#ifndef H_MAAT_COMMAND_H_INCLUDE #define H_MAAT_COMMAND_H_INCLUDE #ifdef __cplusplus extern "C"{ #endif #include "Maat_rule.h" enum MAAT_OPERATION { MAAT_OP_DEL=0, MAAT_OP_ADD, MAAT_OP_RENEW_TIMEOUT //Rule expire time is changed to now+cmd->expire_after }; enum MAAT_GROUP_RELATION { PARENT_TYPE_COMPILE=0, PARENT_TYPE_GROUP }; enum MAAT_REGION_TYPE { REGION_EXPR, REGION_IP, REGION_IP_PLUS, REGION_INTERVAL, REGION_DIGEST, REGION_SIMILARITY }; enum MAAT_EXPR_TYPE { EXPR_TYPE_STRING=0, EXPR_TYPE_AND, EXPR_TYPE_REGEX, EXPR_TYPE_OFFSET }; enum MAAT_MATCH_METHOD { MATCH_METHOD_SUB=0, MATCH_METHOD_RIGHT, MATCH_METHOD_LEFT, MATCH_METHOD_COMPLETE }; enum MAAT_CASE_TYPE { UNCASE_PLAIN=0, CASE_HEXBIN, CASE_PLAIN }; enum MAAT_ADDR_TYPE { ADDR_TYPE_IPv4=4, ADDR_TYPE_IPv6=6 }; enum MAAT_ADDR_DIRECTION { ADDR_DIR_DOUBLE=0, ADDR_DIR_SINGLE=1 }; struct Maat_rgn_str_t { const char *keywords; const char *district;// optional for expr_plus, otherwise set to NULL. enum MAAT_EXPR_TYPE expr_type; enum MAAT_MATCH_METHOD match_method; enum MAAT_CASE_TYPE hex_bin; }; struct Maat_rgn_ip_t { enum MAAT_ADDR_TYPE addr_type; const char* src_ip; const char* mask_src_ip; const char* dst_ip; const char* mask_dst_ip; unsigned short src_port; unsigned short mask_src_port; unsigned short dst_port; unsigned short mask_dst_port; unsigned short protocol; enum MAAT_ADDR_DIRECTION direction; }; struct Maat_rgn_ip_plus_t { enum MAAT_ADDR_TYPE addr_type; const char* saddr_format;//mask, range or CIDR const char* src_ip1; const char* src_ip2; const char* sport_format;//mask or range unsigned short src_port1; unsigned short src_port2; const char* daddr_format;//mask, range or CIDR const char* dst_ip1; const char* dst_ip2; const char* dport_format;//mask or range unsigned short dst_port1; unsigned short dst_port2; unsigned short protocol; enum MAAT_ADDR_DIRECTION direction; }; struct Maat_rgn_intv_t { const char *district;// optional for expr_plus, otherwise set to NULL. unsigned int low_boundary; unsigned int up_boundary; }; struct Maat_rgn_digest_t { unsigned long long orgin_len; const char* digest_string; short confidence_degree; }; struct Maat_rgn_sim_t { char* target; short threshold;// 1~100 }; struct Maat_region_t { const char* table_name; int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number. enum MAAT_REGION_TYPE region_type; union { struct Maat_rgn_str_t expr_rule; struct Maat_rgn_ip_t ip_rule; struct Maat_rgn_intv_t interval_rule; struct Maat_rgn_digest_t digest_rule; struct Maat_rgn_sim_t similarity_rule; }; }; struct Maat_cmd_region { const char* table_name; int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number. enum MAAT_REGION_TYPE region_type; union { struct Maat_rgn_str_t expr_rule; struct Maat_rgn_ip_t ip_rule; struct Maat_rgn_ip_plus_t ip_plus_rule; struct Maat_rgn_intv_t interval_rule; struct Maat_rgn_digest_t digest_rule; struct Maat_rgn_sim_t similarity_rule; }; }; struct Maat_cmd_line { const char* table_name; const char* table_line; int rule_id; // for MAAT_OP_DEL, only rule_id and table_name are necessary. int label_id; int expire_after; //expired after $timeout$ seconds, set to 0 for never timeout. }; //Input string of REGION_EXPR and REGION_SIMILARITY need to be escapeed. char* Maat_str_escape(char* dst,int size,const char*src); //Returns number of successfully updated rule. //Return -1 for failed. int Maat_cmd_set_line(Maat_feather_t feather,const struct Maat_cmd_line* line_rule, enum MAAT_OPERATION op); int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_cmd_line** line_rule, int line_num ,enum MAAT_OPERATION op); int Maat_cmd_set_file(Maat_feather_t feather,const char* key, const char* value, size_t size, enum MAAT_OPERATION op); //Return the value of key after the increment. //If the key does not exist, it is set to 0 before performing the operation. long long Maat_cmd_incrby(Maat_feather_t feather,const char* key, int increment); struct Maat_cmd_key { char* table_name; int rule_id; }; void Maat_cmd_key_free(struct Maat_cmd_key**keys, int number); int Maat_cmd_key_select(Maat_feather_t feather, int label_id, struct Maat_cmd_key** keys); int Maat_cmd_select(Maat_feather_t feather, int label_id, int * output_ids, unsigned int size); int Maat_cmd_flushDB(Maat_feather_t feather); struct Maat_cmd_group2group { const char* table_name; int group_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must assign a unique number. int superior_group_id; }; struct Maat_cmd_group2compile { const char* table_name; const char* virtual_table_name; int group_id; int compile_id; int clause_index; int not_flag; }; int Maat_command_raw_set_region(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_region* region, int group_id); int Maat_command_raw_set_group2group(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_group2group* g2g); int Maat_command_raw_set_group2compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_group2compile* g2c); //@param expire_after: expired after $expire_after$ seconds, set to 0 for never timeout. //@param label_id: bigger than 0 means this compile rule is to be indexed and quried by Maat_cmd_select; =0 not index int Maat_command_raw_set_compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int clause_num, int label_id, int expire_after); struct Maat_command_batch; struct Maat_command_batch* Maat_command_batch_new(Maat_feather_t feather); int Maat_command_batch_set_region(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_region* region, int group_id); int Maat_command_batch_set_group2group(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_group2group* g2g); int Maat_command_batch_set_group2compile(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_group2compile* g2c); int Maat_command_batch_set_compile(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int clause_num, int label_id, int expire_after); int Maat_command_batch_commit(struct Maat_command_batch* batch); int Maat_command_get_new_group_id(Maat_feather_t feather); int Maat_command_get_new_region_id(Maat_feather_t feather); #ifdef __cplusplus } //end extern"C" #endif #endif