diff --git a/include/maat.h b/include/maat.h index 145c396..6141791 100644 --- a/include/maat.h +++ b/include/maat.h @@ -77,6 +77,11 @@ struct ip_addr { }; }; +enum maat_operation { + MAAT_OP_DEL = 0, + MAAT_OP_ADD +}; + enum log_level { LOG_LEVEL_TRACE, LOG_LEVEL_DEBUG, @@ -89,7 +94,7 @@ enum log_level { /* update_type: MAAT_UPDATE_TYPE_FULL or MAAT_UPDATE_TYPE_INC */ typedef void maat_start_callback_t(int update_type, void *u_param); -typedef void maat_update_callback_t(int table_id, const char *table_line, void *u_para); +typedef void maat_update_callback_t(int table_id, const char *table_line, enum maat_operation op, void *u_para); typedef void maat_finish_callback_t(void *u_para); @@ -135,9 +140,6 @@ int maat_options_set_logger(struct maat_options *opts, const char *log_path, int maat_options_set_log_file_max_size(struct maat_options *opts, size_t max_size_mb);//default is 500MB, 0 for unlimited -int maat_options_set_iris(struct maat_options *opts, const char *full_directory, - const char *increment_directory); - int maat_options_set_json_file(struct maat_options *opts, const char *json_filename); /** @@ -186,7 +188,7 @@ int maat_helper_verify_regex_expression(const char *expression); /* maat table API */ int maat_get_table_id(struct maat *instance, const char *table_name); -int maat_get_attribute_id(struct maat *instance, const char *attribute_name);//TODO: new API +int maat_get_attribute_id(struct maat *instance, const char *attribute_name); const char *maat_get_table_schema_tag(struct maat *instance, int table_id);//TODO: delete @@ -256,11 +258,11 @@ struct maat_state; * MAAT_SCAN_HALF_HIT * MAAT_SCAN_HIT */ -int maat_scan_flag(struct maat *instance, int table_id, long long flag, +int maat_scan_flag(struct maat *instance, int attribute_id, long long flag, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_integer(struct maat *instance, int table_id, long long integer, +int maat_scan_integer(struct maat *instance, int attribute_id, long long integer, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); @@ -268,37 +270,37 @@ int maat_scan_integer(struct maat *instance, int table_id, long long integer, * @param ip_addr: ipv4 address in network order * @param port: port in host order. If the port is not specified, use -1. Note that 0 is a valid port. */ -int maat_scan_ipv4_port(struct maat *instance, int table_id, uint32_t ip_addr, int port, +int maat_scan_ipv4_port(struct maat *instance, int attribute_id, uint32_t ip_addr, int port, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_ipv6_port(struct maat *instance, int table_id, uint8_t *ip_addr, int port, +int maat_scan_ipv6_port(struct maat *instance, int attribute_id, uint8_t *ip_addr, int port, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_ipv4(struct maat *instance, int table_id, uint32_t ip_addr, +int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_addr, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_ipv6(struct maat *instance, int table_id, uint8_t *ip_addr, +int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_addr, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_string(struct maat *instance, int table_id, +int maat_scan_string(struct maat *instance, int attribute_id, const char *data, size_t data_len, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_object(struct maat *instance, int table_id, +int maat_scan_object(struct maat *instance, int attribute_id, struct maat_hit_object *objects, size_t n_object, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_not_logic(struct maat *instance, int table_id, +int maat_scan_not_logic(struct maat *instance, int attribute_id, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); struct maat_stream; -struct maat_stream *maat_stream_new(struct maat *instance, int table_id, +struct maat_stream *maat_stream_new(struct maat *instance, int attribute_id, struct maat_state *state); int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len, @@ -314,7 +316,7 @@ void maat_state_reset(struct maat_state *state); void maat_state_free(struct maat_state *state); -int maat_state_set_scan_district(struct maat_state *state, int table_id, +int maat_state_set_scan_district(struct maat_state *state, int attribute_id, const char *district, size_t district_len); int maat_state_set_scan_rule_table(struct maat_state *state, int rule_table_id); diff --git a/include/maat_command.h b/include/maat_command.h index 98d4549..b1ee983 100644 --- a/include/maat_command.h +++ b/include/maat_command.h @@ -20,12 +20,6 @@ extern "C" #include "maat.h" -enum maat_operation { - MAAT_OP_DEL = 0, - MAAT_OP_ADD, - MAAT_OP_RENEW_TIMEOUT //Rule expire time is changed to now+cmd->expire_after -}; - struct maat_cmd_line { const char *table_name; const char *table_line; @@ -40,7 +34,7 @@ struct maat_cmd_line { * success: number of successfully updated rule. * failed: -1 */ -int maat_cmd_set_line(struct maat *maat_instance, const struct maat_cmd_line *line_rule); +int maat_cmd_set_line(struct maat *maat_instance, const struct maat_cmd_line *line_rule, enum maat_operation op); int maat_cmd_set_file(struct maat *maat_instance, const char *key, const char *value, size_t size, enum maat_operation op); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 7bed0f4..8c2f1a1 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -11,7 +11,7 @@ LINK_DIRECTORIES(/opt/MESA/lib /usr/lib64) add_definitions(-D_GNU_SOURCE) add_definitions(-fPIC) -set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c +set(MAAT_SRC alignment.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c maat_core.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c maat_rule.c maat_object.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_attribute.c maat_stat.c) diff --git a/src/inc_internal/json2iris.h b/src/inc_internal/json2iris.h deleted file mode 100644 index 3b78f86..0000000 --- a/src/inc_internal/json2iris.h +++ /dev/null @@ -1,31 +0,0 @@ -/* -********************************************************************************************** -* File: json2iris.h -* Description: rule for transform json2iris -* Authors: Zheng chao -* Date: 2022-10-31 -* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved. -*********************************************************************************************** -*/ - -#ifndef _JSON2IRIS_H_ -#define _JSON2IRIS_H_ - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include "hiredis/hiredis.h" -#include "log/log.h" - -int json2iris(const char *json_buff, const char *json_filename, - redisContext *redis_write_ctx, char *iris_dir_buf, - int buf_len, char *encrypt_key, char *encrypt_algo, - struct log_handle *logger); - -#ifdef __cplusplus -} -#endif - -#endif \ No newline at end of file diff --git a/src/inc_internal/maat_attribute.h b/src/inc_internal/maat_attribute.h index de1ac61..c437555 100644 --- a/src/inc_internal/maat_attribute.h +++ b/src/inc_internal/maat_attribute.h @@ -54,7 +54,6 @@ void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt, long long attribute_runtime_hit_item_num(void *attribute_runtime); -int attribute_get_physical_table_id(struct table_manager *tbl_mgr, int attribute_id); #ifdef __cplusplus } diff --git a/src/inc_internal/maat_bool_plugin.h b/src/inc_internal/maat_bool_plugin.h index 136c928..e1e2d53 100644 --- a/src/inc_internal/maat_bool_plugin.h +++ b/src/inc_internal/maat_bool_plugin.h @@ -43,7 +43,7 @@ void *bool_plugin_runtime_new(void *bool_plugin_schema, size_t max_thread_num, void bool_plugin_runtime_free(void *bool_plugin_runtime); int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_schema, - const char *table_name, const char *line, int valid_column); + const char *table_name, const char *line, enum maat_operation op); int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_config_monitor.h b/src/inc_internal/maat_config_monitor.h index 388b799..7ff3a97 100644 --- a/src/inc_internal/maat_config_monitor.h +++ b/src/inc_internal/maat_config_monitor.h @@ -18,15 +18,18 @@ extern "C" #include #include "log/log.h" +#include "maat.h" +#include "maat_utils.h" -void config_monitor_traverse(long long version, const char *idx_dir, +void config_monitor_traverse(long long version, const cJSON *json_root, void (*start_fn)(long long, int, void *), - int (*update_fn)(const char *, const char *, void *), + int (*update_fn)(const char *, const char *, void *, enum maat_operation), void (*finish_fn)(void *), void *u_param, const char *dec_key, struct log_handle *logger); -int load_maat_json_file(struct maat *maat_instance, const char *json_filename, - char *err_str, size_t err_str_sz); +int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, + cJSON *json_root, char *err_str, size_t err_str_sz); +void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff); #ifdef __cplusplus } diff --git a/src/inc_internal/maat_core.h b/src/inc_internal/maat_core.h index e080423..bb94829 100644 --- a/src/inc_internal/maat_core.h +++ b/src/inc_internal/maat_core.h @@ -36,6 +36,7 @@ extern "C" #include "hiredis/hiredis.h" #define MAX_TABLE_NUM 1024 +#define MAX_ATTRIBUTE_NUM 1024 #define DISTRICT_ANY -1 #define DISTRICT_UNKNOWN -2 @@ -81,7 +82,6 @@ struct rule_tag { enum data_source { DATA_SOURCE_NONE = 0, DATA_SOURCE_REDIS, - DATA_SOURCE_IRIS_FILE, DATA_SOURCE_JSON_FILE }; @@ -132,7 +132,6 @@ struct maat_options { enum maat_expr_engine expr_engine; enum data_source input_mode; union { - struct source_iris_ctx iris_ctx; struct source_json_ctx json_ctx; struct source_redis_ctx redis_ctx; }; diff --git a/src/inc_internal/maat_ex_data.h b/src/inc_internal/maat_ex_data.h index 3556601..6426a19 100644 --- a/src/inc_internal/maat_ex_data.h +++ b/src/inc_internal/maat_ex_data.h @@ -40,6 +40,11 @@ struct ex_container_schema { void (*custom_data_free)(void *); }; +struct ex_data_row { + char *row; + enum maat_operation op; +}; + struct ex_data_runtime; /* ex_data_runtime API */ @@ -51,9 +56,9 @@ void ex_data_runtime_free(struct ex_data_runtime *ex_data_rt); void ex_data_runtime_commit(struct ex_data_runtime *ex_data_rt); /* ex_data_runtime cache row API */ -void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const char *row); +void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const char *row, enum maat_operation op); -const char *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index); +const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index); size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt); diff --git a/src/inc_internal/maat_expr.h b/src/inc_internal/maat_expr.h index bdd3512..5133e42 100644 --- a/src/inc_internal/maat_expr.h +++ b/src/inc_internal/maat_expr.h @@ -33,7 +33,7 @@ void *expr_runtime_new(void *expr_schema, size_t max_thread_num, void expr_runtime_free(void *expr_runtime); int expr_runtime_update(void *expr_runtime, void *expr_schema, const char *table_name, - const char *line, int valid_column); + const char *line, enum maat_operation op); int expr_runtime_commit(void *expr_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_flag.h b/src/inc_internal/maat_flag.h index 63e5d56..d7f6940 100644 --- a/src/inc_internal/maat_flag.h +++ b/src/inc_internal/maat_flag.h @@ -35,7 +35,7 @@ void *flag_runtime_new(void *flag_schema, size_t max_thread_num, void flag_runtime_free(void *flag_runtime); int flag_runtime_update(void *flag_runtime, void *flag_schema, const char *table_name, - const char *line, int valid_column); + const char *line, enum maat_operation op); int flag_runtime_commit(void *flag_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_fqdn_plugin.h b/src/inc_internal/maat_fqdn_plugin.h index 71b7983..4be666f 100644 --- a/src/inc_internal/maat_fqdn_plugin.h +++ b/src/inc_internal/maat_fqdn_plugin.h @@ -45,7 +45,7 @@ void *fqdn_plugin_runtime_new(void *fqdn_plugin_schema, size_t max_thread_num, void fqdn_plugin_runtime_free(void *fqdn_plugin_runtime); int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, void *fqdn_plugin_schema, - const char *table_name, const char *line, int valid_column); + const char *table_name, const char *line, enum maat_operation op); int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_interval.h b/src/inc_internal/maat_interval.h index 86382c3..8467894 100644 --- a/src/inc_internal/maat_interval.h +++ b/src/inc_internal/maat_interval.h @@ -35,7 +35,7 @@ void interval_runtime_free(void *interval_runtime); int interval_runtime_update(void *interval_runtime, void *interval_schema, const char *table_name, const char *line, - int valid_column); + enum maat_operation op); int interval_runtime_commit(void *interval_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_ip.h b/src/inc_internal/maat_ip.h index 37e930c..5e8a95f 100644 --- a/src/inc_internal/maat_ip.h +++ b/src/inc_internal/maat_ip.h @@ -32,7 +32,7 @@ void *ip_runtime_new(void *ip_schema, size_t max_thread_num, void ip_runtime_free(void *ip_runtime); int ip_runtime_update(void *ip_runtime, void *ip_schema, const char *table_name, - const char *line, int valid_column); + const char *line, enum maat_operation op); int ip_runtime_commit(void *ip_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_ip_plugin.h b/src/inc_internal/maat_ip_plugin.h index c9e04ee..b958808 100644 --- a/src/inc_internal/maat_ip_plugin.h +++ b/src/inc_internal/maat_ip_plugin.h @@ -44,7 +44,7 @@ void *ip_plugin_runtime_new(void *ip_plugin_schema, size_t max_thread_num, void ip_plugin_runtime_free(void *ip_plugin_runtime); int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, - const char *table_name, const char *line, int valid_column); + const char *table_name, const char *line, enum maat_operation op); int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_ipport_plugin.h b/src/inc_internal/maat_ipport_plugin.h index 26f9940..14b72a3 100644 --- a/src/inc_internal/maat_ipport_plugin.h +++ b/src/inc_internal/maat_ipport_plugin.h @@ -45,7 +45,7 @@ void *ipport_plugin_runtime_new(void *ipport_plugin_schema, size_t max_thread_nu void ipport_plugin_runtime_free(void *ipport_plugin_runtime); int ipport_plugin_runtime_update(void *ipport_plugin_runtime, void *ipport_plugin_schema, - const char *table_name, const char *line, int valid_column); + const char *table_name, const char *line, enum maat_operation op); int ipport_plugin_runtime_commit(void *ipport_plugin_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_object.h b/src/inc_internal/maat_object.h index ffc9d19..5cdf824 100644 --- a/src/inc_internal/maat_object.h +++ b/src/inc_internal/maat_object.h @@ -37,7 +37,7 @@ void *object2object_runtime_new(void *g2g_schema, size_t max_thread_num, void object2object_runtime_free(void *g2g_runtime); int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, const char *table_name, - const char *line, int valid_column); + const char *line, enum maat_operation op); int object2object_runtime_commit(void *g2g_runtime, const char *table_name, long long maat_rt_version); diff --git a/src/inc_internal/maat_plugin.h b/src/inc_internal/maat_plugin.h index 388c423..951fed2 100644 --- a/src/inc_internal/maat_plugin.h +++ b/src/inc_internal/maat_plugin.h @@ -21,6 +21,7 @@ extern "C" #include "maat_ex_data.h" #define MAX_FOREIGN_CLMN_NUM 8 +#define MAX_FOREIGN_NAME_LEN 31 /* plugin schema API */ void *plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, @@ -38,7 +39,7 @@ int plugin_table_add_callback(void *plugin_schema, int table_id, void plugin_table_all_callback_start(struct plugin_schema *plugin_schema, int update_type); void plugin_table_all_callback_finish(struct plugin_schema *plugin_schema); -int plugin_table_get_foreign_column(struct plugin_schema *plugin_schema, int *foreign_columns); +int plugin_table_get_foreign_names(struct plugin_schema *plugin_schema, char foreign_names[MAX_FOREIGN_CLMN_NUM][MAX_FOREIGN_NAME_LEN + 1]); /* plugin table ex data API */ int plugin_table_set_ex_container_schema(void *plugin_schema, int table_id, @@ -56,7 +57,7 @@ void *plugin_runtime_new(void *plugin_schema, size_t max_thread_num, void plugin_runtime_free(void *plugin_runtime); int plugin_runtime_update(void *plugin_runtime, void *plugin_schema, const char *table_name, - const char *line, int valid_column); + const char *line, enum maat_operation op); int plugin_runtime_commit(void *plugin_runtime, const char *table_name, long long maat_rt_version); @@ -68,7 +69,7 @@ struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime); size_t plugin_runtime_cached_row_count(void *plugin_runtime); -const char *plugin_runtime_cached_row_get(void *plugin_runtime, size_t index); +const struct ex_data_row *plugin_runtime_cached_row_get(void *plugin_runtime, size_t index); void *plugin_runtime_get_ex_data(void *plugin_runtime, void *plugin_schema, const char *key, size_t key_len); diff --git a/src/inc_internal/maat_redis_monitor.h b/src/inc_internal/maat_redis_monitor.h index dff8933..b03640e 100644 --- a/src/inc_internal/maat_redis_monitor.h +++ b/src/inc_internal/maat_redis_monitor.h @@ -26,7 +26,6 @@ extern "C" #include "uthash/uthash.h" struct foreign_key { - int column; char *key; size_t key_len; char *filename; @@ -88,7 +87,7 @@ int maat_get_rm_key_list(redisContext *c, long long instance_version, void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx, void (*start_fn)(long long, int, void *), - int (*update_fn)(const char *, const char *, void *), + int (*update_fn)(const char *, const char *, void *, enum maat_operation), void (*finish_fn)(void *), void *u_param); #ifdef __cplusplus diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index f9634f9..b2c3083 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -32,11 +32,6 @@ void *rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger); void rule_schema_free(void *rule_schema); -void *object2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, - const char *table_name, struct log_handle *logger); -void object2rule_schema_free(void *g2c_schema); -int object2rule_associated_rule_table_id(void *g2c_schema); - /* rule runtime API */ void *rule_runtime_new(void *rule_schema, size_t max_thread_num, struct maat_garbage_bin *garbage_bin, @@ -47,7 +42,7 @@ void rule_runtime_init(void *rule_runtime, struct maat_runtime *maat_rt); int rule_runtime_update(void *rule_runtime, void *rule_schema, const char *table_name, const char *line, - int valid_column); + enum maat_operation op); int rule_runtime_commit(void *rule_runtime, const char *table_name, long long maat_rt_version); @@ -64,25 +59,6 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, struct maat_hit_path *hit_path_array, size_t array_size, size_t n_hit_path); -/* object2rule runtime API */ -void *object2rule_runtime_new(void *g2c_schema, size_t max_thread_num, - struct maat_garbage_bin *garbage_bin, - struct log_handle *logger); - -void object2rule_runtime_init(void *g2c_runtime, void *rule_runtime); - -void object2rule_runtime_free(void *g2c_runtime); - -int object2rule_runtime_update(void *g2c_runtime, void *g2c_schema, - const char *table_name, const char *line, - int valid_column); - -long long object2rule_runtime_not_condition_count(void *g2c_runtime); - -long long object2rule_runtime_rule_count(void *g2c_runtime); - -long long object2rule_runtime_update_err_count(void *g2c_runtime); - /* maat rule state API */ struct rule_compile_state; struct rule_compile_state *rule_compile_state_new(void); diff --git a/src/inc_internal/maat_table.h b/src/inc_internal/maat_table.h index 5cead74..db7388b 100644 --- a/src/inc_internal/maat_table.h +++ b/src/inc_internal/maat_table.h @@ -38,10 +38,8 @@ enum table_type { TABLE_TYPE_FQDN_PLUGIN, TABLE_TYPE_BOOL_PLUGIN, //above are physical table - TABLE_TYPE_ATTRIBUTE, TABLE_TYPE_RULE, TABLE_TYPE_OBJECT2OBJECT, - TABLE_TYPE_OBJECT2RULE, TABLE_TYPE_MAX }; @@ -61,6 +59,8 @@ size_t table_manager_table_size(struct table_manager *tbl_mgr); size_t table_manager_table_num(struct table_manager *tbl_mgr); int table_manager_get_table_id(struct table_manager *tbl_mgr, const char *table_name); +int table_manager_get_attribute_id(struct table_manager *tbl_mgr, const char *attribute_name); +int table_manager_attribute_get_table_id(struct table_manager *tbl_mgr, int attr_id); /** * @brief get table_name's all conjunction parents' table_id * @@ -79,6 +79,7 @@ int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const const char *table_manager_get_table_name(struct table_manager *tbl_mgr, int table_id); +const char *table_manager_get_attribute_name(struct table_manager *tbl_mgr, int attr_id); const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, int table_id); @@ -87,8 +88,6 @@ enum table_type table_manager_get_table_type(struct table_manager *tbl_mgr, int int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr); int table_manager_get_object2object_table_id(struct table_manager *tbl_mgr); -int table_manager_get_valid_column(struct table_manager *tbl_mgr, int table_id); - enum maat_expr_engine table_manager_get_expr_engine(struct table_manager *tbl_mgr); size_t table_manager_accept_tags_count(struct table_manager *tbl_mgr); @@ -99,7 +98,8 @@ void *table_manager_get_runtime(struct table_manager *tbl_mgr, int table_id); void *table_manager_get_updating_runtime(struct table_manager *tbl_mgr, int table_id); int table_manager_update_runtime(struct table_manager *tbl_mgr, const char *table_name, - int table_id, const char *line, int update_type); + int table_id, const char *line, enum maat_operation op, + int update_type); void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id, int update_type, long long maat_rt_version); diff --git a/src/inc_internal/maat_utils.h b/src/inc_internal/maat_utils.h index fca7ef6..4381398 100644 --- a/src/inc_internal/maat_utils.h +++ b/src/inc_internal/maat_utils.h @@ -21,6 +21,7 @@ extern "C" #include #include "uthash/utarray.h" +#include "cJSON/cJSON.h" #define TRUE 1 #define FALSE 0 diff --git a/src/json2iris.c b/src/json2iris.c deleted file mode 100644 index f9863ad..0000000 --- a/src/json2iris.c +++ /dev/null @@ -1,1369 +0,0 @@ -/* -********************************************************************************************** -* File: json2iris.c -* Description: rule for transform json2iris -* Authors: Zheng Chao -* Date: 2022-10-31 -* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved. -*********************************************************************************************** -*/ - -#include -#include -#include -#include -#include -#include - -#include "json2iris.h" -#include "cJSON/cJSON.h" -#include "maat_kv.h" -#include "maat_utils.h" -#include "maat_core.h" -#include "uthash/uthash.h" -#include "maat_redis_monitor.h" - -#define MODULE_JSON2IRIS module_name_str("maat.json2iris") - -#define MAX_COLUMN_NUM 32 -#define MAX_PATH_LINE 512 -#define MAX_BUFF_LEN 4096 -#define MAX_OBJECT_ID_STR 128 - -const int json_version = 1; -const char *untitled_object_name = "Untitled"; -long long untitled_object_id = 123456789; - -enum maat_object_relation { - PARENT_TYPE_RULE = 0, - PARENT_TYPE_OBJECT -}; - -struct object_info { - int object_id; - char object_name[NAME_MAX]; - UT_array *incl_sub_object_ids; - UT_array *excl_sub_object_ids; - UT_hash_handle hh; -}; - -struct iris_table { - char table_name[MAX_NAME_STR_LEN]; - char table_path[PATH_MAX]; - int line_count; - enum table_type table_type; - void *buff; - size_t write_pos; - size_t buff_sz; - UT_hash_handle hh; -}; - -struct iris_description { - int object_cnt; - int region_cnt; - - char tmp_iris_dir[MAX_PATH_LINE]; - char tmp_iris_index_dir[MAX_PATH_LINE]; - char index_path[PATH_MAX]; - - struct iris_table *object_table; - struct iris_table *object2object_table; - struct iris_table *object2rule_table; - struct iris_table *rule_table; - - struct object_info *object_name_map; - struct iris_table *iris_table_map; - - struct maat_kv_store *str2int_map; - redisContext *redis_write_ctx; - - char *encrypt_key; - char *encrypt_algo; - FILE *idx_fp; -}; - -struct translate_command { - const char *json_string; - char *json_value; - int json_type; - int str2int_flag; - int empty_allowed; - const char *default_string; - int default_int; -}; - -static struct iris_table * -query_table_info(struct iris_description *p_iris, const char *table_name, - enum table_type table_type) -{ - if (NULL == p_iris || NULL == table_name || - table_type == TABLE_TYPE_INVALID) { - return NULL; - } - - struct iris_table *table_info = NULL; - HASH_FIND(hh, p_iris->iris_table_map, table_name, strlen(table_name), table_info); - if (NULL == table_info) { - table_info = ALLOC(struct iris_table, 1); - table_info->line_count = 0; - table_info->table_type = table_type; - memcpy(table_info->table_name, table_name, MIN(sizeof(table_info->table_name) - 1, - strlen(table_name))); - snprintf(table_info->table_path, sizeof(table_info->table_path), - "%s/%s.local", p_iris->tmp_iris_dir, table_info->table_name); - HASH_ADD_KEYPTR(hh, p_iris->iris_table_map, table_info->table_name, - strlen(table_name), table_info); - } - - return table_info; -} - -static void free_iris_table_info(void *p) -{ - struct iris_table *table = (struct iris_table *)p; - if (table != NULL) { - FREE(table->buff); - } - FREE(table); -} - -static int -set_iris_descriptor(const char *json_file, cJSON *json, - const char *encrypt_key, const char *encrypt_algo, - const char *rule_tn, const char *object2rule_tn, - const char* object2object_tn, redisContext *redis_write_ctx, - struct iris_description *iris_cfg) -{ - memset(iris_cfg, 0, sizeof(struct iris_description)); - snprintf(iris_cfg->tmp_iris_dir, sizeof(iris_cfg->tmp_iris_dir), - "%s_iris_tmp", json_file); - snprintf(iris_cfg->tmp_iris_index_dir, sizeof(iris_cfg->tmp_iris_index_dir), - "%s_iris_tmp/index", json_file); - snprintf(iris_cfg->index_path, sizeof(iris_cfg->index_path), - "%s/full_config_index.%010d", iris_cfg->tmp_iris_index_dir, - json_version); - - iris_cfg->redis_write_ctx = redis_write_ctx; - iris_cfg->str2int_map = maat_kv_store_new(); - - maat_kv_register(iris_cfg->str2int_map, "yes", 1); - maat_kv_register(iris_cfg->str2int_map, "no", 0); - - maat_kv_register(iris_cfg->str2int_map, "flag", TABLE_TYPE_FLAG); - maat_kv_register(iris_cfg->str2int_map, "flag_plus", TABLE_TYPE_FLAG_PLUS); - maat_kv_register(iris_cfg->str2int_map, "ip", TABLE_TYPE_IP); - maat_kv_register(iris_cfg->str2int_map, "string", TABLE_TYPE_EXPR); - maat_kv_register(iris_cfg->str2int_map, "expr", TABLE_TYPE_EXPR); - maat_kv_register(iris_cfg->str2int_map, "expr_plus", TABLE_TYPE_EXPR_PLUS); - maat_kv_register(iris_cfg->str2int_map, "interval", TABLE_TYPE_INTERVAL); - maat_kv_register(iris_cfg->str2int_map, "interval_plus", TABLE_TYPE_INTERVAL_PLUS); - - maat_kv_register(iris_cfg->str2int_map, "ipv4", 4); - maat_kv_register(iris_cfg->str2int_map, "ipv6", 6); - - maat_kv_register(iris_cfg->str2int_map, "double", 0); - maat_kv_register(iris_cfg->str2int_map, "single", 1); - - maat_kv_register(iris_cfg->str2int_map, "none", 0); - maat_kv_register(iris_cfg->str2int_map, "and", 1); - maat_kv_register(iris_cfg->str2int_map, "regex", 2); - maat_kv_register(iris_cfg->str2int_map, "offset", 3); - - maat_kv_register(iris_cfg->str2int_map, "sub", 0); - maat_kv_register(iris_cfg->str2int_map, "right", 1); - maat_kv_register(iris_cfg->str2int_map, "suffix", 1); - maat_kv_register(iris_cfg->str2int_map, "left", 2); - maat_kv_register(iris_cfg->str2int_map, "prefix", 2); - maat_kv_register(iris_cfg->str2int_map, "complete", 3); - maat_kv_register(iris_cfg->str2int_map, "exact", 3); - - maat_kv_register(iris_cfg->str2int_map, "uncase plain", 0); - maat_kv_register(iris_cfg->str2int_map, "hexbin", 1); - maat_kv_register(iris_cfg->str2int_map, "case plain", 2); - - iris_cfg->rule_table = query_table_info(iris_cfg, rule_tn, - TABLE_TYPE_RULE); - iris_cfg->object2rule_table = query_table_info(iris_cfg, object2rule_tn, - TABLE_TYPE_OBJECT2RULE); - iris_cfg->object2object_table = query_table_info(iris_cfg, object2object_tn, - TABLE_TYPE_OBJECT2OBJECT); - - if (encrypt_key && encrypt_algo) { - iris_cfg->encrypt_key = maat_strdup(encrypt_key); - iris_cfg->encrypt_algo = maat_strdup(encrypt_algo); - } - - return 0; -} - -static void clear_iris_descriptor(struct iris_description *iris_cfg) -{ - if (iris_cfg->object_name_map != NULL) { - struct object_info *node = NULL; - struct object_info *tmp = NULL; - HASH_ITER(hh, iris_cfg->object_name_map, node, tmp) { - if (node->incl_sub_object_ids != NULL) { - utarray_free(node->incl_sub_object_ids); - node->incl_sub_object_ids = NULL; - } - - if (node->excl_sub_object_ids != NULL) { - utarray_free(node->excl_sub_object_ids); - node->excl_sub_object_ids = NULL; - } - - HASH_DELETE(hh, iris_cfg->object_name_map, node); - FREE(node); - } - } - - if(iris_cfg->iris_table_map != NULL) { - struct iris_table *node = NULL; - struct iris_table *tmp = NULL; - HASH_ITER(hh, iris_cfg->iris_table_map, node, tmp) { - HASH_DELETE(hh, iris_cfg->iris_table_map, node); - free_iris_table_info(node); - } - } - - maat_kv_store_free(iris_cfg->str2int_map); - iris_cfg->str2int_map = NULL; - - FREE(iris_cfg->encrypt_algo); - FREE(iris_cfg->encrypt_key); - - return; -} - -static int create_tmp_dir(struct iris_description *p) -{ - if ((access(p->tmp_iris_dir,F_OK)) < 0) { - if ((mkdir(p->tmp_iris_dir, 0777)) < 0) { - return -1; - } - } - - if ((access(p->tmp_iris_index_dir,F_OK)) < 0) { - if ((mkdir(p->tmp_iris_index_dir, 0777)) < 0) { - return -1; - } - } - - return 0; -} - -static int -write_plugin_line(cJSON *plug_table_json, int sequence, - struct iris_description *p_iris, - struct log_handle *logger) -{ - cJSON *item = cJSON_GetObjectItem(plug_table_json, "table_name"); - if (NULL == item || item->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] The %d plugin_table's table_name " - "not defined or format error", __FUNCTION__, - __LINE__, sequence); - return -1; - } - const char *table_name = item->valuestring; - - cJSON *table_content = cJSON_GetObjectItem(plug_table_json, "table_content"); - if (NULL == table_content || table_content->type != cJSON_Array) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] %d plugin_table's table_content not defined or format error", - __FUNCTION__, __LINE__, sequence); - return -1; - } - int line_cnt = cJSON_GetArraySize(table_content); - struct iris_table *table_info = query_table_info(p_iris, table_name, - TABLE_TYPE_PLUGIN); - - cJSON *each_line = NULL; - const char *line_content = NULL; - for (int i = 0; i < line_cnt; i++) { - each_line = cJSON_GetArrayItem(table_content, i); - if (NULL == each_line || each_line->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] plugin_table %s's line %d format error", - __FUNCTION__, __LINE__, table_info->table_name, i + 1); - continue; - } - - line_content = each_line->valuestring; - table_info->write_pos += memcat(&(table_info->buff), table_info->write_pos, - &(table_info->buff_sz), line_content, - strlen(line_content)); - table_info->write_pos += memcat(&(table_info->buff), table_info->write_pos, - &(table_info->buff_sz), "\n", 1); - table_info->line_count++; - } - - return 0; -} - -static struct object_info *object_info_read(struct object_info *object_name_map, - const char *object_name) -{ - struct object_info *node = NULL; - HASH_FIND(hh, object_name_map, object_name, strlen(object_name), node); - - return node; -} - -UT_icd ut_json2iris_object_id_icd = {sizeof(int), NULL, NULL, NULL}; -static struct object_info * -object_info_add_unsafe(struct iris_description *p_iris, const char *object_name, - long long object_id) -{ - struct object_info *object_info = ALLOC(struct object_info, 1); - utarray_new(object_info->incl_sub_object_ids, &ut_json2iris_object_id_icd); - utarray_new(object_info->excl_sub_object_ids, &ut_json2iris_object_id_icd); - - object_info->object_id = object_id; - strncpy(object_info->object_name, object_name, sizeof(object_info->object_name)); - - HASH_ADD_KEYPTR(hh, p_iris->object_name_map, object_info->object_name, - strlen(object_name), object_info); - - return object_info; -} - -static int get_region_seq(struct iris_description *iris_cfg) -{ - int sequence = 0; - - if (NULL == iris_cfg->redis_write_ctx) { - sequence = iris_cfg->region_cnt + 1; - } else { - redisReply *data_reply = - maat_wrap_redis_command(iris_cfg->redis_write_ctx, NULL, - "INCRBY %s 1", mr_region_id_var); - - sequence = (int)data_reply->integer; - freeReplyObject(data_reply); - } - iris_cfg->region_cnt++; - - return sequence; -} - -static int -direct_write_rule(cJSON *json, struct maat_kv_store *str2int, - struct translate_command *cmd, int cmd_cnt, - struct iris_table *table, struct log_handle *logger) -{ - int i = 0; - int ret = -1; - cJSON dummy; - - for (i = 0; i < cmd_cnt; i++) { - cJSON *item = cJSON_GetObjectItem(json, cmd[i].json_string); - if (NULL == item && (1 == cmd[i].empty_allowed)) { - dummy.valuestring = (char *)cmd[i].default_string; - dummy.valueint = cmd[i].default_int; - dummy.valuedouble = cmd[i].default_int; - dummy.type = cmd[i].json_type; - item = &dummy; - } - - if (NULL == item || item->type != cmd[i].json_type) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] %s not defined or wrong format", - __FUNCTION__, __LINE__, cmd[i].json_string); - ret = -1; - goto error_out; - } - - if (1 == cmd[i].str2int_flag) { - long long int_value = 0; - char *p = item->valuestring; - ret = maat_kv_read(str2int, p, &int_value, 1); - if (ret < 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] %s's value %s is not valid format", - __FUNCTION__, __LINE__, cmd[i].json_string, p); - FREE(p); - ret = -1; - goto error_out; - } - cmd[i].json_value = (char *)malloc(21);/* 2^64+1 can be represented in 21 chars. */ - snprintf(cmd[i].json_value, 21, "%d", (int)int_value); - } else { - switch (item->type) { - case cJSON_Number: - cmd[i].json_value = cJSON_Print(item); - break; - case cJSON_String: - cmd[i].json_value = ALLOC(char, strlen(item->valuestring) + 1); - memcpy(cmd[i].json_value, item->valuestring, strlen(item->valuestring)); - break; - default://impossible ,already checked - assert(0); - break; - } - } - } - - for (i = 0; i < cmd_cnt; i++) { - table->write_pos += memcat(&(table->buff), table->write_pos, &table->buff_sz, - cmd[i].json_value, strlen(cmd[i].json_value)); - table->write_pos += memcat(&(table->buff), table->write_pos, - &table->buff_sz, "\t", 1); - } - table->write_pos += memcat(&(table->buff), table->write_pos, - &table->buff_sz, "\n", 1); - table->line_count++; - ret = 0; -error_out: - for (i = 0; i < cmd_cnt; i++) { - if (cmd[i].json_value != NULL) { - FREE(cmd[i].json_value); - } - } - return ret; -} - -static int -write_flag_line(cJSON *region_json, struct iris_description *p_iris, - struct iris_table *table, struct log_handle *logger) -{ - struct translate_command json_cmd[MAX_COLUMN_NUM]; - int cmd_cnt = 0; - memset(json_cmd, 0, sizeof(json_cmd)); - - json_cmd[cmd_cnt].json_string = "region_id"; - json_cmd[cmd_cnt].json_type=cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "object_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - if (table->table_type==TABLE_TYPE_FLAG_PLUS) { - json_cmd[cmd_cnt].json_string = "district"; - json_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - } - - json_cmd[cmd_cnt].json_string = "flag"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "flag_mask"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "is_valid"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - return direct_write_rule(region_json, p_iris->str2int_map, - json_cmd, cmd_cnt, table, logger); -} - -static int -write_expr_line(cJSON *region_json, struct iris_description *p_iris, - struct iris_table *table, struct log_handle *logger) -{ - struct translate_command json_cmd[MAX_COLUMN_NUM]; - int cmd_cnt = 0; - memset(json_cmd, 0, sizeof(json_cmd)); - - json_cmd[cmd_cnt].json_string = "region_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "object_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - if (table->table_type==TABLE_TYPE_EXPR_PLUS) { - json_cmd[cmd_cnt].json_string = "district"; - json_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - } - - json_cmd[cmd_cnt].json_string = "expr_type"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].str2int_flag = 1; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "keywords"; - json_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "is_valid"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - return direct_write_rule(region_json, p_iris->str2int_map, - json_cmd, cmd_cnt, table, logger); -} - -static int -write_ip_line(cJSON *region_json, struct iris_description *p_iris, - struct iris_table *table, struct log_handle *logger) -{ - struct translate_command json_cmd[MAX_COLUMN_NUM]; - int cmd_cnt = 0; - memset(json_cmd, 0, sizeof(json_cmd)); - - json_cmd[cmd_cnt].json_string = "region_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "object_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "ip"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "0.0.0.0"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "port"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].empty_allowed = 1; - json_cmd[cmd_cnt].default_string = "0-65535"; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "is_valid"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - return direct_write_rule(region_json, p_iris->str2int_map, - json_cmd, cmd_cnt, table, logger); -} - -static int -write_interval_line(cJSON *region_json, struct iris_description *p_iris, - struct iris_table *table, struct log_handle *logger) -{ - struct translate_command json_cmd[MAX_COLUMN_NUM]; - int cmd_cnt = 0; - memset(json_cmd, 0, sizeof(json_cmd)); - - json_cmd[cmd_cnt].json_string = "region_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "object_id"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - if (table->table_type == TABLE_TYPE_INTERVAL_PLUS) { - json_cmd[cmd_cnt].json_string = "district"; - json_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - } - - json_cmd[cmd_cnt].json_string = "interval"; - json_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "is_valid"; - json_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - return direct_write_rule(region_json, p_iris->str2int_map, - json_cmd, cmd_cnt, table, logger); -} - -static int -write_region_rule(cJSON *region_json, int rule_id, int object_id, - struct iris_description *p_iris, struct log_handle *logger) -{ - cJSON *item = cJSON_GetObjectItem(region_json, "table_name"); - if (NULL == item || item->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d's table_name not defined " - "or format error", __FUNCTION__, __LINE__, rule_id); - return -1; - } - const char *table_name = item->valuestring; - - item = cJSON_GetObjectItem(region_json, "table_type"); - if (NULL == item || item->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d's table name %s's table_type " - "not defined or format error", __FUNCTION__, __LINE__, - rule_id, table_name); - return -1; - } - - const char *table_type_str = item->valuestring; - long long table_type_int; - int ret = maat_kv_read(p_iris->str2int_map, table_type_str, &table_type_int, 1); - if (ret != 1) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d table name %s's table_type %s invalid", - __FUNCTION__, __LINE__, rule_id, table_name, table_type_str); - return -1; - } - - cJSON *table_content = cJSON_GetObjectItem(region_json, "table_content"); - if (NULL == table_content || table_content->type != cJSON_Object) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d table name %s's table_content " - "not defined or format error", __FUNCTION__, __LINE__, - rule_id, table_name); - return -1; - } - - int region_id = get_region_seq(p_iris); - cJSON_AddNumberToObject(table_content, "region_id", region_id); - cJSON_AddNumberToObject(table_content, "object_id", object_id); - cJSON_AddNumberToObject(table_content, "is_valid", 1); - - struct iris_table *table_info = query_table_info(p_iris, table_name, - table_type_int); - switch (table_type_int) { - case TABLE_TYPE_FLAG: - case TABLE_TYPE_FLAG_PLUS: - ret = write_flag_line(table_content, p_iris, table_info, logger); - break; - case TABLE_TYPE_EXPR: - case TABLE_TYPE_EXPR_PLUS: - ret = write_expr_line(table_content, p_iris, table_info, logger); - break; - case TABLE_TYPE_IP: - ret = write_ip_line(table_content, p_iris, table_info, logger); - break; - case TABLE_TYPE_INTERVAL: - case TABLE_TYPE_INTERVAL_PLUS: - ret = write_interval_line(table_content, p_iris, table_info, logger); - break; - default: - assert(0); - break; - } - return ret; -} - -static int -write_object2rule_line(int *object_ids, size_t n_object_id, - int rule_id, int object_negate_option, - int condition_index, const char *attribute, - struct iris_description *p_iris, - struct iris_table *g2c_table) -{ - char buff[4096] = {0}; - struct iris_table *table = NULL; - - if (g2c_table != NULL) { - table = g2c_table; - } else { - if (NULL == p_iris->object2rule_table) { - return -1; - } - table = p_iris->object2rule_table; - } - - if (n_object_id > 1) { - char tmp_str[64] = {0}; - char object_id_str[2048] = {0}; - - for (size_t i = 0; i < n_object_id; i++) { - snprintf(tmp_str, sizeof(tmp_str), "%d,", object_ids[i]); - strcat(object_id_str, tmp_str); - } - object_id_str[strlen(object_id_str) - 1] = '\0'; - snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", object_id_str, - rule_id, object_negate_option, attribute, condition_index); - } else { - snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", object_ids[0], - rule_id, object_negate_option, attribute, condition_index); - } - - table->write_pos += memcat(&(table->buff), table->write_pos, - &(table->buff_sz), buff, strlen(buff)); - table->line_count++; - - return 0; -} - -static int -write_object2object_line(int object_id, UT_array *incl_sub_object_ids, - UT_array *excl_sub_object_ids, - struct iris_description *p_iris) -{ - char buff[MAX_BUFF_LEN*4] = {0}; - struct iris_table *table = p_iris->object2object_table; - if (NULL == table) { - return -1; - } - - size_t i = 0, pos = 0; - char incl_sub_object_id_str[MAX_BUFF_LEN] = {0}; - char excl_sub_object_id_str[MAX_BUFF_LEN] = {0}; - - if (0 == utarray_len(incl_sub_object_ids) && - 0 == utarray_len(excl_sub_object_ids)) { - return 0; - } - - int *tmp_id = NULL; - char tmp_str[MAX_OBJECT_ID_STR] = {0}; - for (i = 0; i < utarray_len(incl_sub_object_ids); i++) { - tmp_id = (int *)utarray_eltptr(incl_sub_object_ids, i); - sprintf(tmp_str, "%d,", *tmp_id); - sprintf(incl_sub_object_id_str + pos, "%s", tmp_str); - pos += strlen(tmp_str); - } - - const char *null_str = "null"; - size_t str_len = strlen(incl_sub_object_id_str); - if (str_len > 0) { - incl_sub_object_id_str[str_len - 1] = '\0'; - } else { - memcpy(incl_sub_object_id_str, null_str, strlen(null_str)); - } - - pos = 0; - memset(tmp_str, 0, sizeof(tmp_str)); - for (i = 0; i < utarray_len(excl_sub_object_ids); i++) { - tmp_id = (int *)utarray_eltptr(excl_sub_object_ids, i); - sprintf(tmp_str, "%d,", *tmp_id); - sprintf(excl_sub_object_id_str + pos, "%s", tmp_str); - pos += strlen(tmp_str); - } - - str_len = strlen(excl_sub_object_id_str); - if (str_len > 0) { - excl_sub_object_id_str[str_len - 1] = '\0'; - } else { - memcpy(excl_sub_object_id_str, null_str, strlen(null_str)); - } - - snprintf(buff, sizeof(buff), "%d\t%s\t%s\t1\n", object_id, - incl_sub_object_id_str, excl_sub_object_id_str); - - table->write_pos += memcat(&(table->buff), table->write_pos, - &(table->buff_sz), buff, strlen(buff)); - table->line_count++; - - return 0; -} - -static int -write_object_rule(cJSON *object_json, int parent_id, - int parent_type, int tracking_rule_id, - int Nth_object, struct iris_description *p_iris, - struct log_handle *logger) -{ - int ret = 0; - int object_negate_option = 0; - int condition_index = 0; - const char *object_name = NULL; - char object_name_array[32][MAX_NAME_STR_LEN]; - size_t object_name_cnt = 0; - long long object_id = -1; - const char *attribute = NULL; - struct iris_table *g2c_table = NULL; - - cJSON *item = cJSON_GetObjectItem(object_json, "object_name"); - if (NULL == item) { - object_name = untitled_object_name; - } else if (item->type == cJSON_String) { - object_name = item->valuestring; - } else if (item->type == cJSON_Array) { - object_name_cnt = cJSON_GetArraySize(item); - assert(object_name_cnt <= 32); - for (size_t i = 0; i < object_name_cnt; i++) { - cJSON *tmp_json = cJSON_GetArrayItem(item, i); - if (NULL == tmp_json || tmp_json->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] object_name of rule:%d format error", - __FUNCTION__, __LINE__, parent_id); - return -1; - } - memset(object_name_array[i], 0, sizeof(object_name_array[i])); - memcpy(object_name_array[i], tmp_json->valuestring, - strlen(tmp_json->valuestring)); - } - } - - item = cJSON_GetObjectItem(object_json, "object_id"); - if (item != NULL && item->type == cJSON_Number) { - object_id = item->valueint; - } - - if (parent_type == PARENT_TYPE_RULE) { - item = cJSON_GetObjectItem(object_json, "attribute"); - if (NULL == item || item->type != cJSON_String) { - attribute = "null"; - } else { - attribute = item->valuestring; - } - - item = cJSON_GetObjectItem(object_json, "negate_option"); - if (NULL == item || item->type != cJSON_Number) { - object_negate_option = 0; - } else { - object_negate_option = item->valueint; - } - - item = cJSON_GetObjectItem(object_json, "condition_index"); - if (NULL == item || item->type != cJSON_Number) { - condition_index = Nth_object; - } else { - condition_index = item->valueint; - } - - item = cJSON_GetObjectItem(object_json, "g2c_table_name"); - if (item != NULL && item->type == cJSON_String) { - g2c_table = query_table_info(p_iris, item->valuestring, - TABLE_TYPE_OBJECT2RULE); - } - } - - if (object_name_cnt > 0) { - int object_ids[object_name_cnt]; - for (size_t i = 0; i < object_name_cnt; i++) { - struct object_info *object_info = - object_info_read(p_iris->object_name_map, object_name_array[i]); - if (NULL == object_info) { - log_fatal(logger, MODULE_JSON2IRIS, "[%s:%d] object_name:%s" - " has no object_id", __FUNCTION__, __LINE__, - object_name_array[i]); - return -1; - } - object_ids[i] = object_info->object_id; - } - assert(parent_type == PARENT_TYPE_RULE); - ret = write_object2rule_line(object_ids, object_name_cnt, parent_id, - object_negate_option, condition_index, - attribute, p_iris, g2c_table); - - } else { - struct object_info *object_info = - object_info_read(p_iris->object_name_map, object_name); - // exist object name, regions and sub objects will be ommit. - if (NULL == object_info) { - if (0 == strncasecmp(object_name, untitled_object_name, - strlen(untitled_object_name))) { - object_id = untitled_object_id; - } - - if (-1 == object_id) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] object_name:<%s> has no object_id", - __FUNCTION__, __LINE__, object_name); - return -1; - } - - object_info = object_info_add_unsafe(p_iris, object_name, object_id); - cJSON *region_json = cJSON_GetObjectItem(object_json, "regions"); - if (region_json != NULL) { - cJSON *region_rule = NULL; - cJSON_ArrayForEach(region_rule, region_json) { - ret = write_region_rule(region_rule, tracking_rule_id, - object_info->object_id, p_iris, logger); - if (ret < 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d write region error", - __FUNCTION__, __LINE__, tracking_rule_id); - return -1; - } - } - } - - cJSON *sub_objects = cJSON_GetObjectItem(object_json, "sub_objects"); - if (sub_objects != NULL) { - // recursively - int i = 0; - cJSON_ArrayForEach(item, sub_objects) { - i++; - ret = write_object_rule(item, object_info->object_id, - PARENT_TYPE_OBJECT, tracking_rule_id, - i, p_iris, logger); - if (ret < 0) { - return -1; - } - } - } - - if (NULL == region_json && NULL == sub_objects) { - log_info(logger, MODULE_JSON2IRIS, - "[%s:%d] A object of rule rule %d has neither regions, " - "sub objects, nor refered another existed object", - __FUNCTION__, __LINE__, tracking_rule_id); - } - } - - if (parent_type == PARENT_TYPE_RULE) { - ret = write_object2rule_line(&(object_info->object_id), 1, parent_id, - object_negate_option, condition_index, - attribute, p_iris, g2c_table); - if (ret < 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule:%d write object error", - __FUNCTION__, __LINE__, parent_id); - return -1; - } - } - } - - return 0; -} - -static int -write_rule_line(cJSON *rule, struct iris_description *p_iris, - struct log_handle *logger) -{ - cJSON *item=cJSON_GetObjectItem(rule, "rule_id"); - if (item->type != cJSON_Number) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule_id format not number", - __FUNCTION__, __LINE__); - return -1; - } - int rule_id = item->valueint; - - cJSON *object_array = cJSON_GetObjectItem(rule, "objects"); - int object_num = cJSON_GetArraySize(object_array); - int *condition_ids = ALLOC(int, object_num); - int condition_num = 0; - cJSON *object_obj = NULL; - - cJSON_ArrayForEach(object_obj, object_array) { - item = cJSON_GetObjectItem(object_obj, "condition_index"); - if (item) { - int i = 0; - int condition_index = item->valueint; - for (i = 0; i < condition_num; i++) { - if (condition_ids[i] == condition_index) { - break; - } - } - - if (i == condition_num) { - condition_ids[condition_num] = condition_index; - condition_num++; - } - } - } - FREE(condition_ids); - - if (condition_num == 0) { - condition_num = object_num; - } - - cJSON_AddNumberToObject(rule, "condition_num", condition_num); - - struct translate_command rule_cmd[MAX_COLUMN_NUM]; - memset(rule_cmd, 0, sizeof(rule_cmd)); - - int cmd_cnt = 0; - rule_cmd[cmd_cnt].json_string = "rule_id"; - rule_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "service"; - rule_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "action"; - rule_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "do_blacklist"; - rule_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "do_log"; - rule_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - - rule_cmd[cmd_cnt].json_string = "tags"; - rule_cmd[cmd_cnt].json_type = cJSON_String; - rule_cmd[cmd_cnt].empty_allowed = 1; - rule_cmd[cmd_cnt].default_string = "{}"; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "user_region"; - rule_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "condition_num"; - rule_cmd[cmd_cnt].json_type = cJSON_Number; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "is_valid"; - rule_cmd[cmd_cnt].json_type = cJSON_String; - rule_cmd[cmd_cnt].str2int_flag = 1; - cmd_cnt++; - - rule_cmd[cmd_cnt].json_string = "modified_time"; - rule_cmd[cmd_cnt].json_type = cJSON_String; - rule_cmd[cmd_cnt].empty_allowed = 1; - time_t curr_time; - time(&curr_time); - static char temp[21]; - snprintf(temp, 21, "%ld", curr_time); - rule_cmd[cmd_cnt].default_string = temp; - cmd_cnt++; - - struct iris_table *table_info = NULL; - item = cJSON_GetObjectItem(rule,"rule_table_name"); - if (NULL == item || item->type != cJSON_String) { - if (NULL == p_iris->rule_table) { - return -1; - } - table_info = p_iris->rule_table; - } else { - table_info = query_table_info(p_iris, item->valuestring, TABLE_TYPE_RULE); - } - - int ret = direct_write_rule(rule, p_iris->str2int_map, rule_cmd, - cmd_cnt, table_info, logger); - if (ret < 0) { - return -1; - } - - return rule_id; -} - -static void write_table_idx(struct iris_description *p_iris, - struct iris_table *table) -{ - char line_cnt_str[32] = {0}; - char err_str[256] = {0}; - - snprintf(line_cnt_str, sizeof(line_cnt_str), "%010d\n", table->line_count); - - size_t table_file_sz = strlen(line_cnt_str) + table->write_pos; - unsigned char *buff = ALLOC(unsigned char, table_file_sz); - memcpy(buff, line_cnt_str, strlen(line_cnt_str)); - memcpy(buff + strlen(line_cnt_str), table->buff, table->write_pos); - - UNUSED int ret = 0; - FILE *table_fp = fopen(table->table_path, "w"); - if (p_iris->encrypt_key) { - unsigned char *encrypt_buff = NULL; - size_t encrypt_buff_sz = 0; - ret = crypt_memory(buff, table_file_sz, &encrypt_buff, - &encrypt_buff_sz, p_iris->encrypt_key, - p_iris->encrypt_algo, 1, err_str, sizeof(err_str)); - assert(ret == 0); - fwrite(encrypt_buff, encrypt_buff_sz, 1, table_fp); - fprintf(p_iris->idx_fp, "%s\t%d\t%s\t%s\n", table->table_name, - table->line_count, table->table_path, p_iris->encrypt_algo); - FREE(encrypt_buff); - } else { - fwrite(buff, table_file_sz, 1, table_fp); - fprintf(p_iris->idx_fp, "%s\t%d\t%s\n", table->table_name, - table->line_count, table->table_path); - } - - fclose(table_fp); - FREE(buff); -} - -static int write_index_file(struct iris_description *p_iris, - struct log_handle *logger) -{ - p_iris->idx_fp = fopen(p_iris->index_path, "w"); - if (NULL == p_iris->idx_fp) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] index file %s fopen error %s", - __FUNCTION__, __LINE__, p_iris->index_path, - strerror(errno)); - return -1; - } - - struct iris_table *node = NULL; - struct iris_table *tmp = NULL; - HASH_ITER(hh, p_iris->iris_table_map, node, tmp) { - write_table_idx(p_iris, node); - } - - fclose(p_iris->idx_fp); - p_iris->idx_fp = NULL; - - return 0; -} - -int recursive_traverse_sub_objects(cJSON *object_obj, struct iris_description *p_iris, - struct log_handle *logger) -{ - cJSON *sub_object_array = cJSON_GetObjectItem(object_obj, "sub_objects"); - if (NULL == sub_object_array) { - return 0; - } - - cJSON *item = cJSON_GetObjectItem(object_obj, "object_name"); - if (NULL == item || item->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] has no object_name before sub_objects."); - return -1; - } - - const char *parent_object_name = item->valuestring; - struct object_info *parent_object = object_info_read(p_iris->object_name_map, - item->valuestring); - if (NULL == parent_object) { - item = cJSON_GetObjectItem(object_obj, "object_id"); - if (NULL == item || item->type != cJSON_Number) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] object_name:%s has no object_id.", parent_object_name); - return -1; - } - parent_object = object_info_add_unsafe(p_iris, parent_object_name, item->valueint); - } - - cJSON *sub_object_obj = NULL; - cJSON_ArrayForEach(sub_object_obj, sub_object_array) { - cJSON *tmp_item1 = cJSON_GetObjectItem(sub_object_obj, "object_name"); - if (NULL == tmp_item1 || tmp_item1->type != cJSON_String) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d]object:%s's sub_objects has no object_name", - __FUNCTION__, __LINE__, parent_object_name); - return -1; - } - - int object_id = -1; - int is_exclude = 0; - cJSON *tmp_item2 = cJSON_GetObjectItem(sub_object_obj, "object_id"); - if (NULL == tmp_item2) { - struct object_info *object = object_info_read(p_iris->object_name_map, - tmp_item1->valuestring); - assert(object != NULL); - object_id = object->object_id; - } else { - object_id = tmp_item2->valueint; - } - - cJSON *tmp_item3 = cJSON_GetObjectItem(sub_object_obj, "is_exclude"); - if (tmp_item3 != NULL && tmp_item3->type == cJSON_Number) { - is_exclude = tmp_item3->valueint; - } - if (0 == is_exclude) { - utarray_push_back(parent_object->incl_sub_object_ids, &object_id); - } else { - utarray_push_back(parent_object->excl_sub_object_ids, &object_id); - } - - int ret = recursive_traverse_sub_objects(sub_object_obj, p_iris, logger); - if (ret < 0) { - return -1; - } - } - - return 0; -} - -static int write_object2object_rule(struct iris_description *p_iris, - struct log_handle *logger) -{ - int ret = 0; - struct object_info *object_info = NULL, *tmp_object_info = NULL; - - HASH_ITER(hh, p_iris->object_name_map, object_info, tmp_object_info) { - ret = write_object2object_line(object_info->object_id, - object_info->incl_sub_object_ids, - object_info->excl_sub_object_ids, - p_iris); - if (ret < 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] write object2object line failed for super_object:%d", - __FUNCTION__, __LINE__, object_info->object_id); - return -1; - } - } - - return 0; -} - -static int write_iris(cJSON *json, struct iris_description *p_iris, - struct log_handle *logger) -{ - int i = 0; - int ret = 0; - static struct object_info *parent_object = NULL; // TODO - - cJSON *plug_tables = cJSON_GetObjectItem(json, "plugin_table"); - if (plug_tables != NULL) { - cJSON *each_plug_table = NULL; - cJSON_ArrayForEach(each_plug_table, plug_tables) { - write_plugin_line(each_plug_table, i, p_iris, logger); - i++; - } - } - - cJSON *object_array = cJSON_GetObjectItem(json, "objects"); // sub-object to object - if (object_array != NULL) { - cJSON *object_obj = NULL; - cJSON_ArrayForEach(object_obj, object_array) { - const char *parent_object_name = NULL; - cJSON *item = cJSON_GetObjectItem(object_obj, "parent_object"); - if (NULL == item || item->type != cJSON_String) { - parent_object_name = untitled_object_name; - } else { - parent_object_name = item->string; - } - - parent_object = object_info_read(p_iris->object_name_map, parent_object_name); - if (NULL == parent_object) { - parent_object = object_info_add_unsafe(p_iris, parent_object_name, - untitled_object_id); - } - - item = cJSON_GetObjectItem(object_obj, "object_id"); - if (NULL == item || item->type != cJSON_Number) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d]Global objects has object with no object_id.", - __FUNCTION__, __LINE__); - return -1; - } - - utarray_push_back(parent_object->incl_sub_object_ids, &item->valueint); - ret = write_object_rule(object_obj, parent_object->object_id, - PARENT_TYPE_OBJECT, 0, 0, p_iris, logger); - if (ret < 0) { - return -1; - } - } - } - - int rule_cnt = 0; - cJSON *rule_array = cJSON_GetObjectItem(json, "rules"); - if (rule_array != NULL) { - rule_cnt = cJSON_GetArraySize(rule_array); - } - - if (rule_cnt > 0) { - cJSON *rule_obj = NULL; - cJSON_ArrayForEach(rule_obj, rule_array) { - int rule_id = write_rule_line(rule_obj, p_iris, logger); - if (rule_id < 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] In %d rule rule", - __FUNCTION__, __LINE__, i); - return -1; - } - - object_array = cJSON_GetObjectItem(rule_obj, "objects"); - if (NULL == object_array) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d have no object", - __FUNCTION__, __LINE__, rule_id); - return -1; - } - - int object_cnt = cJSON_GetArraySize(object_array); - if (object_cnt <= 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] rule rule %d have no objects", - __FUNCTION__, __LINE__, rule_id); - return -1; - } - - i = 0; - cJSON *object_obj = NULL; - cJSON_ArrayForEach(object_obj, object_array) { - ret = write_object_rule(object_obj, rule_id, PARENT_TYPE_RULE, - rule_id, i, p_iris, logger); - if (ret < 0) { - return -1; - } - i++; - } - } - - cJSON_ArrayForEach(rule_obj, rule_array) { - cJSON *object_array = cJSON_GetObjectItem(rule_obj, "objects"); - - cJSON *object_obj = NULL; - cJSON_ArrayForEach(object_obj, object_array) { - ret = recursive_traverse_sub_objects(object_obj, p_iris, logger); - if (ret < 0) { - return -1; - } - } - } - } - - ret = write_object2object_rule(p_iris, logger); - if (ret < 0) { - return -1; - } - - ret = write_index_file(p_iris, logger); - if (ret < 0) { - return -1; - } - - return 0; -} - -int json2iris(const char *json_buff, const char *json_filename, - redisContext *redis_write_ctx, char *iris_dir_buf, - int buf_len, char *encrypt_key, char *encrypt_algo, - struct log_handle *logger) -{ - int ret = -1; - cJSON *tmp_obj = NULL; - const char *rule_tbl_name = NULL; - const char *object2rule_tbl_name = NULL; - const char *object2object_tbl_name = NULL; - struct iris_description iris_cfg; - - memset(&iris_cfg, 0, sizeof(iris_cfg)); - - cJSON *json = cJSON_Parse(json_buff); - if (!json) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] error message: %-200.200s", - __FUNCTION__, __LINE__, cJSON_GetErrorPtr()); - goto error_out; - } - - tmp_obj = cJSON_GetObjectItem(json, "rule_table"); - if (tmp_obj) { - rule_tbl_name = tmp_obj->valuestring; - } - - tmp_obj = cJSON_GetObjectItem(json, "object2rule_table"); - if (tmp_obj) { - object2rule_tbl_name = tmp_obj->valuestring; - } - - tmp_obj = cJSON_GetObjectItem(json, "object2object_table"); - if (tmp_obj) { - object2object_tbl_name = tmp_obj->valuestring; - } - - ret = set_iris_descriptor(json_filename, json, encrypt_key, encrypt_algo, - rule_tbl_name, object2rule_tbl_name, - object2object_tbl_name, redis_write_ctx, &iris_cfg); - if (ret < 0) { - goto error_out; - } - - ret = create_tmp_dir(&iris_cfg); - if (ret < 0) { - log_fatal(logger, MODULE_JSON2IRIS, - "[%s:%d] create tmp folder %s error", - __FUNCTION__, __LINE__, iris_cfg.tmp_iris_dir); - goto error_out; - } - - ret = write_iris(json, &iris_cfg, logger); - if (ret < 0) { - goto error_out; - } - memcpy(iris_dir_buf, iris_cfg.tmp_iris_index_dir, - MIN(strlen(iris_cfg.tmp_iris_index_dir) + 1, (unsigned int)buf_len)); - - cJSON_Delete(json); - clear_iris_descriptor(&iris_cfg); - return 0; - -error_out: - cJSON_Delete(json); - clear_iris_descriptor(&iris_cfg); - return -1; -} \ No newline at end of file diff --git a/src/maat_api.c b/src/maat_api.c index 9d6f1c7..4c6507e 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -15,7 +15,6 @@ #include #include "maat_utils.h" -#include "json2iris.h" #include "maat.h" #include "maat_core.h" #include "maat_kv.h" @@ -63,7 +62,7 @@ struct maat_stream { struct log_handle *logger; int thread_id; int attribute_id; - int phy_table_id; + int table_id; }; struct maat_options* maat_options_new(void) @@ -187,24 +186,6 @@ int maat_options_set_foreign_cont_dir(struct maat_options *opts, return 0; } -int maat_options_set_iris(struct maat_options *opts, - const char *full_directory, - const char *increment_directory) -{ - if (NULL == opts || strlen(full_directory) >= NAME_MAX || - strlen(increment_directory) >= NAME_MAX) { - return -1; - } - - memcpy(opts->iris_ctx.full_idx_dir, full_directory, - strlen(full_directory)); - memcpy(opts->iris_ctx.inc_idx_dir, increment_directory, - strlen(increment_directory)); - opts->input_mode = DATA_SOURCE_IRIS_FILE; - - return 0; -} - int maat_options_set_json_file(struct maat_options *opts, const char *json_filename) { @@ -408,8 +389,7 @@ struct maat *maat_new(struct maat_options *opts, const char *table_info_path) garbage_gc_timeout_s = MAX(1, (maat_inst->opts.gc_timeout_ms / 1000) ); - if (maat_inst->opts.input_mode != DATA_SOURCE_IRIS_FILE && - maat_inst->opts.input_mode != DATA_SOURCE_JSON_FILE && + if (maat_inst->opts.input_mode != DATA_SOURCE_JSON_FILE && maat_inst->opts.input_mode != DATA_SOURCE_REDIS) { log_fatal(maat_inst->logger, MODULE_MAAT_API, "[%s:%d] data source(%d) unsupported", @@ -521,6 +501,16 @@ int maat_get_table_id(struct maat *maat_inst, const char *table_name) return table_manager_get_table_id(table_mgr, table_name); } +int maat_get_attribute_id(struct maat *instance, const char *attribute_name) +{ + if (NULL == instance || NULL == attribute_name) { + return -1; + } + + struct table_manager *table_mgr = instance->tbl_mgr; + return table_manager_get_attribute_id(table_mgr, attribute_name); +} + const char * maat_get_table_schema_tag(struct maat *maat_inst, int table_id) { @@ -603,12 +593,12 @@ int maat_table_callback_register(struct maat *maat_inst, int table_id, } for (size_t i = 0; i < row_cnt; i++) { - const char *line = plugin_runtime_cached_row_get(runtime, i); - if (NULL == line) { + const struct ex_data_row *ex_data_row = plugin_runtime_cached_row_get(runtime, i); + if (NULL == ex_data_row) { break; } - update(table_id, line, u_para); + update(table_id, ex_data_row->row, ex_data_row->op, u_para); } if (finish != NULL) { @@ -679,9 +669,7 @@ generic_plugin_table_set_ex_schema(struct table_manager *tbl_mgr, int table_id, return ret; } -static void plugin_runtime_commit_ex_schema(void *runtime, void *schema, - const char *table_name, - int valid_column) +static void plugin_runtime_commit_ex_schema(void *runtime, void *schema, const char *table_name) { struct ex_container_schema *container_schema = NULL; struct ex_data_runtime *ex_data_rt = NULL; @@ -692,8 +680,8 @@ static void plugin_runtime_commit_ex_schema(void *runtime, void *schema, size_t n_cached_row = ex_data_runtime_cached_row_count(ex_data_rt); for (size_t i = 0; i < n_cached_row; i++) { - const char *row = ex_data_runtime_cached_row_get(ex_data_rt, i); - plugin_runtime_update(runtime, schema, table_name, row, valid_column); + const struct ex_data_row *ex_data_row = ex_data_runtime_cached_row_get(ex_data_rt, i); + plugin_runtime_update(runtime, schema, table_name, ex_data_row->row, ex_data_row->op); } ex_data_runtime_clear_row_cache(ex_data_rt); @@ -701,8 +689,7 @@ static void plugin_runtime_commit_ex_schema(void *runtime, void *schema, } static void ip_plugin_runtime_commit_ex_schema(void *runtime, void *schema, - const char *table_name, - int valid_column) + const char *table_name) { struct ex_container_schema *container_schema = NULL; struct ex_data_runtime *ex_data_rt = NULL; @@ -713,17 +700,15 @@ static void ip_plugin_runtime_commit_ex_schema(void *runtime, void *schema, size_t n_cached_row = ex_data_runtime_cached_row_count(ex_data_rt); for (size_t i = 0; i < n_cached_row; i++) { - const char *row = ex_data_runtime_cached_row_get(ex_data_rt, i); - ip_plugin_runtime_update(runtime, schema, table_name, row, valid_column); + const struct ex_data_row *ex_data_row = ex_data_runtime_cached_row_get(ex_data_rt, i); + ip_plugin_runtime_update(runtime, schema, table_name, ex_data_row->row, ex_data_row->op); } ex_data_runtime_clear_row_cache(ex_data_rt); ip_plugin_runtime_commit(runtime, table_name, 0); } -static void ipport_plugin_runtime_commit_ex_schema(void *runtime, void *schema, - const char *table_name, - int valid_column) +static void ipport_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const char *table_name) { struct ex_container_schema *container_schema = NULL; struct ex_data_runtime *ex_data_rt = NULL; @@ -734,17 +719,15 @@ static void ipport_plugin_runtime_commit_ex_schema(void *runtime, void *schema, size_t n_cached_row = ex_data_runtime_cached_row_count(ex_data_rt); for (size_t i = 0; i < n_cached_row; i++) { - const char *row = ex_data_runtime_cached_row_get(ex_data_rt, i); - ipport_plugin_runtime_update(runtime, schema, table_name, row, valid_column); + const struct ex_data_row *ex_data_row = ex_data_runtime_cached_row_get(ex_data_rt, i); + ipport_plugin_runtime_update(runtime, schema, table_name, ex_data_row->row, ex_data_row->op); } ex_data_runtime_clear_row_cache(ex_data_rt); ipport_plugin_runtime_commit(runtime, table_name, 0); } -static void fqdn_plugin_runtime_commit_ex_schema(void *runtime, void *schema, - const char *table_name, - int valid_column) +static void fqdn_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const char *table_name) { struct ex_container_schema *container_schema = NULL; struct ex_data_runtime *ex_data_rt = NULL; @@ -755,17 +738,15 @@ static void fqdn_plugin_runtime_commit_ex_schema(void *runtime, void *schema, size_t n_cached_row = ex_data_runtime_cached_row_count(ex_data_rt); for (size_t i = 0; i < n_cached_row; i++) { - const char *row = ex_data_runtime_cached_row_get(ex_data_rt, i); - fqdn_plugin_runtime_update(runtime, schema, table_name, row, valid_column); + const struct ex_data_row *ex_data_row = ex_data_runtime_cached_row_get(ex_data_rt, i); + fqdn_plugin_runtime_update(runtime, schema, table_name, ex_data_row->row, ex_data_row->op); } ex_data_runtime_clear_row_cache(ex_data_rt); fqdn_plugin_runtime_commit(runtime, table_name, 0); } -static void bool_plugin_runtime_commit_ex_schema(void *runtime, void *schema, - const char *table_name, - int valid_column) +static void bool_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const char *table_name) { struct ex_container_schema *container_schema = NULL; struct ex_data_runtime *ex_data_rt = NULL; @@ -776,8 +757,8 @@ static void bool_plugin_runtime_commit_ex_schema(void *runtime, void *schema, size_t n_cached_row = ex_data_runtime_cached_row_count(ex_data_rt); for (size_t i = 0; i < n_cached_row; i++) { - const char *row = ex_data_runtime_cached_row_get(ex_data_rt, i); - bool_plugin_runtime_update(runtime, schema, table_name, row, valid_column); + const struct ex_data_row *ex_data_row = ex_data_runtime_cached_row_get(ex_data_rt, i); + bool_plugin_runtime_update(runtime, schema, table_name, ex_data_row->row, ex_data_row->op); } ex_data_runtime_clear_row_cache(ex_data_rt); @@ -787,31 +768,30 @@ static void bool_plugin_runtime_commit_ex_schema(void *runtime, void *schema, static int generic_plugin_runtime_commit_ex_schema(void *runtime, void *schema, const char *table_name, enum table_type table_type, - int valid_column, struct log_handle *logger) { - if (NULL == runtime || NULL == schema || valid_column < 0) { + if (NULL == runtime || NULL == schema) { log_fatal(logger, MODULE_MAAT_API, - "[%s:%d] input parameter invalid, runtime:%p, schema:%p, valid_column:%d", - __FUNCTION__, __LINE__, runtime, schema, valid_column); + "[%s:%d] input parameter invalid, runtime:%p, schema:%p", + __FUNCTION__, __LINE__, runtime, schema); return -1; } switch (table_type) { case TABLE_TYPE_PLUGIN: - plugin_runtime_commit_ex_schema(runtime, schema, table_name, valid_column); + plugin_runtime_commit_ex_schema(runtime, schema, table_name); break; case TABLE_TYPE_IP_PLUGIN: - ip_plugin_runtime_commit_ex_schema(runtime, schema, table_name, valid_column); + ip_plugin_runtime_commit_ex_schema(runtime, schema, table_name); break; case TABLE_TYPE_IPPORT_PLUGIN: - ipport_plugin_runtime_commit_ex_schema(runtime, schema, table_name, valid_column); + ipport_plugin_runtime_commit_ex_schema(runtime, schema, table_name); break; case TABLE_TYPE_FQDN_PLUGIN: - fqdn_plugin_runtime_commit_ex_schema(runtime, schema, table_name, valid_column); + fqdn_plugin_runtime_commit_ex_schema(runtime, schema, table_name); break; case TABLE_TYPE_BOOL_PLUGIN: - bool_plugin_runtime_commit_ex_schema(runtime, schema, table_name, valid_column); + bool_plugin_runtime_commit_ex_schema(runtime, schema, table_name); break; default: log_fatal(logger, MODULE_MAAT_API, @@ -837,24 +817,16 @@ static int generic_plugin_table_ex_schema_register(struct maat *maat_inst, } enum table_type table_type = TABLE_TYPE_INVALID; - int valid_column = -1; + if (maat_inst->maat_rt != NULL) { void *runtime = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); void *schema = table_manager_get_schema(maat_inst->tbl_mgr, table_id); assert(runtime != NULL && schema != NULL); table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - valid_column = table_manager_get_valid_column(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_INVALID || valid_column < 0) { - log_fatal(maat_inst->logger, MODULE_MAAT_API, - "[%s:%d] table_type:%d or valid_column:%d invalid", - __FUNCTION__, __LINE__, table_type, valid_column); - return -1; - } ret = generic_plugin_runtime_commit_ex_schema(runtime, schema, table_name, - table_type, valid_column, - maat_inst->logger); + table_type, maat_inst->logger); } return ret; @@ -1050,10 +1022,10 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, int table_id, static int flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, - int phy_table_id, int attribute_id, struct maat_state *state) + int table_id, int attribute_id, struct maat_state *state) { enum table_type table_type = - table_manager_get_table_type(tbl_mgr, phy_table_id); + table_manager_get_table_type(tbl_mgr, table_id); if (table_type == TABLE_TYPE_FLAG_PLUS && DISTRICT_FLAG_UNSET == state->district_flag) { return -1; @@ -1064,36 +1036,19 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, return -1; } - void *flag_rt = table_manager_get_runtime(tbl_mgr, phy_table_id); + void *flag_rt = table_manager_get_runtime(tbl_mgr, table_id); if (NULL == flag_rt) { return -1; } flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id); - void *virt_rt = NULL; - table_type = table_manager_get_table_type(tbl_mgr, attribute_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - thread_id); - } - } - int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt, thread_id, flag, attribute_id, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } - if (virt_rt != NULL) { - //Note: object_hit_cnt is equivalent to item_hit_cnt - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - thread_id, object_hit_cnt); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id); - } - flag_runtime_hit_times_inc((struct flag_runtime *)flag_rt, thread_id); return object_hit_cnt; @@ -1101,11 +1056,11 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, static int interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, - int phy_table_id, int attribute_id, struct maat_state *state) + int table_id, int attribute_id, struct maat_state *state) { enum table_type table_type = - table_manager_get_table_type(tbl_mgr, phy_table_id); + table_manager_get_table_type(tbl_mgr, table_id); if (table_type == TABLE_TYPE_INTERVAL_PLUS && DISTRICT_FLAG_UNSET == state->district_flag) { return -1; @@ -1116,36 +1071,19 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, return -1; } - void *interval_rt = table_manager_get_runtime(tbl_mgr, phy_table_id); + void *interval_rt = table_manager_get_runtime(tbl_mgr, table_id); if (NULL == interval_rt) { return -1; } interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id); - void *virt_rt = NULL; - table_type = table_manager_get_table_type(tbl_mgr, attribute_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - thread_id); - } - } - int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt, thread_id, integer, attribute_id, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } - if (virt_rt != NULL) { - //Note: object_hit_cnt is equivalent to item_hit_cnt - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - thread_id, object_hit_cnt); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id); - } - interval_runtime_hit_times_inc((struct interval_runtime *)interval_rt, thread_id); return object_hit_cnt; @@ -1153,45 +1091,28 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, static int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, - int port, int phy_table_id, int attribute_id, struct maat_state *state) + int port, int table_id, int attribute_id, struct maat_state *state) { enum table_type table_type = - table_manager_get_table_type(tbl_mgr, phy_table_id); + table_manager_get_table_type(tbl_mgr, table_id); if (table_type != TABLE_TYPE_IP) { return -1; } - void *ip_rt = table_manager_get_runtime(tbl_mgr, phy_table_id); + void *ip_rt = table_manager_get_runtime(tbl_mgr, table_id); if (NULL == ip_rt) { return -1; } ip_runtime_scan_times_inc(ip_rt, thread_id); - void *virt_rt = NULL; - table_type = table_manager_get_table_type(tbl_mgr, attribute_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - thread_id); - } - } - int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4, (uint8_t *)&ip_addr, port, attribute_id, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } - if (virt_rt != NULL) { - //Note: object_hit_cnt is equivalent to item_hit_cnt - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - thread_id, object_hit_cnt); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id); - } - ip_runtime_hit_times_inc((struct ip_runtime *)ip_rt, thread_id); return object_hit_cnt; @@ -1199,45 +1120,28 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, static int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, - int port, int phy_table_id, int attribute_id, struct maat_state *state) + int port, int table_id, int attribute_id, struct maat_state *state) { enum table_type table_type = - table_manager_get_table_type(tbl_mgr, phy_table_id); + table_manager_get_table_type(tbl_mgr, table_id); if (table_type != TABLE_TYPE_IP) { return -1; } - void *ip_rt = table_manager_get_runtime(tbl_mgr, phy_table_id); + void *ip_rt = table_manager_get_runtime(tbl_mgr, table_id); if (NULL == ip_rt) { return -1; } ip_runtime_scan_times_inc(ip_rt, thread_id); - void *virt_rt = NULL; - table_type = table_manager_get_table_type(tbl_mgr, attribute_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - thread_id); - } - } - int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, ip_addr, port, attribute_id, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } - if (virt_rt != NULL) { - //Note: object_hit_cnt is equivalent to item_hit_cnt - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - thread_id, object_hit_cnt); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id); - } - ip_runtime_hit_times_inc((struct ip_runtime *)ip_rt, thread_id); return object_hit_cnt; @@ -1245,11 +1149,11 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, static int string_scan(struct table_manager *tbl_mgr, int thread_id, - const char *data, size_t data_len, int phy_table_id, + const char *data, size_t data_len, int table_id, int attribute_id, struct maat_state *state) { enum table_type table_type = - table_manager_get_table_type(tbl_mgr, phy_table_id); + table_manager_get_table_type(tbl_mgr, table_id); if (table_type == TABLE_TYPE_EXPR_PLUS && DISTRICT_FLAG_UNSET == state->district_flag) { return -1; @@ -1260,25 +1164,13 @@ string_scan(struct table_manager *tbl_mgr, int thread_id, return -1; } - void *expr_rt = table_manager_get_runtime(tbl_mgr, phy_table_id); + void *expr_rt = table_manager_get_runtime(tbl_mgr, table_id); if (NULL == expr_rt) { return -1; } expr_runtime_scan_times_inc(expr_rt, thread_id); expr_runtime_scan_bytes_add(expr_rt, thread_id, data_len); - - void *virt_rt = NULL; - table_type = table_manager_get_table_type(tbl_mgr, attribute_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - thread_id); - attribute_runtime_scan_bytes_add((struct attribute_runtime *)virt_rt, - thread_id, data_len); - } - } int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt, thread_id, data, data_len, @@ -1287,13 +1179,6 @@ string_scan(struct table_manager *tbl_mgr, int thread_id, return object_hit_cnt; } - if (virt_rt != NULL) { - //Note: object_hit_cnt is equivalent to item_hit_cnt - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - thread_id, object_hit_cnt); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id); - } - expr_runtime_hit_times_inc((struct expr_runtime *)expr_rt, thread_id); return object_hit_cnt; @@ -1320,11 +1205,11 @@ object_to_rule(struct maat *maat_inst, long long *results, size_t n_result, results, n_result, state); } -int maat_scan_flag(struct maat *maat_inst, int table_id, +int maat_scan_flag(struct maat *maat_inst, int attribute_id, long long flag, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { return MAAT_SCAN_ERR; @@ -1342,21 +1227,16 @@ int maat_scan_flag(struct maat *maat_inst, int table_id, return MAAT_SCAN_OK; } - int attribute_id = table_id; - int phy_table_id = table_id; enum table_type table_type = TABLE_TYPE_INVALID; - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id); - } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); - if (phy_table_id < 0) { + if (table_id < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; } - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, phy_table_id); + table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); if (table_type != TABLE_TYPE_FLAG && table_type != TABLE_TYPE_FLAG_PLUS) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1364,7 +1244,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id, alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag, - phy_table_id, attribute_id, state); + table_id, attribute_id, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1383,7 +1263,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id, sum_hit_rule_cnt); } - void *flag_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id); + void *flag_rt = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); assert(flag_rt != NULL); if (1 == maat_inst->opts.perf_on) { @@ -1404,11 +1284,11 @@ int maat_scan_flag(struct maat *maat_inst, int table_id, } } -int maat_scan_integer(struct maat *maat_inst, int table_id, +int maat_scan_integer(struct maat *maat_inst, int attribute_id, long long integer, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { return MAAT_SCAN_ERR; @@ -1426,21 +1306,16 @@ int maat_scan_integer(struct maat *maat_inst, int table_id, return MAAT_SCAN_OK; } - int attribute_id = table_id; - int phy_table_id = table_id; enum table_type table_type = TABLE_TYPE_INVALID; - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id); - } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); - if (phy_table_id < 0) { + if (table_id < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; } - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, phy_table_id); + table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); if (table_type != TABLE_TYPE_INTERVAL && table_type != TABLE_TYPE_INTERVAL_PLUS) { maat_inst->stat->scan_err_cnt++; @@ -1449,7 +1324,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id, alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer, - phy_table_id, attribute_id, state); + table_id, attribute_id, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1468,7 +1343,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id, sum_hit_rule_cnt); } - void *interval_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id); + void *interval_rt = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); assert(interval_rt != NULL); if (1 == maat_inst->opts.perf_on) { @@ -1489,11 +1364,11 @@ int maat_scan_integer(struct maat *maat_inst, int table_id, } } -int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr, +int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_addr, int port, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { return MAAT_SCAN_ERR; @@ -1511,21 +1386,16 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr, return MAAT_SCAN_OK; } - int attribute_id = table_id; - int phy_table_id = table_id; enum table_type table_type = TABLE_TYPE_INVALID; - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id); - } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); - if (phy_table_id < 0) { + if (table_id < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; } - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, phy_table_id); + table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); if (table_type != TABLE_TYPE_IP) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1533,7 +1403,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr, alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port, - phy_table_id, attribute_id, state); + table_id, attribute_id, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1552,7 +1422,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr, sum_hit_rule_cnt); } - void *ip_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id); + void *ip_rt = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); assert(ip_rt != NULL); if (1 == maat_inst->opts.perf_on) { @@ -1573,11 +1443,11 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr, } } -int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr, +int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_addr, int port, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == ip_addr) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { return MAAT_SCAN_ERR; @@ -1595,21 +1465,16 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr, return MAAT_SCAN_OK; } - int attribute_id = table_id; - int phy_table_id = table_id; enum table_type table_type = TABLE_TYPE_INVALID; - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id); - } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); - if (phy_table_id < 0) { + if (table_id < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; } - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, phy_table_id); + table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); if (table_type != TABLE_TYPE_IP) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1617,7 +1482,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr, alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port, - phy_table_id, attribute_id, state); + table_id, attribute_id, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1636,7 +1501,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr, sum_hit_rule_cnt); } - void *ip_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id); + void *ip_rt = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); assert(ip_rt != NULL); if (1 == maat_inst->opts.perf_on) { @@ -1658,28 +1523,28 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr, } #define PORT_IGNORED -1 -inline int maat_scan_ipv6(struct maat *instance, int table_id, uint8_t *ip_addr, +inline int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_addr, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - return maat_scan_ipv6_port(instance, table_id, ip_addr, PORT_IGNORED, + return maat_scan_ipv6_port(instance, attribute_id, ip_addr, PORT_IGNORED, results, n_result, n_hit_result, state); } -inline int maat_scan_ipv4(struct maat *instance, int table_id, uint32_t ip_addr, +inline int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_addr, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - return maat_scan_ipv4_port(instance, table_id, ip_addr, PORT_IGNORED, + return maat_scan_ipv4_port(instance, attribute_id, ip_addr, PORT_IGNORED, results, n_result, n_hit_result, state); } -int maat_scan_string(struct maat *maat_inst, int table_id, +int maat_scan_string(struct maat *maat_inst, int attribute_id, const char *data, size_t data_len, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == data) || (0 == data_len) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { @@ -1698,21 +1563,16 @@ int maat_scan_string(struct maat *maat_inst, int table_id, return MAAT_SCAN_OK; } - int attribute_id = table_id; - int phy_table_id = table_id; enum table_type table_type = TABLE_TYPE_INVALID; - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id); - } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); - if (phy_table_id < 0) { + if (table_id < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; } - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, phy_table_id); + table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); if (table_type != TABLE_TYPE_EXPR && table_type != TABLE_TYPE_EXPR_PLUS) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1720,7 +1580,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id, alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data, - data_len, phy_table_id, attribute_id, state); + data_len, table_id, attribute_id, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1739,7 +1599,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id, sum_hit_rule_cnt); } - void *expr_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id); + void *expr_rt = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); assert(expr_rt != NULL); if (1 == maat_inst->opts.perf_on) { @@ -1760,7 +1620,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id, } } -static void maat_state_add_hit_object(struct maat_state *state, int table_id, +static void maat_state_add_hit_object(struct maat_state *state, int attribute_id, struct maat_hit_object *objects, size_t n_object) { struct maat *maat_inst = state->maat_inst; @@ -1787,13 +1647,13 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id, hit_items[i].object_id = objects[i].object_id; } - rule_compile_state_update(state->rule_compile_state, maat_inst, table_id, + rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_id, state->rule_table_id, state->Nth_scan, hit_items, n_hit_item); } static void -maat_state_activate_hit_not_object(struct maat_state *state, int table_id) +maat_state_activate_hit_not_object(struct maat_state *state, int attribute_id) { if (NULL == state) { return; @@ -1818,15 +1678,15 @@ maat_state_activate_hit_not_object(struct maat_state *state, int table_id) } rule_compile_state_not_logic_update(state->rule_compile_state, rule_rt, maat_inst, - table_id, state->Nth_scan); + attribute_id, state->Nth_scan); } -int maat_scan_object(struct maat *maat_inst, int table_id, +int maat_scan_object(struct maat *maat_inst, int attribute_id, struct maat_hit_object *objects, size_t n_object, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == objects) || (0 == n_object) || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { @@ -1840,26 +1700,17 @@ int maat_scan_object(struct maat *maat_inst, int table_id, return MAAT_SCAN_OK; } - int attribute_id = table_id; - enum table_type table_type = TABLE_TYPE_INVALID; - - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - void *virt_rt = table_manager_get_runtime(maat_inst->tbl_mgr, attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - state->thread_id); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, - state->thread_id); - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - state->thread_id, n_object); - } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); + + if (table_id < 0) { + maat_inst->stat->scan_err_cnt++; + return MAAT_SCAN_ERR; } maat_runtime_ref_inc(maat_rt, state->thread_id); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); - maat_state_add_hit_object(state, table_id, objects, n_object); + maat_state_add_hit_object(state, attribute_id, objects, n_object); size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state); *n_hit_result = hit_rule_cnt; @@ -1873,11 +1724,11 @@ int maat_scan_object(struct maat *maat_inst, int table_id, return MAAT_SCAN_OK; } -int maat_scan_not_logic(struct maat *maat_inst, int table_id, +int maat_scan_not_logic(struct maat *maat_inst, int attribute_id, long long *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == results) || (0 == n_result) || (NULL == n_hit_result) || (NULL == state) || (state->thread_id < 0)) { return -1; @@ -1895,7 +1746,7 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id, maat_runtime_ref_inc(maat_rt, state->thread_id); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); - maat_state_activate_hit_not_object(state, table_id); + maat_state_activate_hit_not_object(state, attribute_id); size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state); *n_hit_result = hit_rule_cnt; @@ -1909,10 +1760,10 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id, return MAAT_SCAN_OK; } -struct maat_stream *maat_stream_new(struct maat *maat_inst, int table_id, +struct maat_stream *maat_stream_new(struct maat *maat_inst, int attribute_id, struct maat_state *state) { - if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM || + if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM || (NULL == state) || (state->thread_id < 0)) { return NULL; } @@ -1921,31 +1772,25 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int table_id, stream->ref_maat_inst = maat_inst; stream->last_full_version = maat_inst->last_full_version; stream->thread_id = state->thread_id; - stream->phy_table_id = table_id; - stream->attribute_id = table_id; + stream->table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); + stream->attribute_id = attribute_id; stream->logger = maat_inst->logger; enum table_type table_type = TABLE_TYPE_INVALID; - - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - stream->phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, - table_id); - } - if (stream->phy_table_id < 0) { - return NULL; + if (stream->table_id < 0) { + goto error; } table_type = table_manager_get_table_type(maat_inst->tbl_mgr, - stream->phy_table_id); + stream->table_id); if (table_type != TABLE_TYPE_EXPR && table_type != TABLE_TYPE_EXPR_PLUS) { - return NULL; + goto error; } void *expr_rt = table_manager_get_runtime(stream->ref_maat_inst->tbl_mgr, - stream->phy_table_id); + stream->table_id); assert(expr_rt != NULL); stream->expr_rt_version = expr_runtime_get_version(expr_rt); @@ -1977,7 +1822,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data, enum table_type table_type = TABLE_TYPE_INVALID; struct table_manager *tbl_mgr = stream->ref_maat_inst->tbl_mgr; - table_type = table_manager_get_table_type(tbl_mgr, stream->phy_table_id); + table_type = table_manager_get_table_type(tbl_mgr, stream->table_id); if (table_type == TABLE_TYPE_EXPR_PLUS && DISTRICT_FLAG_UNSET == state->district_flag) { return -1; @@ -1992,31 +1837,12 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data, expr_runtime_stream_scan_bytes_add(stream->expr_rt_stream, stream->thread_id, data_len); - void *virt_rt = NULL; - table_type = table_manager_get_table_type(tbl_mgr, stream->attribute_id); - if (table_type == TABLE_TYPE_ATTRIBUTE) { - virt_rt = table_manager_get_runtime(tbl_mgr, stream->attribute_id); - if (virt_rt != NULL) { - attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt, - stream->thread_id); - attribute_runtime_scan_bytes_add((struct attribute_runtime *)virt_rt, - stream->thread_id, data_len); - } - } - int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data, data_len, stream->attribute_id, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } - if (virt_rt != NULL) { - //Note: object_hit_cnt is equivalent to item_hit_cnt - attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt, - stream->thread_id, object_hit_cnt); - attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, stream->thread_id); - } - expr_runtime_stream_hit_times_inc(stream->expr_rt_stream, stream->thread_id); return object_hit_cnt; @@ -2044,7 +1870,7 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data } void *expr_rt = table_manager_get_runtime(maat_inst->tbl_mgr, - maat_stream->phy_table_id); + maat_stream->table_id); assert(expr_rt != NULL); long long cur_expr_rt_version = expr_runtime_get_version(expr_rt); @@ -2096,7 +1922,7 @@ void maat_stream_free(struct maat_stream *maat_stream) struct maat *maat_inst = maat_stream->ref_maat_inst; void *expr_rt = table_manager_get_runtime(maat_inst->tbl_mgr, - maat_stream->phy_table_id); + maat_stream->table_id); assert(expr_rt != NULL); long long cur_expr_rt_version = expr_runtime_get_version(expr_rt); @@ -2183,7 +2009,7 @@ void maat_state_free(struct maat_state *state) thread_id, sizeof(struct maat_state)); } -int maat_state_set_scan_district(struct maat_state *state, int table_id, +int maat_state_set_scan_district(struct maat_state *state, int attribute_id, const char *district, size_t district_len) { if (NULL == state || NULL == district || 0 == district_len) { @@ -2197,23 +2023,24 @@ int maat_state_set_scan_district(struct maat_state *state, int table_id, return -1; } + int table_id = table_manager_attribute_get_table_id(maat_inst->tbl_mgr, attribute_id); + + if (table_id < 0) { + maat_inst->stat->scan_err_cnt++; + return MAAT_SCAN_ERR; + } + enum table_type table_type = TABLE_TYPE_INVALID; table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); if (table_type != TABLE_TYPE_FLAG_PLUS && table_type != TABLE_TYPE_EXPR_PLUS && - table_type != TABLE_TYPE_INTERVAL_PLUS && table_type != TABLE_TYPE_ATTRIBUTE) { + table_type != TABLE_TYPE_INTERVAL_PLUS) { return -1; } - int phy_table_id = table_id; - if (table_type == TABLE_TYPE_ATTRIBUTE) { - phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id); - } - int ret = -1; long long district_id = DISTRICT_UNKNOWN; - table_type = table_manager_get_table_type(maat_inst->tbl_mgr, phy_table_id); - void *runtime = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id); + void *runtime = table_manager_get_runtime(maat_inst->tbl_mgr, table_id); assert(runtime != NULL); switch (table_type) { diff --git a/src/maat_attribute.c b/src/maat_attribute.c index 693c0a9..fcd033f 100644 --- a/src/maat_attribute.c +++ b/src/maat_attribute.c @@ -246,18 +246,3 @@ long long attribute_runtime_hit_item_num(void *attribute_runtime) return sum; } - -int attribute_get_physical_table_id(struct table_manager *tbl_mgr, int table_id) -{ - enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id); - - if (table_type != TABLE_TYPE_ATTRIBUTE) { - return -1; - } - - // find physical table id - struct attribute_schema *attribute_schema = table_manager_get_schema(tbl_mgr, table_id); - assert(attribute_schema != NULL); - - return attribute_schema->physical_table_id; -} \ No newline at end of file diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index 1d9a04c..1751073 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -20,10 +20,8 @@ #define MODULE_BOOL_PLUGIN module_name_str("maat.bool_plugin") struct bool_plugin_schema { - int item_id_column; - int bool_expr_column; - int rule_tag_column; int gc_timeout_s; + char key_name[MAX_NAME_STR_LEN]; struct ex_container_schema container_schema; int table_id; struct table_manager *ref_tbl_mgr; @@ -68,32 +66,16 @@ void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->item_id_column = custom_item->valueint; + custom_item = cJSON_GetObjectItem(item, "key_name"); + if (custom_item != NULL && custom_item->type == cJSON_String) { + strncpy(schema->key_name, custom_item->valuestring, sizeof(schema->key_name) - 1); } else { log_fatal(logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> schema has no item_id column", + "[%s:%d] bool_plugin table:<%s> schema has no key_name column", __FUNCTION__, __LINE__, table_name); goto error; } - custom_item = cJSON_GetObjectItem(item, "bool_expr"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->bool_expr_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> schema has no bool_expr column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - // rule_tag is optional - custom_item = cJSON_GetObjectItem(item, "rule_tag"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->rule_tag_column = custom_item->valueint; - } - //gc_timeout_s is optional custom_item = cJSON_GetObjectItem(item, "gc_timeout_s"); if (custom_item != NULL && custom_item->type == cJSON_Number) { @@ -240,12 +222,12 @@ static int bool_plugin_runtime_update_row(struct bool_plugin_runtime *bool_plugin_rt, const char *table_name, const char *row, const char *key, size_t key_len, - struct bool_expr *expr, int is_valid) + struct bool_expr *expr, enum maat_operation op) { int ret = -1; struct ex_data_runtime *ex_data_rt = bool_plugin_rt->ex_data_rt; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { // delete ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); if (ret < 0) { @@ -271,44 +253,37 @@ bool_plugin_runtime_update_row(struct bool_plugin_runtime *bool_plugin_rt, static int bool_plugin_accept_tag_match(struct bool_plugin_schema *schema, - const char *table_name, const char *line, + const char *table_name, const cJSON *json, struct log_handle *logger) { - size_t column_offset = 0; - size_t column_len = 0; size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); + cJSON *tmp_obj = NULL; - if (schema->rule_tag_column > 0 && n_tag > 0) { - int ret = get_column_pos(line, schema->rule_tag_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "tag"); + if (tmp_obj && n_tag > 0) { + if (tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> has no rule_tag" + "[%s:%d] bool_plugin table:<%s> has invalid tag format" " in line:%s", __FUNCTION__, __LINE__, table_name, - line); + cJSON_Print(json)); return TAG_MATCH_ERR; } - if (column_len > 2) { - char *tag_str = ALLOC(char, column_len + 1); - memcpy(tag_str, (line + column_offset), column_len); - ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); - FREE(tag_str); - if (TAG_MATCH_ERR == ret) { - log_fatal(logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> has invalid " - "tag format in line:%s", __FUNCTION__, __LINE__, - table_name, line); - return TAG_MATCH_ERR; - } + int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tmp_obj->valuestring); + if (TAG_MATCH_ERR == ret) { + log_fatal(logger, MODULE_BOOL_PLUGIN, + "[%s:%d] bool_plugin table:<%s> has invalid tag" + " in line:%s", __FUNCTION__, __LINE__, table_name, + cJSON_Print(json)); + return TAG_MATCH_ERR; + } - if (TAG_MATCH_UNMATCHED == ret) { - log_fatal(logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> has unmatched tag" - " in line:%s", __FUNCTION__, __LINE__, table_name, - line); - return TAG_MATCH_UNMATCHED; - } + if (TAG_MATCH_UNMATCHED == ret) { + log_fatal(logger, MODULE_BOOL_PLUGIN, + "[%s:%d] bool_plugin table:<%s> has unmatched tag" + " in line:%s", __FUNCTION__, __LINE__, table_name, + cJSON_Print(json)); + return TAG_MATCH_UNMATCHED; } } @@ -317,44 +292,41 @@ bool_plugin_accept_tag_match(struct bool_plugin_schema *schema, static struct bool_expr * bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, - const char *line, struct log_handle *logger) + const cJSON *json, struct log_handle *logger) { - int ret = bool_plugin_accept_tag_match(schema, table_name, line, logger); + int ret = bool_plugin_accept_tag_match(schema, table_name, json, logger); if (ret == TAG_MATCH_UNMATCHED) { return NULL; } - size_t column_offset = 0; - size_t column_len = 0; size_t n_item = 0; char expr_buffer[BUFSIZ + 1] = {0}; unsigned long long items[MAX_ITEMS_PER_BOOL_EXPR] = {0}; char *token = NULL, *sub_token = NULL, *saveptr; struct bool_expr *bool_expr = ALLOC(struct bool_expr, 1); + cJSON *tmp_obj = NULL; - ret = get_column_pos(line, schema->item_id_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " - "no item_id in line:%s", __FUNCTION__, - __LINE__, table_name, line); + "no key_name %s or invalid format in line:%s", __FUNCTION__, + __LINE__, table_name, schema->key_name, cJSON_Print(json)); goto error; } - bool_expr->expr_id = atoll(line + column_offset); + bool_expr->expr_id = atoll(tmp_obj->valuestring); - ret = get_column_pos(line, schema->bool_expr_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "bool_expr"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " - "no bool_expr in line:%s", __FUNCTION__, - __LINE__, table_name, line); + "no bool_expr or invalid format in line:%s", __FUNCTION__, + __LINE__, table_name, cJSON_Print(json)); goto error; } memset(expr_buffer, 0, sizeof(expr_buffer)); - memcpy(expr_buffer, line + column_offset, column_len); + memcpy(expr_buffer, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); for (token = expr_buffer; ; token = NULL) { sub_token = strtok_r(token, "&", &saveptr); if (NULL == sub_token) { @@ -367,7 +339,7 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, log_fatal(logger, MODULE_BOOL_PLUGIN, "[%s:%d] bool_plugin table:<%s> has " "invalid format of bool_expr in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } } @@ -394,7 +366,7 @@ void bool_plugin_expr_free(void *bool_expr) int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_schema, const char *table_name, - const char *line, int valid_column) + const char *line, enum maat_operation op) { if (NULL == bool_plugin_runtime || NULL == bool_plugin_schema || NULL == line) { @@ -408,64 +380,72 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime, struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime; - size_t item_id_offset = 0, item_id_len = 0; + int ret = 0; + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + if (NULL == json) { log_fatal(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> has no " - "is_valid(column seq:%d) in table_line:%s", - __FUNCTION__, __LINE__, table_name, - valid_column, line); + "[%s:%d] bool_plugin table:<%s> has invalid json format" + " in table_line:%s", __FUNCTION__, __LINE__, table_name, line); bool_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } - int ret = get_column_pos(line, schema->item_id_column, - &item_id_offset, &item_id_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, - "[%s:%d] bool_plugin table:<%s> has no item_id(column seq:%d)" + "[%s:%d] bool_plugin table:<%s> has no key_name(field:%s) or invalid format" " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->item_id_column, line); + schema->key_name, line); bool_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } if (1 == schema->container_schema.set_flag) { - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { // add - bool_expr = bool_plugin_expr_new(schema, table_name, line, + bool_expr = bool_plugin_expr_new(schema, table_name, json, bool_plugin_rt->logger); if (NULL == bool_expr) { bool_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } } - const char *key = line + item_id_offset; - size_t key_len = item_id_len; + const char *key = tmp_obj->valuestring; + size_t key_len = strlen(key); ret = bool_plugin_runtime_update_row(bool_plugin_rt, table_name, line, - key, key_len, bool_expr, is_valid); + key, key_len, bool_expr, op); if (ret < 0) { log_fatal(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, "[%s:%d]bool_plugin table:<%s> update one line failed, " "line:%s", __FUNCTION__, __LINE__, table_name, line); bool_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } log_debug(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, "bool_plugin table:<%s> update one line, key:%s, key_len:%zu," - " is_valid:%d", table_name, key, key_len, is_valid); + " maat_op:%d", table_name, key, key_len, op); } else { //ex_schema not set - ex_data_runtime_cache_row_put(bool_plugin_rt->ex_data_rt, line); + ex_data_runtime_cache_row_put(bool_plugin_rt->ex_data_rt, line, op); bool_plugin_rt->rule_num = ex_data_runtime_cached_row_count(bool_plugin_rt->ex_data_rt); } return 0; + +ERROR: + if (json != NULL) { + cJSON_Delete(json); + } + if (bool_expr != NULL) { + bool_plugin_expr_free(bool_expr); + } + + return -1; } void garbage_bool_matcher_free(void *matcher, void *arg) diff --git a/src/maat_command.c b/src/maat_command.c index 8a76b49..b093cb7 100644 --- a/src/maat_command.c +++ b/src/maat_command.c @@ -265,7 +265,8 @@ int maat_wrap_redis_get_reply(redisContext *c, redisReply **reply) } int maat_cmd_set_line(struct maat *maat_inst, - const struct maat_cmd_line *line_rule) + const struct maat_cmd_line *line_rule, + enum maat_operation op) { int ret = 0; long long absolute_expire_time = 0; @@ -292,36 +293,12 @@ int maat_cmd_set_line(struct maat *maat_inst, FREE(s_rule); return -1; } - - int valid_column = table_manager_get_valid_column(maat_inst->tbl_mgr, - table_id); - if (valid_column < 0) { - log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND, - "[%s:%d] Command set line id %lld failed: " - "table %s is not a plugin or ip_plugin table", - __FUNCTION__, __LINE__, line_rule->rule_id, - line_rule->table_name); - FREE(s_rule); - return -1; - } - - int valid_offset = maat_get_valid_flag_offset(line_rule->table_line, - valid_column); - if (valid_offset < 0) { - log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND, - "[%s:%d] Command set line id %lld failed: " - "table %s valid_offset error", __FUNCTION__, __LINE__, - line_rule->rule_id, line_rule->table_name); - FREE(s_rule); - return -1; - } - - int is_valid = atoi(line_rule->table_line + valid_offset); + if (line_rule->expire_after > 0) { absolute_expire_time = server_time + line_rule->expire_after; } - maat_set_serial_rule(s_rule, (enum maat_operation)is_valid, + maat_set_serial_rule(s_rule, op, line_rule->rule_id, line_rule->table_name, line_rule->table_line, absolute_expire_time); diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 4c6154c..55aad62 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -16,9 +16,7 @@ #include #include -#include "maat_utils.h" #include "maat_core.h" -#include "json2iris.h" #include "maat_config_monitor.h" #define MODULE_CONFIG_MONITOR module_name_str("maat.config_monitor") @@ -32,162 +30,6 @@ struct cm_table_info_t { char encrypt_algo[NAME_MAX]; }; -static int cm_read_cfg_index_file(const char *path, struct cm_table_info_t *idx, - int size, struct log_handle *logger) -{ - int ret = 0; - int i = 0; - char line[MAX_CONFIG_LINE]; - struct stat file_info; - - FILE* fp = fopen(path,"r"); - while (!feof(fp)) { - memset(line, 0, sizeof(line)); - fgets(line, sizeof(line), fp); - ret = sscanf(line, "%s\t%d\t%s\t%s", idx[i].table_name, - &(idx[i].cfg_num), idx[i].cfg_path, idx[i].encrypt_algo); - - //jump over empty line - if (!(ret == 3 || ret == 4) || idx[i].cfg_num == 0) { - continue; - } - - ret = stat(idx[i].cfg_path, &file_info); - if (ret != 0) { - log_fatal(logger, MODULE_CONFIG_MONITOR, "%s of %s not exist", - idx[i].cfg_path, path); - fclose(fp); - return -1; - } - - i++; - if (i == size) { - log_fatal(logger, MODULE_CONFIG_MONITOR, "Too much lines in %s", path); - break; - } - } - fclose(fp); - - return i; -} - -static const char *path2filename(const char *path) -{ - int i = 0; - for (i = strlen(path);i > 0;i--) { - if (path[i]=='/') { - break; - } - } - return path + i + 1; -} - -static char *read_nxt_line_from_buff(const char *buff, size_t buff_size, - size_t *offset, char *line, int line_size) -{ - int this_offset=0; - const char* p; - - //search for CRLF, aka CR '\r'(old Mac), LF '\n'(UNIX) or CRLF"\r\n" (Windows) - p = (const char *)memchr(buff + *offset, '\n', buff_size - *offset); - if (p == NULL) { // NOT "\n" or "\r\n" - p = (const char *)memchr(buff + *offset, '\r', buff_size - *offset); - } - - if (p != NULL) { //point to next character - p++; - } else { //Treat rest buff has no CRLF as a line. - p = buff + buff_size; - } - - this_offset = p - (buff + *offset); - memcpy(line, buff + *offset, MIN(this_offset, line_size - 1)); - - *offset += this_offset; - line[MIN(this_offset, line_size - 1)] = '\0'; - - return line; -} - -static int cm_read_table_file(struct cm_table_info_t *index, - int (*update_fn)(const char *, const char *, void *), - void *u_param, const char *dec_key, - struct log_handle *logger) -{ - int ret = 0; - size_t file_sz = 0; - char *file_buff = NULL; - char error_string[NAME_MAX]; - - if (strlen(index->encrypt_algo) > 0) { - //JSON file has been encrypted - if (NULL == dec_key || 0 == strlen(dec_key)) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "update error, no key to decrypt %s.", - index->cfg_path); - return -1; - } - - ret = decrypt_open(index->cfg_path, dec_key, index->encrypt_algo, - (unsigned char**)&file_buff, &file_sz, error_string, - sizeof(error_string)); - if (ret < 0) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "update error, decrypt %s failed: %s", - index->cfg_path, error_string); - return -1; - } - } else { - // not encrypted - ret = load_file_to_memory(index->cfg_path, (unsigned char**)&file_buff, &file_sz); - if (ret < 0) { - log_fatal(logger, MODULE_CONFIG_MONITOR, "[%s:%d] open %s failed.", - __FUNCTION__, __LINE__, index->cfg_path); - return -1; - } - } - - size_t file_offset = 0; - char line[MAX_CONFIG_LINE] = {0}; - read_nxt_line_from_buff(file_buff, file_sz, &file_offset, line, sizeof(line)); - int cfg_num = 0; - sscanf(line, "%d\n", &cfg_num); - - if(cfg_num != index->cfg_num) { - FREE(file_buff); - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] file %s config num not matched", - __FUNCTION__, __LINE__, index->cfg_path); - return -1; - } - - for (int i = 0; i < cfg_num; i++) { - line[sizeof(line) - 1] = '\0'; - - char *ret_str = read_nxt_line_from_buff(file_buff, file_sz, &file_offset, - line, sizeof(line)); - if (ret_str == NULL) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] file %s line_num %d less than claimed %d", - __FUNCTION__, __LINE__, index->cfg_path, i, cfg_num); - break; - } - - if(line[sizeof(line) - 1] != '\0') { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] line size more than %u at of file %s:%d", - __FUNCTION__, __LINE__, sizeof(line), index->cfg_path, i); - continue; - } - - update_fn(index->table_name, line, u_param); - } - - FREE(file_buff); - - return 0; -} - //replacement of glibc scandir, to adapt dictator malloc wrap #define ENLARGE_STEP 1024 int my_scandir(const char *dir, struct dirent ***namelist, @@ -243,176 +85,140 @@ int my_scandir(const char *dir, struct dirent ***namelist, return num; } -static int filter_fn(const struct dirent *ent) +static void config_load_json_content(const cJSON *json_root, const char *table_name, const char *key, void *u_param, + int (*update_fn)(const char *, const char *, void *, enum maat_operation)) { - return (strncmp(ent->d_name,"full_config_index",strlen("full_config_index")) == 0 || - strncmp(ent->d_name,"inc_config_index",strlen("inc_config_index")) == 0); + cJSON *tmp_item = NULL; + cJSON *array_item = NULL; + int i; + + tmp_item = cJSON_GetObjectItem(json_root, table_name); + array_item = cJSON_GetObjectItem(json_root, key); + if (array_item != NULL) { + for (i = 0; i < cJSON_GetArraySize(tmp_item); i++) { + cJSON *rule = cJSON_GetArrayItem(tmp_item, i); + if (rule == NULL) { + continue; + } + + char *rule_str = cJSON_PrintUnformatted(rule); + if (rule_str == NULL) { + continue; + } + + update_fn(tmp_item->valuestring, rule_str, u_param, MAAT_OP_ADD); + FREE(rule_str); + } + } } -static int get_new_idx_path(long long current_version, const char *file_dir, - char ***idx_path, size_t *idx_num, - struct log_handle *logger) -{ - struct dirent **namelist = NULL; - int update_type = MAAT_UPDATE_TYPE_INVALID; - - int n = my_scandir(file_dir, &namelist, filter_fn, - (int (*)(const void*, const void*))alphasort); - if (n < 0) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] scan dir error", __FUNCTION__, __LINE__); - return update_type; - } - - int i = 0; - int full_file_idx = 0; - int *inc_file_idx = ALLOC(int, n); - int inc_idx_num = 0; - long long latest_inc_version = 0; - long long latest_full_version = 0; - - for (i = 0; i < n; i++) { - long long config_seq = 0; - char update_str[32] = {0}; - - if ((strcmp(namelist[i]->d_name, ".") == 0) || - (strcmp(namelist[i]->d_name, "..") == 0)) { - continue; - } - - if (strlen(namelist[i]->d_name) > 42) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] config file %s filename too long, should like" - " full_config_index.000000000001", - __FUNCTION__, __LINE__, namelist[i]->d_name); - continue; - } - - int ret = sscanf(namelist[i]->d_name,"%[a-zA-Z]_config_index.%lld", - update_str, &config_seq); - if (ret != 2) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] config file %s filename error, should like" - " full_config_index.000000000001", - __FUNCTION__, __LINE__, namelist[i]->d_name); - continue; - } - - if (strncasecmp(update_str, "full", strlen(update_str)) == 0) { - if (config_seq > latest_full_version) { - latest_full_version = config_seq; - full_file_idx = i; - } - } else if(strncasecmp(update_str,"inc",strlen(update_str))==0) { - if (config_seq > current_version) { - inc_file_idx[inc_idx_num] = i; - inc_idx_num++; - if (config_seq > latest_inc_version) { - latest_inc_version = config_seq; - } - } - } else { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] config file %s, not full or inc config", - __FUNCTION__, __LINE__, namelist[i]->d_name); - } - } - - size_t path_len = 0; - //full update - if (latest_full_version > current_version) { - *idx_path = (char **)malloc(sizeof(char **)); - path_len = strlen(file_dir) + strlen(namelist[full_file_idx]->d_name) + 1 + 1; - (*idx_path)[0] = (char *)malloc(path_len); - snprintf((*idx_path)[0], path_len, "%s/%s", file_dir, - namelist[full_file_idx]->d_name); - *idx_num = 1; - update_type = MAAT_UPDATE_TYPE_FULL; - } else if (latest_inc_version > current_version) { - /* Inc update, it's possible that do inc after Full update, - but we'll process it at next loop. - */ - *idx_path = (char **)malloc(sizeof(char **) * inc_idx_num); - for (i = 0; i < inc_idx_num; i++) { - path_len = strlen(file_dir) + strlen(namelist[inc_file_idx[i]]->d_name) + 1 + 1; - (*idx_path)[i] = (char *)malloc(path_len); - snprintf((*idx_path)[i], path_len, "%s/%s", file_dir, - namelist[inc_file_idx[i]]->d_name); - } - *idx_num = inc_idx_num; - update_type = MAAT_UPDATE_TYPE_INC; - } else { - update_type = MAAT_UPDATE_TYPE_INVALID; - } - - FREE(inc_file_idx); - for (i = 0; i < n; i++) { - FREE(namelist[i]); - } - FREE(namelist); - - return update_type; -} - -void config_monitor_traverse(long long current_version, const char *idx_dir, +void config_monitor_traverse(long long current_version, const cJSON *json_root, void (*start_fn)(long long, int, void *), - int (*update_fn)(const char *, const char *, void *), + int (*update_fn)(const char *, const char *, void *, enum maat_operation), void (*finish_fn)(void *), void *u_param, const char *dec_key, struct log_handle *logger) { size_t i = 0; long long new_version = 0; - char **idx_path_array = NULL; - size_t idx_path_num = 0; - struct cm_table_info_t table_array[MAX_TABLE_NUM]; + int update_type = MAAT_UPDATE_TYPE_FULL; - memset(table_array, 0, sizeof(table_array)); - - int update_type = get_new_idx_path(current_version, idx_dir, &idx_path_array, - &idx_path_num, logger); - if (update_type != MAAT_UPDATE_TYPE_INVALID) { - for (i = 0; i < idx_path_num; i++) { - log_info(logger, MODULE_CONFIG_MONITOR, "load %s", idx_path_array[i]); - int table_num = cm_read_cfg_index_file(idx_path_array[i], table_array, - MAX_TABLE_NUM, logger); - if (table_num < 0) { - log_fatal(logger, MODULE_CONFIG_MONITOR, - "[%s:%d] load %s failed, abandon update", - __FUNCTION__, __LINE__, idx_path_array[i]); - break; - } - - char str_not_care[256] = {0}; - const char *table_filename = path2filename(idx_path_array[i]); - sscanf(table_filename, "%[a-zA-Z]_config_index.%lld", - str_not_care, &new_version); - - if (start_fn != NULL) { - start_fn(new_version, update_type, u_param); - } - - for (int j = 0; j < table_num; j++) { - cm_read_table_file(table_array + j, update_fn, u_param, dec_key, logger); - } - - if (finish_fn != NULL) { - finish_fn(u_param); - } - } - } - - for (i = 0; i < idx_path_num; i++) { - FREE(idx_path_array[i]); + if (start_fn != NULL) { + start_fn(new_version, update_type, u_param); } - FREE(idx_path_array); + cJSON *tmp_obj = NULL; + + tmp_obj = cJSON_GetObjectItem(json_root, "objects"); + if (tmp_obj != NULL) { + for (i = 0; i < cJSON_GetArraySize(tmp_obj); i++) { + cJSON *object = cJSON_GetArrayItem(tmp_obj, i); + if (object == NULL) { + continue; + } + + cJSON *regions = cJSON_GetObjectItem(object, "regions"); + if (regions == NULL) { + continue; + } + + cJSON *table_name = cJSON_GetObjectItem(object, "table_name"); + if (table_name == NULL) { + continue; + } + + cJSON *table_content = cJSON_GetObjectItem(object, "table_content"); + if (table_content == NULL) { + continue; + } + + char *table_content_str = cJSON_PrintUnformatted(table_content); + + update_fn(table_name->valuestring, table_content_str, u_param, MAAT_OP_ADD); + FREE(table_content_str); + } + } + + config_load_json_content(json_root, "object2object_table", "object_groups", u_param, update_fn); + config_load_json_content(json_root, "rule_table", "rules", u_param, update_fn); + + if (finish_fn != NULL) { + finish_fn(u_param); + } } -int load_maat_json_file(struct maat *maat_inst, const char *json_filename, - char *err_str, size_t err_str_sz) +void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff) +{ + json_root = cJSON_Parse((const char *)json_buff); + cJSON *top_objects = cJSON_GetObjectItem(json_root, "objects"); + //cJSON *object_groups = cJSON_GetObjectItem(json_root, "object_groups");//TODO: object include object in rules + cJSON *rules = cJSON_GetObjectItem(json_root, "rules"); + cJSON *tmp_rule = NULL; + long long item_id = 1; + long long object_id = 1; + char str[10]; + + cJSON_ArrayForEach(tmp_rule, rules) { + cJSON *tmp_condition = NULL; + cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "conditions"); + cJSON_ArrayForEach(tmp_condition, condition_array) { + cJSON *tmp_object = NULL; + cJSON *object_id_array = cJSON_CreateArray(); + cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects"); + cJSON_ArrayForEach(tmp_object, object_array) { + //find items, generate item_id and object_id + cJSON *table_name = cJSON_GetObjectItem(tmp_object, "table_name"); + cJSON *tmp_item = cJSON_CreateObject(); + cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring)); + cJSON *dup = cJSON_Duplicate(tmp_object, 0); + if (cJSON_GetObjectItem(dup, "item_id") == NULL) { + memset(str, 0, sizeof(str)); + snprintf(str, sizeof(str), "%lld", item_id); + cJSON_AddItemToObject(dup, "item_id", cJSON_CreateString(str)); + item_id++; + } + if (cJSON_GetObjectItem(dup, "object_id") == NULL) { + memset(str, 0, sizeof(str)); + snprintf(str, sizeof(str), "%lld", object_id); + cJSON_AddItemToObject(dup, "object_id", cJSON_CreateString(str)); + object_id++; + } + cJSON_AddItemToObject(tmp_item, "table_content", dup); + cJSON_AddItemToArray(top_objects, tmp_item); + + cJSON_AddItemToArray(object_id_array, cJSON_CreateString(str)); + } + //replace object content with object_id + cJSON_DeleteItemFromObject(tmp_condition, "objects"); + cJSON_AddItemToObject(tmp_condition, "object_ids", object_id_array); + } + + } +} + +int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, + cJSON *json_root, char *err_str, size_t err_str_sz) { int ret = 0; - struct stat fstat_buf; unsigned char *json_buff = NULL; unsigned char *decrypted_buff = NULL; unsigned char *uncompressed_buff = NULL; @@ -466,29 +272,9 @@ int load_maat_json_file(struct maat *maat_inst, const char *json_filename, return -1; } } - - ret = json2iris((const char*)json_buff, json_filename, NULL, - maat_inst->opts.json_ctx.iris_file, - sizeof(maat_inst->opts.json_ctx.iris_file), - strlen(maat_inst->opts.decrypt_key) ? maat_inst->opts.decrypt_key : NULL, - strlen(maat_inst->opts.decrypt_algo) ? maat_inst->opts.decrypt_algo : NULL, - maat_inst->logger); - FREE(json_buff); - if (ret < 0) { - return -1; - } - - ret = stat(json_filename, &fstat_buf); - maat_inst->opts.json_ctx.last_md5_time = fstat_buf.st_ctim; - - md5_file(maat_inst->opts.json_ctx.json_file, maat_inst->opts.json_ctx.effective_json_md5); - log_info(maat_inst->logger, MODULE_CONFIG_MONITOR, - "JSON file %s md5: %s, generate index file %s OK", - maat_inst->opts.json_ctx.json_file, - maat_inst->opts.json_ctx.effective_json_md5, - maat_inst->opts.json_ctx.iris_file); - maat_inst->opts.input_mode = DATA_SOURCE_JSON_FILE; + + convert_maat_json_rule(json_root, json_buff); return 0; } \ No newline at end of file diff --git a/src/maat_core.c b/src/maat_core.c index 3084fdc..fbec874 100644 --- a/src/maat_core.c +++ b/src/maat_core.c @@ -16,7 +16,6 @@ #include #include -#include "json2iris.h" #include "log/log.h" #include "maat_utils.h" #include "maat_core.h" @@ -131,7 +130,7 @@ maat_start_cb(long long new_version, int update_type, void *u_param) } static int -maat_update_cb(const char *table_name, const char *line, void *u_param) +maat_update_cb(const char *table_name, const char *line, void *u_param, enum maat_operation op) { if (NULL == table_name || NULL == line || NULL == u_param) { return 0; @@ -161,7 +160,7 @@ maat_update_cb(const char *table_name, const char *line, void *u_param) for (int i = 0; i < conj_parent_table_cnt; i++) { int ret = table_manager_update_runtime(maat_inst->tbl_mgr, table_name, (int)conj_parent_table_ids[i], - line, update_type); + line, op, update_type); if (ret < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_RULE, "[%s:%d] table<%s> update runtime error for rule:%s", @@ -171,7 +170,7 @@ maat_update_cb(const char *table_name, const char *line, void *u_param) } } else { int ret = table_manager_update_runtime(maat_inst->tbl_mgr, table_name, - table_id, line, update_type); + table_id, line, op, update_type); if (ret < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_RULE, "[%s:%d] table<%s> update runtime error for rules:%s", @@ -307,6 +306,7 @@ void maat_read_full_config(struct maat *maat_inst) { int ret = -1; char err_str[NAME_MAX] = {0}; + cJSON *json_root = NULL; struct source_redis_ctx *redis_ctx = NULL; switch (maat_inst->opts.input_mode) { @@ -334,21 +334,9 @@ void maat_read_full_config(struct maat *maat_inst) redis_ctx->redis_db); } break; - case DATA_SOURCE_IRIS_FILE: - config_monitor_traverse(maat_inst->maat_version, - maat_inst->opts.iris_ctx.full_idx_dir, - maat_start_cb, maat_update_cb, maat_finish_cb, - maat_inst, maat_inst->opts.decrypt_key, - maat_inst->logger); - if (NULL == maat_inst->creating_maat_rt) { - log_fatal(maat_inst->logger, MODULE_MAAT_RULE, - "[%s:%d] At initiation: NO effective rule in %s", - __FUNCTION__, __LINE__, maat_inst->opts.iris_ctx.full_idx_dir); - } - break; case DATA_SOURCE_JSON_FILE: - ret = load_maat_json_file(maat_inst, maat_inst->opts.json_ctx.json_file, - err_str, sizeof(err_str)); + ret = load_maat_json_rule_file(maat_inst, maat_inst->opts.json_ctx.json_file, + json_root, err_str, sizeof(err_str)); if (ret < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_RULE, "[%s:%d] Maat re-initiate with JSON file %s failed: %s", @@ -357,7 +345,7 @@ void maat_read_full_config(struct maat *maat_inst) } config_monitor_traverse(maat_inst->maat_version, - maat_inst->opts.json_ctx.iris_file, + json_root, maat_start_cb, maat_update_cb, maat_finish_cb, maat_inst, maat_inst->opts.decrypt_key, maat_inst->logger); @@ -366,6 +354,7 @@ void maat_read_full_config(struct maat *maat_inst) "[%s:%d] At initiation: NO effective rule in %s", __FUNCTION__, __LINE__, maat_inst->opts.json_ctx.iris_file); } + cJSON_Delete(json_root); break; default: break; @@ -444,6 +433,7 @@ void *rule_monitor_loop(void *arg) char md5_tmp[MD5_DIGEST_LENGTH * 2 + 1] = {0}; char err_str[NAME_MAX] = {0}; struct stat attrib; + cJSON *json_root = NULL; while (maat_inst->is_running) { if (time(NULL) % 10 == 0) { @@ -461,13 +451,6 @@ void *rule_monitor_loop(void *arg) maat_start_cb, maat_update_cb, maat_finish_cb, maat_inst); break; - case DATA_SOURCE_IRIS_FILE: - config_monitor_traverse(maat_inst->maat_version, - maat_inst->opts.iris_ctx.inc_idx_dir, - maat_start_cb, maat_update_cb, maat_finish_cb, - maat_inst, maat_inst->opts.decrypt_key, - maat_inst->logger); - break; case DATA_SOURCE_JSON_FILE: memset(md5_tmp, 0, sizeof(md5_tmp)); stat(maat_inst->opts.json_ctx.json_file, &attrib); @@ -476,15 +459,15 @@ void *rule_monitor_loop(void *arg) maat_inst->opts.json_ctx.last_md5_time = attrib.st_ctim; md5_file(maat_inst->opts.json_ctx.json_file, md5_tmp); if (0 != strcmp(md5_tmp, maat_inst->opts.json_ctx.effective_json_md5)) { - ret = load_maat_json_file(maat_inst, maat_inst->opts.json_ctx.json_file, - err_str, sizeof(err_str)); + ret = load_maat_json_rule_file(maat_inst, maat_inst->opts.json_ctx.json_file, + json_root, err_str, sizeof(err_str)); if (ret < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_RULE, "[%s:%d] Maat re-initiate with JSON file %s (md5=%s)failed: %s\n", __FUNCTION__, __LINE__, maat_inst->opts.json_ctx.json_file, md5_tmp, err_str); } else { - config_monitor_traverse(0, maat_inst->opts.json_ctx.iris_file, + config_monitor_traverse(0, json_root, maat_start_cb, maat_update_cb, maat_finish_cb, maat_inst, maat_inst->opts.decrypt_key, maat_inst->logger); @@ -492,6 +475,7 @@ void *rule_monitor_loop(void *arg) "Maat re-initiate with JSON file %s success, md5: %s\n", maat_inst->opts.json_ctx.json_file, md5_tmp); } + cJSON_Delete(json_root); } } break; diff --git a/src/maat_ex_data.c b/src/maat_ex_data.c index 13d7493..3e35ecf 100644 --- a/src/maat_ex_data.c +++ b/src/maat_ex_data.c @@ -35,6 +35,12 @@ struct ex_data_runtime { void cache_row_free(void *p) { + struct ex_data_row *ex_data_row = (struct ex_data_row *)(char*)p; + + if (ex_data_row->row != NULL) { + FREE(ex_data_row->row); + ex_data_row->row = NULL; + } free(*(char **)p); } @@ -87,22 +93,24 @@ void ex_data_runtime_commit(struct ex_data_runtime *ex_data_rt) rcu_hash_commit(ex_data_rt->htable); } -void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const char *row) +void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const char *row, enum maat_operation op) { if (NULL == ex_data_rt || NULL == row) { return; } size_t row_len = strlen(row); - char *row_copy = ALLOC(char, row_len + 1); + struct ex_data_row *ex_data_row = ALLOC(struct ex_data_row, 1); + ex_data_row->row = ALLOC(char, row_len + 1); - memcpy(row_copy, row, row_len); + ex_data_row->op = op; + memcpy(ex_data_row->row, row, row_len); ex_data_rt->cache_size += row_len; - utarray_push_back(ex_data_rt->cache_rows, &row_copy); + utarray_push_back(ex_data_rt->cache_rows, &ex_data_row); ex_data_rt->cache_row_num++; } -const char *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index) +const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index) { if (NULL == ex_data_rt) { return NULL; @@ -110,7 +118,7 @@ const char *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, s const char **row = NULL; row = (const char **)utarray_eltptr(ex_data_rt->cache_rows, index); - return *row; + return (struct ex_data_row *)*row; } size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt) diff --git a/src/maat_expr.c b/src/maat_expr.c index 5286a64..5d76522 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -34,11 +34,6 @@ #define ENGINE_TYPE_SWITCH_THRESHOLD 50000 struct expr_schema { - int item_id_column; - int object_id_column; - int district_column; - int keywords_column; - int expr_type_column; int table_id; enum maat_expr_engine engine_type; struct table_manager *ref_tbl_mgr; @@ -157,64 +152,59 @@ int expr_runtime_set_scan_district(struct expr_runtime *expr_rt, const char *dis static struct expr_item * expr_item_new(struct expr_schema *expr_schema, const char *table_name, - const char *line, struct expr_runtime *expr_rt) + const cJSON *json, struct expr_runtime *expr_rt, long long item_id) { - size_t column_offset = 0; - size_t column_len = 0; int expr_type = -1; enum table_type table_type = TABLE_TYPE_INVALID; struct expr_item *expr_item = ALLOC(struct expr_item, 1); + cJSON *tmp_obj = NULL; + size_t len = 0; + int ret; - int ret = get_column_pos(line, expr_schema->item_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - expr_item->item_id = atoll(line + column_offset); + expr_item->item_id = item_id; - ret = get_column_pos(line, expr_schema->object_id_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "object_id"); + if (tmp_obj != NULL && tmp_obj->type == cJSON_String) { + expr_item->object_id = tmp_obj->valueint; + } else { log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - expr_item->object_id = atoll(line + column_offset); + expr_item->object_id = atoll(tmp_obj->valuestring); - ret = get_column_pos(line, expr_schema->keywords_column, &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "keywords"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no keywords in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } + len = strlen(tmp_obj->valuestring); - if (column_len > MAX_KEYWORDS_STR_LEN) { + if (len > MAX_KEYWORDS_STR_LEN) { log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> keywords length too long in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - memcpy(expr_item->keywords, (line + column_offset), column_len); + memcpy(expr_item->keywords, tmp_obj->valuestring, len); - ret = get_column_pos(line, expr_schema->expr_type_column, &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "expr_type"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no expr_type in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - expr_type = atoi(line + column_offset); + expr_type = atoi(tmp_obj->valuestring); expr_item->expr_type = int_to_expr_type(expr_type); if (expr_item->expr_type == EXPR_TYPE_INVALID) { log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has invalid expr_type in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } else if (expr_item->expr_type == EXPR_TYPE_REGEX) { ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger); @@ -229,21 +219,25 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, table_type = table_manager_get_table_type(expr_schema->ref_tbl_mgr, expr_schema->table_id); if (table_type == TABLE_TYPE_EXPR_PLUS) { - ret = get_column_pos(line, expr_schema->district_column, &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "district"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + log_fatal(expr_rt->logger, MODULE_EXPR, + "[%s:%d] expr table:<%s> has no district in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - if (column_len > MAX_DISTRICT_STR_LEN) { + len = strlen(tmp_obj->valuestring); + if (len > MAX_DISTRICT_STR_LEN) { log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> district length exceed maximum:%d" " in line:%s", __FUNCTION__, __LINE__, table_name, - MAX_DISTRICT_STR_LEN, line); + MAX_DISTRICT_STR_LEN, cJSON_Print(json)); goto error; } char district[MAX_DISTRICT_STR_LEN + 1] = {0}; - memcpy(district, (line + column_offset), column_len); + memcpy(district, tmp_obj->valuestring, len); assert(strlen(district) > 0); str_unescape(district); expr_item->district_id = expr_runtime_get_district_id(expr_rt, district); @@ -264,7 +258,6 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, struct expr_schema *expr_schema = ALLOC(struct expr_schema, 1); expr_schema->engine_type = MAAT_EXPR_ENGINE_AUTO; - cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { expr_schema->table_id = item->valueint; @@ -293,67 +286,6 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, } } - item = cJSON_GetObjectItem(json, "custom"); - if (item == NULL || item->type != cJSON_Object) { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->item_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no item_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "object_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->object_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no object_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "keywords"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->keywords_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no keywords column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - /* expr_plus has district */ - if (strcmp(table_type, "expr_plus") == 0) { - custom_item = cJSON_GetObjectItem(item, "district"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->district_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr_plus table:<%s> schema has no district column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - } - - custom_item = cJSON_GetObjectItem(item, "expr_type"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->expr_type_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no expr_type column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - expr_schema->ref_tbl_mgr = tbl_mgr; return expr_schema; @@ -489,11 +421,11 @@ void expr_runtime_free(void *expr_runtime) static int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key, size_t key_len, struct expr_item *item, - int is_valid) + enum maat_operation op) { int ret = -1; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { //delete rcu_hash_del(expr_rt->item_hash, key, key_len); } else { @@ -729,7 +661,7 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item, int expr_runtime_update(void *expr_runtime, void *expr_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == expr_runtime || NULL == expr_schema || NULL == line) { @@ -738,34 +670,43 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema, struct expr_schema *schema = (struct expr_schema *)expr_schema; struct expr_runtime *expr_rt = (struct expr_runtime *)expr_runtime; - - long long item_id = get_column_value(line, schema->item_id_column); - if (item_id < 0) { + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); + + if (NULL == json) { log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has no item_id(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->item_id_column, line); + "[%s:%d] expr table:<%s> line:%s is not a valid json", + __FUNCTION__, __LINE__, table_name, line); expr_rt->update_err_cnt++; return -1; } - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + tmp_obj = cJSON_GetObjectItem(json, "item_id"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); + "[%s:%d] expr table:<%s> has no item_id in line:%s", + __FUNCTION__, __LINE__, table_name, line); expr_rt->update_err_cnt++; - return -1; + goto ERROR; + } + + long long item_id = atoll(tmp_obj->valuestring); + if (item_id < 0) { + log_fatal(expr_rt->logger, MODULE_EXPR, + "[%s:%d] expr table:<%s> item_id wrong" + " in table_line:%s", __FUNCTION__, __LINE__, table_name, + cJSON_Print(json)); + expr_rt->update_err_cnt++; + goto ERROR; } struct expr_item *expr_item = NULL; - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { //add - expr_item = expr_item_new(schema, table_name, line, expr_rt); + expr_item = expr_item_new(schema, table_name, json, expr_rt, item_id); if (NULL == expr_item) { expr_rt->update_err_cnt++; - return -1; + goto ERROR; } int *item_district_id = ALLOC(int, 1); @@ -775,7 +716,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema, } int ret = expr_runtime_update_row(expr_rt, (char *)&item_id, sizeof(long long), - expr_item, is_valid); + expr_item, op); if (ret < 0) { if (expr_item != NULL) { expr_item_free(expr_item); @@ -783,7 +724,13 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema, //don't return failed, ignore the case of adding duplicate keys } + cJSON_Delete(json); return 0; +ERROR: + if (json != NULL) { + cJSON_Delete(json); + } + return -1; } static void garbage_expr_matcher_free(void *expr_matcher, void *arg) diff --git a/src/maat_flag.c b/src/maat_flag.c index 5f4aaaf..43cb2c2 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -25,11 +25,6 @@ #define MODULE_FLAG module_name_str("maat.flag") struct flag_schema { - int item_id_column; - int object_id_column; - int district_column; - int flag_column; - int flag_mask_column; int table_id; struct table_manager *ref_tbl_mgr; }; @@ -71,7 +66,6 @@ void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr, struct flag_schema *schema = ALLOC(struct flag_schema, 1); char table_type[NAME_MAX] = {0}; - cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; @@ -86,67 +80,6 @@ void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr, item = cJSON_GetObjectItem(json, "table_type"); memcpy(table_type, item->valuestring, strlen(item->valuestring)); - item = cJSON_GetObjectItem(json, "custom"); - if (item == NULL || item->type != cJSON_Object) { - log_fatal(logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->item_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> schema has no item_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "object_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->object_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> schema has no object_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - /* flag_plus has district */ - if (strcmp(table_type, "flag_plus") == 0) { - custom_item = cJSON_GetObjectItem(item, "district"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->district_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_FLAG, - "[%s:%d] flag_plus table:<%s> schema has no district column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - } - - custom_item = cJSON_GetObjectItem(item, "flag"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->flag_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> schema has no flag column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "flag_mask"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->flag_mask_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> schema has no flag_mask column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - schema->ref_tbl_mgr = tbl_mgr; return schema; error: @@ -253,11 +186,11 @@ void flag_runtime_free(void *flag_runtime) static int flag_runtime_update_row(struct flag_runtime *flag_rt, char *key, size_t key_len, struct flag_item *item, - int is_valid) + enum maat_operation op) { int ret = -1; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { //delete rcu_hash_del(flag_rt->item_hash, key, key_len); } else { @@ -309,75 +242,69 @@ int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *dis static struct flag_item * flag_item_new(struct flag_schema *schema, const char *table_name, - const char *line, struct flag_runtime *flag_rt) + const cJSON *json, struct flag_runtime *flag_rt, long long item_id) { - size_t column_offset = 0; - size_t column_len = 0; + cJSON *tmp_obj = NULL; enum table_type table_type = TABLE_TYPE_INVALID; struct flag_item *item = ALLOC(struct flag_item, 1); - int ret = get_column_pos(line, schema->item_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - item->item_id = atoll(line + column_offset); + item->item_id = item_id; - ret = get_column_pos(line, schema->object_id_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "object_id"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] flag table:<%s> has no object_id in json:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - item->object_id = atoll(line + column_offset); + item->object_id = atoll(tmp_obj->valuestring); table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id); if (table_type == TABLE_TYPE_INTERVAL_PLUS) { - ret = get_column_pos(line, schema->district_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "district"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + log_fatal(flag_rt->logger, MODULE_FLAG, + "[%s:%d] flag_plus table:<%s> has no district in json:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - if (column_len > MAX_DISTRICT_STR_LEN) { + size_t len = strlen(tmp_obj->valuestring); + if (len > MAX_DISTRICT_STR_LEN) { log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag_plus table:<%s> district length exceed " - "maximum:%d in line:%s", __FUNCTION__, __LINE__, - table_name, MAX_DISTRICT_STR_LEN, line); + "maximum:%d in json:%s", __FUNCTION__, __LINE__, + table_name, MAX_DISTRICT_STR_LEN, cJSON_Print(json)); goto error; } char district[MAX_DISTRICT_STR_LEN + 1] = {0}; - memcpy(district, (line + column_offset), column_len); + memcpy(district, tmp_obj->valuestring, len); assert(strlen(district) > 0); item->district_id = flag_runtime_get_district_id(flag_rt, district); } else { item->district_id = DISTRICT_ANY; } - ret = get_column_pos(line, schema->flag_column, &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "flag"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no flag in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] flag table:<%s> has no flag in json:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - item->flag = strtoull(line + column_offset, NULL, 0); + item->flag = strtoull(tmp_obj->valuestring, NULL, 0); - ret = get_column_pos(line, schema->flag_mask_column, &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "flag_mask"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no flag_mask in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] flag table:<%s> has no flag_mask in json:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - item->flag_mask = strtoull(line + column_offset, NULL, 0); + + item->flag_mask = strtoull(tmp_obj->valuestring, NULL, 0); return item; error: @@ -399,7 +326,7 @@ static struct flag_rule flag_item_to_flag_rule(struct flag_item *item) int flag_runtime_update(void *flag_runtime, void *flag_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == flag_runtime || NULL == flag_schema || NULL == line) { @@ -409,31 +336,30 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema, struct flag_schema *schema = (struct flag_schema *)flag_schema; struct flag_runtime *flag_rt = (struct flag_runtime *)flag_runtime; - long long item_id = get_column_value(line, schema->item_id_column); - if (item_id < 0) { + cJSON *json = cJSON_Parse(line); + if (NULL == json) { log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no item_id(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->item_id_column, line); + "[%s:%d] flag table:<%s> line:%s is not a valid json", + __FUNCTION__, __LINE__, table_name, line); return -1; } - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + cJSON *item = cJSON_GetObjectItem(json, "item_id"); + if (NULL == item || item->type != cJSON_String) { log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); - flag_rt->update_err_cnt++; - return -1; + "[%s:%d] flag table:<%s> line:%s has no item_id", + __FUNCTION__, __LINE__, table_name, line); + goto ERROR; } + long long item_id = atoll(item->valuestring); + struct flag_item *flag_item = NULL; - if (1 == is_valid) { - flag_item = flag_item_new(schema, table_name, line, flag_rt); + if (MAAT_OP_ADD == op) { + flag_item = flag_item_new(schema, table_name, json, flag_rt, item_id); if (NULL == flag_item) { flag_rt->update_err_cnt++; - return -1; + goto ERROR; } int *item_district_id = ALLOC(int, 1); @@ -443,7 +369,7 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema, } int ret = flag_runtime_update_row(flag_rt, (char *)&item_id, sizeof(long long), - flag_item, is_valid); + flag_item, op); if (ret < 0) { if (flag_item != NULL) { flag_item_free(flag_item); @@ -451,7 +377,14 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema, //don't return failed, ignore the case of adding duplicate keys } + cJSON_Delete(json); + return 0; +ERROR: + if (json != NULL) { + cJSON_Delete(json); + } + return -1; } static void garbage_flag_matcher_free(void *flag_matcher, void *arg) diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index f5295c2..0fb2034 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -20,11 +20,9 @@ #define MODULE_FQDN_PLUGIN module_name_str("maat.bool_plugin") struct fqdn_plugin_schema { - int item_id_column; - int fqdn_column; - int rule_tag_column; int gc_timeout_s; int table_id; + char key_name[MAX_NAME_STR_LEN]; struct ex_container_schema container_schema; struct table_manager *ref_tbl_mgr; struct log_handle *logger; @@ -67,9 +65,9 @@ void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->item_id_column = custom_item->valueint; + custom_item = cJSON_GetObjectItem(item, "key_name"); + if (custom_item != NULL && custom_item->type == cJSON_String) { + strncpy(schema->key_name, custom_item->valuestring, sizeof(schema->key_name) - 1); } else { log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> schema has no item_id column", @@ -77,23 +75,6 @@ void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - // rule_tag is optional - custom_item = cJSON_GetObjectItem(item, "fqdn"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->fqdn_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_FQDN_PLUGIN, - "[%s:%d] fqdn_plugin table:<%s> schema has no fqdn column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - // rule_tag is optional - custom_item = cJSON_GetObjectItem(item, "rule_tag"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->rule_tag_column = custom_item->valueint; - } - //gc_timeout_s is optional custom_item = cJSON_GetObjectItem(item, "gc_timeout_s"); if (custom_item != NULL && custom_item->type == cJSON_Number) { @@ -223,34 +204,30 @@ void fqdn_plugin_runtime_free(void *fqdn_plugin_runtime) static int fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema, - const char *table_name, const char *line, + const char *table_name, const cJSON *json, struct log_handle *logger) { - size_t column_offset = 0; - size_t column_len = 0; size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); + cJSON *tmp_obj = NULL; - if (schema->rule_tag_column > 0 && n_tag > 0) { - int ret = get_column_pos(line, schema->rule_tag_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "tag"); + if (tmp_obj != NULL && n_tag > 0) { + if (tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_FQDN_PLUGIN, - "[%s:%d] fqdn_plugin table:<%s> has no rule_tag" + "[%s:%d] fqdn_plugin table:<%s> has invalid tag format" " in line:%s", __FUNCTION__, __LINE__, table_name, - line); + cJSON_Print(json)); return TAG_MATCH_ERR; } - if (column_len > 2) { - char *tag_str = ALLOC(char, column_len + 1); - memcpy(tag_str, (line + column_offset), column_len); - ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); - FREE(tag_str); + const char *tag = tmp_obj->valuestring; + if (strlen(tag) > 2) { + int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag); if (TAG_MATCH_ERR == ret) { log_fatal(logger, MODULE_FQDN_PLUGIN, - "[%s:%d] fqdn_plugin table:<%s> has invalid " - "tag format in line:%s", __FUNCTION__, __LINE__, - table_name, line); + "[%s:%d] fqdn_plugin table:<%s> has invalid tag" + " format in line:%s", __FUNCTION__, __LINE__, + table_name, cJSON_Print(json)); return TAG_MATCH_ERR; } @@ -258,7 +235,7 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema, log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has unmatched tag" " in line:%s", __FUNCTION__, __LINE__, table_name, - line); + cJSON_Print(json)); return TAG_MATCH_UNMATCHED; } } @@ -268,41 +245,38 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema, } static struct FQDN_rule * -fqdn_plugin_rule_new(const char *line, struct fqdn_plugin_schema *schema, +fqdn_plugin_rule_new(const cJSON *json, struct fqdn_plugin_schema *schema, const char *table_name, struct log_handle *logger) { - int ret = fqdn_plugin_accept_tag_match(schema, table_name, line, logger); + int ret = fqdn_plugin_accept_tag_match(schema, table_name, json, logger); if (ret == TAG_MATCH_UNMATCHED) { return NULL; } - size_t column_offset = 0; - size_t column_len = 0; const char *fqdn = NULL; size_t fqdn_len = 0; struct FQDN_rule *fqdn_plugin_rule = ALLOC(struct FQDN_rule, 1); + cJSON *tmp_obj = NULL; - ret = get_column_pos(line, schema->item_id_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_FQDN_PLUGIN, - "[%s:%d] fqdn_plugin table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] fqdn_plugin table:<%s> has no key_name or invalid format in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - fqdn_plugin_rule->id = atoi(line + column_offset); + fqdn_plugin_rule->id = atoi(tmp_obj->valuestring); - ret = get_column_pos(line, schema->fqdn_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "fqdn"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_FQDN_PLUGIN, "[%s:%d] fqdn_plugin table:<%s> has no fqdn in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - fqdn = line + column_offset; - fqdn_len = column_len; + fqdn = tmp_obj->valuestring; + fqdn_len = strlen(fqdn); if (fqdn[0] == '*') { fqdn_plugin_rule->is_suffix_match = 1; @@ -334,12 +308,12 @@ fqdn_plugin_runtime_update_row(struct fqdn_plugin_runtime *fqdn_plugin_rt, const char *table_name, const char *row, const char *key, size_t key_len, struct FQDN_rule *fqdn_plugin_rule, - int is_valid) + enum maat_operation op) { int ret = -1; struct ex_data_runtime *ex_data_rt = fqdn_plugin_rt->ex_data_rt; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { // delete ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); if (ret < 0) { @@ -370,7 +344,7 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, void *fqdn_plugin_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == fqdn_plugin_runtime || NULL == fqdn_plugin_schema || NULL == line) { @@ -384,64 +358,72 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime; - size_t item_id_offset = 0, item_id_len = 0; + int ret = 0; + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + if (NULL == json) { log_fatal(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, - "[%s:%d] fqdn_plugin table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); + "[%s:%d] fqdn_plugin table:<%s> line is not a json format, line: %s", + __FUNCTION__, __LINE__, table_name, line); fqdn_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } - int ret = get_column_pos(line, schema->item_id_column, - &item_id_offset, &item_id_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, - "[%s:%d] fqdn_plugin table:<%s> has no item_id(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->item_id_column, line); + "[%s:%d] fqdn_plugin table:<%s> has no key_name or invalid format in line:%s", + __FUNCTION__, __LINE__, table_name, line); fqdn_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } if (1 == schema->container_schema.set_flag) { - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { // add - fqdn_plugin_rule = fqdn_plugin_rule_new(line, schema, table_name, + fqdn_plugin_rule = fqdn_plugin_rule_new(json, schema, table_name, fqdn_plugin_rt->logger); if (NULL == fqdn_plugin_rule) { fqdn_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } } - const char *key = line + item_id_offset; - size_t key_len = item_id_len; + const char *key = tmp_obj->valuestring; + size_t key_len = strlen(key); ret = fqdn_plugin_runtime_update_row(fqdn_plugin_rt, table_name, line, key, key_len, fqdn_plugin_rule, - is_valid); + op); if (ret < 0) { log_fatal(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, "[%s:%d]fqdn_plugin table:<%s> update one line failed, " "line:%s", __FUNCTION__, __LINE__, table_name, line); fqdn_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } log_debug(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, "fqdn_plugin table:<%s> update one line, key:%s, key_len:%zu," - "is_valid:%d", table_name, key, key_len, is_valid); + "maat_op:%d", table_name, key, key_len, op); } else { //ex_schema not set - ex_data_runtime_cache_row_put(fqdn_plugin_rt->ex_data_rt, line); + ex_data_runtime_cache_row_put(fqdn_plugin_rt->ex_data_rt, line, op); fqdn_plugin_rt->rule_num = ex_data_runtime_cached_row_count(fqdn_plugin_rt->ex_data_rt); } return 0; + +ERROR: + if (fqdn_plugin_rule != NULL) { + fqdn_rule_free(fqdn_plugin_rule); + } + if (json != NULL) { + cJSON_Delete(json); + } + + return -1; } static void garbage_fqdn_engine_free(void *fqdn_engine, void *arg) diff --git a/src/maat_interval.c b/src/maat_interval.c index f76db52..a52a336 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -22,10 +22,6 @@ #define MODULE_INTERVAL module_name_str("maat.interval") struct interval_schema { - int item_id_column; - int object_id_column; - int district_column; - int interval_column; int table_id; struct table_manager *ref_tbl_mgr; }; @@ -67,7 +63,6 @@ void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr, struct interval_schema *schema = ALLOC(struct interval_schema, 1); char table_type[NAME_MAX] = {0}; - cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; @@ -82,57 +77,6 @@ void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr, item = cJSON_GetObjectItem(json, "table_type"); memcpy(table_type, item->valuestring, strlen(item->valuestring)); - item = cJSON_GetObjectItem(json, "custom"); - if (item == NULL || item->type != cJSON_Object) { - log_fatal(logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->item_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> schema has no item_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "object_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->object_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> schema has no object_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - /* interval_plus has district */ - if (strcmp(table_type, "interval_plus") == 0) { - custom_item = cJSON_GetObjectItem(item, "district"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->district_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_INTERVAL, - "[%s:%d] interval_plus table:<%s> schema has no district column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - } - - custom_item = cJSON_GetObjectItem(item, "interval"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->interval_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> schema has no interval column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - schema->ref_tbl_mgr = tbl_mgr; return schema; error: @@ -271,66 +215,60 @@ int interval_runtime_set_scan_district(struct interval_runtime *interval_rt, static struct interval_item * interval_item_new(struct interval_schema *schema, const char *table_name, - const char *line, struct interval_runtime *interval_rt) + const cJSON *json, struct interval_runtime *interval_rt, long long item_id) { - size_t column_offset = 0; - size_t column_len = 0; enum table_type table_type = TABLE_TYPE_INVALID; char port_str[16] = {0}; struct interval_item *item = ALLOC(struct interval_item, 1); + cJSON *tmp_obj = NULL; - int ret = get_column_pos(line, schema->item_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(interval_rt->logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - item->item_id = atoll(line + column_offset); + item->item_id = item_id; - ret = get_column_pos(line, schema->object_id_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "object_id"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - item->object_id = atoll(line + column_offset); + item->object_id = atoll(tmp_obj->valuestring); table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id); if (table_type == TABLE_TYPE_INTERVAL_PLUS) { - ret = get_column_pos(line, schema->district_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "district"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + log_fatal(interval_rt->logger, MODULE_INTERVAL, + "[%s:%d] interval_plus table:<%s> has no district in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - if (column_len > MAX_DISTRICT_STR_LEN) { + size_t len = strlen(tmp_obj->valuestring); + + if (len > MAX_DISTRICT_STR_LEN) { log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval_plus table:<%s> district length exceed " "maximum:%d in line:%s", __FUNCTION__, __LINE__, table_name, - MAX_DISTRICT_STR_LEN, line); + MAX_DISTRICT_STR_LEN, cJSON_Print(json)); goto error; } char district[MAX_DISTRICT_STR_LEN + 1] = {0}; - memcpy(district, (line + column_offset), column_len); + memcpy(district, tmp_obj->valuestring, len); assert(strlen(district) > 0); item->district_id = interval_runtime_get_district_id(interval_rt, district); } else { item->district_id = DISTRICT_ANY; } - ret = get_column_pos(line, schema->interval_column, &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "interval"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(interval_rt->logger, MODULE_INTERVAL, "[%s:%d] interval table:<%s> has no interval in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - memcpy(port_str, line + column_offset, column_len); + memcpy(port_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); if (strchr(port_str, '-') != NULL) { sscanf(port_str, "%d-%d", &item->low_boundary, &item->up_boundary); } else { @@ -359,11 +297,11 @@ interval_item_to_interval_rule(struct interval_item *item) static int interval_runtime_update_row(struct interval_runtime *interval_rt, char *key, size_t key_len, - struct interval_item *item, int is_valid) + struct interval_item *item, enum maat_operation op) { int ret = -1; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { //delete rcu_hash_del(interval_rt->item_hash, key, key_len); } else { @@ -383,7 +321,7 @@ static int interval_runtime_update_row(struct interval_runtime *interval_rt, int interval_runtime_update(void *interval_runtime, void *interval_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == interval_runtime || NULL == interval_schema || NULL == line) { @@ -392,34 +330,44 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema, struct interval_schema *schema = (struct interval_schema *)interval_schema; struct interval_runtime *interval_rt = (struct interval_runtime *)interval_runtime; - - long long item_id = get_column_value(line, schema->item_id_column); - if (item_id < 0) { + cJSON *tmp_obj = NULL; + cJSON *json = NULL; + + json = cJSON_Parse(line); + if (NULL == json) { log_fatal(interval_rt->logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> has no item_id(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->item_id_column, line); + "[%s:%d] interval table:<%s> line:%s is not a valid json", + __FUNCTION__, __LINE__, table_name, line); interval_rt->update_err_cnt++; - return -1; + goto ERROR; } - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + tmp_obj = cJSON_GetObjectItem(json, "item_id"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(interval_rt->logger, MODULE_INTERVAL, - "[%s:%d] interval table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); + "[%s:%d] interval table:<%s> has no item_id in line:%s", + __FUNCTION__, __LINE__, table_name, line); interval_rt->update_err_cnt++; - return -1; + goto ERROR; + } + + long long item_id = atoll(tmp_obj->valuestring); + if (item_id < 0) { + log_fatal(interval_rt->logger, MODULE_INTERVAL, + "[%s:%d] interval table:<%s> item_id wrong" + " in table_line:%s", __FUNCTION__, __LINE__, table_name, + line); + interval_rt->update_err_cnt++; + goto ERROR; } struct interval_item *interval_item = NULL; - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { //add - interval_item = interval_item_new(schema, table_name, line, interval_rt); + interval_item = interval_item_new(schema, table_name, json, interval_rt, item_id); if (NULL == interval_item) { interval_rt->update_err_cnt++; - return -1; + goto ERROR; } int *item_district_id = ALLOC(int, 1); @@ -429,7 +377,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema, } int ret = interval_runtime_update_row(interval_rt, (char *)&item_id, sizeof(long long), - interval_item, is_valid); + interval_item, op); if (ret < 0) { if (interval_item != NULL) { interval_item_free(interval_item); @@ -437,7 +385,14 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema, //don't return failed, ignore the case of adding duplicate keys } + cJSON_Delete(json); return 0; + +ERROR: + if (json != NULL) { + cJSON_Delete(json); + } + return -1; } void garbage_interval_matcher_free(void *interval_matcher, void *arg) diff --git a/src/maat_ip.c b/src/maat_ip.c index 3078001..aa98c41 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -24,11 +24,7 @@ #define MODULE_IP module_name_str("maat.ip") struct ip_schema { - int item_id_column; - int object_id_column; - int ip_column; int table_id; - int port_column; struct table_manager *ref_tbl_mgr; }; @@ -78,7 +74,6 @@ void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr, { struct ip_schema *ip_schema = ALLOC(struct ip_schema, 1); - cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { ip_schema->table_id = item->valueint; @@ -89,50 +84,6 @@ void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - item = cJSON_GetObjectItem(json, "custom"); - if (NULL == item || item->type != cJSON_Object) { - log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->item_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> schema has no item_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "object_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->object_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> schema has no object_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "ip"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->ip_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> schema has no ip column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "port"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - ip_schema->port_column = custom_item->valueint; - } else { - ip_schema->port_column = 0; - } ip_schema->ref_tbl_mgr = tbl_mgr; return ip_schema; error: @@ -147,42 +98,32 @@ void ip_schema_free(void *ip_schema) static struct ip_item * ip_item_new(struct ip_schema *ip_schema, const char *table_name, - const char *line, struct log_handle *logger) + const cJSON *json, struct log_handle *logger, long long item_id) { - size_t column_offset = 0; - size_t column_len = 0; char ip_str[128] = {0}; struct ip_item *ip_item = ALLOC(struct ip_item, 1); + cJSON *tmp_obj = NULL; + int ret = 0; - int ret = get_column_pos(line, ip_schema->item_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - ip_item->item_id = atoll(line + column_offset); + ip_item->item_id = item_id; - ret = get_column_pos(line, ip_schema->object_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_IP, + tmp_obj = cJSON_GetObjectItem(json, "object_id"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - ip_item->object_id = atoll(line + column_offset); + ip_item->object_id = atoll(tmp_obj->valuestring); - ret = get_column_pos(line, ip_schema->ip_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "ip"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> has no ip1 in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ip table:<%s> has no ip in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - memcpy(ip_str, (line + column_offset), column_len); + memcpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); if (strchr(ip_str, ':') != NULL) { ip_item->addr_type = IPV6; @@ -195,7 +136,7 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name, if (ret < 0) { log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> ip_format2range(ip4) failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } } else { @@ -204,23 +145,16 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name, if (ret < 0) { log_fatal(logger, MODULE_IP, "[%s:%d] ip table:<%s> ip_format2range(ip6) failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } } - if(ip_schema->port_column>0) + tmp_obj = cJSON_GetObjectItem(json, "port"); + if(tmp_obj && tmp_obj->type == cJSON_String) { - ret = get_column_pos(line, ip_schema->port_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_IP, - "[%s:%d] ip table:<%s> has no port in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } char port_range[20] = {0}; - memcpy(port_range, (line + column_offset), column_len); + memcpy(port_range, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); //port range is port or port_start-port_end if(strchr(port_range,'-')!=NULL){ @@ -338,11 +272,11 @@ static void ip_item_to_ip_rule(struct ip_item *item, struct ip_rule *rule) } static int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len, - struct ip_item *item, int is_valid) + struct ip_item *item, enum maat_operation op) { int ret = -1; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { // delete rcu_hash_del(ip_rt->item_hash, key, key_len); } else { @@ -361,7 +295,7 @@ static int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key int ip_runtime_update(void *ip_runtime, void *ip_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == ip_runtime || NULL == ip_schema || NULL == line) { return -1; @@ -369,39 +303,40 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema, struct ip_schema *schema = (struct ip_schema *)ip_schema; struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime; - - long long item_id = get_column_value(line, schema->item_id_column); - if (item_id < 0) { + cJSON *json = NULL; + cJSON *tmp_obj = NULL; + + json = cJSON_Parse(line); + if (NULL == json) { log_fatal(ip_rt->logger, MODULE_IP, - "[%s:%d] ip table:<%s> has no item_id(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->item_id_column, line); + "[%s:%d] ip table:<%s> line is not a valid json string", + __FUNCTION__, __LINE__, table_name); ip_rt->update_err_cnt++; - return -1; + goto ERROR; } - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + tmp_obj = cJSON_GetObjectItem(json, "item_id"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(ip_rt->logger, MODULE_IP, - "[%s:%d] ip table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); + "[%s:%d] ip table:<%s> has no item_id in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); ip_rt->update_err_cnt++; - return -1; + goto ERROR; } + long long item_id = atoll(tmp_obj->valuestring); struct ip_item *ip_item = NULL; - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { //add - ip_item = ip_item_new(schema, table_name, line, ip_rt->logger); + ip_item = ip_item_new(schema, table_name, json, ip_rt->logger, item_id); if (NULL == ip_item) { ip_rt->update_err_cnt++; - return -1; + goto ERROR; } } int ret = ip_runtime_update_row(ip_rt, (char *)&item_id, sizeof(long long), - ip_item, is_valid); + ip_item, op); if (ret < 0) { if (ip_item != NULL) { ip_item_free(ip_item); @@ -409,7 +344,13 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema, //don't return failed, ignore the case of adding duplicate keys } + cJSON_Delete(json); return 0; +ERROR: + if (json != NULL) { + cJSON_Delete(json); + } + return -1; } void garbage_ip_matcher_free(void *ip_matcher, void *arg) diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index f38d6dd..9881c54 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -22,11 +22,9 @@ #define MAX_IP_STR 128 struct ip_plugin_schema { - int item_id_column; - int ip_column; - int rule_tag_column; int gc_timeout_s; int table_id; + char key_name[MAX_NAME_STR_LEN]; struct ex_container_schema container_schema; struct table_manager *ref_tbl_mgr; struct log_handle *logger; @@ -71,33 +69,15 @@ void *ip_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->item_id_column = custom_item->valueint; - } else { + custom_item = cJSON_GetObjectItem(item, "key_name"); + if (custom_item == NULL || custom_item->type != cJSON_String) { log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> schema has no" - " item_id column", __FUNCTION__, __LINE__, + " key_name column", __FUNCTION__, __LINE__, table_name); goto error; } - - custom_item = cJSON_GetObjectItem(item, "ip"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->ip_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IP_PLUGIN, - "[%s:%d] ip_plugin table:<%s> schema has no" - " end_ip column", __FUNCTION__, __LINE__, - table_name); - goto error; - } - - // rule_tag is optional - custom_item = cJSON_GetObjectItem(item, "rule_tag"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->rule_tag_column = custom_item->valueint; - } + strncpy(schema->key_name, custom_item->valuestring, sizeof(schema->key_name) - 1); //gc_timeout_s is optional custom_item = cJSON_GetObjectItem(item, "gc_timeout_s"); @@ -124,80 +104,71 @@ void ip_plugin_schema_free(void *ip_plugin_schema) static int ip_plugin_accept_tag_match(struct ip_plugin_schema *schema, - const char *table_name, const char *line, + const char *table_name, const cJSON *json, struct log_handle *logger) { - size_t column_offset = 0; - size_t column_len = 0; + cJSON *tmp_obj = NULL; size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); - if (schema->rule_tag_column > 0 && n_tag > 0) { - int ret = get_column_pos(line, schema->rule_tag_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "tag"); + if (tmp_obj && n_tag > 0) { + if (tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_IP_PLUGIN, - "[%s:%d] ip_plugin table:<%s> has no rule_tag in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ip_plugin table:<%s> has invalid tag format" + " in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return TAG_MATCH_ERR; } - if (column_len > 2) { - char *tag_str = ALLOC(char, column_len + 1); - memcpy(tag_str, (line + column_offset), column_len); - ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); - FREE(tag_str); - if (TAG_MATCH_ERR == ret) { - log_fatal(logger, MODULE_IP_PLUGIN, - "[%s:%d] ip_plugin table:<%s> has invalid tag format" - " in line:%s", __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_ERR; - } + int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tmp_obj->valuestring); + if (TAG_MATCH_ERR == ret) { + log_fatal(logger, MODULE_IP_PLUGIN, + "[%s:%d] ip_plugin table:<%s> has invalid tag format" + " in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + return TAG_MATCH_ERR; + } - if (TAG_MATCH_UNMATCHED == ret) { - log_fatal(logger, MODULE_IP_PLUGIN, - "[%s:%d] ip_plugin table:<%s> has unmatched tag in line:%s", - __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_UNMATCHED; - } + if (TAG_MATCH_UNMATCHED == ret) { + log_fatal(logger, MODULE_IP_PLUGIN, + "[%s:%d] ip_plugin table:<%s> has unmatched tag in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + return TAG_MATCH_UNMATCHED; } } + return TAG_MATCH_MATCHED; } static struct ip_rule * ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, - const char *line, struct log_handle *logger) + const cJSON *json, struct log_handle *logger) { - int ret = ip_plugin_accept_tag_match(schema, table_name, line, logger); + int ret = ip_plugin_accept_tag_match(schema, table_name, json, logger); if (ret == TAG_MATCH_UNMATCHED) { return NULL; } - size_t column_offset = 0; - size_t column_len = 0; char ip_str[128] = {0}; + cJSON *tmp_obj = NULL; struct ip_rule *ip_plugin_rule = ALLOC(struct ip_rule, 1); - ret = get_column_pos(line, schema->item_id_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_IP_PLUGIN, - "[%s:%d] ip_plugin table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ip_plugin table:<%s> has no key %s or invalid format in line:%s", + __FUNCTION__, __LINE__, table_name, schema->key_name, cJSON_Print(json)); goto error; } - ip_plugin_rule->rule_id = atoll(line + column_offset); + ip_plugin_rule->rule_id = atoll(tmp_obj->valuestring); - ret = get_column_pos(line, schema->ip_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "ip"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_IP_PLUGIN, - "[%s:%d] ip_plugin table:<%s> has no end_ip in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ip_plugin table:<%s> has no ip field or invalid format in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - strncpy(ip_str, line + column_offset, column_len); + strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); if (strchr(ip_str, ':') != NULL) { ip_plugin_rule->type = IPV6; @@ -211,7 +182,7 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s>> ip_format2range(ip4)" " failed in line:%s", __FUNCTION__, __LINE__, - table_name, line); + table_name, cJSON_Print(json)); goto error; } } else { @@ -221,7 +192,7 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name, log_fatal(logger, MODULE_IP_PLUGIN, "[%s:%d] ip_plugin table:<%s> ip_format2range(ip6)" " failed in line:%s", __FUNCTION__, __LINE__, - table_name, line); + table_name, cJSON_Print(json)); goto error; } } @@ -279,7 +250,7 @@ static int ip_plugin_runtime_update_row(struct ip_plugin_runtime *ip_plugin_rt, const char *table_name, const char *row, const char *key, size_t key_len, - struct ip_rule *ip_plugin_rule, int is_valid) + struct ip_rule *ip_plugin_rule, enum maat_operation op) { int ret = -1; struct ex_data_runtime *ex_data_rt = ip_plugin_rt->ex_data_rt; @@ -287,7 +258,7 @@ ip_plugin_runtime_update_row(struct ip_plugin_runtime *ip_plugin_rt, return -1; } - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { // delete ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); if (ret < 0) { @@ -372,7 +343,7 @@ void ip_plugin_runtime_free(void *ip_plugin_runtime) int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == ip_plugin_runtime || NULL == ip_plugin_schema || NULL == line) { @@ -386,55 +357,71 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; - size_t item_id_offset = 0, item_id_len = 0; + int ret = 0; + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + if (NULL == json) { + log_fatal(ip_plugin_rt->logger, MODULE_IP_PLUGIN, + "[%s:%d]ip_plugin table:<%s> parse json failed, line:%s", + __FUNCTION__, __LINE__, table_name, line); ip_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } - int ret = get_column_pos(line, schema->item_id_column, - &item_id_offset, &item_id_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + log_fatal(ip_plugin_rt->logger, MODULE_IP_PLUGIN, + "[%s:%d]ip_plugin table:<%s> has no entry_id in line:%s", + __FUNCTION__, __LINE__, table_name, line); ip_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } if (1 == schema->container_schema.set_flag) { - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { // add - ip_plugin_rule = ip_plugin_rule_new(schema, table_name, line, + ip_plugin_rule = ip_plugin_rule_new(schema, table_name, json, ip_plugin_rt->logger); if (NULL == ip_plugin_rule) { ip_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } } - const char *key = line + item_id_offset; - size_t key_len = item_id_len; + const char *key = tmp_obj->valuestring; + size_t key_len = strlen(key); ret = ip_plugin_runtime_update_row(ip_plugin_rt, table_name, line, key, - key_len, ip_plugin_rule, is_valid); + key_len, ip_plugin_rule, op); if (ret < 0) { log_fatal(ip_plugin_rt->logger, MODULE_IP_PLUGIN, "[%s:%d]ip_plugin table:<%s> update one line failed, " "line:%s", __FUNCTION__, __LINE__, table_name, line); ip_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } log_debug(ip_plugin_rt->logger, MODULE_IP_PLUGIN, "ip_plugin table:<%s> update one line, key:%s, key_len:%zu," - " is_valid:%d", table_name, key, key_len, is_valid); + " maat_op:%d", table_name, key, key_len, op); } else { //ex_schema not set - ex_data_runtime_cache_row_put(ip_plugin_rt->ex_data_rt, line); + ex_data_runtime_cache_row_put(ip_plugin_rt->ex_data_rt, line, op); ip_plugin_rt->rule_num = ex_data_runtime_cached_row_count(ip_plugin_rt->ex_data_rt); } return 0; + +ERROR: + if (ip_plugin_rule != NULL) { + ip_plugin_rule_free(ip_plugin_rule); + } + if (json != NULL) { + cJSON_Delete(json); + } + + return -1; } int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name, diff --git a/src/maat_ipport_plugin.c b/src/maat_ipport_plugin.c index 78eac34..d26e5bd 100644 --- a/src/maat_ipport_plugin.c +++ b/src/maat_ipport_plugin.c @@ -23,13 +23,9 @@ #define MODULE_IPPORT_PLUGIN module_name_str("maat.ipport_plugin") struct ipport_plugin_schema { - int item_id_column; - int ip_type_column; - int ip_addr_column; - int port1_column; - int port2_column; int gc_timeout_s; int table_id; + char key_name[MAX_NAME_STR_LEN]; struct ex_container_schema container_schema; struct table_manager *ref_tbl_mgr; struct log_handle *logger; @@ -95,9 +91,9 @@ void *ipport_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "item_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->item_id_column = custom_item->valueint; + custom_item = cJSON_GetObjectItem(item, "key_name"); + if (custom_item != NULL && custom_item->type == cJSON_String) { + strncpy(schema->key_name, custom_item->valuestring, sizeof(schema->key_name) - 1); } else { log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport_plugin table:<%s> schema has no" @@ -106,48 +102,6 @@ void *ipport_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "ip_type"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->ip_type_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport_plugin table:<%s> schema has no" - " ip_type column", __FUNCTION__, __LINE__, - table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "ip_addr"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->ip_addr_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport_plugin table:<%s> schema has no" - " ip_addr column", __FUNCTION__, __LINE__, - table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "port1"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->port1_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport_plugin table:<%s> schema has no" - " port1 column", __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "port2"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->port2_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport_plugin table:<%s> schema has no" - " port2 column", __FUNCTION__, __LINE__, table_name); - goto error; - } - //gc_timeout_s is optional custom_item = cJSON_GetObjectItem(item, "gc_timeout_s"); if (custom_item != NULL && custom_item->type == cJSON_Number) { @@ -269,93 +223,78 @@ void ipport_plugin_runtime_free(void *ipport_plugin_runtime) static struct ipport_item * ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name, - const char *line, struct log_handle *logger) + const cJSON *json, struct log_handle *logger) { - size_t column_offset = 0; - size_t column_len = 0; - char ip_str[40] = {0}; + char ip_str[128] = {0}; struct ipport_item *ipport_item = ALLOC(struct ipport_item, 1); + cJSON *tmp_obj = NULL; + int ret = 0; - int ret = get_column_pos(line, schema->item_id_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_Number) { log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s> has no item_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ipport table:<%s> has no key or invalid format, line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - ipport_item->item_id = atoll(line + column_offset); + ipport_item->item_id = atoll(tmp_obj->valuestring); - ret = get_column_pos(line, schema->ip_type_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "ip"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s> has no ip_type in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ipport table:<%s> has no ip or invalid format in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - ipport_item->ip_type = atoi(line + column_offset); + strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); - if (ipport_item->ip_type != IPV4 && ipport_item->ip_type != IPV6) { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s> has invalid ip type:%d in line:%s", - __FUNCTION__, __LINE__, table_name, ipport_item->ip_type, line); - goto error; + if (strchr(ip_str, ':') != NULL) { + ipport_item->ip_type = IPV6; + } else { + ipport_item->ip_type = IPV4; } - ret = get_column_pos(line, schema->ip_addr_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s> has no ip_addr in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - memcpy(ip_str, (line + column_offset), column_len); - if (IPV4 == ipport_item->ip_type) { - uint32_t ipv4_addr = 0; - ret = inet_pton(AF_INET, ip_str, &ipv4_addr); + ret = ip_format2range(ip_str, ipport_item->ip_type, &ipport_item->ipv4.min_ip, &ipport_item->ipv4.max_ip); if (ret < 0) { log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - ipport_item->ipv4.min_ip = ipv4_addr; - ipport_item->ipv4.max_ip = ipv4_addr; } else { //ipv6 - uint32_t ipv6_addr[4] = {0}; - ret = inet_pton(AF_INET6, ip_str, ipv6_addr); + ret = ip_format2range(ip_str, ipport_item->ip_type, ipport_item->ipv6.min_ip, ipport_item->ipv6.max_ip); if (ret < 0) { log_fatal(logger, MODULE_IPPORT_PLUGIN, "[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - memcpy(ipport_item->ipv6.min_ip, ipv6_addr, sizeof(ipv6_addr)); } - ret = get_column_pos(line, schema->port1_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "port"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s>) has no port1 in line:%s", - __FUNCTION__, __LINE__, table_name, line); + "[%s:%d] ipport table:<%s> has no port or invalid format in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - ipport_item->min_port = atoi(line + column_offset); - ret = get_column_pos(line, schema->port2_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_IPPORT_PLUGIN, - "[%s:%d] ipport table:<%s> has no port2 in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; + char port_range[20] = {0}; + memcpy(port_range, tmp_obj->valuestring, strlen(tmp_obj->valuestring)); + + //port range is port or port_start-port_end + if(strchr(port_range,'-')!=NULL){ + char *saveptr = NULL; + char *port_start = strtok_r(port_range,"-", &saveptr); + char *port_end = strtok_r(NULL,"-", &saveptr); + ipport_item->min_port = atoi(port_start); + ipport_item->max_port = atoi(port_end); + } else { + ipport_item->min_port = atoi(port_range); + ipport_item->max_port = atoi(port_range); } - ipport_item->max_port = atoi(line + column_offset); return ipport_item; error: @@ -376,7 +315,7 @@ static int ipport_plugin_runtime_update_row(struct ipport_plugin_runtime *ipport_plugin_rt, const char *table_name, const char *row, const char *key, size_t key_len, - struct ipport_item *ipport_item, int is_valid) + struct ipport_item *ipport_item, enum maat_operation op) { int ret = -1; struct ex_data_runtime *ex_data_rt = ipport_plugin_rt->ex_data_rt; @@ -384,7 +323,7 @@ ipport_plugin_runtime_update_row(struct ipport_plugin_runtime *ipport_plugin_rt, return -1; } - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { // delete ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); if (ret < 0) { @@ -415,7 +354,7 @@ ipport_plugin_runtime_update_row(struct ipport_plugin_runtime *ipport_plugin_rt, int ipport_plugin_runtime_update(void *ipport_plugin_runtime, void *ipport_plugin_schema, const char *table_name, - const char *line, int valid_column) + const char *line, enum maat_operation op) { if (NULL == ipport_plugin_runtime || NULL == ipport_plugin_schema || NULL == line) { @@ -429,56 +368,64 @@ int ipport_plugin_runtime_update(void *ipport_plugin_runtime, struct ipport_plugin_runtime *ipport_plugin_rt = (struct ipport_plugin_runtime *)ipport_plugin_runtime; - size_t item_id_offset = 0, item_id_len = 0; + int ret = 0; + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { + log_fatal(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN, + "[%s:%d]ipport_plugin table:<%s> has no key or invalid format, line:%s", + __FUNCTION__, __LINE__, table_name, line); ipport_plugin_rt->update_err_cnt++; - return -1; - } - - int ret = get_column_pos(line, schema->item_id_column, - &item_id_offset, &item_id_len); - if (ret < 0) { - ipport_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } if (1 == schema->container_schema.set_flag) { - if (1 == is_valid) { + if (MAAT_OP_ADD == op) { // add - ipport_item = ipport_item_new(schema, table_name, line, + ipport_item = ipport_item_new(schema, table_name, json, ipport_plugin_rt->logger); if (NULL == ipport_item) { ipport_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } } - const char *key = line + item_id_offset; - size_t key_len = item_id_len; + const char *key = tmp_obj->valuestring; + size_t key_len = strlen(key); ret = ipport_plugin_runtime_update_row(ipport_plugin_rt, table_name, line, key, key_len, ipport_item, - is_valid); + op); if (ret < 0) { log_fatal(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN, "[%s:%d]ipport_plugin table:<%s> update one line failed, " "line:%s", __FUNCTION__, __LINE__, table_name, line); ipport_plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } log_debug(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN, "ipport_plugin table:<%s> update one line, key:%s, key_len:%zu," - " is_valid:%d", table_name, key, key_len, is_valid); + " maat_op:%d", table_name, key, key_len, op); } else { //ex_schema not set - ex_data_runtime_cache_row_put(ipport_plugin_rt->ex_data_rt, line); + ex_data_runtime_cache_row_put(ipport_plugin_rt->ex_data_rt, line, op); ipport_plugin_rt->rule_num = ex_data_runtime_cached_row_count(ipport_plugin_rt->ex_data_rt); } return 0; + +ERROR: + if (NULL != ipport_item) { + ipport_item_free(ipport_item); + } + if (NULL != json) { + cJSON_Delete(json); + } + + return -1; } static void diff --git a/src/maat_object.c b/src/maat_object.c index c0e9eee..9b1d4f5 100644 --- a/src/maat_object.c +++ b/src/maat_object.c @@ -29,9 +29,6 @@ struct object2object_item { }; struct object2object_schema { - int object_id_column; - int incl_sub_object_ids_column; - int excl_sub_object_ids_column; int table_id; struct table_manager *ref_tbl_mgr; }; @@ -92,7 +89,6 @@ void *object2object_schema_new(cJSON *json, struct table_manager *tbl_mgr, { struct object2object_schema *g2g_schema = ALLOC(struct object2object_schema, 1); - cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { g2g_schema->table_id = item->valueint; @@ -103,44 +99,6 @@ void *object2object_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - item = cJSON_GetObjectItem(json, "custom"); - if (item == NULL || item->type != cJSON_Object) { - log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "object_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2g_schema->object_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> schema has no object_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "included_sub_object_ids"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2g_schema->incl_sub_object_ids_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> schema has no included_sub_object_ids column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "excluded_sub_object_ids"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2g_schema->excl_sub_object_ids_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> schema has no excluded_sub_object_ids column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - g2g_schema->ref_tbl_mgr = tbl_mgr; return g2g_schema; error: @@ -323,40 +281,47 @@ static struct object2object_item * object2object_item_new(const char *line, struct object2object_schema *g2g_schema, const char *table_name, struct log_handle *logger) { - size_t column_offset = 0; - size_t column_len = 0; + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); + + if (json == NULL) { + log_fatal(logger, MODULE_OBJECT, + "[%s:%d] g2g table:<%s> line:<%s> parse json failed", + __FUNCTION__, __LINE__, table_name, line); + return NULL; + } + struct object2object_item *g2g_item = ALLOC(struct object2object_item, 1); utarray_new(g2g_item->incl_sub_object_ids, &ut_object_id_icd); utarray_new(g2g_item->excl_sub_object_ids, &ut_object_id_icd); - int ret = get_column_pos(line, g2g_schema->object_id_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "object_id"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2 table:<%s> has no object_id in line:%s", + "[%s:%d] g2g table:<%s> has no object_id or format is not string in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - g2g_item->object_id = atoll(line + column_offset); + g2g_item->object_id = atoll(tmp_obj->valuestring); - ret = get_column_pos(line, g2g_schema->incl_sub_object_ids_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "include_object_ids"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> has no included_sub_object_ids in line:%s", + "[%s:%d] g2g table:<%s> has no included_sub_object_ids or format is not array in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - char object_ids_str[MAX_OBJECT_IDS_STR_LEN] = {0}; - memcpy(object_ids_str, line + column_offset, MIN(MAX_OBJECT_IDS_STR_LEN, column_len)); - - ret = ids_str2longlong_array(object_ids_str, g2g_item->incl_sub_object_ids); - if (ret < 0) { - log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2c table:<%s> included_sub_object_ids str2longlong failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; + for (int i = 0; i < cJSON_GetArraySize(tmp_obj); i++) { + cJSON *item = cJSON_GetArrayItem(tmp_obj, i); + if (item == NULL || item->type != cJSON_String) { + log_fatal(logger, MODULE_OBJECT, + "[%s:%d] g2g table:<%s> included_sub_object_ids format error in line:%s", + __FUNCTION__, __LINE__, table_name, line); + goto error; + } + long long object_id = atoll(item->valuestring); + utarray_push_back(g2g_item->incl_sub_object_ids, &object_id); } if (utarray_len(g2g_item->incl_sub_object_ids) > MAX_OBJECT_CNT) { @@ -366,24 +331,24 @@ object2object_item_new(const char *line, struct object2object_schema *g2g_schema goto error; } - ret = get_column_pos(line, g2g_schema->excl_sub_object_ids_column, - &column_offset, &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "exclude_object_ids"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> has no excluded_sub_object_ids in line:%s", + "[%s:%d] g2g table:<%s> has no excluded_sub_object_ids or format is not array in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - memset(object_ids_str, 0, sizeof(object_ids_str)); - memcpy(object_ids_str, line + column_offset, MIN(MAX_OBJECT_IDS_STR_LEN, column_len)); - - ret = ids_str2longlong_array(object_ids_str, g2g_item->excl_sub_object_ids); - if (ret < 0) { - log_fatal(logger, MODULE_OBJECT, - "[%s:%d] g2c table:<%s> excluded_sub_object_ids str2longlong failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; + for (int i = 0; i < cJSON_GetArraySize(tmp_obj); i++) { + cJSON *item = cJSON_GetArrayItem(tmp_obj, i); + if (item == NULL || item->type != cJSON_String) { + log_fatal(logger, MODULE_OBJECT, + "[%s:%d] g2g table:<%s> excluded_sub_object_ids format error in line:%s", + __FUNCTION__, __LINE__, table_name, line); + goto error; + } + long long object_id = atoll(item->valuestring); + utarray_push_back(g2g_item->excl_sub_object_ids, &object_id); } if (utarray_len(g2g_item->excl_sub_object_ids) > MAX_OBJECT_CNT) { @@ -743,7 +708,7 @@ static int object_topology_build_super_objects(struct maat_object_topology *obje int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == g2g_runtime || NULL == g2g_schema || NULL == line) { @@ -752,15 +717,6 @@ int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, struct object2object_schema *schema = (struct object2object_schema *)g2g_schema; struct object2object_runtime *g2g_rt = (struct object2object_runtime *)g2g_runtime; - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { - log_fatal(g2g_rt->logger, MODULE_OBJECT, - "[%s:%d] g2g table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); - g2g_rt->update_err_cnt++; - return -1; - } struct object2object_item *g2g_item = object2object_item_new(line, schema, table_name, g2g_rt->logger); @@ -779,7 +735,7 @@ int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, size_t i = 0; int err_flag = 0; long long *sub_object_id = NULL; - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { //delete for (i = 0; i < utarray_len(g2g_item->incl_sub_object_ids); i++) { sub_object_id = (long long *)utarray_eltptr(g2g_item->incl_sub_object_ids, i); diff --git a/src/maat_plugin.c b/src/maat_plugin.c index 442dede..b1f7bbf 100644 --- a/src/maat_plugin.c +++ b/src/maat_plugin.c @@ -54,12 +54,10 @@ enum plugin_key_type { struct plugin_schema { enum plugin_key_type key_type; int key_len; - int key_column; - int addr_type_column; - int rule_tag_column; + char key_name[MAX_NAME_STR_LEN]; int gc_timeout_s; int n_foreign; - int foreign_columns[MAX_FOREIGN_CLMN_NUM]; + char foreign_names[MAX_FOREIGN_CLMN_NUM][MAX_FOREIGN_NAME_LEN + 1]; size_t cb_cnt; struct plugin_callback_schema cb[MAX_PLUGIN_PER_TABLE]; struct ex_container_schema container_schema; @@ -68,23 +66,6 @@ struct plugin_schema { struct log_handle *logger; }; -static int read_integer_array(char *string, int *array, int size) -{ - int i = 0; - char *token = NULL, *sub_token = NULL, *saveptr; - - for (i = 0, token = string; i < size; token= NULL, i++) { - sub_token = strtok_r(token, ",", &saveptr); - if (sub_token == NULL) { - break; - } - - sscanf(sub_token, "%d", array + i); - } - - return i; -} - void *plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, const char *table_name, struct log_handle *logger) { @@ -105,14 +86,14 @@ void *plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, /* custom is optional */ item = cJSON_GetObjectItem(json, "custom"); if (item != NULL && item->type == cJSON_Object) { - custom_item = cJSON_GetObjectItem(item, "key"); - if (NULL == custom_item || custom_item->type != cJSON_Number) { + custom_item = cJSON_GetObjectItem(item, "key_name"); + if (NULL == custom_item || custom_item->type != cJSON_String) { log_fatal(logger, MODULE_PLUGIN, - "[%s:%d]plugin table:<%s> schema has no key column", + "[%s:%d]plugin table:<%s> schema has no key_name column", __FUNCTION__, __LINE__, table_name); goto error; } - schema->key_column = custom_item->valueint; + strncpy(schema->key_name, custom_item->valuestring, sizeof(schema->key_name) - 1); custom_item = cJSON_GetObjectItem(item, "key_type"); if (NULL == custom_item || custom_item->type != cJSON_String) { @@ -137,15 +118,6 @@ void *plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, schema->key_len = custom_item->valueint; } else if (strcmp(custom_item->valuestring, "ip_addr") == 0) { schema->key_type = PLUGIN_KEY_TYPE_IP_ADDR; - custom_item = cJSON_GetObjectItem(item, "addr_type"); - if (NULL == custom_item || custom_item->type != cJSON_Number) { - log_fatal(logger, MODULE_PLUGIN, - "[%s:%d]plugin table:<%s> schema ip_addr key must" - " have addr_type column", __FUNCTION__, __LINE__, - table_name); - goto error; - } - schema->addr_type_column = custom_item->valueint; } else { log_fatal(logger, MODULE_PLUGIN, "[%s:%d]plugin table:<%s> schema key_type:%s is illegal, " @@ -154,31 +126,33 @@ void *plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "tag"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->rule_tag_column = custom_item->valueint; - } - - custom_item = cJSON_GetObjectItem(item, "foreign"); - if (custom_item != NULL) { - if (custom_item->type == cJSON_String) { - schema->n_foreign = read_integer_array(custom_item->valuestring, - schema->foreign_columns, - MAX_FOREIGN_CLMN_NUM); - } else if (custom_item->type == cJSON_Array) { - schema->n_foreign = cJSON_GetArraySize(custom_item); - for (int i = 0; i < schema->n_foreign; i++) { - cJSON *foreign_item = cJSON_GetArrayItem(custom_item, i); - assert(foreign_item->type == cJSON_Number); - schema->foreign_columns[i] = foreign_item->valueint; - } - } - } - custom_item = cJSON_GetObjectItem(item, "gc_timeout_s"); if (custom_item != NULL && custom_item->type == cJSON_Number) { schema->gc_timeout_s = custom_item->valueint; } + + custom_item = cJSON_GetObjectItem(item, "foreign_names"); + if (custom_item != NULL && custom_item->type == cJSON_Array) { + schema->n_foreign = cJSON_GetArraySize(custom_item); + if (schema->n_foreign > MAX_FOREIGN_CLMN_NUM) { + log_fatal(logger, MODULE_PLUGIN, + "[%s:%d]plugin table:<%s> schema foreign_names number" + " exceed maxium:%d", __FUNCTION__, __LINE__, table_name, + MAX_FOREIGN_CLMN_NUM); + goto error; + } + + for (int i = 0; i < schema->n_foreign; i++) { + cJSON *foreign_item = cJSON_GetArrayItem(custom_item, i); + if (foreign_item == NULL || foreign_item->type != cJSON_String) { + log_fatal(logger, MODULE_PLUGIN, + "[%s:%d]plugin table:<%s> schema foreign_names" + " has invalid format", __FUNCTION__, __LINE__, table_name); + goto error; + } + strncpy(schema->foreign_names[i], foreign_item->valuestring, sizeof(schema->foreign_names[i]) - 1); + } + } } schema->ref_tbl_mgr = tbl_mgr; @@ -245,19 +219,18 @@ void plugin_table_all_callback_finish(struct plugin_schema *plugin_schema) } } -int plugin_table_get_foreign_column(struct plugin_schema *plugin_schema, - int *foreign_columns) +int plugin_table_get_foreign_names(struct plugin_schema *plugin_schema, + char foreign_names[MAX_FOREIGN_CLMN_NUM][MAX_FOREIGN_NAME_LEN + 1]) { if (NULL == plugin_schema) { return -1; } - int n_foreign = plugin_schema->n_foreign; - for (int i = 0; i < n_foreign; i++) { - foreign_columns[i] = plugin_schema->foreign_columns[i]; + for (int i = 0; i < plugin_schema->n_foreign; i++) { + strncpy(foreign_names[i], plugin_schema->foreign_names[i], MAX_FOREIGN_NAME_LEN); } - return n_foreign; + return plugin_schema->n_foreign; } int plugin_table_set_ex_container_schema(void *plugin_schema, int table_id, @@ -347,14 +320,14 @@ void plugin_runtime_free(void *plugin_runtime) static int plugin_runtime_update_row(struct plugin_runtime *plugin_rt, struct plugin_schema *plugin_schema, const char *table_name, const char *row, - const char *key, size_t key_len, int is_valid) + const char *key, size_t key_len, enum maat_operation op) { int ret = -1; struct ex_container_schema *container_schema = &(plugin_schema->container_schema); /* already set plugin_table_schema's ex_data_schema */ if (1 == container_schema->set_flag) { - if (is_valid == 0) { + if (MAAT_OP_DEL == op) { // delete ret = ex_data_runtime_del_ex_container(plugin_rt->ex_data_rt, key, key_len); if (ret < 0) { @@ -382,13 +355,13 @@ static int plugin_runtime_update_row(struct plugin_runtime *plugin_rt, size_t cb_count = plugin_schema->cb_cnt; if (cb_count > 0) { for (size_t i = 0; i < cb_count; i++) { - plugin_schema->cb[i].update(plugin_schema->table_id, row, + plugin_schema->cb[i].update(plugin_schema->table_id, row, op, plugin_schema->cb[i].u_para); } } if (0 == container_schema->set_flag) { - ex_data_runtime_cache_row_put(plugin_rt->ex_data_rt, row); + ex_data_runtime_cache_row_put(plugin_rt->ex_data_rt, row, op); plugin_rt->rule_num = ex_data_runtime_cached_row_count(plugin_rt->ex_data_rt); } @@ -396,40 +369,42 @@ static int plugin_runtime_update_row(struct plugin_runtime *plugin_rt, } static int plugin_accept_tag_match(struct plugin_schema *schema, - const char *table_name, const char *line, + const char *table_name, const cJSON *json, struct log_handle *logger) { - size_t column_offset = 0; - size_t column_len = 0; + size_t tag_len = 0; size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); + cJSON *tmp_obj = NULL; + int ret = 0; - if (schema->rule_tag_column > 0 && n_tag > 0) { - int ret = get_column_pos(line, schema->rule_tag_column, &column_offset, - &column_len); - if (ret < 0) { + tmp_obj = cJSON_GetObjectItem(json, "tag"); + + if (tmp_obj != NULL && n_tag > 0) { + if (tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_PLUGIN, - "[%s:%d] table: <%s> has no rule_tag(column_seq:%d) " - "in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->rule_tag_column, line); + "[%s:%d] table: <%s> has invalid tag format in json, line %s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return TAG_MATCH_ERR; } - if (column_len > 2) { - char *tag_str = ALLOC(char, column_len + 1); - memcpy(tag_str, (line + column_offset), column_len); + tag_len = strlen(tmp_obj->valuestring); + + if (tag_len > 2) { + char *tag_str = ALLOC(char, tag_len + 1); + memcpy(tag_str, tmp_obj->valuestring, tag_len); ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); FREE(tag_str); if (TAG_MATCH_ERR == ret) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] table: <%s> has invalid tag format in table_line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return TAG_MATCH_ERR; } if (TAG_MATCH_UNMATCHED == ret) { log_fatal(logger, MODULE_PLUGIN, "[%s:%d] table: <%s> has unmatched tag in table_line:%s", - __FUNCTION__, __LINE__, table_name, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return TAG_MATCH_UNMATCHED; } } @@ -439,7 +414,7 @@ static int plugin_accept_tag_match(struct plugin_schema *schema, } static int plugin_table_line_get_ip_key(struct plugin_schema *schema, - const char *table_name, const char *line, + const char *table_name, const cJSON *json, const char *src_key, size_t src_key_len, char *dst_key, size_t *dst_key_len, struct log_handle *logger) @@ -448,18 +423,18 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> ip_key too long exceed maximum:%d in " "table_line:%s", __FUNCTION__, __LINE__, table_name, - INET6_ADDRSTRLEN, line); + INET6_ADDRSTRLEN, cJSON_Print(json)); return -1; } - size_t addr_type_offset = 0, addr_type_len = 0; - int ret = get_column_pos(line, schema->addr_type_column, - &addr_type_offset, &addr_type_len); - if (ret < 0) { + cJSON *tmp_obj = NULL; + int ret = 0; + + tmp_obj = cJSON_GetObjectItem(json, "addr_type"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> has no addr_type(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->addr_type_column, line); + "[%s:%d] plugin table:<%s> has no addr_type or not string format in table_line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return -1; } @@ -467,15 +442,15 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, // snprintf() write at most (key_len+1) bytes (including the terminating null{'\0}) to ip_key. snprintf(ip_key, src_key_len + 1, "%s", src_key); - int addr_type = atoi(line + addr_type_offset); + int addr_type = atoi(tmp_obj->valuestring); if (IPV4 == addr_type) { uint32_t ipv4_addr; ret = inet_pton(AF_INET, ip_key, &ipv4_addr); if (ret <= 0) { log_fatal(logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> ipv4 key(column seq:%d)" + "[%s:%d] plugin table:<%s> ipv4 key" " illegal in table_line:%s", - __FUNCTION__, __LINE__, table_name, schema->key_column, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return -1; } @@ -486,9 +461,9 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, ret = inet_pton(AF_INET6, ip_key, ipv6_addr); if (ret <= 0) { log_fatal(logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> ipv6 key(column seq:%d)" + "[%s:%d] plugin table:<%s> ipv6 key" " illegal in table_line:%s", - __FUNCTION__, __LINE__, table_name, schema->key_column, line); + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); return -1; } @@ -498,7 +473,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, log_fatal(logger, MODULE_PLUGIN, "[%s:%d] plugin table:<%s> addr_type:%d illegal, just" " allow{4, 6}, table_line:%s", - __FUNCTION__, __LINE__, table_name, addr_type, line); + __FUNCTION__, __LINE__, table_name, addr_type, cJSON_Print(json)); return -1; } @@ -506,24 +481,11 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema, } static int plugin_table_line_get_key(struct plugin_schema *schema, - const char *table_name, const char *line, + const char *table_name, const cJSON *json, const char *src_key, size_t src_key_len, char *dst_key, size_t *dst_key_len, struct log_handle *logger) { - size_t plugin_key_offset = 0, plugin_key_len = 0; - - int ret = get_column_pos(line, schema->key_column, &plugin_key_offset, &plugin_key_len); - if (ret < 0) { - log_fatal(logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> has no key(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->key_column, line); - return -1; - } - - - if (schema->key_type == PLUGIN_KEY_TYPE_POINTER) { memcpy(dst_key, src_key, src_key_len); *dst_key_len = src_key_len; @@ -538,7 +500,7 @@ static int plugin_table_line_get_key(struct plugin_schema *schema, *dst_key_len = schema->key_len; } else { //PLUGIN_KEY_TYPE_IP_ADDR - return plugin_table_line_get_ip_key(schema, table_name, line, src_key, + return plugin_table_line_get_ip_key(schema, table_name, json, src_key, src_key_len, dst_key, dst_key_len, logger); } @@ -548,7 +510,7 @@ static int plugin_table_line_get_key(struct plugin_schema *schema, int plugin_runtime_update(void *plugin_runtime, void *plugin_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == plugin_runtime || NULL == plugin_schema || NULL == line) { @@ -557,65 +519,71 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema, struct plugin_schema *schema = (struct plugin_schema *)plugin_schema; struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime; - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); + + if (NULL == json) { log_fatal(plugin_rt->logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); - plugin_rt->update_err_cnt++; + "[%s:%d] plugin table:<%s> line is not json format, line:%s", + __FUNCTION__, __LINE__, table_name, line); return -1; } - int ret = plugin_accept_tag_match(schema, table_name, line, plugin_rt->logger); + int ret = plugin_accept_tag_match(schema, table_name, json, plugin_rt->logger); if (ret == TAG_MATCH_UNMATCHED) { plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } - size_t raw_key_offset = 0, raw_key_len = 0; - ret = get_column_pos(line, schema->key_column, &raw_key_offset, &raw_key_len); - if (ret < 0) { + size_t raw_key_len = 0; + tmp_obj = cJSON_GetObjectItem(json, schema->key_name); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(plugin_rt->logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> has no key(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->key_column, line); - return -1; + "[%s:%d] plugin table:<%s> has no key_name or invalid format in table_line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); + goto ERROR; } + raw_key_len = strlen(tmp_obj->valuestring); if (raw_key_len > MAX_KEYWORDS_STR_LEN) { log_fatal(plugin_rt->logger, MODULE_PLUGIN, - "[%s:%d] plugin table:<%s> key(column seq:%d) length exceed maxium:%d" + "[%s:%d] plugin table:<%s> key length exceed maxium:%d" " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->key_column, MAX_KEYWORDS_STR_LEN, line); - return -1; + MAX_KEYWORDS_STR_LEN, line); + goto ERROR; } - const char *raw_key = line + raw_key_offset; + const char *raw_key = tmp_obj->valuestring; char hash_key[MAX_KEYWORDS_STR_LEN + 1] = {0}; size_t hash_key_len = 0; - ret = plugin_table_line_get_key(schema, table_name, line, raw_key, raw_key_len, + ret = plugin_table_line_get_key(schema, table_name, json, raw_key, raw_key_len, hash_key, &hash_key_len, plugin_rt->logger); if (ret < 0) { plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } ret = plugin_runtime_update_row(plugin_rt, schema, table_name, line, - hash_key, hash_key_len, is_valid); + hash_key, hash_key_len, op); if (ret < 0) { plugin_rt->update_err_cnt++; - return -1; + goto ERROR; } char print_key[MAX_KEYWORDS_STR_LEN + 1] = {0}; memcpy(print_key, raw_key, raw_key_len); log_debug(plugin_rt->logger, MODULE_PLUGIN, - "plugin table:<%s> update one line, key:%s, key_len:%zu, is_valid:%d", - table_name, print_key, raw_key_len, is_valid); + "plugin table:<%s> update one line, key:%s, key_len:%zu, maat_operation:%d", + table_name, print_key, raw_key_len, op); return 0; + +ERROR: + if (json) { + cJSON_Delete(json); + } + return -1; } int plugin_runtime_commit(void *plugin_runtime, const char *table_name, @@ -691,7 +659,7 @@ size_t plugin_runtime_cached_row_count(void *plugin_runtime) return ex_data_runtime_cached_row_count(plugin_rt->ex_data_rt); } -const char *plugin_runtime_cached_row_get(void *plugin_runtime, size_t index) +const struct ex_data_row *plugin_runtime_cached_row_get(void *plugin_runtime, size_t index) { if (NULL == plugin_runtime) { return NULL; diff --git a/src/maat_redis_monitor.c b/src/maat_redis_monitor.c index 7b24be9..bc3f2f6 100644 --- a/src/maat_redis_monitor.c +++ b/src/maat_redis_monitor.c @@ -64,62 +64,17 @@ get_foreign_cont_filename(const char *table_name, long long rule_id, return filename; } -static const char * -maat_cmd_find_Nth_column(const char *line, int Nth, int *column_len) -{ - size_t i = 0; - int j = 0; - size_t start=0, end=0; - size_t line_len = strlen(line); - - for (i = 0; i < line_len; i++) { - if (line[i] != ' ' && line[i] != '\t') { - continue; - } - - j++; - if (j == Nth - 1) { - start = i + 1; - } - - if(j == Nth) { - end = i; - break; - } - } - - if (start == end) { - return NULL; - } - - if (end == 0) { - end = i; - } - - *column_len = end - start; - - return line + start; -} - static void -get_foregin_keys(struct serial_rule *p_rule, int *foreign_columns, +get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIGN_CLMN_NUM][MAX_FOREIGN_NAME_LEN + 1], int n_foreign, const char *dir, struct log_handle *logger) { int foreign_key_size = 0; p_rule->f_keys = ALLOC(struct foreign_key, n_foreign); for (int i = 0; i < n_foreign; i++) { - const char *p_foreign = - maat_cmd_find_Nth_column(p_rule->table_line, foreign_columns[i], - &foreign_key_size); - if (NULL == p_foreign) { - log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Get %s,%lld foreign keys failed: No %dth column", - __FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_id, - foreign_columns[i]); - continue; - } + const char *p_foreign = foreign_names[i]; + foreign_key_size = strlen(p_foreign); //emtpy file if (0 == strncasecmp(p_foreign, "null", strlen("null"))) { continue; @@ -134,7 +89,6 @@ get_foregin_keys(struct serial_rule *p_rule, int *foreign_columns, continue; } - p_rule->f_keys[p_rule->n_foreign].column = foreign_columns[i]; foreign_key_size = foreign_key_size - strlen(foreign_source_prefix); p_foreign += strlen(foreign_source_prefix); @@ -172,7 +126,7 @@ get_foreign_keys_define(redisContext *ctx, struct serial_rule *rule_list, int table_id = table_manager_get_table_id(maat_inst->tbl_mgr, rule_list[i].table_name); - void *schema = table_manager_get_schema(maat_inst->tbl_mgr, table_id); + struct plugin_schema *schema = table_manager_get_schema(maat_inst->tbl_mgr, table_id); enum table_type table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id); @@ -181,15 +135,15 @@ get_foreign_keys_define(redisContext *ctx, struct serial_rule *rule_list, continue; } - int foreign_columns[8]; - int n_foreign_column = - plugin_table_get_foreign_column((struct plugin_schema *)schema, - foreign_columns); - if (0 == n_foreign_column) { + char foreign_names[MAX_FOREIGN_CLMN_NUM][MAX_FOREIGN_NAME_LEN + 1]; + int n_foreign = + plugin_table_get_foreign_names(schema, + foreign_names); + if (0 == n_foreign) { continue; } - get_foregin_keys(rule_list+i, foreign_columns, n_foreign_column, + get_foregin_keys(rule_list+i, foreign_names, n_foreign, dir, maat_inst->logger); rule_with_foreign_key++; } @@ -202,33 +156,33 @@ int maat_get_foreign_keys_by_prefix(redisContext *ctx, int rule_num, const char* dir, struct log_handle *logger) { - int j = 0; - int foreign_key_size = 0; int rule_with_foreign_key = 0; - const char *p_foreign = NULL; int n_foreign = 0; - int foreign_columns[MAX_FOREIGN_CLMN_NUM]; + char foreign_names[MAX_FOREIGN_CLMN_NUM][MAX_FOREIGN_NAME_LEN + 1]; for (int i = 0; i < rule_num; i++) { - j = 1; n_foreign = 0; - do { - p_foreign = maat_cmd_find_Nth_column(rule_list[i].table_line, j, - &foreign_key_size); + memset(foreign_names, 0, sizeof(foreign_names)); - if (p_foreign != NULL && - foreign_key_size > (int)strlen(foreign_source_prefix) && - 0 == strncmp(p_foreign, foreign_source_prefix, - strlen(foreign_source_prefix))) { - foreign_columns[n_foreign] = j; - n_foreign++; + cJSON *json = cJSON_Parse(rule_list[i].table_line); + if (json != NULL) { + cJSON *item = NULL; + cJSON_ArrayForEach(item, json) { + if (item->type == cJSON_String) { + if (strlen(item->valuestring) > strlen(foreign_source_prefix) && + 0 == strncmp(item->valuestring, foreign_key_prefix, strlen(foreign_key_prefix))) { + + strncpy(foreign_names[n_foreign], item->valuestring, + MAX_FOREIGN_NAME_LEN); + n_foreign++; + } + } } - j++; - } while (p_foreign != NULL && n_foreign < MAX_FOREIGN_CLMN_NUM); + } if (n_foreign > 0) { - get_foregin_keys(rule_list+i, foreign_columns, n_foreign, + get_foregin_keys(rule_list+i, foreign_names, n_foreign, dir, logger); rule_with_foreign_key++; } @@ -799,53 +753,31 @@ void maat_get_foreign_conts(redisContext *c, } } -static int validate_line(char *line, int column_seq) -{ - if (NULL == line || column_seq < 0) { - return -1; - } - - int offset = maat_get_valid_flag_offset(line, column_seq); - if (offset < 0) { - return -1; - } - - line[offset] = '0'; - - return 0; -} - void maat_rewrite_table_line_with_foreign(struct serial_rule *s_rule) { - int i = 0; - size_t fn_size = 0; - - for (i = 0; i < s_rule->n_foreign; i++) { - fn_size += strlen(s_rule->f_keys[i].filename); - } - - char *rewrite_line = ALLOC(char, strlen(s_rule->table_line) + fn_size + 1); - char *pos_rewrite_line = rewrite_line; - const char *pos_origin_line = s_rule->table_line; - - for (i = 0; i < s_rule->n_foreign; i++) { - int origin_column_size = 0; - const char *origin_column = - maat_cmd_find_Nth_column(s_rule->table_line, s_rule->f_keys[i].column, - &origin_column_size); + int i = 0; - strncat(pos_rewrite_line, pos_origin_line, origin_column - pos_origin_line); - pos_rewrite_line += origin_column - pos_origin_line; - pos_origin_line = origin_column+origin_column_size; - strncat(pos_rewrite_line, s_rule->f_keys[i].filename, - strlen(s_rule->f_keys[i].filename)); - pos_rewrite_line += strlen(s_rule->f_keys[i].filename); + cJSON *json = cJSON_Parse(s_rule->table_line); + if (NULL == json) { + return; } - strncat(pos_rewrite_line, pos_origin_line, - strlen(s_rule->table_line) - (pos_origin_line - s_rule->table_line)); + for (i = 0; i < s_rule->n_foreign; i++) { + cJSON *tmp_obj = cJSON_GetObjectItem(json, s_rule->f_keys[i].key); + if (NULL == tmp_obj) { + continue; + } + + cJSON_DeleteItemFromObject(json, s_rule->f_keys[i].key); + cJSON_AddStringToObject(json, s_rule->f_keys[i].key, s_rule->f_keys[i].filename); + } + + char *rewrite_line_json = cJSON_PrintUnformatted(json); + cJSON_Delete(json); FREE(s_rule->table_line); - s_rule->table_line = rewrite_line; + s_rule->table_line = rewrite_line_json; + + return; } static void @@ -966,7 +898,7 @@ static void exec_serial_rule(redisContext *c, const char *transaction_list, struct serial_rule *s_rule, size_t rule_num, struct expected_reply *expect_reply, size_t *cnt, - size_t offset, int renew_allowed) + size_t offset) { size_t i = 0; size_t append_cmd_cnt = 0; @@ -1055,21 +987,6 @@ exec_serial_rule(redisContext *c, const char *transaction_list, expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0); (*cnt)++; append_cmd_cnt++; - break; - case MAAT_OP_RENEW_TIMEOUT: - if (renew_allowed != 1) { - continue; - } - //s_rule[i].timeout>0 was checked by caller. - redisAppendCommand(c, "ZADD %s %lld %s,%lld", - mr_expire_sset, - s_rule[i].timeout, - s_rule[i].table_name, - s_rule[i].rule_id); - expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0); - (*cnt)++; - append_cmd_cnt++; - break; default: assert(0); @@ -1129,12 +1046,6 @@ int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule, size_t max_multi_cmd_num = MAX_REDIS_OP_PER_SRULE * serial_rule_num + 2; // 2 for operation in exec_serial_rule_end() struct expected_reply *expected_reply = ALLOC(struct expected_reply, max_multi_cmd_num); - - for (i = 0; i < serial_rule_num; i++) { - if (s_rule[i].op == MAAT_OP_RENEW_TIMEOUT) { - renew_num++; - } - } int ret = exec_serial_rule_begin(c, serial_rule_num, renew_num, &renew_allowed, &transaction_version); @@ -1152,7 +1063,7 @@ int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule, while (success_cnt < serial_rule_num) { size_t batch_cnt = MIN(serial_rule_num - success_cnt, max_redis_batch); exec_serial_rule(c, transaction_list, s_rule + success_cnt, batch_cnt, - expected_reply, &multi_cmd_cnt, success_cnt, renew_allowed); + expected_reply, &multi_cmd_cnt, success_cnt); assert(multi_cmd_cnt 0 && renew_allowed != 1) { - for (i = 0; i < (unsigned int)serial_rule_num; i++) { - if (s_rule[i].op == MAAT_OP_RENEW_TIMEOUT) { - log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] %s %s %lld is not allowed due to lock contention", - __FUNCTION__, __LINE__, mr_op_str[MAAT_OP_RENEW_TIMEOUT], - s_rule[i].table_name, s_rule[i].rule_id); - } - } - - if (success_cnt > 0) { - success_cnt -= renew_num; - } - } - FREE(expected_reply); return success_cnt; @@ -1346,7 +1242,7 @@ check_maat_expiration(redisContext *c, struct log_handle *logger) void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx, void (*start_fn)(long long, int, void *), - int (*update_fn)(const char *, const char *, void *), + int (*update_fn)(const char *, const char *, void *, enum maat_operation), void (*finish_fn)(void *), void *u_param) { int i = 0; @@ -1355,7 +1251,6 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx, int empty_value_num = 0; int no_table_num = 0; int call_update_num = 0; - int valid_column = -1; struct maat *maat_inst = (struct maat *)u_param; //authorized to write @@ -1466,23 +1361,11 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx, continue; } - if (rule_list[i].op == MAAT_OP_DEL) { - valid_column = table_manager_get_valid_column(maat_inst->tbl_mgr, - table_id); - ret = validate_line(rule_list[i].table_line, valid_column); - if (ret < 0) { - log_fatal(maat_inst->logger, MODULE_REDIS_MONITOR, - "[%s:%d] Validate line failed, invaid format %s", - __FUNCTION__, __LINE__, rule_list[i].table_line); - continue; - } - } - if (rule_list[i].n_foreign > 0) { maat_rewrite_table_line_with_foreign(rule_list+i); } - update_fn(rule_list[i].table_name, rule_list[i].table_line, u_param); + update_fn(rule_list[i].table_name, rule_list[i].table_line, u_param, rule_list[i].op); call_update_num++; } diff --git a/src/maat_rule.c b/src/maat_rule.c index 144b2e7..d28d7df 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -36,40 +36,18 @@ enum condition_negate_option { }; struct rule_schema { - int rule_id_column; - int rule_tag_column; - int declared_condition_num_column; int table_id; struct table_manager *ref_tbl_mgr; struct log_handle *logger; }; -struct object2rule_schema { - int object_id_column; - int rule_id_column; - int negate_option_column; - int attribute_name_column; - int condition_index_column; - int asso_rule_table_id; //asso is abbreviation for associated - int table_id; - struct table_manager *ref_tbl_mgr; -}; - struct rule_item { - int declared_condition_num; + int condition_num; long long rule_id; char *table_line; size_t table_line_len; }; -struct object2rule_item { - UT_array *object_ids; - long long rule_id; - int negate_option; - int attribute_id; - int condition_index; -}; - struct condition_query_key { long long object_id; int attribute_id; @@ -105,6 +83,7 @@ struct rule_runtime { struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1) struct bool_expr_match *expr_match_buff; struct maat_garbage_bin *ref_garbage_bin; + struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM struct log_handle *logger; time_t version; @@ -112,14 +91,6 @@ struct rule_runtime { long long update_err_cnt; }; -struct object2rule_runtime { - long long not_condition_cnt; - long long rule_num; - long long update_err_cnt; - struct rule_runtime *ref_rule_rt; - struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM -}; - struct condition_literal { long long object_ids[MAX_OBJECT_CNT]; int object_cnt; @@ -128,22 +99,23 @@ struct condition_literal { struct rule_condition { long long condition_id; - UT_array *literals; //struct condition_literal + long long object_ids[MAX_OBJECT_CNT]; + int object_cnt; + int attribute_id; char negate_option; // 1 byte char in_use; // 1 byte char pad[6]; // for 8 bytes alignment }; struct rule_sort_para { - int declared_condition_num; + int condition_num; long long rule_id; }; #define MAAT_RULE_MAGIC 0x4a5b6c7d struct maat_rule { uint32_t magic_num; - int actual_condition_num; - int declared_condition_num; + int condition_num; int table_id; long long rule_id; void *user_data; // rule_item @@ -181,138 +153,14 @@ struct rule_compile_state { }; UT_icd ut_condition_id_icd = {sizeof(long long), NULL, NULL, NULL}; -UT_icd ut_condition_literal_icd = {sizeof(struct condition_literal), NULL, NULL, NULL}; UT_icd ut_rule_object_id_icd = {sizeof(long long), NULL, NULL, NULL}; UT_icd ut_maat_hit_object_icd = {sizeof(struct maat_hit_object), NULL, NULL, NULL}; UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL}; UT_icd ut_hit_rule_table_id_icd = {sizeof(struct rule2table_id), NULL, NULL, NULL}; -static struct maat_rule *maat_rule_new(long long rule_id) -{ - struct maat_rule *rule = ALLOC(struct maat_rule, 1); - - rule->magic_num = MAAT_RULE_MAGIC; - rule->rule_id = rule_id; - - for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - utarray_new(rule->conditions[i].literals, &ut_condition_literal_icd); - rule->conditions[i].in_use = 0; - rule->conditions[i].condition_id = 0; - } - - return rule; -} - -static int maat_rule_set(struct maat_rule *rule, int table_id, - int declared_condition_num, void *user_data) -{ - if (NULL == rule) { - return -1; - } - - rule->table_id = table_id; - rule->declared_condition_num = declared_condition_num; - rule->user_data = user_data; - - return 0; -} - -static int rule_accept_tag_match(struct rule_schema *schema, const char *line, - const char *table_name, struct log_handle *logger) -{ - size_t column_offset = 0; - size_t column_len = 0; - size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); - - if (schema->rule_tag_column > 0 && n_tag > 0) { - int ret = get_column_pos(line, schema->rule_tag_column, - &column_offset, &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no rule_tag in line:%s", - __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_ERR; - } - - if (column_len > 2) { - char *tag_str = ALLOC(char, column_len + 1); - memcpy(tag_str, (line + column_offset), column_len); - ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); - FREE(tag_str); - if (TAG_MATCH_ERR == ret) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has invalid tag format in line:%s", - __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_ERR; - } - - if (TAG_MATCH_UNMATCHED == ret) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has unmatched tag in line:%s", - __FUNCTION__, __LINE__, table_name, line); - return TAG_MATCH_UNMATCHED; - } - } - } - - return TAG_MATCH_MATCHED; -} - -static struct rule_item * -rule_item_new(const char *table_line, struct rule_schema *schema, - const char *table_name, struct log_handle *logger) -{ - int ret = rule_accept_tag_match(schema, table_line, table_name, logger); - if (ret == TAG_MATCH_UNMATCHED) { - return NULL; - } - - size_t column_offset = 0; - size_t column_len = 0; - struct rule_item *rule_item = ALLOC(struct rule_item, 1); - - ret = get_column_pos(table_line, schema->rule_id_column, - &column_offset, &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no rule_id in line:%s", - __FUNCTION__, __LINE__, table_name, table_line); - goto error; - } - rule_item->rule_id = atoll(table_line + column_offset); - - ret = get_column_pos(table_line, schema->declared_condition_num_column, - &column_offset, &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no condition_num in line:%s", - __FUNCTION__, __LINE__, table_name, table_line); - goto error; - } - - rule_item->declared_condition_num = atoi(table_line + column_offset); - if (rule_item->declared_condition_num < 0 || - rule_item->declared_condition_num > MAX_NOT_CONDITION_NUM) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> condition_num:%d exceed maximum:%d in line:%s", - __FUNCTION__, __LINE__, table_name, rule_item->declared_condition_num, - MAX_NOT_CONDITION_NUM, table_line); - goto error; - } - - rule_item->table_line_len = strlen(table_line); - rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1); - memcpy(rule_item->table_line, table_line, rule_item->table_line_len); - - return rule_item; -error: - FREE(rule_item); - return NULL; -} - static void rule_item_free(struct rule_item *item) { - item->declared_condition_num = 0; + item->condition_num = 0; if (item->table_line != NULL) { FREE(item->table_line); @@ -333,11 +181,6 @@ static void maat_rule_free(struct maat_rule *rule) for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { condition = rule->conditions + i; - if (condition->literals != NULL) { - utarray_free(condition->literals); - condition->literals = NULL; - } - condition->in_use = 0; condition->condition_id = 0; } @@ -346,6 +189,217 @@ static void maat_rule_free(struct maat_rule *rule) FREE(rule); } +static int validate_table_not_condition(struct rule_runtime *rule_rt, + struct table_manager *tbl_mgr, int attribute_id, + enum maat_operation op, struct log_handle *logger) +{ + struct table_condition *not_condition = NULL; + HASH_FIND_INT(rule_rt->tbl_not_condition_hash, &attribute_id, not_condition); + + if (MAAT_OP_DEL == op) { + //delete + if (NULL == not_condition || 0 == not_condition->actual_condition_num) { + return 0; + } else { + not_condition->actual_condition_num--; + } + } else { + //add + if (NULL == not_condition) { + not_condition = ALLOC(struct table_condition, 1); + not_condition->attribute_id = attribute_id; + not_condition->actual_condition_num++; + HASH_ADD_INT(rule_rt->tbl_not_condition_hash, attribute_id, not_condition); + } else { + if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) { + const char *attr_name = table_manager_get_attribute_name(tbl_mgr, attribute_id); + log_fatal(logger, MODULE_RULE, + "[%s:%d]attribute:<%s> negate condition num exceed maximum:%d", + __FUNCTION__, __LINE__, attr_name, MAX_NOT_CONDITION_NUM); + return -1; + } + not_condition->actual_condition_num++; + } + } + + return 0; +} + +static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule_schema *schema, + const char *table_name, long long rule_id, + const char *table_line, struct rule_item *rule_item) +{ + struct maat_rule *rule = ALLOC(struct maat_rule, 1); + struct log_handle *logger = rule_rt->logger; + cJSON *tmp_obj = NULL; + cJSON *table_json = cJSON_Parse(table_line); + + rule->magic_num = MAAT_RULE_MAGIC; + rule->rule_id = rule_id; + + for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { + rule->conditions[i].in_use = 0; + rule->conditions[i].condition_id = 0; + } + + tmp_obj = cJSON_GetObjectItem(table_json, "conditions"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> has no conditions or not array format", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + rule->condition_num = cJSON_GetArraySize(tmp_obj); + if (rule->condition_num > MAX_ITEMS_PER_BOOL_EXPR) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> condition_num:%d exceed maximum:%d", + __FUNCTION__, __LINE__, table_name, rule->condition_num, MAX_ITEMS_PER_BOOL_EXPR); + goto error; + } + + for (int i = 0; i < rule->condition_num; i++) { + cJSON *condition_obj = cJSON_GetArrayItem(tmp_obj, i); + struct rule_condition *condition = rule->conditions + i; + + tmp_obj = cJSON_GetObjectItem(condition_obj, "attribute_name"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + log_fatal(rule_rt->logger, MODULE_RULE, + "[%s:%d] table: <%s> has no attribute_name or not string format", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + condition->attribute_id = table_manager_get_attribute_id(schema->ref_tbl_mgr, tmp_obj->valuestring); + if (condition->attribute_id < 0) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> attribute_name:%s is illegal", + __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring); + goto error; + } + + tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> has no negate_option or not string format", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + if (strncmp(tmp_obj->valuestring, "true", 4) == 0) { + condition->negate_option = CONDITION_NEGATE_OPTION_SET; + } else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) { + condition->negate_option = CONDITION_NEGATE_OPTION_UNSET; + } else { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> negate_option:%s is illegal", + __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring); + goto error; + } + + if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) { + int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_id, MAAT_OP_ADD, logger); + if (ret < 0) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> validate negate_option failed, line: %s", + __FUNCTION__, __LINE__, table_name, table_line); + goto error; + } + } + + tmp_obj = cJSON_GetObjectItem(condition_obj, "object_ids"); + if (tmp_obj && tmp_obj->type == cJSON_Array) { + int n_object_ids = cJSON_GetArraySize(tmp_obj); + + condition->object_cnt = n_object_ids; + + for (int j = 0; j < n_object_ids; j++) { + cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j); + if (object_id_obj && object_id_obj->type == cJSON_Number) { + long long object_id = object_id_obj->valueint; + condition->object_ids[j] = object_id; + } + } + } + + condition->in_use = 1; + } + + rule_item->condition_num = rule->condition_num; + rule->user_data = rule_item; + + return rule; + +error: + if (rule) { + maat_rule_free(rule); + } + + return NULL; +} + +static int rule_accept_tag_match(struct rule_schema *schema, const char *line, + const char *table_name, struct log_handle *logger) +{ + size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); + cJSON *tmp_obj = NULL; + cJSON *table_json = cJSON_Parse(line); + + tmp_obj = cJSON_GetObjectItem(table_json, "tag"); + + if (tmp_obj && n_tag > 0) { + char *tag_str = tmp_obj->valuestring; + int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); + if (TAG_MATCH_ERR == ret) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> has invalid tag format in line:%s", + __FUNCTION__, __LINE__, table_name, line); + return TAG_MATCH_ERR; + } + + if (TAG_MATCH_UNMATCHED == ret) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> has unmatched tag in line:%s", + __FUNCTION__, __LINE__, table_name, line); + return TAG_MATCH_UNMATCHED; + } + } + + return TAG_MATCH_MATCHED; +} + +static struct rule_item * +rule_item_new(const char *table_line, struct rule_schema *schema, + const char *table_name, struct log_handle *logger) +{ + int ret = rule_accept_tag_match(schema, table_line, table_name, logger); + if (ret == TAG_MATCH_UNMATCHED) { + return NULL; + } + + cJSON *tmp_obj = NULL; + struct rule_item *rule_item = ALLOC(struct rule_item, 1); + cJSON *table_json = cJSON_Parse(table_line); + + tmp_obj = cJSON_GetObjectItem(table_json, "rule_id"); + if (tmp_obj == NULL && tmp_obj->type != cJSON_String) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> has no rule_id or not string format in line:%s", + __FUNCTION__, __LINE__, table_name, cJSON_Print(table_json)); + goto error; + } + rule_item->rule_id = atoll(tmp_obj->valuestring); + + rule_item->table_line_len = strlen(table_line); + rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1); + memcpy(rule_item->table_line, table_line, rule_item->table_line_len); + + return rule_item; +error: + FREE(rule_item); + return NULL; +} + static void rcu_rule_cfg_free(void *user_ctx, void *data) { struct maat_rule *rule = (struct maat_rule *)data; @@ -359,7 +413,6 @@ void *rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, struct rule_schema *schema = ALLOC(struct rule_schema, 1); schema->logger = logger; - cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (item != NULL && item->type == cJSON_Number) { schema->table_id = item->valueint; @@ -370,39 +423,6 @@ void *rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - item = cJSON_GetObjectItem(json, "custom"); - if (item == NULL || item->type != cJSON_Object) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "rule_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->rule_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no rule_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "tags"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->rule_tag_column = custom_item->valueint; - } - - custom_item = cJSON_GetObjectItem(item, "condition_num"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->declared_condition_num_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no condition_num column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - schema->ref_tbl_mgr = tbl_mgr; return schema; error: @@ -415,109 +435,6 @@ void rule_schema_free(void *rule_schema) FREE(rule_schema); } -void *object2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, - const char *table_name, struct log_handle *logger) -{ - struct object2rule_schema *g2c_schema = ALLOC(struct object2rule_schema, 1); - - cJSON *custom_item = NULL; - cJSON *item = cJSON_GetObjectItem(json, "table_id"); - if (item != NULL && item->type == cJSON_Number) { - g2c_schema->table_id = item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no table_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - item = cJSON_GetObjectItem(json, "associated_rule_table_id"); - if (item != NULL && item->type == cJSON_Number) { - g2c_schema->asso_rule_table_id = item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no associated_rule_table_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - item = cJSON_GetObjectItem(json, "custom"); - if (item == NULL || item->type != cJSON_Object) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no custom column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "object_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->object_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no object_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "rule_id"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->rule_id_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no rule_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "negate_option"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->negate_option_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no negate_option column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "attribute_name"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->attribute_name_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no attribute_name column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "condition_index"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->condition_index_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no condition_index column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - g2c_schema->ref_tbl_mgr = tbl_mgr; - return g2c_schema; -error: - FREE(g2c_schema); - return NULL; -} - -void object2rule_schema_free(void *g2c_schema) -{ - FREE(g2c_schema); -} - -int object2rule_associated_rule_table_id(void *g2c_schema) -{ - struct object2rule_schema *schema = (struct object2rule_schema *)g2c_schema; - - return schema->asso_rule_table_id; -} - #define RULE_GC_TIMEOUT_S 5 void *rule_runtime_new(void *rule_schema, size_t max_thread_num, struct maat_garbage_bin *garbage_bin, @@ -537,6 +454,7 @@ void *rule_runtime_new(void *rule_schema, size_t max_thread_num, rule_rt->not_condition_id_kv_hash = NULL; rule_rt->logger = logger; rule_rt->ref_garbage_bin = garbage_bin; + rule_rt->tbl_not_condition_hash = NULL; return rule_rt; } @@ -609,203 +527,6 @@ void rule_runtime_init(void *rule_runtime, struct maat_runtime *maat_rt) rule_rt->ref_maat_rt = maat_rt; } -void *object2rule_runtime_new(void *g2c_schema, size_t max_thread_num, - struct maat_garbage_bin *garbage_bin, - struct log_handle *logger) -{ - if (NULL == g2c_schema) { - return NULL; - } - - struct object2rule_runtime *g2c_rt = - ALLOC(struct object2rule_runtime, 1); - - g2c_rt->tbl_not_condition_hash = NULL; - - return g2c_rt; -} - -void object2rule_runtime_init(void *g2c_runtime, void *rule_runtime) -{ - struct object2rule_runtime *g2c_rt = - (struct object2rule_runtime *)g2c_runtime; - - g2c_rt->ref_rule_rt = (struct rule_runtime *)rule_runtime; -} - -void object2rule_runtime_free(void *g2c_runtime) -{ - if (NULL == g2c_runtime) { - return; - } - - struct object2rule_runtime *g2c_rt = - (struct object2rule_runtime *)g2c_runtime; - - if (g2c_rt->tbl_not_condition_hash != NULL) { - struct table_condition *not_condition = NULL, *tmp_not_condition = NULL; - HASH_ITER(hh, g2c_rt->tbl_not_condition_hash, not_condition, tmp_not_condition) { - HASH_DEL(g2c_rt->tbl_not_condition_hash, not_condition); - FREE(not_condition); - } - } - assert(g2c_rt->tbl_not_condition_hash == NULL); - - FREE(g2c_runtime); -} - -static int is_valid_table_name(const char *str) -{ - size_t integer_cnt=0; - for (size_t i = 0; i < strlen(str); i++) { - if (str[i] >= '0' && str[i] <= '9') { - integer_cnt++; - } - } - - if (strlen(str) == 0 || integer_cnt == strlen(str) || - 0 == strcasecmp(str, "null")) { - return 0; - } - - return 1; -} - -static void object2rule_item_free(struct object2rule_item *g2c_item) -{ - if (NULL == g2c_item) { - return; - } - - if (g2c_item->object_ids != NULL) { - utarray_free(g2c_item->object_ids); - g2c_item->object_ids = NULL; - } - - FREE(g2c_item); -} - -static struct object2rule_item * -object2rule_item_new(const char *line, struct object2rule_schema *g2c_schema, - const char *table_name, struct log_handle *logger) -{ - size_t column_offset = 0; - size_t column_len = 0; - char attribute_name[MAX_NAME_STR_LEN + 1] = {0}; - struct object2rule_item *g2c_item = ALLOC(struct object2rule_item, 1); - utarray_new(g2c_item->object_ids, &ut_rule_object_id_icd); - - int ret = get_column_pos(line, g2c_schema->object_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no object_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - char object_ids_str[MAX_OBJECT_IDS_STR_LEN] = {0}; - memcpy(object_ids_str, line + column_offset, MIN(MAX_OBJECT_IDS_STR_LEN, column_len)); - - ret = ids_str2longlong_array(object_ids_str, g2c_item->object_ids); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> object_ids str2longlong failed in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - if (utarray_len(g2c_item->object_ids) > MAX_OBJECT_CNT) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> object_ids exceed maximum:%d in line:%s", - __FUNCTION__, __LINE__, table_name, MAX_OBJECT_CNT, line); - goto error; - } - - ret = get_column_pos(line, g2c_schema->rule_id_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no rule_id in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - g2c_item->rule_id = atoll(line + column_offset); - - ret = get_column_pos(line, g2c_schema->negate_option_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no negate_option in line:%s ", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - g2c_item->negate_option = atoi(line + column_offset); - if (g2c_item->negate_option != CONDITION_NEGATE_OPTION_SET && - g2c_item->negate_option != CONDITION_NEGATE_OPTION_UNSET) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> negate_option:%d is illegal in line:%s ", - __FUNCTION__, __LINE__, table_name, g2c_item->negate_option, line); - goto error; - } - - ret = get_column_pos(line, g2c_schema->attribute_name_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no attribute_name in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - if (column_len > MAX_NAME_STR_LEN) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> attribute_name length exceed " - "maxium:%d in line:%s", __FUNCTION__, __LINE__, table_name, - MAX_NAME_STR_LEN, line); - goto error; - } - - memset(attribute_name, 0, sizeof(attribute_name)); - memcpy(attribute_name, (line + column_offset), column_len); - - if (is_valid_table_name(attribute_name)) { - g2c_item->attribute_id = table_manager_get_table_id(g2c_schema->ref_tbl_mgr, - attribute_name); - if (g2c_item->attribute_id < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has unknown attribute:%s in line:%s", - __FUNCTION__, __LINE__, table_name, attribute_name, line); - goto error; - } - } - - ret = get_column_pos(line, g2c_schema->condition_index_column, &column_offset, - &column_len); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no condition_index in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - g2c_item->condition_index = atoi(line + column_offset); - if (g2c_item->condition_index < 0 || g2c_item->condition_index >= MAX_NOT_CONDITION_NUM) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> condition_index:%d exceed maximum:%d in line:%s", - __FUNCTION__, __LINE__, table_name, g2c_item->condition_index, - MAX_NOT_CONDITION_NUM, line); - goto error; - } - - return g2c_item; - -error: - object2rule_item_free(g2c_item); - return NULL; -} - static inline int compare_object_id(const void *a, const void *b) { long long ret = *(const long long *)a - *(const long long *)b; @@ -819,80 +540,6 @@ static inline int compare_object_id(const void *a, const void *b) } } -static void rule_condition_add_literal(struct rule_condition *condition, - struct object2rule_item *g2c_item) -{ - struct condition_literal tmp_literal; - tmp_literal.attribute_id = g2c_item->attribute_id; - tmp_literal.object_cnt = utarray_len(g2c_item->object_ids); - utarray_sort(g2c_item->object_ids, compare_object_id); - - for (size_t i = 0; i < utarray_len(g2c_item->object_ids); i++) { - tmp_literal.object_ids[i] = *(long long *)utarray_eltptr(g2c_item->object_ids, i); - } - utarray_push_back(condition->literals, &tmp_literal); -} - -void rule_condition_remove_literal(struct rule_condition *condition, - struct object2rule_item *g2c_item) -{ - struct condition_literal *tmp_literal = NULL; - - for (size_t i = 0; i < utarray_len(condition->literals); i++) { - tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, i); - if (tmp_literal->attribute_id == g2c_item->attribute_id) { - size_t remove_idx = utarray_eltidx(condition->literals, tmp_literal); - utarray_erase(condition->literals, remove_idx, 1); - break; - } - } -} - -static int maat_rule_condition_find_literal(struct maat_rule *rule, - struct object2rule_item *g2c_item) -{ - struct rule_condition *condition = rule->conditions + g2c_item->condition_index; - struct condition_literal *tmp_literal = NULL; - int found = 0; - - for (size_t i = 0; i < utarray_len(condition->literals); i++) { - tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, i); - if (tmp_literal->attribute_id == g2c_item->attribute_id) { - found = 1; - } - } - - return found; -} - -static void maat_rule_condition_add_literal(struct maat_rule *rule, - struct object2rule_item *g2c_item) -{ - struct rule_condition *condition = rule->conditions + g2c_item->condition_index; - - condition->negate_option = g2c_item->negate_option; - - if (0 == condition->in_use) { - condition->in_use = 1; - rule->actual_condition_num++; - } - - rule_condition_add_literal(condition, g2c_item); -} - -static void maat_rule_condition_remove_literal(struct maat_rule *rule, - struct object2rule_item *g2c_item) -{ - struct rule_condition *condition = rule->conditions + g2c_item->condition_index; - - rule_condition_remove_literal(condition, g2c_item); - if (0 == utarray_len(condition->literals)) { - condition->in_use = 0; - condition->condition_id = 0; - rule->actual_condition_num--; - } -} - static struct bool_matcher * maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, size_t *rule_cnt) @@ -902,7 +549,6 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, } size_t i = 0, j = 0, idx = 0; - int has_condition_num = 0; // STEP 1, update condition_id of each rule void **data_array = NULL; @@ -911,20 +557,17 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, for (idx = 0; idx < *rule_cnt; idx++) { iter_rule = (struct maat_rule *)data_array[idx]; - has_condition_num = 0; for (i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { struct rule_condition *condition = iter_rule->conditions + i; if (!condition->in_use) { continue; } - has_condition_num++; if (0 == condition->condition_id) { condition->condition_id = maat_runtime_get_sequence(rule_rt->ref_maat_rt, "condition_id"); } } - assert(has_condition_num == iter_rule->actual_condition_num); } // STEP 2, serial rule condition states to a bool expression array @@ -942,7 +585,7 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, } // some rule may have zero objects, e.g. default policy. - if (j == (size_t)iter_rule->declared_condition_num && j > 0) { + if (j == (size_t)iter_rule->condition_num && j > 0) { bool_expr_array[expr_cnt].expr_id = iter_rule->rule_id; bool_expr_array[expr_cnt].user_tag = iter_rule; bool_expr_array[expr_cnt].item_num = j; @@ -989,22 +632,6 @@ static inline int compare_condition_id(const void *a, const void *b) } } -static inline int compare_hit_object(const void *pa, const void *pb) -{ - struct maat_hit_object *la=(struct maat_hit_object *)pa; - struct maat_hit_object *lb=(struct maat_hit_object *)pb; - - long long ret = la->item_id - lb->item_id; - if (0 == ret) { - ret = la->object_id - lb->object_id; - if (0 == ret) { - ret = la->attribute_id - lb->attribute_id; - } - } - - return ret; -} - static inline int compare_rule_id(const void *a, const void *b) { long long ret = *(const long long *)a - *(const long long *)b; @@ -1057,32 +684,27 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option) } } - struct condition_literal *tmp_cl = NULL; - for (size_t j = 0; j < utarray_len(condition->literals); j++) { - tmp_cl = (struct condition_literal *)utarray_eltptr(condition->literals, j); - - for (size_t k = 0; k < tmp_cl->object_cnt; k++) { - struct condition_query_key key = - {tmp_cl->object_ids[k], tmp_cl->attribute_id, condition->negate_option}; - struct condition_id_kv *condition_id_kv = NULL; - - HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key), - condition_id_kv); - if (NULL == condition_id_kv) { - condition_id_kv = ALLOC(struct condition_id_kv, 1); - condition_id_kv->key = key; - utarray_new(condition_id_kv->condition_ids, &ut_condition_id_icd); - HASH_ADD_KEYPTR(hh, condition_id_kv_hash, &condition_id_kv->key, - sizeof(condition_id_kv->key), condition_id_kv); - } - - if (utarray_find(condition_id_kv->condition_ids, &(condition->condition_id), - compare_condition_id)) { - continue; - } - utarray_push_back(condition_id_kv->condition_ids, &(condition->condition_id)); - utarray_sort(condition_id_kv->condition_ids, compare_condition_id); + for (size_t k = 0; k < condition->object_cnt; k++) { + struct condition_query_key key = + {condition->object_ids[k], condition->attribute_id, condition->negate_option}; + struct condition_id_kv *condition_id_kv = NULL; + + HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key), + condition_id_kv); + if (NULL == condition_id_kv) { + condition_id_kv = ALLOC(struct condition_id_kv, 1); + condition_id_kv->key = key; + utarray_new(condition_id_kv->condition_ids, &ut_condition_id_icd); + HASH_ADD_KEYPTR(hh, condition_id_kv_hash, &condition_id_kv->key, + sizeof(condition_id_kv->key), condition_id_kv); } + + if (utarray_find(condition_id_kv->condition_ids, &(condition->condition_id), + compare_condition_id)) { + continue; + } + utarray_push_back(condition_id_kv->condition_ids, &(condition->condition_id)); + utarray_sort(condition_id_kv->condition_ids, compare_condition_id); } } } @@ -1185,7 +807,7 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, rule = (struct maat_rule *)expr_match[i].user_tag; assert(rule->magic_num == MAAT_RULE_MAGIC); assert((unsigned long long)rule->rule_id == expr_match[i].expr_id); - if (0 == rule->actual_condition_num) { + if (0 == rule->condition_num) { continue; } @@ -1203,201 +825,6 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, return ud_result_cnt; } -static struct rule_item *rule_item_clone(struct rule_item *item) -{ - struct rule_item *new_item = ALLOC(struct rule_item, 1); - - new_item->rule_id = item->rule_id; - new_item->declared_condition_num = item->declared_condition_num; - new_item->table_line_len = item->table_line_len; - new_item->table_line = ALLOC(char, new_item->table_line_len + 1); - memcpy(new_item->table_line, item->table_line, new_item->table_line_len); - - return new_item; -} - -static struct maat_rule * -maat_rule_clone(struct maat_rule *rule, int deep_copy) -{ - struct maat_rule *new_rule = ALLOC(struct maat_rule, 1); - - new_rule->magic_num = rule->magic_num; - new_rule->rule_id = rule->rule_id; - new_rule->actual_condition_num = rule->actual_condition_num; - new_rule->declared_condition_num = rule->declared_condition_num; - if (1 == deep_copy && rule->user_data != NULL) { - new_rule->user_data = - rule_item_clone((struct rule_item *)rule->user_data); - } - - struct condition_literal *tmp_literal = NULL; - for (size_t i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - new_rule->conditions[i].condition_id = rule->conditions[i].condition_id; - new_rule->conditions[i].in_use = rule->conditions[i].in_use; - new_rule->conditions[i].negate_option = rule->conditions[i].negate_option; - utarray_new(new_rule->conditions[i].literals, &ut_condition_literal_icd); - for (size_t j = 0; j < utarray_len(rule->conditions[i].literals); j++) { - tmp_literal = - (struct condition_literal *)utarray_eltptr(rule->conditions[i].literals, j); - utarray_push_back(new_rule->conditions[i].literals, tmp_literal); - } - } - - return new_rule; -} - -static int maat_add_object_to_rule(struct rcu_hash_table *hash_tbl, - struct object2rule_item *g2c_item, - struct log_handle *logger) -{ - int ret = 0; - long long rule_id = g2c_item->rule_id; - struct maat_rule *rule = NULL; - - int updating_flag = rcu_hash_is_updating(hash_tbl); - if (1 == updating_flag) { - rule = rcu_updating_hash_find(hash_tbl, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - ret = maat_rule_condition_find_literal(rule, g2c_item); - if (ret > 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld condition(index:%d) already has attribute_id:%d's " - "literal, can't add again", __FUNCTION__, __LINE__, rule->rule_id, - g2c_item->condition_index, g2c_item->attribute_id); - return -1; - } - /* rule found in updating hash(added by rule runtime), it can - * be modified directly */ - maat_rule_condition_add_literal(rule, g2c_item); - } else { - /* rule neither in effective hash nor in updating hash, so new one */ - rule = maat_rule_new(rule_id); - assert(rule != NULL); - - maat_rule_condition_add_literal(rule, g2c_item); - rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), rule); - } - } else { - rule = rcu_hash_find(hash_tbl, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - /******************************************************************* - rule found in effective hash(added by rule runtime), which means - - 1. rcu_hash_add(hash_tbl, rule) ==> finished - 2. rcu_hash_commit(hash_tbl) ==> finished - - can only be deleted but not modified - before delete it, we need to make a copy for further use - *********************************************************************/ - ret = maat_rule_condition_find_literal(rule, g2c_item); - if (ret > 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld condition(index:%d) already has attribute_id:%d's " - "literal, can't add again", __FUNCTION__, __LINE__, rule->rule_id, - g2c_item->condition_index, g2c_item->attribute_id); - return -1; - } - - struct maat_rule *copy_rule = maat_rule_clone(rule, 1); - assert(copy_rule != NULL); - - /* delete rule from rcu hash */ - rcu_hash_del(hash_tbl, (char *)&rule_id, sizeof(long long)); - - maat_rule_condition_add_literal(copy_rule, g2c_item); - rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), copy_rule); - } else { - rule = maat_rule_new(rule_id); - assert(rule != NULL); - - maat_rule_condition_add_literal(rule, g2c_item); - rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), rule); - } - } - - return 0; -} - -static int maat_remove_object_from_rule(struct rcu_hash_table *hash_tbl, - struct object2rule_item *g2c_item, - struct log_handle *logger) -{ - int ret = 0; - long long rule_id = g2c_item->rule_id; - struct maat_rule *rule = NULL; - - int updating_flag = rcu_hash_is_updating(hash_tbl); - if (1 == updating_flag) { - rule = rcu_updating_hash_find(hash_tbl, (char *)&rule_id, - sizeof(long long)); - if (NULL == rule) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] Remove condition(index:%d) from rule %lld failed," - "rule not existed.", __FUNCTION__, __LINE__, - g2c_item->condition_index, rule_id); - return -1; - } else { - ret = maat_rule_condition_find_literal(rule, g2c_item); - if (0 == ret) { - log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld condition(index:%d) has no attribute_id:%d's " - "literal, can't be removed", __FUNCTION__, __LINE__, - rule->rule_id, g2c_item->condition_index, g2c_item->attribute_id); - return -1; - } - - /* rule found in updating hash, it can be modified directly */ - maat_rule_condition_remove_literal(rule, g2c_item); - if (0 == rule->actual_condition_num && NULL == rule->user_data) { - rcu_hash_del(hash_tbl, (char *)&rule_id, sizeof(long long)); - } - } - } else { - //find in effetive hash - rule = rcu_hash_find(hash_tbl, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - ret = maat_rule_condition_find_literal(rule, g2c_item); - if (0 == ret) { - log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld condition(index:%d) has no attribute_id:%d's " - "literal, can't be removed", __FUNCTION__, __LINE__, - rule->rule_id, g2c_item->condition_index, g2c_item->attribute_id); - return -1; - } - - /******************************************************************* - rule found in effective hash, which means - - 1. rcu_hash_add(hash_tbl, rule) ==> finished - 2. rcu_hash_commit(hash_tbl) ==> finished - - can only be deleted but not modified - before delete it, we need to make a copy for further use - *********************************************************************/ - struct maat_rule *copy_rule = maat_rule_clone(rule, 1); - assert(copy_rule != NULL); - - /* delete rule from rcu hash */ - rcu_hash_del(hash_tbl, (char *)&rule_id, sizeof(long long)); - maat_rule_condition_remove_literal(copy_rule, g2c_item); - - if (0 == copy_rule->actual_condition_num && NULL == copy_rule->user_data) { - maat_rule_free(copy_rule); - } else { - rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), copy_rule); - } - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] Remove condition(index:%d) from rule_id %lld failed," - "rule is not existed.", __FUNCTION__, __LINE__, - g2c_item->condition_index, rule_id); - return -1; - } - } - - return 0; -} - struct rule_compile_state *rule_compile_state_new(void) { struct rule_compile_state *rule_compile_state = ALLOC(struct rule_compile_state, 1); @@ -1573,23 +1000,20 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule, continue; } - struct condition_literal *tmp_cl = NULL; - for (size_t j = 0; j < utarray_len(condition->literals); j++) { - tmp_cl = (struct condition_literal *)utarray_eltptr(condition->literals, j); - if (tmp_cl->attribute_id != key->attribute_id) { - continue; - } - if (condition->negate_option != key->negate_option) { - continue; - } + if (condition->attribute_id != key->attribute_id) { + continue; + } - long long *tmp_object_id = bsearch(&(key->object_id), tmp_cl->object_ids, - tmp_cl->object_cnt, sizeof(long long), - compare_object_id); - if (tmp_object_id != NULL) { - return 1; - } + if (condition->negate_option != key->negate_option) { + continue; + } + + long long *tmp_object_id = bsearch(&(key->object_id), condition->object_ids, + condition->object_cnt, sizeof(long long), + compare_object_id); + if (tmp_object_id != NULL) { + return 1; } } @@ -1610,20 +1034,17 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule, continue; } - struct condition_literal *tmp_cl = NULL; - for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) { - tmp_cl = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j); - if (tmp_cl->attribute_id != attribute_id) { - continue; - } - long long *tmp_object_id = bsearch(&hit_object_id, tmp_cl->object_ids, - tmp_cl->object_cnt, sizeof(long long), - compare_object_id); - if (tmp_object_id != NULL) { - condition_idx_array[hit_condition_cnt++] = i; - break; - } + if (tmp_condition->attribute_id != attribute_id) { + continue; + } + + long long *tmp_object_id = bsearch(&hit_object_id, tmp_condition->object_ids, + tmp_condition->object_cnt, sizeof(long long), + compare_object_id); + if (tmp_object_id != NULL) { + condition_idx_array[hit_condition_cnt++] = i; + break; } } @@ -1727,7 +1148,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, rule = (struct maat_rule *)expr_match[idx].user_tag; assert(rule->magic_num == MAAT_RULE_MAGIC); assert((unsigned long long)rule->rule_id == expr_match[idx].expr_id); - if (0 == rule->actual_condition_num || NULL == rule->user_data) { + if (0 == rule->condition_num || NULL == rule->user_data) { continue; } @@ -1982,73 +1403,36 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, } int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash); + if (1 == updating_flag) { rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - /**************************************************************** - rule found in updating hash(added by object2rule runtime), which means - - 1. rcu_hash_add(htable, rule) ==> finished - 2. rcu_hash_commit(htable) ==> undo - because it's in updating hash, we can modify it directly - ******************************************************************/ - - /* rule has object2rule_table info, so set rule_table info */ - maat_rule_set(rule, table_id, rule_item->declared_condition_num, rule_item); - } else { - // rule neither in effective hash nor in updating hash - rule = maat_rule_new(rule_item->rule_id); - assert(rule != NULL); - maat_rule_set(rule, table_id, rule_item->declared_condition_num, rule_item); - rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule); - } } else { rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - /******************************************************************************** - rule found in effective hash(added by object2rule runtime), which means - - 1. rcu_hash_add(htable, rule) ==> finished - 2. rcu_hash_commit(htable) ==> finished - - can only be deleted but not modified - before delete it, we need to make a copy for further use - ***********************************************************************************/ - struct maat_rule *copy_rule = maat_rule_clone(rule, 0); - assert(copy_rule != NULL); - - /* delete rule from rcu hash */ - rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - - /* copy_rule has object2rule_table info, so set rule_table info */ - maat_rule_set(copy_rule, table_id, rule_item->declared_condition_num, rule_item); - /* add copy_rule to rcu hash */ - rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), copy_rule); - } else { - rule = maat_rule_new(rule_item->rule_id); - assert(rule != NULL); - maat_rule_set(rule, table_id, rule_item->declared_condition_num, rule_item); - rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule); - } } + if (rule != NULL) { + log_fatal(logger, MODULE_RULE, + "[%s:%d]rule_id:%lld already existed in rule table, drop line:%s", + __FUNCTION__, __LINE__, rule_id, line); + } + + rule = maat_rule_new(rule_rt, schema, table_name, rule_id, line, rule_item); + if (NULL == rule) { + log_fatal(logger, MODULE_RULE, + "[%s:%d]maat_rule_new failed, drop line:%s", + __FUNCTION__, __LINE__, line); + return -1; + } + + rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule); return 0; } -static void garbage_rule_item_free(void *data, void *arg) -{ - if (NULL == data) { - return; - } - - struct rule_item *rule_item = (struct rule_item *)data; - - rule_item_free(rule_item); -} - static void rule_runtime_del_rule(struct rule_runtime *rule_rt, - long long rule_id) + struct rule_schema *schema, + long long rule_id, + struct log_handle *logger) { struct maat_rule *rule = NULL; @@ -2057,56 +1441,26 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, // find in updating hash rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - /**************************************************************** - rule found in updating hash, which means - - 1. rcu_hash_del(htable, rule) ==> finished - 2. rcu_hash_commit(htable) ==> undo - because it's in updating hash, we can modify it directly - ******************************************************************/ - if (rule->user_data != NULL) { - maat_garbage_bagging(rule_rt->ref_garbage_bin, rule->user_data, NULL, - garbage_rule_item_free); - rule->user_data = NULL; - } - - if (0 == rule->actual_condition_num) { - rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - } - } } else { // find in effective hash rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - if (rule != NULL) { - /******************************************************************* - rule found in effective hash, which means + } - 1. rcu_hash_add(htable, rule) ==> finished - 2. rcu_hash_commit(htable) ==> finished - - can only be deleted but not modified - before delete it, we need to make a copy for further use - *********************************************************************/ - struct maat_rule *copy_rule = maat_rule_clone(rule, 0); - assert(copy_rule != NULL); - - /* delete rule from rcu hash */ - rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - - if (0 == copy_rule->actual_condition_num) { - maat_rule_free(copy_rule); - } else { - rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, - sizeof(long long), copy_rule); + if (rule != NULL) { + for (int i = 0; i < rule->condition_num; i++) { + struct rule_condition *condition = rule->conditions + i; + if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) { + validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_id, MAAT_OP_DEL, logger); } } + + rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); } } int rule_runtime_update(void *rule_runtime, void *rule_schema, const char *table_name, const char *line, - int valid_column) + enum maat_operation op) { if (NULL == rule_runtime || NULL == rule_schema || NULL == line) { return -1; @@ -2114,29 +1468,30 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema, struct rule_schema *schema = (struct rule_schema *)rule_schema; struct rule_runtime *rule_rt = (struct rule_runtime *)rule_runtime; - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { + cJSON *tmp_obj = NULL; + cJSON *json = cJSON_Parse(line); + + if (NULL == json) { log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d] rule table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); + "[%s:%d]parse json failed, line:%s", __FUNCTION__, __LINE__, line); rule_rt->update_err_cnt++; return -1; } - long long rule_id = get_column_value(line, schema->rule_id_column); - if (rule_id < 0) { + tmp_obj = cJSON_GetObjectItem(json, "rule_id"); + if (NULL == tmp_obj || tmp_obj->type != cJSON_String) { log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d] rule table:<%s> has no rule_id(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - schema->rule_id_column, line); + "[%s:%d] rule table:<%s> has no rule_id or not string format in table_line:%s", + __FUNCTION__, __LINE__, table_name, line); rule_rt->update_err_cnt++; + cJSON_Delete(json); return -1; } + long long rule_id = atoll(tmp_obj->valuestring); - if (0 == is_valid) { + if (MAAT_OP_DEL == op) { // delete - rule_runtime_del_rule(rule_rt, rule_id); + rule_runtime_del_rule(rule_rt, schema, rule_id, rule_rt->logger); } else { // add int ret = rule_runtime_add_rule(rule_rt, schema, rule_id, @@ -2146,154 +1501,10 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema, } } + cJSON_Delete(json); return 0; } -static int validate_table_not_condition(struct object2rule_runtime *g2c_rt, - struct table_manager *tbl_mgr, int table_id, - int is_valid, struct log_handle *logger) -{ - struct table_condition *not_condition = NULL; - HASH_FIND_INT(g2c_rt->tbl_not_condition_hash, &table_id, not_condition); - - if (0 == is_valid) { - //delete - if (NULL == not_condition || 0 == not_condition->actual_condition_num) { - return 0; - } else { - not_condition->actual_condition_num--; - } - } else { - //add - if (NULL == not_condition) { - not_condition = ALLOC(struct table_condition, 1); - not_condition->attribute_id = table_id; - not_condition->actual_condition_num++; - HASH_ADD_INT(g2c_rt->tbl_not_condition_hash, attribute_id, not_condition); - } else { - if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) { - const char *table_name = table_manager_get_table_name(tbl_mgr, table_id); - log_fatal(logger, MODULE_RULE, - "[%s:%d]table:<%s> negate condition num exceed maximum:%d", - __FUNCTION__, __LINE__, table_name, MAX_NOT_CONDITION_NUM); - return -1; - } - not_condition->actual_condition_num++; - } - } - - return 0; -} - -int object2rule_runtime_update(void *g2c_runtime, void *g2c_schema, - const char *table_name, const char *line, - int valid_column) -{ - if (NULL == g2c_runtime || NULL == g2c_schema || NULL == line) { - return -1; - } - - struct object2rule_schema *schema = (struct object2rule_schema *)g2c_schema; - struct object2rule_runtime *g2c_rt = (struct object2rule_runtime *)g2c_runtime; - struct rule_runtime *rule_rt = g2c_rt->ref_rule_rt; - - int is_valid = get_column_value(line, valid_column); - if (is_valid < 0) { - log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no is_valid(column seq:%d)" - " in table_line:%s", __FUNCTION__, __LINE__, table_name, - valid_column, line); - g2c_rt->update_err_cnt++; - return -1; - } - - int ret = -1; - struct object2rule_item *g2c_item = - object2rule_item_new(line, schema, table_name, rule_rt->logger); - if (NULL == g2c_item) { - g2c_rt->update_err_cnt++; - return -1; - } - - if (1 == g2c_item->negate_option) { - ret = validate_table_not_condition(g2c_rt, schema->ref_tbl_mgr, - g2c_item->attribute_id, is_valid, - rule_rt->logger); - if (ret < 0) { - log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d]validate negate condition failed, abandon config:%s", - __FUNCTION__, __LINE__, line); - goto next; - } - } - - if (0 == is_valid) { - //delete - ret = maat_remove_object_from_rule(rule_rt->cfg_hash, g2c_item, - rule_rt->logger); - if (0 == ret) { - if (g2c_item->negate_option) { - g2c_rt->not_condition_cnt--; - } - g2c_rt->rule_num--; - } else { - g2c_rt->update_err_cnt++; - } - } else { - //add - ret = maat_add_object_to_rule(rule_rt->cfg_hash, g2c_item, - rule_rt->logger); - if (0 == ret) { - if (g2c_item->negate_option) { - g2c_rt->not_condition_cnt++; - } - g2c_rt->rule_num++; - } else { - g2c_rt->update_err_cnt++; - } - } - -next: - object2rule_item_free(g2c_item); - return ret; -} - -long long object2rule_runtime_not_condition_count(void *g2c_runtime) -{ - if (NULL == g2c_runtime) { - return 0; - } - - struct object2rule_runtime *g2c_rt = - (struct object2rule_runtime *)g2c_runtime; - - return g2c_rt->not_condition_cnt; -} - -long long object2rule_runtime_rule_count(void *g2c_runtime) -{ - if (NULL == g2c_runtime) { - return 0; - } - - struct object2rule_runtime *g2c_rt = - (struct object2rule_runtime *)g2c_runtime; - - return g2c_rt->rule_num; -} - -long long object2rule_runtime_update_err_count(void *g2c_runtime) -{ - if (NULL == g2c_runtime) { - return 0; - } - - struct object2rule_runtime *g2c_rt = - (struct object2rule_runtime *)g2c_runtime; - - return g2c_rt->update_err_cnt; -} - int rule_runtime_commit(void *rule_runtime, const char *table_name, long long maat_rt_version) { @@ -2405,8 +1616,8 @@ static int rule_sort_para_compare(const struct rule_sort_para *a, const struct rule_sort_para *b) { //If rule rule's execute sequences are not specified or equal. - if (a->declared_condition_num != b->declared_condition_num) { - return (a->declared_condition_num - b->declared_condition_num); + if (a->condition_num != b->condition_num) { + return (a->condition_num - b->condition_num); } else { return (b->rule_id - a->rule_id); } @@ -2416,7 +1627,7 @@ static void rule_sort_para_set(struct rule_sort_para *para, const struct rule_item *item) { para->rule_id = item->rule_id; - para->declared_condition_num = item->declared_condition_num; + para->condition_num = item->condition_num; } static int compare_rule_item(const void *a, const void *b) diff --git a/src/maat_stat.c b/src/maat_stat.c index 13db5d9..3b5c578 100644 --- a/src/maat_stat.c +++ b/src/maat_stat.c @@ -272,9 +272,6 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on) plugin_cache_num += plugin_runtime_cached_row_count(runtime); plugin_rule_num += plugin_runtime_rule_count(runtime); break; - case TABLE_TYPE_OBJECT2RULE: - g2c_not_condition_num += object2rule_runtime_not_condition_count(runtime); - break; case TABLE_TYPE_OBJECT2OBJECT: g2g_excl_rule_num += object2object_runtime_exclude_rule_count(runtime); break; @@ -320,11 +317,10 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on) fieldstat_easy_counter_set(stat->fs_handle, 0, stat->fs_column_id[COLUMN_HIT_ITEM_NUM], &cell_tag, 1, hit_item_num); - if (table_type != TABLE_TYPE_ATTRIBUTE) { - total_regv6_num += regex_rule_num; - total_regv6_num += ipv6_rule_num; - total_rule_num += rule_num; - } + + total_regv6_num += regex_rule_num; + total_regv6_num += ipv6_rule_num; + total_rule_num += rule_num; total_scan_times += scan_times; total_hit_times += hit_times; diff --git a/src/maat_table.c b/src/maat_table.c index 7de74b0..b52d824 100644 --- a/src/maat_table.c +++ b/src/maat_table.c @@ -38,15 +38,22 @@ struct maat_table { char schema_tag[MAX_TAG_STR_LEN + 1]; size_t schema_tag_len; enum table_type table_type; - int valid_column; void *schema; void *runtime; void *updating_runtime; }; +struct maat_attribute { + int table_id; + int attr_id; + char attr_name[MAX_NAME_STR_LEN + 1]; +}; + struct table_manager { struct maat_table *tbl[MAX_TABLE_NUM]; size_t n_table; + struct maat_attribute *attr[MAX_ATTRIBUTE_NUM]; + size_t n_attr; struct rule_tag *accept_tags; size_t n_accept_tag; @@ -56,6 +63,8 @@ struct table_manager { int g2g_table_id; struct maat_kv_store *tbl_name2id_map; struct maat_kv_store *conj_tbl_name2id_map; + struct maat_kv_store *attr_name2id_map; + struct maat_kv_store *sequence_map; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; @@ -75,7 +84,7 @@ struct table_operations { void (*free_runtime)(void *runtime); int (*update_runtime)(void *runtime, void *schema, const char *table_name, - const char *line, int valid_column); + const char *line, enum maat_operation op); int (*commit_runtime)(void *runtime, const char *table_name, long long maat_rt_version); @@ -263,6 +272,7 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .rule_count = bool_plugin_runtime_rule_count, .update_err_count = bool_plugin_runtime_update_err_count }, +#if 0 { .type = TABLE_TYPE_ATTRIBUTE, .new_schema = attribute_schema_new, @@ -277,6 +287,7 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .hit_times = attribute_runtime_hit_times, .hit_item_num = attribute_runtime_hit_item_num }, +#endif { .type = TABLE_TYPE_RULE, .new_schema = rule_schema_new, @@ -298,17 +309,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .commit_runtime = object2object_runtime_commit, .rule_count = object2object_runtime_rule_count, .update_err_count = object2object_runtime_update_err_count - }, - { - .type = TABLE_TYPE_OBJECT2RULE, - .new_schema = object2rule_schema_new, - .free_schema = object2rule_schema_free, - .new_runtime = object2rule_runtime_new, - .free_runtime = object2rule_runtime_free, - .update_runtime = object2rule_runtime_update, - .commit_runtime = NULL, - .rule_count = object2rule_runtime_rule_count, - .update_err_count = object2rule_runtime_update_err_count } }; @@ -500,7 +500,6 @@ static void maat_table_schema_free(void *schema, enum table_type table_type) static void register_reserved_word(struct maat_kv_store *reserved_word_map) { maat_kv_register(reserved_word_map, "rule", TABLE_TYPE_RULE); - maat_kv_register(reserved_word_map, "object2rule", TABLE_TYPE_OBJECT2RULE); maat_kv_register(reserved_word_map, "object2object", TABLE_TYPE_OBJECT2OBJECT); maat_kv_register(reserved_word_map, "flag", TABLE_TYPE_FLAG); maat_kv_register(reserved_word_map, "flag_plus", TABLE_TYPE_FLAG_PLUS); @@ -514,7 +513,6 @@ static void register_reserved_word(struct maat_kv_store *reserved_word_map) maat_kv_register(reserved_word_map, "ipport_plugin", TABLE_TYPE_IPPORT_PLUGIN); maat_kv_register(reserved_word_map, "bool_plugin", TABLE_TYPE_BOOL_PLUGIN); maat_kv_register(reserved_word_map, "fqdn_plugin", TABLE_TYPE_FQDN_PLUGIN); - maat_kv_register(reserved_word_map, "attribute", TABLE_TYPE_ATTRIBUTE); } static struct maat_table * @@ -595,18 +593,6 @@ maat_table_new(cJSON *json, struct maat_kv_store *reserved_word_map, item->valuestring); goto error; } - - item = cJSON_GetObjectItem(json, "valid_column"); - if (NULL == item || item->type != cJSON_Number) { - if (ptable->table_type != TABLE_TYPE_ATTRIBUTE) { - log_fatal(logger, MODULE_TABLE, - "[%s:%d] table:%s has no valid column", - __FUNCTION__, __LINE__, ptable->table_name); - goto error; - } - } else { - ptable->valid_column = item->valueint; - } return ptable; error: @@ -674,6 +660,31 @@ static int register_single_tbl_name2id(struct maat_kv_store *tbl_name2id_map, return 0; } +static int register_single_attribute_name2id(struct maat_kv_store *attr_name2id_map, + const char *attr_name, int attr_id, + struct log_handle *logger) +{ + if (strlen(attr_name) >= NAME_MAX) { + log_fatal(logger, MODULE_TABLE, + "[%s:%d] attribute:<%s> name length exceed maxium:%d", + __FUNCTION__, __LINE__, attr_name, NAME_MAX); + return -1; + } + + long long tmp_attr_id = -1; + int ret = maat_kv_read(attr_name2id_map, attr_name, &tmp_attr_id, 1); + if (ret > 0 && tmp_attr_id != attr_id) { + log_fatal(logger, MODULE_TABLE, + "[%s:%d] attribute:<%s>(attr_id:%lld) has already been registered" + ", can't register again", + __FUNCTION__, __LINE__, attr_name, tmp_attr_id); + return -1; + } + + maat_kv_register(attr_name2id_map, attr_name, attr_id); + return 0; +} + static int register_conjunction_tbl_name2id(struct maat_kv_store *conj_tbl_name2id_map, cJSON *root, struct log_handle *logger) { @@ -799,6 +810,71 @@ int maat_default_rule_table_id(cJSON *json, struct log_handle *logger) return item->valueint; } +static long long maat_table_get_sequence(struct maat_kv_store *sequence_map, + const char *sequence_name) +{ + long long sequence = 1; + int map_ret = maat_kv_read(sequence_map, sequence_name, &sequence, 1); + if (map_ret < 0) { + maat_kv_register(sequence_map, sequence_name, sequence); + } else { + sequence++; + int ret = maat_kv_write(sequence_map, sequence_name, sequence); + if (ret < 0) { + return -1; + } + } + + return sequence; +} + +static void maat_table_attribute_update(struct table_manager *tbl_mgr, cJSON *json, + int table_id, struct log_handle *logger) +{ + cJSON *item = cJSON_GetObjectItem(json, "supported_attributes"); + if (NULL == item) { + return; + } + + if (item->type != cJSON_Array) { + log_fatal(logger, MODULE_TABLE, + "[%s:%d] table_id:%d supported_attributes should be an array", + __FUNCTION__, __LINE__, table_id); + return; + } + + int n_attr = cJSON_GetArraySize(item); + for (int i = 0; i < n_attr; i++) { + cJSON *attr = cJSON_GetArrayItem(item, i); + if (NULL == attr || attr->type != cJSON_String) { + log_fatal(logger, MODULE_TABLE, + "[%s:%d] table_id:%d supported_attributes element should be string", + __FUNCTION__, __LINE__, table_id); + return; + } + + struct maat_attribute *pattr = ALLOC(struct maat_attribute, 1); + pattr->table_id = table_id; + pattr->attr_id = maat_table_get_sequence(tbl_mgr->sequence_map, "attribute_id"); + if (pattr->attr_id < 0) { + log_fatal(logger, MODULE_TABLE, + "[%s:%d] table_id:%d attribute %s get id failed", + __FUNCTION__, __LINE__, table_id, attr->valuestring); + return; + } + if (register_single_attribute_name2id(tbl_mgr->attr_name2id_map, attr->valuestring, pattr->attr_id, logger) < 0) { + log_fatal(logger, MODULE_TABLE, + "[%s:%d] table_id:%d attribute %s register failed", + __FUNCTION__, __LINE__, table_id, attr->valuestring); + return; + } + strncpy(pattr->attr_name, attr->valuestring, MAX_NAME_STR_LEN); + + tbl_mgr->attr[pattr->attr_id] = pattr; + tbl_mgr->n_attr++; + } +} + struct table_manager * table_manager_create(const char *table_info_path, const char *accept_tags, enum maat_expr_engine engine_type, struct maat_garbage_bin *garbage_bin, @@ -844,6 +920,8 @@ table_manager_create(const char *table_info_path, const char *accept_tags, tbl_mgr->logger = logger; tbl_mgr->tbl_name2id_map = maat_kv_store_new(); tbl_mgr->conj_tbl_name2id_map = maat_kv_store_new(); + tbl_mgr->attr_name2id_map = maat_kv_store_new(); + tbl_mgr->sequence_map = maat_kv_store_new(); tbl_mgr->engine_type = engine_type; tbl_mgr->ref_garbage_bin = garbage_bin; @@ -909,20 +987,16 @@ table_manager_create(const char *table_info_path, const char *accept_tags, g2g_table_id = maat_tbl->table_id; } + if (maat_tbl->table_type >= TABLE_TYPE_FLAG && maat_tbl->table_type <= TABLE_TYPE_INTERVAL_PLUS) { + maat_table_attribute_update(tbl_mgr, json, maat_tbl->table_id, logger); + } + tbl_mgr->tbl[maat_tbl->table_id] = maat_tbl; tbl_mgr->n_table++; - if (maat_tbl->table_type == TABLE_TYPE_ATTRIBUTE) { - int phy_table_id = attribute_get_physical_table_id(tbl_mgr, maat_tbl->table_id); - log_info(logger, MODULE_TABLE, - "successfully register attribute[%s]->attribute_id:%d," - " physical_table_id:%d", maat_tbl->table_name, maat_tbl->table_id, - phy_table_id); - } else { - log_info(logger, MODULE_TABLE, - "successfully register physical table[%s]->table_id:%d", - maat_tbl->table_name, maat_tbl->table_id); - } + log_info(logger, MODULE_TABLE, + "successfully register table[%s]->table_id:%d", + maat_tbl->table_name, maat_tbl->table_id); } } @@ -990,32 +1064,6 @@ int table_manager_runtime_create(struct table_manager *tbl_mgr, size_t max_threa garbage_bin, tbl_mgr->logger); } - /* object2rule runtime depends on associated rule runtime, - must make sure associated rule runtime already exist */ - for (i = 0; i < MAX_TABLE_NUM; i++) { - table_type = table_manager_get_table_type(tbl_mgr, i); - if (table_type != TABLE_TYPE_OBJECT2RULE) { - continue; - } - - void *schema = table_manager_get_schema(tbl_mgr, i); - if (NULL == schema) { - log_fatal(tbl_mgr->logger, MODULE_TABLE, - "[%s:%d] object2rule table(table_id:%d) schema is null", - __FUNCTION__, __LINE__, i); - continue; - } - - void *g2c_updating_rt = table_manager_get_updating_runtime(tbl_mgr, i); - if (NULL == g2c_updating_rt) { - continue; - } - - int asso_rule_table_id = object2rule_associated_rule_table_id(schema); - void *rule_updating_rt = table_manager_get_updating_runtime(tbl_mgr, asso_rule_table_id); - object2rule_runtime_init(g2c_updating_rt, rule_updating_rt); - } - return 0; } @@ -1104,6 +1152,21 @@ int table_manager_get_table_id(struct table_manager *tbl_mgr, const char *table_ return (int)table_id; } +int table_manager_get_attribute_id(struct table_manager *tbl_mgr, const char *attr_name) +{ + if (NULL == tbl_mgr || NULL == attr_name) { + return -1; + } + + long long attr_id = -1; + int ret = maat_kv_read(tbl_mgr->attr_name2id_map, attr_name, &attr_id, 1); + if (ret < 0) { + return -1; + } + + return (int)attr_id; +} + int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const char *table_name, long long *table_ids_array, size_t n_table_ids_array) { @@ -1128,6 +1191,32 @@ const char *table_manager_get_table_name(struct table_manager *tbl_mgr, int tabl return tbl_mgr->tbl[table_id]->table_name; } +const char *table_manager_get_attribute_name(struct table_manager *tbl_mgr, int attr_id) +{ + if (NULL == tbl_mgr || attr_id < 0) { + return NULL; + } + + if (NULL == tbl_mgr->attr[attr_id]) { + return NULL; + } + + return tbl_mgr->attr[attr_id]->attr_name; +} + +int table_manager_attribute_get_table_id(struct table_manager *tbl_mgr, int attr_id) +{ + if (NULL == tbl_mgr || attr_id < 0) { + return -1; + } + + if (NULL == tbl_mgr->attr[attr_id]) { + return -1; + } + + return tbl_mgr->attr[attr_id]->table_id; +} + const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, int table_id) { if (NULL == tbl_mgr || table_id < 0) { @@ -1185,19 +1274,6 @@ void *table_manager_get_schema(struct table_manager *tbl_mgr, int table_id) return tbl_mgr->tbl[table_id]->schema; } -int table_manager_get_valid_column(struct table_manager *tbl_mgr, int table_id) -{ - if (NULL == tbl_mgr || table_id < 0 || table_id >= MAX_TABLE_NUM) { - return -1; - } - - if (NULL == tbl_mgr->tbl[table_id]) { - return -1; - } - - return tbl_mgr->tbl[table_id]->valid_column; -} - enum maat_expr_engine table_manager_get_expr_engine(struct table_manager *tbl_mgr) { if (NULL == tbl_mgr) { @@ -1252,7 +1328,8 @@ void *table_manager_get_updating_runtime(struct table_manager *tbl_mgr, int tabl } int table_manager_update_runtime(struct table_manager *tbl_mgr, const char *table_name, - int table_id, const char *line, int update_type) + int table_id, const char *line, enum maat_operation op, + int update_type) { void *schema = table_manager_get_schema(tbl_mgr, table_id); if (NULL == schema) { @@ -1270,14 +1347,6 @@ int table_manager_update_runtime(struct table_manager *tbl_mgr, const char *tabl return -1; } - int valid_column = table_manager_get_valid_column(tbl_mgr, table_id); - if (valid_column < 0) { - log_fatal(tbl_mgr->logger, MODULE_TABLE, - "[%s:%d] table:%s has no valid column, can't update runtime", - __FUNCTION__, __LINE__, table_name); - return -1; - } - enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id); if (table_type == TABLE_TYPE_INVALID) { log_fatal(tbl_mgr->logger, MODULE_TABLE, @@ -1294,7 +1363,7 @@ int table_manager_update_runtime(struct table_manager *tbl_mgr, const char *tabl } return table_ops[table_type].update_runtime(runtime, schema, table_name, - line, valid_column); + line, op); } void table_commit_updating_runtime(struct table_manager *tbl_mgr, int table_id, diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 4f7add6..e8bcc88 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -39,7 +39,7 @@ target_link_libraries(maat_ex_data_gtest maat_frame_static gtest_static) add_subdirectory(object_nesting) add_subdirectory(ipport_plugin) -add_subdirectory(benchmark) +#add_subdirectory(benchmark) //TODO: convert iris rule to json rule configure_file(table_info.json table_info.json COPYONLY) configure_file(tsg_table_info.json tsg_table_info.json COPYONLY) diff --git a/test/benchmark/benchmark_gtest.cpp b/test/benchmark/benchmark_gtest.cpp index d96a703..f09ce7a 100644 --- a/test/benchmark/benchmark_gtest.cpp +++ b/test/benchmark/benchmark_gtest.cpp @@ -2,7 +2,6 @@ #include "log/log.h" #include "maat_utils.h" #include "maat_core.h" -#include "json2iris.h" #include "ip_matcher.h" #include "maat_table.h" #include "../test_utils.h" diff --git a/test/ipport_plugin/ipport_plugin_gtest.cpp b/test/ipport_plugin/ipport_plugin_gtest.cpp index a57adce..77b2f20 100644 --- a/test/ipport_plugin/ipport_plugin_gtest.cpp +++ b/test/ipport_plugin/ipport_plugin_gtest.cpp @@ -158,7 +158,7 @@ test_add_ipport_plugin_command(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = 0; - maat_cmd_set_line(maat_inst, &line_rule); + maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); return 0; } @@ -188,7 +188,7 @@ test_del_ipport_plugin_command(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = 0; - maat_cmd_set_line(maat_inst, &line_rule); + maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); return 0; } @@ -235,6 +235,7 @@ void *ipport_plugin_update_thread(void *arg) return is_all_hit; } +#if 0 //TODO: convert iris rule to json rule TEST_F(IPPortPluginTable, WITHOUT_SAME_IP) { char redis_ip[32] = "127.0.0.1"; int redis_port = 6379; @@ -380,6 +381,7 @@ TEST_F(IPPortPluginTable, WITH_256SAME_IP) { "IpportPluginScan with 256 same ip match rate speed" " %lld lookups/s/thread", scan_per_second); } +#endif int main(int argc, char ** argv) { diff --git a/test/maat_ex_data_gtest.cpp b/test/maat_ex_data_gtest.cpp index 8dd904c..3a1fe30 100644 --- a/test/maat_ex_data_gtest.cpp +++ b/test/maat_ex_data_gtest.cpp @@ -1,7 +1,6 @@ #include "maat.h" #include "log/log.h" #include "maat_utils.h" -#include "json2iris.h" #include "maat_command.h" #include "maat_ex_data.h" #include "maat_garbage_collection.h" diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index bd0d342..c18c19e 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -8,7 +8,6 @@ #include "maat_utils.h" #include "maat_command.h" #include "ip_matcher.h" -#include "json2iris.h" #include "log/log.h" #include "maat_config_monitor.h" #include "maat_redis_monitor.h" @@ -5260,7 +5259,7 @@ void maat_read_entry_start_cb(int update_type, void *u_para) { } -void maat_read_entry_cb(int table_id, const char *table_line, void *u_para) +void maat_read_entry_cb(int table_id, const char *table_line, enum maat_operation op, void *u_para) { char ip_str[16] = {0}; int entry_id = -1, seq = -1; @@ -6530,7 +6529,7 @@ protected: struct maat *Policy::_shared_maat_inst; struct log_handle *Policy::logger; -void accept_tags_entry_cb(int table_id, const char *table_line, void *u_para) +void accept_tags_entry_cb(int table_id, const char *table_line, enum maat_operation op, void *u_para) { int* callback_times = (int *)u_para; char status[32] = {0}; @@ -6559,7 +6558,7 @@ TEST_F(Policy, PluginRuleTags1) { EXPECT_EQ(callback_times, 5); } -void accept_tags_entry2_cb(int table_id, const char *table_line, void *u_para) +void accept_tags_entry2_cb(int table_id, const char *table_line, enum maat_operation op, void *u_para) { int *callback_times = (int *)u_para; (*callback_times)++; @@ -6973,6 +6972,7 @@ TEST_F(TableInfo, Conjunction) { state = NULL; } +#if 0 //TODO: change iris rule to json rule class FileTest : public testing::Test { protected: @@ -7067,6 +7067,7 @@ TEST_F(FileTest, StreamFiles) { free(name_list); } +#endif class ObjectHierarchy : public testing::Test { @@ -8293,7 +8294,7 @@ TEST_F(MaatCmd, SetLines) { line_rule.table_line = table_line_add[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_GT(ret, 0); } @@ -8304,13 +8305,13 @@ TEST_F(MaatCmd, SetLines) { line_rule.table_line = table_line_del[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); EXPECT_GT(ret, 0); } } int g_test_update_paused = 0; -void pause_update_test_entry_cb(int table_id,const char* table_line,void* u_para) +void pause_update_test_entry_cb(int table_id,const char* table_line, enum maat_operation op, void* u_para) { char status[32] = {0}; int entry_id = -1, seq = -1; @@ -8341,7 +8342,7 @@ TEST_F(MaatCmd, PauseUpdate) { line_rule.table_line = line; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_EQ(ret, 1); free(line); @@ -8394,7 +8395,7 @@ int is_same_file(const char *filename1, const char *filename2) int g_test_foregin_read_OK = 0, g_test_foreign_del_OK = 0; char file1_to_del[256], file2_to_del[256]; const char* empty_file_name = "An_empty_file"; -void foreign_key_test_entry_cb(int table_id, const char *table_line, void *u_para) +void foreign_key_test_entry_cb(int table_id, const char *table_line, enum maat_operation op, void *u_para) { int rule_id=-1, not_care=0, tag=0; int is_valid=0; @@ -8467,7 +8468,7 @@ TEST_F(MaatCmd, SetFile) { line_rule.table_line = line; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S);//wait for callback triggered. EXPECT_EQ(g_test_foregin_read_OK, 1); @@ -8486,7 +8487,7 @@ TEST_F(MaatCmd, SetFile) { line_rule.rule_id, tag, file1_name, file1_key, file2_name, file2_key); line_rule_del.table_line = line; line_rule_del.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule_del); + ret = maat_cmd_set_line(maat_inst, &line_rule_del, MAAT_OP_DEL); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -8508,7 +8509,7 @@ TEST_F(MaatCmd, SetFile) { g_test_foregin_read_OK = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S);//wait for callback triggered. EXPECT_EQ(g_test_foregin_read_OK, 1); @@ -8631,7 +8632,7 @@ TEST_F(MaatCmd, PluginEXData) { line_rule.table_line = table_line_add[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_GT(ret, 0); } @@ -8662,7 +8663,7 @@ TEST_F(MaatCmd, PluginEXData) { line_rule.table_line = table_line_del[1]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); EXPECT_GT(ret, 0); sleep(WAIT_FOR_EFFECTIVE_S); //gc_timeout_s == 3 which configured in table_info @@ -8711,7 +8712,7 @@ TEST_F(MaatCmd, UpdateIPPlugin) { line_rule.table_line = table_line_add[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_GT(ret, 0); } @@ -8756,7 +8757,7 @@ TEST_F(MaatCmd, UpdateIPPlugin) { line_rule.table_line = table_line_del[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); EXPECT_GT(ret, 0); } @@ -8807,7 +8808,7 @@ TEST_F(MaatCmd, UpdateFQDNPlugin) { line_rule.table_line = table_line_add[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_GT(ret, 0); } @@ -8839,7 +8840,7 @@ TEST_F(MaatCmd, UpdateFQDNPlugin) { line_rule.table_line = table_line_del[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); EXPECT_GT(ret, 0); } @@ -8889,7 +8890,7 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { line_rule.table_line = table_line_add[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); EXPECT_GT(ret, 0); } @@ -8919,7 +8920,7 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { line_rule.table_line = table_line_del[i]; line_rule.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); EXPECT_GT(ret, 0); } sleep(WAIT_FOR_EFFECTIVE_S); diff --git a/test/maat_framework_perf_gtest.cpp b/test/maat_framework_perf_gtest.cpp index 6225973..422e01d 100644 --- a/test/maat_framework_perf_gtest.cpp +++ b/test/maat_framework_perf_gtest.cpp @@ -7,7 +7,6 @@ #include "maat_utils.h" #include "ip_matcher.h" #include "maat_command.h" -#include "json2iris.h" #include "maat_config_monitor.h" #include "maat_redis_monitor.h" @@ -1208,7 +1207,7 @@ void *perf_fqdn_plugin_update_thread(void *arg) line_rule.rule_id, fqdn_buff); line_rule.table_line = line_buff; line_rule.expire_after = 0; - maat_cmd_set_line(maat_inst, &line_rule); + maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); sleep(WAIT_FOR_EFFECTIVE_S); } @@ -1422,7 +1421,7 @@ void *perf_bool_plugin_update_thread(void *arg) snprintf(line_buff, 1024, "%lld\t1&%d\ttunnel2\t1", line_rule.rule_id, i); line_rule.table_line = line_buff; line_rule.expire_after = 0; - maat_cmd_set_line(maat_inst, &line_rule); + maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); sleep(WAIT_FOR_EFFECTIVE_S); } @@ -1489,43 +1488,6 @@ TEST_F(MaatPerfBoolPluginScan, MultiThread) { PERF_THREAD_NUM, scan_per_second); } -class MaatPerfFileScan : public testing::Test -{ -protected: - static void SetUpTestCase() { - logger = log_handle_create("./maat_framework_perf_gtest.log", 0); - const char *rule_folder = "./tsgrule/index"; - const char *table_info = "./tsg_table_info.json"; - - struct maat_options *opts = maat_options_new(); - maat_options_set_stat_file(opts, "./stat.log"); - maat_options_set_perf_on(opts); - maat_options_set_iris(opts, rule_folder, rule_folder); - maat_options_set_logger(opts, "./maat_framework_perf_gtest.log", - LOG_LEVEL_INFO); - maat_options_set_caller_thread_number(opts, 5); - - _shared_maat_inst = maat_new(opts, table_info); - maat_options_free(opts); - if (NULL == _shared_maat_inst) { - log_fatal(logger, MODULE_FRAMEWORK_PERF_GTEST, - "[%s:%d] create maat instance in MaatPerfFileScan failed.", - __FUNCTION__, __LINE__); - } - } - - static void TearDownTestCase() { - maat_free(_shared_maat_inst); - log_handle_destroy(logger); - } - - static struct log_handle *logger; - static struct maat *_shared_maat_inst; -}; - -struct maat *MaatPerfFileScan::_shared_maat_inst; -struct log_handle *MaatPerfFileScan::logger; - struct perf_ip_plugin_ud { long long rule_id; }; @@ -1565,6 +1527,45 @@ void perf_ip_plugin_EX_dup_cb(int table_id, void **to, void **from, *to = u; } +//TODO: convert iris rule to json rule +#if 0 +class MaatPerfFileScan : public testing::Test +{ +protected: + static void SetUpTestCase() { + logger = log_handle_create("./maat_framework_perf_gtest.log", 0); + const char *rule_folder = "./tsgrule/index"; + const char *table_info = "./tsg_table_info.json"; + + struct maat_options *opts = maat_options_new(); + maat_options_set_stat_file(opts, "./stat.log"); + maat_options_set_perf_on(opts); + maat_options_set_iris(opts, rule_folder, rule_folder); + maat_options_set_logger(opts, "./maat_framework_perf_gtest.log", + LOG_LEVEL_INFO); + maat_options_set_caller_thread_number(opts, 5); + + _shared_maat_inst = maat_new(opts, table_info); + maat_options_free(opts); + if (NULL == _shared_maat_inst) { + log_fatal(logger, MODULE_FRAMEWORK_PERF_GTEST, + "[%s:%d] create maat instance in MaatPerfFileScan failed.", + __FUNCTION__, __LINE__); + } + } + + static void TearDownTestCase() { + maat_free(_shared_maat_inst); + log_handle_destroy(logger); + } + + static struct log_handle *logger; + static struct maat *_shared_maat_inst; +}; + +struct maat *MaatPerfFileScan::_shared_maat_inst; +struct log_handle *MaatPerfFileScan::logger; + static void *ip_plugin_get_thread(void *arg) { const char *table_name = "TSG_IP_LOCATION_BUILT_IN"; @@ -1632,6 +1633,7 @@ TEST_F(MaatPerfFileScan, IPPlugin) { free(is_all_hit); } } +#endif class MaatPerfIPPortPluginScan : public testing::Test { @@ -1730,7 +1732,7 @@ void *perf_ipport_plugin_update_thread(void *arg) line_rule.rule_id, 200+i, 300+i); line_rule.table_line = line_buff; line_rule.expire_after = 0; - maat_cmd_set_line(maat_inst, &line_rule); + maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); sleep(WAIT_FOR_EFFECTIVE_S); } diff --git a/test/maat_input_mode_gtest.cpp b/test/maat_input_mode_gtest.cpp index 80eac90..153f5b5 100644 --- a/test/maat_input_mode_gtest.cpp +++ b/test/maat_input_mode_gtest.cpp @@ -1,7 +1,6 @@ #include "maat.h" #include "maat_utils.h" #include "maat_core.h" -#include "json2iris.h" #include "test_utils.h" #include "maat_table.h" #include "maat_config_monitor.h" @@ -16,11 +15,11 @@ const char *g_json_filename = "maat_json.json"; struct log_handle *g_logger = NULL; TEST(json_mode, maat_scan_string) { - char iris_idx_path[PATH_MAX] = {0}; char json_iris_path[PATH_MAX] = {0}; char json_path[PATH_MAX] = {0}; long long results[5] = {0}; size_t n_hit_result = 0; + int ret = 0; int thread_id = 0; char scan_data[128] = "string1, string2, string3, string4, " "string5, string6, string7, string8"; @@ -28,13 +27,8 @@ TEST(json_mode, maat_scan_string) { snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", g_json_filename); - snprintf(iris_idx_path, sizeof(iris_idx_path), "%s/index", json_iris_path); snprintf(json_path, sizeof(json_path), "./%s", g_json_filename); - int ret = write_json_to_iris(g_json_filename, iris_idx_path, - sizeof(iris_idx_path), g_logger); - assert(ret == 0); - struct maat_options *opts = maat_options_new(); maat_options_set_json_file(opts, json_path); maat_options_set_stat_on(opts); @@ -58,47 +52,6 @@ TEST(json_mode, maat_scan_string) { maat_free(maat_inst); } -TEST(iris_mode, maat_scan_string) { - char json_iris_path[512] = {0}; - char iris_idx_path[PATH_MAX] = {0}; - long long results[5] = {0}; - size_t n_hit_result = 0; - int thread_id = 0; - const char *table_name = "KEYWORDS_TABLE"; - char scan_data[128] = "string1, string2, string3, string4, " - "string5, string6, string7, string8"; - - snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", - g_json_filename); - snprintf(iris_idx_path, sizeof(iris_idx_path), "%s/index", json_iris_path); - - int ret = write_json_to_iris(g_json_filename, iris_idx_path, - sizeof(iris_idx_path), g_logger); - assert(ret == 0); - - struct maat_options *opts = maat_options_new(); - maat_options_set_stat_on(opts); - maat_options_set_perf_on(opts); - maat_options_set_iris(opts, iris_idx_path, iris_idx_path); - maat_options_set_logger(opts, "./maat_input_mode_gtest.log", LOG_LEVEL_INFO); - - struct maat *maat_inst = maat_new(opts, g_table_info_path); - EXPECT_TRUE(maat_inst != NULL); - - int table_id = maat_get_table_id(maat_inst, table_name); - struct maat_state *state = maat_state_new(maat_inst, thread_id); - - ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), - results, sizeof(results), &n_hit_result, state); - EXPECT_EQ(ret, MAAT_SCAN_HIT); - EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], 182); - - maat_options_free(opts); - maat_state_free(state); - maat_free(maat_inst); -} - TEST(redis_mode, maat_scan_string) { char redis_ip[32] = "127.0.0.1"; int redis_port = 6379; diff --git a/test/object_nesting/object_nesting_gtest.cpp b/test/object_nesting/object_nesting_gtest.cpp index 7ecc6f4..ac59dc9 100644 --- a/test/object_nesting/object_nesting_gtest.cpp +++ b/test/object_nesting/object_nesting_gtest.cpp @@ -185,7 +185,7 @@ TEST_F(MaatObjectExclude, level_3_function) { sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id, rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD); } object2object_runtime_commit(g2g_runtime, table_name, 1); @@ -202,7 +202,7 @@ TEST_F(MaatObjectExclude, level_3_function) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id, rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 2); super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2, @@ -216,7 +216,7 @@ TEST_F(MaatObjectExclude, level_3_function) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].object_id, rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 3); super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2, @@ -250,7 +250,7 @@ TEST_F(MaatObjectExclude, level_3_perf) { sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id, rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD); } object2object_runtime_commit(g2g_runtime, table_name, 4); @@ -274,7 +274,7 @@ TEST_F(MaatObjectExclude, level_3_perf) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id, rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 5); clock_gettime(CLOCK_MONOTONIC, &start); @@ -291,7 +291,7 @@ TEST_F(MaatObjectExclude, level_3_perf) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].object_id, rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 6); clock_gettime(CLOCK_MONOTONIC, &start); @@ -327,7 +327,7 @@ TEST_F(MaatObjectExclude, level_4_function) { sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id, rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD); } object2object_runtime_commit(g2g_runtime, table_name, 7); @@ -347,7 +347,7 @@ TEST_F(MaatObjectExclude, level_4_function) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id, rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 8); super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2, @@ -384,7 +384,7 @@ TEST_F(MaatObjectExclude, level_4_perf) { sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id, rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD); } object2object_runtime_commit(g2g_runtime, table_name, 7); @@ -408,7 +408,7 @@ TEST_F(MaatObjectExclude, level_4_perf) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id, rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 8); clock_gettime(CLOCK_MONOTONIC, &start); @@ -444,7 +444,7 @@ TEST_F(MaatObjectExclude, level_exceed_function) { sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id, rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD); } object2object_runtime_commit(g2g_runtime, table_name, 8); @@ -465,7 +465,7 @@ TEST_F(MaatObjectExclude, level_exceed_function) { memset(table_line, 0, sizeof(table_line)); sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id, rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0); - object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4); + object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL); object2object_runtime_commit(g2g_runtime, table_name, 9); hit_object_ids[0] = 7; diff --git a/test/test_utils.cpp b/test/test_utils.cpp index cdb862e..1cfbfd7 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -4,7 +4,6 @@ #include "maat_table.h" #include "maat_core.h" #include "maat_config_monitor.h" -#include "json2iris.h" #include #include @@ -13,14 +12,14 @@ int line_idx = 0; long long absolute_expire_time = 0; static int -count_line_num_cb(const char *table_name, const char *line, void *u_para) +count_line_num_cb(const char *table_name, const char *line, void *u_para, enum maat_operation op) { (*((unsigned int *)u_para))++; return 0; } static int -make_serial_rule(const char *table_name, const char *line, void *u_para) +make_serial_rule(const char *table_name, const char *line, void *u_para, enum maat_operation op) { struct serial_rule *s_rule=(struct serial_rule *)u_para; redisContext *ctx = s_rule->ref_ctx; @@ -56,33 +55,22 @@ make_serial_rule(const char *table_name, const char *line, void *u_para) return 0; } -int write_json_to_iris(const char* json_fn, char *iris_path, size_t path_sz, - struct log_handle *logger) +int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port, + int redis_db, struct log_handle *logger) { - char *json_buff = NULL; size_t json_buff_sz = 0; + cJSON *json_root = NULL; - int ret = load_file_to_memory(json_fn, (unsigned char **)&json_buff, + int ret = load_file_to_memory(json_filename, (unsigned char **)&json_buff, &json_buff_sz); if (ret < 0) { return -1; } - ret = json2iris(json_buff, json_fn, NULL, iris_path, path_sz, NULL, NULL, logger); - FREE(json_buff); + convert_maat_json_rule(json_root, (unsigned char *)json_buff); - if (ret < 0) { - return -1; - } - - return 0; -} - -int write_iris_to_redis(const char *iris_path, char *redis_ip, int redis_port, - int redis_db, struct log_handle *logger) -{ - redisContext *c = maat_connect_redis(redis_ip, redis_port, redis_db, logger); + redisContext *c = maat_connect_redis(redis_ip, redis_port, redis_db, logger); if (NULL == c) { return -1; } @@ -96,7 +84,7 @@ int write_iris_to_redis(const char *iris_path, char *redis_ip, int redis_port, } size_t total_line_cnt = 0; - config_monitor_traverse(0, iris_path, NULL, count_line_num_cb, + config_monitor_traverse(0, json_root, NULL, count_line_num_cb, NULL, &total_line_cnt, NULL, logger); struct serial_rule *s_rule = ALLOC(struct serial_rule, total_line_cnt); @@ -107,7 +95,7 @@ int write_iris_to_redis(const char *iris_path, char *redis_ip, int redis_port, } absolute_expire_time = server_time + 300; - config_monitor_traverse(0, iris_path, NULL, make_serial_rule, + config_monitor_traverse(0, json_root, NULL, make_serial_rule, NULL, s_rule, NULL, logger); s_rule->ref_ctx = NULL; line_idx = 0; @@ -126,23 +114,7 @@ int write_iris_to_redis(const char *iris_path, char *redis_ip, int redis_port, } FREE(s_rule); redisFree(c); - return 0; -} - -int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port, - int redis_db, struct log_handle *logger) -{ - char iris_path[512] = {0}; - - int ret = write_json_to_iris(json_filename, iris_path, sizeof(iris_path), logger); - if (ret < 0) { - return -1; - } - - ret = write_iris_to_redis(iris_path, redis_ip, redis_port, redis_db, logger); - if (ret < 0) { - return -1; - } + cJSON_Delete(json_root); return 0; } @@ -162,7 +134,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } #define TO_OBJECT2X_KEY(object_id, parent_id, condition_index) \ @@ -184,7 +156,7 @@ int object2rule_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } int object2object_table_set_line(struct maat *maat_inst, const char *table_name, @@ -201,7 +173,7 @@ int object2object_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } int expr_table_set_line(struct maat *maat_inst, const char *table_name, @@ -234,7 +206,7 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } int interval_table_set_line(struct maat *maat_inst, const char *table_name, @@ -266,7 +238,7 @@ int interval_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } int ip_table_set_line(struct maat *maat_inst, const char *table_name, @@ -288,7 +260,7 @@ int ip_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } int flag_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long item_id, @@ -310,7 +282,7 @@ int flag_table_set_line(struct maat *maat_inst, const char *table_name, line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule); + return maat_cmd_set_line(maat_inst, &line_rule, op); } void random_keyword_generate(char *keyword_buf, size_t sz) diff --git a/test/test_utils.h b/test/test_utils.h index 76f8191..098617d 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -7,12 +7,6 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port, int redis_db, struct log_handle *logger); -int write_iris_to_redis(const char *iris_path, char *redis_ip, int redis_port, - int redis_db, struct log_handle *logger); - -int write_json_to_iris(const char* json_fn, char *iris_path, size_t path_sz, - struct log_handle *logger); - int rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long rule_id, const char *user_region, int condition_num, diff --git a/tools/maat_redis_tool.cpp b/tools/maat_redis_tool.cpp index 08b9279..396bd2c 100644 --- a/tools/maat_redis_tool.cpp +++ b/tools/maat_redis_tool.cpp @@ -11,7 +11,6 @@ #include "cJSON/cJSON.h" #include "maat_config_monitor.h" #include "maat_redis_monitor.h" -#include "json2iris.h" #include "../test/test_utils.h" #include "hiredis/hiredis.h"