gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rollback to v4.0.31

Browse Source
This commit is contained in:
liuwentan
2023-08-09 19:22:09 +08:00
parent d29eef0423
commit fb0cb5405d
40 changed files with 1907 additions and 5448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
src/maat_api.c
View File

@@ -51,7 +51,7 @@ enum district_flag {
struct maat_stream {
struct maat *ref_maat_inst;
struct expr_matcher_stream *handle; //each physical table open one stream
struct adapter_hs_stream *handle; //each physical table open one stream
long long last_full_version;
long long expr_rt_version;
struct log_handle *logger;
@@ -70,7 +70,6 @@ struct maat_options* maat_options_new(void)
options->rule_update_checking_interval_ms = 1 * 1000;
options->gc_timeout_ms = 10 * 1000;
options->input_mode = DATA_SOURCE_NONE;
options->expr_engine = MAAT_EXPR_ENGINE_HS;
options->log_level = 0;
return options;
@@ -255,19 +254,6 @@ int maat_options_set_stat_file(struct maat_options *opts, const char *stat_filen
return 0;
}
int maat_options_set_expr_engine(struct maat_options *opts,
enum maat_expr_engine expr_engine)
{
if (NULL == opts ||
(expr_engine != MAAT_EXPR_ENGINE_HS && expr_engine != MAAT_EXPR_ENGINE_RS)) {
return -1;
}
opts->expr_engine = expr_engine;
return 0;
}
int maat_options_set_logger(struct maat_options *opts, const char *log_path,
enum log_level level)
{
@@ -371,8 +357,7 @@ struct maat *maat_new(struct maat_options *opts, const char *table_info_path)
pthread_mutex_init(&(maat_inst->background_update_mutex), NULL);
maat_inst->tbl_mgr = table_manager_create(table_info_path, maat_inst->opts.accept_tags,
maat_inst->opts.expr_engine, maat_inst->garbage_bin,
maat_inst->logger);
maat_inst->garbage_bin, maat_inst->logger);
if (NULL == maat_inst->tbl_mgr) {
goto failed;
}
@@ -425,7 +410,12 @@ int maat_helper_verify_regex_expression(const char *regex_expr)
return 0;
}
return expr_matcher_verify_regex_expression(regex_expr, NULL);
int ret = adapter_hs_verify_regex_expression(regex_expr, NULL);
if (ret < 0) {
return 0;
} else {
return 1;
}
}
int maat_get_table_id(struct maat *maat_inst, const char *table_name)
@@ -522,6 +512,32 @@ int maat_table_callback_register(struct maat *maat_inst, int table_id,
return 0;
}
static int compile_table_ex_schema_register(struct maat *maat_inst, int table_id,
maat_ex_new_func_t *new_func,
maat_ex_free_func_t *free_func,
maat_ex_dup_func_t *dup_func,
long argl, void *argp)
{
void *schema = table_manager_get_schema(maat_inst->tbl_mgr, table_id);
assert(schema != NULL);
int ret = compile_table_set_ex_data_schema((struct compile_schema *)schema, table_id,
new_func, free_func, dup_func,
argl, argp);
if (ret < 0) {
return -1;
}
if (maat_inst->maat_rt != NULL) {
void *runtime = table_manager_get_runtime(maat_inst->tbl_mgr, table_id);
assert(runtime != NULL);
compile_runtime_ex_data_iterate((struct compile_runtime *)runtime,
(struct compile_schema *)schema);
}
return 0;
}
static int generic_plugin_table_set_ex_schema(struct table_manager *tbl_mgr, int table_id,
maat_ex_new_func_t *new_func,
maat_ex_free_func_t *free_func,
@@ -755,14 +771,16 @@ int maat_plugin_table_ex_schema_register(struct maat *maat_inst,
int ret = -1;
enum table_type table_type = table_manager_get_table_type(maat_inst->tbl_mgr,
table_id);
if (table_type == TABLE_TYPE_PLUGIN || table_type == TABLE_TYPE_IP_PLUGIN ||
table_type == TABLE_TYPE_BOOL_PLUGIN || table_type == TABLE_TYPE_FQDN_PLUGIN ) {
if (TABLE_TYPE_COMPILE == table_type) {
ret = compile_table_ex_schema_register(maat_inst, table_id, new_func,
free_func, dup_func, argl, argp);
} else {
ret = generic_plugin_table_ex_schema_register(maat_inst, table_name,
table_id, new_func, free_func,
dup_func, argl, argp);
}
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
return ret;
}
@@ -793,7 +811,9 @@ void *maat_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
void *ret = NULL;
enum table_type table_type = table_manager_get_table_type(maat_inst->tbl_mgr,
table_id);
if (TABLE_TYPE_PLUGIN == table_type) {
if (TABLE_TYPE_COMPILE == table_type) {
ret = compile_runtime_get_ex_data(runtime, schema, *(long long *)key);
} else if (TABLE_TYPE_PLUGIN == table_type) {
ret = plugin_runtime_get_ex_data(runtime, schema, key, key_len);
}
@@ -1148,7 +1168,9 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1156,8 +1178,6 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1237,7 +1257,9 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1245,8 +1267,6 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1326,7 +1346,9 @@ int maat_scan_ipv4(struct maat *maat_inst, int table_id, uint32_t ip_addr,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr,
port, protocol, phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1334,8 +1356,6 @@ int maat_scan_ipv4(struct maat *maat_inst, int table_id, uint32_t ip_addr,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1416,7 +1436,9 @@ int maat_scan_ipv6(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr,
port, protocol, phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1424,8 +1446,6 @@ int maat_scan_ipv6(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1505,7 +1525,9 @@ int maat_scan_string(struct maat *maat_inst, int table_id, const char *data,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
data_len, phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1513,8 +1535,6 @@ int maat_scan_string(struct maat *maat_inst, int table_id, const char *data,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1589,8 +1609,8 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int table_id,
stream->expr_rt_version = expr_runtime_get_version(expr_rt);
maat_runtime_ref_inc(maat_inst->maat_rt, state->thread_id);
struct expr_matcher_stream *handle = expr_runtime_stream_open((struct expr_runtime *)expr_rt,
state->thread_id);
struct adapter_hs_stream *handle = expr_runtime_stream_open((struct expr_runtime *)expr_rt,
state->thread_id);
if (NULL == handle) {
goto error;
}
@@ -1869,22 +1889,6 @@ int maat_state_set_scan_compile_table(struct maat_state *state, int compile_tabl
return 0;
}
int maat_state_get_compile_table_ids(struct maat_state *state, long long *compile_ids,
size_t n_compile_ids, int *compile_table_ids)
{
if (NULL == state || NULL == compile_ids || 0 == n_compile_ids ||
NULL == compile_table_ids) {
return -1;
}
for (size_t i = 0; i < n_compile_ids; i++) {
compile_table_ids[i] = maat_compile_state_get_compile_table_id(state->compile_state,
compile_ids[i]);
}
return n_compile_ids;
}
int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *paths,
size_t n_path)
{
@@ -1956,4 +1960,4 @@ int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type
int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group)
{
return 0;
}
}