1 /*-
2  * Copyright (c) 1999-2004 Andrey Simonenko
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  *   @(#)$Id: ipa_rules.h,v 1.2 2011/01/23 18:42:35 simon Exp $
27  */
28 
29 #ifndef IPA_RULES_H
30 #define IPA_RULES_H
31 
32 #include "ipa_limits.h"
33 #include "ipa_thresholds.h"
34 
35 #ifndef RULEPAT_NSIZE
36 # define RULEPAT_NSIZE	10
37 #endif
38 #ifndef RULEPAT_NALLOC
39 # define RULEPAT_NALLOC	10
40 #endif
41 
42 /*
43  * rulepat{} section.
44  */
45 struct rulepat {
46 	STAILQ_ENTRY(rulepat) link;	/* For list building. */
47 
48 	char		*pat;		/* Regular expression string. */
49 	regex_t		re;		/* Compiled regular expression. */
50 	unsigned int	no;		/* Ordinal number of this section. */
51 
52 	const struct tevent *update_tevent; /* { update_time } */
53 	const struct tevent *append_tevent; /* { append_time } */
54 
55 	const struct worktime *worktime;/* { worktime } */
56 
57 	const struct ac_list *ac_list;	/* { ac_list } */
58 	const struct db_list *db_list;	/* { db_list } */
59 
60 	signed char	debug_exec;	/* { debug_exec } */
61 	signed char	check_next;	/* { check_next_rulepat } */
62 
63 #ifdef WITH_LIMITS
64 	signed char	debug_limit;	/* { debug_limit } */
65 	signed char	debug_limit_init; /* { debug_limit_init } */
66 	struct limits_list limits;	/* All { limit {}} */
67 #endif
68 
69 #ifdef WITH_THRESHOLDS
70 	signed char	debug_threshold; /* { debug_threshold } */
71 	signed char	debug_threshold_init; /* { debug_threshold_init } */
72 	struct thresholds_list thresholds; /* All { threshold {}} */
73 #endif
74 
75 #ifdef CTL_CHECK_CREDS
76 	const struct ctl_acl_class *ctl_rule_acl; /* { ctl_rule_acl } */
77 #endif
78 
79 	struct cmds_rule rc[2];		/* { startup } and { shutdown } */
80 };
81 
82 /*
83  * List of all rulepat{} sections.
84  */
85 STAILQ_HEAD(rulepats_list, rulepat);
86 
87 extern struct rulepats_list rulepats_list;
88 
89 extern ipa_mzone *rulepat_mzone;
90 
91 #ifdef WITH_RULES
92 
93 struct rule;
94 
95 /*
96  * Element in reverse list for "ac_gather_*" parameters.
97  */
98 struct acg {
99 	SLIST_ENTRY(acg) link;		/* Link for list of acg for rule. */
100 	struct rule	*rule;		/* Pointer to rule, in which current
101 					   rule matches ac_gather_* value. */
102 	char		addition;	/* If non-zero, then add statistics. */
103 };
104 
105 #define ACG_NSIZE	RULE_NSIZE
106 #define ACG_NALLOC	RULE_NALLOC
107 
108 extern ipa_mzone *acg_mzone;
109 
110 SLIST_HEAD(acg_list, rule);
111 
112 extern signed char has_ac_gather;
113 extern struct acg_list acg_list;
114 
115 extern int	init_acg(struct rule *);
116 
117 #endif /* WITH_RULES */
118 
119 #ifndef RULE_NSIZE
120 # define RULE_NSIZE	30
121 #endif
122 
123 #ifndef RULE_NALLOC
124 # define RULE_NALLOC	20
125 #endif
126 
127 #define RULE_FLAG_ACTIVE	0x01	/* Rule is active. */
128 #define RULE_FLAG_QUEUED	0x02	/* Rule is in [in]active queue. */
129 #ifdef WITH_LIMITS
130 # define RULE_FLAG_FREE_LIMITS	0x04	/* Free memory in limits. */
131 #endif
132 #ifdef WITH_THRESHOLDS
133 # define RULE_FLAG_FREE_THRESHOLDS 0x08	/* Free memory in thresholds. */
134 #endif
135 #define RULE_FLAG_DYNAMIC	0x10	/* Dynamic rule. */
136 #define RULE_FLAG_IPACTL	0x20	/* Dynamic rule created by ipactl. */
137 
138 #define RULE_IS_ACTIVE(x)	((x)->rule_flags & RULE_FLAG_ACTIVE)
139 #define RULE_IS_INACTIVE(x)	(!RULE_IS_ACTIVE(x))
140 #define RULE_IS_QUEUED(x)	((x)->rule_flags & RULE_FLAG_QUEUED)
141 
142 #define RULE_SET_ACTIVE(x)	((x)->rule_flags |= RULE_FLAG_ACTIVE)
143 #define RULE_SET_INACTIVE(x)	((x)->rule_flags &= ~RULE_FLAG_ACTIVE)
144 #define RULE_SET_QUEUED(x)	((x)->rule_flags |= RULE_FLAG_QUEUED)
145 
146 #define RULE_IS_DYNAMIC(x)	((x)->rule_flags & RULE_FLAG_DYNAMIC)
147 #define RULE_SET_DYNAMIC(x)	((x)->rule_flags |= RULE_FLAG_DYNAMIC)
148 
149 /*
150  * rule{} section.
151  */
152 struct rule {
153 	TAILQ_ENTRY(rule) queue;	/* Active/inactive rules queue link. */
154 	LIST_ENTRY(rule) hlink;		/* One hash bucket link. */
155 
156 	unsigned int	no;		/* Rule ordinal number. */
157 	unsigned int	orderno;	/* Ordinal number in queues. */
158 
159 	unsigned int	check_sec;	/* Time when to check rule. */
160 	unsigned int	append_sec;	/* Time when to append new record. */
161 	unsigned int	inactive_sec;	/* Time when to set rule inactive. */
162 
163 	uint64_t	cnt;		/* Counter. */
164 	uint64_t	cnt_neg;	/* Negative counter. */
165 	char		newstat;	/* Newstat flag for rule. */
166 
167 	unsigned int	rule_flags;	/* ORed RULE_FLAG_xxx */
168 
169 	const struct tevent *update_tevent; /* { update_time } */
170 	const struct tevent *append_tevent; /* { append_time } */
171 	const struct worktime *worktime;/* { worktime } */
172 
173 	const struct ac_list *ac_list;	/* { ac_list } */
174 	const struct db_list *db_list;	/* { db_list } */
175 
176 #ifdef WITH_RULES
177 	char		*acg_add_pat;	/* { ac_gather_add } */
178 	char		*acg_sub_pat;	/* { ac_gather_sub } */
179 	regex_t		acg_add_re;	/* Compiled acg_add_pat. */
180 	regex_t		acg_sub_re;	/* Compiled acg_sub_pat. */
181 	SLIST_ENTRY(rule) acg_link;	/* Link rules with "ac_gather_*". */
182 	SLIST_HEAD(EMPTY, acg) acgs;	/* List of reverse "ac_gather_*". */
183 #endif
184 
185 	signed char	debug_exec;	/* { debug_exec } */
186 
187 #ifdef WITH_LIMITS
188 	signed char debug_limit;	/* { debug_limit } */
189 	signed char debug_limit_init;	/* { debug_limit_init } */
190 	struct limits_list limits;	/* All { limit {}} */
191 #endif
192 
193 #ifdef WITH_THRESHOLDS
194 	signed char debug_threshold;	/* { debug_threshold } */
195 	signed char debug_threshold_init; /* { debug_threshold_init } */
196 	struct thresholds_list thresholds; /* All { threshold {}} */
197 #endif
198 
199 #ifdef CTL_CHECK_CREDS
200 	const struct ctl_acl_class *ctl_rule_acl; /* All { ctl_rule_acl } */
201 #endif
202 
203 	TAILQ_ENTRY(rule) list;		/* All rules list. */
204 
205 	char		*name;		/* Name of this rule. */
206 	char		*info;		/* { info } */
207 	unsigned int	name_hash;	/* Hashed value of rule's name. */
208 
209 #ifdef WITH_AUTORULES
210 	unsigned int	autoruleno;	/* Autorule number of this rule. */
211 #endif
212 
213 	struct cmds_rule rc[2];		/* { startup } and { shutdown } */
214 };
215 
216 /*
217  * List of all rules.
218  */
219 TAILQ_HEAD(rules_list, rule);
220 
221 /*
222  * Active/inactive rules queue.
223  */
224 TAILQ_HEAD(rules_queue, rule);
225 
226 extern unsigned int nstatrules;
227 
228 extern signed char keep_rules_order;
229 
230 extern struct rules_list rules_list;
231 extern ipa_mzone *rule_mzone;
232 
233 extern unsigned int rules_inactive_check_sec;
234 
235 extern struct rules_queue rules_active;
236 extern struct rules_queue rules_inactive;
237 
238 extern int	set_rule_active(struct rule *);
239 extern int	set_rule_inactive(struct rule *);
240 extern void	queue_active_rule(struct rule *);
241 extern void	sort_inactive_rules(void);
242 extern int	check_inactive_rules(void);
243 
244 extern int	init_rules(int);
245 extern int	deinit_rules(void);
246 extern int	deinit_rule(struct rule *);
247 extern void	free_rule(struct rule *);
248 extern void	free_rules(void);
249 extern void	rule_init_cmds(struct rule *);
250 extern int	rule_inherit(struct rule *);
251 
252 extern int	rule_add_chunk(struct rule *, const uint64_t *);
253 extern int	rule_sub_chunk(struct rule *, const uint64_t *);
254 
255 extern struct rule *rule_by_name(const char *);
256 extern void	rules_hash_init(void);
257 extern void	rules_hash_add(struct rule *);
258 extern void	rules_hash_rem(struct rule *);
259 extern int	rules_hash_is_empty(void);
260 
261 extern void	set_rules_for_check(void);
262 
263 extern int	mod_set_rule_active(struct rule *, int);
264 
265 extern void	rulepats_inherit(void);
266 extern void	free_rulepats(void);
267 
268 extern int	mod_rule_inherit(const struct rulepat *, const struct rule *);
269 
270 #ifdef WITH_RULES
271 extern void	init_active_rules(void);
272 extern int	rules_inherit(void);
273 #endif
274 
275 #endif /* !IPA_RULES_H */
276