Merge pull request #15 from douzzer/20220425-decision_event

wolfsentry_event.decision_event

Author: LinuxJedi

src/events.c

@@ -133,6 +133,7 @@ wolfsentry_errcode_t wolfsentry_event_clone_bare(
     (*new_event)->insert_event = NULL;
     (*new_event)->match_event = NULL;
     (*new_event)->delete_event = NULL;
+    (*new_event)->decision_event = NULL;
     WOLFSENTRY_LIST_HEADER_RESET((*new_event)->action_list.header);
 
     if (src_event->config) {
@@ -192,6 +193,15 @@ wolfsentry_errcode_t wolfsentry_event_clone_resolve(
         WOLFSENTRY_REFCOUNT_INCREMENT(new_event->delete_event->header.refcount);
     }
 
+    if (src_event->decision_event) {
+        new_event->decision_event = src_event->decision_event;
+        if ((ret = wolfsentry_table_ent_get(&dest_context->events->header, (struct wolfsentry_table_ent_header **)&new_event->decision_event)) < 0) {
+            new_event->decision_event = NULL;
+            WOLFSENTRY_ERROR_RERETURN(ret);
+        }
+        WOLFSENTRY_REFCOUNT_INCREMENT(new_event->decision_event->header.refcount);
+    }
+
     WOLFSENTRY_RETURN_OK;
 }
 
@@ -317,6 +327,8 @@ wolfsentry_errcode_t wolfsentry_event_drop_reference(struct wolfsentry_context *
         wolfsentry_event_drop_reference(wolfsentry, event->match_event, NULL);
     if (event->delete_event)
         wolfsentry_event_drop_reference(wolfsentry, event->delete_event, NULL);
+    if (event->decision_event)
+        wolfsentry_event_drop_reference(wolfsentry, event->decision_event, NULL);
     wolfsentry_event_free(wolfsentry, event);
     if (action_results)
         WOLFSENTRY_SET_BITS(*action_results, WOLFSENTRY_ACTION_RES_DEALLOCATED);
@@ -353,6 +365,11 @@ wolfsentry_errcode_t wolfsentry_event_delete(
             return ret;
         old->delete_event = NULL;
     }
+    if (old->decision_event) {
+        if ((ret = wolfsentry_event_drop_reference(wolfsentry, old->decision_event, NULL /* action_results */)) < 0)
+            return ret;
+        old->decision_event = NULL;
+    }
 
     if ((ret = wolfsentry_table_ent_delete_1(wolfsentry, &old->header)) < 0)
         return ret;
@@ -526,6 +543,12 @@ wolfsentry_errcode_t wolfsentry_event_set_subevent(
         event->delete_event = subevent;
         ret = WOLFSENTRY_ERROR_ENCODE(OK);
         break;
+    case WOLFSENTRY_ACTION_TYPE_DECISION:
+        if (event->decision_event)
+            WOLFSENTRY_WARN_ON_FAILURE(wolfsentry_event_drop_reference(wolfsentry, event->decision_event, NULL /* action_results */));
+        event->decision_event = subevent;
+        ret = WOLFSENTRY_ERROR_ENCODE(OK);
+        break;
     case WOLFSENTRY_ACTION_TYPE_POST:
     case WOLFSENTRY_ACTION_TYPE_NONE:
         break;

src/json/load_config.c

@@ -69,6 +69,7 @@
     "insert-event" : string,
     "match-event" : string,
     "delete-event" : string
+    "decision-event" : string
 
 }
 ],
@@ -863,6 +864,8 @@ static wolfsentry_errcode_t handle_event_clause(struct wolfsentry_json_process_s
             subevent_type = WOLFSENTRY_ACTION_TYPE_MATCH;
         else if (! strcmp(jps->cur_keyname, "delete-event"))
             subevent_type = WOLFSENTRY_ACTION_TYPE_DELETE;
+        else if (! strcmp(jps->cur_keyname, "decision-event"))
+            subevent_type = WOLFSENTRY_ACTION_TYPE_DECISION;
 
         if (subevent_type != WOLFSENTRY_ACTION_TYPE_NONE) {
             if (data_size > WOLFSENTRY_MAX_LABEL_BYTES)

src/kv.c

@@ -197,7 +197,12 @@ static wolfsentry_errcode_t wolfsentry_kv_get_1(
     struct wolfsentry_kv_pair_internal *ret_kv = (struct wolfsentry_kv_pair_internal *)kv_template;
     if ((ret = wolfsentry_table_ent_get(&kv_table->header, (struct wolfsentry_table_ent_header **)&ret_kv)) < 0)
         return ret;
-    if ((WOLFSENTRY_KV_TYPE(&kv_template->kv) != WOLFSENTRY_KV_NONE) &&
+    /* special-case request for uint with object sint that is >= 0. */
+    if ((WOLFSENTRY_KV_TYPE(&kv_template->kv) == WOLFSENTRY_KV_UINT) &&
+        (WOLFSENTRY_KV_TYPE(&ret_kv->kv) == WOLFSENTRY_KV_SINT) &&
+        (WOLFSENTRY_KV_V_SINT(&ret_kv->kv) >= 0))
+        ;
+    else if ((WOLFSENTRY_KV_TYPE(&kv_template->kv) != WOLFSENTRY_KV_NONE) &&
         (WOLFSENTRY_KV_TYPE(&kv_template->kv) != WOLFSENTRY_KV_TYPE(&ret_kv->kv)))
         WOLFSENTRY_ERROR_RETURN(WRONG_TYPE);
     *kv = ret_kv;

src/routes.c

@@ -931,6 +931,7 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_0(
     )
 {
     struct wolfsentry_eventconfig_internal *config = (route->parent_event && route->parent_event->config) ? route->parent_event->config : &wolfsentry->config;
+    wolfsentry_errcode_t ret;
 
     if (! (route->flags & WOLFSENTRY_ROUTE_FLAG_DONT_COUNT_HITS))
         WOLFSENTRY_ATOMIC_INCREMENT(route->header.hitcount, 1);
@@ -969,12 +970,14 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_0(
         if (*action_results & WOLFSENTRY_ACTION_RES_CONNECT) {
             if (route->meta.connection_count >= config->config.max_connection_count) {
                 *action_results |= WOLFSENTRY_ACTION_RES_REJECT;
-                WOLFSENTRY_RETURN_OK;
+                ret = WOLFSENTRY_ERROR_ENCODE(OK);
+                goto done;
             }
             if (WOLFSENTRY_ATOMIC_INCREMENT_BY_ONE(route->meta.connection_count) > config->config.max_connection_count) {
                 WOLFSENTRY_ATOMIC_DECREMENT_BY_ONE(route->meta.connection_count);
                 *action_results |= WOLFSENTRY_ACTION_RES_REJECT;
-                WOLFSENTRY_RETURN_OK;
+                ret = WOLFSENTRY_ERROR_ENCODE(OK);
+                goto done;
             }
         } else if (*action_results & WOLFSENTRY_ACTION_RES_DISCONNECT)
             WOLFSENTRY_ATOMIC_DECREMENT_BY_ONE(route->meta.connection_count);
@@ -987,9 +990,11 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_0(
     if ((route->flags & WOLFSENTRY_ROUTE_FLAG_PENALTYBOXED)) {
         if ((config->config.penaltybox_duration > 0) && (route->meta.last_penaltybox_time != 0)) {
             wolfsentry_time_t now;
-            wolfsentry_errcode_t ret = WOLFSENTRY_GET_TIME(&now);
-            if (ret < 0)
-                return ret;
+            ret = WOLFSENTRY_GET_TIME(&now);
+            if (ret < 0) {
+                *action_results |= WOLFSENTRY_ACTION_RES_ERROR;
+                goto done;
+            }
             if (WOLFSENTRY_DIFF_TIME(now, route->meta.last_penaltybox_time) > config->config.penaltybox_duration) {
                 wolfsentry_route_flags_t flags_before, flags_after;
                 WOLFSENTRY_WARN_ON_FAILURE(
@@ -1004,18 +1009,36 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_0(
                 *action_results |= WOLFSENTRY_ACTION_RES_REJECT;
         } else
             *action_results |= WOLFSENTRY_ACTION_RES_REJECT;
-        WOLFSENTRY_RETURN_OK;
+        ret = WOLFSENTRY_ERROR_ENCODE(OK);
+        goto done;
     } else if ((route->flags & WOLFSENTRY_ROUTE_FLAG_GREENLISTED)) {
         *action_results |= WOLFSENTRY_ACTION_RES_ACCEPT;
-        WOLFSENTRY_RETURN_OK;
+        ret = WOLFSENTRY_ERROR_ENCODE(OK);
+        goto done;
     }
 
     if (! WOLFSENTRY_MASKIN_BITS(*action_results, WOLFSENTRY_ACTION_RES_ACCEPT|WOLFSENTRY_ACTION_RES_REJECT))
         *action_results |= wolfsentry->routes_static->default_policy;
     if (! WOLFSENTRY_MASKIN_BITS(*action_results, WOLFSENTRY_ACTION_RES_ACCEPT|WOLFSENTRY_ACTION_RES_REJECT))
         *action_results |= wolfsentry->routes_dynamic->default_policy;
 
-    WOLFSENTRY_RETURN_OK;
+    ret = WOLFSENTRY_ERROR_ENCODE(OK);
+
+  done:
+
+    if (route->parent_event && route->parent_event->decision_event && route->parent_event->decision_event->action_list.header.head) {
+        WOLFSENTRY_WARN_ON_FAILURE(wolfsentry_action_list_dispatch(
+                                       wolfsentry,
+                                       caller_arg,
+                                       route->parent_event->decision_event,
+                                       trigger_event,
+                                       WOLFSENTRY_ACTION_TYPE_DECISION,
+                                       route_table,
+                                       route,
+                                       action_results));
+    }
+
+    return ret;
 }
 
 static wolfsentry_errcode_t wolfsentry_route_event_dispatch_1(
@@ -1094,8 +1117,11 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_1(
                 *inexact_matches = WOLFSENTRY_ROUTE_FLAG_NONE;
         } else {
             WOLFSENTRY_WARN_ON_FAILURE(wolfsentry_route_drop_reference_1(wolfsentry, route, NULL /* action_results */));
-            if (ret >= 0)
-                ret = WOLFSENTRY_ERROR_ENCODE(NOT_INSERTED); /* not an error */
+            if (ret >= 0) {
+                /* inform caller that no entry was found or added. */
+                WOLFSENTRY_SET_BITS(*action_results, WOLFSENTRY_ACTION_RES_INSERT|WOLFSENTRY_ACTION_RES_DELETE);
+                ret = WOLFSENTRY_ERROR_ENCODE(OK);
+            }
             return ret;
         }
     } else {

src/util.c

@@ -130,8 +130,6 @@ const char *wolfsentry_errcode_error_string(wolfsentry_errcode_t e)
         return "Operation attempted with object already marked as stopped";
     case WOLFSENTRY_ERROR_ID_WRONG_OBJECT:
         return "Operation attempted on wrong type of object";
-    case WOLFSENTRY_ERROR_ID_NOT_INSERTED:
-        return "Object was not inserted in table (informational, not an error)";
     case WOLFSENTRY_ERROR_ID_DATA_MISSING:
         return "Requested data or buffer is not present";
     case WOLFSENTRY_ERROR_ID_NOT_PERMITTED:
@@ -168,6 +166,44 @@ const char *wolfsentry_errcode_error_string(wolfsentry_errcode_t e)
         return "unknown error code";
 }
 
+const char *wolfsentry_action_res_decode(wolfsentry_action_res_t res, unsigned int bit) {
+    if (bit > 31)
+        return "<out-of-range>";
+    if (res & (1U << bit)) {
+        switch(1U << bit) {
+        case WOLFSENTRY_ACTION_RES_NONE: /* not reachable */
+            return "none";
+        case WOLFSENTRY_ACTION_RES_ACCEPT:
+            return "accept";
+        case WOLFSENTRY_ACTION_RES_REJECT:
+            return "reject";
+        case WOLFSENTRY_ACTION_RES_CONNECT:
+            return "connect";
+        case WOLFSENTRY_ACTION_RES_DISCONNECT:
+            return "disconnect";
+        case WOLFSENTRY_ACTION_RES_DEROGATORY:
+            return "derogatory";
+        case WOLFSENTRY_ACTION_RES_COMMENDABLE:
+            return "commendable";
+        case WOLFSENTRY_ACTION_RES_CONTINUE:
+            return "continue";
+        case WOLFSENTRY_ACTION_RES_STOP:
+            return "stop";
+        case WOLFSENTRY_ACTION_RES_INSERT:
+            return "insert";
+        case WOLFSENTRY_ACTION_RES_DELETE:
+            return "delete";
+        case WOLFSENTRY_ACTION_RES_DEALLOCATED:
+            return "deallocated";
+        case WOLFSENTRY_ACTION_RES_ERROR:
+            return "error";
+        default:
+            return "<user>";
+        }
+    } else
+        return NULL;
+}
+
 #endif /* WOLFSENTRY_ERROR_STRINGS */
 
 #ifdef WOLFSENTRY_MALLOC_BUILTINS

src/wolfsentry_internal.h

@@ -167,6 +167,8 @@ struct wolfsentry_table_header {
 #define WOLFSENTRY_TABLE_HEADER_RESET(table) do { \
         (table).head = (table).tail = NULL;       \
         (table).n_ents = 0;                       \
+        (table).n_inserts = 0;                    \
+        (table).n_deletes = 0;                    \
     } while (0)
 
 struct wolfsentry_cursor {
@@ -215,6 +217,7 @@ struct wolfsentry_event {
     struct wolfsentry_event *insert_event; /* child event with setup routines (if any) for routes inserted with this as parent_event. */
     struct wolfsentry_event *match_event; /* child event with state management for routes inserted with this as parent_event. */
     struct wolfsentry_event *delete_event; /* child event with cleanup routines (if any) for routes inserted with this as parent_event. */
+    struct wolfsentry_event *decision_event; /* child event with logic for notifications and logging around decisions for routes inserted with this as parent_event. */
 
     wolfsentry_priority_t priority;
 

tests/test-config-numeric.json

@@ -16,7 +16,11 @@
 	},
 	{
 	    "label" : "event-on-match",
-	    "actions" : [ "handle-match", "notify-on-match" ]
+	    "actions" : [ "handle-match" ]
+	},
+	{
+	    "label" : "event-on-decision",
+	    "actions" : [ "notify-on-decision" ]
 	},
 	{
 	    "label" : "static-route-parent",
@@ -28,7 +32,8 @@
 	    "actions" : [ "handle-connect", "handle-connect2" ],
 	    "insert-event" : "event-on-insert",
 	    "match-event" : "event-on-match",
-	    "delete-event" : "event-on-delete"
+	    "delete-event" : "event-on-delete",
+	    "decision-event" : "event-on-decision"
 	},
 	{
 	    "label" : "call-in-from-unit-test"

tests/test-config.json

@@ -16,7 +16,11 @@
 	},
 	{
 	    "label" : "event-on-match",
-	    "actions" : [ "handle-match", "notify-on-match" ]
+	    "actions" : [ "handle-match" ]
+	},
+	{
+	    "label" : "event-on-decision",
+	    "actions" : [ "notify-on-decision" ]
 	},
 	{
 	    "label" : "static-route-parent",
@@ -28,7 +32,8 @@
 	    "actions" : [ "handle-connect", "handle-connect2" ],
 	    "insert-event" : "event-on-insert",
 	    "match-event" : "event-on-match",
-	    "delete-event" : "event-on-delete"
+	    "delete-event" : "event-on-delete",
+	    "decision-event" : "event-on-decision"
 	},
 	{
 	    "label" : "call-in-from-unit-test"

tests/unittests.c

@@ -2279,7 +2279,7 @@ static int test_json(const char *fname) {
 
     WOLFSENTRY_EXIT_ON_FAILURE(wolfsentry_action_insert(
                                    wolfsentry,
-                                   "notify-on-match",
+                                   "notify-on-decision",
                                    WOLFSENTRY_LENGTH_NULL_TERMINATED,
                                    WOLFSENTRY_ACTION_FLAG_NONE,
                                    test_action,

wolfsentry/wolfsentry.h

@@ -292,7 +292,8 @@ typedef enum {
     WOLFSENTRY_ACTION_TYPE_POST = 1, /* called when an event is posted. */
     WOLFSENTRY_ACTION_TYPE_INSERT = 2, /* called when a route is added to the route table for this event. */
     WOLFSENTRY_ACTION_TYPE_MATCH = 3, /* called by wolfsentry_route_dispatch() for a route match. */
-    WOLFSENTRY_ACTION_TYPE_DELETE = 4 /* called when a route associated with this event expires or is otherwise deleted. */
+    WOLFSENTRY_ACTION_TYPE_DELETE = 4, /* called when a route associated with this event expires or is otherwise deleted. */
+    WOLFSENTRY_ACTION_TYPE_DECISION = 5 /* called after final decision has been made by wolfsentry_route_event_dispatch*(). */
 } wolfsentry_action_type_t;
 
 #define WOLFSENTRY_ACTION_RES_USER_SHIFT 16U
@@ -510,6 +511,10 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_from_epoch_time(struct wolfsentry
 WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_interval_to_seconds(struct wolfsentry_context *wolfsentry, wolfsentry_time_t howlong, long *howlong_secs, long *howlong_nsecs);
 WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_interval_from_seconds(struct wolfsentry_context *wolfsentry, long howlong_secs, long howlong_nsecs, wolfsentry_time_t *howlong);
 
+#ifdef WOLFSENTRY_ERROR_STRINGS
+WOLFSENTRY_API const char *wolfsentry_action_res_decode(wolfsentry_action_res_t res, unsigned int bit);
+#endif
+
 struct wolfsentry_host_platform_interface {
     struct wolfsentry_allocator *allocator;
     struct wolfsentry_timecbs *timecbs;