Save 2024-10-31

author: yangwei <[email protected]> 2024-10-31 18:33:46 +0800
committer: liuxueli <[email protected]> 2024-11-27 06:36:26 +0000
commit: d614eee2343e4899797ed4b9f8982ff489397074 (patch)
tree: a0cb3031bb03bc9b499b8eeb95f67c0f8e784f1d
parent: 095af99633290d878309e3833655f1bfe27e2c41 (diff)
2 files changed, 105 insertions, 79 deletions
diff --git a/include/stellar/kv.h b/include/stellar/kv.h
new file mode 100644
index 0000000..c9c2c81
--- /dev/null
+++ b/include/stellar/kv.h
@@ -0,0 +1,52 @@
+#pragma once
+
+#include <stddef.h>
+#include <uuid/uuid.h>
+
+enum vtype
+{
+	FIELD_VALUE_INTEGER,
+	FIELD_VALUE_DOUBLE,
+	FIELD_VALUE_CSTRING,
+};
+
+struct kv 
+{
+	const char *key;
+	size_t key_sz;
+    enum vtype type;
+	union
+	{
+		long long value_longlong;
+		double value_double;
+		struct
+		{
+			const char *str;
+			size_t sz;
+		}value_str;
+		uuid_t uuid;
+		struct
+		{
+			struct kv **elements;
+			size_t n_element;
+		}value_list;
+	};
+};
+
+struct kv_table;
+
+struct kv_table *kv_table_new(size_t n_reserved);
+struct kv_table *kv_table_new_by_indexing(struct kv *kv);
+
+
+
+struct kv_table
+{
+	struct kv *kv;
+	UT_handle hh;
+};
+
+
+int kv_table_add(struct kv_table *table, struct kv *kv);
+
+const struct kv *kv_table_get(struct kv_table *table, const char *key, size_t key_sz);
+\ No newline at end of file
diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h
index 6655b9b..442f632 100644
--- a/include/stellar/scanner.h
+++ b/include/stellar/scanner.h
@@ -8,13 +8,13 @@ extern "C"
 #include "maat.h"
 #include <stddef.h>
 
-struct scanner_module; 
-struct scanner_module *stellar_module_get_scanner(struct stellar_module_manager *mod_mgr);
+struct scanner; 
+struct scanner *stellar_module_get_scanner(struct stellar_module_manager *mod_mgr);
 
 /*
     @ return cm maat instance
 */
-struct maat *scanner_module_get_maat_instance(struct scanner_module *scanner);
+struct maat *scanner_module_get_maat_instance(struct scanner *scanner);
 
 //const char *plugin_exdata_get0_object_table_name(struct maat *cm_maat, const char *attribute_name);
 
@@ -22,23 +22,6 @@ struct maat *scanner_module_get_maat_instance(struct scanner_module *scanner);
    @ exdata/message shares the memory of policy_exdata, so we need to free the memory of policy_exdata in exdata free callback
 */
 
-typedef void security_rule_on_packet_callback(struct packet *pkt, uuid_t rule_uuids[], int appid[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_security_rule_on_packet(struct scanner_module *scanner, security_rule_on_packet_callback *cb, void *args);
-
-typedef void security_rule_on_session_callback(struct session *sess, uuid_t rule_uuids[], int appid[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_security_rule_on_session(struct scanner_module *scanner, security_rule_on_session_callback *cb, void *args);
-
-typedef void monitor_rule_on_packet_callback(struct packet *pkt, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_monitor_rule_on_packet(struct scanner_module *scanner, monitor_rule_on_packet_callback *cb, void *args);
-
-typedef void monitor_rule_on_session_callback(struct session *sess, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_monitor_rule_on_session(struct scanner_module *scanner, monitor_rule_on_session_callback *cb, void *args);
-
-typedef void dos_protection_rule_on_packet_callback(struct packet *pkt, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_dos_protection_rule_on_packet(struct scanner_module *scanner, dos_protection_rule_on_packet_callback *cb, void *args);
-
-typedef void dos_protection_rule_on_session_callback(struct session *sess, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_dos_protection_rule_on_session(struct scanner_module *scanner, dos_protection_rule_on_session_callback *cb, void *args);
 
 enum RULE_TYPE
 {
@@ -53,15 +36,26 @@ enum RULE_TYPE
   RULE_TYPE_MAX
 };
 
-struct policy_exdata;
-struct policy_exdata *scanner_module_get0_policy_exdata_on_session(struct scanner_module *scanner, struct session *sess);
-struct policy_exdata *scanner_module_get0_policy_exdata_on_packet(struct scanner_module *scanner, struct packet *pkt);
+typedef void packet_match_callback(struct packet *pkt, uuid_t rule[], size_t n_rule, void *args);
+
+int scanner_subscribe_packet_match(struct scanner * scanner, enum RULE_TYPE type, packet_match_callback *cb, void *args);
+
+typedef void session_match_callback(struct session *sess, struct packet *pkt, uuid_t rule[], size_t n_rule, void *args);
 
-size_t policy_exdata_get0_cumulative_rule_count(struct policy_exdata *exdata, enum RULE_TYPE rule_type);
-size_t policy_exdata_get0_cumulative_rules(struct policy_exdata *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
+int scanner_subscribe_session_match(struct scanner * scanner, enum RULE_TYPE type, session_match_callback *cb, void *args);
+
+struct scanner_state;
+
+int scanner_state_get_security_policy_matched_appid(struct scanner_state *state, uuid_t rule);
+
+const struct scanner_state *scanner_get_state_on_session(struct scanner *scanner, struct session *sess);
+const struct scanner_state *scanner_get_state_on_packet(struct scanner *scanner, struct packet *pkt);
+
+size_t scanner_state_get_history_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type);
+size_t scanner_state_get_history_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
  
-size_t policy_exdata_get0_delta_rule_count(struct policy_exdata *exdata, enum RULE_TYPE rule_type);
-size_t policy_exdata_get0_delta_rules(struct policy_exdata *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
+size_t scanner_state_get_current_packet_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type);
+size_t scanner_state_get_current_packet_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
 
 enum ATTRIBUTE_TYPE
 {
@@ -72,19 +66,17 @@ enum ATTRIBUTE_TYPE
   ATTRIBUTE_TYPE_MAX
 };
 
-const char *plugin_exdata_get0_available_object_type(struct maat *cm_maat, const char *attribute_name);
+const char *scanner_attribute_name_to_object_type(struct scanner *scanner, const char *attribute_name);
 
 /* object option is brief or elaborate */
-size_t policy_exdata_get0_cumulative_object_count(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type);
-size_t policy_exdata_get0_cumulative_hit_objects(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
+size_t scanner_state_get_history_object_count(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type);
+size_t scanner_state_get_current_packet_hit_objects(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
  
-size_t policy_exdata_get0_delta_hit_object_count(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type);
-size_t policy_exdata_get0_delta_hit_objects(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
+size_t scanner_state_get_current_packet_hit_object_count(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type);
+size_t scanner_state_get_current_packet_hit_objects(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
 
-void scanner_module_mark_log_option_on_session(struct scanner_module *scanner, struct session *sess, enum LOG_OPTION log_option);
-void scanner_module_mark_packet_capture_on_session(struct scanner_module *scanner, struct session *sess, size_t depth);
-void scanner_module_mark_packet_mirroring_on_session(struct scanner_module *scanner, struct session *sess, int32_t *vlan_id, size_t n_vlan_id);
-void scanner_module_mark_packet_mirroring_on_packet(struct scanner_module *scanner, struct packet *pkt, int32_t *vlan_id, size_t n_vlan_id);
+void scanner_session_record_enable_brief(struct scanner *scanner, struct session *session);
+void scanner_session_record_enable_elaborate(struct scanner *scanner, struct session *session);
 
 /*
   Session JSON: 
@@ -97,53 +89,35 @@ void scanner_module_mark_packet_mirroring_on_packet(struct scanner_module *scann
     Decode Path / Decode AS
 */
 
-struct attribute_exdata *scanner_module_get0_attribute_exdata_on_session(struct scanner_module *scanner, struct session *sess);
-struct attribute_exdata *scanner_module_get0_attribute_exdata_on_packet(struct scanner_module *scanner, struct packet *pkt);
+#include "stellar/kv.h"
 
-struct attribute_exdata
+enum attribute_index
 {
-  char *application;
-  size_t application_sz;
-  char *application_category;
-  size_t application_category_sz;
-  char *application_transition;
-  size_t application_transition_sz;
-  char *application_content;
-  size_t application_content_sz;
-  char *server_fqdn;
-  size_t server_fqdn_sz;
-  char *server_domain;
-  size_t server_domain_sz;
-  char *imei;
-  size_t imei_sz;
-  char *imsi;
-  size_t imsi_sz;
-  char *phone_number;
-  size_t phone_number_sz;
-  char *apn;
-  size_t apn_sz;
-  char *client_subscriber_id;
-  size_t client_subscriber_id_sz;
-  char *client_asn;
-  size_t client_asn_sz;
-  char *server_asn;
-  size_t server_asn_sz;
-  char *client_country_code;
-  size_t client_country_code_sz;
-  char *server_country_code;
-  size_t server_country_code_sz;
-  char *decode_path;
-  size_t decode_path_sz;
-  char *decode_as;
-  size_t decode_as_sz;
-  uuid_t *client_ip_tag_rule_uuids;
-  size_t n_client_ip_tag_rule_uuids;
-  uuid_t *server_ip_tag_rule_uuids;
-  size_t n_server_ip_tag_rule_uuids;
-  uuid_t *server_fqdn_tag_rule_uuids;
-  size_t n_server_fqdn_tag_rule_uuids;
+  ATTRIBUTE_APPLICATION=0,
+  ATTRIBUTE_APPLICATION_CATEGORY,
+  ATTRIBUTE_APPLICATION_TRANSITION,
+  ATTRIBUTE_APPLICATION_CONTENT,
+  ATTRIBUTE_SERVER_FQDN,
+  ATTRIBUTE_SERVER_DOMAIN,
+  ATTRIBUTE_IMEI,
+  ATTRIBUTE_IMSI,
+  ATTRIBUTE_PHONE_NUMBER,
+  ATTRIBUTE_APN,
+  ATTRIBUTE_CLIENT_SUBSCRIBER_ID,
+  ATTRIBUTE_CLIENT_ASN,
+  ATTRIBUTE_SERVER_ASN,
+  ATTRIBUTE_CLIENT_COUNTRY_CODE,
+  ATTRIBUTE_SERVER_COUNTRY_CODE,
+  ATTRIBUTE_DECODE_PATH,
+  ATTRIBUTE_DECODE_AS,
+  ATTRIBUTE_MAX
 };
 
+const struct kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum attribute_index index);
+const struct kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum attribute_index index);
+
+
+
 #ifdef __cplusplus
 }
 #endif
author	yangwei <[email protected]>	2024-10-31 18:33:46 +0800
committer	liuxueli <[email protected]>	2024-11-27 06:36:26 +0000
commit	d614eee2343e4899797ed4b9f8982ff489397074 (patch)
tree	a0cb3031bb03bc9b499b8eeb95f67c0f8e784f1d
parent	095af99633290d878309e3833655f1bfe27e2c41 (diff)