gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

table_name->table_id and compile table callback

Browse Source
This commit is contained in:
liuwentan
2023-02-21 11:27:18 +08:00
parent 24b27429a5
commit f8543d9f96
17 changed files with 391 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/inc_internal/maat_compile.h
View File

@@ -54,6 +54,7 @@ int compile_table_set_rule_ex_data_schema(struct compile_schema *compile_schema,
long argl, void *argp,
struct log_handle *logger);
void *compile_table_get_rule_ex_data(struct compile_schema *compile_schema, int compile_id, size_t idx);
void compile_table_rule_ex_data_iterate(struct compile_schema *compile_schema, int idx);
size_t compile_table_rule_ex_data_schema_count(struct compile_schema *compile_schema);

4
src/inc_internal/maat_plugin.h
View File

@@ -60,6 +60,10 @@ int plugin_runtime_commit(void *plugin_runtime, const char *table_name);
struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime);
size_t plugin_runtime_cached_row_count(void *plugin_runtime);
const char *plugin_runtime_cached_row_get(void *plugin_runtime, size_t index);
#ifdef __cplusplus
}
#endif

7
src/inc_internal/maat_rule.h
View File

@@ -18,7 +18,7 @@ extern "C"
#include <stdint.h>
#include <stddef.h>
#include <limits.h>
#include <linux/limits.h>
#include <sys/time.h>
#include <pthread.h>
#include <sys/queue.h>
@@ -35,7 +35,7 @@ extern "C"
#include "maat_rule.h"
#include "maat_virtual.h"
#define MAX_TABLE_NUM 256
#define MAX_TABLE_NUM 1024
#define MAX_COMPILE_TABLE_NUM 16
#define MAX_PHYSICAL_TABLE_NUM 16
@@ -315,9 +315,6 @@ void maat_cmd_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
unsigned long rule_id, const char *table_name,
const char *line, long long timeout);
void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head,
const char *srv_def, int srv_def_len);
#ifdef __cplusplus
}
#endif

12
src/json2iris.c
View File

@@ -8,7 +8,7 @@
***********************************************************************************************
*/
#include <limits.h>
#include <linux/limits.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
@@ -29,6 +29,8 @@
#define mr_region_id_var "SEQUENCE_REGION"
#define mr_group_id_var "SEQUENCE_GROUP"
#define MAX_PATH_LINE 512
const int json_version = 1;
const char *untitled_group_name="Untitled";
@@ -39,12 +41,12 @@ enum maat_group_relation {
struct group_info {
int group_id;
char group_name[PATH_MAX];
char group_name[NAME_MAX];
UT_hash_handle hh;
};
struct iris_table {
char table_name[PATH_MAX];
char table_name[NAME_MAX];
char table_path[PATH_MAX];
int line_count;
enum table_type table_type;
@@ -58,8 +60,8 @@ struct iris_description {
int group_cnt;
int region_cnt;
char tmp_iris_dir[PATH_MAX];
char tmp_iris_index_dir[PATH_MAX];
char tmp_iris_dir[MAX_PATH_LINE];
char tmp_iris_index_dir[MAX_PATH_LINE];
char index_path[PATH_MAX];
struct iris_table *group_table;

268
src/maat_api.c
View File

@@ -11,6 +11,7 @@
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include <linux/limits.h>
#include "maat_utils.h"
#include "json2iris.h"
@@ -34,6 +35,7 @@
#include "maat_plugin.h"
#include "maat_ip_plugin.h"
#include "maat_fqdn_plugin.h"
#include "maat_bool_plugin.h"
#include "maat_virtual.h"
#define MODULE_MAAT_API module_name_str("maat.api")
@@ -400,36 +402,14 @@ static inline void maat_runtime_ref_dec(struct maat_runtime *maat_rt, int thread
alignment_int64_array_add(maat_rt->ref_cnt, thread_id, -1);
}
void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head,
const char *srv_def, int srv_def_len)
{
memcpy(rule, rule_head, sizeof(struct maat_rule_head));
memcpy(rule->service_defined, srv_def, MIN(srv_def_len, MAX_SERVICE_DEFINE_LEN));
}
size_t generic_plugin_runtime_cached_row_count(void *custom_rt, enum table_type table_type)
{
return 0;
}
const char *generic_plugin_runtime_get_cached_row(void *custom_rt, enum table_type table_type,
size_t row_id)
{
return NULL;
}
/* must be plugin table */
int maat_table_callback_register(struct maat *maat_instance, const char *table_name,
int maat_table_callback_register(struct maat *maat_instance, int table_id,
maat_start_callback_t *start,
maat_update_callback_t *update,
maat_finish_callback_t *finish,
void *u_para)
{
int ret = -1;
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
return -1;
}
pthread_mutex_lock(&(maat_instance->background_update_mutex));
void *schema = table_manager_get_schema(maat_instance->tbl_mgr, table_id);
@@ -447,7 +427,8 @@ int maat_table_callback_register(struct maat *maat_instance, const char *table_n
void *runtime = table_manager_get_runtime(maat_instance->tbl_mgr, table_id);
enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
size_t row_cnt = generic_plugin_runtime_cached_row_count(runtime, table_type);
assert(table_type == TABLE_TYPE_PLUGIN);
size_t row_cnt = plugin_runtime_cached_row_count(runtime);
if (row_cnt > 0) {
if (start != NULL) {
@@ -455,7 +436,7 @@ int maat_table_callback_register(struct maat *maat_instance, const char *table_n
}
for (size_t i = 0; i < row_cnt; i++) {
const char *line = generic_plugin_runtime_get_cached_row(runtime, table_type, i);
const char *line = plugin_runtime_cached_row_get(runtime, i);
if (NULL == line) {
break;
}
@@ -473,59 +454,60 @@ int maat_table_callback_register(struct maat *maat_instance, const char *table_n
return 0;
}
int maat_compile_table_ex_schema_register(struct maat *maat_instance, const char *table_name,
int maat_compile_table_ex_schema_register(struct maat *maat_instance, int table_id,
maat_rule_ex_new_func_t *new_func,
maat_rule_ex_free_func_t *free_func,
maat_rule_ex_dup_func_t *dup_func,
long argl, void *argp)
{
if (NULL == maat_instance || NULL == table_name) {
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM) {
return -1;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"table:%s is not registered yet", table_name);
return -1;
}
enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_COMPILE) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"table:%s is not compile table", table_name);
"table(tabld_id:%d) is not compile table", table_id);
return -1;
}
void *compile_schema = table_manager_get_schema(maat_instance->tbl_mgr, table_id);
assert(compile_schema != NULL);
return compile_table_set_rule_ex_data_schema((struct compile_schema *)compile_schema, table_id,
new_func, free_func, dup_func,
argl, argp, maat_instance->logger);
pthread_mutex_lock(&(maat_instance->background_update_mutex));
int idx = compile_table_set_rule_ex_data_schema((struct compile_schema *)compile_schema, table_id,
new_func, free_func, dup_func,
argl, argp, maat_instance->logger);
if (idx < 0) {
pthread_mutex_unlock(&(maat_instance->background_update_mutex));
return -1;
}
if (maat_instance->maat_rt != NULL) {
compile_table_rule_ex_data_iterate((struct compile_schema *)compile_schema, idx);
}
pthread_mutex_unlock(&(maat_instance->background_update_mutex));
return idx;
}
void *maat_compile_table_get_ex_data(struct maat *maat_instance, const char *table_name, int compile_id, size_t idx)
void *maat_compile_table_get_ex_data(struct maat *maat_instance, int compile_table_id,
int compile_id, size_t idx)
{
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
return NULL;
}
struct compile_schema *schema = (struct compile_schema *)table_manager_get_schema(maat_instance->tbl_mgr,
table_id);
compile_table_id);
enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, compile_table_id);
assert(table_type == TABLE_TYPE_COMPILE);
return compile_table_get_rule_ex_data(schema, compile_id, idx);
}
int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, const char *table_name,
int table_id,
int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, int table_id,
maat_plugin_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func,
long argl, void *argp, struct log_handle *logger)
{
if (NULL == tbl_mgr || NULL == table_name || NULL == new_func ||
NULL == free_func || NULL == dup_func) {
if (NULL == tbl_mgr || NULL == new_func || NULL == free_func || NULL == dup_func) {
assert(0);
log_error(logger, MODULE_MAAT_API,
"table(table_id:%d) %s failed: invalid parameter", __FUNCTION__);
@@ -535,8 +517,8 @@ int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, const
void *schema = table_manager_get_schema(tbl_mgr, table_id);
if (NULL == schema) {
log_error(logger, MODULE_MAAT_API,
"Error: %s, table:%s is not registered, can't register ex schema",
__FUNCTION__, table_name);
"Error: %s, table(table_id:%d) is not registered, can't register ex schema",
__FUNCTION__, table_id);
return -1;
}
@@ -547,8 +529,8 @@ int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, const
ex_schema = plugin_table_get_ex_data_schema(schema);
if (ex_schema != NULL) {
log_error(logger, MODULE_MAAT_API,
"Error: %s, EX data schema already registed for plugin table:%s",
__FUNCTION__, table_name);
"Error: %s, EX data schema already registed for plugin table(table_id:%d)",
__FUNCTION__, table_id);
return -1;
}
plugin_table_set_ex_data_schema(schema, new_func, free_func,
@@ -558,13 +540,35 @@ int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, const
ex_schema = ip_plugin_table_get_ex_data_schema(schema);
if (ex_schema != NULL) {
log_error(logger, MODULE_MAAT_API,
"Error: %s, EX data schema already registed for ip_plugin table:%s",
__FUNCTION__, table_name);
"Error: %s, EX data schema already registed for ip_plugin table(table_id:%d)",
__FUNCTION__, table_id);
return -1;
}
ip_plugin_table_set_ex_data_schema(schema, new_func, free_func,
dup_func, argl, argp, logger);
break;
case TABLE_TYPE_FQDN_PLUGIN:
ex_schema = fqdn_plugin_table_get_ex_data_schema(schema);
if (ex_schema != NULL) {
log_error(logger, MODULE_MAAT_API,
"Error: %s, EX data schema already registed for fqdn_plugin table(table_id:%d)",
__FUNCTION__, table_id);
return -1;
}
fqdn_plugin_table_set_ex_data_schema(schema, new_func, free_func,
dup_func, argl, argp, logger);
break;
case TABLE_TYPE_BOOL_PLUGIN:
ex_schema = bool_plugin_table_get_ex_data_schema(schema);
if (ex_schema != NULL) {
log_error(logger, MODULE_MAAT_API,
"Error: %s, EX data schema already registed for bool_plugin table(table_id:%d)",
__FUNCTION__, table_id);
return -1;
}
bool_plugin_table_set_ex_data_schema(schema, new_func, free_func,
dup_func, argl, argp, logger);
break;
default:
break;
}
@@ -572,9 +576,8 @@ int generic_plugin_table_ex_schema_register(struct table_manager *tbl_mgr, const
return 0;
}
void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const char *table_name,
int table_id, enum table_type table_type,
int valid_column)
void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, int table_id,
enum table_type table_type, int valid_column)
{
struct ex_data_schema *ex_data_schema = NULL;
struct ex_data_runtime *ex_data_rt = NULL;
@@ -588,6 +591,14 @@ void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const
ex_data_schema = ip_plugin_table_get_ex_data_schema(schema);
ex_data_rt = ip_plugin_runtime_get_ex_data_rt(runtime);
break;
case TABLE_TYPE_FQDN_PLUGIN:
ex_data_schema = fqdn_plugin_table_get_ex_data_schema(schema);
ex_data_rt = fqdn_plugin_runtime_get_ex_data_rt(runtime);
break;
case TABLE_TYPE_BOOL_PLUGIN:
ex_data_schema = bool_plugin_table_get_ex_data_schema(schema);
ex_data_rt = bool_plugin_runtime_get_ex_data_rt(runtime);
break;
default:
break;
}
@@ -608,6 +619,12 @@ void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const
case TABLE_TYPE_IP_PLUGIN:
ip_plugin_runtime_update(runtime, schema, row, valid_column);
break;
case TABLE_TYPE_FQDN_PLUGIN:
fqdn_plugin_runtime_update(runtime, schema, row, valid_column);
break;
case TABLE_TYPE_BOOL_PLUGIN:
bool_plugin_runtime_update(runtime, schema, row, valid_column);
break;
default:
break;
}
@@ -616,36 +633,34 @@ void generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const
switch (table_type) {
case TABLE_TYPE_PLUGIN:
plugin_runtime_commit(runtime, table_name);
plugin_runtime_commit(runtime, "unknown");
break;
case TABLE_TYPE_IP_PLUGIN:
ip_plugin_runtime_commit(runtime, table_name);
ip_plugin_runtime_commit(runtime, "unknown");
break;
case TABLE_TYPE_FQDN_PLUGIN:
fqdn_plugin_runtime_commit(runtime, "unknown");
break;
case TABLE_TYPE_BOOL_PLUGIN:
bool_plugin_runtime_commit(runtime, "unknown");
break;
default:
break;
}
}
int maat_plugin_table_ex_schema_register(struct maat *maat_instance, const char *table_name,
int maat_plugin_table_ex_schema_register(struct maat *maat_instance, int table_id,
maat_plugin_ex_new_func_t *new_func,
maat_plugin_ex_free_func_t *free_func,
maat_plugin_ex_dup_func_t *dup_func,
long argl, void *argp)
{
if (NULL == maat_instance || NULL == table_name) {
return -1;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"table_name:%s not registered yet, can't register ex_schema.", table_name);
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM) {
return -1;
}
pthread_mutex_lock(&(maat_instance->background_update_mutex));
int ret = generic_plugin_table_ex_schema_register(maat_instance->tbl_mgr, table_name,
table_id,
int ret = generic_plugin_table_ex_schema_register(maat_instance->tbl_mgr, table_id,
new_func, free_func, dup_func,
argl, argp, maat_instance->logger);
if (ret < 0) {
@@ -662,30 +677,22 @@ int maat_plugin_table_ex_schema_register(struct maat *maat_instance, const char
table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
valid_column = table_manager_get_valid_column(maat_instance->tbl_mgr, table_id);
generic_plugin_runtime_commit_ex_schema(runtime, schema, table_name, table_id, table_type,
valid_column);
generic_plugin_runtime_commit_ex_schema(runtime, schema, table_id, table_type, valid_column);
}
pthread_mutex_unlock(&(maat_instance->background_update_mutex));
return 0;
}
int maat_ip_plugin_table_get_ex_data(struct maat *maat_instance, const char *table_name,
int maat_ip_plugin_table_get_ex_data(struct maat *maat_instance, int table_id,
const struct ip_addr *ip_addr, void **ex_data_array,
size_t n_ex_data)
{
if (NULL == maat_instance || NULL == table_name || NULL == ip_addr ||
NULL == ex_data_array || 0 == n_ex_data) {
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == ip_addr || NULL == ex_data_array || 0 == n_ex_data) {
return -1;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"table_name:%s not registered yet, can't register ex_schema.", table_name);
return -1;
}
struct maat_runtime *maat_rt = maat_instance->maat_rt;
if (NULL == maat_rt) {
return -1;
@@ -701,18 +708,12 @@ int maat_ip_plugin_table_get_ex_data(struct maat *maat_instance, const char *tab
return n_hit_ex_data;
}
int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_instance, const char *table_name,
const char *fqdn, void **ex_data_array, size_t n_ex_data)
int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_instance, int table_id,
const char *fqdn, void **ex_data_array,
size_t n_ex_data)
{
if (NULL == maat_instance || NULL == table_name || NULL == fqdn ||
NULL == ex_data_array || 0 == n_ex_data) {
return -1;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"table_name:%s not registered yet, can't register ex_schema.", table_name);
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == fqdn || NULL == ex_data_array || 0 == n_ex_data) {
return -1;
}
@@ -731,22 +732,15 @@ int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_instance, const char *t
return n_hit_ex_data;
}
int maat_bool_plugin_table_get_ex_data(struct maat *maat_instance, const char *table_name,
int maat_bool_plugin_table_get_ex_data(struct maat *maat_instance, int table_id,
unsigned long long *item_ids, size_t n_item,
void **ex_data_array, size_t n_ex_data)
{
if (NULL == maat_instance || NULL == table_name || NULL == item_ids ||
NULL == ex_data_array || 0 == n_ex_data) {
if (NULL == maat_instance || table_id < 0 || table_id >= MAX_TABLE_NUM
|| NULL == item_ids || NULL == ex_data_array || 0 == n_ex_data) {
return -1;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"table_name:%s not registered yet, can't register ex_schema.", table_name);
return -1;
}
struct maat_runtime *maat_rt = maat_instance->maat_rt;
if (NULL == maat_rt) {
return -1;
@@ -820,17 +814,13 @@ size_t hit_group_to_compile(void *compile_runtime, int *compile_ids, size_t comp
return n_hit_compile;
}
int maat_scan_flag(struct maat *maat_instance, const char *table_name, int thread_id,
int maat_scan_flag(struct maat *maat_instance, int table_id, int thread_id,
uint64_t flag, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state)
{
if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) ||
(NULL == results) || (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == results) || (0 == n_result)
|| (NULL == state)) {
return MAAT_SCAN_ERR;
}
@@ -950,20 +940,16 @@ int maat_scan_flag(struct maat *maat_instance, const char *table_name, int threa
return MAAT_SCAN_OK;
}
int maat_scan_integer(struct maat *maat_instance, const char *table_name, int thread_id,
int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id,
unsigned int intval, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state)
{
if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) ||
(NULL == results) || (0 == n_result) || (NULL == state)) {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == results) || (0 == n_result) ||
(NULL == state)) {
return MAAT_SCAN_ERR;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
return MAAT_SCAN_ERR;
}
struct maat_state *mid = NULL;
mid = grab_state(state, maat_instance, thread_id);
mid->scan_cnt++;
@@ -1086,17 +1072,13 @@ int maat_scan_integer(struct maat *maat_instance, const char *table_name, int th
return MAAT_SCAN_OK;
}
int maat_scan_ipv4(struct maat *maat_instance, const char *table_name, int thread_id,
int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id,
uint32_t ip_addr, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state)
{
if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) ||
(NULL == results) || (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == results) || (0 == n_result)
|| (NULL == state)) {
return MAAT_SCAN_ERR;
}
@@ -1218,18 +1200,13 @@ int maat_scan_ipv4(struct maat *maat_instance, const char *table_name, int threa
}
int maat_scan_ipv6(struct maat *maat_instance, const char *table_name, int thread_id,
int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id,
uint8_t *ip_addr, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state)
{
if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) ||
(NULL == ip_addr) || (NULL == results) || (0 == n_result) ||
(NULL == state)) {
return MAAT_SCAN_ERR;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == ip_addr) || (NULL == results)
|| (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR;
}
@@ -1348,21 +1325,16 @@ int maat_scan_ipv6(struct maat *maat_instance, const char *table_name, int threa
return MAAT_SCAN_OK;
}
int maat_scan_string(struct maat *maat_instance, const char *table_name, int thread_id,
int maat_scan_string(struct maat *maat_instance, int table_id, int thread_id,
const char *data, size_t data_len, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state)
{
if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) ||
(NULL == data) || (0 == data_len) || (NULL == results) ||
(0 == n_result) || (NULL == state)) {
if ((NULL == maat_instance) || table_id < 0 || table_id >= MAX_TABLE_NUM
|| (thread_id < 0) || (NULL == data) || (0 == data_len)
|| (NULL == results) || (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR;
}
int table_id = maat_table_get_id(maat_instance, table_name);
if (table_id < 0) {
return MAAT_SCAN_ERR;
}
struct maat_state *mid = NULL;
mid = grab_state(state, maat_instance, thread_id);
mid->scan_cnt++;
@@ -1483,13 +1455,13 @@ int maat_scan_string(struct maat *maat_instance, const char *table_name, int thr
return MAAT_SCAN_OK;
}
struct maat_stream *maat_scan_stream_open(struct maat *instance, const char *table_name, int thread_id)
struct maat_stream *maat_scan_stream_open(struct maat *instance, int table_id, int thread_id)
{
return NULL;
}
int maat_scan_stream(struct maat_stream **stream, int thread_id,
const char *data, int data_len, int results[],
const char *data, int data_len, int *results,
size_t *n_result, struct maat_state **state)
{
return 0;

137
src/maat_compile.c
View File

@@ -10,7 +10,7 @@
#include <assert.h>
#include <pthread.h>
#include <limits.h>
#include <linux/limits.h>
#include "maat_utils.h"
#include "log/log.h"
@@ -38,7 +38,7 @@ struct compile_schema {
int compile_id_column;
int tags_column;
int user_region_column;
int clause_num_column;
int declared_clause_num_column;
int evaluation_order_column;
enum user_region_encode user_region_encoding;
size_t n_ex_schema;
@@ -62,7 +62,7 @@ struct group2compile_schema {
struct compile_item {
int compile_id;
char user_region[MAX_TABLE_LINE_SIZE];
int clause_num;
int declared_clause_num;
int evaluation_order;
};
@@ -202,6 +202,82 @@ void *compile_runtime_get_user_data(struct compile_runtime *compile_rt, int comp
return ret;
}
void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head,
const char *srv_def, int srv_def_len)
{
memcpy(rule, rule_head, sizeof(struct maat_rule_head));
memcpy(rule->service_defined, srv_def, MIN(srv_def_len, MAX_SERVICE_DEFINE_LEN));
}
void *rule_ex_data_new(const struct maat_rule_head *rule_head, const char *srv_def,
const struct compile_ex_data_schema *ex_schema)
{
void *ex_data = NULL;
struct maat_rule rule;
fill_maat_rule(&rule, rule_head, srv_def, strlen(srv_def)+1);
ex_schema->new_func(ex_schema->idx, &rule, srv_def, &ex_data, ex_schema->argl, ex_schema->argp);
return ex_data;
}
void rule_ex_data_free(const struct maat_rule_head *rule_head, const char *srv_def,
void *ex_data, const struct compile_ex_data_schema *ex_schema)
{
struct maat_rule rule;
memset(&rule, 0, sizeof(rule));
fill_maat_rule(&rule, rule_head, srv_def, strlen(srv_def)+1);
ex_schema->free_func(ex_schema->idx, &rule, srv_def, ex_data,
ex_schema->argl, ex_schema->argp);
}
void rule_ex_data_new_cb(void *user_data, void *param)
{
struct compile_ex_data_schema *ex_schema = (struct compile_ex_data_schema *)param;
struct compile_rule *compile = (struct compile_rule *)user_data;
// if(compile->ref_table->table_id!=ex_desc->table_id)
// {
// return;
// }
void *ad = rule_ex_data_new(&(compile->head), compile->service_defined, ex_schema);
compile->ex_data[ex_schema->idx] = ad;
}
void compile_runtime_user_data_iterate(struct compile_runtime *compile_rt,
void (*callback)(void *user_data, void *param),
void *param)
{
struct maat_compile *compile = NULL, *tmp_compile = NULL;
pthread_rwlock_rdlock(&compile_rt->rwlock);
HASH_ITER(hh, compile_rt->compile_hash, compile, tmp_compile) {
if (compile->user_data) {
callback(compile->user_data, param);
}
}
pthread_rwlock_unlock(&compile_rt->rwlock);
}
void compile_table_rule_ex_data_iterate(struct compile_schema *compile_schema, int idx)
{
if (NULL == compile_schema) {
return;
}
if (idx >= compile_schema->n_ex_schema) {
return;
}
struct compile_ex_data_schema *ex_schema = (compile_schema->ex_schema + idx);
struct compile_runtime *compile_rt = NULL;
compile_rt = (struct compile_runtime *)table_manager_get_runtime(compile_schema->ref_tbl_mgr,
compile_schema->table_id);
compile_runtime_user_data_iterate(compile_rt, rule_ex_data_new_cb, ex_schema);
}
void *compile_table_get_rule_ex_data(struct compile_schema *compile_schema, int compile_id, size_t idx)
{
if (NULL == compile_schema) {
@@ -254,6 +330,20 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
read_cnt++;
}
item = cJSON_GetObjectItem(json, "user_region_encoded");
if (item != NULL && item->type == cJSON_String) {
if (strcmp(item->valuestring, "escape") == 0) {
compile_schema->user_region_encoding = USER_REGION_ENCODE_ESCAPE;
} else if (strcmp(item->valuestring, "none") == 0) {
compile_schema->user_region_encoding = USER_REGION_ENCODE_NONE;
} else {
log_error(logger, MODULE_COMPILE,
"table %s has no user_region_encoded column", table_name);
goto error;
}
read_cnt++;
}
item = cJSON_GetObjectItem(json, "custom");
if (item == NULL || item->type != cJSON_Object) {
log_error(logger, MODULE_COMPILE,
@@ -281,7 +371,7 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "clause_num");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
compile_schema->clause_num_column = custom_item->valueint;
compile_schema->declared_clause_num_column = custom_item->valueint;
read_cnt++;
}
@@ -293,7 +383,7 @@ void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
compile_schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 6) {
if (read_cnt < 7) {
goto error;
}
@@ -461,7 +551,7 @@ compile_item_new(const char *line, struct compile_schema *compile_schema,
break;
}
ret = get_column_pos(line, compile_schema->clause_num_column,
ret = get_column_pos(line, compile_schema->declared_clause_num_column,
&column_offset, &column_len);
if (ret < 0) {
log_error(logger, MODULE_COMPILE,
@@ -469,7 +559,7 @@ compile_item_new(const char *line, struct compile_schema *compile_schema,
compile_schema->table_id, line);
goto error;
}
compile_item->clause_num = atoi(line + column_offset);
compile_item->declared_clause_num = atoi(line + column_offset);
ret = get_column_pos(line, compile_schema->evaluation_order_column,
&column_offset, &column_len);
@@ -1402,29 +1492,6 @@ int maat_compile_state_has_NOT_clause(struct maat_compile_state *compile_state)
return compile_state->not_clause_hitted_flag;
}
void *rule_ex_data_new(const struct maat_rule_head *rule_head, const char *srv_def,
const struct compile_ex_data_schema *ex_schema)
{
void *ex_data = NULL;
struct maat_rule rule;
fill_maat_rule(&rule, rule_head, srv_def, strlen(srv_def)+1);
ex_schema->new_func(ex_schema->idx, &rule, srv_def, &ex_data, ex_schema->argl, ex_schema->argp);
return ex_data;
}
void rule_ex_data_free(const struct maat_rule_head *rule_head, const char *srv_def,
void *ex_data, const struct compile_ex_data_schema *ex_schema)
{
struct maat_rule rule;
memset(&rule, 0, sizeof(rule));
fill_maat_rule(&rule, rule_head, srv_def, strlen(srv_def)+1);
ex_schema->free_func(ex_schema->idx, &rule, srv_def, ex_data,
ex_schema->argl, ex_schema->argp);
}
void compile_item_to_compile_rule(struct compile_item *compile_item,
struct compile_schema *compile_schema,
struct compile_rule *compile_rule)
@@ -1434,7 +1501,7 @@ void compile_item_to_compile_rule(struct compile_item *compile_item,
compile_rule->magic_num = COMPILE_RULE_MAGIC;
compile_rule->head = rule_head;
compile_rule->declared_clause_num = compile_item->clause_num;
compile_rule->declared_clause_num = compile_item->declared_clause_num;
compile_rule->ex_data = ALLOC(void *, MAX_COMPILE_EX_DATA_NUM);
compile_rule->ref_table = compile_schema;
@@ -1534,17 +1601,19 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema,
schema->table_id, compile_item->compile_id);
return -1;
}
maat_compile_set(compile, compile_rule->declared_clause_num, compile_rule,
(void (*)(void *))destroy_compile_rule);
struct maat_compile *tmp_compile = maat_compile_hash_find(&(compile_rt->compile_hash), compile_id);
if (tmp_compile != NULL) {
maat_compile_hash_set(&(compile_rt->compile_hash), compile_id, compile);
} else {
maat_compile_hash_add(&(compile_rt->compile_hash), compile_id, compile);
}
if (compile->compile_id == 141) {
printf("compile->declared_clause_num:%d\n", compile->declared_clause_num);
}
pthread_rwlock_unlock(&compile_rt->rwlock);
}

7
src/maat_config_monitor.c
View File

@@ -11,7 +11,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include <linux/limits.h>
#include <sys/stat.h>
#include <dirent.h>
#include <unistd.h>
@@ -23,7 +23,6 @@
#define MODULE_CONFIG_MONITOR module_name_str("maat.config_monitor")
#define CM_MAX_TABLE_NUM 256
#define MAX_CONFIG_LINE (1024 * 16)
struct cm_table_info_t
@@ -319,7 +318,7 @@ void config_monitor_traverse(long long current_version, const char *idx_dir,
long long new_version = 0;
char **idx_path_array = NULL;
size_t idx_path_num = 0;
struct cm_table_info_t table_array[CM_MAX_TABLE_NUM];
struct cm_table_info_t table_array[MAX_TABLE_NUM];
memset(table_array, 0, sizeof(table_array));
@@ -327,7 +326,7 @@ void config_monitor_traverse(long long current_version, const char *idx_dir,
if (update_type != MAAT_UPDATE_TYPE_NONE) {
for (i = 0; i < idx_path_num; i++) {
log_info(logger, MODULE_CONFIG_MONITOR, "load %s", idx_path_array[i]);
int table_num = cm_read_cfg_index_file(idx_path_array[i], table_array, CM_MAX_TABLE_NUM);
int table_num = cm_read_cfg_index_file(idx_path_array[i], table_array, MAX_TABLE_NUM);
if (table_num < 0) {
log_error(logger, MODULE_CONFIG_MONITOR, "load %s failed, abandon update", idx_path_array[i]);
break;

38
src/maat_ip_plugin.c
View File

@@ -320,32 +320,27 @@ void ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema,
schema->ex_schema = ex_data_schema_new(new_func, free_func, dup_func, argl, argp);
}
int ip_plugin_runtime_update_row(struct ip_plugin_runtime *rt, struct ip_plugin_schema *schema,
int ip_plugin_runtime_update_row(struct ip_plugin_runtime *ip_plugin_rt,
const char *row, char *key, size_t key_len,
struct ip_plugin_item *ip_plugin_item, int is_valid)
{
int ret = -1;
struct ex_data_runtime *ex_data_rt = rt->ex_data_rt;
struct ex_data_schema *ex_schema = schema->ex_schema;
struct ex_data_runtime *ex_data_rt = ip_plugin_rt->ex_data_rt;
if (ex_schema != NULL) {
if (0 == is_valid) {
//delete
ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len);
if (ret < 0) {
return -1;
}
} else {
//add
void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len);
struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)ip_plugin_item);
ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container);
if (ret < 0) {
return -1;
}
if (0 == is_valid) {
// delete
ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len);
if (ret < 0) {
return -1;
}
} else {
ex_data_runtime_cache_row_put(ex_data_rt, row);
// add
void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len);
struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)ip_plugin_item);
ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container);
if (ret < 0) {
return -1;
}
}
return 0;
@@ -435,8 +430,8 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema,
}
char *key = (char *)&item_id;
int ret = ip_plugin_runtime_update_row(ip_plugin_rt, schema, line, key,
sizeof(int), ip_plugin_item, is_valid);
int ret = ip_plugin_runtime_update_row(ip_plugin_rt, line, key, sizeof(int),
ip_plugin_item, is_valid);
if (ret < 0) {
if (ip_plugin_item != NULL) {
FREE(ip_plugin_item);
@@ -479,6 +474,7 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name)
for (size_t i = 0; i < rule_cnt; i++) {
struct ip_plugin_item *item = (struct ip_plugin_item *)ex_container[i]->custom_data;
assert(item != NULL);
ip_plugin_item_to_ip_rule(item, &rules[i]);
rules[i].user_tag = ex_container[i];
}

28
src/maat_plugin.c
View File

@@ -394,4 +394,32 @@ struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime)
struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime;
return plugin_rt->ex_data_rt;
}
size_t plugin_runtime_cached_row_count(void *plugin_runtime)
{
if (NULL == plugin_runtime) {
return 0;
}
struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime;
if (NULL == plugin_rt->ex_data_rt) {
return 0;
}
return ex_data_runtime_cached_row_count(plugin_rt->ex_data_rt);
}
const char *plugin_runtime_cached_row_get(void *plugin_runtime, size_t index)
{
if (NULL == plugin_runtime) {
return NULL;
}
struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime;
if (NULL == plugin_rt->ex_data_rt) {
return NULL;
}
return ex_data_runtime_cached_row_get(plugin_rt->ex_data_rt, index);
}

2
src/maat_rule.c
View File

@@ -11,7 +11,7 @@
#include <unistd.h>
#include <stdio.h>
#include <pthread.h>
#include <limits.h>
#include <linux/limits.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>

2
src/maat_table.c
View File

@@ -8,7 +8,7 @@
***********************************************************************************************
*/
#include <limits.h>
#include <linux/limits.h>
#include <assert.h>
#include "log/log.h"