1 files changed, 125 insertions, 54 deletions

diff --git a/src/entry/Maat_command.cpp b/src/entry/Maat_command.cpp
index cbeebed..a86d303 100644
--- a/src/entry/Maat_command.cpp
+++ b/src/entry/Maat_command.cpp
@@ -192,6 +192,9 @@ int get_valid_flag_offset(const char* line, enum MAAT_TABLE_TYPE type,int valid_
 		case	TABLE_TYPE_IP:

 			column_seq=14;

 			break;

+		case	TABLE_TYPE_IP_PLUS:

+			column_seq=18;

+			break;

 		case	TABLE_TYPE_COMPILE:

 			column_seq=8;

 			break;

@@ -239,13 +242,39 @@ int invalidate_line(char* line, enum MAAT_TABLE_TYPE type,int valid_column_seq)
 	line[i]='0';

 	return 0;

 }

-void serialize_region(const struct Maat_region_t* p,int group_id, char* buff,int size)

+void serialize_group(const struct Maat_group_t* p_group, enum MAAT_OPERATION op, char* buff, size_t sz)

+{

+	if(op==MAAT_OP_RENEW_TIMEOUT) op=MAAT_OP_ADD;

+	snprintf(buff, sz, "%d\t%d\t%d\t%d\t%d", p_group->group_id, 

+									p_group->parent_id,

+									op,

+									p_group->not_flag,

+									p_group->parent_type);

+	return;

+}

+void serialize_compile(const struct Maat_rule_t* p_m_rule, const char* huge_service_defined, int group_num, enum MAAT_OPERATION op, char* buff, size_t sz)

+{

+	if(op==MAAT_OP_RENEW_TIMEOUT) op=MAAT_OP_ADD;

+	const char* service_define=huge_service_defined?huge_service_defined:(strlen(p_m_rule->service_defined)?p_m_rule->service_defined:"null");

+

+	snprintf(buff, sz,"%d\t%d\t%hhd\t%hhd\t%hhd\t0\t%s\t%d\t%d", 

+		p_m_rule->config_id,

+		p_m_rule->service_id,

+		p_m_rule->action,

+		p_m_rule->do_blacklist,

+		p_m_rule->do_log,

+		service_define,

+		op,

+		group_num);

+	return;

+}

+void serialize_region(const struct Maat_region_t* p, int group_id, char* buff, size_t sz)

 {

-	UNUSED int ret=0;

+	UNUSED size_t ret=0;

 	switch(p->region_type)

 	{

 		case REGION_IP:

-			ret=snprintf(buff,size,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t1"

+			ret=snprintf(buff,sz,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t1"

 					,p->region_id

 					,group_id

 					,p->ip_rule.addr_type

@@ -263,7 +292,7 @@ void serialize_region(const struct Maat_region_t* p,int group_id, char* buff,int
 		case REGION_EXPR:

 			if(p->expr_rule.district==NULL)

 			{

-				ret=snprintf(buff,size,"%d\t%d\t%s\t%d\t%d\t%d\t1"

+				ret=snprintf(buff,sz,"%d\t%d\t%s\t%d\t%d\t%d\t1"

 						,p->region_id

 						,group_id

 						,p->expr_rule.keywords

@@ -273,7 +302,7 @@ void serialize_region(const struct Maat_region_t* p,int group_id, char* buff,int
 			}

 			else	//expr_plus

 			{

-				ret=snprintf(buff,size,"%d\t%d\t%s\t%s\t%d\t%d\t%d\t1"

+				ret=snprintf(buff,sz,"%d\t%d\t%s\t%s\t%d\t%d\t%d\t1"

 						,p->region_id

 						,group_id

 						,p->expr_rule.keywords

@@ -284,14 +313,14 @@ void serialize_region(const struct Maat_region_t* p,int group_id, char* buff,int
 			}

 			break;

 		case REGION_INTERVAL:

-			ret=snprintf(buff,size,"%d\t%d\t%u\t%u\t1"

+			ret=snprintf(buff,sz,"%d\t%d\t%u\t%u\t1"

 					,p->region_id

 					,group_id

 					,p->interval_rule.low_boundary

 					,p->interval_rule.up_boundary);

 			break;

 		case REGION_DIGEST:

-			ret=snprintf(buff,size,"%d\t%d\t%llu\t%s\t%hd\t1"

+			ret=snprintf(buff,sz,"%d\t%d\t%llu\t%s\t%hd\t1"

 					,p->region_id

 					,group_id

 					,p->digest_rule.orgin_len

@@ -299,7 +328,7 @@ void serialize_region(const struct Maat_region_t* p,int group_id, char* buff,int
 					,p->digest_rule.confidence_degree);

 			break;

 		case REGION_SIMILARITY:

-			ret=snprintf(buff,size,"%d\t%d\t%s\t%hd\t1"

+			ret=snprintf(buff,sz,"%d\t%d\t%s\t%hd\t1"

 					,p->region_id

 					,group_id

 					,p->similarity_rule.target

@@ -308,7 +337,7 @@ void serialize_region(const struct Maat_region_t* p,int group_id, char* buff,int
 		default:

 			assert(0);

 	}

-	assert(ret<size);

+	assert(ret<sz);

 	return;

 }

 void empty_serial_rules(struct serial_rule_t* rule)

@@ -329,15 +358,15 @@ void empty_serial_rules(struct serial_rule_t* rule)
 	memset(rule,0,sizeof(struct serial_rule_t));

 	return;

 }

-void set_serial_rule(struct serial_rule_t* rule,enum MAAT_OPERATION op,int rule_id,int label_id,const char* table_name,const char* line, long long timeout)

+void set_serial_rule(struct serial_rule_t* rule, enum MAAT_OPERATION op,int rule_id,int label_id,const char* table_name,const char* line, long long timeout)

 {

+	memset(rule, 0, sizeof(struct serial_rule_t));

 	rule->op=op;

 	rule->rule_id=rule_id;

 	rule->label_id=label_id;

 	rule->timeout=timeout;

 	assert(strlen(table_name)<sizeof(rule->table_name));

-	memset(rule->table_name, 0, sizeof(rule->table_name));	

-	memcpy(rule->table_name,table_name,strlen(table_name));

+	strncpy(rule->table_name, table_name, sizeof(rule->table_name));

 	if(line!=NULL)

 	{

 		rule->table_line=_maat_strdup(line);

@@ -836,35 +865,35 @@ int reconstruct_cmd(struct _Maat_feather_t *feather, struct _Maat_cmd_inner_t* _
 	struct Maat_group_t* group_cmd=NULL;

 	struct Maat_region_t* region_cmd=NULL;

 

-	struct Maat_compile_inner_t *compile_inner=NULL;

-	struct Maat_group_inner_t* group_inner=NULL;

-	struct _Maat_region_inner_t* region_inner=NULL;

+	struct Maat_compile_group_relation *relation=NULL;

+	struct Maat_group_inner* group_inner=NULL;

+	struct Maat_region_inner* region_inner=NULL;

 	void* logger=feather->logger;

 

 	int config_id=cmd->compile.config_id;

 	if(feather->scanner==NULL)

 	{

-		MESA_handle_runtime_log(logger,RLOG_LV_INFO,maat_command 

+		MESA_handle_runtime_log(logger, RLOG_LV_INFO, maat_command 

 				,"MAAT not ready.");

 		return -1;

 	}

-	compile_inner=(struct Maat_compile_inner_t *)HASH_fetch_by_id(feather->scanner->compile_hash, config_id);

-	//Operation on compile_inner is thread safe, no immediate memory free when delete a compile rule or a scanner.

-	//In another words, if the compile_inner is accessable from compile means, its was valid in at least 10 seconds (garbage bury).

-	if(compile_inner==NULL)

+	relation=(struct Maat_compile_group_relation *)HASH_fetch_by_id(feather->scanner->compile_hash, config_id);

+	//Operation on relation is thread safe, no immediate memory free when delete a compile rule or a scanner.

+	//In another words, if the relation is accessable from compile means, its was valid in at least 10 seconds (garbage bury).

+	if(relation==NULL)

 	{

-		MESA_handle_runtime_log(logger,RLOG_LV_INFO,maat_command 

+		MESA_handle_runtime_log(logger, RLOG_LV_INFO, maat_command 

 				,"config %d not exist."

 				,config_id);

 		return -1;

 	}

-	pthread_rwlock_rdlock(&(compile_inner->rwlock));

-	cmd->group_num=compile_inner->group_cnt;

+	pthread_rwlock_rdlock(&(relation->rwlock));

+	cmd->group_num=relation->group_cnt;

 	assert(cmd->groups==NULL);

-	cmd->groups=(struct Maat_group_t*)calloc(sizeof(struct Maat_group_t),cmd->group_num);

-	for(i=0;i<compile_inner->group_boundary;i++)

+	cmd->groups=ALLOC(struct Maat_group_t, cmd->group_num);

+	for(i=0;i<relation->group_boundary;i++)

 	{

-		group_inner=(struct Maat_group_inner_t*)dynamic_array_read(compile_inner->groups,i);

+		group_inner=(struct Maat_group_inner*)dynamic_array_read(relation->groups,i);

 		if(group_inner==NULL)

 		{

 			continue;

@@ -872,15 +901,15 @@ int reconstruct_cmd(struct _Maat_feather_t *feather, struct _Maat_cmd_inner_t* _
 		group_cmd=&(cmd->groups[grp_idx]);

 		group_cmd->group_id=group_inner->group_id;

 

-		if(group_inner->ref_cnt>1)

+		if(group_inner->ref_by_parent_cnt>1)

 		{

 			continue;

 		}

 		group_cmd->region_num=group_inner->region_cnt;

-		group_cmd->regions=(struct Maat_region_t*)calloc(sizeof(struct Maat_region_t),group_cmd->region_num);

+		group_cmd->regions=ALLOC(struct Maat_region_t, group_cmd->region_num);

 		for(j=0;j<group_inner->region_boundary;j++)

 		{

-			region_inner=(struct _Maat_region_inner_t*)dynamic_array_read(group_inner->regions,j);

+			region_inner=(struct Maat_region_inner*)dynamic_array_read(group_inner->regions,j);

 			if(region_inner==NULL)

 			{

 				continue;

@@ -893,11 +922,11 @@ int reconstruct_cmd(struct _Maat_feather_t *feather, struct _Maat_cmd_inner_t* _
 		}

 		grp_idx++;

 	}

-	pthread_rwlock_unlock(&(compile_inner->rwlock));		

+	pthread_rwlock_unlock(&(relation->rwlock));		

 	return 0;

 }

 

-int build_serial_rule(_Maat_feather_t *feather,struct _Maat_cmd_inner_t* _cmd,struct serial_rule_t* list, int size)

+int build_serial_rule(_Maat_feather_t *feather,struct _Maat_cmd_inner_t* _cmd, struct serial_rule_t* list, int size)

 {

 	struct Maat_group_t* p_group=NULL;

 	struct Maat_region_t* p_region=NULL;

@@ -915,19 +944,12 @@ int build_serial_rule(_Maat_feather_t *feather,struct _Maat_cmd_inner_t* _cmd,st
 	}

 	if(op==MAAT_OP_ADD)

 	{

-		snprintf(line,sizeof(line),"%d\t%d\t%hhd\t%hhd\t%hhd\t0\t%s\t1\t%d",p_m_rule->config_id

-				,p_m_rule->service_id

-				,p_m_rule->action

-				,p_m_rule->do_blacklist

-				,p_m_rule->do_log

-				,(_cmd->huge_service_defined!=NULL)?(_cmd->huge_service_defined):(p_m_rule->service_defined)

-				,cmd->group_num);

-		set_serial_rule(list+rule_num,MAAT_OP_ADD,cmd->compile.config_id,cmd->label_id,feather->compile_tn,line,timeout);

-

+		serialize_compile(p_m_rule, _cmd->huge_service_defined, cmd->group_num, MAAT_OP_ADD, line, sizeof(line));

+		set_serial_rule(list+rule_num, MAAT_OP_ADD, cmd->compile.config_id, cmd->label_id, feather->compile_tn, line, timeout);

 	}

 	else

 	{

-		set_serial_rule(list+rule_num,op,cmd->compile.config_id,cmd->label_id,feather->compile_tn,NULL,timeout);

+		set_serial_rule(list+rule_num, op, cmd->compile.config_id, cmd->label_id, feather->compile_tn, NULL, timeout);

 	}

 	rule_num++;

 	for(i=0;i<cmd->group_num;i++)

@@ -940,9 +962,10 @@ int build_serial_rule(_Maat_feather_t *feather,struct _Maat_cmd_inner_t* _cmd,st
 				p_group->group_id=feather->base_grp_seq;

 				feather->base_grp_seq++;

 			}

-			snprintf(line,sizeof(line),"%d\t%d\t1",p_group->group_id

-					,p_m_rule->config_id);

-			set_serial_rule(list+rule_num,MAAT_OP_ADD,p_group->group_id,0,feather->group_tn,line,timeout);

+			p_group->parent_id=p_m_rule->config_id;

+			p_group->parent_type=PARENT_TYPE_COMPILE;

+			serialize_group(p_group, MAAT_OP_ADD, line, sizeof(line));

+			set_serial_rule(list+rule_num, MAAT_OP_ADD, p_group->group_id, 0, feather->group_tn, line, timeout);

 		}

 		else

 		{

@@ -1358,10 +1381,10 @@ int fix_table_name(_Maat_feather_t* feather,struct Maat_cmd_t* cmd)
 	struct Maat_region_t* p_region=NULL;

 	enum MAAT_TABLE_TYPE table_type;

 

-	struct Maat_compile_inner_t *compile_rule=NULL;

+	struct Maat_compile_group_relation *compile_rule=NULL;

 	if(feather->scanner!=NULL)

 	{

-		compile_rule=(struct Maat_compile_inner_t*)HASH_fetch_by_id(feather->scanner->compile_hash, cmd->compile.config_id);

+		compile_rule=(struct Maat_compile_group_relation*)HASH_fetch_by_id(feather->scanner->compile_hash, cmd->compile.config_id);

 		if(compile_rule!=NULL)

 		{

 			MESA_handle_runtime_log(feather->logger,RLOG_LV_FATAL,maat_module 

@@ -2056,8 +2079,8 @@ int Maat_cmd_set_group(Maat_feather_t feather,int group_id, const struct Maat_re
 	{

 		return -1;

 	}

-	//struct Maat_group_inner_t* group_inner=NULL;

-	//group_inner=(struct Maat_group_inner_t*)HASH_fetch_by_id(_feather->scanner->group_hash, group_id);

+	//struct Maat_group_inner* group_inner=NULL;

+	//group_inner=(struct Maat_group_inner*)HASH_fetch_by_id(_feather->scanner->group_hash, group_id);

 	//NOT implemented yet.

 	assert(0);

 	return 0;

@@ -2371,7 +2394,7 @@ int Maat_cmd_commit(Maat_feather_t feather)
 

 	if(_feather->AUTO_NUMBERING_ON==1)

 	{

-		data_reply=_wrap_redisCommand(write_ctx,"INCRBY SEQUENCE_REGION %d",new_region_num); 

+		data_reply=_wrap_redisCommand(write_ctx,"INCRBY %s %d", mr_region_id_var, new_region_num); 

 		if(data_reply->type!=REDIS_REPLY_INTEGER)

 		{

 			freeReplyObject(data_reply);

@@ -2381,7 +2404,7 @@ int Maat_cmd_commit(Maat_feather_t feather)
 		_feather->base_rgn_seq=data_reply->integer-new_region_num;

 		freeReplyObject(data_reply);

 

-		data_reply=_wrap_redisCommand(write_ctx,"INCRBY SEQUENCE_GROUP %d",new_group_num); 

+		data_reply=_wrap_redisCommand(write_ctx,"INCRBY %s %d", mr_group_id_var, new_group_num); 

 		if(data_reply->type!=REDIS_REPLY_INTEGER)

 		{

 			freeReplyObject(data_reply);

@@ -2445,17 +2468,30 @@ long long Maat_cmd_incrby(Maat_feather_t feather,const char* key, int increment)
 	freeReplyObject(data_reply);

 	return result;		

 }

+int Maat_cmd_get_new_group_id(Maat_feather_t feather)

+{

+	int group_id=0;

+	group_id=(int) Maat_cmd_incrby(feather, mr_group_id_var, 1);

+	return group_id;

+}

+int Maat_cmd_get_new_region_id(Maat_feather_t feather)

+{

+	int region_id=0;

+	region_id=(int) Maat_cmd_incrby(feather, mr_region_id_var, 1);

+	return region_id;

+}

+

 void Maat_cmd_key_free(struct Maat_cmd_key**keys, int size)

 {

 	int i=0;

 	struct Maat_cmd_key* p=*keys;

-	for(i=0; i<size; i++)

+	for(i=0; i<size; i++, p++)

 	{

 		free(p->table_name);

 		p->table_name=NULL;

 		p->rule_id=0;

 	}

-	free(p);

+	free(*keys);

 	*keys=NULL;

 	return;

 }

@@ -2547,9 +2583,9 @@ int redis_flush_DB(redisContext* ctx, int db_index, void* logger)
 	append_cmd_cnt++;

 	redisAppendCommand(ctx,"SET MAAT_PRE_VER %lld",maat_redis_version);

 	append_cmd_cnt++;

-	redisAppendCommand(ctx,"SET SEQUENCE_REGION 1",maat_redis_version);

+	redisAppendCommand(ctx,"SET %s 1", mr_region_id_var);

 	append_cmd_cnt++;

-	redisAppendCommand(ctx,"SET SEQUENCE_GROUP 1",maat_redis_version);

+	redisAppendCommand(ctx,"SET %s 1", mr_group_id_var);

 	append_cmd_cnt++;

 	redisAppendCommand(ctx,"EXEC");

 	append_cmd_cnt++;

@@ -2571,6 +2607,41 @@ int redis_flush_DB(redisContext* ctx, int db_index, void* logger)
 	}

 	return redis_transaction_success;

 }

+static int _Maat_command_set_one_line(struct _Maat_feather_t* _feather, enum MAAT_OPERATION op, int id, const char* table_name, const char* line)

+{

+	redisContext* write_ctx=get_redis_ctx_for_write(_feather);

+	_feather->server_time=redis_server_time(write_ctx);

+	struct serial_rule_t s_rule;

+	set_serial_rule(&s_rule, op, id, 0, table_name, line, 0);

+	int transaction_success=0;

+	transaction_success=exec_serial_rule(write_ctx, &s_rule, 1, _feather->server_time, _feather->logger);

+	empty_serial_rules(&s_rule);

+	return transaction_success;

+}

+int Maat_command_raw_set_compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int group_num)

+{

+	struct _Maat_feather_t* _feather=(struct _Maat_feather_t*)feather;

+	char line[MAX_TABLE_LINE_SIZE];

+	serialize_compile(compile, huge_service_defined, group_num, op, line, sizeof(line));

+	int ret=_Maat_command_set_one_line(_feather, op, compile->config_id, table_name, line);

+	return ret;

+}

+int Maat_command_raw_set_region(Maat_feather_t feather,  enum MAAT_OPERATION op, const struct Maat_region_t* region, int group_id)

+{

+	struct _Maat_feather_t* _feather=(struct _Maat_feather_t*)feather;

+	char line[MAX_TABLE_LINE_SIZE];

+	serialize_region(region, group_id, line, sizeof(line));

+	int ret=_Maat_command_set_one_line(_feather, op, region->region_id, region->table_name, line);

+	return ret;

+}

+int Maat_command_raw_set_group(Maat_feather_t feather,  enum MAAT_OPERATION op, const struct Maat_group_t* group)

+{

+	struct _Maat_feather_t* _feather=(struct _Maat_feather_t*)feather;

+	char line[MAX_TABLE_LINE_SIZE];

+	serialize_group(group, op, line, sizeof(line));

+	int ret=_Maat_command_set_one_line(_feather, op, group->group_id*1024*1204+group->parent_id, group->table_name, line);

+	return ret;

+}

 int Maat_cmd_flushDB(Maat_feather_t feather)

 {

 	_Maat_feather_t* _feather=(_Maat_feather_t*)feather;