#include #include #include #include #include #include "MESA_prof_load.h" #include "MESA_handle_logger.h" #include "Maat_rule.h" #include "Maat_command.h" #include "ir_mctrl.h" #include "MESA_htable.h" void *logger_handle; Maat_feather_t mctrl_d_feather; Maat_feather_t mctrl_s_feather; MESA_htable_handle s_and_d_nominee_htable; void Maat_start_cb(int update_type,void* u_para) { if(update_type==MAAT_RULE_UPDATE_TYPE_FULL) { MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,Maat rule type is full",u_para); } else { MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,Maat rule type is inc",u_para); } return; } void get_cur_time(char *date) { time_t t; struct tm *lt; time(&t); lt = localtime(&t); snprintf(date, MAX_TIME_LEN,"%d/%d/%d/%d:%d:%d",lt->tm_year+1900, lt->tm_mon, lt->tm_mday, lt->tm_hour, lt->tm_min, lt->tm_sec); } int set_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *table_line,int rule_id) { const struct Maat_line_t *p_line; struct Maat_line_t line_rule; int ret = 0; char m_table_line[HTABLE_DATA_LEN]; struct IR_MCTRL_INFO nom_info; memset(&line_rule, 0,sizeof(line_rule)); line_rule.label_id=0; line_rule.rule_id=rule_id; line_rule.table_name=ir_table_name; sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s", &nom_info.region_id,&nom_info.group_id,&nom_info.addr_type, nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip, nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.is_valid, &nom_info.action,&nom_info.service,&nom_info.addr_pool_id,nom_info.op_time); get_cur_time(nom_info.op_time); if(memcmp(ir_table_name,INTERCEPT_IP,strlen(INTERCEPT_IP))) { snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%d\t%s", rule_id,nom_info.addr_pool_id,nom_info.addr_type,nom_info.src_ip,nom_info.is_valid,nom_info.op_time); } else { snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%s", rule_id,nom_info.group_id,nom_info.addr_type, nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip, nom_info.dst_port,nom_info.mask_dst_port,nom_info.procotol,nom_info.direction, nom_info.is_valid,nom_info.action,nom_info.service,nom_info.op_time); } line_rule.table_line=m_table_line; line_rule.expire_after=0; p_line=&line_rule; ret=Maat_cmd_set_line(feather, p_line, MAAT_OP_ADD); MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO, (char*)"maat_update", "set_table_line:%s",m_table_line); if(ret==-1) { MESA_handle_runtime_log(logger_handle, RLOG_LV_INFO, (char*)"SET_LINE","%s:set redis line error",ir_table_name); } else { MESA_handle_runtime_log(logger_handle, RLOG_LV_INFO, (char*)"SET_LINE","%s:set redis line success",ir_table_name); } return ret; } int del_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *table_line,int rule_id) { int ret=0; const struct Maat_line_t *p_line; struct Maat_line_t line_rule; memset(&line_rule,0,sizeof(line_rule)); line_rule.label_id=0; line_rule.rule_id=rule_id; line_rule.table_name=ir_table_name; if(!memcmp(ir_table_name,INTERCEPT_IP,strlen(INTERCEPT_IP))) { line_rule.table_line=table_line; line_rule.expire_after=TIME_OUT; p_line=&line_rule; ret=Maat_cmd_set_line(feather, p_line, MAAT_OP_RENEW_TIMEOUT); } else { line_rule.table_line=NULL; line_rule.expire_after=0; p_line=&line_rule; ret=Maat_cmd_set_line(feather, p_line, MAAT_OP_DEL); } MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO, (char*)"maat_update", "del_table_line:%s",table_line); if(ret==-1) { MESA_handle_runtime_log(logger_handle, RLOG_LV_INFO, (char*)"DEL_LINE","%s:del redis line error",ir_table_name); } else if(ret==1) { MESA_handle_runtime_log(logger_handle, RLOG_LV_INFO, (char*)"DEL_LINE","%s:del redis line success",ir_table_name); } else { MESA_handle_runtime_log(logger_handle, RLOG_LV_INFO, (char*)"DEL_LINE","%s:del redis line not sure",ir_table_name); } return ret; } long htable_write_search(void *data, const uchar *key, uint size, void *user_arg) { int htable_flag=0; char *htable_data=(char*)data; if(htable_data!=NULL) { sscanf(htable_data,"%d\t",&htable_flag); MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"htable_write_search","get htable flag:%d!",htable_flag); } return htable_flag; } long htable_read_search(void *data, const uchar *key, uint size, void *user_arg) { int htable_flag=0; struct IR_MCTRL_INFO nom_info; char *htable_data=(char*)data; if(htable_data!=NULL) { sscanf((char*)data, "%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s", &htable_flag,&nom_info.region_id,&nom_info.group_id,&nom_info.addr_type, nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip, nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.is_valid, &nom_info.action,&nom_info.service,&nom_info.addr_pool_id,nom_info.op_time); if(!memcmp(user_arg,INTERCEPT_IP,strlen(INTERCEPT_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG|| htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG)) { htable_flag+=INTERCEPT_FLAG; } else if(!memcmp(user_arg,NOMINEE_IP,strlen(NOMINEE_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG|| htable_flag==O_AND_I_FLAG||htable_flag==O_AND_C_AND_I_FLAG)) { htable_flag+=NOMINEE_FLAG; } else if(!memcmp(user_arg,CANDIDATE_IP,strlen(CANDIDATE_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_N_FLAG|| htable_flag==O_AND_I_FLAG||htable_flag==O_AND_I_AND_N_FLAG)) { htable_flag+=CANDIDATE_FLAG; } else { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"htable_read_search","htable flag is:%d",htable_flag); } snprintf(htable_data,sizeof(HTABLE_DATA_LEN), "%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s", htable_flag,nom_info.region_id,nom_info.group_id,nom_info.addr_type, nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip, nom_info.dst_port,nom_info.mask_dst_port,nom_info.procotol,nom_info.direction,nom_info.is_valid, nom_info.action,nom_info.service,nom_info.addr_pool_id,nom_info.op_time); MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"htable_read_search","htable flag change:%d",htable_flag); } return htable_flag; } void read_table_update_cb(int table_id,const char* table_line,void* u_para) { int rule_id=0; void *htable_data=NULL; int is_valid=-1; long search_ret=0; if(!memcmp(u_para,INTERCEPT_IP,strlen(INTERCEPT_IP))) { sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*d\t%*d\t%d\t%*d\t%*d\t%*s",&rule_id,&is_valid); } else if(!memcmp(u_para,NOMINEE_IP,strlen(NOMINEE_IP))) { sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%d\t%*s",&rule_id,&is_valid); } else { sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*d\t%*s\t%*d\t%*d\t%*d\t%*d\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%d",&rule_id,&is_valid); } unsigned char *key_id=(unsigned char*)&rule_id; if(is_valid==0) { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"READ_TABLE_UPDATA","table_name:%s del redis is_valid==0",u_para); return; } htable_data=MESA_htable_search_cb(s_and_d_nominee_htable,key_id,sizeof(rule_id), htable_read_search,u_para,&search_ret); if(htable_data==NULL) { del_ir_line(mctrl_d_feather,(char*)u_para,table_line,rule_id); } else { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"READ_TABLE_UPDATA","already exist!"); } return; } void htable_data_free(void *data) { if(data!=NULL) { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"DATA_FREE","htable_data_free!"); free(data); data=NULL; } return; } void write_table_update_cb(int table_id,const char* table_line,void* u_para) { int add_ret=0; struct IR_MCTRL_INFO nom_info; nom_info.htable_flag=S_OR_D_ORIGIN_FLAG; int rule_id=0; int del_ret=0; long cb_ret=0; if(!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP))) { sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%d\t%*s\t%*d\t%d\t%s", &nom_info.region_id,&nom_info.addr_type,&nom_info.procotol,nom_info.src_ip,nom_info.src_port, &nom_info.direction,&nom_info.is_valid,nom_info.op_time); nom_info.region_id+=1000000000; nom_info.addr_pool_id=0; nom_info.group_id=nom_info.region_id; memcpy(nom_info.mask_src_ip,"0.0.0.0",sizeof("0.0.0.0")); memcpy(nom_info.mask_src_port,"0",sizeof("0")); memcpy(nom_info.dst_ip,"0.0.0.0",sizeof("0.0.0.0")); memcpy(nom_info.mask_dst_ip,"0.0.0.0",sizeof("0.0.0.0")); memcpy(nom_info.dst_port,"0",sizeof("0")); memcpy(nom_info.mask_dst_port,"0",sizeof("0")); nom_info.action=0x60; nom_info.service=19; } else { sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s", &nom_info.region_id,&nom_info.group_id,&nom_info.addr_type, nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip, nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.is_valid, &nom_info.action,&nom_info.service,&nom_info.addr_pool_id,nom_info.op_time); } unsigned char *key_id=(unsigned char*)&nom_info.region_id; rule_id=nom_info.region_id; if(nom_info.is_valid==1) { char *htable_data=(char*)malloc(HTABLE_DATA_LEN); snprintf(htable_data,HTABLE_DATA_LEN,"%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s", nom_info.htable_flag,nom_info.region_id,nom_info.group_id,nom_info.addr_type, nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip, nom_info.dst_port,nom_info.mask_dst_port,nom_info.procotol,nom_info.direction,nom_info.is_valid, nom_info.action,nom_info.service,nom_info.addr_pool_id,nom_info.op_time); add_ret=MESA_htable_add(s_and_d_nominee_htable,key_id,sizeof(int),htable_data); if(add_ret<0) { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"ADD_S_AND_D_NOMINEE_HASH","add htable error:%d",add_ret); } else { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"ADD_S_AND_D_NOMINEE_HASH","add htable succeed:%d",add_ret); } } else { assert(nom_info.is_valid<=1); } MESA_htable_search_cb(s_and_d_nominee_htable,key_id,sizeof(rule_id),htable_write_search,NULL,&cb_ret); switch(nom_info.is_valid) { case 0: del_ir_line(mctrl_d_feather,(char*)CANDIDATE_IP,table_line,rule_id); del_ir_line(mctrl_d_feather,(char*)INTERCEPT_IP,table_line,rule_id); del_ir_line(mctrl_d_feather,(char*)NOMINEE_IP,table_line,rule_id); del_ret=MESA_htable_del(s_and_d_nominee_htable,key_id,sizeof(rule_id),htable_data_free); if(del_ret<0) { MESA_handle_runtime_log(logger_handle, RLOG_LV_DEBUG, (char*)"DEL_S_AND_D_NOMINEE","del htable error:%d",del_ret); } break; case 1: if(cb_ret==S_OR_D_ORIGIN_FLAG||cb_ret==O_AND_C_FLAG) { set_ir_line(mctrl_d_feather, (char*)INTERCEPT_IP,table_line,rule_id); set_ir_line(mctrl_d_feather,(char*)NOMINEE_IP,table_line,rule_id); } else if(cb_ret==O_AND_N_FLAG||cb_ret==O_AND_C_AND_N_FLAG) { set_ir_line(mctrl_d_feather, (char*)INTERCEPT_IP,table_line,rule_id); } else if(cb_ret==O_AND_I_FLAG||cb_ret==O_AND_C_AND_I_FLAG) { set_ir_line(mctrl_d_feather,(char*)NOMINEE_IP,table_line,rule_id); } else { MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO, (char*)"write_update", "exist already !! htable_flag is:%d",cb_ret); assert(cb_ret<=ALL_EXIST_FLAG); } break; default: MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO, (char*)"write_update", "is_valid default !!!"); assert(0); break; } return; } void Maat_finish_cb(void* u_para) { MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,finish succeed",u_para); return; } int read_plugin_table(Maat_feather_t feather,const char* table_name, Maat_start_callback_t *start,Maat_update_callback_t *update,Maat_finish_callback_t *finish, void *u_para,void* logger,int table_id) { int ret=0; ret=Maat_table_callback_register(feather, table_id, start, update, finish, u_para); if(ret<0) { MESA_handle_runtime_log(logger_handle,RLOG_LV_FATAL, (char*)"REGISTER_TABLE", "Maat callback register table %s error.\n",table_name); assert(0); } return ret; } void htable_iterate(const uchar * key, uint size, void * data, void * user) { int htable_flag=0; int rule_id=0; char table_line[HTABLE_DATA_LEN]; struct IR_MCTRL_INFO nom_info; sscanf((char*)data,"%d\t%d",&htable_flag,&rule_id); if(htable_flag=14: %d!",htable_flag); assert(htable_flag>=S_OR_D_ORIGIN_FLAG); } } else { MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO, (char*)"htable_iterate", "already exist,htable flag is:%d!",htable_flag); assert(htable_flag<=ALL_EXIST_FLAG); } return; } void Maat_init() { // load conf const char *section_d = "Mctrl"; const char *section_s = "Mctrl_S"; char table_info_path[MAX_PATH_LEN]; char logger_path[MAX_PATH_LEN]; int max_thread_num=0; char Maat_redis_ip[MAX_IP4_LEN]; int Maat_redis_port=0; char Maat_redis_ip_s[MAX_IP4_LEN]; int Maat_redis_port_s=0; char stat_file_path[MAX_PATH_LEN]; int logger_level=0; //dynamic server conf MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d, "table_info_path", table_info_path, sizeof(table_info_path), "./conf/table_info.conf"); MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d, "logger_path", logger_path, sizeof(logger_path), "./log/ir.log"); MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d, "max_thread_num", &max_thread_num, 1); MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d, "Maat_redis_ip", Maat_redis_ip, sizeof(Maat_redis_ip), "127.0.0.1"); MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d, "Maat_redis_port", &Maat_redis_port,6379); MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d, "stat_file_path", stat_file_path, sizeof(stat_file_path), "./log/Maat_stat.log"); MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d, "logger_level", &logger_level,RLOG_LV_DEBUG); //static server conf MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_s, "Maat_redis_ip", Maat_redis_ip_s, sizeof(Maat_redis_ip), "127.0.0.1"); MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_s, "Maat_redis_port", &Maat_redis_port_s,6379); //log logger_handle=MESA_create_runtime_log_handle(logger_path,logger_level); if(logger_handle == NULL) { printf("IR MESA_create_runtime_log_handle() error!\n"); assert(0); } //redis mctrl_d_feather = Maat_feather(max_thread_num, table_info_path,logger_handle); mctrl_s_feather = Maat_feather(max_thread_num, table_info_path,logger_handle); if(mctrl_d_feather==NULL||mctrl_s_feather==NULL) { MESA_handle_runtime_log(logger_handle,RLOG_LV_FATAL,(char*)"MAAT","IR maat_feather error!"); assert(0); } Maat_set_feather_opt(mctrl_d_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip,MAX_IP4_LEN); Maat_set_feather_opt(mctrl_d_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port,sizeof(Maat_redis_port)); Maat_set_feather_opt(mctrl_s_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_s,MAX_IP4_LEN); Maat_set_feather_opt(mctrl_s_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_s,sizeof(Maat_redis_port)); } int htable_init() { int htable_ret; s_and_d_nominee_htable = MESA_htable_born(); if(s_and_d_nominee_htable == NULL) { MESA_handle_runtime_log(logger_handle,RLOG_LV_FATAL,(char*)"htable","htable born failed"); assert(0); return -1; } htable_ret = MESA_htable_mature(s_and_d_nominee_htable); if(0 == htable_ret) { MESA_handle_runtime_log(logger_handle,RLOG_LV_INFO,(char*)"htable","htable mature succ"); return 0; } else { MESA_handle_runtime_log(logger_handle,RLOG_LV_FATAL,(char*)"htable","htable mature failed"); assert(0); return -1; } } int main(int argc, char * argv [ ]) { Maat_init(); Maat_set_feather_opt(mctrl_d_feather, MAAT_OPT_INSTANCE_NAME, DYNAMIC_NOMINEE_IP, strlen(DYNAMIC_NOMINEE_IP)+1); Maat_set_feather_opt(mctrl_d_feather, MAAT_OPT_INSTANCE_NAME, INTERCEPT_IP, strlen(INTERCEPT_IP)+1); Maat_set_feather_opt(mctrl_d_feather, MAAT_OPT_INSTANCE_NAME, NOMINEE_IP, strlen(NOMINEE_IP)+1); Maat_set_feather_opt(mctrl_d_feather, MAAT_OPT_INSTANCE_NAME, CANDIDATE_IP, strlen(CANDIDATE_IP)+1); Maat_set_feather_opt(mctrl_s_feather, MAAT_OPT_INSTANCE_NAME, STATIC_NOMINEE_IP, strlen(STATIC_NOMINEE_IP)+1); Maat_initiate_feather(mctrl_d_feather); Maat_initiate_feather(mctrl_s_feather); htable_init(); char static_nominee[]=STATIC_NOMINEE_IP; char dynamic_nominee[]=DYNAMIC_NOMINEE_IP; char nominee[]=NOMINEE_IP; char candidate[]=CANDIDATE_IP; char intercept[]=INTERCEPT_IP; int static_id=-1; int dynamic_id=-1; int nominee_id=-1; int candidate_id=-1; int intercept_id=-1; static_id=Maat_table_register(mctrl_s_feather,static_nominee); dynamic_id=Maat_table_register(mctrl_d_feather,dynamic_nominee); nominee_id=Maat_table_register(mctrl_d_feather,nominee); candidate_id=Maat_table_register(mctrl_d_feather,candidate); intercept_id=Maat_table_register(mctrl_d_feather, intercept); if(static_id==-1||dynamic_id==-1||nominee_id==-1||candidate_id==-1||intercept_id==-1) { MESA_handle_runtime_log(logger_handle,RLOG_LV_FATAL,(char*)"REGISTER_TABLE","Database table register failed\n"); } read_plugin_table(mctrl_s_feather,STATIC_NOMINEE_IP,Maat_start_cb,write_table_update_cb,Maat_finish_cb, static_nominee,logger_handle,static_id); read_plugin_table(mctrl_d_feather,DYNAMIC_NOMINEE_IP,Maat_start_cb,write_table_update_cb,Maat_finish_cb, dynamic_nominee,logger_handle,dynamic_id); read_plugin_table(mctrl_d_feather,INTERCEPT_IP,Maat_start_cb,read_table_update_cb,Maat_finish_cb, intercept,logger_handle,intercept_id); read_plugin_table(mctrl_d_feather,NOMINEE_IP,Maat_start_cb,read_table_update_cb,Maat_finish_cb, nominee,logger_handle,nominee_id); read_plugin_table(mctrl_d_feather,CANDIDATE_IP,Maat_start_cb,read_table_update_cb,Maat_finish_cb, candidate,logger_handle,candidate_id); while(1) { MESA_htable_iterate(s_and_d_nominee_htable, htable_iterate, NULL); sleep(3600); } Maat_burn_feather(mctrl_d_feather); Maat_burn_feather(mctrl_s_feather); MESA_destroy_runtime_log_handle(logger_handle); MESA_htable_destroy(s_and_d_nominee_htable,htable_data_free); return 0; }