summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorliuxueli <[email protected]>2024-11-27 10:27:34 +0000
committerliuxueli <[email protected]>2024-11-27 10:27:34 +0000
commitad02793073353103ccccf3fab1afdd6cc30946d5 (patch)
treeb7d8bf1fad5567ccf830daa8ba6c64927b738a85
parent38307ed232012dcbd44bd95167b8f37c7186d1fb (diff)
scanner and security enforcer rebase developdev-scanner
Diffstat
-rw-r--r--enforcer/security/CMakeLists.txt8
-rw-r--r--enforcer/security/security_enforcer.cpp32
-rw-r--r--enforcer/security/security_enforcer.h15
-rw-r--r--exporter/session_exporter.c6
-rw-r--r--include/stellar/enforcer.h11
-rw-r--r--include/stellar/exporter.h2
-rw-r--r--include/stellar/kv.h35
-rw-r--r--include/stellar/scanner.h18
-rw-r--r--include/stellar/security_enforcer.h21
-rw-r--r--infra/CMakeLists.txt4
-rw-r--r--infra/stellar_core.c8
-rw-r--r--scanner/CMakeLists.txt10
-rw-r--r--scanner/attribute_kv.c44
-rw-r--r--scanner/attribute_kv.h12
-rw-r--r--scanner/packet_based_scanner.c (renamed from scanner/packet_scanner.c)195
-rw-r--r--scanner/packet_based_scanner.h (renamed from scanner/packet_scanner.h)11
-rw-r--r--scanner/scanner_maat.c68
-rw-r--r--scanner/scanner_maat.h6
-rw-r--r--scanner/scanner_module.c (renamed from scanner/scanner.c)78
-rw-r--r--scanner/scanner_module.h (renamed from scanner/scanner_internal.h)34
-rw-r--r--scanner/session_based_scanner.c72
-rw-r--r--scanner/session_based_scanner.h23
-rw-r--r--scanner/session_scanner.c83
-rw-r--r--scanner/session_scanner.h8
24 files changed, 372 insertions, 432 deletions
diff --git a/enforcer/security/CMakeLists.txt b/enforcer/security/CMakeLists.txt
index ba6869a..93295c8 100644
--- a/enforcer/security/CMakeLists.txt
+++ b/enforcer/security/CMakeLists.txt
@@ -3,10 +3,10 @@ include_directories(${CMAKE_SOURCE_DIR}/deps)
set(SECURITY_ENFORCER_SRC ${DEPS_SRC} security_maat.c security_enforcer.cpp bucket.c)
-add_library(security_enforcer-static STATIC ${SECURITY_ENFORCER_SRC})
-target_link_libraries(security_enforcer-static fieldstat4 yyjson toml uuid maatframe ctemplate-static)
-set_target_properties(security_enforcer-static PROPERTIES OUTPUT_NAME security_enforcer PREFIX "")
-set_target_properties(security_enforcer-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
+add_library(security_enforcer STATIC ${SECURITY_ENFORCER_SRC})
+target_link_libraries(security_enforcer fieldstat4 yyjson toml uuid maatframe ctemplate-static)
+set_target_properties(security_enforcer PROPERTIES OUTPUT_NAME security_enforcer PREFIX "")
+set_target_properties(security_enforcer PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
# add_library(security_enforcer-shared SHARED ${SECURITY_ENFORCER_SRC})
# set_target_properties(security_enforcer-shared PROPERTIES OUTPUT_NAME security_enforcer PREFIX "")
diff --git a/enforcer/security/security_enforcer.cpp b/enforcer/security/security_enforcer.cpp
index 309a453..7dec5c9 100644
--- a/enforcer/security/security_enforcer.cpp
+++ b/enforcer/security/security_enforcer.cpp
@@ -14,10 +14,10 @@
#include <stellar/module.h>
#include <stellar/session.h>
#include <stellar/packet.h>
+#include <stellar/security_enforcer.h>
#include "bucket.h"
#include "security_maat.h"
-#include "security_enforcer.h"
#define ENFORCER_RULE_UUID_NUM 128
@@ -353,7 +353,7 @@ void security_enforcer_enforce_drop(struct security_enforcer_env *enforcer_env,
}
packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
- session_set_discard((struct session *)sess);
+ session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
// if(drop->send_icmp_enable)
// {
@@ -489,7 +489,7 @@ void security_enforcer_enforce_mail_block(struct security_enforcer_env *enforcer
}
packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
- session_set_discard((struct session *)sess);
+ session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
}
void policy_user_define_variable_replace(ctemplate::TemplateDictionary *tpl_dict, uuid_t rule_uuid, char *client_ip, char *subscriber)
@@ -556,7 +556,7 @@ void security_enforcer_enforce_http_block(struct security_enforcer_env *enforcer
}
packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
- session_set_discard((struct session *)sess);
+ session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
uint16_t http_hdr_len=0;
char http_hdr[512]={0};
@@ -967,7 +967,7 @@ void security_enforcer_enforce_http_redirect(struct security_enforcer_env *enfor
struct packet *redirect_pkt=packet_manager_build_tcp_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), c2s_origin_pkt, th_seq, th_ack, TH_PUSH, NULL, 0, payload, payload_offset);
packet_manager_schedule_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), redirect_pkt, PACKET_STAGE_POSTROUTING);
packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP);
- session_set_discard((struct session *)sess);
+ session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess);
}
}
@@ -1076,10 +1076,15 @@ size_t maat_state_compile(struct maat_state *state __attribute__((unused)), cons
return 0;
}
-void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, void *arg)
+void packet_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer)
{
- struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg;
- if(enforcer_env==NULL || rawpkt==NULL)
+ if(rawpkt==NULL || mod_enforcer==NULL)
+ {
+ return ;
+ }
+
+ struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer);
+ if(enforcer_env==NULL)
{
return ;
}
@@ -1107,10 +1112,15 @@ void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, v
// packet_tag_get(rawpkt, &pkt_tag_key_bits, &pkt_tag_val_bits);
}
-void security_enforcer_session_based_node_callback(const struct packet *rawpkt, void *arg)
+void session_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer)
{
- struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg;
- if(enforcer_env==NULL || rawpkt==NULL)
+ if(rawpkt==NULL || mod_enforcer==NULL)
+ {
+ return ;
+ }
+
+ struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer);
+ if(enforcer_env==NULL)
{
return ;
}
diff --git a/enforcer/security/security_enforcer.h b/enforcer/security/security_enforcer.h
deleted file mode 100644
index 43f0f67..0000000
--- a/enforcer/security/security_enforcer.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#pragma once
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module"
-struct security_enforcer;
-struct security_enforcer *security_enforcer_module_to_enforcer(struct module *mod);
-
-
-#ifdef __cplusplus
-}
-#endif \ No newline at end of file
diff --git a/exporter/session_exporter.c b/exporter/session_exporter.c
index f65e245..4ae4d7d 100644
--- a/exporter/session_exporter.c
+++ b/exporter/session_exporter.c
@@ -14,7 +14,7 @@ struct transaction_unique_key
struct exporter_transaction
{
- struct kv *context;
+ struct utable_kv *context;
long long unique_index;
struct transaction_unique_key key;
UT_hash_handle hh;
@@ -22,7 +22,7 @@ struct exporter_transaction
struct exporter_context
{
- struct kv *default_cotext;
+ struct utable_kv *default_cotext;
long long transaction_offset;
struct exporter_transaction *transactions;
};
@@ -102,7 +102,7 @@ struct exporter_context *exporter_aquire_transaction_context(struct exporter *ex
HASH_ADD(hh, context->transactions, key, sizeof(struct transaction_unique_key), transaction);
}
-void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv)
+void exporter_context_add_kv(struct exporter_context *ctx, struct utable_kv *kv)
{
}
diff --git a/include/stellar/enforcer.h b/include/stellar/enforcer.h
deleted file mode 100644
index 0804d2f..0000000
--- a/include/stellar/enforcer.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#pragma once
-
-struct enforcer;
-
-void enforcer_append_monitor_rule_action_on_packet(struct enforcer *enforcer, struct packet *pkt, const char *action);
-void enforcer_append_monitor_rule_action_on_session(struct enforcer *enforcer, struct session *sess, const char *action);
-
-void enforcer_append_security_rule_action_on_packet(struct enforcer *enforcer, struct packet *pkt, const char *action);
-void enforcer_append_security_rule_action_on_session(struct enforcer *enforcer, struct session *sess, const char *action);
-
-
diff --git a/include/stellar/exporter.h b/include/stellar/exporter.h
index 9232652..a24134e 100644
--- a/include/stellar/exporter.h
+++ b/include/stellar/exporter.h
@@ -30,7 +30,7 @@ struct exporter_context *exporter_aquire_transaction_context(struct exporter *ex
// add http_action_file_size/security_rule_action
// add monitor_mirrored_bytes/monitor_mirrored_packets/monitor_packet_capture_filepath
// add http transaction request/response body file path
-void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv);
+void exporter_context_add_kv(struct exporter_context *ctx, struct utable_kv *kv);
#ifdef __cplusplus
}
diff --git a/include/stellar/kv.h b/include/stellar/kv.h
deleted file mode 100644
index c950d0a..0000000
--- a/include/stellar/kv.h
+++ /dev/null
@@ -1,35 +0,0 @@
-#pragma once
-
-#include <stddef.h>
-#include <uuid/uuid.h>
-
-enum vtype
-{
- VTYPE_INTEGER,
- VTYPE_DOUBLE,
- VTYPE_CSTRING,
- VTYPE_UUID,
-};
-
-struct kv
-{
- char *key;
- size_t key_sz;
- enum vtype type;
- union
- {
- long long value_longlong;
- double value_double;
- struct
- {
- char *str;
- size_t sz;
- }value_str;
- uuid_t value_uuid;
- struct
- {
- struct kv **elements;
- size_t n_element;
- }value_list;
- };
-};
diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h
index fdabaa4..6bb150b 100644
--- a/include/stellar/scanner.h
+++ b/include/stellar/scanner.h
@@ -8,11 +8,19 @@ extern "C"
#include "maat.h"
#include <stddef.h>
-#include <stellar/kv.h>
-#include <stellar/module.h>
-#include <stellar/session.h>
+#include "utable/utable.h"
+#include "stellar/module.h"
+#include "stellar/session.h"
+#include "stellar/packet.h"
#define SCANNER_MODULE_NAME "scanner_module"
+
+#define PACKET_BASED_SCANNER_NODE "packet_based_scanner_node"
+void packet_based_scanner_node_entry(struct packet *pkt, struct module *mod);
+
+#define SESSION_BASED_SCANNER_NODE "session_based_scanner_node"
+void session_based_scanner_node_entry(struct packet *pkt, struct module *mod);
+
struct scanner;
struct scanner *scanner_module_to_scanner(struct module *mod);
@@ -48,8 +56,8 @@ enum ATTRIBUTE_KV_INDEX
ATTRIBUTE_KV_MAX
};
-const struct kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index);
-const struct kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index);
+const struct utable_kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index);
+const struct utable_kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index);
#ifdef __cplusplus
diff --git a/include/stellar/security_enforcer.h b/include/stellar/security_enforcer.h
new file mode 100644
index 0000000..aff00b2
--- /dev/null
+++ b/include/stellar/security_enforcer.h
@@ -0,0 +1,21 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "stellar/module.h"
+#include "stellar/packet.h"
+
+#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module"
+
+#define PACKET_BASED_SECURITY_ENFORCER_NODE "packet_based_security_enforcer_node"
+void packet_based_security_enforcer_node_entry(struct packet *pkt, struct module *mod);
+
+#define SESSION_BASED_SECURITY_ENFORCER_NODE "session_based_security_enforcer_node"
+void session_based_security_enforcer_node_entry(struct packet *pkt, struct module *mod);
+
+#ifdef __cplusplus
+}
+#endif \ No newline at end of file
diff --git a/infra/CMakeLists.txt b/infra/CMakeLists.txt
index 9eb989c..9b21f70 100644
--- a/infra/CMakeLists.txt
+++ b/infra/CMakeLists.txt
@@ -1,7 +1,9 @@
set(INFRA exdata tuple packet_manager packet_io ip_reassembly tcp_reassembly session_manager module_manager monitor)
set(DEPS bitmap dablooms interval_tree logger nmx_pool rbtree timeout toml ringbuf)
set(DECODERS lpi_plus)
-set(WHOLE_ARCHIVE ${DEPS} ${INFRA} ${DECODERS})
+set(SCANNER scanner)
+set(ENFORCERS security_enforcer)
+set(WHOLE_ARCHIVE ${DEPS} ${INFRA} ${DECODERS} ${SCANNER} ${ENFORCERS})
set(LIBS fieldstat4)
foreach(infra ${INFRA})
diff --git a/infra/stellar_core.c b/infra/stellar_core.c
index f575b25..ff52c76 100644
--- a/infra/stellar_core.c
+++ b/infra/stellar_core.c
@@ -130,6 +130,8 @@ static void stellar_thread_join(struct stellar *st)
#include "stellar/monitor.h"
#include "stellar/session.h"
#include "stellar/lpi_plus.h"
+#include "stellar/scanner.h"
+#include "stellar/security_enforcer.h"
struct module_hooks mod_hooks[] = {
{monitor_on_init, monitor_on_exit, NULL, NULL},
@@ -155,6 +157,12 @@ struct packet_node_spec packet_nodes[] = {
{SESSION_MANAGER_MODULE_NAME, "session_manager",PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_manager_on_packet_forward},
{SESSION_MANAGER_MODULE_NAME, "session_manager",PACKET_STAGE_OUTPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_manager_on_packet_output},
{LPI_PLUS_MODULE_NAME, "lpi_plus",PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, lpi_plus_on_packet},
+
+ {SCANNER_MODULE_NAME, PACKET_BASED_SCANNER_NODE,PACKET_STAGE_INPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP | PKT_TAG_VAL_IPPROTO_ICMP, packet_based_scanner_node_entry},
+ {SCANNER_MODULE_NAME, SESSION_BASED_SCANNER_NODE,PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_based_scanner_node_entry},
+
+ {SECUIRTY_ENFORCER_MODULE_NAME, PACKET_BASED_SECURITY_ENFORCER_NODE, PACKET_STAGE_INPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP | PKT_TAG_VAL_IPPROTO_ICMP, packet_based_security_enforcer_node_entry},
+ {SECUIRTY_ENFORCER_MODULE_NAME, SESSION_BASED_SECURITY_ENFORCER_NODE, PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_based_security_enforcer_node_entry},
};
diff --git a/scanner/CMakeLists.txt b/scanner/CMakeLists.txt
index 15fbc33..720bc45 100644
--- a/scanner/CMakeLists.txt
+++ b/scanner/CMakeLists.txt
@@ -1,12 +1,12 @@
add_definitions(-fPIC)
include_directories(${CMAKE_SOURCE_DIR}/deps)
-set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c)
+set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c packet_based_scanner.c session_based_scanner.c scanner_module.c)
-add_library(scanner-static STATIC ${SCANNER_SRC})
-target_link_libraries(scanner-static fieldstat4 yyjson toml uuid maatframe)
-set_target_properties(scanner-static PROPERTIES OUTPUT_NAME scanner PREFIX "")
-set_target_properties(scanner-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
+add_library(scanner STATIC ${SCANNER_SRC})
+target_link_libraries(scanner fieldstat4 yyjson toml uuid maatframe)
+set_target_properties(scanner PROPERTIES OUTPUT_NAME scanner PREFIX "")
+set_target_properties(scanner PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map")
# add_library(scanner-shared SHARED ${SCANNER_SRC})
# set_target_properties(scanner-shared PROPERTIES OUTPUT_NAME scanner PREFIX "")
diff --git a/scanner/attribute_kv.c b/scanner/attribute_kv.c
index 749521f..111c0bd 100644
--- a/scanner/attribute_kv.c
+++ b/scanner/attribute_kv.c
@@ -8,7 +8,7 @@
struct attribute_kv
{
int magic;
- struct kv *attr_kv[ATTRIBUTE_KV_MAX];
+ struct utable_kv *attr_kv[ATTRIBUTE_KV_MAX];
};
struct attribute_kv *attribute_kv_new(void)
@@ -35,12 +35,12 @@ void attribute_kv_free(struct attribute_kv *attr)
FREE(attr->attr_kv[i]->key);
}
- switch(attr->attr_kv[i]->type)
+ switch(attr->attr_kv[i]->value_type)
{
- case VTYPE_CSTRING:
- if(attr->attr_kv[i]->value_str.str!=NULL)
+ case utable_value_type_cstring:
+ if(attr->attr_kv[i]->cstring!=NULL)
{
- FREE(attr->attr_kv[i]->value_str.str);
+ FREE(attr->attr_kv[i]->cstring);
}
break;
default:
@@ -51,22 +51,6 @@ void attribute_kv_free(struct attribute_kv *attr)
FREE(attr);
}
-void attribute_kv_set_uuid(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, uuid_t uuid)
-{
- if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN || key==NULL || key_sz==0)
- {
- return;
- }
-
- struct kv *kv=(struct kv *)CALLOC(struct kv, 1);
- kv->key=strndup(key, key_sz);
- kv->key_sz=key_sz;
- kv->type=VTYPE_UUID;
- memcpy(kv->value_uuid, uuid, sizeof(uuid_t));
-
- attr->attr_kv[index]=kv;
-}
-
void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, long long value)
{
if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN || key==NULL || key_sz==0)
@@ -74,11 +58,11 @@ void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX
return;
}
- struct kv *kv=(struct kv *)CALLOC(struct kv, 1);
+ struct utable_kv *kv=(struct utable_kv *)CALLOC(struct utable_kv, 1);
kv->key=strndup(key, key_sz);
kv->key_sz=key_sz;
- kv->type=VTYPE_INTEGER;
- kv->value_longlong=value;
+ kv->value_type=utable_value_type_integer;
+ kv->integer=value;
attr->attr_kv[index]=kv;
}
@@ -90,22 +74,22 @@ void attribute_kv_set_string(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX
return;
}
- struct kv *kv=(struct kv *)CALLOC(struct kv, 1);
+ struct utable_kv *kv=(struct utable_kv *)CALLOC(struct utable_kv, 1);
kv->key=strndup(key, key_sz);
kv->key_sz=key_sz;
- kv->type=VTYPE_CSTRING;
- kv->value_str.str=strndup(value, value_sz);
- kv->value_str.sz=value_sz;
+ kv->value_type=utable_value_type_cstring;
+ kv->cstring=strndup(value, value_sz);
+ kv->cstring_sz=value_sz;
attr->attr_kv[index]=kv;
}
-const struct kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index)
+const struct utable_kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index)
{
if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN)
{
return NULL;
}
- return (const struct kv *)(attr->attr_kv[index]);
+ return (const struct utable_kv *)(attr->attr_kv[index]);
} \ No newline at end of file
diff --git a/scanner/attribute_kv.h b/scanner/attribute_kv.h
index 8afed18..d1e69d2 100644
--- a/scanner/attribute_kv.h
+++ b/scanner/attribute_kv.h
@@ -3,13 +3,21 @@
#include <uuid/uuid.h>
#include <stellar/scanner.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
struct attribute_kv;
struct attribute_kv *attribute_kv_new(void);
void attribute_kv_free(struct attribute_kv *attr);
-void attribute_kv_set_uuid(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, uuid_t uuid);
void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, long long value);
void attribute_kv_set_string(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, const char *value, size_t value_sz);
-const struct kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index); \ No newline at end of file
+const struct utable_kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index);
+
+#ifdef __cplusplus
+}
+#endif \ No newline at end of file
diff --git a/scanner/packet_scanner.c b/scanner/packet_based_scanner.c
index d205660..a2ad540 100644
--- a/scanner/packet_scanner.c
+++ b/scanner/packet_based_scanner.c
@@ -4,11 +4,12 @@
#include "stellar/utils.h"
#include "stellar/packet.h"
-#include "stellar/packet_scanner.h"
#include "scanner_maat.h"
+#include "attribute_kv.h"
#include "attribute_schema.h"
-#include "attribute_exdata.h"
+#include "scanner_module.h"
+#include "packet_based_scanner.h"
struct packet_scanner
{
@@ -55,17 +56,17 @@ static void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_
c_net_addr->ip_type=6;
s_net_addr->ip_type=6;
- memcpy(c_net_addr->ipv6, ip6->ip_src.s6_addr, sizeof(c_net_addr->ipv6));
- memcpy(s_net_addr->ipv6, ip6->ip_dst.s6_addr, sizeof(s_net_addr->ipv6));
+ memcpy(c_net_addr->ipv6, ip6->ip6_src.s6_addr, sizeof(c_net_addr->ipv6));
+ memcpy(s_net_addr->ipv6, ip6->ip6_dst.s6_addr, sizeof(s_net_addr->ipv6));
}
-static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused)
-{
- if(ex_ptr==NULL)return;
- FREE(ex_ptr);
-}
+// static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused)
+// {
+// if(ex_ptr==NULL)return;
+// FREE(ex_ptr);
+// }
-const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index)
+const struct utable_kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index)
{
if(pkt_scanner==NULL || pkt==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN)
{
@@ -75,7 +76,7 @@ const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner
return attribute_kv_get((struct attribute_kv *)packet_get_exdata(pkt, pkt_scanner->exdata_idx), index);
}
-void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute)
+void attribute_scratch_scan(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute)
{
if(cm_maat==NULL || scan_state==NULL || attribute==NULL || n_attribute==0)
{
@@ -110,7 +111,7 @@ void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state,
scanner_scan_ipv6_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, (uint8_t *)(attribute[i].ipv6_port.ipv6), attribute[i].ipv6_port.port);
break;
case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC:
- scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name);
+ scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, stream_handle, attribute[i].chunk.value, attribute[i].chunk.value_sz);
break;
default:
break;
@@ -118,7 +119,7 @@ void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state,
if(attribute[i].schema->scan_not_logic_flag==TRUE)
{
- scanner_scan_not_logic_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state);
+ scanner_scan_not_logic_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name);
}
}
}
@@ -126,7 +127,7 @@ void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state,
size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *net_ipaddr, uuid_t *tag_uuids, size_t n_tag_uuids)
{
size_t n_ipaddr_exdata=n_tag_uuids;
- struct plugin_ip_addr_entry *ipaddr_exdata[n_ipaddr_exdata];
+ struct plugin_entry *ipaddr_exdata[n_ipaddr_exdata];
int n_exdata=scanner_maat_get0_data_ipaddr_entry(cm_maat, net_ipaddr, ipaddr_exdata, n_ipaddr_exdata);
if(n_exdata==0)
{
@@ -161,37 +162,37 @@ size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *n
return tag_ids_offset;
}
-void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, const struct layer *layers, int layers_count)
+void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct scanner_maat *cm_maat, struct attribute_schema *attr_schema, const struct layer *layers, int layer_count)
{
- if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layers_count<=0)
+ if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layer_count<=0)
{
- return 0;
+ return ;
}
int32_t c_port=-1, s_port=-1;
- const struct ip *ip4=NULL;
- const struct ip6_hdr *ip6=NULL;
- const struct tcphdr *tcp=NULL;
- const struct udphdr *udp=NULL;
- uuid_t *ip_protocol_object_uuid=NULL;
+ struct ip *ip4=NULL;
+ struct ip6_hdr *ip6=NULL;
+ struct tcphdr *tcp=NULL;
+ struct udphdr *udp=NULL;
+ // uuid_t *ip_protocol_object_uuid=NULL;
struct ip_addr c_net_addr={0}, s_net_addr={0};
- for(int j=0; j<out.layer_count; i++)
+ for(int j=0; j<layer_count; j++)
{
- switch(out.layers[j].proto)
+ switch(layers[j].proto)
{
case LAYER_PROTO_IPV4:
- ip4=(const struct ip *)out.layers[j].ip4;
+ ip4=(struct ip *)layers[j].hdr.ip4;
ip4_format_to_maat(ip4, &c_net_addr, &s_net_addr);
break;
case LAYER_PROTO_IPV6:
- ip6=(const struct ip6_hdr *)out.layers[j].ip6;
+ ip6=(struct ip6_hdr *)layers[j].hdr.ip6;
ip6_format_to_maat(ip6, &c_net_addr, &s_net_addr);
break;
case LAYER_PROTO_TCP:
// TODO: implement
// ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto);
- tcp=(const struct tcphdr *)out.layers[j].tcp;
+ tcp=(struct tcphdr *)layers[j].hdr.tcp;
if(tcp!=NULL)
{
c_port=ntohs(tcp->th_sport);
@@ -201,7 +202,7 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s
case LAYER_PROTO_UDP:
// TODO: implement
// ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto);
- udp=(const struct udphdr *)out.layers[j].udp;
+ udp=(struct udphdr *)layers[j].hdr.udp;
if(udp!=NULL)
{
c_port=ntohs(udp->uh_sport);
@@ -220,10 +221,10 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s
size_t max_tag_ids=MAX_TAG_IDS_NUM;
uuid_t tag_uuids[max_tag_ids];
- size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(&c_net_addr, c_port, tag_uuids, max_tag_ids);
+ size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(cm_maat, &c_net_addr, tag_uuids, max_tag_ids);
attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids);
- n_tag_uuids=ipaddr_entry_tag_uuid_get(&s_net_addr, s_port, tag_uuids, max_tag_ids);
+ n_tag_uuids=ipaddr_entry_tag_uuid_get(cm_maat, &s_net_addr, tag_uuids, max_tag_ids);
attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids);
if(ip4!=NULL)
@@ -234,8 +235,8 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s
if(ip6!=NULL)
{
- attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip_src.s6_addr, c_port);
- attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip_dst.s6_addr, s_port);
+ attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip6_src.s6_addr, c_port);
+ attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip6_dst.s6_addr, s_port);
}
if(c_port!=-1 && s_port!=-1)
@@ -244,62 +245,22 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s
attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]), FREE_FALSE, (long long)s_port);
}
- if(ip_protocol_object_uuid!=NULL)
- {
- attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1);
- }
-
- return 1;
+ // TODO: IP protocol
+ // if(ip_protocol_object_uuid!=NULL)
+ // {
+ // attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1);
+ // }
}
-void ie_ipport_attribute_get_from_maat_state(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, struct maat_state *scan_state, int is_client_internal)
+void packet_based_scanner_node_entry(struct packet *rawpkt, struct module *mod_scanner)
{
- enum ATTRIBUTE_SCHEMA attr_schema_idx[]={ ATTRIBUTE_SCHEMA_CLIENT_IP, ATTRIBUTE_SCHEMA_SERVER_IP, ATTRIBUTE_SCHEMA_CLIENT_PORT, ATTRIBUTE_SCHEMA_SERVER_PORT};
- for(size_t i=0; i<sizeof(attr_schema_idx)/sizeof(enum ATTRIBUTE_SCHEMA); i++)
+ if(rawpkt==NULL || mod_scanner==NULL)
{
-
- size_t indirect_object_cnt=maat_state_get_hit_item_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]);
- size_t direct_object_cnt=maat_state_get_hit_object_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]);
- if(direct_object_cnt==0 && indirect_object_cnt==0)
- {
- continue;
- }
-
- uuid_t direct_item_uuid[direct_object_cnt];
- uuid_t direct_object_uuid[direct_object_cnt];
- size_t direct_object_offset=maat_state_get_hit_items(scan_state, scanner->attr_schema[attr_schema_idx[i]], direct_item_uuid, direct_object_uuid, direct_object_cnt);
-
- uuid_t indirect_object_uuid[indirect_object_cnt];
- size_t indirect_object_offset=maat_state_get_indirect_hit_objects(scan_state, scanner->attr_schema[attr_schema_idx[i]], indirect_object_uuid, indirect_object_cnt);
-
- enum ATTRIBUTE_SCHEMA ie_attr_idx=ATTRIBUTE_SCHEMA_UNKNOWN;
- switch(attr_schema_idx[i])
- {
- case ATTRIBUTE_SCHEMA_CLIENT_IP:
- ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_IP : ATTRIBUTE_SCHEMA_EXTERNAL_IP;
- break;
- case ATTRIBUTE_SCHEMA_SERVER_IP:
- ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_IP : ATTRIBUTE_SCHEMA_INTERNAL_IP;
- break;
- case ATTRIBUTE_SCHEMA_CLIENT_PORT:
- ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_PORT : ATTRIBUTE_SCHEMA_EXTERNAL_PORT;
- break;
- case ATTRIBUTE_SCHEMA_SERVER_PORT:
- ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_PORT : ATTRIBUTE_SCHEMA_INTERNAL_PORT;
- break;
- default:
- break;
- }
-
- attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, direct_item_uuid, direct_object_uuid, direct_object_offset);
- attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, NULL, indirect_object_uuid, indirect_object_offset);
+ return ;
}
-}
-static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage stage __attribute__((unused)), void *arg)
-{
- struct scanner *scanner=(struct scanner *)arg;
- if(scanner==NULL || rawpkt==NULL)
+ struct scanner *scanner=(struct scanner *)module_get_ctx(mod_scanner);
+ if(scanner==NULL)
{
return ;
}
@@ -324,29 +285,28 @@ static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage
return ;
}
- struct attribute_kv *attr_kv=(struct attribute_kv *)CALLOC(struct attribute_kv, 1);
+ struct attribute_kv *attr_kv=attribute_kv_new();
packet_set_exdata(rawpkt, scanner->pkt_scanner->exdata_idx, (void *)attr_kv);
- struct maat_state *scan_state=maat_state_new(scanner->cm_maat, 1);
+ struct maat_state *scan_state=maat_state_new(scanner_cm_maat_get_feather(scanner->cm_maat), 1);
- size_t offset=0;
size_t attr_max=128;
size_t attr_offset=0;
struct attribute_scratch attr[attr_max];
int layers_count=2;
const struct layer *layers=packet_get_layer_by_idx(rawpkt, pkt_layer_count-layers_count);
- cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->attr_schema, layers, layers_count);
+ cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->cm_maat, scanner->attr_schema, layers, layers_count);
attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset);
attribute_scratch_reset(attr, attr_offset);
attr_offset=0;
- int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE;
- ie_ipport_attribute_get_from_maat_state(attr, attr_max, &(attr_offset), scanner->attr_schema, scan_state, is_client_internal);
+ // TODO: internal external
+ //int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE;
- attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE);
- attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE);
- attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE);
- attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE);
+ attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE);
+ attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE);
+ attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE);
+ attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE);
attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset);
attribute_scratch_reset(attr, attr_offset);
@@ -354,6 +314,16 @@ static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage
return ;
}
+struct maat_state *scanner_get_maat_state_from_packet(struct scanner *scanner, const struct packet *pkt)
+{
+ if(scanner==NULL || scanner->pkt_scanner==NULL || pkt==NULL)
+ {
+ return NULL;
+ }
+
+ return (struct maat_state *)packet_get_exdata(pkt, scanner->pkt_scanner->exdata_idx);
+}
+
struct packet_scanner *packet_scanner_new(struct scanner *scanner)
{
if(scanner==NULL)
@@ -361,36 +331,19 @@ struct packet_scanner *packet_scanner_new(struct scanner *scanner)
return NULL;
}
- struct module *pkt_mgr_mod=module_manager_get_module(scanner->mod_mgr, PACKET_MANAGER_MODULE_NAME);
- struct packet_manager *pkt_mgr=module_to_packet_manager(pkt_mgr_mod);
- struct mq_schema *mq_s=module_manager_get_mq_schema(scanner->mod_mgr);
-
- if(pkt_mgr==NULL || mq_s==NULL)
- {
- STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to get packet manager or mq schema");
- goto INIT_ERROR;
- }
-
- int ret=packet_manager_subscribe(pkt_mgr, PACKET_STAGE_INPUT, packet_stage_input_callback, (void *)scanner);
- if(ret<0)
- {
- STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to subscribe packet stage");
- goto INIT_ERROR;
- }
-
struct packet_scanner *pkt_scanner=CALLOC(struct packet_scanner, 1);
- pkt_scanner->exdata_idx=packet_manager_new_packet_exdata_index(pkt_mgr, "SCANNER_EXDATA_SESSION", packet_scanner_exdata_free, (void *)scanner);
- if(pkt_scanner->exdata_idx<0)
- {
- STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to create exdata index");
- goto INIT_ERROR;
- }
-
- return pkt_scanner;
-
-INIT_ERROR:
- packet_scanner_free(pkt_scanner);
- return NULL;
+// // pkt_scanner->exdata_idx=packet_manager_new_packet_exdata_index(pkt_mgr, "SCANNER_EXDATA_SESSION", packet_scanner_exdata_free, (void *)scanner);
+// // if(pkt_scanner->exdata_idx<0)
+// // {
+// // STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to create exdata index");
+// // goto INIT_ERROR;
+// // }
+
+ return pkt_scanner;
+
+// // INIT_ERROR:
+// // packet_scanner_free(pkt_scanner);
+// return NULL;
}
void packet_scanner_free(struct packet_scanner *pkt_scanner)
diff --git a/scanner/packet_scanner.h b/scanner/packet_based_scanner.h
index b10a481..ce5b6e4 100644
--- a/scanner/packet_scanner.h
+++ b/scanner/packet_based_scanner.h
@@ -3,8 +3,17 @@
#include "stellar/scanner.h"
#include "stellar/module.h"
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
struct packet_scanner;
void packet_scanner_free(struct packet_scanner *pkt_scanner);
struct packet_scanner *packet_scanner_new(struct scanner *scanner);
-const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); \ No newline at end of file
+const struct utable_kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index);
+
+#ifdef __cplusplus
+}
+#endif \ No newline at end of file
diff --git a/scanner/scanner_maat.c b/scanner/scanner_maat.c
index e446830..0270e1b 100644
--- a/scanner/scanner_maat.c
+++ b/scanner/scanner_maat.c
@@ -8,9 +8,37 @@
#include "scanner_maat.h"
#include "scanner_toml.h"
+#include "scanner_module.h"
#define MAX_MATCH_RULES_NUM 128
+enum CM_MAAT_PLUGIN
+{
+ CM_MAAT_PLUGIN_APP_ID_DICT=0,
+ CM_MAAT_PLUGIN_SESSION_OPTION, //T_VSYS_INFO,
+ CM_MAAT_PLUGIN_POLICY_OBJECT,
+ CM_MAAT_PLUGIN_LIBRARY_TAG,
+ CM_MAAT_PLUGIN_IP_ADDR_ENTRY,
+ CM_MAAT_PLUGIN_FQDN_ENTRY,
+ CM_MAAT_PLUGIN_ATTRIBUTE_DICT,
+ CM_MAAT_PLUGIN_MAX
+};
+
+enum SD_MAAT_PLUGIN
+{
+ SD_MAAT_PLUGIN_GTP_IP2SIGNALING=0,
+ SD_MAAT_PLUGIN_DYNAMIC_IPPORT_MAPPING,
+ SD_MAAT_PLUGIN_MAX
+};
+
+struct maat_plugin_table
+{
+ const char *name;
+ maat_ex_new_func_t *ex_new;
+ maat_ex_free_func_t *ex_free;
+ maat_ex_dup_func_t *ex_dup;
+};
+
struct maat_parameter
{
bool stat_enabled;
@@ -36,32 +64,6 @@ struct maat_parameter
char foreign_content_dir[PATH_MAX];
};
-struct maat_plugin_table
-{
- const char *name;
- maat_ex_new_func_t *ex_new;
- maat_ex_free_func_t *ex_free;
- maat_ex_dup_func_t *ex_dup;
-};
-
-enum CM_MAAT_PLUGIN
-{
- CM_MAAT_PLUGIN_APP_ID_DICT=0,
- CM_MAAT_PLUGIN_SESSION_OPTION, //T_VSYS_INFO,
- CM_MAAT_PLUGIN_POLICY_OBJECT,
- CM_MAAT_PLUGIN_LIBRARY_TAG,
- CM_MAAT_PLUGIN_IP_ADDR_ENTRY,
- CM_MAAT_PLUGIN_FQDN_ENTRY,
- CM_MAAT_PLUGIN_ATTRIBUTE_DICT,
- CM_MAAT_PLUGIN_MAX
-};
-
-enum SD_MAAT_PLUGIN
-{
- SD_MAAT_PLUGIN_GTP_IP2SIGNALING=0,
- SD_MAAT_PLUGIN_DYNAMIC_IPPORT_MAPPING,
- SD_MAAT_PLUGIN_MAX
-};
struct scanner_maat
{
@@ -216,11 +218,6 @@ void scanner_maat_exdata_app_id_dict_free(const char *table_name __attribute__((
*ad=NULL;
}
-const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid)
-{
- return (struct app_id_dict *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_APP_ID_DICT].name, (const char *)&appid, sizeof(appid));
-}
-
void scanner_maat_virtual_system_parameter_new(const char *table_name __attribute__((unused)), const char *key __attribute__((unused)), const char *table_line, void **ad, long argl __attribute__((unused)), void *argp __attribute__((unused)))
{
yyjson_doc *doc=yyjson_read(table_line, strlen(table_line), 0);
@@ -275,7 +272,7 @@ void scanner_maat_virtual_system_parameter_free(const char *table_name __attribu
const struct virtual_system_parameter *scanner_maat_get_virtual_system_parameter(struct scanner_maat *cm_maat, int32_t t_vsys_id)
{
- return (struct virtual_system_parameter *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_SESSION_OPTION].name, (const char *)&t_vsys_id, sizeof(t_vsys_id));
+ return (const struct virtual_system_parameter *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_SESSION_OPTION].name, (const char *)&t_vsys_id, sizeof(t_vsys_id));
}
enum POLICY_OBJECT_OPTION object_statistics_option_convert(char *option)
@@ -569,7 +566,7 @@ void scanner_maat_exdata_fqdn_entry_free(const char *table_name __attribute__((u
int scanner_maat_get0_fqdn_entry(struct scanner_maat *cm_maat, char *server_fqdn, struct plugin_entry **exdata, size_t n_exdata)
{
- return maat_fqdn_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_FQDN_ENTRY].name, server_fqdn, (void **)exdata, n_exdata);
+ return (int)maat_fqdn_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_FQDN_ENTRY].name, server_fqdn, (void **)exdata, n_exdata);
}
void mobile_identify_parse(yyjson_val *mobile_identify, struct user_identification *uid, const char *table_name __attribute__((unused)))
@@ -980,6 +977,11 @@ void scanner_maat_free(struct scanner_maat *cm_maat)
FREE(cm_maat);
}
+struct maat *scanner_cm_maat_get_feather(struct scanner_maat *cm_maat)
+{
+ return ((cm_maat==NULL) ? NULL : cm_maat->feather);
+}
+
void scanner_cm_maat_free(struct scanner_maat *cm_maat)
{
scanner_maat_free(cm_maat);
diff --git a/scanner/scanner_maat.h b/scanner/scanner_maat.h
index 918a872..2ca41ea 100644
--- a/scanner/scanner_maat.h
+++ b/scanner/scanner_maat.h
@@ -1,7 +1,7 @@
#pragma once
#include <uuid/uuid.h>
-#include <stellar/scanner.h>
+#include "stellar/scanner.h"
#ifdef __cplusplus
extern "C"
@@ -13,6 +13,7 @@ struct scanner_maat;
/* cm maat api */
void scanner_cm_maat_free(struct scanner_maat *cm_maat);
struct scanner_maat *scanner_cm_maat_new(struct logger *logger, const char *toml_path, int max_thread_num);
+struct maat *scanner_cm_maat_get_feather(struct scanner_maat *cm_maat);
enum POLICY_OBJECT_OPTION
{
@@ -88,9 +89,6 @@ struct app_id_dict
char *action_parameter;
};
-const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid);
-
-
void scanner_scan_not_logic_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name);
void scanner_scan_object_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uuid_t *object_uuid, uuid_t *item_uuid, size_t n_uuids);
void scanner_scan_flag_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_flag);
diff --git a/scanner/scanner.c b/scanner/scanner_module.c
index 47dab5b..0ecb6c8 100644
--- a/scanner/scanner.c
+++ b/scanner/scanner_module.c
@@ -2,6 +2,9 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <net/if.h>
+#include <errno.h>
+#include <arpa/inet.h>
#include <uuid/uuid.h>
#include <sys/ioctl.h>
@@ -13,7 +16,10 @@
#include "stellar/session.h"
#include "scanner_toml.h"
-#include "scanner_shared.h"
+#include "scanner_maat.h"
+#include "scanner_module.h"
+#include "packet_based_scanner.h"
+#include "session_based_scanner.h"
void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz)
{
@@ -42,7 +48,7 @@ void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz
}
size_t sn_sz=yyjson_get_len(sn);
- memcmp(device_sn, yyjson_get_str(sn), MIN(sn_sz, device_sn_sz-1));
+ memcpy(device_sn, yyjson_get_str(sn), MIN(sn_sz, device_sn_sz-1));
ERROR:
yyjson_doc_free(doc);
@@ -55,7 +61,7 @@ int device_nic_name_to_ipv4(const char *nic_name, char *ipv4, size_t ipv4_sz, st
if(fd<0)
{
STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "device_nic_name_to_ipv4(%s), socket: %s", nic_name, strerror(errno));
- return ;
+ return -1;
}
struct ifreq ifr;
@@ -67,10 +73,13 @@ int device_nic_name_to_ipv4(const char *nic_name, char *ipv4, size_t ipv4_sz, st
}
else
{
- inet_ntop(AF_INET, &((ifr.ifr_ifru.ifru_addr)->sin_addr.s_addr), ipv4, ipv4_sz);
+ // inet_ntop(AF_INET, &((ifr.ifr_ifru.ifru_addr)->sin_addr.s_addr), ipv4, ipv4_sz);
+ inet_ntop(AF_INET, &((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr, ipv4, ipv4_sz);
}
close(fd);
+
+ return 1;
}
void global_parameter_get(struct logger *logger, const char *toml_path, const char *table_key, struct global_parameter *para)
@@ -179,7 +188,7 @@ uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PRO
case IP_PROTOCOL_TCP:
case IP_PROTOCOL_UDP:
case IP_PROTOCOL_ICMP:
- return &(scanner->ip_protocol_object_uuid[ipproto]);
+ return &(scanner->default_para.ip_protocol_object_uuid[ipproto]);
default:
break;
}
@@ -189,7 +198,7 @@ uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PRO
uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value)
{
- return ((value==true) ? &(matcher->boolean_true_object_uuid) : &(matcher->boolean_false_object_uuid));
+ return ((value==true) ? &(scanner->default_para.boolean_true_object_uuid) : &(scanner->default_para.boolean_false_object_uuid));
}
void scanner_default_parameter_init(struct default_parameter *para)
@@ -200,19 +209,16 @@ void scanner_default_parameter_init(struct default_parameter *para)
uuid_parse("00000000-0000-0000-0000-000000000005", para->ip_protocol_object_uuid[IP_PROTOCOL_ICMP]);
uuid_parse("00000000-0000-0000-0000-000000000006", para->ip_protocol_object_uuid[IP_PROTOCOL_TCP]);
uuid_parse("00000000-0000-0000-0000-000000000007", para->ip_protocol_object_uuid[IP_PROTOCOL_UDP]);
+}
- for(int i=0; i<TUNNEL_LEVEL_NUM; i++)
- {
- char uuid_str[UUID_STR_LEN];
- snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-0000000000%02d", 50+i);
- uuid_parse(uuid_str, para->tunnel_level_object_uuid[i]);
- }
-
- para->tunnel_app_id[TUNNEL_TYPE_GRE]=58;
- para->tunnel_app_id[TUNNEL_TYPE_GTP]=59;
- para->tunnel_app_id[TUNNEL_TYPE_GTPV2]=735;
- para->tunnel_app_id[TUNNEL_TYPE_IP_IN_IP]=0;
- para->tunnel_app_id[TUNNEL_TYPE_NONE]=0;
+struct maat *scanner_get_maat_instance(struct scanner *scanner)
+{
+ if(scanner==NULL)
+ {
+ return NULL;
+ }
+
+ return scanner_cm_maat_get_feather(scanner->cm_maat);
}
struct scanner *scanner_module_to_scanner(struct module *mod)
@@ -222,6 +228,17 @@ struct scanner *scanner_module_to_scanner(struct module *mod)
return (struct scanner *)module_get_ctx(mod);
}
+void scanner_module_exit(struct module_manager *mod_mgr, struct module *mod)
+{
+ if(mod_mgr==NULL)return;
+ if(mod)
+ {
+ struct scanner *scanner=(struct scanner *)module_get_ctx(mod);
+ FREE(scanner);
+ module_free(mod);
+ }
+}
+
struct module *scanner_module_init(struct module_manager *mod_mgr)
{
if(mod_mgr==NULL)return NULL;
@@ -238,17 +255,11 @@ struct module *scanner_module_init(struct module_manager *mod_mgr)
scanner_default_parameter_init(&(scanner->default_para));
attribute_schema_init(scanner->attr_schema, ATTRIBUTE_SCHEMA_MAX);
- int max_thread_num=module_manager_get_max_thread_num(mod_mgr);
const char *toml_path=module_manager_get_toml_path(mod_mgr);
- global_parameter_get(scanner->logger, toml_path, "scanner", &(scanner->default_para));
-
- scanner->maat=scanner_maat_new(scanner->logger, toml_path, max_thread_num);
- if(scanner->maat==NULL)
- {
- goto INIT_ERROR;
- }
+ global_parameter_get(scanner->logger, toml_path, "scanner", &(scanner->global_para));
- session_scanner_new(mod_mgr, scanner)
+ scanner->pkt_scanner=packet_scanner_new(scanner);
+ scanner->sess_scanner=session_scanner_new(scanner);
return mod;
@@ -256,15 +267,4 @@ INIT_ERROR:
scanner_module_exit(mod_mgr, mod);
exit(-1);
return NULL;
-}
-
-void scanner_module_exit(struct module_manager *mod_mgr, struct module *mod)
-{
- if(mod_mgr==NULL)return;
- if(mod)
- {
- struct scanner *scanner=(struct scanner *)module_get_ctx(mod);
- FREE(scanner);
- module_free(mod);
- }
-}
+} \ No newline at end of file
diff --git a/scanner/scanner_internal.h b/scanner/scanner_module.h
index 48fe39d..89a80a4 100644
--- a/scanner/scanner_internal.h
+++ b/scanner/scanner_module.h
@@ -10,6 +10,15 @@
#include "attribute_schema.h"
+enum IP_PROTOCOL
+{
+ IP_PROTOCOL_UNKNOWN=0,
+ IP_PROTOCOL_ICMP=1,
+ IP_PROTOCOL_TCP,
+ IP_PROTOCOL_UDP,
+ IP_PROTOCOL_MAX
+};
+
struct global_parameter
{
char sled_ip[NAME_MAX];
@@ -26,13 +35,15 @@ struct global_parameter
struct default_parameter
{
- int32_t tunnel_app_id[TUNNEL_TYPE_MAX];
uuid_t boolean_true_object_uuid;
uuid_t boolean_false_object_uuid;
uuid_t ip_protocol_object_uuid[IP_PROTOCOL_MAX];
- uuid_t tunnel_level_object_uuid[TUNNEL_LEVEL_NUM];
};
+struct scanner_maat;
+struct packet_scanner;
+struct session_scanner;
+
struct scanner
{
struct logger *logger;
@@ -44,28 +55,11 @@ struct scanner
struct scanner_maat *sd_maat;
struct packet_scanner *pkt_scanner;
+ struct session_scanner *sess_scanner;
struct attribute_schema attr_schema[ATTRIBUTE_SCHEMA_MAX];
};
-enum IP_PROTOCOL
-{
- IP_PROTOCOL_UNKNOWN=0,
- IP_PROTOCOL_ICMP=1,
- IP_PROTOCOL_TCP,
- IP_PROTOCOL_UDP,
- IP_PROTOCOL_MAX
-};
-
-int32_t scanner_get_default_app_id(struct scanner *scanner);
uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value);
-int32_t scanner_get_tunnel_app_id(struct scanner *scanner, enum TUNNEL_TYPE tunnel_type);
-uuid_t *scanner_get0_tunnel_level_object_uuid(struct scanner *scanner, int32_t tunnel_level);
-
-const char *scanner_get_rule_table_alias_name(struct scanner *scanner, enum RULE_TYPE type);
-
-void scanner_message_hit_rule_free(struct packet *rawpkt, void *msg, void *msg_free_arg);
-void scanner_message_hit_object_free(struct packet *rawpkt, void *msg, void *msg_free_arg);
-
void scanner_print_debug_hit_object(struct scanner *scanner, const char *readable_addr, struct maat_hit_object *hit_object_list, size_t hit_object_num);
void scanner_print_debug_hit_rule(struct scanner *scanner, const char *readable_addr, const char *tablename, uuid_t *rule_uuid_list, size_t rule_uuid_num);
diff --git a/scanner/session_based_scanner.c b/scanner/session_based_scanner.c
new file mode 100644
index 0000000..a154b68
--- /dev/null
+++ b/scanner/session_based_scanner.c
@@ -0,0 +1,72 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "stellar/utils.h"
+#include "stellar/session.h"
+
+#include "attribute_kv.h"
+#include "session_based_scanner.h"
+
+struct session_scanner
+{
+ int exdata_idx;
+ struct scannner *scanner;
+ struct logger *logger;
+};
+
+// static void session_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused)
+// {
+// if(ex_ptr==NULL)return;
+// FREE(ex_ptr);
+// }
+
+const struct utable_kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index)
+{
+ if(sess_scanner==NULL || sess==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN)
+ {
+ return NULL;
+ }
+
+ return attribute_kv_get((struct attribute_kv *)session_get_exdata(sess, sess_scanner->exdata_idx), index);
+}
+
+void session_based_scanner_node_entry(struct packet *pkt __attribute__((unused)), struct module *mod __attribute__((unused)))
+{
+
+}
+
+struct session_scanner *session_scanner_new(struct scanner *scanner)
+{
+ if(scanner==NULL)
+ {
+ return NULL;
+ }
+
+ struct session_scanner *sess_scanner=CALLOC(struct session_scanner, 1);
+// sess_scanner->scanner=scanner;
+// sess_scanner->logger=module_manager_get_logger(mod_mgr);
+
+// sess_scanner->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "SCANNER_EXDATA_SESSION", session_scanner_exdata_free, NULL);
+// if(sess_scanner->exdata_idx<0)
+// {
+// STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to create exdata index");
+// goto INIT_ERROR;
+// }
+
+ return sess_scanner;
+
+// // INIT_ERROR:
+// // session_scanner_free(sess_scanner);
+// return NULL;
+}
+
+void session_scanner_free(struct session_scanner *sess_scanner)
+{
+ if(sess_scanner==NULL)
+ {
+ return ;
+ }
+
+ FREE(sess_scanner);
+} \ No newline at end of file
diff --git a/scanner/session_based_scanner.h b/scanner/session_based_scanner.h
new file mode 100644
index 0000000..c6bcbec
--- /dev/null
+++ b/scanner/session_based_scanner.h
@@ -0,0 +1,23 @@
+#pragma once
+
+#include "utable/utable.h"
+
+#include "stellar/module.h"
+#include "stellar/scanner.h"
+#include "stellar/session.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+struct session_scanner;
+
+const struct utable_kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index);
+struct session_scanner *session_scanner_new(struct scanner *scanner);
+void session_scanner_free(struct session_scanner *sess_scanner);
+
+
+#ifdef __cplusplus
+}
+#endif \ No newline at end of file
diff --git a/scanner/session_scanner.c b/scanner/session_scanner.c
deleted file mode 100644
index dad6ea2..0000000
--- a/scanner/session_scanner.c
+++ /dev/null
@@ -1,83 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "stellar/utils.h"
-#include "stellar/session.h"
-#include "stellar/session_scanner.h"
-
-struct session_scanner
-{
- int exdata_idx;
- struct scannner *scanner;
- struct logger *logger;
-};
-
-static void session_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused)
-{
- if(ex_ptr==NULL)return;
- FREE(ex_ptr);
-}
-
-const struct kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index)
-{
- if(sess_scanner==NULL || sess==NULL || index>=ATTRIBUTE_INDEX_MAX || index<=ATTRIBUTE_KV_UNKNOWN)
- {
- return NULL;
- }
-
- return attribute_kv_get((struct attribute_kv *)session_get_exdata(sess, sess_scanner->exdata_idx), index);
-}
-
-static void session_scanner_on_session(struct session *sess, enum session_state state, struct packet *pkt, void *args)
-{
-
-}
-
-struct session_scanner *session_scanner_new(struct module_manager *mod_mgr, struct scanner *scanner)
-{
- if(mod_mgr==NULL || scanner==NULL)
- {
- return NULL;
- }
-
- struct session_scanner *sess_scanner=CALLOC(struct session_scanner, 1);
- sess_scanner->scanner=scanner;
- sess_scanner->logger=module_manager_get_logger(mod_mgr);
-
- struct module *sess_mgr_mod=module_manager_get_module(mod_mgr, SESSION_MANAGER_MODULE_NAME);
- struct session_manager *sess_mgr=module_to_session_manager(sess_mgr_mod);
- struct mq_schema *mq_s=module_manager_get_mq_schema(mod_mgr);
-
- if(sess_mgr==NULL || mq_s==NULL)
- {
- STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to get session manager or mq schema");
- goto INIT_ERROR;
- }
-
- session_manager_subscribe_tcp(sess_mgr, session_scanner_on_session, sess_scanner);
- session_manager_subscribe_udp(sess_mgr, session_scanner_on_session, sess_scanner);
-
- sess_scanner->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "SCANNER_EXDATA_SESSION", session_scanner_exdata_free, NULL);
- if(sess_scanner->exdata_idx<0)
- {
- STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to create exdata index");
- goto INIT_ERROR;
- }
-
- return sess_scanner;
-
-INIT_ERROR:
- session_scanner_free(sess_scanner);
- return NULL;
-}
-
-void session_scanner_free(struct session_scanner *sess_scanner)
-{
- if(sess_scanner==NULL)
- {
- return ;
- }
-
- FREE(sess_scanner);
-} \ No newline at end of file
diff --git a/scanner/session_scanner.h b/scanner/session_scanner.h
deleted file mode 100644
index 3496d10..0000000
--- a/scanner/session_scanner.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#pragma once
-
-#include "stellar/scanner.h"
-#include "stellar/module.h"
-
-const struct kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index);
-struct session_scanner *session_scanner_new(struct module_manager *mod_mgr, struct scanner *scanner);
-void session_scanner_free(struct session_scanner *sess_scanner) \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:17:11 +0000