diff options
| author | liuxueli <[email protected]> | 2024-11-15 11:25:01 +0000 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2024-11-27 06:36:57 +0000 |
| commit | 9f5034e1c4c2f41037f92c8a5fa0a3be3a1d82a5 (patch) | |
| tree | 65763df6b4b1ea9fea8720b96a04093e651c3ada | |
| parent | 99051fd66abe0174fa237482ca3341692a4dd366 (diff) | |
Implement packet_scanner.c
| -rw-r--r-- | include/stellar/exporter.h | 14 | ||||
| -rw-r--r-- | include/stellar/scanner.h | 57 | ||||
| -rw-r--r-- | scanner/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | scanner/attribute_schema.c | 522 | ||||
| -rw-r--r-- | scanner/attribute_schema.h | 25 | ||||
| -rw-r--r-- | scanner/packet_scanner.c | 475 | ||||
| -rw-r--r-- | scanner/scanner.c | 143 | ||||
| -rw-r--r-- | scanner/scanner_maat.c | 175 | ||||
| -rw-r--r-- | scanner/scanner_maat.h | 16 | ||||
| -rw-r--r-- | scanner/scanner_state.c | 326 | ||||
| -rw-r--r-- | scanner/scanner_state.h | 24 | ||||
| -rw-r--r-- | scanner/test/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | scanner/test/gtest_attribute_schema.cpp | 64 | ||||
| -rw-r--r-- | scanner/test/gtest_scanner_maat.cpp | 1 | ||||
| -rw-r--r-- | scanner/test/gtest_scanner_state.cpp | 303 |
15 files changed, 299 insertions, 1850 deletions
diff --git a/include/stellar/exporter.h b/include/stellar/exporter.h index cbe2951..9232652 100644 --- a/include/stellar/exporter.h +++ b/include/stellar/exporter.h @@ -35,17 +35,3 @@ void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv); #ifdef __cplusplus } #endif - -/* -scan_dns_transaction() -{ - struct exporter_context *default_ctx = exporter_get_default_context_on_session(sess); - - struct exporter_context *cur_transaction_ctx = exporter_new_context(sess); - exporter_context_add_kv(cur_transaction_ctx, "dns.request.qname", "www.abc.com"); - exporter_context_add_kv(cur_transaction_ctx, "decode_as", "dns"); - exporter_context_add_kv(cur_transaction_ctx, "transaction_sequence", "2"); - exporter_context_finish(cur_transaction_ctx); - exporter_context_finish(default_ctx);//default_ctx can only be finished inside exporter module; otherwise assert(0); -} -*/
\ No newline at end of file diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h index 8ecef20..11d0b4e 100644 --- a/include/stellar/scanner.h +++ b/include/stellar/scanner.h @@ -16,63 +16,10 @@ extern "C" struct scanner; struct scanner *scanner_module_to_scanner(struct module *mod); -enum RULE_TYPE -{ - RULE_TYPE_UNKNOWN=0, - RULE_TYPE_SECURITY, - RULE_TYPE_MONITOR, - RULE_TYPE_DOS_PROTECTION, - RULE_TYPE_STATISTICS, - RULE_TYPE_SHAPING, - RULE_TYPE_PXY_INTERCEPT, - RULE_TYPE_SERVICE_CHAINING, - RULE_TYPE_APP_SIGNATURE, - RULE_TYPE_TUNNEL, - RULE_TYPE_MAX -}; - -typedef void packet_match_callback(struct packet *pkt, uuid_t rule_uuid[], size_t n_rule_uuid, void *args); -int scanner_subscribe_packet_match(struct scanner * scanner, enum RULE_TYPE type, packet_match_callback *cb, void *args); - -typedef void session_match_callback(struct session *sess, struct packet *pkt, uuid_t rule_uuid[], size_t n_rule_uuid, void *args); -int scanner_subscribe_session_match(struct scanner * scanner, enum RULE_TYPE type, session_match_callback *cb, void *args); - -struct scanner_state; - -/* return -1 if not found */ -int scanner_state_get_security_policy_matched_appid(struct scanner_state *state, uuid_t rule_uuid); - /* return NULL if not found */ -const struct scanner_state *scanner_get_state_on_session(struct scanner *scanner, struct session *sess); -const struct scanner_state *scanner_get_state_on_packet(struct scanner *scanner, struct packet *pkt); - -size_t scanner_state_get_history_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type); -size_t scanner_state_get_history_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], size_t n_rule_uuids); - -size_t scanner_state_get_current_packet_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type); -size_t scanner_state_get_current_packet_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], size_t n_rule_uuids); - struct maat *scanner_get_maat_instance(struct scanner *scanner); -const char *scanner_get_application_sub_action(struct scanner *scanner, int32_t appid); - - -enum HIT_OBJECT_ATTRIBUTE_TYPE -{ - HIT_OBJECT_ATTRIBUTE_TYPE_UNKNOWN=0, - HIT_OBJECT_ATTRIBUTE_TYPE_CLIENT_IP, - HIT_OBJECT_ATTRIBUTE_TYPE_SERVER_IP, - HIT_OBJECT_ATTRIBUTE_TYPE_OTHERS, - HIT_OBJECT_ATTRIBUTE_TYPE_MAX -}; - -const char *scanner_attribute_name_to_object_type(struct scanner *scanner, const char *attribute_name); - -/* object option is brief or elaborate */ -size_t scanner_state_get_history_object_count(struct scanner_state *exdata, enum HIT_OBJECT_ATTRIBUTE_TYPE type); -size_t scanner_state_get_history_hit_objects(struct scanner_state *exdata, enum HIT_OBJECT_ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects); - -size_t scanner_state_get_current_packet_hit_object_count(struct scanner_state *exdata, enum HIT_OBJECT_ATTRIBUTE_TYPE attr_type); -size_t scanner_state_get_current_packet_hit_objects(struct scanner_state *exdata, enum HIT_OBJECT_ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects); +const char *scanner_get_object_type(struct scanner *scanner, const char *attribute_name); +const char *scanner_get_object_table_name(struct scanner *scanner, const char *attribute_name); enum ATTRIBUTE_KV_INDEX { diff --git a/scanner/CMakeLists.txt b/scanner/CMakeLists.txt index 45aa964..15fbc33 100644 --- a/scanner/CMakeLists.txt +++ b/scanner/CMakeLists.txt @@ -1,7 +1,7 @@ add_definitions(-fPIC) include_directories(${CMAKE_SOURCE_DIR}/deps) -set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_state.c scanner_maat.c) +set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c) add_library(scanner-static STATIC ${SCANNER_SRC}) target_link_libraries(scanner-static fieldstat4 yyjson toml uuid maatframe) diff --git a/scanner/attribute_schema.c b/scanner/attribute_schema.c index c38b7aa..248cd1f 100644 --- a/scanner/attribute_schema.c +++ b/scanner/attribute_schema.c @@ -69,12 +69,21 @@ void attribute_scratch_reset(struct attribute_scratch *attr, size_t n_attr) attr[i].chunk.value_sz=0; break; case ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT: - if(attr[i].is_free_value==FREE_TRUE && attr[i].maat_object.hit_objects!=NULL) + if(attr[i].is_free_value==FREE_TRUE) { - FREE(attr[i].maat_object.hit_objects); + if(attr[i].maat_object.object_uuid!=NULL) + { + FREE(attr[i].maat_object.object_uuid); + + } + if(attr[i].maat_object.item_uuid!=NULL) + { + FREE(attr[i].maat_object.item_uuid); + } } - attr[i].maat_object.hit_objects=NULL; - attr[i].maat_object.n_hit_objects=0; + attr[i].maat_object.object_uuid=NULL; + attr[i].maat_object.item_uuid=NULL; + attr[i].maat_object.n_uuid=0; break; case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC: case ATTRIBUTE_VALUE_TYPE_INTEGER: @@ -205,16 +214,26 @@ void attribute_scratch_ipv6_fill(struct attribute_scratch *attr, size_t attr_max (*attr_offset)+=1; } -void attribute_scratch_maat_object_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, struct maat_hit_object *hit_objects, size_t n_hit_objects) +void attribute_scratch_maat_object_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uuid_t item_uuid[], uuid_t object_uuid[], size_t n_uuid) { - if((*attr_offset+1 > attr_max) || schema==NULL || hit_objects==NULL || n_hit_objects==0) + if((*attr_offset+1 > attr_max) || schema==NULL || n_uuid==0 || (object_uuid==NULL && item_uuid==NULL)) { return ; } - attr[*attr_offset].maat_object.hit_objects=(struct maat_hit_object *)malloc(sizeof(struct maat_hit_object)*n_hit_objects); - memcpy(attr[*attr_offset].maat_object.hit_objects, hit_objects, sizeof(struct maat_hit_object)*n_hit_objects); - attr[*attr_offset].maat_object.n_hit_objects=n_hit_objects; + if(object_uuid!=NULL) + { + attr[*attr_offset].maat_object.object_uuid=(uuid_t *)malloc(sizeof(uuid_t)*n_uuid); + memcpy(attr[*attr_offset].maat_object.object_uuid, object_uuid, sizeof(uuid_t)*n_uuid); + } + + if(item_uuid!=NULL) + { + attr[*attr_offset].maat_object.item_uuid=(uuid_t *)malloc(sizeof(uuid_t)*n_uuid); + memcpy(attr[*attr_offset].maat_object.item_uuid, item_uuid, sizeof(uuid_t)*n_uuid); + } + + attr[*attr_offset].maat_object.n_uuid=n_uuid; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; @@ -223,7 +242,15 @@ void attribute_scratch_maat_object_fill(struct attribute_scratch *attr, size_t a if(is_free_value==FREE_TRUE) { - free(hit_objects); + if(object_uuid!=NULL) + { + free(object_uuid); + } + + if(item_uuid!=NULL) + { + free(item_uuid); + } } } @@ -253,7 +280,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_LEVEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_LEVEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TUNNEL_LEVEL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -261,7 +287,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_GTP_ENDPOINT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_GTP_ENDPOINT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TUNNEL_GTP_ENDPOINT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -269,7 +294,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_GRE_ENDPOINT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_GRE_ENDPOINT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TUNNEL_GRE_ENDPOINT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -277,7 +301,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_IP_IN_IP_ENDPOINT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_IP_IN_IP_ENDPOINT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TUNNEL_IP_IN_IP_ENDPOINT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -285,40 +308,21 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_UUID_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_UUID_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tunnel_uuid_list" }; - attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, - .scan_attribute_name=(char *)"ATTR_INTERNAL_IP", - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=NULL - }; - attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR_COMMIT]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_IP]=(struct attribute_schema){ + .attr_idx=ATTRIBUTE_SCHEMA_INTERNAL_IP, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_INTERNAL_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; - attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, - .scan_attribute_name=(char *)"ATTR_EXTERNAL_IP", - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=NULL - }; - attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR_COMMIT]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_IP]=(struct attribute_schema){ + .attr_idx=ATTRIBUTE_SCHEMA_EXTERNAL_IP, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_EXTERNAL_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -327,7 +331,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_INTERNAL_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_INTERNAL_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -335,7 +338,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_EXTERNAL_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_EXTERNAL_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -344,16 +346,14 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch // tcp attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -361,7 +361,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_C2S_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -369,7 +368,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_S2C_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -377,7 +375,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_C2S_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -385,7 +382,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_S2C_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -394,16 +390,14 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch // udp attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -411,7 +405,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_C2S_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -419,7 +412,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_S2C_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -427,7 +419,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_C2S_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -435,7 +426,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_S2C_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -445,7 +435,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_FLAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_FLAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_FLAG", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"flags" @@ -453,7 +442,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_FLAGS_IDENTIFY_INFO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_FLAGS_IDENTIFY_INFO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"flags_identify_info" @@ -462,16 +450,14 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch // app id attr_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_APP_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_APP_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -479,7 +465,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DECODED_PATH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DECODED_PATH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"decoded_path" @@ -487,7 +472,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANS_PROTOCOL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANS_PROTOCOL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ip_protocol" @@ -497,7 +481,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_version" @@ -505,7 +488,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_HOST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_host" @@ -513,7 +495,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_URL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_URL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_HTTP_URL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_url" @@ -521,7 +502,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_URL_DECODED]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_URL_DECODED, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_HTTP_URL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -531,7 +511,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_user_agent" @@ -539,7 +518,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_cookie" @@ -547,7 +525,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_content_type" @@ -555,23 +532,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_LENGTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_LENGTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_content_length" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -579,7 +553,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_REFERER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_REFERER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_referer" @@ -588,16 +561,14 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch // http request body attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_body" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -607,7 +578,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_user_agent" @@ -615,7 +585,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_cookie" @@ -623,7 +592,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_content_type" @@ -631,23 +599,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_LENGTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_LENGTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_content_length" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -655,7 +620,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_REFERER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_REFERER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_referer" @@ -664,16 +628,14 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch // http response body attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_body" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -683,7 +645,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_SEQUENCE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_SEQUENCE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_sequence" @@ -691,7 +652,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_SNAPSHOT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_SNAPSHOT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_snapshot" @@ -699,7 +659,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_LINE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_LINE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_line" @@ -707,7 +666,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LINE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LINE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_line" @@ -715,7 +673,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_STATUS_CODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_STATUS_CODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_status_code" @@ -723,7 +680,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_SET_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_SET_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_set_cookie" @@ -731,7 +687,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_latency_ms" @@ -739,7 +694,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_SESSION_DURATION_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_SESSION_DURATION_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_session_duration_ms" @@ -747,7 +701,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_HTTP_ACTION_FILE_SIZE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_ACTION_FILE_SIZE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_action_file_size" @@ -756,8 +709,7 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch // mail attr_schema[ATTRIBUTE_SCHEMA_MAIL_ACCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ACCOUNT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ACCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_account" @@ -765,7 +717,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_PASSWORD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_PASSWORD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_password" @@ -773,7 +724,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_FROM_CMD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_FROM_CMD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_FROM", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_from_cmd" @@ -781,7 +731,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO_CMD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO_CMD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -789,7 +738,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO_CMD_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO_CMD_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_to_cmd" @@ -797,7 +745,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_FROM]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_FROM, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_FROM", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_from" @@ -805,7 +752,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -813,7 +759,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_to" @@ -821,7 +766,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_CC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -829,7 +773,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_CC_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CC_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_cc" @@ -837,15 +780,13 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_BCC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_BCC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_BCC_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_BCC_LOG, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_bcc" @@ -854,7 +795,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_SUBJECT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_SUBJECT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_SUBJECT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -862,23 +802,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_SUBJECT_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_SUBJECT_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_subject" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CONTENT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_content" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_CONTENT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CONTENT_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -886,31 +823,27 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_ATT_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_LOG, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_attachment_name" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ATT_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_attachment_content" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ATT_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -919,7 +852,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_EML_FILE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_EML_FILE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_MAIL_EML_FILE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_eml_file" @@ -927,7 +859,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_PROTOCOL_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_PROTOCOL_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_protocol_type" @@ -935,7 +866,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_SUBJECT_CHARSET]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_SUBJECT_CHARSET, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_subject_charset" @@ -943,7 +873,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_CHARSET]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_CHARSET, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_attachment_name_charset" @@ -951,7 +880,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_MAIL_STARTTLS_CMD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_STARTTLS_CMD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_starttls_flag" @@ -961,7 +889,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_QNAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QNAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_QNAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qname" @@ -969,7 +896,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_MESSAGE_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_MESSAGE_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_MESSAGE_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_message_id" @@ -977,7 +903,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_QR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_QR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qr" @@ -985,7 +910,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_OPCODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_OPCODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_OPCODE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_opcode" @@ -993,7 +917,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_AA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_AA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_AA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_aa" @@ -1001,7 +924,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_TC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_TC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_TC", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_tc" @@ -1009,7 +931,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_RD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_RD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_rd" @@ -1017,7 +938,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_RA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_RA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_ra" @@ -1025,7 +945,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_RCODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RCODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_RCODE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_rcode" @@ -1033,7 +952,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_QDCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QDCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_QDCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qdcount" @@ -1041,7 +959,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_ANCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_ANCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_ANCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_ancount" @@ -1049,7 +966,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_NSCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_NSCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_NSCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_nscount" @@ -1057,7 +973,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_ARCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_ARCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_ARCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_arcount" @@ -1065,7 +980,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_QTYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QTYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_QTYPE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qtype" @@ -1073,7 +987,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_QCLASS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QCLASS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_QCLASS", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qclass" @@ -1081,7 +994,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_RR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_RR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_rr" @@ -1089,7 +1001,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_CNAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_CNAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_CNAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_cname" @@ -1097,7 +1008,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_SUB]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_SUB, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DNS_SUB", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_sub" @@ -1105,7 +1015,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DNS_RESPONSE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RESPONSE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_response_latency_ms" @@ -1115,7 +1024,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_version" @@ -1123,7 +1031,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_sni" @@ -1131,7 +1038,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_CN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_cn" @@ -1139,23 +1045,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_SAN_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SAN_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_san" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_SAN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SAN, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_SAN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_SAN_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SAN_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_SAN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1163,7 +1066,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_JA3_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA3_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA3", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja3_hash" @@ -1171,7 +1073,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_JA3S_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA3S_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA3S", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja3s_hash" @@ -1179,7 +1080,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_JA4_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA4_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA4", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja4_fingerprint" @@ -1187,15 +1087,13 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_JA4S_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA4S_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA4S", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja4s_fingerprint" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_ESNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ESNI, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ESNI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1203,15 +1101,13 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_ESNI_FLAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ESNI_FLAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_esni_flag" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_ECH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ECH, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ECH", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1219,15 +1115,13 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_ECH_FLAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ECH_FLAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ech_flag" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_NO_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_NO_SNI, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_NO_SNI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1236,7 +1130,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_IDENTIFIER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_IDENTIFIER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ALGORITHM_IDENTIFIER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1244,7 +1137,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SERIAL_NUMBER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SERIAL_NUMBER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_SERIAL_NUMBER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1252,7 +1144,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COMMON_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COMMON_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ISSUER_COMMON_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1260,7 +1151,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_ORGANIZATION_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_ORGANIZATION_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ISSUER_ORGANIZATION_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1268,7 +1158,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COUNTRY_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COUNTRY_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ISSUER_COUNTRY_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1276,7 +1165,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_COUNTRY_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_COUNTRY_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_SUBJECT_COUNTRY_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1284,7 +1172,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_ORGANIZATION_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_ORGANIZATION_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_SUBJECT_ORGANIZATION_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1292,7 +1179,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_BEFORE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_BEFORE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_NOT_VALID_BEFORE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1300,7 +1186,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_AFTER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_AFTER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_NOT_VALID_AFTER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1308,7 +1193,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ALGORITHM_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1317,7 +1201,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_HANDSHAKE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_HANDSHAKE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_handshake_latency_ms" @@ -1325,7 +1208,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_cert_issuer" @@ -1333,7 +1215,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_cert_subject" @@ -1343,7 +1224,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_sni" @@ -1352,7 +1232,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cookie" @@ -1360,7 +1239,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_version" @@ -1368,7 +1246,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_CN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_CN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DTLS_CN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cn" @@ -1376,7 +1253,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_SAN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_SAN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_san" @@ -1384,7 +1260,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_HANDSHAKE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_HANDSHAKE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_handshake_latency_ms" @@ -1392,7 +1267,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_JA3_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_JA3_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DTLS_ANALYSIS_JA3", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_ja3_hash" @@ -1400,7 +1274,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_JA3S_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_JA3S_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_DTLS_ANALYSIS_JA3S", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_ja3s_hash" @@ -1408,7 +1281,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_ISSUER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_ISSUER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cert_issuer" @@ -1416,7 +1288,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_SUBJECT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_SUBJECT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cert_subject" @@ -1426,7 +1297,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_QUIC_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_QUIC_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"quic_sni" @@ -1434,7 +1304,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_QUIC_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_QUIC_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"quic_version" @@ -1442,7 +1311,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_QUIC_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_QUIC_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"quic_user_agent" @@ -1452,7 +1320,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_FTP_ACCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_ACCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_FTP_ACCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_account" @@ -1460,7 +1327,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_FTP_PASSWORD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_PASSWORD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_password" @@ -1468,23 +1334,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_FTP_URL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_URL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_FTP_URI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_url" }; attr_schema[ATTRIBUTE_SCHEMA_FTP_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_CONTENT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FTP_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_FTP_CONTENT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_CONTENT_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FTP_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -1492,7 +1355,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_FTP_LINK_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_LINK_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_link_type" @@ -1502,7 +1364,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_DESCRIPTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_DESCRIPTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SIP_ORIGINATOR_DESCRIPTION", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_description" @@ -1510,7 +1371,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_DESCRIPTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_DESCRIPTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SIP_RESPONDER_DESCRIPTION", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_description" @@ -1518,7 +1378,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_CALL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_CALL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_call_id" @@ -1526,7 +1385,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_user_agent" @@ -1534,7 +1392,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_SERVER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_SERVER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_server" @@ -1542,7 +1399,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONNECT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONNECT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_connect_ip" @@ -1550,7 +1406,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONNECT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONNECT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_connect_ip" @@ -1558,7 +1413,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_media_port" @@ -1566,7 +1420,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_media_port" @@ -1574,7 +1427,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_media_type" @@ -1582,7 +1434,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_media_type" @@ -1590,7 +1441,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_content" @@ -1598,7 +1448,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_content" @@ -1606,7 +1455,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_DURATION_S]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_DURATION_S, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_duration_s" @@ -1614,7 +1462,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_BYE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_BYE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_bye" @@ -1622,7 +1469,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_BYE_REASON]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_BYE_REASON, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_bye_reason" @@ -1630,7 +1476,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_VIA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_VIA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_via" @@ -1638,7 +1483,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SIP_CSEQ]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_CSEQ, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_cseq" @@ -1648,7 +1492,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_C2S]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_C2S, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_payload_type_c2s" @@ -1656,7 +1499,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_S2C]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_S2C, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_payload_type_s2c" @@ -1664,7 +1506,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RTP_PCAP_PATH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_PCAP_PATH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_pcap_path" @@ -1672,7 +1513,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RTP_ORIGINATOR_DIR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_ORIGINATOR_DIR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_originator_dir" @@ -1682,7 +1522,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_version" @@ -1690,7 +1529,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_AUTH_SUCCESS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_AUTH_SUCCESS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_auth_success" @@ -1698,7 +1536,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_CLIENT_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_CLIENT_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_client_version" @@ -1706,7 +1543,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_SERVER_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_SERVER_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_server_version" @@ -1714,7 +1550,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_CIPHER_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_CIPHER_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_cipher_alg" @@ -1722,7 +1557,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_MAC_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_MAC_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_mac_alg" @@ -1730,7 +1564,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_COMPRESSION_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_COMPRESSION_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_compression_alg" @@ -1738,7 +1571,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_KEX_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_KEX_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_kex_alg" @@ -1746,7 +1578,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_HOST_KEY_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_HOST_KEY_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_host_key_alg" @@ -1754,7 +1585,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_HOST_KEY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_HOST_KEY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_host_key" @@ -1762,7 +1592,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SSH_HASSH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_HASSH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_hassh" @@ -1772,7 +1601,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_STRATUM_CRYPTOCURRENCY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_CRYPTOCURRENCY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_cryptocurrency" @@ -1780,7 +1608,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_STRATUM_MINING_POOLS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_MINING_POOLS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_mining_pools" @@ -1788,7 +1615,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_STRATUM_MINING_PROGRAM]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_MINING_PROGRAM, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_mining_program" @@ -1796,7 +1622,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_STRATUM_MINING_SUBSCRIBE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_MINING_SUBSCRIBE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_mining_subscribe" @@ -1806,7 +1631,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_cookie" @@ -1814,7 +1638,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_SECURITY_PROTOCOL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_SECURITY_PROTOCOL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_security_protocol" @@ -1822,7 +1645,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_CHANNELS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_CHANNELS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_channels" @@ -1830,7 +1652,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_KEYBOARD_LAYOUT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_KEYBOARD_LAYOUT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_keyboard_layout" @@ -1838,7 +1659,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_version" @@ -1846,7 +1666,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_name" @@ -1854,7 +1673,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_PRODUCT_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_PRODUCT_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_product_id" @@ -1862,7 +1680,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_DESKTOP_WIDTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_DESKTOP_WIDTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_desktop_width" @@ -1870,7 +1687,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_DESKTOP_HEIGHT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_DESKTOP_HEIGHT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_desktop_height" @@ -1878,7 +1694,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_REQUESTED_COLOR_DEPTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_REQUESTED_COLOR_DEPTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_requested_color_depth" @@ -1886,7 +1701,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_certificate_type" @@ -1894,7 +1708,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_COUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_COUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_certificate_count" @@ -1902,7 +1715,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_PERMANENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_PERMANENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_certificate_permanent" @@ -1910,7 +1722,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_LEVEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_LEVEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_encryption_level" @@ -1918,7 +1729,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_METHOD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_METHOD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_encryption_method" @@ -1927,7 +1737,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_SESSION_DIRECTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_SESSION_DIRECTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"direction" @@ -1935,7 +1744,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DECODED_AS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DECODED_AS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"decoded_as" @@ -1943,7 +1751,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_SESSION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_SESSION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"session_id" @@ -1951,7 +1758,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_START_TIMESTAMP_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_START_TIMESTAMP_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"start_timestamp_ms" @@ -1959,7 +1765,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_END_TIMESTAMP_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_END_TIMESTAMP_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"end_timestamp_ms" @@ -1967,7 +1772,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DURATION_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DURATION_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"duration_ms" @@ -1975,7 +1779,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_TCP_HANDSHAKE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_TCP_HANDSHAKE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_handshake_latency_ms" @@ -1983,7 +1786,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DEVICE_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DEVICE_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"device_id" @@ -1991,7 +1793,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_OUT_LINK_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_OUT_LINK_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"out_link_id" @@ -1999,7 +1800,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_IN_LINK_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_IN_LINK_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"in_link_id" @@ -2007,7 +1807,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DEVICE_TAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DEVICE_TAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"device_tag" @@ -2015,7 +1814,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DATA_CENTER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DATA_CENTER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"data_center" @@ -2023,7 +1821,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DEVICE_GROUP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DEVICE_GROUP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"device_group" @@ -2031,7 +1828,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_SLED_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_SLED_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sled_ip" @@ -2039,7 +1835,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_ADDRESS_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_ADDRESS_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"address_type" @@ -2047,7 +1842,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_IP_PROTOCOL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_IP_PROTOCOL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2055,7 +1849,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_VSYS_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_VSYS_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"vsys_id" @@ -2063,7 +1856,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_GENERAL_T_VSYS_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_T_VSYS_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"t_vsys_id" @@ -2071,7 +1863,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_RULE_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_RULE_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"security_rule_uuid_list" @@ -2079,7 +1870,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_ACTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_ACTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"security_action" @@ -2087,7 +1877,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_RULE_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_RULE_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"monitor_rule_uuid_list" @@ -2095,7 +1884,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"monitor_mirrored_bytes" @@ -2103,7 +1891,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"monitor_mirrored_pkts" @@ -2111,7 +1898,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_STATISTICS_RULE_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_STATISTICS_RULE_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"statistics_rule_uuid_list" @@ -2121,47 +1907,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, - .scan_attribute_name=NULL, - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=(char *)"client_ip" - }; - attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV4]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IPV4, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX, .scan_attribute_name=(char *)"ATTR_SOURCE_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, - .scan_attribute_name=(char *)"ATTR_SOURCE_IP", - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=NULL - }; - attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV4_COMMIT]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IPV4_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX, - .scan_attribute_name=(char *)"ATTR_SOURCE_IP", - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=NULL - }; - attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV6]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IPV6, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SOURCE_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; - attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV6_COMMIT]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IPV6_COMMIT, + attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]=(struct attribute_schema){ + .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX, .scan_attribute_name=(char *)"ATTR_SOURCE_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2169,23 +1928,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP_TAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_ip_tags" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_PORT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SOURCE_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_port" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SOURCE_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2193,7 +1949,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_OS_DESC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_OS_DESC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_os_desc" @@ -2201,7 +1956,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_ASN_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_ASN_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_asn" @@ -2209,7 +1963,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_ASN_ID_STR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_ASN_ID_STR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2217,7 +1970,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_SUBSCRIBER_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_SUBSCRIBER_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_SUBSCRIBER_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"subscriber_id" @@ -2225,7 +1977,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_COUNTRY_CODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_COUNTRY_CODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_country" @@ -2235,7 +1986,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IMEI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IMEI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_GTP_IMEI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"imei" @@ -2243,7 +1993,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IMSI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IMSI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_GTP_IMSI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"imsi" @@ -2251,7 +2000,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_APN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_APN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_GTP_APN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"apn" @@ -2259,7 +2007,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_MSISDN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_MSISDN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, .scan_attribute_name=(char *)"ATTR_GTP_PHONE_NUMBER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"phone_number" @@ -2267,7 +2014,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_CLIENT_FISRT_PKT_TTL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_FISRT_PKT_TTL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"c2s_ttl" @@ -2277,47 +2023,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, - .scan_attribute_name=NULL, - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=(char *)"server_ip" - }; - attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV4]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IPV4, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX, .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, - .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=NULL - }; - attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV4_COMMIT]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IPV4_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX, - .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", - .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, - .log_field_name=NULL - }; - attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV6]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IPV6, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; - attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV6_COMMIT]=(struct attribute_schema){ - .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IPV6_COMMIT, + attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]=(struct attribute_schema){ + .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX, .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2325,23 +2044,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP_TAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_ip_tags" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_PORT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DESTINATION_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_port" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DESTINATION_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2349,7 +2065,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_OS_DESC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_OS_DESC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_os_desc" @@ -2357,7 +2072,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_ASN_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_ASN_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_asn" @@ -2365,7 +2079,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_ASN_ID_STR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_ASN_ID_STR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2373,23 +2086,20 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_COUNTRY_CODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_COUNTRY_CODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_country" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SERVER_FQDN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN_COMMIT, - .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX, + .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SERVER_FQDN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL @@ -2397,7 +2107,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_fqdn" @@ -2405,7 +2114,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN_TAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN_TAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_fqdn_tags" @@ -2413,7 +2121,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_DOMAIN_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_DOMAIN_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_domain" @@ -2421,7 +2128,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_SERVER_FISRT_PKT_TTL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FISRT_PKT_TTL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"s2c_ttl" @@ -2431,7 +2137,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_TRANSITION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_TRANSITION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_transition" @@ -2439,7 +2144,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app" @@ -2447,7 +2151,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_CATEGORY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_CATEGORY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_category" @@ -2455,7 +2158,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_EXTRA_INFO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_EXTRA_INFO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_extra_info" @@ -2463,7 +2165,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_DEBUG_INFO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_DEBUG_INFO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_debug_info" @@ -2471,7 +2172,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_content" @@ -2479,7 +2179,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_PROTOCOL_PATH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_PROTOCOL_PATH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"protocol_path" @@ -2489,7 +2188,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sent_pkts" @@ -2497,7 +2195,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sent_bytes" @@ -2505,7 +2202,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"received_pkts" @@ -2513,7 +2209,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"received_bytes" @@ -2523,7 +2218,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_IP_FRAGMENTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_IP_FRAGMENTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_ip_fragments" @@ -2531,7 +2225,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_IP_FRAGMENTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_IP_FRAGMENTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_ip_fragments" @@ -2539,7 +2232,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_LOST_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_LOST_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_lost_bytes" @@ -2547,7 +2239,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_LOST_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_LOST_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_lost_bytes" @@ -2555,7 +2246,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_O3_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_O3_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_o3_pkts" @@ -2563,7 +2253,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_O3_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_O3_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_o3_pkts" @@ -2571,7 +2260,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_rtx_pkts" @@ -2579,7 +2267,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_rtx_pkts" @@ -2587,7 +2274,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_rtx_bytes" @@ -2595,7 +2281,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_rtx_bytes" @@ -2603,7 +2288,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_RTT_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_RTT_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_rtt_ms" @@ -2611,7 +2295,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_CLEINT_ISN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_CLEINT_ISN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_client_isn" @@ -2619,7 +2302,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_SERVER_ISN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_SERVER_ISN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_server_isn" @@ -2629,7 +2311,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_PACKET_CAPTURE_FILE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_PACKET_CAPTURE_FILE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"packet_capture_file" @@ -2637,7 +2318,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"encapsulation_type" @@ -2645,7 +2325,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_IN_SRC_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_IN_SRC_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"in_src_mac" @@ -2653,7 +2332,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_OUT_SRC_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_OUT_SRC_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"out_src_mac" @@ -2661,7 +2339,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_IN_DEST_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_IN_DEST_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"in_dest_mac" @@ -2669,7 +2346,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_OUT_DEST_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_OUT_DEST_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"out_dest_mac" @@ -2677,7 +2353,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"encapsulation" @@ -2685,7 +2360,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_OTHER_DUP_TRAFFIC_FLAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_DUP_TRAFFIC_FLAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dup_traffic_flag" @@ -2695,7 +2369,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_SCHEMA_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_SCHEMA_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tunnels_schema_type" @@ -2703,7 +2376,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_a_ip" @@ -2711,7 +2383,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_b_ip" @@ -2719,7 +2390,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_a_port" @@ -2727,7 +2397,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_b_port" @@ -2735,7 +2404,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_A2B_TEID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_A2B_TEID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_a2b_teid" @@ -2743,7 +2411,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_B2A_TEID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_B2A_TEID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_b2a_teid" @@ -2751,7 +2418,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_MPLS_C2S_DIRECTION_LABEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_MPLS_C2S_DIRECTION_LABEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mpls_c2s_direction_label" @@ -2759,7 +2425,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_MPLS_S2C_DIRECTION_LABEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_MPLS_S2C_DIRECTION_LABEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mpls_s2c_direction_label" @@ -2767,7 +2432,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_VLAN_C2S_DIRECTION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_VLAN_C2S_DIRECTION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"vlan_c2s_direction_id" @@ -2775,7 +2439,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_VLAN_S2C_DIRECTION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_VLAN_S2C_DIRECTION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"vlan_s2c_direction_id" @@ -2783,7 +2446,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_SOURCE_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_SOURCE_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"source_mac" @@ -2791,7 +2453,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_DESTINATION_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_DESTINATION_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"destination_mac" @@ -2799,7 +2460,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_C2S_SOURCE_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_C2S_SOURCE_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"c2s_source_mac" @@ -2807,7 +2467,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_C2S_DESTINATION_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_C2S_DESTINATION_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"c2s_destination_mac" @@ -2815,7 +2474,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_S2C_SOURCE_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_S2C_SOURCE_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"s2c_source_mac" @@ -2823,7 +2481,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_S2C_DESTINATION_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_S2C_DESTINATION_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"s2c_destination_mac" @@ -2831,7 +2488,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_CLIENT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_CLIENT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_ip" @@ -2839,7 +2495,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_SERVER_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_SERVER_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_ip" @@ -2847,7 +2502,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_PPTP_UPLINK_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_PPTP_UPLINK_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"pptp_uplink_tunnel_id" @@ -2855,7 +2509,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_PPTP_DOWNLINK_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_PPTP_DOWNLINK_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"pptp_downlink_tunnel_id" @@ -2863,7 +2516,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_version" @@ -2871,7 +2523,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lac2lns_tunnel_id" @@ -2879,7 +2530,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lns2lac_tunnel_id" @@ -2887,7 +2537,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_SESSION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_SESSION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lac2lns_session_id" @@ -2895,7 +2544,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_SESSION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_SESSION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lns2lac_session_id" @@ -2903,7 +2551,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_access_concentrator_ip" @@ -2911,7 +2558,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_network_server_ip" @@ -2919,7 +2565,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_access_concentrator_port" @@ -2927,7 +2572,6 @@ void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_sch attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, - .scan_hit_object_idx=SCHEMA_SCAN_HIT_OBJECT_DEFAULT_IDX, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_network_server_port" diff --git a/scanner/attribute_schema.h b/scanner/attribute_schema.h index db1c12a..b46d382 100644 --- a/scanner/attribute_schema.h +++ b/scanner/attribute_schema.h @@ -2,6 +2,7 @@ #include <stddef.h> #include <stdint.h> +#include <uuid/uuid.h> #include "maat.h" @@ -21,10 +22,8 @@ enum ATTRIBUTE_SCHEMA ATTRIBUTE_SCHEMA_TUNNEL_GRE_ENDPOINT, ATTRIBUTE_SCHEMA_TUNNEL_IP_IN_IP_ENDPOINT, ATTRIBUTE_SCHEMA_TUNNEL_UUID_LIST, - ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR, - ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR_COMMIT, - ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR, - ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR_COMMIT, + ATTRIBUTE_SCHEMA_INTERNAL_IP, + ATTRIBUTE_SCHEMA_EXTERNAL_IP, ATTRIBUTE_SCHEMA_INTERNAL_PORT, ATTRIBUTE_SCHEMA_EXTERNAL_PORT, @@ -288,10 +287,7 @@ enum ATTRIBUTE_SCHEMA ATTRIBUTE_SCHEMA_CLIENT_IP, ATTRIBUTE_SCHEMA_CLIENT_IP_TAGS, ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS, - ATTRIBUTE_SCHEMA_CLIENT_IPV4, - ATTRIBUTE_SCHEMA_CLIENT_IPV4_COMMIT, - ATTRIBUTE_SCHEMA_CLIENT_IPV6, - ATTRIBUTE_SCHEMA_CLIENT_IPV6_COMMIT, + ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT, ATTRIBUTE_SCHEMA_CLIENT_PORT, ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT, ATTRIBUTE_SCHEMA_CLIENT_OS_DESC, @@ -311,10 +307,7 @@ enum ATTRIBUTE_SCHEMA ATTRIBUTE_SCHEMA_SERVER_IP, ATTRIBUTE_SCHEMA_SERVER_IP_TAGS, ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS, - ATTRIBUTE_SCHEMA_SERVER_IPV4, - ATTRIBUTE_SCHEMA_SERVER_IPV4_COMMIT, - ATTRIBUTE_SCHEMA_SERVER_IPV6, - ATTRIBUTE_SCHEMA_SERVER_IPV6_COMMIT, + ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT, ATTRIBUTE_SCHEMA_SERVER_PORT, ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT, ATTRIBUTE_SCHEMA_SERVER_OS_DESC, @@ -440,7 +433,6 @@ struct attribute_schema { enum ATTRIBUTE_SCHEMA attr_idx; int scan_not_logic_flag; - int scan_hit_object_idx; char *scan_attribute_name; size_t log_field_name_sz; char *log_field_name; @@ -477,8 +469,9 @@ struct attribute_value_ipv6_port #define MAX_MAAT_GROUP_ID 128 struct attribute_value_maat_object { - size_t n_hit_objects; - struct maat_hit_object *hit_objects; + size_t n_uuid; + uuid_t *item_uuid; + uuid_t *object_uuid; }; struct attribute_scratch @@ -511,7 +504,7 @@ void attribute_scratch_integer_fill(struct attribute_scratch *attr, size_t attr_ void attribute_scratch_flag_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uint64_t value); void attribute_scratch_ipv4_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uint32_t ipv4, int32_t port); void attribute_scratch_ipv6_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uint8_t ipv6[16], int32_t port); -void attribute_scratch_maat_object_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, struct maat_hit_object *hit_objects, size_t n_hit_objects); +void attribute_scratch_maat_object_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uuid_t item_uuid[], uuid_t object_uuid[], size_t n_uuid); void attribute_scratch_not_logic_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value); #ifdef __cplusplus diff --git a/scanner/packet_scanner.c b/scanner/packet_scanner.c index f0a325d..d205660 100644 --- a/scanner/packet_scanner.c +++ b/scanner/packet_scanner.c @@ -15,201 +15,25 @@ struct packet_scanner int exdata_idx; }; -static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) -{ - if(ex_ptr==NULL)return; - FREE(ex_ptr); -} - -const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index) -{ - if(pkt_scanner==NULL || pkt==NULL || index>=ATTRIBUTE_INDEX_MAX || index<=ATTRIBUTE_KV_UNKNOWN) - { - return NULL; - } - - return attribute_kv_get((struct attribute_kv *)packet_get_exdata(pkt, pkt_scanner->exdata_idx), index); -} - -void plugin_add_objects(struct maat_state *scan_state, struct scanner_state *policy_state, enum HIT_OBJECT_ATTRIBUTE_TYPE type) -{ - size_t direct_cnt=maat_state_get_direct_hit_object_cnt(scan_state); - size_t indirect_cnt=maat_state_get_indirect_hit_object_cnt(scan_state); - if((direct_cnt+indirect_cnt)==0) - { - return NULL; - } - - size_t offset=0; - struct maat_hit_object direct_object[direct_cnt]; - - if(direct_cnt>0) - { - int ret=maat_state_get_direct_hit_objects(scan_state, direct_object, direct_cnt+indirect_cnt); - if(ret!=0) - { - offset+=direct_cnt; - } - } - - if(indirect_cnt>0) - { - int ret=maat_state_get_indirect_hit_objects(scan_state, direct_object+offset, indirect_cnt); - if(ret!=0) - { - offset+=indirect_cnt; - } - } - - scanner_state_add_current_packet_hit_objects(policy_state, type, direct_object, offset); -} - -void attribute_scratch_scan(const char *readable_addr, struct maat *cm_maat, struct maat_state *scan_state, struct scanner_state *policy_state, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute) -{ - if(attribute==NULL || n_attribute==0 || scan_state==NULL) - { - return ; - } - - for(size_t i=0; i<n_attribute; i++) - { - switch(attribute[i].value_type) - { - case ATTRIBUTE_VALUE_TYPE_STRING: - scanner_scan_string_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, attribute[i].string.value, attribute[i].string.value_sz, policy_state); - break; - case ATTRIBUTE_VALUE_TYPE_INTEGER: - scanner_scan_integer_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, attribute[i].integer, policy_state); - break; - case ATTRIBUTE_VALUE_TYPE_FLAG: - scanner_scan_flag_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, attribute[i].flag, policy_state); - break; - case ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT: - scanner_scan_object_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, attribute[i].maat_object.hit_objects, attribute[i].maat_object.n_hit_objects, policy_state); - break; - case ATTRIBUTE_VALUE_TYPE_IPV4: - scanner_scan_ipv4_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, attribute[i].ipv4_port.ipv4, attribute[i].ipv4_port.port, policy_state); - break; - case ATTRIBUTE_VALUE_TYPE_IPV6: - scanner_scan_ipv6_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, (uint8_t *)(attribute[i].ipv6_port.ipv6), attribute[i].ipv6_port.port, policy_state); - break; - case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC: - scanner_scan_stream_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, policy_state); - break; - default: - break; - } - - if(attribute[i].schema->scan_not_logic_flag==TRUE) - { - scanner_scan_not_logic_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state, policy_state); - } - - switch(attribute[i].schema->scan_hit_object_idx) - { - case SCHEMA_SCAN_HIT_OBJECT_CLIENT_IP_IDX: - plugin_add_objects(scan_state, policy_state, HIT_OBJECT_ATTRIBUTE_TYPE_CLIENT_IP); - break; - case SCHEMA_SCAN_HIT_OBJECT_SERVER_IP_IDX: - plugin_add_objects(scan_state, policy_state, HIT_OBJECT_ATTRIBUTE_TYPE_SERVER_IP); - break; - case SCHEMA_SCAN_HIT_OBJECT_OTHER_ATTR_IDX: - plugin_add_objects(scan_state, policy_state, HIT_OBJECT_ATTRIBUTE_TYPE_OTHERS); - break; - default: - break; - } - } -} - -void ipport_attribute_scan(struct scanner *scanner, struct maat_state *scan_state, struct scanner_state *policy_state, struct attribute_scratch *ipport_attr, size_t n_ipport_attr, enum ATTRIBUTE_SCHEMA tunnel_schema_idx, int is_client_internal, const char *readable_addr) +int32_t is_duplicate_tag_uuid(uuid_t *tag_uuids, size_t tag_uuids_num, uuid_t tag_uuid) { - if(scan_state==NULL || policy_state==NULL || ipport_attr==NULL || n_ipport_attr==0) + if(tag_uuids==NULL || tag_uuids_num==0) { - return ; + return FALSE; } - enum ATTRIBUTE_SCHEMA client_ip_idx=((is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR : ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR); - enum ATTRIBUTE_SCHEMA server_ip_idx=((is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR : ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR); - enum ATTRIBUTE_SCHEMA client_port_idx=((is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_PORT : ATTRIBUTE_SCHEMA_EXTERNAL_PORT); - enum ATTRIBUTE_SCHEMA server_port_idx=((is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_PORT : ATTRIBUTE_SCHEMA_INTERNAL_PORT); - - for(size_t i=0; i<n_ipport_attr; i++) + for(size_t i=0; i<tag_uuids_num; i++) { - struct attribute_schema *ipport_schema=NULL; - struct attribute_schema *tunnel_schema=NULL; - - switch(ipport_attr[i].schema->attr_idx) - { - case ATTRIBUTE_SCHEMA_CLIENT_IPV6: - case ATTRIBUTE_SCHEMA_CLIENT_IPV4: - ipport_schema=&(scanner->attr_schema[client_ip_idx]); - tunnel_schema=&(scanner->attr_schema[tunnel_schema_idx]); - break; - case ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS: - ipport_schema=&(attribute_scratch_schema[client_ip_idx]); - break; - case ATTRIBUTE_SCHEMA_CLIENT_IPV4_COMMIT: - case ATTRIBUTE_SCHEMA_CLIENT_IPV6_COMMIT: - break; - case ATTRIBUTE_SCHEMA_SERVER_IPV4: - case ATTRIBUTE_SCHEMA_SERVER_IPV6: - ipport_schema=&(scanner->attr_schema[server_ip_idx]); - tunnel_schema=&(scanner->attr_schema[tunnel_schema_idx]); - break; - case ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS: - ipport_schema=&(scanner->attr_schema[server_ip_idx]); - break; - case ATTRIBUTE_SCHEMA_SERVER_IPV4_COMMIT: - case ATTRIBUTE_SCHEMA_SERVER_IPV6_COMMIT: - break; - case ATTRIBUTE_SCHEMA_CLIENT_PORT: - ipport_schema=&(scanner->attr_schema[client_port_idx]); - break; - case ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT: - break; - case ATTRIBUTE_SCHEMA_SERVER_PORT: - ipport_schema=&(scanner->attr_schema[server_port_idx]); - break; - case ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT: - break; - default: - break; - } - - attribute_scratch_scan(readable_addr, scanner->cm_maat, scan_state, policy_state, NULL, &(ipport_attr[i]), 1); - if(ipport_schema==NULL && tunnel_schema==NULL) - { - continue; - } - - size_t last_hit_object_size=maat_state_get_last_hit_object_cnt(scan_state); - if(last_hit_object_size==0) + if(uuid_compare(tag_uuids[i], tag_uuid)==0) { - continue; + return TRUE; } - struct maat_hit_object last_hit_object[last_hit_object_size]; - int last_hit_object_cnt=maat_state_get_last_hit_objects(scan_state, last_hit_object, last_hit_object_size); - - size_t maat_attr_offset=0; - size_t maat_object_size=2; - struct attribute_scratch maat_object_attr[maat_object_size]; - attribute_scratch_maat_object_fill(maat_object_attr, maat_object_size, &maat_attr_offset, FREE_FALSE, ipport_schema, FREE_FALSE, last_hit_object, ((last_hit_object_cnt<0) ? 0 : last_hit_object_cnt)); - attribute_scratch_maat_object_fill(maat_object_attr, maat_object_size, &maat_attr_offset, FREE_FALSE, tunnel_schema, FREE_FALSE, last_hit_object, ((last_hit_object_cnt<0) ? 0 : last_hit_object_cnt)); - attribute_scratch_scan(readable_addr, scanner->cm_maat, scan_state, policy_state, NULL, NULL, maat_object_attr, maat_attr_offset); - attribute_scratch_reset(maat_object_attr, maat_attr_offset); } - size_t negate_attr_offset=0; - size_t negate_object_size=2; - struct attribute_scratch negate_object_attr[negate_object_size]; - attribute_scratch_not_logic_fill(negate_object_attr, negate_object_size, &negate_attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_IP_ADDR_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(negate_object_attr, negate_object_size, &negate_attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_IP_ADDR_COMMIT]), FREE_FALSE); - attribute_scratch_scan(readable_addr, scanner->cm_maat, scan_state, policy_state, NULL, NULL, negate_object_attr, negate_attr_offset); - attribute_scratch_reset(negate_object_attr, negate_attr_offset); + return FALSE; } -void ip4_format_to_maat(const struct ip *ip4, struct ip_addr *c_net_addr, struct ip_addr *s_net_addr) +static void ip4_format_to_maat(const struct ip *ip4, struct ip_addr *c_net_addr, struct ip_addr *s_net_addr) { if(ip4==NULL || c_net_addr==NULL || s_net_addr==NULL) { @@ -222,7 +46,7 @@ void ip4_format_to_maat(const struct ip *ip4, struct ip_addr *c_net_addr, struct s_net_addr->ipv4=ip4->ip_dst.s_addr; } -void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_addr, struct ip_addr *s_net_addr) +static void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_addr, struct ip_addr *s_net_addr) { if(ip6==NULL || c_net_addr==NULL || s_net_addr==NULL) { @@ -235,40 +59,68 @@ void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_addr, s memcpy(s_net_addr->ipv6, ip6->ip_dst.s6_addr, sizeof(s_net_addr->ipv6)); } -void ipaddr_entry_tag_uuids_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, uuid_t tag_uuids[], size_t n_tag_uuids) +static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) { - if(attr==NULL || (*attr_offset)>=attr_max || tag_uuids==NULL || n_tag_uuids==0) - { - return ; - } + if(ex_ptr==NULL)return; + FREE(ex_ptr); +} - struct maat_hit_object hit_objects[n_tag_uuids]; - for(size_t i=0; i<n_tag_uuids; i++) +const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index) +{ + if(pkt_scanner==NULL || pkt==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) { - hit_objects[i].attribute_name[0]='\0'; - uuid_clear(hit_objects[i].item_uuid); - uuid_copy(hit_objects[i].object_uuid, tag_uuids[i]); + return NULL; } - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, attr_schema, FREE_FALSE, hit_objects, n_tag_uuids); + return attribute_kv_get((struct attribute_kv *)packet_get_exdata(pkt, pkt_scanner->exdata_idx), index); } -int32_t is_duplicate_tag_uuid(uuid_t *tag_uuids, size_t tag_uuids_num, uuid_t tag_uuid) +void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute) { - if(tag_uuids==NULL || tag_uuids_num==0) + if(cm_maat==NULL || scan_state==NULL || attribute==NULL || n_attribute==0) { - return FALSE; + return ; } - for(size_t i=0; i<tag_uuids_num; i++) + for(size_t i=0; i<n_attribute; i++) { - if(uuid_compare(tag_uuids[i], tag_uuid)==0) + if(attribute[i].schema==NULL) { - return TRUE; + continue; } - } - return FALSE; + switch(attribute[i].value_type) + { + case ATTRIBUTE_VALUE_TYPE_STRING: + scanner_scan_string_attribute(cm_maat, scan_state, attribute[i].string.value, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].string.value_sz); + break; + case ATTRIBUTE_VALUE_TYPE_INTEGER: + scanner_scan_integer_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].integer); + break; + case ATTRIBUTE_VALUE_TYPE_FLAG: + scanner_scan_flag_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].flag); + break; + case ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT: + scanner_scan_object_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].maat_object.object_uuid, attribute[i].maat_object.item_uuid, attribute[i].maat_object.n_uuid); + break; + case ATTRIBUTE_VALUE_TYPE_IPV4: + scanner_scan_ipv4_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].ipv4_port.ipv4, attribute[i].ipv4_port.port); + break; + case ATTRIBUTE_VALUE_TYPE_IPV6: + scanner_scan_ipv6_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, (uint8_t *)(attribute[i].ipv6_port.ipv6), attribute[i].ipv6_port.port); + break; + case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC: + scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name); + break; + default: + break; + } + + if(attribute[i].schema->scan_not_logic_flag==TRUE) + { + scanner_scan_not_logic_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state); + } + } } size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *net_ipaddr, uuid_t *tag_uuids, size_t n_tag_uuids) @@ -292,7 +144,7 @@ size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *n for(size_t j=0; j<ipaddr_exdata[i]->n_tag_uuids; j++) { - if(is_dup_tag_id(tag_uuids, tag_ids_offset, ipaddr_exdata[i]->tag_uuids[j])==TRUE) + if(is_duplicate_tag_uuid(tag_uuids, tag_ids_offset, ipaddr_exdata[i]->tag_uuids[j])==TRUE) { continue; } @@ -309,7 +161,7 @@ size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *n return tag_ids_offset; } -void ipport_attribute_get(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, const struct layer *layers, int layers_count) +void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, const struct layer *layers, int layers_count) { if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layers_count<=0) { @@ -330,14 +182,15 @@ void ipport_attribute_get(struct attribute_scratch *attr, size_t attr_max, size_ { case LAYER_PROTO_IPV4: ip4=(const struct ip *)out.layers[j].ip4; - ipport_format_session_to_maat(ip4, &c_net_addr, &s_net_addr); + ip4_format_to_maat(ip4, &c_net_addr, &s_net_addr); break; case LAYER_PROTO_IPV6: ip6=(const struct ip6_hdr *)out.layers[j].ip6; - ipport_format_session_to_maat(ip6, &c_net_addr, &s_net_addr); + ip6_format_to_maat(ip6, &c_net_addr, &s_net_addr); break; case LAYER_PROTO_TCP: - ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); + // TODO: implement + // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); tcp=(const struct tcphdr *)out.layers[j].tcp; if(tcp!=NULL) { @@ -346,7 +199,8 @@ void ipport_attribute_get(struct attribute_scratch *attr, size_t attr_max, size_ } break; case LAYER_PROTO_UDP: - ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); + // TODO: implement + // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); udp=(const struct udphdr *)out.layers[j].udp; if(udp!=NULL) { @@ -356,7 +210,8 @@ void ipport_attribute_get(struct attribute_scratch *attr, size_t attr_max, size_ break; case LAYER_PROTO_ICMP: case LAYER_PROTO_ICMP6: - ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); + // TODO: implement + // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); break; default: continue; @@ -366,84 +221,82 @@ void ipport_attribute_get(struct attribute_scratch *attr, size_t attr_max, size_ size_t max_tag_ids=MAX_TAG_IDS_NUM; uuid_t tag_uuids[max_tag_ids]; size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(&c_net_addr, c_port, tag_uuids, max_tag_ids); - ipaddr_entry_tag_uuids_fill(attr, attr_max, attr_offset, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]), tag_uuids, n_tag_uuids); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); n_tag_uuids=ipaddr_entry_tag_uuid_get(&s_net_addr, s_port, tag_uuids, max_tag_ids); - ipaddr_entry_tag_uuids_fill(attr, attr_max, attr_offset, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]), tag_uuids, n_tag_uuids); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); if(ip4!=NULL) { - attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV4]), FREE_FALSE, ip4->ip_src.s_addr, c_port); - attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV4]), FREE_FALSE, ip4->ip_dst.s_addr, s_port); - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV4_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV4_COMMIT]), FREE_FALSE); + attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip4->ip_src.s_addr, c_port); + attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip4->ip_dst.s_addr, s_port); } if(ip6!=NULL) { - attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV6]), FREE_FALSE, ip6->ip_src.s6_addr, c_port); - attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV6]), FREE_FALSE, ip6->ip_dst.s6_addr, s_port); - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IPV6_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IPV6_COMMIT]), FREE_FALSE); + attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip_src.s6_addr, c_port); + attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip_dst.s6_addr, s_port); } if(c_port!=-1 && s_port!=-1) { attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT]), FREE_FALSE, (long long)c_port); attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]), FREE_FALSE, (long long)s_port); - - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE); } if(ip_protocol_object_uuid!=NULL) { - struct maat_hit_object hit_objects; - hit_objects.attribute_name[0]='\0';; - uuid_clear(hit_objects.item_uuid); - uuid_copy(hit_objects.object_uuid, *ip_protocol_object_uuid); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, &hit_objects, 1); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1); } return 1; } -void gtp_tunnel_attribute_get_by_teid(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, struct scanner_maat *sd_maat, int teid) +void ie_ipport_attribute_get_from_maat_state(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, struct maat_state *scan_state, int is_client_internal) { - if(sd_maat==NULL) + enum ATTRIBUTE_SCHEMA attr_schema_idx[]={ ATTRIBUTE_SCHEMA_CLIENT_IP, ATTRIBUTE_SCHEMA_SERVER_IP, ATTRIBUTE_SCHEMA_CLIENT_PORT, ATTRIBUTE_SCHEMA_SERVER_PORT}; + for(size_t i=0; i<sizeof(attr_schema_idx)/sizeof(enum ATTRIBUTE_SCHEMA); i++) { - return ; - } - - struct user_identification *uid=NULL; - scanner_maat_get_user_identification_by_teid(sd_maat, teid, &uid); - if(uid==NULL) - { - return ; - } - - size_t value_sz=((uid->subscriber.subscriber_id!=NULL) ? (strlen(uid->subscriber.subscriber_id)) : 0); - attribute_scratch_string_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_SUBSCRIBER_ID]), FREE_FALSE, uid->subscriber.subscriber_id, value_sz); - - if(uid->ue==NULL) - { - return ; - } + + size_t indirect_object_cnt=maat_state_get_hit_item_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]); + size_t direct_object_cnt=maat_state_get_hit_object_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]); + if(direct_object_cnt==0 && indirect_object_cnt==0) + { + continue; + } - value_sz=((uid->ue->imei!=NULL) ? (strlen(uid->ue->imei)) : 0); - attribute_scratch_string_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IMEI]), FREE_FALSE, uid->ue->imei, value_sz); + uuid_t direct_item_uuid[direct_object_cnt]; + uuid_t direct_object_uuid[direct_object_cnt]; + size_t direct_object_offset=maat_state_get_hit_items(scan_state, scanner->attr_schema[attr_schema_idx[i]], direct_item_uuid, direct_object_uuid, direct_object_cnt); - value_sz=((uid->ue->imsi!=NULL) ? (strlen(uid->ue->imsi)) : 0); - attribute_scratch_string_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IMSI]), FREE_FALSE, uid->ue->imei, value_sz); + uuid_t indirect_object_uuid[indirect_object_cnt]; + size_t indirect_object_offset=maat_state_get_indirect_hit_objects(scan_state, scanner->attr_schema[attr_schema_idx[i]], indirect_object_uuid, indirect_object_cnt); - value_sz=((uid->ue->apn!=NULL) ? (strlen(uid->ue->apn)) : 0); - attribute_scratch_string_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_APN]), FREE_FALSE, uid->ue->apn, value_sz); + enum ATTRIBUTE_SCHEMA ie_attr_idx=ATTRIBUTE_SCHEMA_UNKNOWN; + switch(attr_schema_idx[i]) + { + case ATTRIBUTE_SCHEMA_CLIENT_IP: + ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_IP : ATTRIBUTE_SCHEMA_EXTERNAL_IP; + break; + case ATTRIBUTE_SCHEMA_SERVER_IP: + ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_IP : ATTRIBUTE_SCHEMA_INTERNAL_IP; + break; + case ATTRIBUTE_SCHEMA_CLIENT_PORT: + ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_PORT : ATTRIBUTE_SCHEMA_EXTERNAL_PORT; + break; + case ATTRIBUTE_SCHEMA_SERVER_PORT: + ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_PORT : ATTRIBUTE_SCHEMA_INTERNAL_PORT; + break; + default: + break; + } - value_sz=((uid->ue->msisdn!=NULL) ? (strlen(uid->ue->msisdn)) : 0); - attribute_scratch_string_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_MSISDN]), FREE_FALSE, uid->ue->msisdn, value_sz); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, direct_item_uuid, direct_object_uuid, direct_object_offset); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, NULL, indirect_object_uuid, indirect_object_offset); + } } -static void packet_input_stage_callback(struct packet *rawpkt, enum packet_stage stage __attribute__((unused)), void *arg) +static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage stage __attribute__((unused)), void *arg) { struct scanner *scanner=(struct scanner *)arg; if(scanner==NULL || rawpkt==NULL) @@ -453,7 +306,7 @@ static void packet_input_stage_callback(struct packet *rawpkt, enum packet_stage int pkt_layer_count=packet_get_layer_count(rawpkt); const struct layer *innermost_layer=packet_get_layer_by_idx(rawpkt, pkt_layer_count-1); - if(innermost_layer==NULL) + if(innermost_layer==NULL || pkt_layer_count<2) { return ; } @@ -474,99 +327,29 @@ static void packet_input_stage_callback(struct packet *rawpkt, enum packet_stage struct attribute_kv *attr_kv=(struct attribute_kv *)CALLOC(struct attribute_kv, 1); packet_set_exdata(rawpkt, scanner->pkt_scanner->exdata_idx, (void *)attr_kv); - int tunnel_count=packet_get_tunnel_count(rawpkt); + struct maat_state *scan_state=maat_state_new(scanner->cm_maat, 1); size_t offset=0; size_t attr_max=128; - size_t attr_offset[tunnel_count+1]={0}; - struct attribute_scratch attr[tunnel_count+1][attr_max]; - enum ATTRIBUTE_SCHEMA tunnel_schema_idx[tunnel_count+1]; - - for(int i=0; i<tunnel_count; i++) - { - struct tunnel tunnel_out; - int ret=packet_get_tunnel_by_idx(rawpkt, i, &tunnel_out); - if(ret<0) - { - continue; - } - - switch(tunnel_out.type) - { - case TUNNEL_GTP: - tunnel_schema_idx[offset]=ATTRIBUTE_SCHEMA_TUNNEL_GTP_ENDPOINT; - gtp_tunnel_attribute_get_by_teid(attr[offset], attr_max, &(attr_offset[offset]), scanner->attr_schema, &ipport_attr_offset, scanner->sd_maat, teid); // TODO: get teid - break; - case TUNNEL_GRE: - tunnel_schema_idx[offset]=ATTRIBUTE_SCHEMA_TUNNEL_GRE_ENDPOINT; - break; - case TUNNEL_IPV4: - case TUNNEL_IPV6: - tunnel_schema_idx[offset]=ATTRIBUTE_SCHEMA_TUNNEL_IP_IN_IP_ENDPOINT; - break; - default: - continue; - } - - offset+=ipport_attribute_get(attr[offset], attr_max, &(attr_offset[offset]), scanner->attr_schema, tunnel_out.layers, tunnel_out.layer_count); - } - - int layer_count=packet_get_layer_count(rawpkt); - const struct layer *innermost_layer=packet_get_layer_by_idx(rawpkt, layer_count-1); - if(innermost_layer!=NULL) - { - offset+=ipport_attribute_get(attr[offset], attr_max, &(attr_offset[offset]), scanner->attr_schema, innermost_layer, 1); - } - - size_t outer_tunnel_attr_offset=0; - struct attribute_scratch outer_tunnel_attr; - - uint32_t n_pre_tunnel_hitted_rule=0; - struct maat_state *arbitrary_level_scan_state=((tunnel_count>1) ? maat_state_new(scanner->cm_maat, packet_get_current_thread_id(rawpkt)) : NULL); - - struct scanner_state *policy_state=scanner_state_new(); - + size_t attr_offset=0; + struct attribute_scratch attr[attr_max]; + int layers_count=2; + const struct layer *layers=packet_get_layer_by_idx(rawpkt, pkt_layer_count-layers_count); + cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->attr_schema, layers, layers_count); + attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); + attribute_scratch_reset(attr, attr_offset); + attr_offset=0; + int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE; + ie_ipport_attribute_get_from_maat_state(attr, attr_max, &(attr_offset), scanner->attr_schema, scan_state, is_client_internal); - for(size_t i=0; i<tunnel_count+1; i++) - { - // Scan the IP and port attributes using the arbitrary level scan state - ipport_attribute_scan(scanner, arbitrary_level_scan_state, policy_state, attr[i], &(attr_offset[i]), tunnel_schema_idx[i], is_client_internal, NULL); - attribute_scratch_scan(rawpkt, arbitrary_level_scan_state, policy_state, NULL, NULL, &outer_tunnel_attr, outer_tunnel_attr_offset); - - // Scan the IP and port attributes using the outer tunnel level hit objects - // Get the hit objects of the current tunnel level - struct maat_hit_object hit_objects; - hit_objects.attribute_name[0]='\0';; - uuid_clear(hit_objects.item_uuid); - uuid_t *object_uuid=scanner_get0_tunnel_level_object_uuid(i); - uuid_copy(hit_objects.object_uuid, *object_uuid); - attribute_scratch_maat_object_fill(attr[offset], attr_max, &(attr_offset[offset]), FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_LEVEL]), FREE_FALSE, &hit_objects, 1); - - struct maat_state *one_tunnel_scan_state=maat_state_new(scanner->cm_maat, packet_get_current_thread_id(rawpkt)); - attribute_scratch_scan(rawpkt, one_tunnel_scan_state, policy_state, NULL, NULL, &outer_tunnel_attr, outer_tunnel_attr_offset); - attribute_scratch_reset(&outer_tunnel_attr, outer_tunnel_attr_offset); - - ipport_attribute_scan(scanner, arbitrary_level_scan_state, policy_state, attr[i], &(attr_offset[i]), tunnel_schema_idx[i], is_client_internal, NULL); - plugin_shared_tunnel_object_get(&outer_tunnel_attr, 1, &outer_tunnel_attr_offset, policy_state, n_pre_tunnel_hitted_rule); - if(i==1) - { - // TODO: application detect - // packet_plugin_user_defined_application_detect(rawpkt, arbitrary_level_scan_state, one_tunnel_scan_state, policy_state); - } + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE); - maat_state_free(one_tunnel_scan_state); - one_tunnel_scan_state=NULL; - - attribute_scratch_reset(attr[offset], &(attr_offset[offset])); - } - - attribute_scratch_reset(&outer_tunnel_attr, outer_tunnel_attr_offset); - - if(arbitrary_level_scan_state!=NULL) - { - maat_state_free(arbitrary_level_scan_state); - } + attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); + attribute_scratch_reset(attr, attr_offset); return ; } @@ -588,7 +371,7 @@ struct packet_scanner *packet_scanner_new(struct scanner *scanner) goto INIT_ERROR; } - int ret=packet_manager_subscribe(pkt_mgr, PACKET_STAGE_INPUT, packet_input_stage_callback, (void *)scanner); + int ret=packet_manager_subscribe(pkt_mgr, PACKET_STAGE_INPUT, packet_stage_input_callback, (void *)scanner); if(ret<0) { STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to subscribe packet stage"); diff --git a/scanner/scanner.c b/scanner/scanner.c index 3f3dfcc..47dab5b 100644 --- a/scanner/scanner.c +++ b/scanner/scanner.c @@ -187,149 +187,6 @@ uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PRO return NULL; } -uuid_t *scanner_get0_tunnel_level_object_uuid(int32_t tunnel_level) -{ - if(tunnel_level<0 || tunnel_level>=TUNNEL_LEVEL_NUM) - { - return NULL; - } - - return &(matcher->tunnel_level_object_uuid[tunnel_level]); -} - -void scanner_tunnel_object_get(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, enum TUNNEL_TYPE tunnel_type) -{ - if(attr==NULL || (*attr_offset)>=attr_max) - { - return ; - } - - struct app_id_dict *app_dict=NULL; - struct maat_hit_object hit_objects; - hit_objects.attribute_name[0]='\0'; - uuid_clear(hit_objects.item_uuid); - - switch(tunnel_type) - { - case TUNNEL_TYPE_GRE: - app_dict=plugin_ex_data_app_id_dict_get(firewall_cm_maat, matcher->tunnel_app_id[TUNNEL_TYPE_GRE]); // GRE app id is 58 - if(app_dict!=NULL) - { - uuid_copy(hit_objects.object_uuid, app_dict->object_uuid); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attribute_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID]), FREE_FALSE, &hit_objects, 1); - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attribute_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID_COMMIT]), FREE_FALSE); - } - break; - case TUNNEL_TYPE_NONE: - case TUNNEL_TYPE_IP_IN_IP: - break; - case TUNNEL_TYPE_GTP: - case TUNNEL_TYPE_GTPV2: - { - app_dict=plugin_ex_data_app_id_dict_get(firewall_cm_maat, matcher->tunnel_app_id[TUNNEL_TYPE_GTP]); // GTP app id is 59 - if(app_dict!=NULL) - { - uuid_copy(hit_objects.object_uuid, app_dict->object_uuid); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attribute_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID]), FREE_FALSE, &hit_objects, 1); - } - - app_dict=plugin_ex_data_app_id_dict_get(firewall_cm_maat, matcher->tunnel_app_id[TUNNEL_TYPE_GTPV2]); // GTPv2 app id is 735 - if(app_dict!=NULL) - { - uuid_copy(hit_objects.object_uuid, app_dict->object_uuid); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attribute_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID]), FREE_FALSE, &hit_objects, 1); - } - - attribute_scratch_not_logic_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attribute_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID_COMMIT]), FREE_FALSE); - } - break; - default: - break; - } -} - -struct maat_compile *plugin_shareed_security_rule_priority_decide(uuid_t *rule_uuid_list, size_t n_rules) -{ - struct maat_compile *highest_priority_compile=NULL; - for(size_t i=0; i<n_rules; i++) - { - struct maat_compile *compile=plugin_ex_data_security_rule_get0(firewall_cm_maat, rule_uuid_list[i]); - if(compile==NULL) - { - continue; - } - - if(highest_priority_compile==NULL) - { - highest_priority_compile=compile; - continue; - } - - if(compile->rule.action > highest_priority_compile->rule.action) - { - highest_priority_compile=compile; - continue; - } - - if(compile->rule.action < highest_priority_compile->rule.action) - { - continue; - } - - if(compile->rule.uuid > highest_priority_compile->rule.uuid) - { - highest_priority_compile=compile; - continue; - } - } - - return highest_priority_compile; -} - -const char *scanner_get_rule_table_alias_name(struct scanner *scanner, enum RULE_TYPE type) -{ - switch(type) - { - case RULE_TYPE_SECURITY: - return "Security"; - case RULE_TYPE_MONITOR: - return "Monitor"; - case RULE_TYPE_PXY_INTERCEPT: - return "Intercept"; - case RULE_TYPE_SERVICE_CHAINING: - return "Service_Chaining"; - case RULE_TYPE_SHAPING: - return "Shaping"; - case RULE_TYPE_APP_SIGNATURE: - return "Signature"; - case RULE_TYPE_STATISTICS: - return "Statistics"; - case RULE_TYPE_DOS_PROTECTION: - return "DoS_Protection"; - case RULE_TYPE_TUNNEL: - return "Tunnel"; - default: - break; - } - - return NULL; -} - -int32_t scanner_get_default_app_id(struct scanner *scanner) -{ - return matcher->default_unknown_app_id; -} - -int32_t scanner_get_tunnel_app_id(struct scanner *scanner, enum TUNNEL_TYPE tunnel_type) -{ - if(tunnel_type<0 || tunnel_type>=TUNNEL_TYPE_MAX) - { - return 0; - } - - return matcher->tunnel_app_id[tunnel_type]; -} - uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value) { return ((value==true) ? &(matcher->boolean_true_object_uuid) : &(matcher->boolean_false_object_uuid)); diff --git a/scanner/scanner_maat.c b/scanner/scanner_maat.c index 7bf6556..326cea2 100644 --- a/scanner/scanner_maat.c +++ b/scanner/scanner_maat.c @@ -8,7 +8,6 @@ #include "scanner_maat.h" #include "scanner_toml.h" -#include "scanner_state.h" #define MAX_MATCH_RULES_NUM 128 @@ -79,50 +78,6 @@ struct category_string2type char *string; }; -struct rule_table_string2type -{ - enum RULE_TYPE type; - size_t string_sz; - char *string; -}; - -enum RULE_TYPE maat_rule_table_string2type(char *rule_name, size_t rule_name_sz) -{ - if(rule_name==NULL || rule_name_sz==0) - { - return RULE_TYPE_UNKNOWN; - } - - struct rule_table_string2type rule_name_array[RULE_TYPE_MAX]={ - {RULE_TYPE_UNKNOWN, 0, NULL}, - {RULE_TYPE_SECURITY, 13, (char *)"SECURITY_RULE"}, - {RULE_TYPE_PXY_INTERCEPT, 18, (char *)"PXY_INTERCEPT_RULE"}, - {RULE_TYPE_SERVICE_CHAINING, 21, (char *)"SERVICE_CHAINING_RULE"}, - {RULE_TYPE_SHAPING, 20, (char *)"TRAFFIC_SHAPING_RULE"}, - {RULE_TYPE_APP_SIGNATURE, 12, (char *)"APP_SIG_RULE"}, - {RULE_TYPE_STATISTICS, 15, (char *)"STATISTICS_RULE"}, - {RULE_TYPE_MONITOR, 12, (char *)"MONITOR_RULE"}, - {RULE_TYPE_DOS_PROTECTION, 19, (char *)"DOS_PROTECTION_RULE"}, - {RULE_TYPE_TUNNEL, 11, (char *)"TUNNEL_RULE"} - }; - - for(int i=0; i<RULE_TYPE_MAX; i++) - { - if(rule_name_array[i].string_sz==0) - { - continue; - } - - if(rule_name_array[i].string_sz==rule_name_sz && (strncasecmp(rule_name_array[i].string, rule_name, rule_name_array[i].string_sz))==0 - ) - { - return rule_name_array[i].type; - } - } - - return RULE_TYPE_UNKNOWN; -} - static int yyjson_value_int32_get(yyjson_val *root, const char *key, int32_t *value) { if(root==NULL || key==NULL) @@ -1083,181 +1038,137 @@ struct scanner_maat *scanner_sd_maat_new(struct logger *logger, const char *toml return sd_maat; } -void scanner_rule_convert(struct logger *logger, const char *readable_addr __attribute__((unused)), struct maat_state *scan_state, struct scanner_state *policy_state, uuid_t *rule_uuids, size_t n_rule_uuids) -{ - if(scan_state==NULL || policy_state==NULL || rule_uuids==NULL || n_rule_uuids==0) - { - return ; - } - - for(size_t i=0; i<n_rule_uuids; i++) - { - char *rule_table_name=NULL; - int ret=maat_state_get_rule_table_names(scan_state, &(rule_uuids[i]), 1, &rule_table_name); - if(ret<=0) - { - char uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(rule_uuids[i], uuid_str); - STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "scanner_rule_convert: maat_state_get_rule_table_names failed, rule_uuid: %s addr: %s", uuid_str, ((readable_addr!=NULL) ? readable_addr : "")); - return ; - } - size_t rule_table_name_sz=((rule_table_name!=NULL) ? strlen(rule_table_name) : 0); - enum RULE_TYPE rule_type=maat_rule_table_string2type(rule_table_name, rule_table_name_sz); - scanner_state_add_current_packet_rules(policy_state, rule_type, &(rule_uuids[i]), 1); - } -} - -void scanner_scan_not_logic_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct scanner_state *policy_state) +void scanner_scan_not_logic_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name) { - if(scan_state==NULL || policy_state==NULL || attribute_name==NULL) + if(scan_state==NULL || attribute_name==NULL) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_not_logic(cm_maat->feather, table_name, attribute_name, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_not_logic(cm_maat->feather, table_name, attribute_name, scan_state); + int hits_status=maat_scan_not_logic(cm_maat->feather, table_name, attribute_name, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_not_logic: scan table: %s attribute_name: %s hits_status: %d n_hits: %d addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_not_logic: scan table: %s attribute_name: %s hits_status: %d addr: %s", table_name, attribute_name, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_object_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct maat_hit_object *objects, size_t n_object, struct scanner_state *policy_state) +void scanner_scan_object_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uuid_t *object_uuid __attribute__((unused)), uuid_t *item_uuid __attribute__((unused)), size_t n_uuids) { - if(scan_state==NULL || policy_state==NULL || attribute_name==NULL || objects==NULL || n_object==0) + if(scan_state==NULL || attribute_name==NULL || object_uuid==NULL || n_uuids==0) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_object(cm_maat->feather, table_name, attribute_name, objects, n_object, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_object(cm_maat->feather, table_name, attribute_name, object_uuid, item_uuid, n_uuids, scan_state); + int hits_status=maat_scan_object(cm_maat->feather, table_name, attribute_name, NULL, 0, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_object: scan table: %s attribute_name: %s object_ids: %d hits_status: %d n_hits: %d addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_object: scan table: %s attribute_name: %s object_ids: %d hits_status: %d addr: %s", table_name, attribute_name, - n_object, + n_uuids, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_string_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *scan_string, size_t scan_string_sz, struct scanner_state *policy_state) +void scanner_scan_string_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, const char *scan_string, size_t scan_string_sz) { - if(scan_state==NULL || scan_string==NULL || attribute_name==NULL || scan_string_sz==0 || policy_state==NULL) + if(scan_state==NULL || scan_string==NULL || attribute_name==NULL || scan_string_sz==0) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_string(cm_maat->feather, table_name, attribute_name, scan_string, scan_string_sz, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_string(cm_maat->feather, table_name, attribute_name, scan_string, scan_string_sz, scan_state); + int hits_status=maat_scan_string(cm_maat->feather, table_name, attribute_name, scan_string, scan_string_sz, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_string: scan table: %s attribute_name: %s string: hits_status: %d n_hits: %d addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_string: scan table: %s attribute_name: %s string: hits_status: %d addr: %s", table_name, attribute_name, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_integer_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint64_t scan_integer, struct scanner_state *policy_state) +void scanner_scan_integer_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_integer) { - if(scan_state==NULL || policy_state==NULL || attribute_name==NULL) + if(scan_state==NULL || attribute_name==NULL) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_integer(cm_maat->feather, table_name, attribute_name, scan_integer, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_integer(cm_maat->feather, table_name, attribute_name, scan_integer, scan_state); + int hits_status=maat_scan_integer(cm_maat->feather, table_name, attribute_name, scan_integer, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_integer: scan table: %s attribute_name: %s integer: %lu hits_status: %d n_hits: %d addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_integer: scan table: %s attribute_name: %s integer: %lu hits_status: %d addr: %s", table_name, attribute_name, scan_integer, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_flag_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint64_t scan_flag, struct scanner_state *policy_state) +void scanner_scan_flag_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_flag) { - if(scan_state==NULL || policy_state==NULL || attribute_name==NULL) + if(scan_state==NULL || attribute_name==NULL) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_flag(cm_maat->feather, table_name, attribute_name, scan_flag, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_flag(cm_maat->feather, table_name, attribute_name, scan_flag, scan_state); + int hits_status=maat_scan_flag(cm_maat->feather, table_name, attribute_name, scan_flag, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_flags: scan table: %s attribute_name: %s flags: %lu hits_status: %d n_hits: %d addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_flags: scan table: %s attribute_name: %s flags: %lu hits_status: %d addr: %s", table_name, attribute_name, scan_flag, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_ipv4_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint32_t scan_ipv4, int32_t scan_port, struct scanner_state *policy_state) +void scanner_scan_ipv4_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint32_t scan_ipv4, int32_t scan_port) { - if(scan_state==NULL || policy_state==NULL || attribute_name==NULL) + if(scan_state==NULL || attribute_name==NULL) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_ipv4_port(cm_maat->feather, table_name, attribute_name, scan_ipv4, scan_port, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_ipv4_port(cm_maat->feather, table_name, attribute_name, scan_ipv4, scan_port, scan_state); + int hits_status=maat_scan_ipv4_port(cm_maat->feather, table_name, attribute_name, scan_ipv4, scan_port, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_ipv4_port: scan ipv4: %u port: %d table: %s attribute_name: %s hits_status: %d n_hits: %d addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_ipv4_port: scan ipv4: %u port: %d table: %s attribute_name: %s hits_status: %d addr: %s", scan_ipv4, scan_port, table_name, attribute_name, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_ipv6_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint8_t *scan_ipv6, int32_t scan_port, struct scanner_state *policy_state) +void scanner_scan_ipv6_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint8_t *scan_ipv6, int32_t scan_port) { - if(scan_state==NULL || policy_state==NULL || attribute_name) + if(scan_state==NULL || attribute_name) { return ; } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name); - int hits_status=maat_scan_ipv6_port(cm_maat->feather, table_name, attribute_name, scan_ipv6, scan_port, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_scan_ipv6_port(cm_maat->feather, table_name, attribute_name, scan_ipv6, scan_port, scan_state); + int hits_status=maat_scan_ipv6_port(cm_maat->feather, table_name, attribute_name, scan_ipv6, scan_port, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_ipv6_port: scan ipv6: %.08x-%.08x-%.08x-%.08x port: %d table: %s attribute_name: %s hits_status: %d, n_hits: %d, addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_ipv6_port: scan ipv6: %.08x-%.08x-%.08x-%.08x port: %d table: %s attribute_name: %s hits_status: %d, addr: %s", ((uint32_t *)scan_ipv6)[0], ((uint32_t *)scan_ipv6)[1], ((uint32_t *)scan_ipv6)[2], @@ -1266,14 +1177,13 @@ void scanner_scan_ipv6_attribute(const char *readable_addr, char *attribute_name table_name, attribute_name, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); } -void scanner_scan_stream_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct maat_stream **stream_handle, const char *scan_string, size_t scan_string_sz, struct scanner_state *policy_state) +void scanner_scan_stream_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, struct maat_stream **stream_handle, const char *scan_string, size_t scan_string_sz) { - if(scan_state==NULL || policy_state==NULL || attribute_name==NULL || scan_string==NULL || scan_string_sz==0 || stream_handle==NULL) + if(scan_state==NULL || attribute_name==NULL || scan_string==NULL || scan_string_sz==0 || stream_handle==NULL) { return ; } @@ -1290,16 +1200,13 @@ void scanner_scan_stream_attribute(const char *readable_addr, char *attribute_na ); } - size_t n_rule_uuids=0; - uuid_t rule_uuids[MAX_MATCH_RULES_NUM]; - int hits_status=maat_stream_scan(*stream_handle, scan_string, scan_string_sz, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state); - scanner_rule_convert(cm_maat->logger, readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids); + // int hits_status=maat_stream_scan(*stream_handle, scan_string, scan_string_sz, scan_state); + int hits_status=maat_stream_scan(*stream_handle, scan_string, scan_string_sz, NULL, 0, NULL, scan_state); - STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_stream_scan: scan table: %s attribute_name: %s hits_status: %d, n_hits: %d, addr: %s", + STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_stream_scan: scan table: %s attribute_name: %s hits_status: %d, addr: %s", scanner_maat_get_object_table_name(cm_maat, attribute_name), attribute_name, hits_status, - n_rule_uuids, ((readable_addr!=NULL) ? readable_addr : "") ); }
\ No newline at end of file diff --git a/scanner/scanner_maat.h b/scanner/scanner_maat.h index c4afadb..918a872 100644 --- a/scanner/scanner_maat.h +++ b/scanner/scanner_maat.h @@ -91,14 +91,14 @@ struct app_id_dict const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid); -void scanner_scan_not_logic_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct scanner_state *policy_state); -void scanner_scan_object_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct maat_hit_object *objects, size_t n_object, struct scanner_state *policy_state); -void scanner_scan_flag_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint64_t scan_flag, struct scanner_state *policy_state); -void scanner_scan_integer_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint64_t scan_integer, struct scanner_state *policy_state); -void scanner_scan_string_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *scan_string, size_t scan_string_sz, struct scanner_state *policy_state); -void scanner_scan_ipv4_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint32_t scan_ipv4, int32_t scan_port, struct scanner_state *policy_state); -void scanner_scan_ipv6_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint8_t *scan_ipv6, int32_t scan_port, struct scanner_state *policy_state); -void scanner_scan_stream_attribute(const char *readable_addr, struct attribute_schema *schema, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct maat_stream **stream_handle, const char *scan_string, size_t scan_string_sz, struct scanner_state *policy_state); +void scanner_scan_not_logic_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name); +void scanner_scan_object_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uuid_t *object_uuid, uuid_t *item_uuid, size_t n_uuids); +void scanner_scan_flag_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_flag); +void scanner_scan_integer_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_integer); +void scanner_scan_string_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, const char *scan_string, size_t scan_string_sz); +void scanner_scan_ipv4_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint32_t scan_ipv4, int32_t scan_port); +void scanner_scan_ipv6_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint8_t *scan_ipv6, int32_t scan_port); +void scanner_scan_stream_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, struct maat_stream **stream_handle, const char *scan_string, size_t scan_string_sz); /* sd maat api */ diff --git a/scanner/scanner_state.c b/scanner/scanner_state.c deleted file mode 100644 index 885fd0b..0000000 --- a/scanner/scanner_state.c +++ /dev/null @@ -1,326 +0,0 @@ -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <uuid/uuid.h> - -#include "uthash/utarray.h" -#include "stellar/utils.h" -#include "scanner_state.h" - -#define SCANNER_STATE_MAGIC 0x12345678 - -struct matched_rule -{ - uuid_t rule_uuid; - int matched_app_id; - enum RULE_TYPE type; -}; - -struct scanner_state -{ - int magic; - UT_array *curr_pkt_rule[RULE_TYPE_MAX]; - UT_array *history_rule[RULE_TYPE_MAX]; - UT_array *curr_pkt_object[HIT_OBJECT_ATTRIBUTE_TYPE_MAX]; - UT_array *history_object[HIT_OBJECT_ATTRIBUTE_TYPE_MAX]; -}; - -struct scanner_state *scanner_state_new(void) -{ - return ((struct scanner_state *)CALLOC(struct scanner_state, 1)); -} - -void scanner_state_free(struct scanner_state *state) -{ - if(state==NULL) - { - return; - } - - for(unsigned i=0; i<RULE_TYPE_MAX; i++) - { - if(state->curr_pkt_rule[i]!=NULL) - { - utarray_free(state->curr_pkt_rule[i]); - } - - if(state->history_rule[i]!=NULL) - { - utarray_free(state->history_rule[i]); - } - } - - for(unsigned i=0; i<HIT_OBJECT_ATTRIBUTE_TYPE_MAX; i++) - { - if(state->curr_pkt_object[i]!=NULL) - { - utarray_free(state->curr_pkt_object[i]); - } - - if(state->history_object[i]!=NULL) - { - utarray_free(state->history_object[i]); - } - } - - FREE(state); -} - -int scanner_state_get_security_policy_matched_appid(struct scanner_state *state, uuid_t rule_uuid) -{ - if(state==NULL || state->curr_pkt_rule[RULE_TYPE_SECURITY]==NULL || uuid_is_null(rule_uuid)) - { - return -1; - } - - for(unsigned i=0; i<utarray_len(state->curr_pkt_rule[RULE_TYPE_SECURITY]); i++) - { - struct matched_rule *p_rule=(struct matched_rule *)utarray_eltptr(state->curr_pkt_rule[RULE_TYPE_SECURITY], i); - if(p_rule==NULL) - { - continue; - } - - if(uuid_compare(p_rule->rule_uuid, rule_uuid)==0) - { - return p_rule->matched_app_id; - } - } - - return -1; -} -void scanner_state_set_current_rule_matched_appid(struct scanner_state *state, enum RULE_TYPE type, uuid_t rule_uuid, int appid) -{ - if(state==NULL || type>=RULE_TYPE_MAX || state->curr_pkt_rule[type]==NULL || uuid_is_null(rule_uuid)) - { - return; - } - - for(unsigned i=0; i<utarray_len(state->curr_pkt_rule[type]); i++) - { - struct matched_rule *p_rule=(struct matched_rule *)utarray_eltptr(state->curr_pkt_rule[type], i); - if(p_rule==NULL) - { - continue; - } - - if(uuid_compare(p_rule->rule_uuid, rule_uuid)==0) - { - p_rule->matched_app_id=appid; - return; - } - } -} - -static size_t rule_uuid_copy(UT_array *rule_array, uuid_t rule_uuids[], size_t n_rule_uuids) -{ - if(rule_array==NULL || n_rule_uuids==0) - { - return 0; - } - - size_t n_rule=MIN(utarray_len(rule_array), n_rule_uuids); - for(unsigned i=0; i<n_rule; i++) - { - struct matched_rule *p_rule=(struct matched_rule *)utarray_eltptr(rule_array, i); - if(p_rule==NULL) - { - continue; - } - - uuid_copy(rule_uuids[i], p_rule->rule_uuid); - } - - return n_rule; -} - -size_t scanner_state_get_history_rule_count(struct scanner_state *state, enum RULE_TYPE type) -{ - return ((state==NULL || state->history_rule[type]==NULL) ? 0 : utarray_len(state->history_rule[type])); -} - -size_t scanner_state_get_history_rules(struct scanner_state *state, enum RULE_TYPE type, uuid_t rule_uuids[], size_t n_rule_uuids) -{ - return ((state==NULL) ? 0 : rule_uuid_copy(state->history_rule[type], rule_uuids, n_rule_uuids)); -} - -size_t scanner_state_get_current_packet_rule_count(struct scanner_state *state, enum RULE_TYPE type) -{ - return ((state==NULL || state->curr_pkt_rule[type]==NULL) ? 0 : utarray_len(state->curr_pkt_rule[type])); -} - -size_t scanner_state_get_current_packet_rules(struct scanner_state *state, enum RULE_TYPE type, uuid_t rule_uuids[], size_t n_rule_uuids) -{ - return ((state==NULL) ? 0 : rule_uuid_copy(state->curr_pkt_rule[type], rule_uuids, n_rule_uuids)); -} - -static size_t hit_objects_copy(UT_array *object_array, struct maat_hit_object hit_objects[], size_t n_hit_objects) -{ - if(object_array==NULL || n_hit_objects==0) - { - return 0; - } - - size_t n_hit_object=MIN(utarray_len(object_array), n_hit_objects); - for(unsigned i=0; i<n_hit_object; i++) - { - struct maat_hit_object *p_hit_object=(struct maat_hit_object *)utarray_eltptr(object_array, i); - if(p_hit_object==NULL) - { - continue; - } - - memcpy(&hit_objects[i], p_hit_object, sizeof(struct maat_hit_object)); - } - - return n_hit_object; -} - -/* object option is brief or elaborate */ -size_t scanner_state_get_history_object_count(struct scanner_state *state, enum HIT_OBJECT_ATTRIBUTE_TYPE type) -{ - return ((state==NULL || state->history_object[type]==NULL) ? 0 : utarray_len(state->history_object[type])); -} - -size_t scanner_state_get_history_hit_objects(struct scanner_state *state, enum HIT_OBJECT_ATTRIBUTE_TYPE type, struct maat_hit_object hit_objects[], size_t n_hit_objects) -{ - return ((state==NULL || state->curr_pkt_object[type]==NULL) ? 0 : hit_objects_copy(state->curr_pkt_object[type], hit_objects, n_hit_objects)); -} - -size_t scanner_state_get_current_packet_hit_object_count(struct scanner_state *state, enum HIT_OBJECT_ATTRIBUTE_TYPE type) -{ - return ((state==NULL || state->curr_pkt_object[type]==NULL) ? 0 : utarray_len(state->curr_pkt_object[type])); -} - -size_t scanner_state_get_current_packet_hit_objects(struct scanner_state *state, enum HIT_OBJECT_ATTRIBUTE_TYPE type, struct maat_hit_object hit_objects[], size_t n_hit_objects) -{ - return ((state==NULL) ? 0 : hit_objects_copy(state->curr_pkt_object[type], hit_objects, n_hit_objects)); -} - -int is_duplicate_rule_uuid(UT_array *rule_uuids, uuid_t rule_uuid) -{ - if(rule_uuids==NULL || uuid_is_null(rule_uuid)) - { - return 0; - } - - for(unsigned i=0; i<utarray_len(rule_uuids); i++) - { - struct matched_rule *p_rule=(struct matched_rule *)utarray_eltptr(rule_uuids, i); - if(p_rule==NULL) - { - continue; - } - - if(uuid_compare(p_rule->rule_uuid, rule_uuid)==0) - { - return 1; - } - } - - return 0; -} - -void scanner_state_add_current_packet_rules(struct scanner_state *state, enum RULE_TYPE type, uuid_t rule_uuids[], size_t n_rule_uuids) -{ - if(state==NULL || type>=RULE_TYPE_MAX || n_rule_uuids==0) - { - return; - } - - if(state->curr_pkt_rule[type]==NULL) - { - UT_icd UT_matched_rule_icd={sizeof(struct matched_rule), NULL, NULL, NULL}; - utarray_new(state->curr_pkt_rule[type], &UT_matched_rule_icd); - } - - for(unsigned i=0; i<n_rule_uuids; i++) - { - int duplicate_flag=is_duplicate_rule_uuid(state->curr_pkt_rule[type], rule_uuids[i]); - if(duplicate_flag==1) - { - continue; - } - - duplicate_flag=is_duplicate_rule_uuid(state->history_rule[type], rule_uuids[i]); - if(duplicate_flag==1) - { - continue; - } - - struct matched_rule p_rule; - p_rule.matched_app_id=0; - p_rule.type=type; - uuid_copy(p_rule.rule_uuid, rule_uuids[i]); - utarray_push_back(state->curr_pkt_rule[type], &p_rule); - } -} - -void scanner_state_add_current_packet_hit_objects(struct scanner_state *state, enum HIT_OBJECT_ATTRIBUTE_TYPE type, struct maat_hit_object hit_objects[], size_t n_hit_objects) -{ - if(state==NULL || n_hit_objects==0) - { - return; - } - - if(state->curr_pkt_object[type]==NULL) - { - UT_icd UT_maat_hit_object_icd={sizeof(struct maat_hit_object), NULL, NULL, NULL}; - utarray_new(state->curr_pkt_object[type], &UT_maat_hit_object_icd); - } - - for(unsigned i=0; i<n_hit_objects; i++) - { - utarray_push_back(state->curr_pkt_object[type], &hit_objects[i]); - } -} - -void scanner_state_merge_packet_rules(struct scanner_state *state) -{ - if(state==NULL) - { - return; - } - - for(unsigned i=0; i<RULE_TYPE_MAX; i++) - { - if(state->curr_pkt_rule[i]==NULL) - { - continue; - } - - if(state->history_rule[i]==NULL) - { - UT_icd UT_matched_rule_icd={sizeof(struct matched_rule), NULL, NULL, NULL}; - utarray_new(state->history_rule[i], &UT_matched_rule_icd); - } - - utarray_concat(state->history_rule[i], state->curr_pkt_rule[i]); - utarray_clear(state->curr_pkt_rule[i]); - } -} - -void scanner_state_merge_packet_hit_objects(struct scanner_state *state) -{ - if(state==NULL) - { - return; - } - - for(unsigned i=0; i<HIT_OBJECT_ATTRIBUTE_TYPE_MAX; i++) - { - if(state->curr_pkt_object[i]==NULL) - { - continue; - } - - if(state->history_object[i]==NULL) - { - UT_icd UT_maat_hit_object_icd={sizeof(struct maat_hit_object), NULL, NULL, NULL}; - utarray_new(state->history_object[i], &UT_maat_hit_object_icd); - } - - utarray_concat(state->history_object[i], state->curr_pkt_object[i]); - utarray_clear(state->curr_pkt_object[i]); - } -}
\ No newline at end of file diff --git a/scanner/scanner_state.h b/scanner/scanner_state.h deleted file mode 100644 index bf88a95..0000000 --- a/scanner/scanner_state.h +++ /dev/null @@ -1,24 +0,0 @@ -#pragma once - -#include <uuid/uuid.h> -#include <stellar/scanner.h> - -#ifdef __cplusplus -extern "C" -{ -#endif - -struct scanner_state *scanner_state_new(void); -void scanner_state_free(struct scanner_state *state); - -void scanner_state_merge_packet_rules(struct scanner_state *state); -void scanner_state_merge_packet_hit_objects(struct scanner_state *state); - -void scanner_state_set_current_rule_matched_appid(struct scanner_state *state, enum RULE_TYPE rule_type, uuid_t rule_uuid, int appid); - -void scanner_state_add_current_packet_rules(struct scanner_state *state, enum RULE_TYPE rule_type, uuid_t rule_uuids[], size_t n_rule_uuids); -void scanner_state_add_current_packet_hit_objects(struct scanner_state *state, enum HIT_OBJECT_ATTRIBUTE_TYPE type, struct maat_hit_object hit_objects[], size_t n_hit_objects); - -#ifdef __cplusplus -} -#endif
\ No newline at end of file diff --git a/scanner/test/CMakeLists.txt b/scanner/test/CMakeLists.txt index a5dc197..5b9ef2d 100644 --- a/scanner/test/CMakeLists.txt +++ b/scanner/test/CMakeLists.txt @@ -1,8 +1,6 @@ add_executable(gtest_scanner gtest_scanner_main.cpp ${CMAKE_SOURCE_DIR}/scanner/scanner_toml.c - ${CMAKE_SOURCE_DIR}/scanner/scanner_state.c - gtest_scanner_state.cpp ${CMAKE_SOURCE_DIR}/scanner/scanner_maat.c gtest_scanner_maat.cpp ${CMAKE_SOURCE_DIR}/scanner/attribute_schema.c diff --git a/scanner/test/gtest_attribute_schema.cpp b/scanner/test/gtest_attribute_schema.cpp index fdd5dd6..597d89c 100644 --- a/scanner/test/gtest_attribute_schema.cpp +++ b/scanner/test/gtest_attribute_schema.cpp @@ -16,7 +16,6 @@ TEST(scanner_attribute_schema, attribute_string_not_free) struct attribute_schema attr_schema=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -43,7 +42,6 @@ TEST(scanner_attribute_schema, attribute_string_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -73,7 +71,6 @@ TEST(scanner_attribute_schema, attribute_string_array_not_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -108,7 +105,6 @@ TEST(scanner_attribute_schema, attribute_string_array_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -150,7 +146,6 @@ TEST(scanner_attribute_schema, attribute_chunk_not_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -177,7 +172,6 @@ TEST(scanner_attribute_schema, attribute_chunk_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -207,7 +201,6 @@ TEST(scanner_attribute_schema, attribute_integer) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -233,7 +226,6 @@ TEST(scanner_attribute_schema, attribute_flag) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -259,7 +251,6 @@ TEST(scanner_attribute_schema, attribute_ipv4) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -286,7 +277,6 @@ TEST(scanner_attribute_schema, attribute_ipv6) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -314,43 +304,43 @@ TEST(scanner_attribute_schema, attribute_maat_object_not_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL }; - size_t n_hit_objects=2; - struct maat_hit_object hit_objects[n_hit_objects]; - uuid_parse("12345678-1234-5678-1234-567812345678", hit_objects[0].item_uuid); - uuid_parse("87654321-4321-8765-4321-876543218765", hit_objects[0].object_uuid); + size_t n_uuid=2; + uuid_t item_uuid[n_uuid]; + uuid_t object_uuid[n_uuid]; + uuid_parse("12345678-1234-5678-1234-567812345678", item_uuid[0]); + uuid_parse("87654321-4321-8765-4321-876543218765", object_uuid[0]); - uuid_parse("12345678-1234-5678-1234-567812345678", hit_objects[1].item_uuid); - uuid_parse("87654321-4321-8765-4321-876543218765", hit_objects[1].object_uuid); + uuid_parse("12345678-1234-5678-1234-567812345678", item_uuid[1]); + uuid_parse("87654321-4321-8765-4321-876543218765", object_uuid[1]); size_t attr_offset=0; size_t attr_max=1; struct attribute_scratch attr[attr_max]; - attribute_scratch_maat_object_fill(attr, attr_max, &attr_offset, FREE_FALSE, &attr_schema, FREE_FALSE, hit_objects, n_hit_objects); + attribute_scratch_maat_object_fill(attr, attr_max, &attr_offset, FREE_FALSE, &attr_schema, FREE_FALSE, item_uuid, object_uuid, n_uuid); EXPECT_EQ(attr_offset, 1); EXPECT_EQ(attr[0].schema, &attr_schema); EXPECT_EQ(attr[0].value_type, ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT); EXPECT_EQ(attr[0].is_free_schema, FREE_FALSE); EXPECT_EQ(attr[0].is_free_value, FREE_TRUE); // notice here - EXPECT_EQ(attr[0].maat_object.n_hit_objects, 2); + EXPECT_EQ(attr[0].maat_object.n_uuid, 2); char uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(attr[0].maat_object.hit_objects[0].item_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.item_uuid[0], uuid_str); EXPECT_STREQ(uuid_str, "12345678-1234-5678-1234-567812345678"); - uuid_unparse_lower(attr[0].maat_object.hit_objects[0].object_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.object_uuid[0], uuid_str); EXPECT_STREQ(uuid_str, "87654321-4321-8765-4321-876543218765"); - uuid_unparse_lower(attr[0].maat_object.hit_objects[1].item_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.item_uuid[1], uuid_str); EXPECT_STREQ(uuid_str, "12345678-1234-5678-1234-567812345678"); - uuid_unparse_lower(attr[0].maat_object.hit_objects[1].object_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.object_uuid[1], uuid_str); EXPECT_STREQ(uuid_str, "87654321-4321-8765-4321-876543218765"); attribute_scratch_reset(attr, attr_offset); @@ -361,41 +351,41 @@ TEST(scanner_attribute_schema, attribute_maat_object_free) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL }; - size_t n_hit_objects=2; - struct maat_hit_object *hit_objects=(struct maat_hit_object *)malloc(n_hit_objects*sizeof(struct maat_hit_object)); - uuid_parse("12345678-1234-5678-1234-567812345678", hit_objects[0].item_uuid); - uuid_parse("87654321-4321-8765-4321-876543218765", hit_objects[0].object_uuid); + size_t n_uuid=2; + uuid_t *item_uuid=(uuid_t *)malloc(n_uuid*sizeof(uuid_t)); + uuid_t *object_uuid=(uuid_t *)malloc(n_uuid*sizeof(uuid_t)); + uuid_parse("12345678-1234-5678-1234-567812345678", item_uuid[0]); + uuid_parse("87654321-4321-8765-4321-876543218765", object_uuid[0]); - uuid_parse("12345678-1234-5678-1234-567812345678", hit_objects[1].item_uuid); - uuid_parse("87654321-4321-8765-4321-876543218765", hit_objects[1].object_uuid); + uuid_parse("12345678-1234-5678-1234-567812345678", item_uuid[1]); + uuid_parse("87654321-4321-8765-4321-876543218765", object_uuid[1]); size_t attr_offset=0; size_t attr_max=1; struct attribute_scratch attr[attr_max]; - attribute_scratch_maat_object_fill(attr, attr_max, &attr_offset, FREE_FALSE, &attr_schema, FREE_TRUE, hit_objects, n_hit_objects); + attribute_scratch_maat_object_fill(attr, attr_max, &attr_offset, FREE_FALSE, &attr_schema, FREE_TRUE, item_uuid, object_uuid, n_uuid); EXPECT_EQ(attr_offset, 1); EXPECT_EQ(attr[0].schema, &attr_schema); EXPECT_EQ(attr[0].value_type, ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT); EXPECT_EQ(attr[0].is_free_schema, FREE_FALSE); EXPECT_EQ(attr[0].is_free_value, FREE_TRUE); - EXPECT_EQ(attr[0].maat_object.n_hit_objects, 2); + EXPECT_EQ(attr[0].maat_object.n_uuid, 2); char uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(attr[0].maat_object.hit_objects[0].item_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.item_uuid[0], uuid_str); EXPECT_STREQ(uuid_str, "12345678-1234-5678-1234-567812345678"); - uuid_unparse_lower(attr[0].maat_object.hit_objects[0].object_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.object_uuid[0], uuid_str); EXPECT_STREQ(uuid_str, "87654321-4321-8765-4321-876543218765"); - uuid_unparse_lower(attr[0].maat_object.hit_objects[1].item_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.item_uuid[1], uuid_str); EXPECT_STREQ(uuid_str, "12345678-1234-5678-1234-567812345678"); - uuid_unparse_lower(attr[0].maat_object.hit_objects[1].object_uuid, uuid_str); + uuid_unparse_lower(attr[0].maat_object.object_uuid[1], uuid_str); EXPECT_STREQ(uuid_str, "87654321-4321-8765-4321-876543218765"); attribute_scratch_reset(attr, attr_offset); @@ -406,7 +396,6 @@ TEST(scanner_attribute_schema, attribute_not_logic) struct attribute_schema attr_schema={ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL @@ -433,7 +422,6 @@ TEST(scanner_attribute_schema, attribute_not_logic_free_schema) *attr_schema=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=0, - .scan_hit_object_idx=0, .scan_attribute_name=NULL, .log_field_name_sz=0, .log_field_name=NULL diff --git a/scanner/test/gtest_scanner_maat.cpp b/scanner/test/gtest_scanner_maat.cpp index 98afdc2..1148db7 100644 --- a/scanner/test/gtest_scanner_maat.cpp +++ b/scanner/test/gtest_scanner_maat.cpp @@ -3,7 +3,6 @@ #include <string.h> #include <gtest/gtest.h> -#include "scanner_state.h" #include "scanner_maat.h" TEST(scanner_maat, demo) diff --git a/scanner/test/gtest_scanner_state.cpp b/scanner/test/gtest_scanner_state.cpp deleted file mode 100644 index 67444c2..0000000 --- a/scanner/test/gtest_scanner_state.cpp +++ /dev/null @@ -1,303 +0,0 @@ -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <gtest/gtest.h> -#include "scanner_state.h" - -TEST(scanner_state, demo) -{ - -} - -TEST(scanner_state, state_is_null_when_get) -{ - struct scanner_state *state=NULL; - EXPECT_EQ(-1, scanner_state_get_security_policy_matched_appid(state, NULL)); - - for(int i=1; i<RULE_TYPE_MAX; i++) - { - uuid_t rule_uuids[10]; - - EXPECT_EQ(0, scanner_state_get_history_rule_count(state, (enum RULE_TYPE)i)); - EXPECT_EQ(0, scanner_state_get_history_rules(state, (enum RULE_TYPE)i, rule_uuids, 10)); - - EXPECT_EQ(0, scanner_state_get_current_packet_rule_count(state, (enum RULE_TYPE)i)); - EXPECT_EQ(0, scanner_state_get_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, 10)); - } - - - - for(int i=1; i<HIT_OBJECT_ATTRIBUTE_TYPE_MAX; i++) - { - struct maat_hit_object hit_objects[10]; - - EXPECT_EQ(0, scanner_state_get_history_object_count(state, (enum HIT_OBJECT_ATTRIBUTE_TYPE)i)); - EXPECT_EQ(0, scanner_state_get_history_hit_objects(state, (enum HIT_OBJECT_ATTRIBUTE_TYPE)i, hit_objects, 10)); - - EXPECT_EQ(0, scanner_state_get_current_packet_hit_object_count(state, (enum HIT_OBJECT_ATTRIBUTE_TYPE)i)); - EXPECT_EQ(0, scanner_state_get_current_packet_hit_objects(state, (enum HIT_OBJECT_ATTRIBUTE_TYPE)i, hit_objects, 10)); - } - - scanner_state_merge_packet_rules(state); - scanner_state_merge_packet_hit_objects(state); -} - -TEST(scanner_state, state_is_null_when_add) -{ - struct scanner_state *state=NULL; - - int appid=4; - uuid_t rule_uuid; - for(int i=0; i<RULE_TYPE_MAX; i++) - { - scanner_state_set_current_rule_matched_appid(state, (enum RULE_TYPE)i, rule_uuid, appid); - } - - uuid_t rule_uuids[10]; - for(int i=0; i<RULE_TYPE_MAX; i++) - { - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, 10); - } - - struct maat_hit_object hit_objects[10]; - for(int i=0; i<HIT_OBJECT_ATTRIBUTE_TYPE_MAX; i++) - { - scanner_state_add_current_packet_hit_objects(state, (enum HIT_OBJECT_ATTRIBUTE_TYPE)i, hit_objects, 10); - } -} - -TEST(scanner_state, state_add_rule_uuid) -{ - struct scanner_state *state=scanner_state_new(); - EXPECT_NE(state, nullptr); - - /* add rule uuids */ - size_t n_rule_uuid=10; - uuid_t rule_uuids[n_rule_uuid]; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - for(size_t j=0; j<n_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - uuid_parse(uuid_str, rule_uuids[j]); - } - - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, n_rule_uuid); - } - - /* get rule uuids from current packet */ - - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - size_t n_curr_rule_uuid=scanner_state_get_current_packet_rule_count(state, (enum RULE_TYPE)i); - EXPECT_EQ(n_curr_rule_uuid, n_rule_uuid); - - uuid_t gotten_curr_rule_uuids[n_curr_rule_uuid]; - size_t n_gotten_curr_rule_uuid=scanner_state_get_current_packet_rules(state, (enum RULE_TYPE)i, gotten_curr_rule_uuids, n_curr_rule_uuid); - EXPECT_EQ(n_gotten_curr_rule_uuid, n_curr_rule_uuid); - - for(size_t j=0; j<n_gotten_curr_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - - char rule_uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(gotten_curr_rule_uuids[j], rule_uuid_str); - EXPECT_STREQ(rule_uuid_str, uuid_str); - } - } - - /* get rule uuids from history */ - - uuid_t gotten_history_rule_uuids[n_rule_uuid]; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - EXPECT_EQ(0, scanner_state_get_history_rule_count(state, (enum RULE_TYPE)i)); - EXPECT_EQ(0, scanner_state_get_history_rules(state, (enum RULE_TYPE)i, gotten_history_rule_uuids, n_rule_uuid)); - } - - /* merge rule uuids */ - scanner_state_merge_packet_rules(state); - - /* get rule uuids from history */ - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - size_t n_curr_rule_uuid=scanner_state_get_history_rule_count(state, (enum RULE_TYPE)i); - EXPECT_EQ(n_curr_rule_uuid, n_rule_uuid); - - uuid_t gotten_curr_rule_uuids[n_curr_rule_uuid]; - size_t n_gotten_curr_rule_uuid=scanner_state_get_history_rules(state, (enum RULE_TYPE)i, gotten_curr_rule_uuids, n_curr_rule_uuid); - EXPECT_EQ(n_gotten_curr_rule_uuid, n_curr_rule_uuid); - - for(size_t j=0; j<n_gotten_curr_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - - char rule_uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(gotten_curr_rule_uuids[j], rule_uuid_str); - EXPECT_STREQ(rule_uuid_str, uuid_str); - } - } - - scanner_state_free(state); -} - -TEST(scanner_state, state_merge_duplicate_rule_uuid) -{ - struct scanner_state *state=scanner_state_new(); - EXPECT_NE(state, nullptr); - - /* add 1 rule uuids */ - size_t n1_rule_uuid=10; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - uuid_t rule_uuids[n1_rule_uuid]; - for(size_t j=0; j<n1_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - uuid_parse(uuid_str, rule_uuids[j]); - } - - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, n1_rule_uuid); - } - - /* add 2 rule uuids and different current packet rule uuids */ - size_t n2_rule_uuid=10; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - uuid_t rule_uuids[n2_rule_uuid]; - for(size_t j=0; j<n2_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - uuid_parse(uuid_str, rule_uuids[j]); - } - - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, n2_rule_uuid); - } - - /* merge rule uuids */ - scanner_state_merge_packet_rules(state); - - /* add 3 rule uuids and different current packet rule uuids */ - size_t n3_rule_uuid=10; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - uuid_t rule_uuids[n3_rule_uuid]; - for(size_t j=0; j<n3_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - uuid_parse(uuid_str, rule_uuids[j]); - } - - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, n3_rule_uuid); - } - - /* get rule uuids from curent pcaket */ - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - EXPECT_EQ(0, scanner_state_get_current_packet_rule_count(state, (enum RULE_TYPE)i)); - } - - /* get rule uuids from history */ - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - size_t n_curr_rule_uuid=scanner_state_get_history_rule_count(state, (enum RULE_TYPE)i); - EXPECT_EQ(n_curr_rule_uuid, n1_rule_uuid); - EXPECT_EQ(n_curr_rule_uuid, n2_rule_uuid); - EXPECT_EQ(n_curr_rule_uuid, n3_rule_uuid); - - uuid_t gotten_curr_rule_uuids[n_curr_rule_uuid]; - size_t n_gotten_curr_rule_uuid=scanner_state_get_history_rules(state, (enum RULE_TYPE)i, gotten_curr_rule_uuids, n_curr_rule_uuid); - EXPECT_EQ(n_gotten_curr_rule_uuid, n_curr_rule_uuid); - - for(size_t j=0; j<n_gotten_curr_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - - char rule_uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(gotten_curr_rule_uuids[j], rule_uuid_str); - EXPECT_STREQ(rule_uuid_str, uuid_str); - } - } - - scanner_state_free(state); -} - -TEST(scanner_state, state_merge_different_rule_uuid) -{ - struct scanner_state *state=scanner_state_new(); - EXPECT_NE(state, nullptr); - - /* add rule uuids */ - size_t n1_rule_uuid=10; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - uuid_t rule_uuids[n1_rule_uuid]; - for(size_t j=0; j<n1_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - uuid_parse(uuid_str, rule_uuids[j]); - } - - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, n1_rule_uuid); - } - - /* merge rule uuids */ - scanner_state_merge_packet_rules(state); - - /* add rule uuids */ - size_t n2_rule_uuid=10; - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - uuid_t rule_uuids[n2_rule_uuid]; - for(size_t j=0; j<n2_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i+1, (int)(j+10000)); - uuid_parse(uuid_str, rule_uuids[j]); - } - - scanner_state_add_current_packet_rules(state, (enum RULE_TYPE)i, rule_uuids, n2_rule_uuid); - } - - /* merge rule uuids */ - scanner_state_merge_packet_rules(state); - - /* get rule uuids from history */ - for(size_t i=1; i<RULE_TYPE_MAX; i++) - { - size_t n_curr_rule_uuid=scanner_state_get_history_rule_count(state, (enum RULE_TYPE)i); - EXPECT_EQ(n_curr_rule_uuid, n1_rule_uuid+n2_rule_uuid); - - uuid_t gotten_curr_rule_uuids[n_curr_rule_uuid]; - size_t n_gotten_curr_rule_uuid=scanner_state_get_history_rules(state, (enum RULE_TYPE)i, gotten_curr_rule_uuids, n_curr_rule_uuid); - EXPECT_EQ(n_gotten_curr_rule_uuid, n_curr_rule_uuid); - - for(size_t j=0; j<n_gotten_curr_rule_uuid; j++) - { - char uuid_str[UUID_STR_LEN]={0}; - if(j<n1_rule_uuid) - { - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i, (int)j); - } - else - { - snprintf(uuid_str, UUID_STR_LEN, "%08x-0000-0000-0000-0000%08x", (int)i+1, (int)(j-n1_rule_uuid+10000)); - } - - char rule_uuid_str[UUID_STR_LEN]={0}; - uuid_unparse_lower(gotten_curr_rule_uuids[j], rule_uuid_str); - EXPECT_STREQ(rule_uuid_str, uuid_str); - } - } - - scanner_state_free(state); -}
\ No newline at end of file |