}; + char ip2_str[40] = {0}; struct ipport_item *ipport_item = ALLOC(struct ipport_item, 1); int ret = get_column_pos(line, schema->item_id_column, &column_offset, @@ -303,38 +316,67 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, goto error; } - ret = get_column_pos(line, schema->ip_addr_column, &column_offset, + ret = get_column_pos(line, schema->ip1_column, &column_offset, &column_len); if (ret < 0) { log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s> has no ip_addr in line:%s", + "[%s:%d] ipport table:<%s> has no ip1 in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - memcpy(ip_str, (line + column_offset), column_len); + memcpy(ip1_str, (line + column_offset), column_len); + + ret = get_column_pos(line, schema->ip2_column, &column_offset, + &column_len); + if (ret < 0) { + log_fatal(logger, MODULE_IPPORT_PLUGIN, + "[%s:%d] ipport table:<%s> has no ip2 in line:%s", + __FUNCTION__, __LINE__, table_name, line); + goto error; + } + memcpy(ip2_str, (line + column_offset), column_len); if (IPV4 == ipport_item->ip_type) { - uint32_t ipv4_addr = 0; - ret = inet_pton(AF_INET, ip_str, &ipv4_addr); + uint32_t ipv4_addr1 = 0; + uint32_t ipv4_addr2 = 0; + ret = inet_pton(AF_INET, ip1_str, &ipv4_addr1); if (ret < 0) { log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - ipport_item->ipv4.min_ip = ipv4_addr; - ipport_item->ipv4.max_ip = ipv4_addr; + ret = inet_pton(AF_INET, ip2_str, &ipv4_addr2); + if (ret < 0) { + log_fatal(logger, MODULE_IPPORT_PLUGIN, + "[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s", + __FUNCTION__, __LINE__, table_name, line); + goto error; + } + + ipport_item->ipv4.min_ip = ntohl(ipv4_addr1); + ipport_item->ipv4.max_ip = ntohl(ipv4_addr2); } else { //ipv6 - uint32_t ipv6_addr[4] = {0}; - ret = inet_pton(AF_INET6, ip_str, ipv6_addr); + uint32_t ipv6_addr1[4] = {0}; + uint32_t ipv6_addr2[4] = {0}; + ret = inet_pton(AF_INET6, ip1_str, ipv6_addr1); if (ret < 0) { log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - memcpy(ipport_item->ipv6.min_ip, ipv6_addr, sizeof(ipv6_addr)); + ret = inet_pton(AF_INET6, ip2_str, ipv6_addr2); + if (ret < 0) { + log_fatal(logger, MODULE_IPPORT_PLUGIN, + "[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s", + __FUNCTION__, __LINE__, table_name, line); + goto error; + } + + memcpy(ipport_item->ipv6.min_ip, ipv6_addr1, sizeof(ipv6_addr1)); + memcpy(ipport_item->ipv6.max_ip, ipv6_addr2, sizeof(ipv6_addr2)); } ret = get_column_pos(line, schema->port1_column, &column_offset, @@ -485,13 +527,15 @@ static void ipport_item_to_ipport_rule(struct ipport_item *item, struct ipport_rule *rule) { if (IPV4 == item->ip_type) { - rule->ip.ip_type= IPV4; - rule->ip.ipv4 = item->ipv4.min_ip; + rule->ip_type = IPV4; + rule->ipv4.start_ip = item->ipv4.min_ip; + rule->ipv4.end_ip = item->ipv4.max_ip; rule->min_port = item->min_port; rule->max_port = item->max_port; } else { - rule->ip.ip_type = IPV6; - memcpy(rule->ip.ipv6, item->ipv6.min_ip, sizeof(item->ipv6.min_ip)); + rule->ip_type = IPV6; + memcpy(rule->ipv6.start_ip, item->ipv6.min_ip, sizeof(item->ipv6.min_ip)); + memcpy(rule->ipv6.end_ip, item->ipv6.max_ip, sizeof(item->ipv6.max_ip)); rule->min_port = item->min_port; rule->max_port = item->max_port; } diff --git a/src/maat_stat.c b/src/maat_stat.c index 83a6942..ee9e8db 100644 --- a/src/maat_stat.c +++ b/src/maat_stat.c @@ -243,9 +243,9 @@ static void fs_table_row_output(FILE *fp, struct maat_stat *stat, int perf_on) long long total_scan_times = 0, total_hit_times = 0, total_scan_cpu_time = 0; long long total_regv6_num = 0, total_hit_item_num = 0, total_hit_pattern_num = 0; long long g2c_not_clause_num = 0, g2g_excl_rule_num = 0; - struct fieldstat_tag cell_tag = { + struct field cell_tag = { .key = "TBL", - .type = TAG_CSTRING + .type = FIELD_VALUE_CSTRING }; size_t max_table_count = table_manager_table_size(stat->ref_tbl_mgr); diff --git a/test/ipport_matcher_gtest.cpp b/test/ipport_matcher_gtest.cpp index e86699f..dd36834 100644 --- a/test/ipport_matcher_gtest.cpp +++ b/test/ipport_matcher_gtest.cpp @@ -19,10 +19,11 @@ TEST(IPv4PortMatcher, MatchedOneRuleInPortRange) { struct ipport_rule rules[MAX_ARRAY_SIZE]; rules[0].rule_id = 100; - rules[0].ip.ip_type = IPV4; + rules[0].ip_type = IPV4; rules[0].min_port = 100; rules[0].max_port = 150; - inet_pton(AF_INET, ip1_str, &rules[0].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[0].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[0].ipv4.end_ip); struct ipport_matcher *matcher = ipport_matcher_new(rules, 1); ASSERT_TRUE(matcher != NULL); @@ -30,6 +31,7 @@ TEST(IPv4PortMatcher, MatchedOneRuleInPortRange) { struct ip_addr ip; ip.ip_type = IPV4; inet_pton(AF_INET, ip1_str, &ip.ipv4); + ip.ipv4 = htonl(ip.ipv4); uint16_t port = htons(120); struct ipport_result results[MAX_ARRAY_SIZE]; @@ -46,10 +48,11 @@ TEST(IPv4PortMatcher, MatchedOneRuleOnPortRangeBoundary) { struct ipport_rule rules[MAX_ARRAY_SIZE]; rules[0].rule_id = 100; - rules[0].ip.ip_type = IPV4; + rules[0].ip_type = IPV4; rules[0].min_port = 100; rules[0].max_port = 150; - inet_pton(AF_INET, ip1_str, &rules[0].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[0].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[0].ipv4.end_ip); struct ipport_matcher *matcher = ipport_matcher_new(rules, 1); ASSERT_TRUE(matcher != NULL); @@ -57,6 +60,7 @@ TEST(IPv4PortMatcher, MatchedOneRuleOnPortRangeBoundary) { struct ip_addr ip; ip.ip_type = IPV4; inet_pton(AF_INET, ip1_str, &ip.ipv4); + ip.ipv4 = htonl(ip.ipv4); uint16_t port = htons(100); struct ipport_result results[MAX_ARRAY_SIZE]; @@ -82,40 +86,46 @@ TEST(IPv4PortMatcher, MatchedMultiRuleInPortRange) { memset(rules, 0, sizeof(rules)); rules[0].rule_id = 100; - rules[0].ip.ip_type = IPV4; + rules[0].ip_type = IPV4; rules[0].min_port = 100; rules[0].max_port = 150; - inet_pton(AF_INET, ip1_str, &rules[0].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[0].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[0].ipv4.end_ip); rules[1].rule_id = 200; - rules[1].ip.ip_type = IPV4; + rules[1].ip_type = IPV4; rules[1].min_port = 110; rules[1].max_port = 160; - inet_pton(AF_INET, ip1_str, &rules[1].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[1].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[1].ipv4.end_ip); rules[2].rule_id = 300; - rules[2].ip.ip_type = IPV4; + rules[2].ip_type = IPV4; rules[2].min_port = 120; rules[2].max_port = 170; - inet_pton(AF_INET, ip1_str, &rules[2].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[2].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[2].ipv4.end_ip); rules[3].rule_id = 400; - rules[3].ip.ip_type = IPV4; + rules[3].ip_type = IPV4; rules[3].min_port = 130; rules[3].max_port = 180; - inet_pton(AF_INET, ip1_str, &rules[3].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[3].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[3].ipv4.end_ip); rules[4].rule_id = 500; - rules[4].ip.ip_type = IPV4; + rules[4].ip_type = IPV4; rules[4].min_port = 140; rules[4].max_port = 190; - inet_pton(AF_INET, ip1_str, &rules[4].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[4].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[4].ipv4.end_ip); rules[5].rule_id = 600; - rules[5].ip.ip_type = IPV4; + rules[5].ip_type = IPV4; rules[5].min_port = 150; rules[5].max_port = 200; - inet_pton(AF_INET, ip1_str, &rules[5].ip.ipv4); + inet_pton(AF_INET, ip1_str, &rules[5].ipv4.start_ip); + inet_pton(AF_INET, ip1_str, &rules[5].ipv4.end_ip); struct ipport_matcher *matcher = ipport_matcher_new(rules, MAX_ARRAY_SIZE); ASSERT_TRUE(matcher != NULL); @@ -123,6 +133,7 @@ TEST(IPv4PortMatcher, MatchedMultiRuleInPortRange) { struct ip_addr ip; ip.ip_type = IPV4; inet_pton(AF_INET, ip1_str, &ip.ipv4); + ip.ipv4 = htonl(ip.ipv4); uint16_t port = htons(90); //no match rule_id @@ -226,10 +237,11 @@ TEST(IPv6PortMatcher, MatchedOneRuleInPortRange) { struct ipport_rule rules[MAX_ARRAY_SIZE]; rules[0].rule_id = 100; - rules[0].ip.ip_type = IPV6; + rules[0].ip_type = IPV6; rules[0].min_port = 100; rules[0].max_port = 150; - inet_pton(AF_INET6, ip1_str, rules[0].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[0].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[0].ipv6.end_ip); struct ipport_matcher *matcher = ipport_matcher_new(rules, 1); ASSERT_TRUE(matcher != NULL); @@ -253,10 +265,11 @@ TEST(IPv6PortMatcher, MatchedOneRuleOnPortRangeBoundary) { struct ipport_rule rules[MAX_ARRAY_SIZE]; rules[0].rule_id = 100; - rules[0].ip.ip_type = IPV6; + rules[0].ip_type = IPV6; rules[0].min_port = 100; rules[0].max_port = 150; - inet_pton(AF_INET6, ip1_str, rules[0].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[0].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[0].ipv6.end_ip); struct ipport_matcher *matcher = ipport_matcher_new(rules, 1); ASSERT_TRUE(matcher != NULL); @@ -289,40 +302,46 @@ TEST(IPv6PortMatcher, MatchedMultiRuleInPortRange) { memset(rules, 0, sizeof(rules)); rules[0].rule_id = 100; - rules[0].ip.ip_type = IPV6; + rules[0].ip_type = IPV6; rules[0].min_port = 100; rules[0].max_port = 150; - inet_pton(AF_INET6, ip1_str, rules[0].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[0].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[0].ipv6.end_ip); rules[1].rule_id = 200; - rules[1].ip.ip_type = IPV6; + rules[1].ip_type = IPV6; rules[1].min_port = 110; rules[1].max_port = 160; - inet_pton(AF_INET6, ip1_str, rules[1].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[1].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[1].ipv6.end_ip); rules[2].rule_id = 300; - rules[2].ip.ip_type = IPV6; + rules[2].ip_type = IPV6; rules[2].min_port = 120; rules[2].max_port = 170; - inet_pton(AF_INET6, ip1_str, rules[2].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[2].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[2].ipv6.end_ip); rules[3].rule_id = 400; - rules[3].ip.ip_type = IPV6; + rules[3].ip_type = IPV6; rules[3].min_port = 130; rules[3].max_port = 180; - inet_pton(AF_INET6, ip1_str, rules[3].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[3].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[3].ipv6.end_ip); rules[4].rule_id = 500; - rules[4].ip.ip_type = IPV6; + rules[4].ip_type = IPV6; rules[4].min_port = 140; rules[4].max_port = 190; - inet_pton(AF_INET6, ip1_str, rules[4].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[4].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[4].ipv6.end_ip); rules[5].rule_id = 600; - rules[5].ip.ip_type = IPV6; + rules[5].ip_type = IPV6; rules[5].min_port = 150; rules[5].max_port = 200; - inet_pton(AF_INET6, ip1_str, rules[5].ip.ipv6); + inet_pton(AF_INET6, ip1_str, rules[5].ipv6.start_ip); + inet_pton(AF_INET6, ip1_str, rules[5].ipv6.end_ip); struct ipport_matcher *matcher = ipport_matcher_new(rules, MAX_ARRAY_SIZE); ASSERT_TRUE(matcher != NULL); diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 7a9ee88..361f6ff 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -5624,7 +5624,7 @@ void ipport_plugin_ex_new_cb(const char *table_name, int table_id, const char *k ud->rule_id = atoll(table_line + column_offset); - ret = get_column_pos(table_line, 5, &column_offset, &column_len); + ret = get_column_pos(table_line, 6, &column_offset, &column_len); EXPECT_EQ(ret, 0); ud->buffer = ALLOC(char, column_len + 1); @@ -5684,6 +5684,18 @@ TEST_F(IPPortPluginTable, EX_DATA) { EXPECT_EQ(ret, 1); EXPECT_EQ(results[0]->rule_id, 103); + ret = inet_pton(AF_INET, "192.168.100.5", &ipv4.ipv4); + EXPECT_EQ(ret, 1); + + port = htons(150); + + memset(results, 0, sizeof(results)); + ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_id, &ipv4, port, + (void **)results, ARRAY_SIZE); + EXPECT_EQ(ret, 1); + EXPECT_EQ(results[0]->rule_id, 102); + + port = htons(255); struct ip_addr ipv6; ipv6.ip_type = IPv6; inet_pton(AF_INET6, "2001:db8:1234::5210", ipv6.ipv6); @@ -5694,6 +5706,7 @@ TEST_F(IPPortPluginTable, EX_DATA) { EXPECT_EQ(ret, 1); EXPECT_EQ(results[0]->rule_id, 104); + port = htons(255); inet_pton(AF_INET6, "240e:97c:4010:104::17", ipv6.ipv6); ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_id, &ipv6, port, (void**)results, ARRAY_SIZE); diff --git a/test/maat_json.json b/test/maat_json.json index 6d068dc..9cfbdb7 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -4189,10 +4189,10 @@ { "table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA", "table_content": [ - "101\t4\t192.168.100.1\t0\t255\t1", - "102\t4\t192.168.100.2\t100\t200\t1", - "103\t4\t192.168.100.1\t255\t300\t1", - "104\t6\t2001:db8:1234::5210\t255\t512\t1" + "101\t4\t192.168.100.1\t192.168.100.1\t0\t255\t1", + "102\t4\t192.168.100.2\t192.168.100.100\t100\t200\t1", + "103\t4\t192.168.100.1\t192.168.100.1\t255\t300\t1", + "104\t6\t2001:db8:1234::5210\t2001:db8:1234::5220\t255\t512\t1" ] }, { diff --git a/test/table_info.conf b/test/table_info.conf index 902ae53..2280023 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -634,14 +634,15 @@ "table_id":52, "table_name":"TEST_IPPORT_PLUGIN_WITH_EXDATA", "table_type":"ipport_plugin", - "valid_column":6, + "valid_column":7, "custom": { "gc_timeout_s": 3, "item_id":1, "ip_type":2, - "ip_addr":3, - "port1":4, - "port2":5 + "start_ip":3, + "end_ip":4, + "port1":5, + "port2":6 } }, {