summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--bin/conf/table_info.conf4
-rw-r--r--bin/ir_mctrlbin47048 -> 47800 bytes
-rw-r--r--src/ir_mctrl.cpp249
-rw-r--r--src/ir_mctrl.h22
4 files changed, 195 insertions, 80 deletions
diff --git a/bin/conf/table_info.conf b/bin/conf/table_info.conf
index 03e0579..c66db3a 100644
--- a/bin/conf/table_info.conf
+++ b/bin/conf/table_info.conf
@@ -18,5 +18,7 @@
0 IR_STATIC_NOMINEE_IP plugin 15 --
1 IR_DYNAMIC_NOMINEE_IP plugin 9 --
2 IR_NOMINEE_IP plugin 5 --
-3 IR_CANDIDATE_IP plugin 19 --
+3 IR_CANDIDATE_IP plugin 6 --
4 IR_INTERCEPT_IP plugin 14 --
+5 IR_DNAT_POLICY plugin 11 --
+
diff --git a/bin/ir_mctrl b/bin/ir_mctrl
index a4ac21c..05deeea 100644
--- a/bin/ir_mctrl
+++ b/bin/ir_mctrl
Binary files differ
diff --git a/src/ir_mctrl.cpp b/src/ir_mctrl.cpp
index d0ea89f..7f5c330 100644
--- a/src/ir_mctrl.cpp
+++ b/src/ir_mctrl.cpp
@@ -18,19 +18,24 @@ void s_d_start_cb(int update_type,void* u_para)
if(update_type==MAAT_RULE_UPDATE_TYPE_FULL)
{
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,Maat rule type is full",u_para);
- if(!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP)))
+ if(!memcmp(u_para,DYNAMIC_NOMINEE_TABLE,strlen(DYNAMIC_NOMINEE_TABLE)))
{
mctrl_g.update_type_d=MAAT_RULE_UPDATE_TYPE_FULL;
mctrl_g.version_d++;
-
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,version:%d",u_para,mctrl_g.version_d);
}
- else
+ else if(!memcmp(u_para,STATIC_NOMINEE_TABLE,strlen(STATIC_NOMINEE_TABLE)))
{
mctrl_g.update_type_s=MAAT_RULE_UPDATE_TYPE_FULL;
mctrl_g.version_s++;
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,version:%d",u_para,mctrl_g.version_s);
}
+ else
+ {
+ mctrl_g.update_type_dp=MAAT_RULE_UPDATE_TYPE_FULL;
+ mctrl_g.version_dp++;
+ MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,version:%d",u_para,mctrl_g.version_dp);
+ }
}
else
{
@@ -85,12 +90,12 @@ int set_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *tab
get_cur_time(nom_info.op_time);
- if(memcmp(ir_table_name,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+ if(!memcmp(ir_table_name,NOMINEE_TABLE,strlen(NOMINEE_TABLE)))
{
snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%d\t%s\t%s",
rule_id,nom_info.addr_pool_id,nom_info.addr_type,nom_info.src_ip,nom_info.is_valid,nom_info.effective_range,nom_info.op_time);
}
- else
+ else
{
snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s",
rule_id,nom_info.group_id,nom_info.addr_type,
@@ -131,7 +136,7 @@ int del_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *tab
line_rule.rule_id=rule_id;
line_rule.table_name=ir_table_name;
line_rule.table_line=NULL;
- if(!memcmp(ir_table_name,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+ if(!memcmp(ir_table_name,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE)))
{
line_rule.expire_after=TIME_OUT;
p_line=&line_rule;
@@ -163,11 +168,23 @@ int del_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *tab
}
+long htable_del_update_search(void *data, const uchar *key, uint size, void *user_arg)
+{
+ int htable_flag=0;
+ char *htable_data=(char*)data;
+ if(htable_data!=NULL)
+ {
+ sscanf(htable_data,"%d\t",&htable_flag);
+ }
+ return htable_flag;
+}
+
-long htable_s_d_update_search(void *data, const uchar *key, uint size, void *user_arg)
+long htable_set_update_search(void *data, const uchar *key, uint size, void *user_arg)
{
struct IR_MCTRL_INFO nom_info;
char *htable_data=(char*)data;
+
if(htable_data!=NULL)
{
sscanf(htable_data,"%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s",
@@ -176,19 +193,24 @@ long htable_s_d_update_search(void *data, const uchar *key, uint size, void *use
nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
&nom_info.action,&nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
- if(nom_info.nominee_type==DYNAMIC_NOMINEE)
+ if(nom_info.nominee_type==DYNAMIC_NOMINEE_INFO)
{
nom_info.version=mctrl_g.version_d;
- MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_s_d_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
+ MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
}
- else if(nom_info.nominee_type==STATIC_NOMINEE)
+ else if(nom_info.nominee_type==STATIC_NOMINEE_INFO)
{
nom_info.version=mctrl_g.version_s;
- MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_s_d_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
+ MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
+ }
+ else if(nom_info.nominee_type==D_POLICY_INFO)
+ {
+ nom_info.version=mctrl_g.version_dp;
+ MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
}
else
{
- MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_s_d_update_search","get htable flag:%d!",nom_info.htable_flag);
+ MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d!",nom_info.htable_flag);
}
snprintf(htable_data,HTABLE_DATA_LEN, "%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s",
@@ -196,7 +218,10 @@ long htable_s_d_update_search(void *data, const uchar *key, uint size, void *use
nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip,
nom_info.dst_port,nom_info.mask_dst_port,nom_info.procotol,nom_info.direction,nom_info.addr_pool_id,nom_info.is_valid,
nom_info.action,nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
-
+ }
+ else
+ {
+ MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_INFO, (char*)"htable_set_update_search","htable info not exist!!!");
}
return nom_info.htable_flag;
}
@@ -215,17 +240,17 @@ long htable_n_i_search(void *data, const uchar *key, uint size, void *user_arg)
nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
&nom_info.action,&nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
- if(!memcmp(user_arg,INTERCEPT_IP,strlen(INTERCEPT_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
- htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG))
+ if(!memcmp(user_arg,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
+ htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG||htable_flag==D_POLICY_FLAG))
{
htable_flag+=INTERCEPT_FLAG;
}
- else if(!memcmp(user_arg,NOMINEE_IP,strlen(NOMINEE_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
+ else if(!memcmp(user_arg,NOMINEE_TABLE,strlen(NOMINEE_TABLE))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
htable_flag==O_AND_I_FLAG||htable_flag==O_AND_C_AND_I_FLAG))
{
htable_flag+=NOMINEE_FLAG;
}
- else if(!memcmp(user_arg,CANDIDATE_IP,strlen(CANDIDATE_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_N_FLAG||
+ else if(!memcmp(user_arg,CANDIDATE_TABLE,strlen(CANDIDATE_TABLE))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_N_FLAG||
htable_flag==O_AND_I_FLAG||htable_flag==O_AND_I_AND_N_FLAG))
{
htable_flag+=CANDIDATE_FLAG;
@@ -255,17 +280,17 @@ void n_i_table_update_cb(int table_id,const char* table_line,void* u_para)
int is_valid=-1;
long search_ret=0;
- if(!memcmp(u_para,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+ if(!memcmp(u_para,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE)))
{
sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*d\t%*d\t%d",&rule_id,&is_valid);
}
- else if(!memcmp(u_para,NOMINEE_IP,strlen(NOMINEE_IP)))
+ else if(!memcmp(u_para,NOMINEE_TABLE,strlen(NOMINEE_TABLE)))
{
sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%d",&rule_id,&is_valid);
}
else
{
- sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*d\t%*s\t%*d\t%*d\t%*d\t%*d\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%d",&rule_id,&is_valid);
+ sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*d\t%d",&rule_id,&is_valid);
}
unsigned char *key_id=(unsigned char*)&rule_id;
@@ -280,7 +305,7 @@ void n_i_table_update_cb(int table_id,const char* table_line,void* u_para)
if(htable_data==NULL)
{
- if(!memcmp(u_para,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+ if(!memcmp(u_para,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE)))
{
del_ir_line(mctrl_g.i_feather,(char*)u_para,table_line,rule_id);
}
@@ -308,18 +333,55 @@ void htable_data_free(void *data)
return;
}
+void del_redis_info(int flag,const char* table_line,int rule_id)
+{
+ switch(flag)
+ {
+ case ALL_EXIST_FLAG:
+ del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+ del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+ del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+ break;
+ case O_AND_I_AND_N_FLAG:
+ del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+ del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+ break;
+ case O_AND_C_AND_I_FLAG:
+ del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+ del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+ break;
+ case O_AND_C_AND_N_FLAG:
+ del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+ del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+ break;
+ case O_AND_I_FLAG:
+ case DP_AND_I_FLAG:
+ del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+ break;
+ case O_AND_C_FLAG:
+ del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+ break;
+ case O_AND_N_FLAG:
+ del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+ break;
+ default:
+ break;
+ }
+ return;
+}
+
void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
{
int add_ret=0;
struct IR_MCTRL_INFO nom_info;
memset(&nom_info,0,sizeof(nom_info));
char *htable_data=NULL;
- nom_info.htable_flag=S_OR_D_ORIGIN_FLAG;
+ void *search_result=NULL;
int rule_id=0;
int del_ret=0;
long cb_ret=0;
- if(!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP)))
+ if(!memcmp(u_para,DYNAMIC_NOMINEE_TABLE,strlen(DYNAMIC_NOMINEE_TABLE)))
{
sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%d\t%s\t%*d\t%d\t%d\t%*d\t%s\t%s",
&nom_info.region_id,&nom_info.addr_type,&nom_info.procotol,nom_info.src_ip,nom_info.src_port,
@@ -337,20 +399,44 @@ void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
memcpy(nom_info.effective_range,"{}",sizeof("{}"));
nom_info.action=96;
nom_info.service=832;
- nom_info.nominee_type=DYNAMIC_NOMINEE;
+ nom_info.htable_flag=S_OR_D_ORIGIN_FLAG;
+ nom_info.nominee_type=DYNAMIC_NOMINEE_INFO;
}
- else
+ else if(!memcmp(u_para,STATIC_NOMINEE_TABLE,strlen(STATIC_NOMINEE_TABLE)))
{
sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s",
&nom_info.region_id,&nom_info.group_id,&nom_info.addr_type,
nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip,
nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
&nom_info.action,&nom_info.service,nom_info.effective_range,nom_info.op_time);
+ nom_info.region_id+=500000000;
+ memcpy(nom_info.user_region,"0",sizeof("0"));
memcpy(nom_info.effective_range,"{}",sizeof("{}"));
+ nom_info.service=832;
+ nom_info.htable_flag=S_OR_D_ORIGIN_FLAG;
+ nom_info.nominee_type=STATIC_NOMINEE_INFO;
+ }
+ else
+ {
+ sscanf(table_line,"%d\t%d\t%s\t%s\t%d\t%*s\t%*s\t%d\t%d\t%d\t%d\t%s\t%s",
+ &nom_info.region_id,&nom_info.addr_type,nom_info.dst_ip,nom_info.dst_port,&nom_info.procotol,
+ &nom_info.do_log,&nom_info.action,&nom_info.service,&nom_info.is_valid,
+ nom_info.effective_range,nom_info.op_time);
+ nom_info.group_id=nom_info.region_id;
+ memcpy(nom_info.src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+ memcpy(nom_info.src_port,"0",sizeof("0"));
+ memcpy(nom_info.mask_src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+ memcpy(nom_info.mask_src_port,"0",sizeof("0"));
+ memcpy(nom_info.mask_dst_ip,"0.0.0.0",sizeof("0.0.0.0"));
+ memcpy(nom_info.mask_dst_port,"0",sizeof("0"));
memcpy(nom_info.user_region,"0",sizeof("0"));
+ memcpy(nom_info.effective_range,"{}",sizeof("{}"));
+ nom_info.direction=0;
+ nom_info.action=96;
nom_info.service=832;
- nom_info.nominee_type=STATIC_NOMINEE;
+ nom_info.htable_flag=D_POLICY_FLAG;
+ nom_info.nominee_type=D_POLICY_INFO;
}
unsigned char *key_id=(unsigned char*)&nom_info.region_id;
@@ -377,20 +463,20 @@ void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
}
- MESA_htable_search_cb(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_s_d_update_search,NULL,&cb_ret);
+ MESA_htable_search_cb(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_set_update_search,NULL,&cb_ret);
if(cb_ret==S_OR_D_ORIGIN_FLAG||cb_ret==O_AND_C_FLAG)
{
- set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_IP,htable_data,rule_id);
- set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,htable_data,rule_id);
+ set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_TABLE,htable_data,rule_id);
+ set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,htable_data,rule_id);
}
- else if(cb_ret==O_AND_N_FLAG||cb_ret==O_AND_C_AND_N_FLAG)
+ else if(cb_ret==O_AND_N_FLAG||cb_ret==O_AND_C_AND_N_FLAG||cb_ret==D_POLICY_FLAG)
{
- set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_IP,htable_data,rule_id);
+ set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_TABLE,htable_data,rule_id);
}
else if(cb_ret==O_AND_I_FLAG||cb_ret==O_AND_C_AND_I_FLAG)
{
- set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,htable_data,rule_id);
+ set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,htable_data,rule_id);
}
else
{
@@ -401,9 +487,16 @@ void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
}
else if(nom_info.is_valid==0)
{
- del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,table_line,rule_id);
- del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,table_line,rule_id);
- del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_IP,table_line,rule_id);
+ search_result=MESA_htable_search_cb(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_del_update_search,NULL,&cb_ret);
+
+ if(search_result==NULL)
+ {
+ MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL, (char*)"write_update", "already del!!!");
+ return;
+ }
+
+ del_redis_info(cb_ret,table_line,rule_id);
+
del_ret=MESA_htable_del(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_data_free);
if(del_ret<0)
@@ -437,14 +530,15 @@ void s_d_htable_iterate(const uchar * key, uint size, void * data, void * user)
nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip,
nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
&nom_info.action,&nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
- if((mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==STATIC_NOMINEE&&nom_info.version!=mctrl_g.version_s)||
- (mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==DYNAMIC_NOMINEE&&nom_info.version!=mctrl_g.version_d))
+ if((mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==STATIC_NOMINEE_INFO&&nom_info.version!=mctrl_g.version_s)||
+ (mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==DYNAMIC_NOMINEE_INFO&&nom_info.version!=mctrl_g.version_d)||
+ (mctrl_g.update_type_dp==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==D_POLICY_INFO&&nom_info.version!=mctrl_g.version_dp))
{
+ del_redis_info(nom_info.htable_flag,(char*)data,nom_info.region_id);
+
unsigned char *key_id=(unsigned char*)&nom_info.region_id;
- del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,(char*)data,nom_info.region_id);
- del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,(char*)data,nom_info.region_id);
- del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_IP,(char*)data,nom_info.region_id);
+
del_ret=MESA_htable_del(mctrl_g.s_d_htable,key_id,sizeof(int),htable_data_free);
if(del_ret<0)
@@ -458,20 +552,27 @@ void s_d_htable_iterate(const uchar * key, uint size, void * data, void * user)
void s_d_finish_cb(void* u_para)
{
- if((!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP)))&&mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL)
+ if((!memcmp(u_para,DYNAMIC_NOMINEE_TABLE,strlen(DYNAMIC_NOMINEE_TABLE)))&&mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL)
{
MESA_htable_iterate(mctrl_g.s_d_htable, s_d_htable_iterate,NULL);
mctrl_g.update_type_d=MAAT_RULE_UPDATE_TYPE_INC;
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,update_type:%d,finish succeed",u_para,mctrl_g.update_type_d);
}
- else if((!memcmp(u_para,STATIC_NOMINEE_IP,strlen(STATIC_NOMINEE_IP)))&&mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL)
+ else if((!memcmp(u_para,STATIC_NOMINEE_TABLE,strlen(STATIC_NOMINEE_TABLE)))&&mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL)
{
MESA_htable_iterate(mctrl_g.s_d_htable, s_d_htable_iterate,NULL);
mctrl_g.update_type_s=MAAT_RULE_UPDATE_TYPE_INC;
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,update_type:%d,finish succeed",u_para,mctrl_g.update_type_s);
}
+ else if((!memcmp(u_para,DNAT_POLICY_TABLE,strlen(DNAT_POLICY_TABLE)))&&mctrl_g.update_type_dp==MAAT_RULE_UPDATE_TYPE_FULL)
+ {
+
+ MESA_htable_iterate(mctrl_g.s_d_htable, s_d_htable_iterate,NULL);
+ mctrl_g.update_type_dp=MAAT_RULE_UPDATE_TYPE_INC;
+ MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,update_type:%d,finish succeed",u_para,mctrl_g.update_type_dp);
+ }
else
- {
+ {
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,finish succeed",u_para);
}
return;
@@ -519,21 +620,21 @@ void htable_iterate(const uchar * key, uint size, void * data, void * user)
if(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG)
{
- set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,table_line,rule_id);
- set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,table_line,rule_id);
+ set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+ set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
}
- else if(htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG)
+ else if(htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG||htable_flag==D_POLICY_FLAG)
{
- set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,table_line,rule_id);
+ set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
}
else if(htable_flag==O_AND_I_FLAG||htable_flag==O_AND_C_AND_I_FLAG)
{
- set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,table_line,rule_id);
+ set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
}
else
{
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"htable_iterate", "htable flag >=14: %d!",htable_flag);
- assert(htable_flag>=S_OR_D_ORIGIN_FLAG);
+ assert(htable_flag>=D_POLICY_FLAG);
}
}
else
@@ -556,6 +657,8 @@ void Maat_init()
char table_info_path[MAX_PATH_LEN];
char logger_path[MAX_PATH_LEN];
int max_thread_num=0;
+ int logger_level=0;
+
char Maat_redis_ip_d[MAX_STRING_LEN];
int Maat_redis_port_d=0;
int Maat_redis_index_d=0;
@@ -571,17 +674,15 @@ void Maat_init()
char Maat_redis_ip_n[MAX_STRING_LEN];
int Maat_redis_port_n=0;
int Maat_redis_index_n=0;
-
- int logger_level=0;
-
-//dynamic server conf
+
MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section,"table_info_path", table_info_path, sizeof(table_info_path), "./conf/table_info.conf");
MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section,"logger_path", logger_path, sizeof(logger_path), "./log/ir_mctrl.log");
+ MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"logger_level", &logger_level,RLOG_LV_FATAL);
MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"max_thread_num", &max_thread_num, 1);
+//dynamic server conf
MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_ip", Maat_redis_ip_d, sizeof(Maat_redis_ip_d), "127.0.0.1");
MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_port", &Maat_redis_port_d,6379);
MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_index", &Maat_redis_index_d,1);
- MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"logger_level", &logger_level,RLOG_LV_FATAL);
//static server conf
MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_s, "Maat_redis_ip", Maat_redis_ip_s, sizeof(Maat_redis_ip_s), "127.0.0.1");
MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_s,"Maat_redis_port", &Maat_redis_port_s,6379);
@@ -618,23 +719,23 @@ void Maat_init()
Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_d,MAX_STRING_LEN);
Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_d,sizeof(Maat_redis_port_d));
Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_d,sizeof(Maat_redis_index_d));
- Maat_set_feather_opt(mctrl_g.d_feather, MAAT_OPT_INSTANCE_NAME, DYNAMIC_NOMINEE_IP, strlen(DYNAMIC_NOMINEE_IP)+1);
+ Maat_set_feather_opt(mctrl_g.d_feather, MAAT_OPT_INSTANCE_NAME, DYNAMIC_NOMINEE_TABLE, strlen(DYNAMIC_NOMINEE_TABLE)+1);
Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_s,MAX_STRING_LEN);
Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_s,sizeof(Maat_redis_port_s));
Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_s,sizeof(Maat_redis_index_s));
- Maat_set_feather_opt(mctrl_g.s_feather, MAAT_OPT_INSTANCE_NAME, STATIC_NOMINEE_IP, strlen(STATIC_NOMINEE_IP)+1);
+ Maat_set_feather_opt(mctrl_g.s_feather, MAAT_OPT_INSTANCE_NAME, STATIC_NOMINEE_TABLE, strlen(STATIC_NOMINEE_TABLE)+1);
Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_i,MAX_STRING_LEN);
Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_i,sizeof(Maat_redis_port_i));
Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_i,sizeof(Maat_redis_index_i));
- Maat_set_feather_opt(mctrl_g.i_feather, MAAT_OPT_INSTANCE_NAME, INTERCEPT_IP, strlen(INTERCEPT_IP)+1);
+ Maat_set_feather_opt(mctrl_g.i_feather, MAAT_OPT_INSTANCE_NAME, INTERCEPT_TABLE, strlen(INTERCEPT_TABLE)+1);
Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_n,MAX_STRING_LEN);
Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_n,sizeof(Maat_redis_port_n));
Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_n,sizeof(Maat_redis_index_n));
- Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, NOMINEE_IP, strlen(NOMINEE_IP)+1);
- Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, CANDIDATE_IP, strlen(CANDIDATE_IP)+1);
+ Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, NOMINEE_TABLE, strlen(NOMINEE_TABLE)+1);
+ Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, CANDIDATE_TABLE, strlen(CANDIDATE_TABLE)+1);
Maat_initiate_feather(mctrl_g.d_feather);
Maat_initiate_feather(mctrl_g.s_feather);
@@ -676,47 +777,51 @@ int main(int argc, char * argv [ ])
Maat_init();
htable_init();
- char static_nominee[]=STATIC_NOMINEE_IP;
- char dynamic_nominee[]=DYNAMIC_NOMINEE_IP;
- char nominee[]=NOMINEE_IP;
- char candidate[]=CANDIDATE_IP;
- char intercept[]=INTERCEPT_IP;
+ char static_nominee[]=STATIC_NOMINEE_TABLE;
+ char dynamic_nominee[]=DYNAMIC_NOMINEE_TABLE;
+ char nominee[]=NOMINEE_TABLE;
+ char candidate[]=CANDIDATE_TABLE;
+ char intercept[]=INTERCEPT_TABLE;
+ char d_policy[]=DNAT_POLICY_TABLE;
int static_id=-1;
int dynamic_id=-1;
int nominee_id=-1;
int candidate_id=-1;
int intercept_id=-1;
+ int d_policy_id=-1;
static_id=Maat_table_register(mctrl_g.s_feather,static_nominee);
dynamic_id=Maat_table_register(mctrl_g.d_feather,dynamic_nominee);
nominee_id=Maat_table_register(mctrl_g.n_feather,nominee);
candidate_id=Maat_table_register(mctrl_g.n_feather,candidate);
intercept_id=Maat_table_register(mctrl_g.i_feather, intercept);
+ d_policy_id=Maat_table_register(mctrl_g.s_feather,d_policy);
- if(static_id==-1||dynamic_id==-1||nominee_id==-1||candidate_id==-1||intercept_id==-1)
+ if(static_id==-1||dynamic_id==-1||nominee_id==-1||candidate_id==-1||intercept_id==-1||d_policy_id==-1)
{
MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"REGISTER_TABLE","Database table register failed\n");
assert(0);
}
- read_plugin_table(mctrl_g.s_feather,STATIC_NOMINEE_IP,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
+ read_plugin_table(mctrl_g.s_feather,STATIC_NOMINEE_TABLE,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
static_nominee,mctrl_g.logger_handle,static_id);
- read_plugin_table(mctrl_g.d_feather,DYNAMIC_NOMINEE_IP,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
+ read_plugin_table(mctrl_g.d_feather,DYNAMIC_NOMINEE_TABLE,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
dynamic_nominee,mctrl_g.logger_handle,dynamic_id);
+ read_plugin_table(mctrl_g.s_feather,DNAT_POLICY_TABLE,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
+ d_policy,mctrl_g.logger_handle,d_policy_id);
- read_plugin_table(mctrl_g.i_feather,INTERCEPT_IP,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
+ read_plugin_table(mctrl_g.i_feather,INTERCEPT_TABLE,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
intercept,mctrl_g.logger_handle,intercept_id);
- read_plugin_table(mctrl_g.n_feather,NOMINEE_IP,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
+ read_plugin_table(mctrl_g.n_feather,NOMINEE_TABLE,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
nominee,mctrl_g.logger_handle,nominee_id);
- read_plugin_table(mctrl_g.n_feather,CANDIDATE_IP,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
+ read_plugin_table(mctrl_g.n_feather,CANDIDATE_TABLE,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
candidate,mctrl_g.logger_handle,candidate_id);
-
while(1)
{
MESA_htable_iterate(mctrl_g.s_d_htable, htable_iterate, NULL);
- sleep(86400);
+ sleep(SLEEP_TIME);
}
Maat_burn_feather(mctrl_g.d_feather);
diff --git a/src/ir_mctrl.h b/src/ir_mctrl.h
index 2e58d2b..16e07a8 100644
--- a/src/ir_mctrl.h
+++ b/src/ir_mctrl.h
@@ -16,25 +16,30 @@
#define MCTRL_CONF_FILE "./conf/mctrl.conf"
//table name
-#define NOMINEE_IP "IR_NOMINEE_IP"
-#define INTERCEPT_IP "IR_INTERCEPT_IP"
-#define STATIC_NOMINEE_IP "IR_STATIC_NOMINEE_IP"
-#define DYNAMIC_NOMINEE_IP "IR_DYNAMIC_NOMINEE_IP"
-#define CANDIDATE_IP "IR_CANDIDATE_IP"
+#define NOMINEE_TABLE "IR_NOMINEE_IP"
+#define INTERCEPT_TABLE "IR_INTERCEPT_IP"
+#define STATIC_NOMINEE_TABLE "IR_STATIC_NOMINEE_IP"
+#define DYNAMIC_NOMINEE_TABLE "IR_DYNAMIC_NOMINEE_IP"
+#define CANDIDATE_TABLE "IR_CANDIDATE_IP"
+#define DNAT_POLICY_TABLE "IR_DNAT_POLICY"
+#define SLEEP_TIME 86400
#define TIME_OUT 1800
#define MAX_THREAD_NUM 1
//nominee_type
-#define STATIC_NOMINEE 1
-#define DYNAMIC_NOMINEE 2
+#define STATIC_NOMINEE_INFO 1
+#define DYNAMIC_NOMINEE_INFO 2
+#define D_POLICY_INFO 3
//htable flag
#define S_OR_D_ORIGIN_FLAG 8
#define INTERCEPT_FLAG 4
#define NOMINEE_FLAG 2
#define CANDIDATE_FLAG 1
+#define D_POLICY_FLAG 3
+#define DP_AND_I_FLAG 7
#define O_AND_C_FLAG 9
#define O_AND_N_FLAG 10
#define O_AND_C_AND_N_FLAG 11
@@ -65,6 +70,7 @@ struct IR_MCTRL_INFO
char effective_range[MAX_STRING_LEN];
char user_region[MAX_STRING_LEN];
char op_time[MAX_TIME_LEN];
+ int do_log;
int htable_flag;
int nominee_type;
int version;
@@ -80,8 +86,10 @@ struct mctrl_glocal_info
MESA_htable_handle s_d_htable;
int update_type_s;
int update_type_d;
+ int update_type_dp;
int version_s;
int version_d;
+ int version_dp;
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 20:44:44 +0000