From ad02793073353103ccccf3fab1afdd6cc30946d5 Mon Sep 17 00:00:00 2001 From: liuxueli Date: Wed, 27 Nov 2024 10:27:34 +0000 Subject: scanner and security enforcer rebase develop --- enforcer/security/CMakeLists.txt | 8 +- enforcer/security/security_enforcer.cpp | 32 ++- enforcer/security/security_enforcer.h | 15 -- exporter/session_exporter.c | 6 +- include/stellar/enforcer.h | 11 - include/stellar/exporter.h | 2 +- include/stellar/kv.h | 35 --- include/stellar/scanner.h | 18 +- include/stellar/security_enforcer.h | 21 ++ infra/CMakeLists.txt | 4 +- infra/stellar_core.c | 8 + scanner/CMakeLists.txt | 10 +- scanner/attribute_kv.c | 44 ++-- scanner/attribute_kv.h | 12 +- scanner/packet_based_scanner.c | 357 ++++++++++++++++++++++++++++ scanner/packet_based_scanner.h | 19 ++ scanner/packet_scanner.c | 404 -------------------------------- scanner/packet_scanner.h | 10 - scanner/scanner.c | 270 --------------------- scanner/scanner_internal.h | 71 ------ scanner/scanner_maat.c | 68 +++--- scanner/scanner_maat.h | 6 +- scanner/scanner_module.c | 270 +++++++++++++++++++++ scanner/scanner_module.h | 65 +++++ scanner/session_based_scanner.c | 72 ++++++ scanner/session_based_scanner.h | 23 ++ scanner/session_scanner.c | 83 ------- scanner/session_scanner.h | 8 - 28 files changed, 946 insertions(+), 1006 deletions(-) delete mode 100644 enforcer/security/security_enforcer.h delete mode 100644 include/stellar/enforcer.h delete mode 100644 include/stellar/kv.h create mode 100644 include/stellar/security_enforcer.h create mode 100644 scanner/packet_based_scanner.c create mode 100644 scanner/packet_based_scanner.h delete mode 100644 scanner/packet_scanner.c delete mode 100644 scanner/packet_scanner.h delete mode 100644 scanner/scanner.c delete mode 100644 scanner/scanner_internal.h create mode 100644 scanner/scanner_module.c create mode 100644 scanner/scanner_module.h create mode 100644 scanner/session_based_scanner.c create mode 100644 scanner/session_based_scanner.h delete mode 100644 scanner/session_scanner.c delete mode 100644 scanner/session_scanner.h diff --git a/enforcer/security/CMakeLists.txt b/enforcer/security/CMakeLists.txt index ba6869a..93295c8 100644 --- a/enforcer/security/CMakeLists.txt +++ b/enforcer/security/CMakeLists.txt @@ -3,10 +3,10 @@ include_directories(${CMAKE_SOURCE_DIR}/deps) set(SECURITY_ENFORCER_SRC ${DEPS_SRC} security_maat.c security_enforcer.cpp bucket.c) -add_library(security_enforcer-static STATIC ${SECURITY_ENFORCER_SRC}) -target_link_libraries(security_enforcer-static fieldstat4 yyjson toml uuid maatframe ctemplate-static) -set_target_properties(security_enforcer-static PROPERTIES OUTPUT_NAME security_enforcer PREFIX "") -set_target_properties(security_enforcer-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") +add_library(security_enforcer STATIC ${SECURITY_ENFORCER_SRC}) +target_link_libraries(security_enforcer fieldstat4 yyjson toml uuid maatframe ctemplate-static) +set_target_properties(security_enforcer PROPERTIES OUTPUT_NAME security_enforcer PREFIX "") +set_target_properties(security_enforcer PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") # add_library(security_enforcer-shared SHARED ${SECURITY_ENFORCER_SRC}) # set_target_properties(security_enforcer-shared PROPERTIES OUTPUT_NAME security_enforcer PREFIX "") diff --git a/enforcer/security/security_enforcer.cpp b/enforcer/security/security_enforcer.cpp index 309a453..7dec5c9 100644 --- a/enforcer/security/security_enforcer.cpp +++ b/enforcer/security/security_enforcer.cpp @@ -14,10 +14,10 @@ #include #include #include +#include #include "bucket.h" #include "security_maat.h" -#include "security_enforcer.h" #define ENFORCER_RULE_UUID_NUM 128 @@ -353,7 +353,7 @@ void security_enforcer_enforce_drop(struct security_enforcer_env *enforcer_env, } packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); // if(drop->send_icmp_enable) // { @@ -489,7 +489,7 @@ void security_enforcer_enforce_mail_block(struct security_enforcer_env *enforcer } packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); } void policy_user_define_variable_replace(ctemplate::TemplateDictionary *tpl_dict, uuid_t rule_uuid, char *client_ip, char *subscriber) @@ -556,7 +556,7 @@ void security_enforcer_enforce_http_block(struct security_enforcer_env *enforcer } packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); uint16_t http_hdr_len=0; char http_hdr[512]={0}; @@ -967,7 +967,7 @@ void security_enforcer_enforce_http_redirect(struct security_enforcer_env *enfor struct packet *redirect_pkt=packet_manager_build_tcp_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), c2s_origin_pkt, th_seq, th_ack, TH_PUSH, NULL, 0, payload, payload_offset); packet_manager_schedule_packet(enforcer_env->pkt_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), redirect_pkt, PACKET_STAGE_POSTROUTING); packet_set_action((struct packet *)rawpkt, PACKET_ACTION_DROP); - session_set_discard((struct session *)sess); + session_manager_discard_session(enforcer_env->sess_mgr, module_manager_get_thread_id(enforcer_env->mod_mgr), (struct session *)sess); } } @@ -1076,10 +1076,15 @@ size_t maat_state_compile(struct maat_state *state __attribute__((unused)), cons return 0; } -void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, void *arg) +void packet_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer) { - struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg; - if(enforcer_env==NULL || rawpkt==NULL) + if(rawpkt==NULL || mod_enforcer==NULL) + { + return ; + } + + struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer); + if(enforcer_env==NULL) { return ; } @@ -1107,10 +1112,15 @@ void security_enforcer_packet_based_node_callback(const struct packet *rawpkt, v // packet_tag_get(rawpkt, &pkt_tag_key_bits, &pkt_tag_val_bits); } -void security_enforcer_session_based_node_callback(const struct packet *rawpkt, void *arg) +void session_based_security_enforcer_node_entry(struct packet *rawpkt, struct module *mod_enforcer) { - struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)arg; - if(enforcer_env==NULL || rawpkt==NULL) + if(rawpkt==NULL || mod_enforcer==NULL) + { + return ; + } + + struct security_enforcer_env *enforcer_env=(struct security_enforcer_env *)module_get_ctx(mod_enforcer); + if(enforcer_env==NULL) { return ; } diff --git a/enforcer/security/security_enforcer.h b/enforcer/security/security_enforcer.h deleted file mode 100644 index 43f0f67..0000000 --- a/enforcer/security/security_enforcer.h +++ /dev/null @@ -1,15 +0,0 @@ -#pragma once - -#ifdef __cplusplus -extern "C" -{ -#endif - -#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module" -struct security_enforcer; -struct security_enforcer *security_enforcer_module_to_enforcer(struct module *mod); - - -#ifdef __cplusplus -} -#endif \ No newline at end of file diff --git a/exporter/session_exporter.c b/exporter/session_exporter.c index f65e245..4ae4d7d 100644 --- a/exporter/session_exporter.c +++ b/exporter/session_exporter.c @@ -14,7 +14,7 @@ struct transaction_unique_key struct exporter_transaction { - struct kv *context; + struct utable_kv *context; long long unique_index; struct transaction_unique_key key; UT_hash_handle hh; @@ -22,7 +22,7 @@ struct exporter_transaction struct exporter_context { - struct kv *default_cotext; + struct utable_kv *default_cotext; long long transaction_offset; struct exporter_transaction *transactions; }; @@ -102,7 +102,7 @@ struct exporter_context *exporter_aquire_transaction_context(struct exporter *ex HASH_ADD(hh, context->transactions, key, sizeof(struct transaction_unique_key), transaction); } -void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv) +void exporter_context_add_kv(struct exporter_context *ctx, struct utable_kv *kv) { } diff --git a/include/stellar/enforcer.h b/include/stellar/enforcer.h deleted file mode 100644 index 0804d2f..0000000 --- a/include/stellar/enforcer.h +++ /dev/null @@ -1,11 +0,0 @@ -#pragma once - -struct enforcer; - -void enforcer_append_monitor_rule_action_on_packet(struct enforcer *enforcer, struct packet *pkt, const char *action); -void enforcer_append_monitor_rule_action_on_session(struct enforcer *enforcer, struct session *sess, const char *action); - -void enforcer_append_security_rule_action_on_packet(struct enforcer *enforcer, struct packet *pkt, const char *action); -void enforcer_append_security_rule_action_on_session(struct enforcer *enforcer, struct session *sess, const char *action); - - diff --git a/include/stellar/exporter.h b/include/stellar/exporter.h index 9232652..a24134e 100644 --- a/include/stellar/exporter.h +++ b/include/stellar/exporter.h @@ -30,7 +30,7 @@ struct exporter_context *exporter_aquire_transaction_context(struct exporter *ex // add http_action_file_size/security_rule_action // add monitor_mirrored_bytes/monitor_mirrored_packets/monitor_packet_capture_filepath // add http transaction request/response body file path -void exporter_context_add_kv(struct exporter_context *ctx, struct kv *kv); +void exporter_context_add_kv(struct exporter_context *ctx, struct utable_kv *kv); #ifdef __cplusplus } diff --git a/include/stellar/kv.h b/include/stellar/kv.h deleted file mode 100644 index c950d0a..0000000 --- a/include/stellar/kv.h +++ /dev/null @@ -1,35 +0,0 @@ -#pragma once - -#include -#include - -enum vtype -{ - VTYPE_INTEGER, - VTYPE_DOUBLE, - VTYPE_CSTRING, - VTYPE_UUID, -}; - -struct kv -{ - char *key; - size_t key_sz; - enum vtype type; - union - { - long long value_longlong; - double value_double; - struct - { - char *str; - size_t sz; - }value_str; - uuid_t value_uuid; - struct - { - struct kv **elements; - size_t n_element; - }value_list; - }; -}; diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h index fdabaa4..6bb150b 100644 --- a/include/stellar/scanner.h +++ b/include/stellar/scanner.h @@ -8,11 +8,19 @@ extern "C" #include "maat.h" #include -#include -#include -#include +#include "utable/utable.h" +#include "stellar/module.h" +#include "stellar/session.h" +#include "stellar/packet.h" #define SCANNER_MODULE_NAME "scanner_module" + +#define PACKET_BASED_SCANNER_NODE "packet_based_scanner_node" +void packet_based_scanner_node_entry(struct packet *pkt, struct module *mod); + +#define SESSION_BASED_SCANNER_NODE "session_based_scanner_node" +void session_based_scanner_node_entry(struct packet *pkt, struct module *mod); + struct scanner; struct scanner *scanner_module_to_scanner(struct module *mod); @@ -48,8 +56,8 @@ enum ATTRIBUTE_KV_INDEX ATTRIBUTE_KV_MAX }; -const struct kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); -const struct kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); +const struct utable_kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); +const struct utable_kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); #ifdef __cplusplus diff --git a/include/stellar/security_enforcer.h b/include/stellar/security_enforcer.h new file mode 100644 index 0000000..aff00b2 --- /dev/null +++ b/include/stellar/security_enforcer.h @@ -0,0 +1,21 @@ +#pragma once + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "stellar/module.h" +#include "stellar/packet.h" + +#define SECUIRTY_ENFORCER_MODULE_NAME "security_enforcer_module" + +#define PACKET_BASED_SECURITY_ENFORCER_NODE "packet_based_security_enforcer_node" +void packet_based_security_enforcer_node_entry(struct packet *pkt, struct module *mod); + +#define SESSION_BASED_SECURITY_ENFORCER_NODE "session_based_security_enforcer_node" +void session_based_security_enforcer_node_entry(struct packet *pkt, struct module *mod); + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/infra/CMakeLists.txt b/infra/CMakeLists.txt index 9eb989c..9b21f70 100644 --- a/infra/CMakeLists.txt +++ b/infra/CMakeLists.txt @@ -1,7 +1,9 @@ set(INFRA exdata tuple packet_manager packet_io ip_reassembly tcp_reassembly session_manager module_manager monitor) set(DEPS bitmap dablooms interval_tree logger nmx_pool rbtree timeout toml ringbuf) set(DECODERS lpi_plus) -set(WHOLE_ARCHIVE ${DEPS} ${INFRA} ${DECODERS}) +set(SCANNER scanner) +set(ENFORCERS security_enforcer) +set(WHOLE_ARCHIVE ${DEPS} ${INFRA} ${DECODERS} ${SCANNER} ${ENFORCERS}) set(LIBS fieldstat4) foreach(infra ${INFRA}) diff --git a/infra/stellar_core.c b/infra/stellar_core.c index f575b25..ff52c76 100644 --- a/infra/stellar_core.c +++ b/infra/stellar_core.c @@ -130,6 +130,8 @@ static void stellar_thread_join(struct stellar *st) #include "stellar/monitor.h" #include "stellar/session.h" #include "stellar/lpi_plus.h" +#include "stellar/scanner.h" +#include "stellar/security_enforcer.h" struct module_hooks mod_hooks[] = { {monitor_on_init, monitor_on_exit, NULL, NULL}, @@ -155,6 +157,12 @@ struct packet_node_spec packet_nodes[] = { {SESSION_MANAGER_MODULE_NAME, "session_manager",PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_manager_on_packet_forward}, {SESSION_MANAGER_MODULE_NAME, "session_manager",PACKET_STAGE_OUTPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_manager_on_packet_output}, {LPI_PLUS_MODULE_NAME, "lpi_plus",PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, lpi_plus_on_packet}, + + {SCANNER_MODULE_NAME, PACKET_BASED_SCANNER_NODE,PACKET_STAGE_INPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP | PKT_TAG_VAL_IPPROTO_ICMP, packet_based_scanner_node_entry}, + {SCANNER_MODULE_NAME, SESSION_BASED_SCANNER_NODE,PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_based_scanner_node_entry}, + + {SECUIRTY_ENFORCER_MODULE_NAME, PACKET_BASED_SECURITY_ENFORCER_NODE, PACKET_STAGE_INPUT, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP | PKT_TAG_VAL_IPPROTO_ICMP, packet_based_security_enforcer_node_entry}, + {SECUIRTY_ENFORCER_MODULE_NAME, SESSION_BASED_SECURITY_ENFORCER_NODE, PACKET_STAGE_FORWARD, PKT_TAG_KEY_IPPROTO, PKT_TAG_VAL_IPPROTO_TCP | PKT_TAG_VAL_IPPROTO_UDP, session_based_security_enforcer_node_entry}, }; diff --git a/scanner/CMakeLists.txt b/scanner/CMakeLists.txt index 15fbc33..720bc45 100644 --- a/scanner/CMakeLists.txt +++ b/scanner/CMakeLists.txt @@ -1,12 +1,12 @@ add_definitions(-fPIC) include_directories(${CMAKE_SOURCE_DIR}/deps) -set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c) +set(SCANNER_SRC ${DEPS_SRC} scanner_toml.c attribute_kv.c attribute_schema.c scanner_maat.c packet_based_scanner.c session_based_scanner.c scanner_module.c) -add_library(scanner-static STATIC ${SCANNER_SRC}) -target_link_libraries(scanner-static fieldstat4 yyjson toml uuid maatframe) -set_target_properties(scanner-static PROPERTIES OUTPUT_NAME scanner PREFIX "") -set_target_properties(scanner-static PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") +add_library(scanner STATIC ${SCANNER_SRC}) +target_link_libraries(scanner fieldstat4 yyjson toml uuid maatframe) +set_target_properties(scanner PROPERTIES OUTPUT_NAME scanner PREFIX "") +set_target_properties(scanner PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/version.map") # add_library(scanner-shared SHARED ${SCANNER_SRC}) # set_target_properties(scanner-shared PROPERTIES OUTPUT_NAME scanner PREFIX "") diff --git a/scanner/attribute_kv.c b/scanner/attribute_kv.c index 749521f..111c0bd 100644 --- a/scanner/attribute_kv.c +++ b/scanner/attribute_kv.c @@ -8,7 +8,7 @@ struct attribute_kv { int magic; - struct kv *attr_kv[ATTRIBUTE_KV_MAX]; + struct utable_kv *attr_kv[ATTRIBUTE_KV_MAX]; }; struct attribute_kv *attribute_kv_new(void) @@ -35,12 +35,12 @@ void attribute_kv_free(struct attribute_kv *attr) FREE(attr->attr_kv[i]->key); } - switch(attr->attr_kv[i]->type) + switch(attr->attr_kv[i]->value_type) { - case VTYPE_CSTRING: - if(attr->attr_kv[i]->value_str.str!=NULL) + case utable_value_type_cstring: + if(attr->attr_kv[i]->cstring!=NULL) { - FREE(attr->attr_kv[i]->value_str.str); + FREE(attr->attr_kv[i]->cstring); } break; default: @@ -51,22 +51,6 @@ void attribute_kv_free(struct attribute_kv *attr) FREE(attr); } -void attribute_kv_set_uuid(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, uuid_t uuid) -{ - if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN || key==NULL || key_sz==0) - { - return; - } - - struct kv *kv=(struct kv *)CALLOC(struct kv, 1); - kv->key=strndup(key, key_sz); - kv->key_sz=key_sz; - kv->type=VTYPE_UUID; - memcpy(kv->value_uuid, uuid, sizeof(uuid_t)); - - attr->attr_kv[index]=kv; -} - void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, long long value) { if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN || key==NULL || key_sz==0) @@ -74,11 +58,11 @@ void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX return; } - struct kv *kv=(struct kv *)CALLOC(struct kv, 1); + struct utable_kv *kv=(struct utable_kv *)CALLOC(struct utable_kv, 1); kv->key=strndup(key, key_sz); kv->key_sz=key_sz; - kv->type=VTYPE_INTEGER; - kv->value_longlong=value; + kv->value_type=utable_value_type_integer; + kv->integer=value; attr->attr_kv[index]=kv; } @@ -90,22 +74,22 @@ void attribute_kv_set_string(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX return; } - struct kv *kv=(struct kv *)CALLOC(struct kv, 1); + struct utable_kv *kv=(struct utable_kv *)CALLOC(struct utable_kv, 1); kv->key=strndup(key, key_sz); kv->key_sz=key_sz; - kv->type=VTYPE_CSTRING; - kv->value_str.str=strndup(value, value_sz); - kv->value_str.sz=value_sz; + kv->value_type=utable_value_type_cstring; + kv->cstring=strndup(value, value_sz); + kv->cstring_sz=value_sz; attr->attr_kv[index]=kv; } -const struct kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index) +const struct utable_kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index) { if(attr==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) { return NULL; } - return (const struct kv *)(attr->attr_kv[index]); + return (const struct utable_kv *)(attr->attr_kv[index]); } \ No newline at end of file diff --git a/scanner/attribute_kv.h b/scanner/attribute_kv.h index 8afed18..d1e69d2 100644 --- a/scanner/attribute_kv.h +++ b/scanner/attribute_kv.h @@ -3,13 +3,21 @@ #include #include +#ifdef __cplusplus +extern "C" +{ +#endif + struct attribute_kv; struct attribute_kv *attribute_kv_new(void); void attribute_kv_free(struct attribute_kv *attr); -void attribute_kv_set_uuid(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, uuid_t uuid); void attribute_kv_set_integer(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, long long value); void attribute_kv_set_string(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index, const char *key, size_t key_sz, const char *value, size_t value_sz); -const struct kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index); \ No newline at end of file +const struct utable_kv *attribute_kv_get(struct attribute_kv *attr, enum ATTRIBUTE_KV_INDEX index); + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/scanner/packet_based_scanner.c b/scanner/packet_based_scanner.c new file mode 100644 index 0000000..a2ad540 --- /dev/null +++ b/scanner/packet_based_scanner.c @@ -0,0 +1,357 @@ +#include +#include +#include + +#include "stellar/utils.h" +#include "stellar/packet.h" + +#include "scanner_maat.h" +#include "attribute_kv.h" +#include "attribute_schema.h" +#include "scanner_module.h" +#include "packet_based_scanner.h" + +struct packet_scanner +{ + int exdata_idx; +}; + +int32_t is_duplicate_tag_uuid(uuid_t *tag_uuids, size_t tag_uuids_num, uuid_t tag_uuid) +{ + if(tag_uuids==NULL || tag_uuids_num==0) + { + return FALSE; + } + + for(size_t i=0; iip_type=4; + s_net_addr->ip_type=4; + c_net_addr->ipv4=ip4->ip_src.s_addr; + s_net_addr->ipv4=ip4->ip_dst.s_addr; +} + +static void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_addr, struct ip_addr *s_net_addr) +{ + if(ip6==NULL || c_net_addr==NULL || s_net_addr==NULL) + { + return ; + } + + c_net_addr->ip_type=6; + s_net_addr->ip_type=6; + memcpy(c_net_addr->ipv6, ip6->ip6_src.s6_addr, sizeof(c_net_addr->ipv6)); + memcpy(s_net_addr->ipv6, ip6->ip6_dst.s6_addr, sizeof(s_net_addr->ipv6)); +} + +// static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) +// { +// if(ex_ptr==NULL)return; +// FREE(ex_ptr); +// } + +const struct utable_kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index) +{ + if(pkt_scanner==NULL || pkt==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) + { + return NULL; + } + + return attribute_kv_get((struct attribute_kv *)packet_get_exdata(pkt, pkt_scanner->exdata_idx), index); +} + +void attribute_scratch_scan(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute) +{ + if(cm_maat==NULL || scan_state==NULL || attribute==NULL || n_attribute==0) + { + return ; + } + + for(size_t i=0; iscan_attribute_name, attribute[i].string.value_sz); + break; + case ATTRIBUTE_VALUE_TYPE_INTEGER: + scanner_scan_integer_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].integer); + break; + case ATTRIBUTE_VALUE_TYPE_FLAG: + scanner_scan_flag_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].flag); + break; + case ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT: + scanner_scan_object_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].maat_object.object_uuid, attribute[i].maat_object.item_uuid, attribute[i].maat_object.n_uuid); + break; + case ATTRIBUTE_VALUE_TYPE_IPV4: + scanner_scan_ipv4_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].ipv4_port.ipv4, attribute[i].ipv4_port.port); + break; + case ATTRIBUTE_VALUE_TYPE_IPV6: + scanner_scan_ipv6_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, (uint8_t *)(attribute[i].ipv6_port.ipv6), attribute[i].ipv6_port.port); + break; + case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC: + scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, stream_handle, attribute[i].chunk.value, attribute[i].chunk.value_sz); + break; + default: + break; + } + + if(attribute[i].schema->scan_not_logic_flag==TRUE) + { + scanner_scan_not_logic_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name); + } + } +} + +size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *net_ipaddr, uuid_t *tag_uuids, size_t n_tag_uuids) +{ + size_t n_ipaddr_exdata=n_tag_uuids; + struct plugin_entry *ipaddr_exdata[n_ipaddr_exdata]; + int n_exdata=scanner_maat_get0_data_ipaddr_entry(cm_maat, net_ipaddr, ipaddr_exdata, n_ipaddr_exdata); + if(n_exdata==0) + { + return 0; + } + + size_t tag_ids_offset=0; + + for(int i=0; in_tag_uuids==0) + { + continue; + } + + for(size_t j=0; jn_tag_uuids; j++) + { + if(is_duplicate_tag_uuid(tag_uuids, tag_ids_offset, ipaddr_exdata[i]->tag_uuids[j])==TRUE) + { + continue; + } + + if(tag_ids_offset>=n_tag_uuids) + { + break; + } + + uuid_copy(tag_uuids[tag_ids_offset++], ipaddr_exdata[i]->tag_uuids[j]); + } + } + + return tag_ids_offset; +} + +void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct scanner_maat *cm_maat, struct attribute_schema *attr_schema, const struct layer *layers, int layer_count) +{ + if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layer_count<=0) + { + return ; + } + + int32_t c_port=-1, s_port=-1; + struct ip *ip4=NULL; + struct ip6_hdr *ip6=NULL; + struct tcphdr *tcp=NULL; + struct udphdr *udp=NULL; + // uuid_t *ip_protocol_object_uuid=NULL; + struct ip_addr c_net_addr={0}, s_net_addr={0}; + + for(int j=0; jth_sport); + s_port=ntohs(tcp->th_dport); + } + break; + case LAYER_PROTO_UDP: + // TODO: implement + // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); + udp=(struct udphdr *)layers[j].hdr.udp; + if(udp!=NULL) + { + c_port=ntohs(udp->uh_sport); + s_port=ntohs(udp->uh_dport); + } + break; + case LAYER_PROTO_ICMP: + case LAYER_PROTO_ICMP6: + // TODO: implement + // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); + break; + default: + continue; + } + } + + size_t max_tag_ids=MAX_TAG_IDS_NUM; + uuid_t tag_uuids[max_tag_ids]; + size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(cm_maat, &c_net_addr, tag_uuids, max_tag_ids); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); + + n_tag_uuids=ipaddr_entry_tag_uuid_get(cm_maat, &s_net_addr, tag_uuids, max_tag_ids); + attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); + + if(ip4!=NULL) + { + attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip4->ip_src.s_addr, c_port); + attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip4->ip_dst.s_addr, s_port); + } + + if(ip6!=NULL) + { + attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip6_src.s6_addr, c_port); + attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip6_dst.s6_addr, s_port); + } + + if(c_port!=-1 && s_port!=-1) + { + attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT]), FREE_FALSE, (long long)c_port); + attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]), FREE_FALSE, (long long)s_port); + } + + // TODO: IP protocol + // if(ip_protocol_object_uuid!=NULL) + // { + // attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1); + // } +} + +void packet_based_scanner_node_entry(struct packet *rawpkt, struct module *mod_scanner) +{ + if(rawpkt==NULL || mod_scanner==NULL) + { + return ; + } + + struct scanner *scanner=(struct scanner *)module_get_ctx(mod_scanner); + if(scanner==NULL) + { + return ; + } + + int pkt_layer_count=packet_get_layer_count(rawpkt); + const struct layer *innermost_layer=packet_get_layer_by_idx(rawpkt, pkt_layer_count-1); + if(innermost_layer==NULL || pkt_layer_count<2) + { + return ; + } + + switch(innermost_layer->proto) + { + case LAYER_PROTO_UDP: + case LAYER_PROTO_TCP: + //TODO: lookup session + break; + case LAYER_PROTO_ICMP: + case LAYER_PROTO_ICMP6: + break; + default: + return ; + } + + struct attribute_kv *attr_kv=attribute_kv_new(); + packet_set_exdata(rawpkt, scanner->pkt_scanner->exdata_idx, (void *)attr_kv); + + struct maat_state *scan_state=maat_state_new(scanner_cm_maat_get_feather(scanner->cm_maat), 1); + + size_t attr_max=128; + size_t attr_offset=0; + struct attribute_scratch attr[attr_max]; + int layers_count=2; + const struct layer *layers=packet_get_layer_by_idx(rawpkt, pkt_layer_count-layers_count); + cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->cm_maat, scanner->attr_schema, layers, layers_count); + attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); + attribute_scratch_reset(attr, attr_offset); + attr_offset=0; + + // TODO: internal external + //int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE; + + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE); + attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(scanner->attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE); + + attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); + attribute_scratch_reset(attr, attr_offset); + + return ; +} + +struct maat_state *scanner_get_maat_state_from_packet(struct scanner *scanner, const struct packet *pkt) +{ + if(scanner==NULL || scanner->pkt_scanner==NULL || pkt==NULL) + { + return NULL; + } + + return (struct maat_state *)packet_get_exdata(pkt, scanner->pkt_scanner->exdata_idx); +} + +struct packet_scanner *packet_scanner_new(struct scanner *scanner) +{ + if(scanner==NULL) + { + return NULL; + } + + struct packet_scanner *pkt_scanner=CALLOC(struct packet_scanner, 1); +// // pkt_scanner->exdata_idx=packet_manager_new_packet_exdata_index(pkt_mgr, "SCANNER_EXDATA_SESSION", packet_scanner_exdata_free, (void *)scanner); +// // if(pkt_scanner->exdata_idx<0) +// // { +// // STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to create exdata index"); +// // goto INIT_ERROR; +// // } + + return pkt_scanner; + +// // INIT_ERROR: +// // packet_scanner_free(pkt_scanner); +// return NULL; +} + +void packet_scanner_free(struct packet_scanner *pkt_scanner) +{ + if(pkt_scanner==NULL) + { + return ; + } + + FREE(pkt_scanner); +} \ No newline at end of file diff --git a/scanner/packet_based_scanner.h b/scanner/packet_based_scanner.h new file mode 100644 index 0000000..ce5b6e4 --- /dev/null +++ b/scanner/packet_based_scanner.h @@ -0,0 +1,19 @@ +#pragma once + +#include "stellar/scanner.h" +#include "stellar/module.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +struct packet_scanner; +void packet_scanner_free(struct packet_scanner *pkt_scanner); +struct packet_scanner *packet_scanner_new(struct scanner *scanner); + +const struct utable_kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/scanner/packet_scanner.c b/scanner/packet_scanner.c deleted file mode 100644 index d205660..0000000 --- a/scanner/packet_scanner.c +++ /dev/null @@ -1,404 +0,0 @@ -#include -#include -#include - -#include "stellar/utils.h" -#include "stellar/packet.h" -#include "stellar/packet_scanner.h" - -#include "scanner_maat.h" -#include "attribute_schema.h" -#include "attribute_exdata.h" - -struct packet_scanner -{ - int exdata_idx; -}; - -int32_t is_duplicate_tag_uuid(uuid_t *tag_uuids, size_t tag_uuids_num, uuid_t tag_uuid) -{ - if(tag_uuids==NULL || tag_uuids_num==0) - { - return FALSE; - } - - for(size_t i=0; iip_type=4; - s_net_addr->ip_type=4; - c_net_addr->ipv4=ip4->ip_src.s_addr; - s_net_addr->ipv4=ip4->ip_dst.s_addr; -} - -static void ip6_format_to_maat(const struct ip6_hdr *ip6, struct ip_addr *c_net_addr, struct ip_addr *s_net_addr) -{ - if(ip6==NULL || c_net_addr==NULL || s_net_addr==NULL) - { - return ; - } - - c_net_addr->ip_type=6; - s_net_addr->ip_type=6; - memcpy(c_net_addr->ipv6, ip6->ip_src.s6_addr, sizeof(c_net_addr->ipv6)); - memcpy(s_net_addr->ipv6, ip6->ip_dst.s6_addr, sizeof(s_net_addr->ipv6)); -} - -static void packet_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) -{ - if(ex_ptr==NULL)return; - FREE(ex_ptr); -} - -const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index) -{ - if(pkt_scanner==NULL || pkt==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) - { - return NULL; - } - - return attribute_kv_get((struct attribute_kv *)packet_get_exdata(pkt, pkt_scanner->exdata_idx), index); -} - -void attribute_scratch_scan(struct maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, struct maat_stream **stream_handle, struct attribute_scratch *attribute, size_t n_attribute) -{ - if(cm_maat==NULL || scan_state==NULL || attribute==NULL || n_attribute==0) - { - return ; - } - - for(size_t i=0; iscan_attribute_name, attribute[i].string.value_sz); - break; - case ATTRIBUTE_VALUE_TYPE_INTEGER: - scanner_scan_integer_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].integer); - break; - case ATTRIBUTE_VALUE_TYPE_FLAG: - scanner_scan_flag_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].flag); - break; - case ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT: - scanner_scan_object_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].maat_object.object_uuid, attribute[i].maat_object.item_uuid, attribute[i].maat_object.n_uuid); - break; - case ATTRIBUTE_VALUE_TYPE_IPV4: - scanner_scan_ipv4_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, attribute[i].ipv4_port.ipv4, attribute[i].ipv4_port.port); - break; - case ATTRIBUTE_VALUE_TYPE_IPV6: - scanner_scan_ipv6_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name, (uint8_t *)(attribute[i].ipv6_port.ipv6), attribute[i].ipv6_port.port); - break; - case ATTRIBUTE_VALUE_TYPE_NOT_LOGIC: - scanner_scan_stream_attribute(cm_maat, scan_state, readable_addr, attribute[i].schema->scan_attribute_name); - break; - default: - break; - } - - if(attribute[i].schema->scan_not_logic_flag==TRUE) - { - scanner_scan_not_logic_attribute(readable_addr, attribute[i].schema, cm_maat, scan_state); - } - } -} - -size_t ipaddr_entry_tag_uuid_get(struct scanner_maat *cm_maat, struct ip_addr *net_ipaddr, uuid_t *tag_uuids, size_t n_tag_uuids) -{ - size_t n_ipaddr_exdata=n_tag_uuids; - struct plugin_ip_addr_entry *ipaddr_exdata[n_ipaddr_exdata]; - int n_exdata=scanner_maat_get0_data_ipaddr_entry(cm_maat, net_ipaddr, ipaddr_exdata, n_ipaddr_exdata); - if(n_exdata==0) - { - return 0; - } - - size_t tag_ids_offset=0; - - for(int i=0; in_tag_uuids==0) - { - continue; - } - - for(size_t j=0; jn_tag_uuids; j++) - { - if(is_duplicate_tag_uuid(tag_uuids, tag_ids_offset, ipaddr_exdata[i]->tag_uuids[j])==TRUE) - { - continue; - } - - if(tag_ids_offset>=n_tag_uuids) - { - break; - } - - uuid_copy(tag_uuids[tag_ids_offset++], ipaddr_exdata[i]->tag_uuids[j]); - } - } - - return tag_ids_offset; -} - -void cs_ipport_attribute_get_from_packet_layer(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, const struct layer *layers, int layers_count) -{ - if(attr==NULL || (*attr_offset)>=attr_max || layers==NULL || layers_count<=0) - { - return 0; - } - - int32_t c_port=-1, s_port=-1; - const struct ip *ip4=NULL; - const struct ip6_hdr *ip6=NULL; - const struct tcphdr *tcp=NULL; - const struct udphdr *udp=NULL; - uuid_t *ip_protocol_object_uuid=NULL; - struct ip_addr c_net_addr={0}, s_net_addr={0}; - - for(int j=0; jth_sport); - s_port=ntohs(tcp->th_dport); - } - break; - case LAYER_PROTO_UDP: - // TODO: implement - // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); - udp=(const struct udphdr *)out.layers[j].udp; - if(udp!=NULL) - { - c_port=ntohs(udp->uh_sport); - s_port=ntohs(udp->uh_dport); - } - break; - case LAYER_PROTO_ICMP: - case LAYER_PROTO_ICMP6: - // TODO: implement - // ip_protocol_object_uuid=plugin_shared_ip_protocol_object_uuid_get(ip_proto); - break; - default: - continue; - } - } - - size_t max_tag_ids=MAX_TAG_IDS_NUM; - uuid_t tag_uuids[max_tag_ids]; - size_t n_tag_uuids=ipaddr_entry_tag_uuid_get(&c_net_addr, c_port, tag_uuids, max_tag_ids); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); - - n_tag_uuids=ipaddr_entry_tag_uuid_get(&s_net_addr, s_port, tag_uuids, max_tag_ids); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]), FREE_FALSE, NULL, tag_uuids, n_tag_uuids); - - if(ip4!=NULL) - { - attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip4->ip_src.s_addr, c_port); - attribute_scratch_ipv4_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip4->ip_dst.s_addr, s_port); - } - - if(ip6!=NULL) - { - attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]), FREE_FALSE, ip6->ip_src.s6_addr, c_port); - attribute_scratch_ipv6_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]), FREE_FALSE, ip6->ip_dst.s6_addr, s_port); - } - - if(c_port!=-1 && s_port!=-1) - { - attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT]), FREE_FALSE, (long long)c_port); - attribute_scratch_integer_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]), FREE_FALSE, (long long)s_port); - } - - if(ip_protocol_object_uuid!=NULL) - { - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]), FREE_FALSE, NULL, &ip_protocol_object_uuid, 1); - } - - return 1; -} - -void ie_ipport_attribute_get_from_maat_state(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, struct attribute_schema *attr_schema, struct maat_state *scan_state, int is_client_internal) -{ - enum ATTRIBUTE_SCHEMA attr_schema_idx[]={ ATTRIBUTE_SCHEMA_CLIENT_IP, ATTRIBUTE_SCHEMA_SERVER_IP, ATTRIBUTE_SCHEMA_CLIENT_PORT, ATTRIBUTE_SCHEMA_SERVER_PORT}; - for(size_t i=0; iattr_schema[attr_schema_idx[i]]); - size_t direct_object_cnt=maat_state_get_hit_object_cnt(scan_state, scanner->attr_schema[attr_schema_idx[i]]); - if(direct_object_cnt==0 && indirect_object_cnt==0) - { - continue; - } - - uuid_t direct_item_uuid[direct_object_cnt]; - uuid_t direct_object_uuid[direct_object_cnt]; - size_t direct_object_offset=maat_state_get_hit_items(scan_state, scanner->attr_schema[attr_schema_idx[i]], direct_item_uuid, direct_object_uuid, direct_object_cnt); - - uuid_t indirect_object_uuid[indirect_object_cnt]; - size_t indirect_object_offset=maat_state_get_indirect_hit_objects(scan_state, scanner->attr_schema[attr_schema_idx[i]], indirect_object_uuid, indirect_object_cnt); - - enum ATTRIBUTE_SCHEMA ie_attr_idx=ATTRIBUTE_SCHEMA_UNKNOWN; - switch(attr_schema_idx[i]) - { - case ATTRIBUTE_SCHEMA_CLIENT_IP: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_IP : ATTRIBUTE_SCHEMA_EXTERNAL_IP; - break; - case ATTRIBUTE_SCHEMA_SERVER_IP: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_IP : ATTRIBUTE_SCHEMA_INTERNAL_IP; - break; - case ATTRIBUTE_SCHEMA_CLIENT_PORT: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_INTERNAL_PORT : ATTRIBUTE_SCHEMA_EXTERNAL_PORT; - break; - case ATTRIBUTE_SCHEMA_SERVER_PORT: - ie_attr_idx=(is_client_internal==TRUE) ? ATTRIBUTE_SCHEMA_EXTERNAL_PORT : ATTRIBUTE_SCHEMA_INTERNAL_PORT; - break; - default: - break; - } - - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, direct_item_uuid, direct_object_uuid, direct_object_offset); - attribute_scratch_maat_object_fill(attr, attr_max, attr_offset, FREE_FALSE, &(attr_schema[ie_attr_idx]), FREE_FALSE, NULL, indirect_object_uuid, indirect_object_offset); - } -} - -static void packet_stage_input_callback(struct packet *rawpkt, enum packet_stage stage __attribute__((unused)), void *arg) -{ - struct scanner *scanner=(struct scanner *)arg; - if(scanner==NULL || rawpkt==NULL) - { - return ; - } - - int pkt_layer_count=packet_get_layer_count(rawpkt); - const struct layer *innermost_layer=packet_get_layer_by_idx(rawpkt, pkt_layer_count-1); - if(innermost_layer==NULL || pkt_layer_count<2) - { - return ; - } - - switch(innermost_layer->proto) - { - case LAYER_PROTO_UDP: - case LAYER_PROTO_TCP: - //TODO: lookup session - break; - case LAYER_PROTO_ICMP: - case LAYER_PROTO_ICMP6: - break; - default: - return ; - } - - struct attribute_kv *attr_kv=(struct attribute_kv *)CALLOC(struct attribute_kv, 1); - packet_set_exdata(rawpkt, scanner->pkt_scanner->exdata_idx, (void *)attr_kv); - - struct maat_state *scan_state=maat_state_new(scanner->cm_maat, 1); - - size_t offset=0; - size_t attr_max=128; - size_t attr_offset=0; - struct attribute_scratch attr[attr_max]; - int layers_count=2; - const struct layer *layers=packet_get_layer_by_idx(rawpkt, pkt_layer_count-layers_count); - cs_ipport_attribute_get_from_packet_layer(attr, attr_max, &(attr_offset), scanner->attr_schema, layers, layers_count); - attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); - attribute_scratch_reset(attr, attr_offset); - attr_offset=0; - - int is_client_internal=(packet_get_direction(rawpkt)==PACKET_DIRECTION_OUTGOING) ? TRUE : FALSE; - ie_ipport_attribute_get_from_maat_state(attr, attr_max, &(attr_offset), scanner->attr_schema, scan_state, is_client_internal); - - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]), FREE_FALSE); - attribute_scratch_not_logic_fill(attr, attr_max, &attr_offset, FREE_FALSE, &(attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]), FREE_FALSE); - - attribute_scratch_scan(scanner->cm_maat, scan_state, NULL, NULL, attr, attr_offset); - attribute_scratch_reset(attr, attr_offset); - - return ; -} - -struct packet_scanner *packet_scanner_new(struct scanner *scanner) -{ - if(scanner==NULL) - { - return NULL; - } - - struct module *pkt_mgr_mod=module_manager_get_module(scanner->mod_mgr, PACKET_MANAGER_MODULE_NAME); - struct packet_manager *pkt_mgr=module_to_packet_manager(pkt_mgr_mod); - struct mq_schema *mq_s=module_manager_get_mq_schema(scanner->mod_mgr); - - if(pkt_mgr==NULL || mq_s==NULL) - { - STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to get packet manager or mq schema"); - goto INIT_ERROR; - } - - int ret=packet_manager_subscribe(pkt_mgr, PACKET_STAGE_INPUT, packet_stage_input_callback, (void *)scanner); - if(ret<0) - { - STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to subscribe packet stage"); - goto INIT_ERROR; - } - - struct packet_scanner *pkt_scanner=CALLOC(struct packet_scanner, 1); - pkt_scanner->exdata_idx=packet_manager_new_packet_exdata_index(pkt_mgr, "SCANNER_EXDATA_SESSION", packet_scanner_exdata_free, (void *)scanner); - if(pkt_scanner->exdata_idx<0) - { - STELLAR_LOG_FATAL(scanner->logger, SCANNER_MODULE_NAME, "packet_scanner_new failed to create exdata index"); - goto INIT_ERROR; - } - - return pkt_scanner; - -INIT_ERROR: - packet_scanner_free(pkt_scanner); - return NULL; -} - -void packet_scanner_free(struct packet_scanner *pkt_scanner) -{ - if(pkt_scanner==NULL) - { - return ; - } - - FREE(pkt_scanner); -} \ No newline at end of file diff --git a/scanner/packet_scanner.h b/scanner/packet_scanner.h deleted file mode 100644 index b10a481..0000000 --- a/scanner/packet_scanner.h +++ /dev/null @@ -1,10 +0,0 @@ -#pragma once - -#include "stellar/scanner.h" -#include "stellar/module.h" - -struct packet_scanner; -void packet_scanner_free(struct packet_scanner *pkt_scanner); -struct packet_scanner *packet_scanner_new(struct scanner *scanner); - -const struct kv *packet_scanner_get_attribute(struct packet_scanner *pkt_scanner, struct packet *pkt, enum ATTRIBUTE_KV_INDEX index); \ No newline at end of file diff --git a/scanner/scanner.c b/scanner/scanner.c deleted file mode 100644 index 47dab5b..0000000 --- a/scanner/scanner.c +++ /dev/null @@ -1,270 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include "uthash/utarray.h" -#include - -#include "stellar/utils.h" -#include "stellar/scanner.h" -#include "stellar/session.h" - -#include "scanner_toml.h" -#include "scanner_shared.h" - -void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz) -{ - if(filename==NULL || device_sn==NULL || device_sn_sz==0) - { - return ; - } - - // using yyjson_read_file yyjson parser device_sn - yyjson_doc *doc=yyjson_read_file(filename, 0, NULL, NULL); - if(doc==NULL) - { - return ; - } - - yyjson_val *root=yyjson_doc_get_root(doc); - if(root==NULL) - { - goto ERROR; - } - - yyjson_val *sn=yyjson_obj_get(root, "sn"); - if(sn==NULL) - { - goto ERROR; - } - - size_t sn_sz=yyjson_get_len(sn); - memcmp(device_sn, yyjson_get_str(sn), MIN(sn_sz, device_sn_sz-1)); - -ERROR: - yyjson_doc_free(doc); - doc=NULL; -} - -int device_nic_name_to_ipv4(const char *nic_name, char *ipv4, size_t ipv4_sz, struct logger *logger) -{ - int fd=socket(AF_INET, SOCK_DGRAM, 0); - if(fd<0) - { - STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "device_nic_name_to_ipv4(%s), socket: %s", nic_name, strerror(errno)); - return ; - } - - struct ifreq ifr; - memset(ifr.ifr_ifrn.ifrn_name, 0, sizeof(ifr.ifr_ifrn.ifrn_name)); - strncpy(ifr.ifr_ifrn.ifrn_name, nic_name, sizeof(ifr.ifr_ifrn.ifrn_name)); - if(ioctl(fd, SIOCGIFADDR, &ifr)==-1) - { - STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "device_nic_name_to_ipv4(%s), ioctl SIOCGIFADDR: %s", nic_name, strerror(errno)); - } - else - { - inet_ntop(AF_INET, &((ifr.ifr_ifru.ifru_addr)->sin_addr.s_addr), ipv4, ipv4_sz); - } - - close(fd); -} - -void global_parameter_get(struct logger *logger, const char *toml_path, const char *table_key, struct global_parameter *para) -{ - toml_int_get(logger, toml_path, table_key, "traffic_vsystem_id", &(para->traffic_vsystem_id)); - toml_int_get(logger, toml_path, table_key, "default_unknown_app_id", &(para->default_unknown_app_id)); - toml_int_get(logger, toml_path, table_key, "session_record_enabled", &(para->session_record_enabled)); - - toml_string_get(logger, toml_path, table_key, "device_tag", para->device_tag, sizeof(para->device_tag)); - toml_string_get(logger, toml_path, table_key, "device_group", para->device_group, sizeof(para->device_group)); - toml_string_get(logger, toml_path, table_key, "data_center", para->data_center, sizeof(para->data_center)); - - char override_sled_ip[NAME_MAX]={0}; - toml_string_get(logger, toml_path, table_key, "override_sled_ip", override_sled_ip, sizeof(override_sled_ip)); - char *sled_ip=getenv(override_sled_ip); - if(sled_ip==NULL) - { - char nic_name[32]={0}; - toml_string_get(logger, toml_path, table_key, "nic_name", nic_name, sizeof(nic_name)); - device_nic_name_to_ipv4(nic_name, para->sled_ip,sizeof(para->sled_ip), logger); - } - else - { - memcpy(para->sled_ip, sled_ip, MIN(sizeof(para->sled_ip)-1, strlen(sled_ip))); - } - - char device_sn_filename[NAME_MAX]={0}; - toml_string_get(logger, toml_path, table_key, "device_sn_filename", device_sn_filename, sizeof(device_sn_filename)); - device_sn_value_parser(device_sn_filename, para->device_sn, sizeof(para->device_sn)); -} - -void scanner_print_debug_hit_rule(struct scanner *scanner, const char *readable_addr, const char *tablename, uuid_t *rule_uuid_list, size_t rule_uuid_num) -{ - if(rule_uuid_num==0) - { - return ; - } - - yyjson_mut_doc *doc=yyjson_mut_doc_new(NULL); - yyjson_mut_val *root=yyjson_mut_obj(doc); - yyjson_mut_doc_set_root(doc, root); - yyjson_mut_obj_add_str(doc, root, "addr", ((readable_addr!=NULL) ? readable_addr : "")); - yyjson_mut_val *rule_array=yyjson_mut_arr(doc); - for(size_t i=0; ilogger, SCANNER_MODULE_NAME, "debug_hitted_rule_print: %s", json_str); - FREE(json_str); -} - -void scanner_print_debug_hit_object(struct scanner *scanner, const char *readable_addr, struct maat_hit_object *hit_object_list, size_t hit_object_num) -{ - if(hit_object_num==0) - { - return ; - } - - yyjson_mut_doc *doc=yyjson_mut_doc_new(NULL); - yyjson_mut_val *root=yyjson_mut_obj(doc); - yyjson_mut_doc_set_root(doc, root); - yyjson_mut_obj_add_str(doc, root, "addr", ((readable_addr!=NULL) ? readable_addr : "")); - yyjson_mut_val *hit_object_array=yyjson_mut_arr(doc); - for(size_t i=0; ilogger, SCANNER_MODULE_NAME, "debug_hit_object_print: %s", json_str); - FREE(json_str); -} - -uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PROTOCOL ipproto) -{ - switch(ipproto) - { - case IP_PROTOCOL_TCP: - case IP_PROTOCOL_UDP: - case IP_PROTOCOL_ICMP: - return &(scanner->ip_protocol_object_uuid[ipproto]); - default: - break; - } - - return NULL; -} - -uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value) -{ - return ((value==true) ? &(matcher->boolean_true_object_uuid) : &(matcher->boolean_false_object_uuid)); -} - -void scanner_default_parameter_init(struct default_parameter *para) -{ - uuid_parse("00000000-0000-0000-0000-000000000002", para->boolean_true_object_uuid); - uuid_parse("00000000-0000-0000-0000-000000000003", para->boolean_false_object_uuid); - - uuid_parse("00000000-0000-0000-0000-000000000005", para->ip_protocol_object_uuid[IP_PROTOCOL_ICMP]); - uuid_parse("00000000-0000-0000-0000-000000000006", para->ip_protocol_object_uuid[IP_PROTOCOL_TCP]); - uuid_parse("00000000-0000-0000-0000-000000000007", para->ip_protocol_object_uuid[IP_PROTOCOL_UDP]); - - for(int i=0; itunnel_level_object_uuid[i]); - } - - para->tunnel_app_id[TUNNEL_TYPE_GRE]=58; - para->tunnel_app_id[TUNNEL_TYPE_GTP]=59; - para->tunnel_app_id[TUNNEL_TYPE_GTPV2]=735; - para->tunnel_app_id[TUNNEL_TYPE_IP_IN_IP]=0; - para->tunnel_app_id[TUNNEL_TYPE_NONE]=0; -} - -struct scanner *scanner_module_to_scanner(struct module *mod) -{ - if(mod==NULL)return NULL; - if(strcmp(module_get_name(mod), SCANNER_MODULE_NAME)!=0)return NULL; - return (struct scanner *)module_get_ctx(mod); -} - -struct module *scanner_module_init(struct module_manager *mod_mgr) -{ - if(mod_mgr==NULL)return NULL; - - struct scanner *scanner=CALLOC(struct scanner, 1); - struct module *mod=module_new(SCANNER_MODULE_NAME, (void *)scanner); - if(mod==NULL) - { - goto INIT_ERROR; - } - - scanner->mod_mgr=mod_mgr; - scanner->logger=module_manager_get_logger(mod_mgr); - scanner_default_parameter_init(&(scanner->default_para)); - attribute_schema_init(scanner->attr_schema, ATTRIBUTE_SCHEMA_MAX); - - int max_thread_num=module_manager_get_max_thread_num(mod_mgr); - const char *toml_path=module_manager_get_toml_path(mod_mgr); - global_parameter_get(scanner->logger, toml_path, "scanner", &(scanner->default_para)); - - scanner->maat=scanner_maat_new(scanner->logger, toml_path, max_thread_num); - if(scanner->maat==NULL) - { - goto INIT_ERROR; - } - - session_scanner_new(mod_mgr, scanner) - - return mod; - -INIT_ERROR: - scanner_module_exit(mod_mgr, mod); - exit(-1); - return NULL; -} - -void scanner_module_exit(struct module_manager *mod_mgr, struct module *mod) -{ - if(mod_mgr==NULL)return; - if(mod) - { - struct scanner *scanner=(struct scanner *)module_get_ctx(mod); - FREE(scanner); - module_free(mod); - } -} diff --git a/scanner/scanner_internal.h b/scanner/scanner_internal.h deleted file mode 100644 index 48fe39d..0000000 --- a/scanner/scanner_internal.h +++ /dev/null @@ -1,71 +0,0 @@ -#pragma once - -#include -#include -#include -#include -#include - -#include - -#include "attribute_schema.h" - -struct global_parameter -{ - char sled_ip[NAME_MAX]; - char device_id[NAME_MAX]; - char device_sn[NAME_MAX]; - char device_tag[NAME_MAX]; - char data_center[NAME_MAX]; - char device_group[NAME_MAX]; - - int traffic_vsystem_id; - int default_unknown_app_id; - int session_record_enabled; -}; - -struct default_parameter -{ - int32_t tunnel_app_id[TUNNEL_TYPE_MAX]; - uuid_t boolean_true_object_uuid; - uuid_t boolean_false_object_uuid; - uuid_t ip_protocol_object_uuid[IP_PROTOCOL_MAX]; - uuid_t tunnel_level_object_uuid[TUNNEL_LEVEL_NUM]; -}; - -struct scanner -{ - struct logger *logger; - struct module_manager *mod_mgr; - struct default_parameter default_para; - struct global_parameter global_para; - - struct scanner_maat *cm_maat; - struct scanner_maat *sd_maat; - - struct packet_scanner *pkt_scanner; - struct attribute_schema attr_schema[ATTRIBUTE_SCHEMA_MAX]; -}; - -enum IP_PROTOCOL -{ - IP_PROTOCOL_UNKNOWN=0, - IP_PROTOCOL_ICMP=1, - IP_PROTOCOL_TCP, - IP_PROTOCOL_UDP, - IP_PROTOCOL_MAX -}; - -int32_t scanner_get_default_app_id(struct scanner *scanner); -uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value); - -int32_t scanner_get_tunnel_app_id(struct scanner *scanner, enum TUNNEL_TYPE tunnel_type); -uuid_t *scanner_get0_tunnel_level_object_uuid(struct scanner *scanner, int32_t tunnel_level); - -const char *scanner_get_rule_table_alias_name(struct scanner *scanner, enum RULE_TYPE type); - -void scanner_message_hit_rule_free(struct packet *rawpkt, void *msg, void *msg_free_arg); -void scanner_message_hit_object_free(struct packet *rawpkt, void *msg, void *msg_free_arg); - -void scanner_print_debug_hit_object(struct scanner *scanner, const char *readable_addr, struct maat_hit_object *hit_object_list, size_t hit_object_num); -void scanner_print_debug_hit_rule(struct scanner *scanner, const char *readable_addr, const char *tablename, uuid_t *rule_uuid_list, size_t rule_uuid_num); diff --git a/scanner/scanner_maat.c b/scanner/scanner_maat.c index e446830..0270e1b 100644 --- a/scanner/scanner_maat.c +++ b/scanner/scanner_maat.c @@ -8,9 +8,37 @@ #include "scanner_maat.h" #include "scanner_toml.h" +#include "scanner_module.h" #define MAX_MATCH_RULES_NUM 128 +enum CM_MAAT_PLUGIN +{ + CM_MAAT_PLUGIN_APP_ID_DICT=0, + CM_MAAT_PLUGIN_SESSION_OPTION, //T_VSYS_INFO, + CM_MAAT_PLUGIN_POLICY_OBJECT, + CM_MAAT_PLUGIN_LIBRARY_TAG, + CM_MAAT_PLUGIN_IP_ADDR_ENTRY, + CM_MAAT_PLUGIN_FQDN_ENTRY, + CM_MAAT_PLUGIN_ATTRIBUTE_DICT, + CM_MAAT_PLUGIN_MAX +}; + +enum SD_MAAT_PLUGIN +{ + SD_MAAT_PLUGIN_GTP_IP2SIGNALING=0, + SD_MAAT_PLUGIN_DYNAMIC_IPPORT_MAPPING, + SD_MAAT_PLUGIN_MAX +}; + +struct maat_plugin_table +{ + const char *name; + maat_ex_new_func_t *ex_new; + maat_ex_free_func_t *ex_free; + maat_ex_dup_func_t *ex_dup; +}; + struct maat_parameter { bool stat_enabled; @@ -36,32 +64,6 @@ struct maat_parameter char foreign_content_dir[PATH_MAX]; }; -struct maat_plugin_table -{ - const char *name; - maat_ex_new_func_t *ex_new; - maat_ex_free_func_t *ex_free; - maat_ex_dup_func_t *ex_dup; -}; - -enum CM_MAAT_PLUGIN -{ - CM_MAAT_PLUGIN_APP_ID_DICT=0, - CM_MAAT_PLUGIN_SESSION_OPTION, //T_VSYS_INFO, - CM_MAAT_PLUGIN_POLICY_OBJECT, - CM_MAAT_PLUGIN_LIBRARY_TAG, - CM_MAAT_PLUGIN_IP_ADDR_ENTRY, - CM_MAAT_PLUGIN_FQDN_ENTRY, - CM_MAAT_PLUGIN_ATTRIBUTE_DICT, - CM_MAAT_PLUGIN_MAX -}; - -enum SD_MAAT_PLUGIN -{ - SD_MAAT_PLUGIN_GTP_IP2SIGNALING=0, - SD_MAAT_PLUGIN_DYNAMIC_IPPORT_MAPPING, - SD_MAAT_PLUGIN_MAX -}; struct scanner_maat { @@ -216,11 +218,6 @@ void scanner_maat_exdata_app_id_dict_free(const char *table_name __attribute__(( *ad=NULL; } -const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid) -{ - return (struct app_id_dict *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_APP_ID_DICT].name, (const char *)&appid, sizeof(appid)); -} - void scanner_maat_virtual_system_parameter_new(const char *table_name __attribute__((unused)), const char *key __attribute__((unused)), const char *table_line, void **ad, long argl __attribute__((unused)), void *argp __attribute__((unused))) { yyjson_doc *doc=yyjson_read(table_line, strlen(table_line), 0); @@ -275,7 +272,7 @@ void scanner_maat_virtual_system_parameter_free(const char *table_name __attribu const struct virtual_system_parameter *scanner_maat_get_virtual_system_parameter(struct scanner_maat *cm_maat, int32_t t_vsys_id) { - return (struct virtual_system_parameter *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_SESSION_OPTION].name, (const char *)&t_vsys_id, sizeof(t_vsys_id)); + return (const struct virtual_system_parameter *)maat_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_SESSION_OPTION].name, (const char *)&t_vsys_id, sizeof(t_vsys_id)); } enum POLICY_OBJECT_OPTION object_statistics_option_convert(char *option) @@ -569,7 +566,7 @@ void scanner_maat_exdata_fqdn_entry_free(const char *table_name __attribute__((u int scanner_maat_get0_fqdn_entry(struct scanner_maat *cm_maat, char *server_fqdn, struct plugin_entry **exdata, size_t n_exdata) { - return maat_fqdn_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_FQDN_ENTRY].name, server_fqdn, (void **)exdata, n_exdata); + return (int)maat_fqdn_plugin_table_get_ex_data(cm_maat->feather, cm_maat->plugin_table[CM_MAAT_PLUGIN_FQDN_ENTRY].name, server_fqdn, (void **)exdata, n_exdata); } void mobile_identify_parse(yyjson_val *mobile_identify, struct user_identification *uid, const char *table_name __attribute__((unused))) @@ -980,6 +977,11 @@ void scanner_maat_free(struct scanner_maat *cm_maat) FREE(cm_maat); } +struct maat *scanner_cm_maat_get_feather(struct scanner_maat *cm_maat) +{ + return ((cm_maat==NULL) ? NULL : cm_maat->feather); +} + void scanner_cm_maat_free(struct scanner_maat *cm_maat) { scanner_maat_free(cm_maat); diff --git a/scanner/scanner_maat.h b/scanner/scanner_maat.h index 918a872..2ca41ea 100644 --- a/scanner/scanner_maat.h +++ b/scanner/scanner_maat.h @@ -1,7 +1,7 @@ #pragma once #include -#include +#include "stellar/scanner.h" #ifdef __cplusplus extern "C" @@ -13,6 +13,7 @@ struct scanner_maat; /* cm maat api */ void scanner_cm_maat_free(struct scanner_maat *cm_maat); struct scanner_maat *scanner_cm_maat_new(struct logger *logger, const char *toml_path, int max_thread_num); +struct maat *scanner_cm_maat_get_feather(struct scanner_maat *cm_maat); enum POLICY_OBJECT_OPTION { @@ -88,9 +89,6 @@ struct app_id_dict char *action_parameter; }; -const struct app_id_dict *scanner_maat_get_app_id_dict(struct scanner_maat *cm_maat, int32_t appid); - - void scanner_scan_not_logic_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name); void scanner_scan_object_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uuid_t *object_uuid, uuid_t *item_uuid, size_t n_uuids); void scanner_scan_flag_attribute(struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *readable_addr, const char *attribute_name, uint64_t scan_flag); diff --git a/scanner/scanner_module.c b/scanner/scanner_module.c new file mode 100644 index 0000000..0ecb6c8 --- /dev/null +++ b/scanner/scanner_module.c @@ -0,0 +1,270 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "uthash/utarray.h" +#include + +#include "stellar/utils.h" +#include "stellar/scanner.h" +#include "stellar/session.h" + +#include "scanner_toml.h" +#include "scanner_maat.h" +#include "scanner_module.h" +#include "packet_based_scanner.h" +#include "session_based_scanner.h" + +void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz) +{ + if(filename==NULL || device_sn==NULL || device_sn_sz==0) + { + return ; + } + + // using yyjson_read_file yyjson parser device_sn + yyjson_doc *doc=yyjson_read_file(filename, 0, NULL, NULL); + if(doc==NULL) + { + return ; + } + + yyjson_val *root=yyjson_doc_get_root(doc); + if(root==NULL) + { + goto ERROR; + } + + yyjson_val *sn=yyjson_obj_get(root, "sn"); + if(sn==NULL) + { + goto ERROR; + } + + size_t sn_sz=yyjson_get_len(sn); + memcpy(device_sn, yyjson_get_str(sn), MIN(sn_sz, device_sn_sz-1)); + +ERROR: + yyjson_doc_free(doc); + doc=NULL; +} + +int device_nic_name_to_ipv4(const char *nic_name, char *ipv4, size_t ipv4_sz, struct logger *logger) +{ + int fd=socket(AF_INET, SOCK_DGRAM, 0); + if(fd<0) + { + STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "device_nic_name_to_ipv4(%s), socket: %s", nic_name, strerror(errno)); + return -1; + } + + struct ifreq ifr; + memset(ifr.ifr_ifrn.ifrn_name, 0, sizeof(ifr.ifr_ifrn.ifrn_name)); + strncpy(ifr.ifr_ifrn.ifrn_name, nic_name, sizeof(ifr.ifr_ifrn.ifrn_name)); + if(ioctl(fd, SIOCGIFADDR, &ifr)==-1) + { + STELLAR_LOG_FATAL(logger, SCANNER_MODULE_NAME, "device_nic_name_to_ipv4(%s), ioctl SIOCGIFADDR: %s", nic_name, strerror(errno)); + } + else + { + // inet_ntop(AF_INET, &((ifr.ifr_ifru.ifru_addr)->sin_addr.s_addr), ipv4, ipv4_sz); + inet_ntop(AF_INET, &((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr, ipv4, ipv4_sz); + } + + close(fd); + + return 1; +} + +void global_parameter_get(struct logger *logger, const char *toml_path, const char *table_key, struct global_parameter *para) +{ + toml_int_get(logger, toml_path, table_key, "traffic_vsystem_id", &(para->traffic_vsystem_id)); + toml_int_get(logger, toml_path, table_key, "default_unknown_app_id", &(para->default_unknown_app_id)); + toml_int_get(logger, toml_path, table_key, "session_record_enabled", &(para->session_record_enabled)); + + toml_string_get(logger, toml_path, table_key, "device_tag", para->device_tag, sizeof(para->device_tag)); + toml_string_get(logger, toml_path, table_key, "device_group", para->device_group, sizeof(para->device_group)); + toml_string_get(logger, toml_path, table_key, "data_center", para->data_center, sizeof(para->data_center)); + + char override_sled_ip[NAME_MAX]={0}; + toml_string_get(logger, toml_path, table_key, "override_sled_ip", override_sled_ip, sizeof(override_sled_ip)); + char *sled_ip=getenv(override_sled_ip); + if(sled_ip==NULL) + { + char nic_name[32]={0}; + toml_string_get(logger, toml_path, table_key, "nic_name", nic_name, sizeof(nic_name)); + device_nic_name_to_ipv4(nic_name, para->sled_ip,sizeof(para->sled_ip), logger); + } + else + { + memcpy(para->sled_ip, sled_ip, MIN(sizeof(para->sled_ip)-1, strlen(sled_ip))); + } + + char device_sn_filename[NAME_MAX]={0}; + toml_string_get(logger, toml_path, table_key, "device_sn_filename", device_sn_filename, sizeof(device_sn_filename)); + device_sn_value_parser(device_sn_filename, para->device_sn, sizeof(para->device_sn)); +} + +void scanner_print_debug_hit_rule(struct scanner *scanner, const char *readable_addr, const char *tablename, uuid_t *rule_uuid_list, size_t rule_uuid_num) +{ + if(rule_uuid_num==0) + { + return ; + } + + yyjson_mut_doc *doc=yyjson_mut_doc_new(NULL); + yyjson_mut_val *root=yyjson_mut_obj(doc); + yyjson_mut_doc_set_root(doc, root); + yyjson_mut_obj_add_str(doc, root, "addr", ((readable_addr!=NULL) ? readable_addr : "")); + yyjson_mut_val *rule_array=yyjson_mut_arr(doc); + for(size_t i=0; ilogger, SCANNER_MODULE_NAME, "debug_hitted_rule_print: %s", json_str); + FREE(json_str); +} + +void scanner_print_debug_hit_object(struct scanner *scanner, const char *readable_addr, struct maat_hit_object *hit_object_list, size_t hit_object_num) +{ + if(hit_object_num==0) + { + return ; + } + + yyjson_mut_doc *doc=yyjson_mut_doc_new(NULL); + yyjson_mut_val *root=yyjson_mut_obj(doc); + yyjson_mut_doc_set_root(doc, root); + yyjson_mut_obj_add_str(doc, root, "addr", ((readable_addr!=NULL) ? readable_addr : "")); + yyjson_mut_val *hit_object_array=yyjson_mut_arr(doc); + for(size_t i=0; ilogger, SCANNER_MODULE_NAME, "debug_hit_object_print: %s", json_str); + FREE(json_str); +} + +uuid_t *scanner_get_ip_protocol_object_uuid(struct scanner *scanner, enum IP_PROTOCOL ipproto) +{ + switch(ipproto) + { + case IP_PROTOCOL_TCP: + case IP_PROTOCOL_UDP: + case IP_PROTOCOL_ICMP: + return &(scanner->default_para.ip_protocol_object_uuid[ipproto]); + default: + break; + } + + return NULL; +} + +uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value) +{ + return ((value==true) ? &(scanner->default_para.boolean_true_object_uuid) : &(scanner->default_para.boolean_false_object_uuid)); +} + +void scanner_default_parameter_init(struct default_parameter *para) +{ + uuid_parse("00000000-0000-0000-0000-000000000002", para->boolean_true_object_uuid); + uuid_parse("00000000-0000-0000-0000-000000000003", para->boolean_false_object_uuid); + + uuid_parse("00000000-0000-0000-0000-000000000005", para->ip_protocol_object_uuid[IP_PROTOCOL_ICMP]); + uuid_parse("00000000-0000-0000-0000-000000000006", para->ip_protocol_object_uuid[IP_PROTOCOL_TCP]); + uuid_parse("00000000-0000-0000-0000-000000000007", para->ip_protocol_object_uuid[IP_PROTOCOL_UDP]); +} + +struct maat *scanner_get_maat_instance(struct scanner *scanner) +{ + if(scanner==NULL) + { + return NULL; + } + + return scanner_cm_maat_get_feather(scanner->cm_maat); +} + +struct scanner *scanner_module_to_scanner(struct module *mod) +{ + if(mod==NULL)return NULL; + if(strcmp(module_get_name(mod), SCANNER_MODULE_NAME)!=0)return NULL; + return (struct scanner *)module_get_ctx(mod); +} + +void scanner_module_exit(struct module_manager *mod_mgr, struct module *mod) +{ + if(mod_mgr==NULL)return; + if(mod) + { + struct scanner *scanner=(struct scanner *)module_get_ctx(mod); + FREE(scanner); + module_free(mod); + } +} + +struct module *scanner_module_init(struct module_manager *mod_mgr) +{ + if(mod_mgr==NULL)return NULL; + + struct scanner *scanner=CALLOC(struct scanner, 1); + struct module *mod=module_new(SCANNER_MODULE_NAME, (void *)scanner); + if(mod==NULL) + { + goto INIT_ERROR; + } + + scanner->mod_mgr=mod_mgr; + scanner->logger=module_manager_get_logger(mod_mgr); + scanner_default_parameter_init(&(scanner->default_para)); + attribute_schema_init(scanner->attr_schema, ATTRIBUTE_SCHEMA_MAX); + + const char *toml_path=module_manager_get_toml_path(mod_mgr); + global_parameter_get(scanner->logger, toml_path, "scanner", &(scanner->global_para)); + + scanner->pkt_scanner=packet_scanner_new(scanner); + scanner->sess_scanner=session_scanner_new(scanner); + + return mod; + +INIT_ERROR: + scanner_module_exit(mod_mgr, mod); + exit(-1); + return NULL; +} \ No newline at end of file diff --git a/scanner/scanner_module.h b/scanner/scanner_module.h new file mode 100644 index 0000000..89a80a4 --- /dev/null +++ b/scanner/scanner_module.h @@ -0,0 +1,65 @@ +#pragma once + +#include +#include +#include +#include +#include + +#include + +#include "attribute_schema.h" + +enum IP_PROTOCOL +{ + IP_PROTOCOL_UNKNOWN=0, + IP_PROTOCOL_ICMP=1, + IP_PROTOCOL_TCP, + IP_PROTOCOL_UDP, + IP_PROTOCOL_MAX +}; + +struct global_parameter +{ + char sled_ip[NAME_MAX]; + char device_id[NAME_MAX]; + char device_sn[NAME_MAX]; + char device_tag[NAME_MAX]; + char data_center[NAME_MAX]; + char device_group[NAME_MAX]; + + int traffic_vsystem_id; + int default_unknown_app_id; + int session_record_enabled; +}; + +struct default_parameter +{ + uuid_t boolean_true_object_uuid; + uuid_t boolean_false_object_uuid; + uuid_t ip_protocol_object_uuid[IP_PROTOCOL_MAX]; +}; + +struct scanner_maat; +struct packet_scanner; +struct session_scanner; + +struct scanner +{ + struct logger *logger; + struct module_manager *mod_mgr; + struct default_parameter default_para; + struct global_parameter global_para; + + struct scanner_maat *cm_maat; + struct scanner_maat *sd_maat; + + struct packet_scanner *pkt_scanner; + struct session_scanner *sess_scanner; + struct attribute_schema attr_schema[ATTRIBUTE_SCHEMA_MAX]; +}; + +uuid_t *scanner_get0_boolean_object_uuid(struct scanner *scanner, bool value); + +void scanner_print_debug_hit_object(struct scanner *scanner, const char *readable_addr, struct maat_hit_object *hit_object_list, size_t hit_object_num); +void scanner_print_debug_hit_rule(struct scanner *scanner, const char *readable_addr, const char *tablename, uuid_t *rule_uuid_list, size_t rule_uuid_num); diff --git a/scanner/session_based_scanner.c b/scanner/session_based_scanner.c new file mode 100644 index 0000000..a154b68 --- /dev/null +++ b/scanner/session_based_scanner.c @@ -0,0 +1,72 @@ +#include +#include +#include + +#include "stellar/utils.h" +#include "stellar/session.h" + +#include "attribute_kv.h" +#include "session_based_scanner.h" + +struct session_scanner +{ + int exdata_idx; + struct scannner *scanner; + struct logger *logger; +}; + +// static void session_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) +// { +// if(ex_ptr==NULL)return; +// FREE(ex_ptr); +// } + +const struct utable_kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index) +{ + if(sess_scanner==NULL || sess==NULL || index>=ATTRIBUTE_KV_MAX || index<=ATTRIBUTE_KV_UNKNOWN) + { + return NULL; + } + + return attribute_kv_get((struct attribute_kv *)session_get_exdata(sess, sess_scanner->exdata_idx), index); +} + +void session_based_scanner_node_entry(struct packet *pkt __attribute__((unused)), struct module *mod __attribute__((unused))) +{ + +} + +struct session_scanner *session_scanner_new(struct scanner *scanner) +{ + if(scanner==NULL) + { + return NULL; + } + + struct session_scanner *sess_scanner=CALLOC(struct session_scanner, 1); +// sess_scanner->scanner=scanner; +// sess_scanner->logger=module_manager_get_logger(mod_mgr); + +// sess_scanner->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "SCANNER_EXDATA_SESSION", session_scanner_exdata_free, NULL); +// if(sess_scanner->exdata_idx<0) +// { +// STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to create exdata index"); +// goto INIT_ERROR; +// } + + return sess_scanner; + +// // INIT_ERROR: +// // session_scanner_free(sess_scanner); +// return NULL; +} + +void session_scanner_free(struct session_scanner *sess_scanner) +{ + if(sess_scanner==NULL) + { + return ; + } + + FREE(sess_scanner); +} \ No newline at end of file diff --git a/scanner/session_based_scanner.h b/scanner/session_based_scanner.h new file mode 100644 index 0000000..c6bcbec --- /dev/null +++ b/scanner/session_based_scanner.h @@ -0,0 +1,23 @@ +#pragma once + +#include "utable/utable.h" + +#include "stellar/module.h" +#include "stellar/scanner.h" +#include "stellar/session.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + +struct session_scanner; + +const struct utable_kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); +struct session_scanner *session_scanner_new(struct scanner *scanner); +void session_scanner_free(struct session_scanner *sess_scanner); + + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/scanner/session_scanner.c b/scanner/session_scanner.c deleted file mode 100644 index dad6ea2..0000000 --- a/scanner/session_scanner.c +++ /dev/null @@ -1,83 +0,0 @@ -#include -#include -#include - -#include "stellar/utils.h" -#include "stellar/session.h" -#include "stellar/session_scanner.h" - -struct session_scanner -{ - int exdata_idx; - struct scannner *scanner; - struct logger *logger; -}; - -static void session_scanner_exdata_free(int idx __unused, void *ex_ptr, void *arg __unused) -{ - if(ex_ptr==NULL)return; - FREE(ex_ptr); -} - -const struct kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index) -{ - if(sess_scanner==NULL || sess==NULL || index>=ATTRIBUTE_INDEX_MAX || index<=ATTRIBUTE_KV_UNKNOWN) - { - return NULL; - } - - return attribute_kv_get((struct attribute_kv *)session_get_exdata(sess, sess_scanner->exdata_idx), index); -} - -static void session_scanner_on_session(struct session *sess, enum session_state state, struct packet *pkt, void *args) -{ - -} - -struct session_scanner *session_scanner_new(struct module_manager *mod_mgr, struct scanner *scanner) -{ - if(mod_mgr==NULL || scanner==NULL) - { - return NULL; - } - - struct session_scanner *sess_scanner=CALLOC(struct session_scanner, 1); - sess_scanner->scanner=scanner; - sess_scanner->logger=module_manager_get_logger(mod_mgr); - - struct module *sess_mgr_mod=module_manager_get_module(mod_mgr, SESSION_MANAGER_MODULE_NAME); - struct session_manager *sess_mgr=module_to_session_manager(sess_mgr_mod); - struct mq_schema *mq_s=module_manager_get_mq_schema(mod_mgr); - - if(sess_mgr==NULL || mq_s==NULL) - { - STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to get session manager or mq schema"); - goto INIT_ERROR; - } - - session_manager_subscribe_tcp(sess_mgr, session_scanner_on_session, sess_scanner); - session_manager_subscribe_udp(sess_mgr, session_scanner_on_session, sess_scanner); - - sess_scanner->exdata_idx=session_manager_new_session_exdata_index(sess_mgr, "SCANNER_EXDATA_SESSION", session_scanner_exdata_free, NULL); - if(sess_scanner->exdata_idx<0) - { - STELLAR_LOG_FATAL(sess_scanner->logger, SCANNER_MODULE_NAME, "session_scanner_new failed to create exdata index"); - goto INIT_ERROR; - } - - return sess_scanner; - -INIT_ERROR: - session_scanner_free(sess_scanner); - return NULL; -} - -void session_scanner_free(struct session_scanner *sess_scanner) -{ - if(sess_scanner==NULL) - { - return ; - } - - FREE(sess_scanner); -} \ No newline at end of file diff --git a/scanner/session_scanner.h b/scanner/session_scanner.h deleted file mode 100644 index 3496d10..0000000 --- a/scanner/session_scanner.h +++ /dev/null @@ -1,8 +0,0 @@ -#pragma once - -#include "stellar/scanner.h" -#include "stellar/module.h" - -const struct kv *session_scanner_get_attribute(struct session_scanner *sess_scanner, struct session *sess, enum ATTRIBUTE_KV_INDEX index); -struct session_scanner *session_scanner_new(struct module_manager *mod_mgr, struct scanner *scanner); -void session_scanner_free(struct session_scanner *sess_scanner) \ No newline at end of file -- cgit v1.2.3