gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,017 Commits 7 Branches 200 Tags
refactor-separate-scan-and-stat-compile
Commit Graph

36 Commits

Author SHA1 Message Date
yangwei
1dfc7d36e1 🔧 build(rulescan cxx flags): ignore narrowing for el9 2024-11-11 17:39:12 +08:00
yangwei
634a3a884c 🔧 build(fix el9 compile warning): upgrade hyperscan & rulescan 2024-11-11 17:27:40 +08:00
liuwentan
35d60d06b5 [BUGFIX]solve Rocky8-debug illegal instruction 2024-03-22 14:29:34 +08:00
liuwentan
dd5d65ec80 [PATCH]update colm & ragel version 2024-03-20 10:08:39 +08:00
liuwentan
102c8ac0f8 [BUGFIX] rulescan stream input data_len maximum:(1500 -> 65535) => TSG-18030 2023-12-26 12:35:09 +00:00
liuwentan
42f4480271 [FEATURE]expr_matcher support dual engine(hyperscan & rulescan) & benchmark 2023-08-10 16:10:50 +08:00
liuwentan
fb0cb5405d rollback to v4.0.31 2023-08-09 19:22:09 +08:00
刘文坛
af0461bb25 [FEATURE]support benchmark 2023-08-01 10:08:52 +00:00
刘文坛
bcbb796a7d [FEATURE]expr_matcher support dual engine(hyperscan & rulescan) 2023-07-28 12:32:25 +00:00
刘文坛
5a18084eaa [BUGFIX]fix hyperscan-5.4.2 literal empty string check bug 2023-06-14 09:10:16 +00:00
liuwentan
8e882a8f72 [PATCH]hyperscan version 5.4.0->5.4.2 2023-06-12 18:22:01 +08:00
liuwentan
e8fb0143e9 read_full_config error can't abort maat_new 2023-04-12 15:31:17 +08:00
liuwentan
71d6cbab2c fix hyperscan depends ragel bug 2023-03-15 15:11:07 +08:00
liuwentan
fb4043f225 change sudo make -> make 2023-03-15 14:07:29 +08:00
liuwentan
1566a30002 ipmatcher rule_id -> long long & scanner engine centralization 2023-03-01 09:32:36 +08:00
liuwentan
bbed56db80 compile table support conjunction, ip_plugin support cidr 2023-02-20 10:57:40 +08:00
liuwentan
f688a99bd0 add ci config 2023-02-16 11:13:23 +08:00
liuwentan
379efcf027 cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00
liuwentan
c1902f8deb fix flag_matcher and interval_matcher compile error 2023-02-07 11:25:31 +08:00
liuwentan
4d2f783874 add flagMatcher and IntevalMatcher 2023-02-06 08:14:25 +08:00
liuwentan
9778267b48 add dynamic config unit-test and hierarchy unfinished 2022-12-14 15:28:21 +08:00
liuwentan
ea4c1ba4c3 add json/redis rule parser 2022-12-03 22:23:41 +08:00
liuwentan
7e6d131c9e framework work well 2022-11-25 16:32:29 +08:00
liuwentan
d9f62317b2 [SCANNER]modify hyperscan deps 2022-10-31 11:21:51 +08:00
liuwentan
6881611975 [SCANNER]add hyperscan libs 2022-10-27 17:58:52 +08:00
zhengchao
7e860f2c58 Refactor from scratch. 2022-10-26 14:41:22 +08:00
zhengchao
f88f730fd6 Upgrade hiredis library: hiredis-vip-0.3.0.tar.gz -> hiredis-1.0.2.tar.gz. 2022-08-23 19:04:35 +08:00
zhengchao
502a6e3420 更新IP Matcher:不再使用全局的结果缓存数组m_v,改为栈内变量,以修复多线程扫描时的线程不安全访问。 
修复 TSG-6825 TSG-6524
 2021-07-01 14:42:14 +08:00
liuxueli
7d6bc2737c 关闭IPscan写日志的开关 
关闭changelog
修复编译debuginfo出错的问题
 2020-09-02 17:17:07 +08:00
zhengchao
de53e4676b 更新ip_matcher,解决IPv6字节序问题。 
根据rfc2553,ipv6地址是一个16字节的数组,用网络序存储。
3.2 IPv6 Address Structure
   A new in6_addr structure holds a single IPv6 address and is defined
   as a result of including <netinet/in.h>:
      struct in6_addr {
          uint8_t  s6_addr[16];      /* IPv6 address */
      };
This data structure contains an array of sixteen 8-bit elements, which make up one 128-bit IPv6 address. The IPv6 address is stored in network byte order.
IPv6地址由高位到低位存储在第0至15个uint8_t中。例如地址2001:0db8:1234::5210,rfc2553存储为(通过inet_pton):
static const uint8_t myaddr[16] = { 0x20, 0x01, 0x0d, 0xb8, 0x12, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x10 };

上述地址转换为uint32_t网络序后:
static const uint32_t myaddr_network_byte_order[4]={ 0xb80d0120, 0x3412, 0x0, 0x10520000}

再转换为主机序后,这也是MAAT输入ipmatcher和rulescan的格式:
static const uint32_t myaddr_host_byte_order[4]={ 0x20010db8, 0x12340000, 0x0, 0x5210}

目前,ip_matcher中int数组高位到低位的顺序是a[3]a[2]a[1]a[0],与RFC2553、Linux都不一致。
 2020-05-13 14:53:26 +08:00
zhengchao
9d0d510348 新增IP回调表,可以进行IPv4和IPv6的区间匹配。 2020-05-13 14:53:25 +08:00
zhengchao
29c4d7ebf3 使用有向图(Directed Acyclic Graph)描述分组间的引用关系,引入igraph库。 2019-07-11 17:05:33 +08:00
zhengchao
cbd3cf4ab2 同步修改maat_redis_tool支持64位的Maat redis key。 2018-10-26 10:26:48 +08:00
zhengchao
a49222cc1d 1)hiredis-vip静态链接到maat;2)maat_redis_tool静态链接libmaatframe.a;3)增加文件删除的测试用例。 2018-09-26 19:30:15 +08:00
zhengchao
4d5b5f1f45 maat_redis_tool支持dump内容外键。 2018-09-26 12:09:08 +08:00
zhengchao
37887c9709 集成google test测试框架。 2018-09-23 20:54:37 +08:00