/*- * Copyright (c) 1999-2004 Andrey Simonenko * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)$Id: ipa_rules.h,v 1.1.4.3 2007/02/17 09:21:54 simon Exp $ */ #ifndef IPA_RULES_H #define IPA_RULES_H #include "ipa_limits.h" #include "ipa_thresholds.h" #ifndef RULEPAT_NSIZE # define RULEPAT_NSIZE 10 #endif #ifndef RULEPAT_NALLOC # define RULEPAT_NALLOC 10 #endif #define RULE_IS_DYNAMIC(r) ((r)->ruleno >= nstatrules) /* * rulepat{} section. */ struct rulepat { STAILQ_ENTRY(rulepat) link; /* For list building. */ char *pat; /* Regular expression string. */ regex_t reg; /* Compiled regular expression. */ u_int rulepatno; /* Order number of this section. */ int check_next_rulepat; /* rulepat { check_next_rulepat } */ const struct tevent *update_tevent; /* rulepat { update_time } */ const struct tevent *append_tevent; /* rulepat { append_time } */ const struct worktime *worktime;/* rulepat { worktime } */ const struct ac_list *ac_list; /* rulepat { ac_list } */ const struct db_list *db_list; /* rulepat { db_list } */ int debug_exec; /* rulepat { debug_exec } */ struct cmds_rule rc[2]; /* rulepat { startup|shutdown {}} */ #ifdef WITH_LIMITS int debug_limit; /* rulepat { debug_limit } */ int debug_limit_init; /* rulepat { debug_limit_init } */ struct limits_list limits; /* rulepat { limit {}} */ #endif #ifdef WITH_THRESHOLDS int debug_threshold;/* rulepat { debug_threshold } */ int debug_threshold_init; /* rulepat { debug_threshold_init } */ struct thresholds_list thresholds; /* rulepat { threshold {}} */ #endif #ifdef CTL_CHECK_CREDS const struct ctl_acl_class *ctl_rule_acl; /* rulepat { ctl_rule_acl } */ #endif }; /* * List of all rulepat{} sections. */ STAILQ_HEAD(rulepats_list, rulepat); extern struct rulepats_list rulepats_list; extern ipa_mzone *rulepat_mzone; #ifdef WITH_RULES struct rule; /* * Element in reverse list for "ac_gather_*" parameters. */ struct ac_gather_rev { SLIST_ENTRY(ac_gather_rev) link;/* All ac_gather_rev for one rule. */ u_int addition; /* If non-zero, then add statistics. */ struct rule *rule; /* Pointer to rule, in which current rule is listed in ac_gather_*. */ }; #define AC_GATHER_REV_NSIZE RULE_NSIZE #define AC_GATHER_REV_NALLOC RULE_NALLOC extern ipa_mzone *ac_gather_rev_mzone; SLIST_HEAD(ac_gather_list, rule); extern int has_ac_gather; extern struct ac_gather_list ac_gather_list; extern int init_ac_gather_rev(struct rule *); #endif /* WITH_RULES */ #ifndef RULE_NSIZE # define RULE_NSIZE 30 #endif #ifndef RULE_NALLOC # define RULE_NALLOC 20 #endif #define RULE_FREE_LIMITS 0x01 /* Free some memory in limits. */ #define RULE_FREE_THRESHOLDS 0x02 /* Free some memory in thresholds. */ /* * rule{} section. */ struct rule { TAILQ_ENTRY(rule) queue; /* Active/inactive rules queue. */ TAILQ_ENTRY(rule) list; /* All rules list. */ LIST_ENTRY(rule) hlink; /* All rules list in one hash bucket. */ char *rule_name; /* Name of this rule. */ char *rule_info; /* rule { info } */ u_int ruleno; /* Number of rule. */ u_int orderno; /* Order number in queues. */ uint64_t cnt; /* Counter. */ uint64_t cnt_neg; /* Negative counter. */ int newstat; /* Newstat flag for rule. */ const struct tevent *update_tevent; /* rule { update_time } */ const struct tevent *append_tevent; /* rule { append_time } */ const struct worktime *worktime;/* rule { worktime } */ int is_active; /* *ACTIVE_FLAG */ const struct ac_list *ac_list; /* rule { ac_list } */ const struct db_list *db_list; /* rule { db_list } */ #ifdef WITH_RULES char *ac_gather_add_pat; /* rule { ac_gather_add } */ char *ac_gather_sub_pat; /* rule { ac_gather_sub } */ regex_t ac_gather_add_reg; /* Compiled "ac_gather_add" parameter's value. */ regex_t ac_gather_sub_reg; /* Compiled "ac_gather_sub" parameter's value. */ SLIST_ENTRY(rule) ac_gather_link; /* List of all rules with "ac_gather_*" parameters. */ SLIST_HEAD(, ac_gather_rev) ac_gather_rev; /* List of reverse "ac_gather_*" parameters. */ #endif int debug_exec; /* rule { debug_exec } */ struct cmds_rule rc[2]; /* rule { startup|shutdown {}} */ #ifdef WITH_LIMITS int debug_limit; /* rule { debug_limit} */ int debug_limit_init; /* rule { debug_limit_init } */ struct limits_list limits; /* rule { limit {}} */ #endif #ifdef WITH_THRESHOLDS int debug_threshold;/* rule { debug_threshold } */ int debug_threshold_init; /* rule { debug_threshold_init } */ struct thresholds_list thresholds; /* rule { threshold {}} */ #endif u_int check_sec; /* Time when to check rule. */ u_int append_sec; /* Time when to append new record. */ u_int inactive_sec; /* Time when to set rule inactive. */ #ifdef CTL_CHECK_CREDS const struct ctl_acl_class *ctl_rule_acl; /* rule { ctl_rule_acl } */ #endif u_int free_mask; /* RULE_FREE_xxx bits. */ u_int hash_value; /* Hashed value of rule_name. */ }; /* * List of all rules. */ TAILQ_HEAD(rules_list, rule); /* * Active/inactive rules queue. */ TAILQ_HEAD(rules_queue, rule); extern u_int nstatrules; extern int keep_rules_order; extern struct rules_list rules_list; extern ipa_mzone *rule_mzone; extern u_int rules_inactive_check_sec; extern struct rules_queue rules_active; extern struct rules_queue rules_inactive; extern int set_rule_active(struct rule *); extern int set_rule_inactive(struct rule *); extern void queue_active_rule(struct rule *); extern void sort_inactive_rules(void); extern int check_inactive_rules(void); extern int init_rules(int); extern int deinit_rules(void); extern int deinit_rule(struct rule *); extern void free_rule(struct rule *); extern void free_rules(void); extern int add_chunk_to_rule(struct rule *, const uint64_t *); extern int sub_chunk_from_rule(struct rule *, const uint64_t *); extern struct rule *rule_by_name(const char *); extern void init_rules_hash(void); extern void add_rule_to_hash(struct rule *); extern void rem_rule_from_hash(struct rule *); extern int rules_hash_is_empty(void); extern void set_rules_for_check(void); extern void free_rulepats(void); extern int mod_set_rule_active(struct rule *, int); extern int run_rules_cmds(int); extern int run_rule_cmds(struct rule *, int); extern void init_cmds_in_rule(struct rule *); extern void set_sync_exec_in_rule(struct rule *); extern void init_cmds_in_rulepat(struct rulepat *); extern void set_sync_exec_in_rulepat(struct rulepat *); #ifdef WITH_RULES extern void init_rules_active(void); #endif #endif /* !IPA_RULES_H */