snfCFGmgr.hpp 26KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554
  1. // snfCFGmgr.hpp
  2. // Copyright (C) 2006 - 2009 Arm Research Labs, LLC
  3. // See www.armresearch.com for the copyright terms.
  4. //
  5. // SNF Configuration manager.
  6. //// Begin include only once
  7. #ifndef included_snfCFGmgr_hpp
  8. #define included_snfCFGmgr_hpp
  9. #include "GBUdb.hpp"
  10. #include "snf_HeaderFinder.hpp"
  11. #include "configuration.hpp"
  12. #include "threading.hpp"
  13. #include <string>
  14. #include <set>
  15. using namespace std;
  16. const unsigned long int HeaderDirectiveBypass = 0x00000001; // Bypass hd rule flag.
  17. const unsigned long int HeaderDirectiveWhite = 0x00000002; // White hd rule flag.
  18. const unsigned long int HeaderDirectiveDrillDown = 0x00000004; // DrillDown rule flag.
  19. const unsigned long int HeaderDirectiveSource = 0x00000008; // Source rule flag.
  20. const unsigned long int HeaderDirectiveContext = 0x80000000; // Context activation flag.
  21. class HeaderDirectiveHandler : public Configurator { // Handle inputs to header directives.
  22. public:
  23. HeaderDirectiveSet HeaderDirectives; // Managed set of Header Directives.
  24. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator call adds the Input.
  25. if(HeaderDirectiveContext == ContextInput.Directive) { // If a context has been established
  26. ContextInput.Context = HeaderDirectives.size() + 1; // then setup the context ID and
  27. DirectiveInput.Context = ContextInput.Context; // share it with the input.
  28. HeaderDirectives.insert(ContextInput); // Insert the context tester and
  29. ContextInput.clear(); // then clear it for future use.
  30. }
  31. HeaderDirectives.insert(DirectiveInput); // Insert the directive and then
  32. DirectiveInput.clear(); // clear the input for future use.
  33. }
  34. HeaderFinderPattern ContextInput; // The context can be set externally.
  35. HeaderFinderPattern DirectiveInput; // The Input can be set externally.
  36. void reset() { // Reset the handler like this:
  37. HeaderDirectives.clear(); // Clear the header directives.
  38. ContextInput.clear(); // Clear the Context Input.
  39. DirectiveInput.clear(); // Clear the Directive Input.
  40. }
  41. };
  42. class HeaderDirectiveInitializer : public Configurator { // Initializes Header Directives.
  43. private:
  44. HeaderDirectiveHandler* MyTarget; // Needs to know it's target.
  45. public:
  46. HeaderDirectiveInitializer() : MyTarget(NULL) {} // Constructor doesn't know it's target yet.
  47. void setTarget(HeaderDirectiveHandler& H) { MyTarget = &H; } // We have a way to set the target though ;-)
  48. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator() function goes to the
  49. if(NULL!=MyTarget) { // target (if it's set) and pushes the
  50. MyTarget->reset(); // reset button (empties the set).
  51. }
  52. }
  53. };
  54. class HeaderDirectiveWhiteHeaderInitializer : public Configurator { // Initializes White Header Directives.
  55. private:
  56. HeaderDirectiveHandler* MyTarget; // Needs to know it's target.
  57. public:
  58. HeaderDirectiveWhiteHeaderInitializer() : MyTarget(NULL) {} // Constructor doesn't know it's target yet.
  59. void setTarget(HeaderDirectiveHandler& H) { MyTarget = &H; } // We have a way to set the target though ;-)
  60. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator() function goes to the
  61. if(NULL!=MyTarget) { // target (if it's set) and sets it up
  62. MyTarget->ContextInput.clear(); // for a white header directive.
  63. MyTarget->DirectiveInput.clear();
  64. MyTarget->DirectiveInput.Directive = HeaderDirectiveWhite;
  65. }
  66. }
  67. };
  68. class HeaderDirectiveBypassHeaderInitializer : public Configurator { // Initializes Bypass Header Directives.
  69. private:
  70. HeaderDirectiveHandler* MyTarget; // Needs to know it's target.
  71. public:
  72. HeaderDirectiveBypassHeaderInitializer() : MyTarget(NULL) {} // Constructor doesn't know it's target yet.
  73. void setTarget(HeaderDirectiveHandler& H) { MyTarget = &H; } // We have a way to set the target though ;-)
  74. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator() function goes to the
  75. if(NULL!=MyTarget) { // target (if it's set) and sets it up
  76. MyTarget->ContextInput.clear(); // for a bypass header directive.
  77. MyTarget->DirectiveInput.clear();
  78. MyTarget->DirectiveInput.Directive = HeaderDirectiveBypass;
  79. }
  80. }
  81. };
  82. class HeaderDirectiveDrilldownInitializer : public Configurator { // Initializes Drilldown Header Directives.
  83. private:
  84. HeaderDirectiveHandler* MyTarget; // Needs to know it's target.
  85. public:
  86. HeaderDirectiveDrilldownInitializer() : MyTarget(NULL) {} // Constructor doesn't know it's target yet.
  87. void setTarget(HeaderDirectiveHandler& H) { MyTarget = &H; } // We have a way to set the target though ;-)
  88. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator() function goes to the
  89. if(NULL!=MyTarget) { // target (if it's set) and sets it up for
  90. MyTarget->ContextInput.clear(); // a drilldown header directive.
  91. MyTarget->DirectiveInput.clear();
  92. MyTarget->DirectiveInput.Directive = HeaderDirectiveDrillDown;
  93. MyTarget->DirectiveInput.Header = "Received:";
  94. }
  95. }
  96. };
  97. class HeaderDirectiveSourceHeaderInitializer : public Configurator { // Initializes Source Header Directives.
  98. private:
  99. HeaderDirectiveHandler* MyTarget; // Needs to know it's target.
  100. public:
  101. HeaderDirectiveSourceHeaderInitializer() : MyTarget(NULL) {} // Constructor doesn't know it's target yet.
  102. void setTarget(HeaderDirectiveHandler& H) { MyTarget = &H; } // We have a way to set the target though ;-)
  103. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator() function goes to the
  104. if(NULL!=MyTarget) { // target (if it's set) and sets it up
  105. MyTarget->ContextInput.clear(); // for a context sensitive source header
  106. MyTarget->DirectiveInput.clear(); // directive. Activation context as well
  107. MyTarget->ContextInput.Directive = HeaderDirectiveContext; // as source header data.
  108. MyTarget->ContextInput.Header = "Received:";
  109. MyTarget->DirectiveInput.Directive = HeaderDirectiveSource;
  110. }
  111. }
  112. };
  113. class RangePoint { // Range point x:Probability, y:Confidence
  114. public:
  115. RangePoint() : // The simple constructor sets all to zero.
  116. Confidence(0.0),
  117. Probability(0.0) {}
  118. RangePoint(double C, double P) : // This constructor sets the values.
  119. Confidence(C),
  120. Probability(P) {}
  121. double Probability; // Probability and Confidence are
  122. double Confidence; // freely accessible.
  123. bool operator<(const RangePoint& right) const { // Comparison of RangePoint objects depends
  124. return (Confidence < right.Confidence); // on the Confidence value. This is because
  125. } // Confidence is used as a "key" in the set.
  126. bool operator>(const RangePoint& right) const {
  127. return (Confidence > right.Confidence);
  128. }
  129. bool operator==(const RangePoint& right) const {
  130. return (Confidence == right.Confidence);
  131. }
  132. bool operator<=(const RangePoint& right) const {
  133. return (Confidence <= right.Confidence);
  134. }
  135. bool operator>=(const RangePoint& right) const {
  136. return (Confidence >= right.Confidence);
  137. }
  138. };
  139. class RangeHandler : public Configurator { // The handler adds edgepoints and holds and
  140. public: // tests the set that defines the region.
  141. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The () operator adds EdgeInput to the list.
  142. EdgeMap.insert(EdgeInput);
  143. }
  144. bool On_Off; // Ranges can be turned on and off.
  145. int Symbol; // They have a symbol assigned to them.
  146. int Priority; // They have an evaluation priority.
  147. RangePoint EdgeInput; // This EdgePoint is set, and added using ().
  148. set<RangePoint> EdgeMap; // This contains the set of EdgePoints.
  149. bool isInWhite(RangePoint& x); // True if x is inside the -P of the EdgeMap.
  150. bool isInBlack(RangePoint& x); // True if x is inside the +P of the EdgeMap.
  151. void reset() { EdgeMap.clear(); } // When we reset - we empty the EdgeMap.
  152. };
  153. class RangeInitializer : public Configurator { // The RangeInitializer Configurator.
  154. private:
  155. RangeHandler* MyTarget; // Needs to know it's target.
  156. public:
  157. RangeInitializer() : MyTarget(NULL) {} // Constructor doesn't know it's target yet.
  158. void setTarget(RangeHandler& H) { MyTarget = &H; } // We have a way to set the target though ;-)
  159. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The configurator() function goes to the
  160. if(NULL!=MyTarget) { // target (if it's set) and pushes the
  161. MyTarget->reset(); // reset button.
  162. }
  163. }
  164. };
  165. class IntegerSetHandler : public Configurator { // Integer set handler for rule panics.
  166. public:
  167. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The operator() inserts IntegerInput
  168. IntegerSet.insert(IntegerInput); // if it's not already a member.
  169. }
  170. int IntegerInput; // The input port.
  171. set<int> IntegerSet; // The set itself.
  172. bool isListed(int x); // How to check if an int is listed.
  173. void reset() { IntegerSet.clear(); } // How to reset (clear) the list.
  174. };
  175. class IntegerSetInitializer : public Configurator { // The initializer resets the set.
  176. private:
  177. IntegerSetHandler* MyTarget; // It needs to know which set to init.
  178. public:
  179. IntegerSetInitializer() : MyTarget(NULL) {} // Start off not knowing where to go.
  180. void setTarget(IntegerSetHandler& H) { MyTarget = &H; } // Set a pointer to the handler.
  181. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The operator() does the trick.
  182. if(NULL!=MyTarget) {
  183. MyTarget->reset();
  184. }
  185. }
  186. };
  187. class XHDRSymbol { // XHeader associated with a Symbol
  188. public:
  189. int Symbol; // The integer symbol.
  190. string Header; // The header to associate.
  191. XHDRSymbol(int FreshSymbol, string FreshHeader) : // Creating the object requires both.
  192. Symbol(FreshSymbol),
  193. Header(FreshHeader) {}
  194. bool operator<(const XHDRSymbol& right) const { // To live in a set we must have a <
  195. return (Symbol < right.Symbol); // operator. Only the symbol matters
  196. } // in this case.
  197. };
  198. class XHDRSymbolsHandler : public Configurator { // XHDRSymbol hander.
  199. public:
  200. set<XHDRSymbol> SymbolHeaders; // Carries a set of Symbol Headers.
  201. void reset() { SymbolHeaders.clear(); } // Is reset by clearing the set.
  202. string HeaderForSymbol(int S) { // Can return a Header for symbol.
  203. string MatchingHeader = ""; // Starting with an empty string,
  204. set<XHDRSymbol>::iterator iS = SymbolHeaders.find(XHDRSymbol(S,"")); // we look up the symbol and
  205. if(SymbolHeaders.end() != iS) { // if we find it then we will
  206. MatchingHeader = (*iS).Header; // return the matching header
  207. } // string. If not then we return
  208. return MatchingHeader; // the empty string.
  209. } // Coded in-line on purpose.
  210. bool OnOff; // Input OnOff value.
  211. int Symbol; // Input Symbol value.
  212. string Header; // Input Header value.
  213. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The operator() inserts an XHDRSymbol
  214. if(OnOff) { // if the header entry is turned on and
  215. SymbolHeaders.insert(XHDRSymbol(Symbol, Header)); // if it's not already a member.
  216. }
  217. }
  218. };
  219. class XHDRSymbolsInitializer : public Configurator { // The XHDRSymbols initializer.
  220. private:
  221. XHDRSymbolsHandler* MyTarget; // It needs to know which set to init.
  222. public:
  223. XHDRSymbolsInitializer() : MyTarget(NULL) {} // Start off not knowing where to go.
  224. void setTarget(XHDRSymbolsHandler& H) { MyTarget = &H; } // Set a pointer to the handler.
  225. void operator()(ConfigurationElement& E, ConfigurationData& D) { // The operator() does the trick.
  226. if(NULL!=MyTarget) {
  227. MyTarget->reset();
  228. }
  229. }
  230. };
  231. enum snfIPRange { // IP action ranges
  232. Unknown, // Unknown - not defined.
  233. White, // This is a good guy.
  234. Normal, // Benefit of the doubt.
  235. New, // It is new to us.
  236. Caution, // This is suspicious.
  237. Black, // This is bad.
  238. Truncate // Don't even bother looking.
  239. };
  240. const int ScanLogMatches_All = 2; // Include all matches.
  241. const int ScanLogMatches_Unique = 1; // Include 1 match of each rule.
  242. const int ScanLogMatches_None = 0; // Include only the final result.
  243. const int LogOutputMode_None = 0; // No output (don't process).
  244. const int LogOutputMode_API = 1; // Make available to API.
  245. const int LogOutputMode_File = 2; // Output to msgfile.xhdr.
  246. const int LogOutputMode_Inject = 3; // Inject into msgfile.
  247. class snfCFGData { // Object that stores our config data.
  248. private:
  249. ConfigurationElement MyCFGReader; // This is how we read our cfg data.
  250. public:
  251. snfCFGData(); // Constructor handled in .cpp
  252. void initializeFromFile(const char* FileName); // Initialize from the provided file.
  253. int Generation; // Generation tag.
  254. // Here are the derived data elements...
  255. string ConfigFilePath; // Configuration file path
  256. string RuleFilePath; // Rulebase file path
  257. string SecurityKey; // Security key for rulebase
  258. // Here are the basic data elements...
  259. string node_identity;
  260. string node_licenseid;
  261. string node_authentication;
  262. //// paths
  263. string paths_workspace_path;
  264. string paths_rulebase_path;
  265. string paths_log_path;
  266. //// logging
  267. bool Logs_Rotation_LocalTime_OnOff;
  268. bool Status_SecondReport_Log_OnOff;
  269. bool Status_SecondReport_Append_OnOff;
  270. bool Status_MinuteReport_Log_OnOff;
  271. bool Status_MinuteReport_Append_OnOff;
  272. bool Status_HourReport_Log_OnOff;
  273. bool Status_HourReport_Append_OnOff;
  274. bool Scan_Identifier_Force_Message_Id;
  275. int Scan_Classic_Mode;
  276. bool Scan_Classic_Rotate;
  277. int Scan_Classic_Matches;
  278. int Scan_XML_Mode;
  279. bool Scan_XML_Rotate;
  280. int Scan_XML_Matches;
  281. bool Scan_XML_Performance;
  282. bool Scan_XML_GBUdb;
  283. //// xheaders
  284. int XHDROutput_Mode;
  285. bool XHDRVersion_OnOff;
  286. string XHDRVersion_Header;
  287. bool XHDRLicense_OnOff;
  288. string XHDRLicense_Header;
  289. bool XHDRRulebase_OnOff;
  290. string XHDRRulebase_Header;
  291. bool XHDRIdentifier_OnOff;
  292. string XHDRIdentifier_Header;
  293. bool XHDRGBUdb_OnOff;
  294. string XHDRGBUdb_Header;
  295. bool XHDRResult_OnOff;
  296. string XHDRResult_Header;
  297. bool XHDRMatches_OnOff;
  298. string XHDRMatches_Header;
  299. bool XHDRBlack_OnOff;
  300. string XHDRBlack_Header;
  301. bool XHDRWhite_OnOff;
  302. string XHDRWhite_Header;
  303. bool XHDRClean_OnOff;
  304. string XHDRClean_Header;
  305. XHDRSymbolsHandler XHDRSymbolHeaders;
  306. XHDRSymbolsInitializer XHDRSymbolHeadersInitializer;
  307. //// platform
  308. string PlatformElementContents;
  309. //// network
  310. int network_sync_secs;
  311. string network_sync_host;
  312. int network_sync_port;
  313. bool update_script_on_off;
  314. string update_script_call;
  315. int update_script_guard_time;
  316. //// gbudb
  317. int gbudb_database_condense_minimum_seconds_between;
  318. bool gbudb_database_condense_time_trigger_on_off;
  319. int gbudb_database_condense_time_trigger_seconds;
  320. bool gbudb_database_condense_posts_trigger_on_off;
  321. int gbudb_database_condense_posts_trigger_posts;
  322. bool gbudb_database_condense_records_trigger_on_off;
  323. int gbudb_database_condense_records_trigger_records;
  324. bool gbudb_database_condense_size_trigger_on_off;
  325. int gbudb_database_condense_size_trigger_megabytes;
  326. bool gbudb_database_checkpoint_on_off;
  327. int gbudb_database_checkpoint_secs;
  328. RangeHandler WhiteRangeHandler;
  329. RangeInitializer WhiteRangeInitializer;
  330. bool gbudb_regions_white_panic_on_off;
  331. int gbudb_regions_white_panic_rule_range;
  332. RangeHandler BlackRangeHandler;
  333. RangeInitializer BlackRangeInitializer;
  334. bool gbudb_regions_black_sample_on_off;
  335. double gbudb_regions_black_sample_probability;
  336. int gbudb_regions_black_sample_grab_one_in;
  337. bool gbudb_regions_black_sample_passthrough;
  338. int gbudb_regions_black_sample_passthrough_symbol;
  339. int gbudb_regions_black_truncate_symbol;
  340. bool gbudb_regions_black_truncate_on_off;
  341. double gbudb_regions_black_truncate_probability;
  342. int gbudb_regions_black_truncate_peek_one_in;
  343. RangeHandler CautionRangeHandler;
  344. RangeInitializer CautionRangeInitializer;
  345. snfIPRange RangeEvaluation(GBUdbRecord& R); // Returns the range for a GBUdbRecord.
  346. snfIPRange RangeEvaluation(RangePoint& p); // Returns the range for a RangePoint.
  347. HeaderDirectiveHandler HeaderDirectivesHandler; //** Handles header directives.
  348. HeaderDirectiveInitializer HeaderDirectivesInitializer; //** Initializes header directives set.
  349. HeaderDirectiveSourceHeaderInitializer HDSourceHeaderInitializer; //**** For source header directives.
  350. HeaderDirectiveDrilldownInitializer HDDrilldownInitializer; //**** For drilldown header directives.
  351. HeaderDirectiveBypassHeaderInitializer HDBypassHeaderInitializer; //**** For bypass header directives.
  352. HeaderDirectiveWhiteHeaderInitializer HDWhiteHeaderInitializer; //**** For white header directives.
  353. IntegerSetHandler TrainingBypassRuleHandler; // Rules to NOT train GBUdb with source.
  354. IntegerSetInitializer TrainingBypassRuleInitializer;
  355. IntegerSetHandler TrainingWhiteRuleHandler; // Rules to train GBUdb as white source.
  356. IntegerSetInitializer TrainingWhiteRuleInitializer;
  357. bool GBUdbTrainingOn_Off; // True when GBUdb training is allowed.
  358. IntegerSetHandler RulePanicHandler;
  359. IntegerSetInitializer RulePanicInitializer;
  360. bool XCI_OnOff; // XML Command Interface ON or OFF.
  361. int XCI_Port; // XML Command Interface Port number.
  362. bool MessageFileTypeCGP_on_off; // True for scanning communigate msgs.
  363. };
  364. class snfCFGmgr { // Object that manages our config data.
  365. private:
  366. Mutex myMutex; // Serialize control during updates.
  367. snfCFGData A; // This is where we store one copy.
  368. snfCFGData B; // This is where we store the other.
  369. volatile bool AisActive; // This tells us which is active.
  370. void swapCFGData(); // This swaps the active dataset.
  371. snfCFGData& ActiveData(); // This returns the active dataset.
  372. snfCFGData& InactiveData(); // This returns the inactive dataset.
  373. string InitFileName; // Initilization parameters are reused
  374. string InitLicenseId; // any time load() is called.
  375. string InitAuthentication;
  376. string ConfigurationPath; // Path to active configuration file.
  377. public:
  378. snfCFGmgr(); // Constructor - to get things right
  379. void initialize( // In order to initialize we need to
  380. const char* FileName, // collect a path to our config or .snf
  381. const char* LicenseId, // our license id and our
  382. const char* Authentication // authentication.
  383. );
  384. class LoadFailure {}; // What we throw if load fails.
  385. void load(); // Load the configuration data.
  386. //// Access methods for config data...
  387. string RuleFilePath(); // Rulebase file path
  388. string SecurityKey(); // Security key for rulebase
  389. snfCFGData* ActiveConfiguration(); // Pointer to active configuration
  390. };
  391. #include "snfCFGmgr.inline.hpp"
  392. #endif
  393. // End include only once