1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
#ifndef H_MAAT_COMMAND_H_INCLUDE
#define H_MAAT_COMMAND_H_INCLUDE
#ifdef __cplusplus
extern "C"{
#endif
#include "Maat_rule.h"
enum MAAT_OPERATION
{
MAAT_OP_DEL=0,
MAAT_OP_ADD,
MAAT_OP_RENEW_TIMEOUT //Rule expire time is changed to now+cmd->expire_after
};
enum MAAT_GROUP_RELATION
{
PARENT_TYPE_COMPILE=0,
PARENT_TYPE_GROUP
};
enum MAAT_REGION_TYPE
{
REGION_FLAG,
REGION_EXPR,
REGION_IP,
REGION_IP_PLUS,
REGION_INTERVAL,
REGION_DIGEST,
REGION_SIMILARITY
};
enum MAAT_EXPR_TYPE
{
EXPR_TYPE_STRING=0,
EXPR_TYPE_AND,
EXPR_TYPE_REGEX,
EXPR_TYPE_OFFSET
};
enum MAAT_MATCH_METHOD
{
MATCH_METHOD_SUB=0,
MATCH_METHOD_RIGHT,
MATCH_METHOD_LEFT,
MATCH_METHOD_COMPLETE
};
enum MAAT_CASE_TYPE
{
UNCASE_PLAIN=0,
CASE_HEXBIN,
CASE_PLAIN
};
enum MAAT_ADDR_TYPE
{
ADDR_TYPE_IPv4=4,
ADDR_TYPE_IPv6=6
};
enum MAAT_ADDR_DIRECTION
{
ADDR_DIR_DOUBLE=0,
ADDR_DIR_SINGLE=1
};
struct Maat_rgn_flag_t
{
uint64_t flag;
uint64_t flag_mask;
};
struct Maat_rgn_str_t
{
const char *keywords;
const char *district;// optional for expr_plus, otherwise set to NULL.
enum MAAT_EXPR_TYPE expr_type;
enum MAAT_MATCH_METHOD match_method;
enum MAAT_CASE_TYPE hex_bin;
};
struct Maat_rgn_ip_t
{
enum MAAT_ADDR_TYPE addr_type;
const char* src_ip;
const char* mask_src_ip;
const char* dst_ip;
const char* mask_dst_ip;
unsigned short src_port;
unsigned short mask_src_port;
unsigned short dst_port;
unsigned short mask_dst_port;
unsigned short protocol;
enum MAAT_ADDR_DIRECTION direction;
};
struct Maat_rgn_ip_plus_t
{
enum MAAT_ADDR_TYPE addr_type;
const char* saddr_format;//mask, range or CIDR
const char* src_ip1;
const char* src_ip2;
const char* sport_format;//mask or range
unsigned short src_port1;
unsigned short src_port2;
const char* daddr_format;//mask, range or CIDR
const char* dst_ip1;
const char* dst_ip2;
const char* dport_format;//mask or range
unsigned short dst_port1;
unsigned short dst_port2;
unsigned short protocol;
enum MAAT_ADDR_DIRECTION direction;
};
struct Maat_rgn_intv_t
{
const char *district;// optional for expr_plus, otherwise set to NULL.
unsigned int low_boundary;
unsigned int up_boundary;
};
struct Maat_rgn_digest_t
{
unsigned long long orgin_len;
const char* digest_string;
short confidence_degree;
};
struct Maat_rgn_sim_t
{
char* target;
short threshold;// 1~100
};
struct Maat_region_t
{
const char* table_name;
int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number.
enum MAAT_REGION_TYPE region_type;
union
{
struct Maat_rgn_flag_t flag_rule;
struct Maat_rgn_str_t expr_rule;
struct Maat_rgn_ip_t ip_rule;
struct Maat_rgn_intv_t interval_rule;
struct Maat_rgn_digest_t digest_rule;
struct Maat_rgn_sim_t similarity_rule;
};
};
struct Maat_cmd_region
{
const char* table_name;
int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number.
enum MAAT_REGION_TYPE region_type;
union
{
struct Maat_rgn_flag_t flag_rule;
struct Maat_rgn_str_t expr_rule;
struct Maat_rgn_ip_t ip_rule;
struct Maat_rgn_ip_plus_t ip_plus_rule;
struct Maat_rgn_intv_t interval_rule;
struct Maat_rgn_digest_t digest_rule;
struct Maat_rgn_sim_t similarity_rule;
};
};
struct Maat_cmd_line
{
const char* table_name;
const char* table_line;
int rule_id; // for MAAT_OP_DEL, only rule_id and table_name are necessary.
int label_id;
int expire_after; //expired after $timeout$ seconds, set to 0 for never timeout.
};
//Input string of REGION_EXPR and REGION_SIMILARITY need to be escapeed.
char* Maat_str_escape(char* dst,int size,const char*src);
//Returns number of successfully updated rule.
//Return -1 for failed.
int Maat_cmd_set_line(Maat_feather_t feather,const struct Maat_cmd_line* line_rule, enum MAAT_OPERATION op);
int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_cmd_line** line_rule, int line_num ,enum MAAT_OPERATION op);
int Maat_cmd_set_file(Maat_feather_t feather,const char* key, const char* value, size_t size, enum MAAT_OPERATION op);
//Return the value of key after the increment.
//If the key does not exist, it is set to 0 before performing the operation.
long long Maat_cmd_incrby(Maat_feather_t feather,const char* key, int increment);
struct Maat_cmd_key
{
char* table_name;
int rule_id;
};
void Maat_cmd_key_free(struct Maat_cmd_key**keys, int number);
int Maat_cmd_key_select(Maat_feather_t feather, int label_id, struct Maat_cmd_key** keys);
int Maat_cmd_select(Maat_feather_t feather, int label_id, int * output_ids, unsigned int size);
int Maat_cmd_flushDB(Maat_feather_t feather);
struct Maat_cmd_group2group
{
const char* table_name;
int group_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must assign a unique number.
int superior_group_id;
};
struct Maat_cmd_group2compile
{
const char* table_name;
const char* virtual_table_name;
int group_id;
int compile_id;
int clause_index;
int not_flag;
};
int Maat_command_raw_set_region(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_region* region, int group_id);
int Maat_command_raw_set_group2group(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_group2group* g2g);
int Maat_command_raw_set_group2compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_cmd_group2compile* g2c);
//@param expire_after: expired after $expire_after$ seconds, set to 0 for never timeout.
//@param label_id: bigger than 0 means this compile rule is to be indexed and quried by Maat_cmd_select; =0 not index
int Maat_command_raw_set_compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int clause_num, int label_id, int expire_after);
struct Maat_command_batch;
struct Maat_command_batch* Maat_command_batch_new(Maat_feather_t feather);
int Maat_command_batch_set_region(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_region* region, int group_id);
int Maat_command_batch_set_group2group(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_group2group* g2g);
int Maat_command_batch_set_group2compile(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_cmd_group2compile* g2c);
int Maat_command_batch_set_compile(struct Maat_command_batch* batch, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int clause_num, int label_id, int expire_after);
int Maat_command_batch_commit(struct Maat_command_batch* batch);
int Maat_command_get_new_group_id(Maat_feather_t feather);
int Maat_command_get_new_region_id(Maat_feather_t feather);
#ifdef __cplusplus
} //end extern"C"
#endif
#endif
|
