/* ********************************************************************************************** * File: maat_ip_plugin.cpp * Description: * Authors: Liu wentan * Date: 2022-10-31 * Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved. *********************************************************************************************** */ #include "maat_ip_plugin.h" #include "cJSON/cJSON.h" #include "log/log.h" #include "utils.h" #include "maat_utils.h" #include "maat_ex_data.h" #include "IPMatcher.h" #include "maat_rule.h" #define MODULE_IP_PLUGIN module_name_str("maat.ip_plugin") #define MAX_IP_STR 128 struct ip_plugin_item { int item_id; int ip_type; char start_ip[MAX_IP_STR]; char end_ip[MAX_IP_STR]; int rule_tag; }; struct ip_plugin_schema { int item_id_column; int ip_type_column; int start_ip_column; int end_ip_column; int rule_tag_column; struct ex_data_schema *ex_schema; int table_id; //ugly }; struct ip_plugin_runtime { struct ip_matcher *ip_matcher; struct ex_data_runtime *ex_data_rt; uint32_t rule_num; uint32_t updating_rule_num; struct maat_item *item_hash; void (*item_user_data_free)(void *); struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; // long long *scan_cnt; // long long *hit_cnt; // long long *not_grp_hit_cnt; // long long *stream_num; }; void *ip_plugin_schema_new(cJSON *json, const char *table_name, struct log_handle *logger) { size_t read_cnt = 0; struct ip_plugin_schema *ip_plugin_schema = ALLOC(struct ip_plugin_schema, 1); cJSON *custom_item = NULL; cJSON *item = cJSON_GetObjectItem(json, "table_id"); if (NULL == item || item->type != cJSON_Number) { goto error; } ip_plugin_schema->table_id = item->valueint; item = cJSON_GetObjectItem(json, "custom"); if (NULL == item || item->type != cJSON_Object) { log_error(logger, MODULE_IP_PLUGIN, "table %s has no custom column", table_name); goto error; } custom_item = cJSON_GetObjectItem(item, "item_id"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_plugin_schema->item_id_column = custom_item->valueint; read_cnt++; } custom_item = cJSON_GetObjectItem(item, "ip_type"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_plugin_schema->ip_type_column = custom_item->valueint; read_cnt++; } custom_item = cJSON_GetObjectItem(item, "start_ip"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_plugin_schema->start_ip_column = custom_item->valueint; read_cnt++; } custom_item = cJSON_GetObjectItem(item, "end_ip"); if (custom_item != NULL && custom_item->type == cJSON_Number) { ip_plugin_schema->end_ip_column = custom_item->valueint; read_cnt++; } if (read_cnt < 4) { goto error; } return ip_plugin_schema; error: FREE(ip_plugin_schema); return NULL; } void ip_plugin_schema_free(void *ip_plugin_schema) { if (NULL == ip_plugin_schema) { return; } struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema; if (schema->ex_schema != NULL) { ex_data_schema_free(schema->ex_schema); schema->ex_schema = NULL; } FREE(schema); } struct ex_data_schema *ip_plugin_table_get_ex_data_schema(void *ip_plugin_schema) { if (NULL == ip_plugin_schema) { return NULL; } struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema; return schema->ex_schema; } struct ip_plugin_item *ip_plugin_item_new(const char *line, struct ip_plugin_schema *ip_plugin_schema, struct log_handle *logger) { size_t column_offset = 0; size_t column_len = 0; struct ip_plugin_item *ip_plugin_item = ALLOC(struct ip_plugin_item, 1); int ret = get_column_pos(line, ip_plugin_schema->item_id_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP_PLUGIN, "ip plugin table(table_id:%d) line:%s has no item_id", ip_plugin_schema->table_id, line); goto error; } ip_plugin_item->item_id = atoi(line + column_offset); ret = get_column_pos(line, ip_plugin_schema->ip_type_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP_PLUGIN, "ip plugin table(table_id:%d) line:%s has no ip_type", ip_plugin_schema->table_id, line); goto error; } ip_plugin_item->ip_type = atoi(line + column_offset); if (ip_plugin_item->ip_type != 4 && ip_plugin_item->ip_type != 6) { log_error(logger, MODULE_IP_PLUGIN, "ip_plugin table(table_id:%d) line:%s ip_type[%d] invalid", ip_plugin_schema->table_id, line, ip_plugin_item->ip_type); goto error; } ret = get_column_pos(line, ip_plugin_schema->start_ip_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP_PLUGIN, "ip_plugin table(table_id:%d) line:%s has no start_ip", ip_plugin_schema->table_id, line); goto error; } strncpy(ip_plugin_item->start_ip, line + column_offset, MIN(column_len, sizeof(ip_plugin_item->start_ip))); ret = get_column_pos(line, ip_plugin_schema->end_ip_column, &column_offset, &column_len); if (ret < 0) { log_error(logger, MODULE_IP_PLUGIN, "ip_plugin table(table_id:%d) line:%s has no end_ip", ip_plugin_schema->table_id, line); goto error; } strncpy(ip_plugin_item->end_ip, line + column_offset, MIN(column_len, sizeof(ip_plugin_item->end_ip))); return ip_plugin_item; error: FREE(ip_plugin_item); return NULL; } void ip_plugin_item_free(struct ip_plugin_item *item) { FREE(item); } int ip_plugin_table_ex_data_schema_flag(struct ip_plugin_schema *ip_plugin_schema) { } int ip_plugin_table_set_ex_data_schema(void *ip_plugin_schema, maat_plugin_ex_new_func_t *new_func, maat_plugin_ex_free_func_t *free_func, maat_plugin_ex_dup_func_t *dup_func, long argl, void *argp) { struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema; struct ex_data_schema *ex_schema = schema->ex_schema; if (ex_schema->set_flag) { assert(0); log_error(logger, MODULE_TABLE, "Error: %s, EX data schema already registed", __FUNCTION__); return -1; } ex_schema->new_func = new_func; ex_schema->free_func = free_func; ex_schema->dup_func = dup_func; ex_schema->argl = argl; ex_schema->argp = argp; //ex_schema->set_flag = 1; return 0; } int ip_plugin_runtime_update_row(struct ip_plugin_runtime *rt, struct ip_plugin_schema *schema, const char *row, char *key, size_t key_len, struct ip_plugin_item *item, int is_valid) { int ret = -1; struct ex_data_runtime *ex_data_rt = rt->ex_data_rt; int set_flag = ip_plugin_table_schema_ex_data_schema_flag(schema); if (1 == set_flag) { if (0 == is_valid) { //delete ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len); if (ret < 0) { return -1; } } else { //add void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, row, key, key_len); struct ex_data_container *ex_container = ex_data_container_new(ex_data, (void *)item); ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len, ex_container); if (ret < 0) { return -1; } } } else { ex_data_runtime_cache_row_put(ex_data_rt, row); } return 0; } void *ip_plugin_runtime_new(void *ip_plugin_schema, struct maat_garbage_bin *garbage_bin, struct log_handle *logger) { if (NULL == ip_plugin_schema) { return NULL; } struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema; struct ip_plugin_runtime *ip_plugin_rt = ALLOC(struct ip_plugin_runtime, 1); ip_plugin_rt->ex_data_rt = ex_data_runtime_new(schema->table_id, ex_data_container_free); ip_plugin_rt->item_user_data_free = maat_item_inner_free; ip_plugin_rt->ref_garbage_bin = garbage_bin; ip_plugin_rt->logger = logger; return ip_plugin_rt; } void ip_plugin_runtime_free(void *ip_plugin_runtime) { if (NULL == ip_plugin_runtime) { return; } struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; if (ip_plugin_rt->ip_matcher != NULL) { ip_matcher_free(ip_plugin_rt->ip_matcher); } if (ip_plugin_rt->ex_data_rt != NULL) { ex_data_runtime_free(ip_plugin_rt->ex_data_rt); } struct maat_item *item = NULL, *tmp_item = NULL; HASH_ITER(hh, ip_plugin_rt->item_hash, item, tmp_item) { HASH_DELETE(hh, ip_plugin_rt->item_hash, item); maat_item_free(item, ip_plugin_rt->item_user_data_free); } FREE(ip_plugin_rt); } int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, const char *line, int valid_column) { if (NULL == ip_plugin_runtime || NULL == ip_plugin_schema || NULL == line) { return -1; } struct maat_item *item = NULL; struct ip_plugin_item *ip_plugin_item = NULL; struct maat_item_inner *u_para = NULL; struct ip_plugin_schema *schema = (struct ip_plugin_schema *)ip_plugin_schema; struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; int item_id = get_column_value(line, schema->item_id_column); int is_valid = get_column_value(line, valid_column); if (is_valid < 0) { return -1; } else if (0 == is_valid) { //delete HASH_FIND_INT(ip_plugin_rt->item_hash, &item_id, item); if (NULL == item) { return -1; } u_para = (struct maat_item_inner *)item->user_data; item->user_data = NULL; if (NULL == u_para) { return -1; } HASH_DELETE(hh, ip_plugin_rt->item_hash, item); maat_garbage_bagging(ip_plugin_rt->ref_garbage_bin, u_para, (void (*)(void *))maat_item_inner_free); } else { //add HASH_FIND_INT(ip_plugin_rt->item_hash, &item_id, item); if (item) { log_error(ip_plus_rt->logger, MODULE_IP_PLUGIN, "ip_plugin runtime add item %d to item_hash failed, already exist", item_id); return -1; } ip_plugin_item = ip_plugin_item_new(line, schema, ip_plugin_rt->logger); if (NULL == ip_plugin_item) { log_error(ip_plugin_rt->logger, MODULE_IP_PLUGIN, "ip_plugin line:%s to item failed", line); return -1; } u_para = maat_item_inner_new(ip_plugin_item->group_id, item_id, 0); item = maat_item_new(item_id, group_id, u_para); HASH_ADD_INT(ip_plugin_rt->item_hash, item_id, item); } char *key = (char *)&item_id; int ret = ip_plugin_runtime_update_row(ip_plugin_rt, schema, row, key, sizeof(int), ip_plugin_item, is_valid); if (ret < 0) { if (ip_plugin_item != NULL) { ip_plugin_item_free(ip_plugin_item); ip_plugin_item = NULL; } return -1; } else { if (0 == is_valid) { ip_plugin_rt->rule_num--; } else { ip_plugin_rt->rule_num++; } } return 0; } void ip_plugin_item_to_ip_rule(struct ip_plugin_item *item, struct ip_rule *rule) { if (4 == item->ip_type) { rule->type = IPv4; ip_format2range(item->ip_type, IP_FORMAT_RANGE, item->start_ip, item->end_ip, &(rule->ipv4_rule.start_ip), &(rule->ipv4_rule.end_ip)); } else { rule->type = IPv6; ip_format2range(item->ip_type, IP_FORMAT_RANGE, item->start_ip, item->end_ip, &(rule->ipv6_rule.start_ip), &(rule->ipv6_rule.end_ip)); } rule->rule_id = item->item_id; rule->user_tag = NULL; } int ip_plugin_runtime_commit(void *ip_plugin_runtime) { if (NULL == ip_plugin_runtime) { return -1; } int ret = 0; struct ex_data_container **ex_container = NULL; struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; struct ex_data_runtime *ex_data_rt = ip_plugin_rt->ex_data_rt; size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt, &ex_container); if (0 == rule_cnt) { FREE(ex_container); return 0; } struct ip_rule *rules = ALLOC(struct ip_rule, rule_cnt); for (size_t i = 0; i < rule_cnt; i++) { struct ip_plugin_item *item = (struct ip_plugin_item *)ex_container[i]->custom_data; ip_plugin_item_to_ip_rule(item, &rules[i]); } struct ip_matcher *new_ip_matcher = NULL; struct ip_matcher *old_ip_matcher = NULL; size_t mem_used = 0; if (rule_cnt > 0) { log_info(ip_plugin_rt->logger, MODULE_TABLE_RUNTIME, "committing %zu ip_plugin rules for rebuilding ip_matcher engine", rule_cnt); new_ip_matcher = ip_matcher_new(rules, rule_cnt, &mem_used); if (NULL == new_ip_matcher) { log_error(ip_plugin_rt->logger, MODULE_TABLE_RUNTIME, "rebuild ip_matcher engine failed when update %zu ip_plugin rules", rule_cnt); ret = -1; } } old_ip_matcher = ip_plugin_rt->ip_matcher; ip_plugin_rt->ip_matcher = new_ip_matcher; maat_garbage_bagging(ip_plugin_rt->ref_garbage_bin, old_ip_matcher, (void (*)(void*))ip_matcher_free); ex_data_runtime_commit(ex_data_rt); ip_plugin_rt->rule_num = ex_data_runtime_ex_container_count(ex_data_rt); FREE(rules); FREE(ex_container); return ret; } int ip_plugin_runtime_updating_flag(struct ip_plugin_runtime *ip_plugin_rt) { return ex_data_runtime_updating_flag(ip_plugin_rt->ex_data_rt); } struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime) { if (NULL == ip_plugin_runtime) { return NULL; } struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; return ip_plugin_rt->ex_data_rt; }