692 lines
22 KiB
C
692 lines
22 KiB
C
/*
|
|
**********************************************************************************************
|
|
* File: maat_ipport_plugin.c
|
|
* Description:
|
|
* Authors: Liu wentan <liuwentan@geedgenetworks.com>
|
|
* Date: 2022-10-31
|
|
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
|
|
***********************************************************************************************
|
|
*/
|
|
|
|
#include <assert.h>
|
|
|
|
#include "alignment.h"
|
|
#include "log/log.h"
|
|
#include "maat_utils.h"
|
|
#include "uthash/utarray.h"
|
|
#include "maat_ipport_plugin.h"
|
|
#include "ipport_matcher.h"
|
|
#include "interval_matcher.h"
|
|
#include "maat_core.h"
|
|
#include "maat_garbage_collection.h"
|
|
|
|
#define MODULE_IPPORT_PLUGIN module_name_str("maat.ipport_plugin")
|
|
|
|
struct ipport_plugin_schema {
|
|
int gc_timeout_s;
|
|
int table_id;
|
|
char key_name[MAX_NAME_STR_LEN];
|
|
struct ex_container_schema container_schema;
|
|
struct table_manager *ref_tbl_mgr;
|
|
struct log_handle *logger;
|
|
};
|
|
|
|
struct ipv4_item {
|
|
uint32_t min_ip;
|
|
uint32_t max_ip;
|
|
};
|
|
|
|
struct ipv6_item {
|
|
uint32_t min_ip[4];
|
|
uint32_t max_ip[4];
|
|
};
|
|
|
|
struct ipport_item {
|
|
uuid_t item_uuid;
|
|
int ip_type; //IPV4 or IPV6
|
|
union {
|
|
struct ipv4_item ipv4;
|
|
struct ipv6_item ipv6;
|
|
};
|
|
uint16_t min_port;
|
|
uint16_t max_port;
|
|
};
|
|
|
|
struct ipport_plugin_runtime {
|
|
struct ipport_matcher *matcher;
|
|
struct ex_data_runtime *ex_data_rt;
|
|
size_t n_worker_thread;
|
|
struct maat_garbage_bin *ref_garbage_bin;
|
|
struct log_handle *logger;
|
|
|
|
long long rule_num;
|
|
long long update_err_cnt;
|
|
long long *scan_times;
|
|
};
|
|
|
|
void *ipport_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
|
|
const char *table_name, struct log_handle *logger)
|
|
{
|
|
struct ipport_plugin_schema *schema = ALLOC(struct ipport_plugin_schema, 1);
|
|
schema->logger = logger;
|
|
|
|
cJSON *custom_item = NULL;
|
|
cJSON *item = cJSON_GetObjectItem(json, "table_id");
|
|
if (item != NULL && item->type == cJSON_Number) {
|
|
schema->table_id = item->valueint;
|
|
} else {
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport_plugin table:<%s> schema has no"
|
|
" table_id column", __FUNCTION__, __LINE__,
|
|
table_name);
|
|
goto error;
|
|
}
|
|
|
|
item = cJSON_GetObjectItem(json, "custom");
|
|
if (NULL == item || item->type != cJSON_Object) {
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport_plugin table:<%s> schema has no"
|
|
" custom column", __FUNCTION__, __LINE__,
|
|
table_name);
|
|
goto error;
|
|
}
|
|
|
|
custom_item = cJSON_GetObjectItem(item, "key_name");
|
|
if (custom_item != NULL && custom_item->type == cJSON_String) {
|
|
strncpy(schema->key_name, custom_item->valuestring, sizeof(schema->key_name) - 1);
|
|
} else {
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport_plugin table:<%s> schema has no"
|
|
" item_id column", __FUNCTION__, __LINE__,
|
|
table_name);
|
|
goto error;
|
|
}
|
|
|
|
//gc_timeout_s is optional
|
|
custom_item = cJSON_GetObjectItem(item, "gc_timeout_s");
|
|
if (custom_item != NULL && custom_item->type == cJSON_Number) {
|
|
schema->gc_timeout_s = custom_item->valueint;
|
|
}
|
|
|
|
schema->ref_tbl_mgr = tbl_mgr;
|
|
|
|
return schema;
|
|
error:
|
|
FREE(schema);
|
|
return NULL;
|
|
}
|
|
|
|
void ipport_plugin_schema_free(void *ipport_plugin_schema)
|
|
{
|
|
if (NULL == ipport_plugin_schema) {
|
|
return;
|
|
}
|
|
|
|
FREE(ipport_plugin_schema);
|
|
}
|
|
|
|
int ipport_plugin_table_set_ex_container_schema(void *ipport_plugin_schema, int table_id,
|
|
maat_ex_new_func_t *new_func,
|
|
maat_ex_free_func_t *free_func,
|
|
maat_ex_dup_func_t *dup_func,
|
|
void (*custom_data_free)(void *),
|
|
long argl, void *argp)
|
|
{
|
|
struct ipport_plugin_schema *schema =
|
|
(struct ipport_plugin_schema *)ipport_plugin_schema;
|
|
|
|
if (1 == schema->container_schema.set_flag) {
|
|
log_fatal(schema->logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport_plugin table(table_id:%d) ex_container_schema has been set"
|
|
", can't set again", __FUNCTION__, __LINE__, table_id);
|
|
return -1;
|
|
}
|
|
|
|
schema->container_schema.table_id = table_id;
|
|
schema->container_schema.table_name = (char*)table_manager_get_table_name(schema->ref_tbl_mgr, table_id);
|
|
schema->container_schema.custom_data_free = custom_data_free;
|
|
schema->container_schema.ex_schema.new_func = new_func;
|
|
schema->container_schema.ex_schema.free_func = free_func;
|
|
schema->container_schema.ex_schema.dup_func = dup_func;
|
|
schema->container_schema.ex_schema.argl = argl;
|
|
schema->container_schema.ex_schema.argp = argp;
|
|
schema->container_schema.set_flag = 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
struct ex_container_schema *
|
|
ipport_plugin_table_get_ex_container_schema(void *ipport_plugin_schema)
|
|
{
|
|
struct ipport_plugin_schema *schema =
|
|
(struct ipport_plugin_schema *)ipport_plugin_schema;
|
|
|
|
return &(schema->container_schema);
|
|
}
|
|
|
|
void *ipport_plugin_runtime_new(void *ipport_plugin_schema,
|
|
size_t max_thread_num,
|
|
struct maat_garbage_bin *garbage_bin,
|
|
struct log_handle *logger)
|
|
{
|
|
if (NULL == ipport_plugin_schema) {
|
|
return NULL;
|
|
}
|
|
|
|
struct ipport_plugin_schema *schema =
|
|
(struct ipport_plugin_schema *)ipport_plugin_schema;
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
ALLOC(struct ipport_plugin_runtime, 1);
|
|
|
|
ipport_plugin_rt->ex_data_rt =
|
|
ex_data_runtime_new(schema->table_id, schema->gc_timeout_s, logger);
|
|
|
|
if (1 == schema->container_schema.set_flag) {
|
|
ex_data_runtime_set_ex_container_schema(ipport_plugin_rt->ex_data_rt,
|
|
&(schema->container_schema));
|
|
}
|
|
|
|
ipport_plugin_rt->n_worker_thread = max_thread_num;
|
|
ipport_plugin_rt->ref_garbage_bin = garbage_bin;
|
|
ipport_plugin_rt->logger = logger;
|
|
ipport_plugin_rt->scan_times = alignment_int64_array_alloc(max_thread_num);
|
|
|
|
return ipport_plugin_rt;
|
|
}
|
|
|
|
void ipport_plugin_runtime_free(void *ipport_plugin_runtime)
|
|
{
|
|
if (NULL == ipport_plugin_runtime) {
|
|
return;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
if (ipport_plugin_rt->matcher != NULL) {
|
|
ipport_matcher_free(ipport_plugin_rt->matcher);
|
|
ipport_plugin_rt->matcher = NULL;
|
|
}
|
|
|
|
if (ipport_plugin_rt->ex_data_rt != NULL) {
|
|
ex_data_runtime_free(ipport_plugin_rt->ex_data_rt);
|
|
ipport_plugin_rt->ex_data_rt = NULL;
|
|
}
|
|
|
|
if (ipport_plugin_rt->scan_times != NULL) {
|
|
alignment_int64_array_free(ipport_plugin_rt->scan_times);
|
|
ipport_plugin_rt->scan_times = NULL;
|
|
}
|
|
|
|
FREE(ipport_plugin_rt);
|
|
}
|
|
|
|
static struct ipport_item *
|
|
ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name,
|
|
const cJSON *json, struct log_handle *logger)
|
|
{
|
|
char ip_str[128] = {0};
|
|
struct ipport_item *ipport_item = ALLOC(struct ipport_item, 1);
|
|
cJSON *tmp_obj = NULL;
|
|
int ret = 0;
|
|
|
|
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
|
|
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
|
|
char *json_str = cJSON_Print(json);
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport table:<%s> has no key or invalid format, line:%s",
|
|
__FUNCTION__, __LINE__, table_name, json_str);
|
|
FREE(json_str);
|
|
goto error;
|
|
}
|
|
uuid_parse(tmp_obj->valuestring, ipport_item->item_uuid);
|
|
|
|
tmp_obj = cJSON_GetObjectItem(json, "ip");
|
|
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
|
|
char *json_str = cJSON_Print(json);
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport table:<%s> has no ip or invalid format in line:%s",
|
|
__FUNCTION__, __LINE__, table_name, json_str);
|
|
FREE(json_str);
|
|
goto error;
|
|
}
|
|
strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring));
|
|
|
|
if (strchr(ip_str, ':') != NULL) {
|
|
ipport_item->ip_type = IPV6;
|
|
} else {
|
|
ipport_item->ip_type = IPV4;
|
|
}
|
|
|
|
if (IPV4 == ipport_item->ip_type) {
|
|
ret = ip_format2range(ip_str, ipport_item->ip_type, &ipport_item->ipv4.min_ip, &ipport_item->ipv4.max_ip);
|
|
if (ret < 0) {
|
|
char *json_str = cJSON_Print(json);
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s",
|
|
__FUNCTION__, __LINE__, table_name, json_str);
|
|
FREE(json_str);
|
|
goto error;
|
|
}
|
|
} else {
|
|
//ipv6
|
|
ret = ip_format2range(ip_str, ipport_item->ip_type, ipport_item->ipv6.min_ip, ipport_item->ipv6.max_ip);
|
|
if (ret < 0) {
|
|
char *json_str = cJSON_Print(json);
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s",
|
|
__FUNCTION__, __LINE__, table_name, json_str);
|
|
FREE(json_str);
|
|
goto error;
|
|
}
|
|
}
|
|
|
|
tmp_obj = cJSON_GetObjectItem(json, "port");
|
|
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
|
|
char *json_str = cJSON_Print(json);
|
|
log_fatal(logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport table:<%s> has no port or invalid format in line:%s",
|
|
__FUNCTION__, __LINE__, table_name, json_str);
|
|
FREE(json_str);
|
|
goto error;
|
|
}
|
|
|
|
char port_range[20] = {0};
|
|
memcpy(port_range, tmp_obj->valuestring, strlen(tmp_obj->valuestring));
|
|
|
|
//port range is port or port_start-port_end
|
|
if(strchr(port_range,'-')!=NULL){
|
|
char *saveptr = NULL;
|
|
char *port_start = strtok_r(port_range,"-", &saveptr);
|
|
char *port_end = strtok_r(NULL,"-", &saveptr);
|
|
ipport_item->min_port = atoi(port_start);
|
|
ipport_item->max_port = atoi(port_end);
|
|
} else {
|
|
ipport_item->min_port = atoi(port_range);
|
|
ipport_item->max_port = atoi(port_range);
|
|
}
|
|
|
|
return ipport_item;
|
|
error:
|
|
FREE(ipport_item);
|
|
return NULL;
|
|
}
|
|
|
|
void ipport_item_free(void *ipport_item)
|
|
{
|
|
if (NULL == ipport_item) {
|
|
return;
|
|
}
|
|
|
|
FREE(ipport_item);
|
|
}
|
|
|
|
static int
|
|
ipport_plugin_runtime_update_row(struct ipport_plugin_runtime *ipport_plugin_rt,
|
|
const char *table_name, const char *row,
|
|
const char *key, size_t key_len,
|
|
struct ipport_item *ipport_item, enum maat_operation op)
|
|
{
|
|
int ret = -1;
|
|
struct ex_data_runtime *ex_data_rt = ipport_plugin_rt->ex_data_rt;
|
|
if (NULL == ex_data_rt) {
|
|
return -1;
|
|
}
|
|
|
|
if (MAAT_OP_DEL == op) {
|
|
// delete
|
|
ret = ex_data_runtime_del_ex_container(ex_data_rt, key, key_len);
|
|
if (ret < 0) {
|
|
return -1;
|
|
}
|
|
} else {
|
|
// add
|
|
void *ex_data = ex_data_runtime_row2ex_data(ex_data_rt, table_name,
|
|
row, key, key_len);
|
|
|
|
struct ex_container *ex_container = ex_container_new(ex_data,
|
|
(void *)ipport_item);
|
|
|
|
ret = ex_data_runtime_add_ex_container(ex_data_rt, key, key_len,
|
|
ex_container);
|
|
if (ret < 0) {
|
|
log_debug(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d]ipport_plugin table:<%s> add key failed, "
|
|
"key:%s", __FUNCTION__, __LINE__, table_name, key);
|
|
ex_container_free(ex_data_rt, ex_container);
|
|
//don't return failed, ignore the case of adding duplicate keys
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ipport_plugin_runtime_update(void *ipport_plugin_runtime,
|
|
void *ipport_plugin_schema,
|
|
const char *table_name,
|
|
const char *line, enum maat_operation op)
|
|
{
|
|
if (NULL == ipport_plugin_runtime || NULL == ipport_plugin_schema ||
|
|
NULL == line) {
|
|
return -1;
|
|
}
|
|
|
|
struct ipport_item *ipport_item = NULL;
|
|
struct ipport_plugin_schema *schema =
|
|
(struct ipport_plugin_schema *)ipport_plugin_schema;
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
int ret = 0;
|
|
cJSON *tmp_obj = NULL;
|
|
cJSON *json = cJSON_Parse(line);
|
|
|
|
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
|
|
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
|
|
log_fatal(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d]ipport_plugin table:<%s> has no key or invalid format, line:%s",
|
|
__FUNCTION__, __LINE__, table_name, line);
|
|
ipport_plugin_rt->update_err_cnt++;
|
|
goto ERROR;
|
|
}
|
|
|
|
if (1 == schema->container_schema.set_flag) {
|
|
if (MAAT_OP_ADD == op) {
|
|
// add
|
|
ipport_item = ipport_item_new(schema, table_name, json,
|
|
ipport_plugin_rt->logger);
|
|
if (NULL == ipport_item) {
|
|
ipport_plugin_rt->update_err_cnt++;
|
|
goto ERROR;
|
|
}
|
|
}
|
|
|
|
const char *key = tmp_obj->valuestring;
|
|
size_t key_len = strlen(key);
|
|
ret = ipport_plugin_runtime_update_row(ipport_plugin_rt, table_name,
|
|
line, key, key_len, ipport_item,
|
|
op);
|
|
if (ret < 0) {
|
|
log_fatal(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d]ipport_plugin table:<%s> update one line failed, "
|
|
"line:%s", __FUNCTION__, __LINE__, table_name, line);
|
|
ipport_plugin_rt->update_err_cnt++;
|
|
goto ERROR;
|
|
}
|
|
|
|
log_debug(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN,
|
|
"ipport_plugin table:<%s> update one line, key:%s, key_len:%zu,"
|
|
" maat_op:%d", table_name, key, key_len, op);
|
|
} else {
|
|
//ex_schema not set
|
|
ex_data_runtime_cache_row_put(ipport_plugin_rt->ex_data_rt, line, op);
|
|
ipport_plugin_rt->rule_num =
|
|
ex_data_runtime_cached_row_count(ipport_plugin_rt->ex_data_rt);
|
|
}
|
|
|
|
cJSON_Delete(json);
|
|
|
|
return 0;
|
|
|
|
ERROR:
|
|
if (NULL != ipport_item) {
|
|
ipport_item_free(ipport_item);
|
|
}
|
|
if (NULL != json) {
|
|
cJSON_Delete(json);
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
static void
|
|
ipport_item_to_ipport_rule(struct ipport_item *item, struct ipport_rule *rule)
|
|
{
|
|
if (IPV4 == item->ip_type) {
|
|
rule->ip_type= IPV4;
|
|
rule->ipv4.start_ip = item->ipv4.min_ip;
|
|
rule->ipv4.end_ip = item->ipv4.max_ip;
|
|
rule->min_port = item->min_port;
|
|
rule->max_port = item->max_port;
|
|
} else {
|
|
rule->ip_type = IPV6;
|
|
memcpy(rule->ipv6.start_ip, item->ipv6.min_ip, sizeof(item->ipv6.min_ip));
|
|
memcpy(rule->ipv6.end_ip, item->ipv6.max_ip, sizeof(item->ipv6.max_ip));
|
|
rule->min_port = item->min_port;
|
|
rule->max_port = item->max_port;
|
|
}
|
|
uuid_copy(rule->rule_uuid, item->item_uuid);
|
|
}
|
|
|
|
static void
|
|
garbage_ipport_matcher_free(void *ipport_matcher, void *arg)
|
|
{
|
|
struct ipport_matcher *matcher =
|
|
(struct ipport_matcher *)ipport_matcher;
|
|
|
|
ipport_matcher_free(matcher);
|
|
}
|
|
|
|
int ipport_plugin_runtime_commit(void *ipport_plugin_runtime,
|
|
const char *table_name,
|
|
long long maat_rt_version)
|
|
{
|
|
if (NULL == ipport_plugin_runtime) {
|
|
return -1;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
struct ex_data_runtime *ex_data_rt = ipport_plugin_rt->ex_data_rt;
|
|
if (NULL == ex_data_rt) {
|
|
return -1;
|
|
}
|
|
|
|
int updating_flag = ex_data_runtime_is_updating(ex_data_rt);
|
|
if (0 == updating_flag) {
|
|
return 0;
|
|
}
|
|
|
|
struct ipport_rule *rules = NULL;
|
|
struct ex_container **ex_container = NULL;
|
|
size_t rule_cnt = ex_data_runtime_list_updating_ex_container(ex_data_rt,
|
|
&ex_container);
|
|
if (rule_cnt > 0) {
|
|
rules = ALLOC(struct ipport_rule, rule_cnt);
|
|
for (size_t i = 0; i < rule_cnt; i++) {
|
|
struct ipport_item *item =
|
|
(struct ipport_item *)ex_container[i]->custom_data;
|
|
|
|
ipport_item_to_ipport_rule(item, &rules[i]);
|
|
rules[i].user_tag = ex_container[i];
|
|
}
|
|
}
|
|
|
|
int ret = 0;
|
|
struct ipport_matcher *new_matcher = NULL;
|
|
struct ipport_matcher *old_matcher = NULL;
|
|
|
|
if (rule_cnt > 0) {
|
|
struct timespec start, end;
|
|
clock_gettime(CLOCK_MONOTONIC, &start);
|
|
new_matcher = ipport_matcher_new(rules, rule_cnt);
|
|
clock_gettime(CLOCK_MONOTONIC, &end);
|
|
long long time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 +
|
|
(end.tv_nsec - start.tv_nsec) / 1000000;
|
|
if (NULL == new_matcher) {
|
|
log_fatal(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN,
|
|
"[%s:%d] ipport_plugin table[%s] rebuild ipport_matcher"
|
|
" failed when update %zu rules", __FUNCTION__, __LINE__,
|
|
table_name, rule_cnt);
|
|
ret = -1;
|
|
} else {
|
|
log_info(ipport_plugin_rt->logger, MODULE_IPPORT_PLUGIN,
|
|
"table[%s] commit %zu ipport_plugin rules and rebuild"
|
|
" ipport_matcher completed, version:%lld, consume:%lldms",
|
|
table_name, rule_cnt, maat_rt_version, time_elapse_ms);
|
|
}
|
|
}
|
|
|
|
old_matcher = ipport_plugin_rt->matcher;
|
|
ipport_plugin_rt->matcher = new_matcher;
|
|
ex_data_runtime_commit(ex_data_rt);
|
|
|
|
if (old_matcher != NULL) {
|
|
maat_garbage_bagging(ipport_plugin_rt->ref_garbage_bin, old_matcher,
|
|
NULL, garbage_ipport_matcher_free);
|
|
}
|
|
|
|
ipport_plugin_rt->rule_num = rule_cnt;
|
|
|
|
if (rules != NULL) {
|
|
FREE(rules);
|
|
}
|
|
|
|
if (ex_container != NULL) {
|
|
FREE(ex_container);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
long long ipport_plugin_runtime_rule_count(void *ipport_plugin_runtime)
|
|
{
|
|
if (NULL == ipport_plugin_runtime) {
|
|
return 0;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
return ipport_plugin_rt->rule_num;
|
|
}
|
|
|
|
struct ex_data_runtime *
|
|
ipport_plugin_runtime_get_ex_data_rt(void *ipport_plugin_runtime)
|
|
{
|
|
if (NULL == ipport_plugin_runtime) {
|
|
return NULL;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
return ipport_plugin_rt->ex_data_rt;
|
|
}
|
|
|
|
static int validate_port(struct ipport_item *item, uint16_t port)
|
|
{
|
|
if (NULL == item) {
|
|
return -1;
|
|
}
|
|
|
|
uint16_t host_port = ntohs(port);
|
|
|
|
if (item->min_port > host_port || item->max_port < host_port) {
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ipport_plugin_runtime_get_ex_data(void *ipport_plugin_runtime,
|
|
const struct ip_addr *ip_addr,
|
|
uint16_t port, void **ex_data_array,
|
|
size_t n_ex_data)
|
|
{
|
|
if (NULL == ipport_plugin_runtime || NULL == ip_addr ||
|
|
NULL == ex_data_array || 0 == n_ex_data) {
|
|
return -1;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
if (0 == ipport_plugin_rt->rule_num) {
|
|
return 0;
|
|
}
|
|
|
|
if (NULL == ipport_plugin_rt->matcher) {
|
|
return 0;
|
|
}
|
|
|
|
struct ipport_result results[n_ex_data];
|
|
struct ip_addr ip_data;
|
|
if (ip_addr->ip_type == IPV4) {
|
|
ip_data.ip_type = IPV4;
|
|
ip_data.ipv4 = ntohl(ip_addr->ipv4);
|
|
} else {
|
|
ip_data.ip_type = IPV6;
|
|
memcpy(ip_data.ipv6, ip_addr->ipv6, sizeof(ip_data.ipv6));
|
|
ipv6_ntoh(ip_data.ipv6);
|
|
}
|
|
|
|
int n_hit_item = ipport_matcher_match(ipport_plugin_rt->matcher, &ip_data,
|
|
port, results, n_ex_data);
|
|
if (n_hit_item <= 0) {
|
|
return n_hit_item;
|
|
}
|
|
|
|
size_t hit_result_cnt = 0;
|
|
for (size_t i = 0; i < n_hit_item; i++) {
|
|
struct ex_container *ex_container = results[i].tag;
|
|
struct ipport_item *item = (struct ipport_item *)ex_container->custom_data;
|
|
|
|
int ret = validate_port(item, port);
|
|
if (ret < 0) {
|
|
continue;
|
|
}
|
|
|
|
ex_data_array[hit_result_cnt++] =
|
|
ex_data_runtime_get_ex_data_by_container(ipport_plugin_rt->ex_data_rt,
|
|
ex_container);
|
|
}
|
|
|
|
return hit_result_cnt;
|
|
}
|
|
|
|
long long ipport_plugin_runtime_update_err_count(void *ipport_plugin_runtime)
|
|
{
|
|
if (NULL == ipport_plugin_runtime) {
|
|
return 0;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
return ipport_plugin_rt->update_err_cnt;
|
|
}
|
|
|
|
void ipport_plugin_runtime_scan_times_inc(void *ipport_plugin_runtime,
|
|
int thread_id)
|
|
{
|
|
if (NULL == ipport_plugin_runtime || thread_id < 0) {
|
|
return;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
alignment_int64_array_add(ipport_plugin_rt->scan_times, thread_id, 1);
|
|
}
|
|
|
|
long long ipport_plugin_runtime_scan_times(void *ipport_plugin_runtime)
|
|
{
|
|
if (NULL == ipport_plugin_runtime) {
|
|
return 0;
|
|
}
|
|
|
|
struct ipport_plugin_runtime *ipport_plugin_rt =
|
|
(struct ipport_plugin_runtime *)ipport_plugin_runtime;
|
|
|
|
long long sum = alignment_int64_array_sum(ipport_plugin_rt->scan_times,
|
|
ipport_plugin_rt->n_worker_thread);
|
|
|
|
alignment_int64_array_reset(ipport_plugin_rt->scan_times,
|
|
ipport_plugin_rt->n_worker_thread);
|
|
|
|
return sum;
|
|
} |