gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[BUGFIX]fix xx_plugin user_tag lifecycle

Browse Source
This commit is contained in:
liuwentan
2023-10-09 15:15:05 +08:00
parent 01c290e509
commit f09aa3e1fe
12 changed files with 67 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/inc_internal/maat_ex_data.h
View File

@@ -77,8 +77,8 @@ int ex_data_runtime_add_ex_container(struct ex_data_runtime *ex_data_rt,
int ex_data_runtime_del_ex_container(struct ex_data_runtime *ex_data_rt,
const char *key, size_t key_len);
size_t ex_data_runtime_list_ex_container(struct ex_data_runtime *ex_data_rt,
struct ex_container ***ex_container);
size_t ex_data_runtime_list_updating_ex_container(struct ex_data_runtime *ex_data_rt,
struct ex_container ***ex_container);
size_t ex_data_runtime_ex_container_count(struct ex_data_runtime *ex_data_rt);

8
src/maat_bool_plugin.c
View File

@@ -33,11 +33,11 @@ struct bool_plugin_schema {
struct bool_plugin_runtime {
struct bool_matcher *matcher;
struct ex_data_runtime *ex_data_rt;
long long rule_num;
size_t n_worker_thread;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
long long rule_num;
long long update_err_cnt;
};
@@ -449,11 +449,9 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
return 0;
}
ex_data_runtime_commit(ex_data_rt);
struct bool_expr *rules = NULL;
struct ex_container **ex_container = NULL;
size_t rule_cnt = ex_data_runtime_list_ex_container(ex_data_rt, &ex_container);
size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt, &ex_container);
if (rule_cnt > 0) {
rules = ALLOC(struct bool_expr, rule_cnt);
for (size_t i = 0; i < rule_cnt; i++) {
@@ -485,6 +483,8 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
old_bool_matcher = bool_plugin_rt->matcher;
bool_plugin_rt->matcher = new_bool_matcher;
ex_data_runtime_commit(ex_data_rt);
if (old_bool_matcher != NULL) {
maat_garbage_bagging(bool_plugin_rt->ref_garbage_bin, old_bool_matcher, NULL,
garbage_bool_matcher_free);

6
src/maat_ex_data.c
View File

@@ -280,10 +280,10 @@ int ex_data_runtime_is_updating(struct ex_data_runtime *ex_data_rt)
return rcu_hash_is_updating(ex_data_rt->htable);
}
size_t ex_data_runtime_list_ex_container(struct ex_data_runtime *ex_data_rt,
struct ex_container ***ex_container)
size_t ex_data_runtime_list_updating_ex_container(struct ex_data_runtime *ex_data_rt,
struct ex_container ***ex_container)
{
return rcu_hash_list(ex_data_rt->htable, (void ***)ex_container);
return rcu_updating_hash_list(ex_data_rt->htable, (void ***)ex_container);
}
void ex_data_runtime_garbage_collect_routine(struct ex_data_runtime *ex_data_rt)

11
src/maat_fqdn_plugin.c
View File

@@ -34,11 +34,12 @@ struct fqdn_plugin_schema {
struct fqdn_plugin_runtime {
struct FQDN_engine *engine;
struct ex_data_runtime *ex_data_rt;
long long rule_num;
long long update_err_cnt;
size_t n_worker_thread;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
long long rule_num;
long long update_err_cnt;
};
void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -455,11 +456,9 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
return 0;
}
ex_data_runtime_commit(ex_data_rt);
struct FQDN_rule *rules = NULL;
struct ex_container **ex_container = NULL;
size_t rule_cnt = ex_data_runtime_list_ex_container(ex_data_rt, &ex_container);
size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt, &ex_container);
if (rule_cnt > 0) {
rules = ALLOC(struct FQDN_rule, rule_cnt);
for (size_t i = 0; i < rule_cnt; i++) {
@@ -490,6 +489,8 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
old_fqdn_engine = fqdn_plugin_rt->engine;
fqdn_plugin_rt->engine = new_fqdn_engine;
ex_data_runtime_commit(ex_data_rt);
if (old_fqdn_engine != NULL) {
maat_garbage_bagging(fqdn_plugin_rt->ref_garbage_bin, old_fqdn_engine, NULL,
garbage_fqdn_engine_free);

25
src/maat_ip.c
View File

@@ -66,7 +66,6 @@ struct ip_item {
struct ip_runtime {
struct ip_matcher *ip_matcher;
struct interval_matcher *intval_matcher;
struct rcu_hash_table *item_hash; // <item_id, struct ip_item>
long long rule_num;
@@ -428,11 +427,6 @@ void ip_runtime_free(void *ip_runtime)
ip_rt->ip_matcher = NULL;
}
if (ip_rt->intval_matcher != NULL) {
interval_matcher_free(ip_rt->intval_matcher);
ip_rt->intval_matcher = NULL;
}
if (ip_rt->item_hash != NULL) {
rcu_hash_free(ip_rt->item_hash);
ip_rt->item_hash = NULL;
@@ -601,9 +595,6 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name,
struct ip_matcher *new_ip_matcher = NULL;
struct ip_matcher *old_ip_matcher = NULL;
struct interval_matcher *new_intval_matcher = NULL;
struct interval_matcher *old_intval_matcher = NULL;
if (rule_cnt > 0) {
new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used);
if (NULL == new_ip_matcher) {
@@ -617,15 +608,6 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name,
"table[%s] commit %zu ip rules and rebuild ip_matcher completed"
", version:%lld", table_name, rule_cnt, maat_rt_version);
}
new_intval_matcher = interval_matcher_new(intval_rules, rule_cnt);
if (NULL == new_intval_matcher) {
log_error(ip_rt->logger, MODULE_IP,
"[%s:%d] table[%s] rebuild interval_matcher engine "
"failed when update %zu ip rules", __FUNCTION__, __LINE__,
table_name, rule_cnt);
ret = -1;
}
}
old_ip_matcher = ip_rt->ip_matcher;
@@ -637,13 +619,6 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name,
garbage_ip_matcher_free);
}
old_intval_matcher = ip_rt->intval_matcher;
ip_rt->intval_matcher = new_intval_matcher;
if (old_intval_matcher != NULL) {
maat_garbage_bagging(ip_rt->ref_garbage_bin, old_intval_matcher, NULL,
garbage_interval_matcher_free);
}
ip_rt->rule_num = rule_cnt;
if (rules != NULL) {

11
src/maat_ip_plugin.c
View File

@@ -38,11 +38,12 @@ struct ip_plugin_schema {
struct ip_plugin_runtime {
struct ip_matcher *ip_matcher;
struct ex_data_runtime *ex_data_rt;
long long rule_num;
long long update_err_cnt;
size_t n_worker_thread;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
long long rule_num;
long long update_err_cnt;
};
void *ip_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -494,11 +495,9 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name,
return 0;
}
ex_data_runtime_commit(ex_data_rt);
struct ip_rule *rules = NULL;
struct ex_container **ex_container = NULL;
size_t rule_cnt = ex_data_runtime_list_ex_container(ex_data_rt, &ex_container);
size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt, &ex_container);
if (rule_cnt > 0) {
rules = ALLOC(struct ip_rule, rule_cnt);
for (size_t i = 0; i < rule_cnt; i++) {
@@ -529,6 +528,8 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name,
old_ip_matcher = ip_plugin_rt->ip_matcher;
ip_plugin_rt->ip_matcher = new_ip_matcher;
ex_data_runtime_commit(ex_data_rt);
if (old_ip_matcher != NULL) {
maat_garbage_bagging(ip_plugin_rt->ref_garbage_bin, old_ip_matcher, NULL,
garbage_ip_matcher_free);

18
src/maat_ipport_plugin.c
View File

@@ -57,15 +57,14 @@ struct ipport_item {
struct ipport_plugin_runtime {
struct ip_matcher *ip_matcher;
struct interval_matcher *intval_matcher;
struct rcu_hash_table *item_hash; //<item_id, struct ipport_item>
long long rule_num;
long long update_err_cnt;
struct ex_data_runtime *ex_data_rt;
size_t n_worker_thread;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
long long rule_num;
long long update_err_cnt;
};
void *ipport_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -239,11 +238,6 @@ void ipport_plugin_runtime_free(void *ipport_plugin_runtime)
ipport_plugin_rt->ip_matcher = NULL;
}
if (ipport_plugin_rt->intval_matcher != NULL) {
interval_matcher_free(ipport_plugin_rt->intval_matcher);
ipport_plugin_rt->intval_matcher = NULL;
}
if (ipport_plugin_rt->ex_data_rt != NULL) {
ex_data_runtime_free(ipport_plugin_rt->ex_data_rt);
ipport_plugin_rt->ex_data_rt = NULL;
@@ -477,11 +471,9 @@ int ipport_plugin_runtime_commit(void *ipport_plugin_runtime, const char *table_
return 0;
}
ex_data_runtime_commit(ex_data_rt);
struct ip_rule *rules = NULL;
struct ex_container **ex_container = NULL;
size_t rule_cnt = ex_data_runtime_list_ex_container(ex_data_rt, &ex_container);
size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt, &ex_container);
if (rule_cnt > 0) {
rules = ALLOC(struct ip_rule, rule_cnt);
for (size_t i = 0; i < rule_cnt; i++) {
@@ -512,6 +504,8 @@ int ipport_plugin_runtime_commit(void *ipport_plugin_runtime, const char *table_
old_ip_matcher = ipport_plugin_rt->ip_matcher;
ipport_plugin_rt->ip_matcher = new_ip_matcher;
ex_data_runtime_commit(ex_data_rt);
if (old_ip_matcher != NULL) {
maat_garbage_bagging(ipport_plugin_rt->ref_garbage_bin, old_ip_matcher, NULL,
garbage_ip_matcher_free);

7
src/maat_plugin.c
View File

@@ -32,12 +32,13 @@ struct plugin_callback_schema {
};
struct plugin_runtime {
long long acc_line_num;
struct ex_data_runtime *ex_data_rt;
long long rule_num;
long long update_err_cnt;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
long long rule_num;
long long acc_line_num;
long long update_err_cnt;
};
enum plugin_key_type {

2
src/maat_utils.c
View File

@@ -318,7 +318,7 @@ int crypt_memory(const unsigned char *inbuf, size_t inlen, unsigned char **pp_ou
int ret = EVP_BytesToKey(cipher, dgst, salt, (unsigned char *)key,
strlen((const char *)key), 1, cipher_key, cipher_iv);
if(0 == ret) {
snprintf(err_str, err_str_sz, "Key and IV generatioin failed.");
snprintf(err_str, err_str_sz, "Key and IV generation failed.");
return 0;
}