diff options
24 files changed, 372 insertions, 432 deletions
diff --git a/enforcer/security/CMakeLists.txt b/enforcer/security/CMakeLists.txt index ba6869a..93295c8 100644 --- a/enforcer/security/CMakeLists.txt +++ b/enforcer/security/CMakeLists.txt @@ -3,10 +3,10 @@ include_directories(${CMAKE_SOURCE_DIR}/deps) set(SECURITY_ENFORCER_SRC ${DEPS_SRC} security_maat.c security_enforcer.cpp bucket.c) -add_library(security_enforcer-static STATIC ${SECURITY_ENFORCER_SRC}) -target_link_libraries(security_enforcer-static fieldstat4 yyjson toml uuid maatframe ctemplate-static) -set_target_properties(security_enforcer-static PROPERTIES OUTPUT_NAME security_enforcer PREFIX "") -set_target_properties(security_enforcer-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") +add_library(security_enforcer STATIC ${SECURITY_ENFORCER_SRC}) +target_link_libraries(security_enforcer fieldstat4 yyjson toml uuid maatframe ctemplate-static) +set_target_properties(security_enforcer PROPERTIES OUTPUT_NAME security_enforcer PREFIX "") +set_target_properties(security_enforcer PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") # add_library(security_enforcer-shared SHARED ${SECURITY_ENFORCER_SRC}) # set_target_properties(security_enforcer-shared PROPERTIES OUTPUT_NAME security_enforcer PREFIX "") diff --git a/enforcer/security/security_enforcer.cpp b/enforcer/security/security_enforcer.cpp index 309a453..7dec5c9 100644 --- a/enforcer/security/security_enforcer.cpp +++ b/enforcer/security/security_enforcer.cpp @@ -14,10 +14,10 @@ #include <stellar/module.h> #include <stellar/session.h> #include <stellar/packet.h> +#include <stellar/security_enforcer.h> #include "bucket.h" #include "security_maat.h" -#include "security_enforcer.h" #define ENFORCER_RULE_UUID_NUM 128 @@ -353,7 +353,7 @@ void security_enforcer_enforce_drop(struct security_enforcer_env *enforcer_env, } packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); // if(drop->send_icmp_enable) // { @@ -489,7 +489,7 @@ void security_enforcer_enforce_mail_block(struct security_enforcer_env *enforcer } packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); } void policy_user_define_variable_replace(ctemplate::TemplateDictionary *tpl_dict, uuid_t rule_uuid, char *client_ip, char *subscriber) @@ -556,7 +556,7 @@ void security_enforcer_enforce_http_block(struct security_enforcer_env *enforcer } packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); uint16_t http_hdr_len=0; char http_hdr[512]={0}; @@ -967,7 +967,7 @@ void security_enforcer_enforce_http_redirect(struct security_enforcer_env *enfor struct packet *redirect_pkt=packet_manager_build_tcp_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), c2s_origin_pkt, th_seq, th_ack, TH_PUSH, NULL, 0, payload, payload_offset); packet_manager_schedule_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), redirect_pkt, PACKET_STAGE_POSTROUTING); packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); } } @@ -1076,10 +1076,15 @@ size_t maat_state_compile(struct maat_state *state __attribute__((unused)), cons return 0; } -void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, void *arg) +void packet_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer) { - struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg; - if(enforcer_env==NULL || rawpkt==NULL) + if(rawpkt==NULL || mod_enforcer==NULL) + { + return ; + } + + struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer); + if(enforcer_env==NULL) { return ; } @@ -1107,10 +1112,15 @@ void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, v // packet_tag_get(rawpkt, &pkt_tag_key_bits, &pkt_tag_val_bits); } -void security_enforcer_session_based_node_callback(const struct packet *rawpkt, void *arg) +void session_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer) { - struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg; - if(enforcer_env==NULL || rawpkt==NULL) + if(rawpkt==NULL || mod_enforcer==NULL) + { + return ; + } + + struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer); + if(enforcer_env==NULL) { return ; } diff --git a/enforcer/security/security_enforcer.h b/enforcer/security/security_enforcer.h deleted file mode 100644 index 43f0f67..0000000 --- a/enforcer/security/security_enforcer.h +++ /dev/null @@ -1,15 +0,0 @@ -#pragma once - -#ifdef __cplusplus -extern "C" -{ -#endif - -#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module" -struct security_enforcer; -struct security_enforcer *security_enforcer_module_to_enforcer(struct module *mod); - - -#ifdef __cplusplus -} -#endif
\ No newline at end of file diff --git a/exporter/session_exporter.c b/exporter/session_exporter.c index f65e245..4ae4d7d 100644 --- a/exporter/session_exporter.c +++ b/exporter/session_exporter.c @@ -14,7 +14,7 @@ struct transaction_unique_key struct exporter_transaction { - struct kv *context; + struct utable_kv *context; long long unique_index; struct transaction_unique_key key; UT_hash_handle hh; @@ -22,7 +22,7 @@ struct exporter_transaction struct exporter_context { - struct kv *default_cotext; + struct utable_kv *default_cotext; long long transaction_offset; struct exporter_transaction *transactions; }; @@ -102,7 +102,7 @@ struct exporter_context *exporter_aquire_transaction_context(struct exporter *ex HASH_ADD(hh, context->transactions, key, sizeof(struct transaction_unique_key), transaction); } -void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv) +void exporter_context_add_kv(struct exporter_context *ctx, struct utable_kv *kv) { } diff --git a/include/stellar/enforcer.h b/include/stellar/enforcer.h deleted file mode 100644 index 0804d2f..0000000 --- a/include/stellar/enforcer.h +++ /dev/null @@ -1,11 +0,0 @@ -#pragma once - -struct enforcer; - -void enforcer_append_monitor_rule_action_on_packet(struct enforcer *enforcer, struct packet *pkt, const char *action); -void enforcer_append_monitor_rule_action_on_session(struct enforcer *enforcer, struct session *sess, const char *action); - -void enforcer_append_security_rule_action_on_packet(struct enforcer *enforcer, struct packet *pkt, const char *action); -void enforcer_append_security_rule_action_on_session(struct enforcer *enforcer, struct session *sess, const char *action); - - diff --git a/include/stellar/exporter.h b/include/stellar/exporter.h index 9232652..a24134e 100644 --- a/include/stellar/exporter.h +++ b/include/stellar/exporter.h @@ -30,7 +30,7 @@ struct exporter_context *exporter_aquire_transaction_context(struct exporter *ex // add http_action_file_size/security_rule_action // add monitor_mirrored_bytes/monitor_mirrored_packets/monitor_packet_capture_filepath // add http transaction request/response body file path -void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv); +void exporter_context_add_kv(struct exporter_context *ctx, struct utable_kv *kv); #ifdef __cplusplus } diff --git a/include/stellar/kv.h b/include/stellar/kv.h deleted file mode 100644 index c950d0a..0000000 --- a/include/stellar/kv.h +++ /dev/null @@ -1,35 +0,0 @@ -#pragma once - -#include <stddef.h> -#include <uuid/uuid.h> - -enum vtype -{ - VTYPE_INTEGER, - VTYPE_DOUBLE, - VTYPE_CSTRING, - VTYPE_UUID, -}; - -struct kv -{ - char *key; - size_t key_sz; - enum vtype type; - union - { - long long value_longlong; - double value_double; - struct - { - char *str; - size_t sz; - }value_str; - uuid_t value_uuid; - struct - { - struct kv **elements; - size_t n_element; - }value_list; - }; -}; diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h index fdabaa4..6bb150b 100644 --- a/include/stellar/scanner.h +++ b/include/stellar/scanner.h @@ -8,11 +8,19 @@ extern "C" #include "maat.h" #include <stddef.h> -#include <stellar/kv.h> -#include <stellar/module.h> -#include <stellar/session.h> +#include "utable/utable.h" +#include "stellar/module.h" +#include "stellar/session.h" +#include "stellar/packet.h" #define SCANNER_MODULE_NAME "scanner_module" + +#define PACKET_BASED_SCANNER_NODE "packet_based_scanner_node" +void packet_based_scanner_node_entry(struct packet *pkt, struct module *mod); + +#define SESSION_BASED_SCANNER_NODE "session_based_scanner_node" +void session_based_scanner_node_entry(struct packet *pkt, struct module *mod); + struct scanner; struct scanner *scanner_module_to_scanner(struct module *mod); @@ -48,8 +56,8 @@ enum ATTRIBUTE_KV_INDEX ATTRIBUTE_KV_MAX }; -const struct kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); -const struct kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); +const struct utable_kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); +const struct utable_kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); #ifdef __cplusplus diff --git a/include/stellar/security_enforcer.h b/include/stellar/security_enforcer.h new file mode 100644 index 0000000..aff00b2 --- /dev/null +++ b/include/stellar/security_enforcer.h @@ -0,0 +1,21 @@ +#pragma once + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "stellar/module.h" +#include "stellar/packet.h" + +#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module" + +#define PACKET_BASED_SECURITY_ENFORCER_NODE "packet_based_security_enforcer_node" +void packet_based_security_enforcer_node_entry(struct packet *pkt, struct module *mod); + +#define SESSION_BASED_SECURITY_ENFORCER_NODE "session_based_security_enforcer_node" +void session_based_security_enforcer_node_entry(struct packet *pkt, struct module *mod); + +#ifdef __cplusplus +} +#endif
\ No newline at end of file diff --git a/infra/CMakeLists.txt b/infra/CMakeLists.txt index 9eb989c..9b21f70 100644 --- a/infra/CMakeLists.txt +++ b/infra/CMakeLists.txt @@ -1,7 +1,9 @@ set(INFRA exdata tuple packet_manager packet_io ip_reassembly tcp_reassembly session_manager module_manager monitor) set(DEPS bitmap dablooms interval_tree logger nmx_pool rbtree timeout toml ringbuf) set(DECODERS lpi_plus) -set(WHOLE_ARCHIVE ${DEPS} ${INFRA} ${DECODERS}) +set(SCANNER scanner) +set(ENFORCERS security_enforcer) +set(WHOLE_ARCHIVE ${DEPS} ${INFRA} ${DECODERS} ${SCANNER} ${ENFORCERS}) set(LIBS fieldstat4) foreach(infra ${INFRA}) diff --git a/infra/stellar_core.c b/infra/stellar_core.c index f575b25..ff52c76 100644 --- a/infra/stellar_core.c +++ b/infra/stellar_core.c @@ -130,6 +130,8 @@ static void stellar_thread_join(struct stellar *st) #include "stellar/monitor.h" #include "stellar/session.h" #include "stellar/lpi_plus.h" +#include "stellar/scanner.h" +#include "stellar/security_enforcer.h" struct module_hooks mod_hooks[] = { {monitor_on_init, monitor_on_exit, NULL, NULL}, @@ -155,6 +157,12 @@ struct packet_node_spec packet_nodes[] = { {SESSION_MANAGER_MODULE_NAME, "session_manager",PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_manager_on_packet_forward}, {SESSION_MANAGER_MODULE_NAME, "session_manager",PACKET_STAGE_OUTPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_manager_on_packet_output}, {LPI_PLUS_MODULE_NAME, "lpi_plus",PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, lpi_plus_on_packet}, + + {SCANNER_MODULE_NAME, PACKET_BASED_SCANNER_NODE,PACKET_STAGE_INPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP | PKT_TAG_VAL_IPPROTO_ICMP, packet_based_scanner_node_entry}, + {SCANNER_MODULE_NAME, SESSION_BASED_SCANNER_NODE,PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_based_scanner_node_entry}, + + {SECUIRTY_ENFORCER_MODULE_NAME, PACKET_BASED_SECURITY_ENFORCER_NODE, PACKET_STAGE_INPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP | PKT_TAG_VAL_IPPROTO_ICMP, packet_based_security_enforcer_node_entry}, + {SECUIRTY_ENFORCER_MODULE_NAME, SESSION_BASED_SECURITY_ENFORCER_NODE, PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_based_security_enforcer_node_entry}, }; diff --git a/scanner/CMakeLists.txt b/scanner/CMakeLists.txt index 15fbc33..720bc45 100644 --- a/scanner/CMakeLists.txt +++ b/scanner/CMakeLists.txt @@ -1,12 +1,12 @@ add_definitions(-fPIC) include_directories(${CMAKE_SOURCE_DIR}/deps) -set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c) +set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c packet_based_scanner.c session_based_scanner.c scanner_module.c) -add_library(scanner-static STATIC ${SCANNER_SRC}) -target_link_libraries(scanner-static fieldstat4 yyjson toml uuid maatframe) -set_target_properties(scanner-static PROPERTIES OUTPUT_NAME scanner PREFIX "") -set_target_properties(scanner-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") +add_library(scanner STATIC ${SCANNER_SRC}) +target_link_libraries(scanner fieldstat4 yyjson toml uuid maatframe) +set_target_properties(scanner PROPERTIES OUTPUT_NAME scanner PREFIX "") +set_target_properties(scanner PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") # add_library(scanner-shared SHARED ${SCANNER_SRC}) # set_target_properties(scanner-shared PROPERTIES OUTPUT_NAME scanner PREFIX "") diff --git a/scanner/attribute_kv.c b/scanner/attribute_kv.c index 749521f..111c0bd 100644 --- a/scanner/attribute_kv.c +++ b/scanner/attribute_kv.c @@ -8,7 +8,7 @@ struct attribute_kv { int magic; - struct kv *attr_kv[ATTRIBUTE_KV_MAX]; + struct utable_kv *attr_kv[ATTRIBUTE_KV_MAX]; }; struct attribute_kv *attribute_kv_new(void) @@ -35,12 +35,12 @@ void attribute_kv_free(struct attribute_kv *attr) FREE(attr->attr_kv[i]->key); } - switch(attr->attr_kv[i]->type) + switch(attr->attr_kv[i]->value_type) { - case VTYPE_CSTRING: - if(attr->attr_kv[i]->value_str.str!=NULL) + case utable_value_type_cstring: + if(attr->attr_kv[i]->cstring!=NULL) { - FREE(attr->attr_kv[i]->value_str.str); + FREE(attr->attr_kv[i]->cstring); } break; default: @@ -51,22 +51,6 @@ void attribute_kv_free(struct attribute_kv *attr) FREE(attr); } -void attribute_kv_set_uuid(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, uuid_t uuid) -{ - if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN || key==NULL || key_sz==0) - { - return; - } - - struct kv *kv=(struct kv *)CALLOC(struct kv, 1); - kv->key=strndup(key, key_sz); - kv->key_sz=key_sz; - kv->type=VTYPE_UUID; - memcpy(kv->value_uuid, uuid, sizeof(uuid_t)); - - attr->attr_kv[index]=kv; -} - void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, long long value) { if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN || key==NULL || key_sz==0) @@ -74,11 +58,11 @@ void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX return; } - struct kv *kv=(struct kv *)CALLOC(struct kv, 1); + struct utable_kv *kv=(struct utable_kv *)CALLOC(struct utable_kv, 1); kv->key=strndup(key, key_sz); kv->key_sz=key_sz; - kv->type=VTYPE_INTEGER; - kv->value_longlong=value; + kv->value_type=utable_value_type_integer; + kv->integer=value; attr->attr_kv[index]=kv; } @@ -90,22 +74,22 @@ void attribute_kv_set_string(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX return; } - struct kv *kv=(struct kv *)CALLOC(struct kv, 1); + struct utable_kv *kv=(struct utable_kv *)CALLOC(struct utable_kv, 1); kv->key=strndup(key, key_sz); kv->key_sz=key_sz; - kv->type=VTYPE_CSTRING; - kv->value_str.str=strndup(value, value_sz); - kv->value_str.sz=value_sz; + kv->value_type=utable_value_type_cstring; + kv->cstring=strndup(value, value_sz); + kv->cstring_sz=value_sz; attr->attr_kv[index]=kv; } -const struct kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index) +const struct utable_kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index) { if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) { return NULL; } - return (const struct kv *)(attr->attr_kv[index]); + return (const struct utable_kv *)(attr->attr_kv[index]); }
\ No newline at end of file diff --git a/scanner/attribute_kv.h b/scanner/attribute_kv.h index 8afed18..d1e69d2 100644 --- a/scanner/attribute_kv.h +++ b/scanner/attribute_kv.h @@ -3,13 +3,21 @@ #include <uuid/uuid.h> #include <stellar/scanner.h> +#ifdef __cplusplus +extern "C" +{ +#endif + struct attribute_kv; struct attribute_kv *attribute_kv_new(void); void attribute_kv_free(struct attribute_kv *attr); -void attribute_kv_set_uuid(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, uuid_t uuid); void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, long long value); void attribute_kv_set_string(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, const char *value, size_t value_sz); -const struct kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index);
\ No newline at end of file +const struct utable_kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index); + +#ifdef __cplusplus +} +#endif
\ No newline at end of file diff --git a/scanner/packet_scanner.c b/scanner/packet_based_scanner.c index d205660..a2ad540 100644 --- a/scanner/packet_scanner.c +++ b/scanner/packet_based_scanner.c @@ -4,11 +4,12 @@ #include "stellar/utils.h" #include "stellar/packet.h" -#include "stellar/packet_scanner.h" #include "scanner_maat.h" +#include "attribute_kv.h" #include "attribute_schema.h" -#include "attribute_exdata.h" +#include "scanner_module.h" +#include "packet_based_scanner.h" struct packet_scanner { @@ -55,17 +56,17 @@ static void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_ c_net_addr->ip_type=6; s_net_addr->ip_type=6; - memcpy(c_net_addr->ipv6, ip6->ip_src.s6_addr, sizeof(c_net_addr->ipv6)); - memcpy(s_net_addr->ipv6, ip6->ip_dst.s6_addr, sizeof(s_net_addr->ipv6)); + memcpy(c_net_addr->ipv6, ip6->ip6_src.s6_addr, sizeof(c_net_addr->ipv6)); + memcpy(s_net_addr->ipv6, ip6->ip6_dst.s6_addr, sizeof(s_net_addr->ipv6)); } -static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) -{ - if(ex_ptr==NULL)return; - FREE(ex_ptr); -} +// static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) +// { +// if(ex_ptr==NULL)return; +// FREE(ex_ptr); +// } -const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index) +const struct utable_kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index) { if(pkt_scanner==NULL || pkt==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) { @@ -75,7 +76,7 @@ const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner return attribute_kv_get((struct attribute_kv *)packet_get_exdata(pkt, pkt_scanner->exdata_idx), index); } -void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute) +void attribute_scratch_scan(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute) { if(cm_maat==NULL || scan_state==NULL || attribute==NULL || n_attribute==0) { @@ -110,7 +111,7 @@ void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, scanner_scan_ipv6_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, (uint8_t *)(attribute[i].ipv6_port.ipv6), attribute[i].ipv6_port.port); break; case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC: - scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name); + scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, stream_handle, attribute[i].chunk.value, attribute[i].chunk.value_sz); break; default: break; @@ -118,7 +119,7 @@ void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, if(attribute[i].schema->scan_not_logic_flag==TRUE) { - scanner_scan_not_logic_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state); + scanner_scan_not_logic_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name); } } } @@ -126,7 +127,7 @@ void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *net_ipaddr, uuid_t *tag_uuids, size_t n_tag_uuids) { size_t n_ipaddr_exdata=n_tag_uuids; - struct plugin_ip_addr_entry *ipaddr_exdata[n_ipaddr_exdata]; + struct plugin_entry *ipaddr_exdata[n_ipaddr_exdata]; int n_exdata=scanner_maat_get0_data_ipaddr_entry(cm_maat, net_ipaddr, ipaddr_exdata, n_ipaddr_exdata); if(n_exdata==0) { @@ -161,37 +162,37 @@ size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *n return tag_ids_offset; } -void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, const struct layer *layers, int layers_count) +void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct scanner_maat *cm_maat, struct attribute_schema *attr_schema, const struct layer *layers, int layer_count) { - if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layers_count<=0) + if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layer_count<=0) { - return 0; + return ; } int32_t c_port=-1, s_port=-1; - const struct ip *ip4=NULL; - const struct ip6_hdr *ip6=NULL; - const struct tcphdr *tcp=NULL; - const struct udphdr *udp=NULL; - uuid_t *ip_protocol_object_uuid=NULL; + struct ip *ip4=NULL; + struct ip6_hdr *ip6=NULL; + struct tcphdr *tcp=NULL; + struct udphdr *udp=NULL; + // uuid_t *ip_protocol_object_uuid=NULL; struct ip_addr c_net_addr={0}, s_net_addr={0}; - for(int j=0; j<out.layer_count; i++) + for(int j=0; j<layer_count; j++) { - switch(out.layers[j].proto) + switch(layers[j].proto) { case LAYER_PROTO_IPV4: - ip4=(const struct ip *)out.layers[j].ip4; + ip4=(struct ip *)layers[j].hdr.ip4; ip4_format_to_maat(ip4, &c_net_addr, &s_net_addr); break; case LAYER_PROTO_IPV6: - ip6=(const struct ip6_hdr *)out.layers[j].ip6; + ip6=(struct ip6_hdr *)layers[j].hdr.ip6; ip6_format_to_maat(ip6, &c_net_addr, &s_net_addr); break; case LAYER_PROTO_TCP: // TODO: implement // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); - tcp=(const struct tcphdr *)out.layers[j].tcp; + tcp=(struct tcphdr *)layers[j].hdr.tcp; if(tcp!=NULL) { c_port=ntohs(tcp->th_sport); @@ -201,7 +202,7 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s case LAYER_PROTO_UDP: // TODO: implement // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); - udp=(const struct udphdr *)out.layers[j].udp; + udp=(struct udphdr *)layers[j].hdr.udp; if(udp!=NULL) { c_port=ntohs(udp->uh_sport); @@ -220,10 +221,10 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s size_t max_tag_ids=MAX_TAG_IDS_NUM; uuid_t tag_uuids[max_tag_ids]; - size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(&c_net_addr, c_port, tag_uuids, max_tag_ids); + size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(cm_maat, &c_net_addr, tag_uuids, max_tag_ids); attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); - n_tag_uuids=ipaddr_entry_tag_uuid_get(&s_net_addr, s_port, tag_uuids, max_tag_ids); + n_tag_uuids=ipaddr_entry_tag_uuid_get(cm_maat, &s_net_addr, tag_uuids, max_tag_ids); attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); if(ip4!=NULL) @@ -234,8 +235,8 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s if(ip6!=NULL) { - attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip_src.s6_addr, c_port); - attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip_dst.s6_addr, s_port); + attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip6_src.s6_addr, c_port); + attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip6_dst.s6_addr, s_port); } if(c_port!=-1 && s_port!=-1) @@ -244,62 +245,22 @@ void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, s attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]), FREE_FALSE, (long long)s_port); } - if(ip_protocol_object_uuid!=NULL) - { - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1); - } - - return 1; + // TODO: IP protocol + // if(ip_protocol_object_uuid!=NULL) + // { + // attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1); + // } } -void ie_ipport_attribute_get_from_maat_state(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, struct maat_state *scan_state, int is_client_internal) +void packet_based_scanner_node_entry(struct packet *rawpkt, struct module *mod_scanner) { - enum ATTRIBUTE_SCHEMA attr_schema_idx[]={ ATTRIBUTE_SCHEMA_CLIENT_IP, ATTRIBUTE_SCHEMA_SERVER_IP, ATTRIBUTE_SCHEMA_CLIENT_PORT, ATTRIBUTE_SCHEMA_SERVER_PORT}; - for(size_t i=0; i<sizeof(attr_schema_idx)/sizeof(enum ATTRIBUTE_SCHEMA); i++) + if(rawpkt==NULL || mod_scanner==NULL) { - - size_t indirect_object_cnt=maat_state_get_hit_item_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]); - size_t direct_object_cnt=maat_state_get_hit_object_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]); - if(direct_object_cnt==0 && indirect_object_cnt==0) - { - continue; - } - - uuid_t direct_item_uuid[direct_object_cnt]; - uuid_t direct_object_uuid[direct_object_cnt]; - size_t direct_object_offset=maat_state_get_hit_items(scan_state, scanner->attr_schema[attr_schema_idx[i]], direct_item_uuid, direct_object_uuid, direct_object_cnt); - - uuid_t indirect_object_uuid[indirect_object_cnt]; - size_t indirect_object_offset=maat_state_get_indirect_hit_objects(scan_state, scanner->attr_schema[attr_schema_idx[i]], indirect_object_uuid, indirect_object_cnt); - - enum ATTRIBUTE_SCHEMA ie_attr_idx=ATTRIBUTE_SCHEMA_UNKNOWN; - switch(attr_schema_idx[i]) - { - case ATTRIBUTE_SCHEMA_CLIENT_IP: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_IP : ATTRIBUTE_SCHEMA_EXTERNAL_IP; - break; - case ATTRIBUTE_SCHEMA_SERVER_IP: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_IP : ATTRIBUTE_SCHEMA_INTERNAL_IP; - break; - case ATTRIBUTE_SCHEMA_CLIENT_PORT: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_PORT : ATTRIBUTE_SCHEMA_EXTERNAL_PORT; - break; - case ATTRIBUTE_SCHEMA_SERVER_PORT: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_PORT : ATTRIBUTE_SCHEMA_INTERNAL_PORT; - break; - default: - break; - } - - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, direct_item_uuid, direct_object_uuid, direct_object_offset); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, NULL, indirect_object_uuid, indirect_object_offset); + return ; } -} -static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage stage __attribute__((unused)), void *arg) -{ - struct scanner *scanner=(struct scanner *)arg; - if(scanner==NULL || rawpkt==NULL) + struct scanner *scanner=(struct scanner *)module_get_ctx(mod_scanner); + if(scanner==NULL) { return ; } @@ -324,29 +285,28 @@ static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage return ; } - struct attribute_kv *attr_kv=(struct attribute_kv *)CALLOC(struct attribute_kv, 1); + struct attribute_kv *attr_kv=attribute_kv_new(); packet_set_exdata(rawpkt, scanner->pkt_scanner->exdata_idx, (void *)attr_kv); - struct maat_state *scan_state=maat_state_new(scanner->cm_maat, 1); + struct maat_state *scan_state=maat_state_new(scanner_cm_maat_get_feather(scanner->cm_maat), 1); - size_t offset=0; size_t attr_max=128; size_t attr_offset=0; struct attribute_scratch attr[attr_max]; int layers_count=2; const struct layer *layers=packet_get_layer_by_idx(rawpkt, pkt_layer_count-layers_count); - cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->attr_schema, layers, layers_count); + cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->cm_maat, scanner->attr_schema, layers, layers_count); attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); attribute_scratch_reset(attr, attr_offset); attr_offset=0; - int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE; - ie_ipport_attribute_get_from_maat_state(attr, attr_max, &(attr_offset), scanner->attr_schema, scan_state, is_client_internal); + // TODO: internal external + //int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE; - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE); attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); attribute_scratch_reset(attr, attr_offset); @@ -354,6 +314,16 @@ static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage return ; } +struct maat_state *scanner_get_maat_state_from_packet(struct scanner *scanner, const struct packet *pkt) +{ + if(scanner==NULL || scanner->pkt_scanner==NULL || pkt==NULL) + { + return NULL; + } + + return (struct maat_state *)packet_get_exdata(pkt, scanner->pkt_scanner->exdata_idx); +} + struct packet_scanner *packet_scanner_new(struct scanner *scanner) { if(scanner==NULL) @@ -361,36 +331,19 @@ struct packet_scanner *packet_scanner_new(struct scanner *scanner) return NULL; } - struct module *pkt_mgr_mod=module_manager_get_module(scanner->mod_mgr, PACKET_MANAGER_MODULE_NAME); - struct packet_manager *pkt_mgr=module_to_packet_manager(pkt_mgr_mod); - struct mq_schema *mq_s=module_manager_get_mq_schema(scanner->mod_mgr); - - if(pkt_mgr==NULL || mq_s==NULL) - { - STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to get packet manager or mq schema"); - goto INIT_ERROR; - } - - int ret=packet_manager_subscribe(pkt_mgr, PACKET_STAGE_INPUT, packet_stage_input_callback, (void *)scanner); - if(ret<0) - { - STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to subscribe packet stage"); - goto INIT_ERROR; - } - struct packet_scanner *pkt_scanner=CALLOC(struct packet_scanner, 1); - pkt_scanner->exdata_idx=packet_manager_new_packet_exdata_index(pkt_mgr, "SCANNER_EXDATA_SESSION", packet_scanner_exdata_free, (void *)scanner); - if(pkt_scanner->exdata_idx<0) - { - STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to create exdata index"); - goto INIT_ERROR; - } - - return pkt_scanner; - -INIT_ERROR: - packet_scanner_free(pkt_scanner); - return NULL; +// // pkt_scanner->exdata_idx=packet_manager_new_packet_exdata_index(pkt_mgr, "SCANNER_EXDATA_SESSION", packet_scanner_exdata_free, (void *)scanner); +// // if(pkt_scanner->exdata_idx<0) +// // { +// // STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to create exdata index"); +// // goto INIT_ERROR; +// // } + + return pkt_scanner; + +// // INIT_ERROR: +// // packet_scanner_free(pkt_scanner); +// return NULL; } void packet_scanner_free(struct packet_scanner *pkt_scanner) diff --git a/scanner/packet_scanner.h b/scanner/packet_based_scanner.h index b10a481..ce5b6e4 100644 --- a/scanner/packet_scanner.h +++ b/scanner/packet_based_scanner.h @@ -3,8 +3,17 @@ #include "stellar/scanner.h" #include "stellar/module.h" +#ifdef __cplusplus +extern "C" +{ +#endif + struct packet_scanner; void packet_scanner_free(struct packet_scanner *pkt_scanner); struct packet_scanner *packet_scanner_new(struct scanner *scanner); -const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index);
\ No newline at end of file +const struct utable_kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); + +#ifdef __cplusplus +} +#endif
\ No newline at end of file diff --git a/scanner/scanner_maat.c b/scanner/scanner_maat.c index e446830..0270e1b 100644 --- a/scanner/scanner_maat.c +++ b/scanner/scanner_maat.c @@ -8,9 +8,37 @@ #include "scanner_maat.h" #include "scanner_toml.h" +#include "scanner_module.h" #define MAX_MATCH_RULES_NUM 128 +enum CM_MAAT_PLUGIN +{ + CM_MAAT_PLUGIN_APP_ID_DICT=0, + CM_MAAT_PLUGIN_SESSION_OPTION, //T_VSYS_INFO, + CM_MAAT_PLUGIN_POLICY_OBJECT, + CM_MAAT_PLUGIN_LIBRARY_TAG, + CM_MAAT_PLUGIN_IP_ADDR_ENTRY, + CM_MAAT_PLUGIN_FQDN_ENTRY, + CM_MAAT_PLUGIN_ATTRIBUTE_DICT, + CM_MAAT_PLUGIN_MAX +}; + +enum SD_MAAT_PLUGIN +{ + SD_MAAT_PLUGIN_GTP_IP2SIGNALING=0, + SD_MAAT_PLUGIN_DYNAMIC_IPPORT_MAPPING, + SD_MAAT_PLUGIN_MAX +}; + +struct maat_plugin_table +{ + const char *name; + maat_ex_new_func_t *ex_new; + maat_ex_free_func_t *ex_free; + maat_ex_dup_func_t *ex_dup; +}; + struct maat_parameter { bool stat_enabled; @@ -36,32 +64,6 @@ struct maat_parameter char foreign_content_dir[PATH_MAX]; }; -struct maat_plugin_table -{ - const char *name; - maat_ex_new_func_t *ex_new; - maat_ex_free_func_t *ex_free; - maat_ex_dup_func_t *ex_dup; -}; - -enum CM_MAAT_PLUGIN -{ - CM_MAAT_PLUGIN_APP_ID_DICT=0, - CM_MAAT_PLUGIN_SESSION_OPTION, //T_VSYS_INFO, - CM_MAAT_PLUGIN_POLICY_OBJECT, - CM_MAAT_PLUGIN_LIBRARY_TAG, - CM_MAAT_PLUGIN_IP_ADDR_ENTRY, - CM_MAAT_PLUGIN_FQDN_ENTRY, - CM_MAAT_PLUGIN_ATTRIBUTE_DICT, - CM_MAAT_PLUGIN_MAX -}; - -enum SD_MAAT_PLUGIN -{ - SD_MAAT_PLUGIN_GTP_IP2SIGNALING=0, - SD_MAAT_PLUGIN_DYNAMIC_IPPORT_MAPPING, - SD_MAAT_PLUGIN_MAX -}; struct scanner_maat { @@ -216,11 +218,6 @@ void scanner_maat_exdata_app_id_dict_free(const char *table_name __attribute__(( *ad=NULL; } -const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid) -{ - return (struct app_id_dict *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_APP_ID_DICT].name, (const char *)&appid, sizeof(appid)); -} - void scanner_maat_virtual_system_parameter_new(const char *table_name __attribute__((unused)), const char *key __attribute__((unused)), const char *table_line, void **ad, long argl __attribute__((unused)), void *argp __attribute__((unused))) { yyjson_doc *doc=yyjson_read(table_line, strlen(table_line), 0); @@ -275,7 +272,7 @@ void scanner_maat_virtual_system_parameter_free(const char *table_name __attribu const struct virtual_system_parameter *scanner_maat_get_virtual_system_parameter(struct scanner_maat *cm_maat, int32_t t_vsys_id) { - return (struct virtual_system_parameter *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_SESSION_OPTION].name, (const char *)&t_vsys_id, sizeof(t_vsys_id)); + return (const struct virtual_system_parameter *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_SESSION_OPTION].name, (const char *)&t_vsys_id, sizeof(t_vsys_id)); } enum POLICY_OBJECT_OPTION object_statistics_option_convert(char *option) @@ -569,7 +566,7 @@ void scanner_maat_exdata_fqdn_entry_free(const char *table_name __attribute__((u int scanner_maat_get0_fqdn_entry(struct scanner_maat *cm_maat, char *server_fqdn, struct plugin_entry **exdata, size_t n_exdata) { - return maat_fqdn_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_FQDN_ENTRY].name, server_fqdn, (void **)exdata, n_exdata); + return (int)maat_fqdn_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_FQDN_ENTRY].name, server_fqdn, (void **)exdata, n_exdata); } void mobile_identify_parse(yyjson_val *mobile_identify, struct user_identification *uid, const char *table_name __attribute__((unused))) @@ -980,6 +977,11 @@ void scanner_maat_free(struct scanner_maat *cm_maat) FREE(cm_maat); } +struct maat *scanner_cm_maat_get_feather(struct scanner_maat *cm_maat) +{ + return ((cm_maat==NULL) ? NULL : cm_maat->feather); +} + void scanner_cm_maat_free(struct scanner_maat *cm_maat) { scanner_maat_free(cm_maat); diff --git a/scanner/scanner_maat.h b/scanner/scanner_maat.h index 918a872..2ca41ea 100644 --- a/scanner/scanner_maat.h +++ b/scanner/scanner_maat.h @@ -1,7 +1,7 @@ #pragma once #include <uuid/uuid.h> -#include <stellar/scanner.h> +#include "stellar/scanner.h" #ifdef __cplusplus extern "C" @@ -13,6 +13,7 @@ struct scanner_maat; /* cm maat api */ void scanner_cm_maat_free(struct scanner_maat *cm_maat); struct scanner_maat *scanner_cm_maat_new(struct logger *logger, const char *toml_path, int max_thread_num); +struct maat *scanner_cm_maat_get_feather(struct scanner_maat *cm_maat); enum POLICY_OBJECT_OPTION { @@ -88,9 +89,6 @@ struct app_id_dict char *action_parameter; }; -const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid); - - void scanner_scan_not_logic_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name); void scanner_scan_object_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uuid_t *object_uuid, uuid_t *item_uuid, size_t n_uuids); void scanner_scan_flag_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_flag); diff --git a/scanner/scanner.c b/scanner/scanner_module.c index 47dab5b..0ecb6c8 100644 --- a/scanner/scanner.c +++ b/scanner/scanner_module.c @@ -2,6 +2,9 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <net/if.h> +#include <errno.h> +#include <arpa/inet.h> #include <uuid/uuid.h> #include <sys/ioctl.h> @@ -13,7 +16,10 @@ #include "stellar/session.h" #include "scanner_toml.h" -#include "scanner_shared.h" +#include "scanner_maat.h" +#include "scanner_module.h" +#include "packet_based_scanner.h" +#include "session_based_scanner.h" void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz) { @@ -42,7 +48,7 @@ void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz } size_t sn_sz=yyjson_get_len(sn); - memcmp(device_sn, yyjson_get_str(sn), MIN(sn_sz, device_sn_sz-1)); + memcpy(device_sn, yyjson_get_str(sn), MIN(sn_sz, device_sn_sz-1)); ERROR: yyjson_doc_free(doc); @@ -55,7 +61,7 @@ int device_nic_name_to_ipv4(const char *nic_name, char *ipv4, size_t ipv4_sz, st if(fd<0) { STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "device_nic_name_to_ipv4(%s), socket: %s", nic_name, strerror(errno)); - return ; + return -1; } struct ifreq ifr; @@ -67,10 +73,13 @@ int device_nic_name_to_ipv4(const char *nic_name, char *ipv4, size_t ipv4_sz, st } else { - inet_ntop(AF_INET, &((ifr.ifr_ifru.ifru_addr)->sin_addr.s_addr), ipv4, ipv4_sz); + // inet_ntop(AF_INET, &((ifr.ifr_ifru.ifru_addr)->sin_addr.s_addr), ipv4, ipv4_sz); + inet_ntop(AF_INET, &((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr, ipv4, ipv4_sz); } close(fd); + + return 1; } void global_parameter_get(struct logger *logger, const char *toml_path, const char *table_key, struct global_parameter *para) @@ -179,7 +188,7 @@ uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PRO case IP_PROTOCOL_TCP: case IP_PROTOCOL_UDP: case IP_PROTOCOL_ICMP: - return &(scanner->ip_protocol_object_uuid[ipproto]); + return &(scanner->default_para.ip_protocol_object_uuid[ipproto]); default: break; } @@ -189,7 +198,7 @@ uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PRO uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value) { - return ((value==true) ? &(matcher->boolean_true_object_uuid) : &(matcher->boolean_false_object_uuid)); + return ((value==true) ? &(scanner->default_para.boolean_true_object_uuid) : &(scanner->default_para.boolean_false_object_uuid)); } void scanner_default_parameter_init(struct default_parameter *para) @@ -200,19 +209,16 @@ void scanner_default_parameter_init(struct default_parameter *para) uuid_parse("00000000-0000-0000-0000-000000000005", para->ip_protocol_object_uuid[IP_PROTOCOL_ICMP]); uuid_parse("00000000-0000-0000-0000-000000000006", para->ip_protocol_object_uuid[IP_PROTOCOL_TCP]); uuid_parse("00000000-0000-0000-0000-000000000007", para->ip_protocol_object_uuid[IP_PROTOCOL_UDP]); +} - for(int i=0; i<TUNNEL_LEVEL_NUM; i++) - { - char uuid_str[UUID_STR_LEN]; - snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-0000000000%02d", 50+i); - uuid_parse(uuid_str, para->tunnel_level_object_uuid[i]); - } - - para->tunnel_app_id[TUNNEL_TYPE_GRE]=58; - para->tunnel_app_id[TUNNEL_TYPE_GTP]=59; - para->tunnel_app_id[TUNNEL_TYPE_GTPV2]=735; - para->tunnel_app_id[TUNNEL_TYPE_IP_IN_IP]=0; - para->tunnel_app_id[TUNNEL_TYPE_NONE]=0; +struct maat *scanner_get_maat_instance(struct scanner *scanner) +{ + if(scanner==NULL) + { + return NULL; + } + + return scanner_cm_maat_get_feather(scanner->cm_maat); } struct scanner *scanner_module_to_scanner(struct module *mod) @@ -222,6 +228,17 @@ struct scanner *scanner_module_to_scanner(struct module *mod) return (struct scanner *)module_get_ctx(mod); } +void scanner_module_exit(struct module_manager *mod_mgr, struct module *mod) +{ + if(mod_mgr==NULL)return; + if(mod) + { + struct scanner *scanner=(struct scanner *)module_get_ctx(mod); + FREE(scanner); + module_free(mod); + } +} + struct module *scanner_module_init(struct module_manager *mod_mgr) { if(mod_mgr==NULL)return NULL; @@ -238,17 +255,11 @@ struct module *scanner_module_init(struct module_manager *mod_mgr) scanner_default_parameter_init(&(scanner->default_para)); attribute_schema_init(scanner->attr_schema, ATTRIBUTE_SCHEMA_MAX); - int max_thread_num=module_manager_get_max_thread_num(mod_mgr); const char *toml_path=module_manager_get_toml_path(mod_mgr); - global_parameter_get(scanner->logger, toml_path, "scanner", &(scanner->default_para)); - - scanner->maat=scanner_maat_new(scanner->logger, toml_path, max_thread_num); - if(scanner->maat==NULL) - { - goto INIT_ERROR; - } + global_parameter_get(scanner->logger, toml_path, "scanner", &(scanner->global_para)); - session_scanner_new(mod_mgr, scanner) + scanner->pkt_scanner=packet_scanner_new(scanner); + scanner->sess_scanner=session_scanner_new(scanner); return mod; @@ -256,15 +267,4 @@ INIT_ERROR: scanner_module_exit(mod_mgr, mod); exit(-1); return NULL; -} - -void scanner_module_exit(struct module_manager *mod_mgr, struct module *mod) -{ - if(mod_mgr==NULL)return; - if(mod) - { - struct scanner *scanner=(struct scanner *)module_get_ctx(mod); - FREE(scanner); - module_free(mod); - } -} +}
\ No newline at end of file diff --git a/scanner/scanner_internal.h b/scanner/scanner_module.h index 48fe39d..89a80a4 100644 --- a/scanner/scanner_internal.h +++ b/scanner/scanner_module.h @@ -10,6 +10,15 @@ #include "attribute_schema.h" +enum IP_PROTOCOL +{ + IP_PROTOCOL_UNKNOWN=0, + IP_PROTOCOL_ICMP=1, + IP_PROTOCOL_TCP, + IP_PROTOCOL_UDP, + IP_PROTOCOL_MAX +}; + struct global_parameter { char sled_ip[NAME_MAX]; @@ -26,13 +35,15 @@ struct global_parameter struct default_parameter { - int32_t tunnel_app_id[TUNNEL_TYPE_MAX]; uuid_t boolean_true_object_uuid; uuid_t boolean_false_object_uuid; uuid_t ip_protocol_object_uuid[IP_PROTOCOL_MAX]; - uuid_t tunnel_level_object_uuid[TUNNEL_LEVEL_NUM]; }; +struct scanner_maat; +struct packet_scanner; +struct session_scanner; + struct scanner { struct logger *logger; @@ -44,28 +55,11 @@ struct scanner struct scanner_maat *sd_maat; struct packet_scanner *pkt_scanner; + struct session_scanner *sess_scanner; struct attribute_schema attr_schema[ATTRIBUTE_SCHEMA_MAX]; }; -enum IP_PROTOCOL -{ - IP_PROTOCOL_UNKNOWN=0, - IP_PROTOCOL_ICMP=1, - IP_PROTOCOL_TCP, - IP_PROTOCOL_UDP, - IP_PROTOCOL_MAX -}; - -int32_t scanner_get_default_app_id(struct scanner *scanner); uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value); -int32_t scanner_get_tunnel_app_id(struct scanner *scanner, enum TUNNEL_TYPE tunnel_type); -uuid_t *scanner_get0_tunnel_level_object_uuid(struct scanner *scanner, int32_t tunnel_level); - -const char *scanner_get_rule_table_alias_name(struct scanner *scanner, enum RULE_TYPE type); - -void scanner_message_hit_rule_free(struct packet *rawpkt, void *msg, void *msg_free_arg); -void scanner_message_hit_object_free(struct packet *rawpkt, void *msg, void *msg_free_arg); - void scanner_print_debug_hit_object(struct scanner *scanner, const char *readable_addr, struct maat_hit_object *hit_object_list, size_t hit_object_num); void scanner_print_debug_hit_rule(struct scanner *scanner, const char *readable_addr, const char *tablename, uuid_t *rule_uuid_list, size_t rule_uuid_num); diff --git a/scanner/session_based_scanner.c b/scanner/session_based_scanner.c new file mode 100644 index 0000000..a154b68 --- /dev/null +++ b/scanner/session_based_scanner.c @@ -0,0 +1,72 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "stellar/utils.h" +#include "stellar/session.h" + +#include "attribute_kv.h" +#include "session_based_scanner.h" + +struct session_scanner +{ + int exdata_idx; + struct scannner *scanner; + struct logger *logger; +}; + +// static void session_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) +// { +// if(ex_ptr==NULL)return; +// FREE(ex_ptr); +// } + +const struct utable_kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index) +{ + if(sess_scanner==NULL || sess==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) + { + return NULL; + } + + return attribute_kv_get((struct attribute_kv *)session_get_exdata(sess, sess_scanner->exdata_idx), index); +} + +void session_based_scanner_node_entry(struct packet *pkt __attribute__((unused)), struct module *mod __attribute__((unused))) +{ + +} + +struct session_scanner *session_scanner_new(struct scanner *scanner) +{ + if(scanner==NULL) + { + return NULL; + } + + struct session_scanner *sess_scanner=CALLOC(struct session_scanner, 1); +// sess_scanner->scanner=scanner; +// sess_scanner->logger=module_manager_get_logger(mod_mgr); + +// sess_scanner->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "SCANNER_EXDATA_SESSION", session_scanner_exdata_free, NULL); +// if(sess_scanner->exdata_idx<0) +// { +// STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to create exdata index"); +// goto INIT_ERROR; +// } + + return sess_scanner; + +// // INIT_ERROR: +// // session_scanner_free(sess_scanner); +// return NULL; +} + +void session_scanner_free(struct session_scanner *sess_scanner) +{ + if(sess_scanner==NULL) + { + return ; + } + + FREE(sess_scanner); +}
\ No newline at end of file diff --git a/scanner/session_based_scanner.h b/scanner/session_based_scanner.h new file mode 100644 index 0000000..c6bcbec --- /dev/null +++ b/scanner/session_based_scanner.h @@ -0,0 +1,23 @@ +#pragma once + +#include "utable/utable.h" + +#include "stellar/module.h" +#include "stellar/scanner.h" +#include "stellar/session.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +struct session_scanner; + +const struct utable_kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); +struct session_scanner *session_scanner_new(struct scanner *scanner); +void session_scanner_free(struct session_scanner *sess_scanner); + + +#ifdef __cplusplus +} +#endif
\ No newline at end of file diff --git a/scanner/session_scanner.c b/scanner/session_scanner.c deleted file mode 100644 index dad6ea2..0000000 --- a/scanner/session_scanner.c +++ /dev/null @@ -1,83 +0,0 @@ -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "stellar/utils.h" -#include "stellar/session.h" -#include "stellar/session_scanner.h" - -struct session_scanner -{ - int exdata_idx; - struct scannner *scanner; - struct logger *logger; -}; - -static void session_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) -{ - if(ex_ptr==NULL)return; - FREE(ex_ptr); -} - -const struct kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index) -{ - if(sess_scanner==NULL || sess==NULL || index>=ATTRIBUTE_INDEX_MAX || index<=ATTRIBUTE_KV_UNKNOWN) - { - return NULL; - } - - return attribute_kv_get((struct attribute_kv *)session_get_exdata(sess, sess_scanner->exdata_idx), index); -} - -static void session_scanner_on_session(struct session *sess, enum session_state state, struct packet *pkt, void *args) -{ - -} - -struct session_scanner *session_scanner_new(struct module_manager *mod_mgr, struct scanner *scanner) -{ - if(mod_mgr==NULL || scanner==NULL) - { - return NULL; - } - - struct session_scanner *sess_scanner=CALLOC(struct session_scanner, 1); - sess_scanner->scanner=scanner; - sess_scanner->logger=module_manager_get_logger(mod_mgr); - - struct module *sess_mgr_mod=module_manager_get_module(mod_mgr, SESSION_MANAGER_MODULE_NAME); - struct session_manager *sess_mgr=module_to_session_manager(sess_mgr_mod); - struct mq_schema *mq_s=module_manager_get_mq_schema(mod_mgr); - - if(sess_mgr==NULL || mq_s==NULL) - { - STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to get session manager or mq schema"); - goto INIT_ERROR; - } - - session_manager_subscribe_tcp(sess_mgr, session_scanner_on_session, sess_scanner); - session_manager_subscribe_udp(sess_mgr, session_scanner_on_session, sess_scanner); - - sess_scanner->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "SCANNER_EXDATA_SESSION", session_scanner_exdata_free, NULL); - if(sess_scanner->exdata_idx<0) - { - STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to create exdata index"); - goto INIT_ERROR; - } - - return sess_scanner; - -INIT_ERROR: - session_scanner_free(sess_scanner); - return NULL; -} - -void session_scanner_free(struct session_scanner *sess_scanner) -{ - if(sess_scanner==NULL) - { - return ; - } - - FREE(sess_scanner); -}
\ No newline at end of file diff --git a/scanner/session_scanner.h b/scanner/session_scanner.h deleted file mode 100644 index 3496d10..0000000 --- a/scanner/session_scanner.h +++ /dev/null @@ -1,8 +0,0 @@ -#pragma once - -#include "stellar/scanner.h" -#include "stellar/module.h" - -const struct kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); -struct session_scanner *session_scanner_new(struct module_manager *mod_mgr, struct scanner *scanner); -void session_scanner_free(struct session_scanner *sess_scanner)
\ No newline at end of file |