TSG-14484 Pxoxy支持Maat4
This commit is contained in:
fengweihao
@@ -28,8 +28,8 @@ void policy_table_ex_data_free(struct policy_table_ex_data * object)
|
||||
if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object);
|
||||
}
|
||||
|
||||
void policy_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to,
|
||||
MAAT_PLUGIN_EX_DATA * from, long argl, void * argp)
|
||||
void policy_table_ex_data_dup_cb(int table_id, void **to,
|
||||
void **from, long argl, void * argp)
|
||||
{
|
||||
struct policy_table_ex_data * ex_data = (struct policy_table_ex_data *)*from;
|
||||
if(ex_data==NULL)
|
||||
@@ -43,7 +43,7 @@ void policy_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to,
|
||||
}
|
||||
}
|
||||
|
||||
void policy_table_ex_data_free_cb(int table_id, MAAT_PLUGIN_EX_DATA * ad, long argl, void * argp)
|
||||
void policy_table_ex_data_free_cb(int table_id, void **ad, long argl, void * argp)
|
||||
{
|
||||
struct policy_table_ex_data * ex_data = (struct policy_table_ex_data *)*ad;
|
||||
if(ex_data)
|
||||
@@ -52,8 +52,8 @@ void policy_table_ex_data_free_cb(int table_id, MAAT_PLUGIN_EX_DATA * ad, long a
|
||||
}
|
||||
}
|
||||
|
||||
void policy_table_ex_data_new_cb(int table_id, const char * key, const char * table_line,
|
||||
MAAT_PLUGIN_EX_DATA * ad, long argl, void * argp)
|
||||
void policy_table_ex_data_new_cb(const char *table_name, int table_id, const char * key, const char * table_line,
|
||||
void **ad, long argl, void * argp)
|
||||
{
|
||||
struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp;
|
||||
assert(instance != nullptr && instance->logger != nullptr);
|
||||
@@ -68,7 +68,7 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta
|
||||
size_t user_region_offset;
|
||||
size_t user_region_len;
|
||||
|
||||
int result = Maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len);
|
||||
int result = maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len);
|
||||
if (unlikely(result < 0))
|
||||
{
|
||||
TFE_LOG_ERROR(instance->logger, "Failed at get policy table's user region.");
|
||||
@@ -158,8 +158,8 @@ void profile_table_ex_data_free(struct profile_table_ex_data * object)
|
||||
if ((__sync_sub_and_fetch(&object->atomic_refcnt, 1) == 0)) free(object);
|
||||
}
|
||||
|
||||
void profile_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to,
|
||||
MAAT_PLUGIN_EX_DATA * from, long argl, void * argp)
|
||||
void profile_table_ex_data_dup_cb(int table_id, void **to,
|
||||
void **from, long argl, void * argp)
|
||||
{
|
||||
struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)*from;
|
||||
if(ex_data)
|
||||
@@ -173,7 +173,7 @@ void profile_table_ex_data_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA * to,
|
||||
}
|
||||
}
|
||||
|
||||
void profile_table_ex_data_free_cb(int table_id, MAAT_PLUGIN_EX_DATA * ad, long argl, void * argp)
|
||||
void profile_table_ex_data_free_cb(int table_id, void **ad, long argl, void * argp)
|
||||
{
|
||||
struct profile_table_ex_data * ex_data = (struct profile_table_ex_data *)*ad;
|
||||
if(ex_data)
|
||||
@@ -182,8 +182,8 @@ void profile_table_ex_data_free_cb(int table_id, MAAT_PLUGIN_EX_DATA * ad, long
|
||||
}
|
||||
}
|
||||
|
||||
void profile_table_ex_data_new_cb(int table_id, const char * key, const char * table_line,
|
||||
MAAT_PLUGIN_EX_DATA * ad, long argl, void * argp)
|
||||
void profile_table_ex_data_new_cb(const char *table_name, int table_id, const char * key, const char * table_line,
|
||||
void **ad, long argl, void * argp)
|
||||
{
|
||||
struct traffic_mirror_instance * instance = (struct traffic_mirror_instance *) argp;
|
||||
assert(instance != nullptr && instance->logger != nullptr);
|
||||
@@ -197,7 +197,7 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
|
||||
size_t addr_list_offset;
|
||||
size_t addr_list_len;
|
||||
|
||||
int result = Maat_helper_read_column(table_line, 3, &addr_list_offset, &addr_list_len);
|
||||
int result = maat_helper_read_column(table_line, 3, &addr_list_offset, &addr_list_len);
|
||||
if (unlikely(result < 0))
|
||||
{
|
||||
TFE_LOG_ERROR(instance->logger, "Failed at get profile table's addrlist.");
|
||||
@@ -244,7 +244,7 @@ void profile_table_ex_data_new_cb(int table_id, const char * key, const char * t
|
||||
goto ignore;
|
||||
}
|
||||
|
||||
TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: vlan id[%d]: %d", key, iter, vlan_in_number);
|
||||
TFE_LOG_DEBUG(instance->logger, "traffic mirror profile %s: vlan id[%d]£º %d", key, iter, vlan_in_number);
|
||||
ex_data->rewrite_vlan = 1;
|
||||
ex_data->vlans[iter] = vlan_in_number;
|
||||
ex_data->ether_addrs[iter] = ether_addr_broadcast;
|
||||
@@ -284,14 +284,13 @@ out:
|
||||
#define MAAT_INPUT_REDIS 1
|
||||
#define MAAT_INPUT_FILE 2
|
||||
|
||||
static Maat_feather_t maat_feather_create_with_override(const char * instance_name,
|
||||
static struct maat* maat_feather_create_with_override(const char * instance_name,
|
||||
const char * profile, const char * section, const char * override_section,
|
||||
unsigned int max_thread, void * logger)
|
||||
{
|
||||
Maat_feather_t target;
|
||||
struct maat *target=NULL;
|
||||
int input_mode = 0, maat_stat_on = 0, maat_perf_on = 0;
|
||||
int ret = 0, scan_detail = 0, effect_interval = 60;
|
||||
|
||||
int ret = 0, effect_interval = 60, log_level=0;
|
||||
char table_info[TFE_STRING_MAX] = {0}, inc_cfg_dir[TFE_STRING_MAX] = {0}, ful_cfg_dir[TFE_STRING_MAX] = {0};
|
||||
char redis_server[TFE_STRING_MAX] = {0};
|
||||
char redis_port_range[TFE_STRING_MAX] = {0};
|
||||
@@ -310,9 +309,9 @@ static Maat_feather_t maat_feather_create_with_override(const char * instance_na
|
||||
MESA_load_profile_string_def(profile, section, "accept_tags", accept_tags, sizeof(accept_tags), "");
|
||||
MESA_load_profile_string_def(profile, section, "json_cfg_file", json_cfg_file, sizeof(json_cfg_file), "");
|
||||
MESA_load_profile_string_def(profile, section, "maat_redis_server", redis_server, sizeof(redis_server), "");
|
||||
MESA_load_profile_string_def(profile, section, "maat_redis_port_range", redis_port_range, sizeof(redis_server),
|
||||
"6379");
|
||||
MESA_load_profile_string_def(profile, section, "maat_redis_port_range", redis_port_range, sizeof(redis_server),"6379");
|
||||
MESA_load_profile_int_def(profile, section, "deferred_load_on", &(deferred_load_on), 0);
|
||||
MESA_load_profile_int_def(profile, section, "log_level", &(log_level), LOG_LEVEL_FATAL);
|
||||
|
||||
ret = sscanf(redis_port_range, "%d-%d", &redis_port_begin, &redis_port_end);
|
||||
if (ret == 1)
|
||||
@@ -344,53 +343,57 @@ static Maat_feather_t maat_feather_create_with_override(const char * instance_na
|
||||
assert(strlen(inc_cfg_dir) != 0 || strlen(ful_cfg_dir) != 0 || strlen(redis_server) != 0
|
||||
|| strlen(json_cfg_file) != 0);
|
||||
|
||||
target = Maat_feather(max_thread, table_info, logger);
|
||||
Maat_set_feather_opt(target, MAAT_OPT_INSTANCE_NAME, instance_name, strlen(instance_name) + 1);
|
||||
struct maat_options *opts = maat_options_new();
|
||||
maat_options_set_logger(opts, "log/maat.log", (enum log_level)log_level);
|
||||
maat_options_set_caller_thread_number(opts, max_thread);
|
||||
maat_options_set_instance_name(opts, instance_name);
|
||||
|
||||
switch (input_mode)
|
||||
{
|
||||
case MAAT_INPUT_JSON:
|
||||
Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file) + 1);
|
||||
maat_options_set_json_file(opts, json_cfg_file);
|
||||
break;
|
||||
case MAAT_INPUT_REDIS:Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP, redis_server, strlen(redis_server) + 1);
|
||||
Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port_select, sizeof(redis_port_select));
|
||||
Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx));
|
||||
case MAAT_INPUT_REDIS:
|
||||
maat_options_set_redis(opts, redis_server, redis_port_select, redis_db_idx);
|
||||
break;
|
||||
case MAAT_INPUT_FILE: Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir) + 1);
|
||||
Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir) + 1);
|
||||
case MAAT_INPUT_FILE:
|
||||
maat_options_set_iris(opts, ful_cfg_dir, inc_cfg_dir);
|
||||
break;
|
||||
default: TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode);
|
||||
goto error_out;
|
||||
break;
|
||||
}
|
||||
|
||||
if (maat_stat_on)
|
||||
{
|
||||
Maat_set_feather_opt(target, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file) + 1);
|
||||
Maat_set_feather_opt(target, MAAT_OPT_STAT_ON, NULL, 0);
|
||||
if (maat_perf_on)
|
||||
{
|
||||
Maat_set_feather_opt(target, MAAT_OPT_PERF_ON, NULL, 0);
|
||||
}
|
||||
}
|
||||
if (maat_stat_on)
|
||||
{
|
||||
maat_options_set_stat_on(opts);
|
||||
if (maat_perf_on)
|
||||
{
|
||||
maat_options_set_perf_on(opts);
|
||||
}
|
||||
}
|
||||
|
||||
Maat_set_feather_opt(target, MAAT_OPT_DEFERRED_LOAD, &deferred_load_on, sizeof(deferred_load_on));
|
||||
Maat_set_feather_opt(target, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
|
||||
Maat_set_feather_opt(target, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
|
||||
if(deferred_load_on)
|
||||
{
|
||||
maat_options_set_deferred_load_on(opts);
|
||||
}
|
||||
maat_options_set_rule_effect_interval_ms(opts, effect_interval);
|
||||
if (strlen(accept_tags) > 0)
|
||||
{
|
||||
Maat_set_feather_opt(target, MAAT_OPT_ACCEPT_TAGS, &accept_tags, sizeof(accept_tags));
|
||||
maat_options_set_accept_tags(opts, accept_tags);
|
||||
}
|
||||
|
||||
ret = Maat_initiate_feather(target);
|
||||
if (ret < 0)
|
||||
target = maat_new(opts, table_info);
|
||||
if (!target)
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__);
|
||||
TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__);
|
||||
goto error_out;
|
||||
}
|
||||
maat_options_free(opts);
|
||||
return target;
|
||||
|
||||
return target;
|
||||
error_out:
|
||||
Maat_burn_feather(target);
|
||||
maat_options_free(opts);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -467,34 +470,34 @@ int traffic_mirror_init(struct tfe_proxy * proxy)
|
||||
}
|
||||
|
||||
/* REGISTER MAAT FEATHER */
|
||||
instance->policy_table_id = Maat_table_register(instance->maat_feather, "TSG_SECURITY_COMPILE");
|
||||
if (unlikely(instance->policy_table_id < 0))
|
||||
instance->policy_table_id = maat_get_table_id(instance->maat_feather, "TSG_SECURITY_COMPILE");
|
||||
if (instance->policy_table_id < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(instance->logger, "failed at register table TSG_SECURITY_COMPILE, ret = %d",
|
||||
instance->policy_table_id); goto errout;
|
||||
}
|
||||
|
||||
instance->profile_table_id = Maat_table_register(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR");
|
||||
if (unlikely(instance->profile_table_id < 0))
|
||||
instance->profile_table_id = maat_get_table_id(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR");
|
||||
if (instance->profile_table_id < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(instance->logger, "failed at register table TSG_PROFILE_TRAFFIC_MIRROR, ret = %d",
|
||||
instance->profile_table_id); goto errout;
|
||||
}
|
||||
|
||||
result = Maat_plugin_EX_register(instance->maat_feather, instance->policy_table_id,
|
||||
result = maat_plugin_table_ex_schema_register(instance->maat_feather, "TSG_SECURITY_COMPILE",
|
||||
policy_table_ex_data_new_cb, policy_table_ex_data_free_cb, policy_table_ex_data_dup_cb,
|
||||
nullptr, 0, instance);
|
||||
0, instance);
|
||||
|
||||
if(unlikely(result < 0))
|
||||
if(result < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(instance->logger, "failed at Maat_plugin_EX_register(TSG_SECURITY_COMPILE), "
|
||||
TFE_LOG_ERROR(instance->logger, "failed at maat_plugin_table_ex_schema_register(TSG_SECURITY_COMPILE), "
|
||||
"table_id = %d, ret = %d", instance->policy_table_id, result);
|
||||
goto errout;
|
||||
}
|
||||
|
||||
result = Maat_plugin_EX_register(instance->maat_feather, instance->profile_table_id,
|
||||
result = maat_plugin_table_ex_schema_register(instance->maat_feather, "TSG_PROFILE_TRAFFIC_MIRROR",
|
||||
profile_table_ex_data_new_cb, profile_table_ex_data_free_cb, profile_table_ex_data_dup_cb,
|
||||
nullptr, 0, instance);
|
||||
0, instance);
|
||||
|
||||
if (unlikely(result < 0))
|
||||
{
|
||||
@@ -554,8 +557,7 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
|
||||
}
|
||||
|
||||
snprintf(str_policy_id, sizeof(str_policy_id), "%u", opt_val);
|
||||
policy_ex_data = (struct policy_table_ex_data *) Maat_plugin_get_EX_data(instance->maat_feather,
|
||||
instance->policy_table_id, str_policy_id);
|
||||
policy_ex_data = (struct policy_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, instance->policy_table_id, str_policy_id);
|
||||
if (!policy_ex_data || !policy_ex_data->enable)
|
||||
{
|
||||
goto detach;
|
||||
@@ -582,8 +584,7 @@ int traffic_mirror_on_open_cb(const struct tfe_stream * stream, unsigned int thr
|
||||
if (policy_ex_data->is_profile_set)
|
||||
{
|
||||
snprintf(str_profile_id, sizeof(str_policy_id), "%u", policy_ex_data->profile_id);
|
||||
profile_ex_data = (struct profile_table_ex_data *)Maat_plugin_get_EX_data(instance->maat_feather,
|
||||
instance->profile_table_id, str_profile_id);
|
||||
profile_ex_data = (struct profile_table_ex_data *)maat_plugin_table_get_ex_data(instance->maat_feather, instance->profile_table_id, str_profile_id);
|
||||
if (!profile_ex_data)
|
||||
{
|
||||
TFE_LOG_ERROR(instance->logger, "failed at getting policy %s's profile, profile id = %s, "
|
||||
@@ -718,7 +719,7 @@ void traffic_mirror_on_close_cb(const struct tfe_stream * stream, unsigned int t
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
struct traffic_mirror_me * me = (struct traffic_mirror_me *)(*pme);
|
||||
traffic_mirror_rebuild_farewell(me->rebuild_ctx, thread_id);
|
||||
traffic_mirror_rebuild_destroy(me->rebuild_ctx);
|
||||
|
||||
Reference in New Issue
Block a user