222 lines
6.5 KiB
C
222 lines
6.5 KiB
C
#ifndef H_MAAT_COMMAND_H_INCLUDE
|
|
#define H_MAAT_COMMAND_H_INCLUDE
|
|
#ifdef __cplusplus
|
|
extern "C"{
|
|
#endif
|
|
#include "Maat_rule.h"
|
|
enum MAAT_OPERATION
|
|
{
|
|
MAAT_OP_DEL=0,
|
|
MAAT_OP_ADD,
|
|
MAAT_OP_RENEW_TIMEOUT //Rule expire time is changed to now+cmd->expire_after
|
|
};
|
|
enum MAAT_GROUP_RELATION
|
|
{
|
|
PARENT_TYPE_COMPILE=0,
|
|
PARENT_TYPE_GROUP
|
|
};
|
|
enum MAAT_REGION_TYPE
|
|
{
|
|
REGION_EXPR,
|
|
REGION_IP,
|
|
REGION_IP_PLUS,
|
|
REGION_INTERVAL,
|
|
REGION_DIGEST,
|
|
REGION_SIMILARITY
|
|
};
|
|
enum MAAT_EXPR_TYPE
|
|
{
|
|
EXPR_TYPE_STRING=0,
|
|
EXPR_TYPE_AND,
|
|
EXPR_TYPE_REGEX,
|
|
EXPR_TYPE_OFFSET
|
|
};
|
|
enum MAAT_MATCH_METHOD
|
|
{
|
|
MATCH_METHOD_SUB=0,
|
|
MATCH_METHOD_RIGHT,
|
|
MATCH_METHOD_LEFT,
|
|
MATCH_METHOD_COMPLETE
|
|
};
|
|
|
|
enum MAAT_CASE_TYPE
|
|
{
|
|
UNCASE_PLAIN=0,
|
|
CASE_HEXBIN,
|
|
CASE_PLAIN
|
|
};
|
|
enum MAAT_ADDR_TYPE
|
|
{
|
|
ADDR_TYPE_IPv4=4,
|
|
ADDR_TYPE_IPv6=6
|
|
};
|
|
enum MAAT_ADDR_DIRECTION
|
|
{
|
|
ADDR_DIR_DOUBLE=0,
|
|
ADDR_DIR_SINGLE=1
|
|
};
|
|
struct Maat_rgn_str_t
|
|
{
|
|
const char *keywords;
|
|
const char *district;// optional for expr_plus, otherwise set to NULL.
|
|
enum MAAT_EXPR_TYPE expr_type;
|
|
enum MAAT_MATCH_METHOD match_method;
|
|
enum MAAT_CASE_TYPE hex_bin;
|
|
};
|
|
struct Maat_rgn_ip_t
|
|
{
|
|
enum MAAT_ADDR_TYPE addr_type;
|
|
const char* src_ip;
|
|
const char* mask_src_ip;
|
|
const char* dst_ip;
|
|
const char* mask_dst_ip;
|
|
unsigned short src_port;
|
|
unsigned short mask_src_port;
|
|
unsigned short dst_port;
|
|
unsigned short mask_dst_port;
|
|
unsigned short protocol;
|
|
enum MAAT_ADDR_DIRECTION direction;
|
|
};
|
|
struct Maat_rgn_ip_plus_t
|
|
{
|
|
enum MAAT_ADDR_TYPE addr_type;
|
|
|
|
const char* saddr_format;//mask, range or CIDR
|
|
const char* src_ip1;
|
|
const char* src_ip2;
|
|
const char* sport_format;//mask or range
|
|
unsigned short src_port1;
|
|
unsigned short src_port2;
|
|
|
|
const char* daddr_format;//mask, range or CIDR
|
|
const char* dst_ip1;
|
|
const char* dst_ip2;
|
|
const char* dport_format;//mask or range
|
|
unsigned short dst_port1;
|
|
unsigned short dst_port2;
|
|
|
|
unsigned short protocol;
|
|
enum MAAT_ADDR_DIRECTION direction;
|
|
};
|
|
struct Maat_rgn_intv_t
|
|
{
|
|
const char *district;// optional for expr_plus, otherwise set to NULL.
|
|
unsigned int low_boundary;
|
|
unsigned int up_boundary;
|
|
};
|
|
struct Maat_rgn_digest_t
|
|
{
|
|
unsigned long long orgin_len;
|
|
const char* digest_string;
|
|
short confidence_degree;
|
|
};
|
|
struct Maat_rgn_sim_t
|
|
{
|
|
char* target;
|
|
short threshold;// 1~100
|
|
};
|
|
struct Maat_region_t
|
|
{
|
|
const char* table_name;
|
|
int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number.
|
|
enum MAAT_REGION_TYPE region_type;
|
|
union
|
|
{
|
|
struct Maat_rgn_str_t expr_rule;
|
|
struct Maat_rgn_ip_t ip_rule;
|
|
struct Maat_rgn_intv_t interval_rule;
|
|
struct Maat_rgn_digest_t digest_rule;
|
|
struct Maat_rgn_sim_t similarity_rule;
|
|
};
|
|
};
|
|
struct Maat_cmd_region
|
|
{
|
|
const char* table_name;
|
|
int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number.
|
|
enum MAAT_REGION_TYPE region_type;
|
|
union
|
|
{
|
|
struct Maat_rgn_str_t expr_rule;
|
|
struct Maat_rgn_ip_t ip_rule;
|
|
struct Maat_rgn_ip_plus_t ip_plus_rule;
|
|
struct Maat_rgn_intv_t interval_rule;
|
|
struct Maat_rgn_digest_t digest_rule;
|
|
struct Maat_rgn_sim_t similarity_rule;
|
|
};
|
|
};
|
|
struct Maat_cmd_line
|
|
{
|
|
const char* table_name;
|
|
const char* table_line;
|
|
int rule_id; // for MAAT_OP_DEL, only rule_id and table_name are necessary.
|
|
int label_id;
|
|
int expire_after; //expired after $timeout$ seconds, set to 0 for never timeout.
|
|
};
|
|
|
|
//Input string of REGION_EXPR and REGION_SIMILARITY need to be escapeed.
|
|
char* Maat_str_escape(char* dst,int size,const char*src);
|
|
|
|
|
|
//Returns number of successfully updated rule.
|
|
//Return -1 for failed.
|
|
int Maat_cmd_set_line(Maat_feather_t feather,const struct Maat_cmd_line* line_rule, enum MAAT_OPERATION op);
|
|
int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_cmd_line** line_rule, int line_num ,enum MAAT_OPERATION op);
|
|
int Maat_cmd_set_file(Maat_feather_t feather,const char* key, const char* value, size_t size, enum MAAT_OPERATION op);
|
|
|
|
//Return the value of key after the increment.
|
|
//If the key does not exist, it is set to 0 before performing the operation.
|
|
long long Maat_cmd_incrby(Maat_feather_t feather,const char* key, int increment);
|
|
struct Maat_cmd_key
|
|
{
|
|
char* table_name;
|
|
int rule_id;
|
|
};
|
|
void Maat_cmd_key_free(struct Maat_cmd_key**keys, int number);
|
|
int Maat_cmd_key_select(Maat_feather_t feather, int label_id, struct Maat_cmd_key** keys);
|
|
int Maat_cmd_select(Maat_feather_t feather, int label_id, int * output_ids, unsigned int size);
|
|
int Maat_cmd_flushDB(Maat_feather_t feather);
|
|
|
|
struct Maat_cmd_group2group
|
|
{
|
|
const char* table_name;
|
|
int group_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must assign a unique number.
|
|
int superior_group_id;
|
|
};
|
|
struct Maat_cmd_group2compile
|
|
{
|
|
const char* table_name;
|
|
const char* virtual_table_name;
|
|
int group_id;
|
|
int compile_id;
|
|
int clause_index;
|
|
int not_flag;
|
|
};
|
|
|
|
int Maat_command_raw_set_region(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_region* region, int group_id);
|
|
int Maat_command_raw_set_group2group(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_group2group* g2g);
|
|
int Maat_command_raw_set_group2compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_group2compile* g2c);
|
|
|
|
//@param expire_after: expired after $expire_after$ seconds, set to 0 for never timeout.
|
|
//@param label_id: bigger than 0 means this compile rule is to be indexed and quried by Maat_cmd_select; =0 not index
|
|
int Maat_command_raw_set_compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int clause_num, int label_id, int expire_after);
|
|
|
|
struct Maat_command_batch;
|
|
struct Maat_command_batch* Maat_command_batch_new(Maat_feather_t feather);
|
|
|
|
int Maat_command_batch_set_region(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_region* region, int group_id);
|
|
int Maat_command_batch_set_group2group(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_group2group* g2g);
|
|
int Maat_command_batch_set_group2compile(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_group2compile* g2c);
|
|
int Maat_command_batch_set_compile(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int clause_num, int label_id, int expire_after);
|
|
int Maat_command_batch_commit(struct Maat_command_batch* batch);
|
|
|
|
int Maat_command_get_new_group_id(Maat_feather_t feather);
|
|
int Maat_command_get_new_region_id(Maat_feather_t feather);
|
|
|
|
#ifdef __cplusplus
|
|
} //end extern"C"
|
|
#endif
|
|
|
|
|
|
#endif
|
|
|