backend/binsrc/nfregex.cpp

#include "regex/regex_rules.cpp"
#include "regex/regexfilter.cpp"
#include "classes/netfilter.cpp"
#include <syncstream>
#include <iostream>

using namespace std;
using namespace Firegex::Regex;
using Firegex::NfQueue::MultiThreadQueue;

/*
Compile options:
USE_PIPES_FOR_BLOKING_QUEUE - use pipes instead of conditional variable, queue and mutex for blocking queue
*/


void config_updater (){
	string line;
	while (true){
		getline(cin, line);
		if (cin.eof()){
			cerr << "[fatal] [updater] cin.eof()" << endl;
			exit(EXIT_FAILURE);
		}
		if (cin.bad()){
			cerr << "[fatal] [updater] cin.bad()" << endl;
			exit(EXIT_FAILURE);
		}
		cerr << "[info] [updater] Updating configuration with line " << line << endl;
		istringstream config_stream(line);
		vector<string> raw_rules;
		
		while(!config_stream.eof()){
			string data;
			config_stream >> data;
			if (data != "" && data != "\n"){
				raw_rules.push_back(data);
			}
		}
		try{
			regex_config.reset(new RegexRules(raw_rules, regex_config->stream_mode()));
			cerr << "[info] [updater] Config update done to ver "<< regex_config->ver() << endl;
			osyncstream(cout) << "ACK OK" << endl;
		}catch(const std::exception& e){
			cerr << "[error] [updater] Failed to build new configuration!" << endl;
			osyncstream(cout) << "ACK FAIL " << e.what() << endl;
		}
	}
	
}

int main(int argc, char *argv[]){

	char * test_regex = getenv("FIREGEX_TEST_REGEX");
	if (test_regex != nullptr){
		cerr << "[info] [main] Testing regex: " << test_regex << endl;
		try{
			RegexRules::compile_regex(test_regex);
			cerr << "[info] [main] Test passed" << endl;
			return 0;
		}catch(const std::exception& e){
			cerr << "[error] [updater] Test failed" << endl;
			cout << e.what() << flush;
			return 1;
		}
	}

	int n_of_threads = 1;
   	char * n_threads_str = getenv("NTHREADS");
   	if (n_threads_str != nullptr) n_of_threads = ::atoi(n_threads_str);
	if(n_of_threads <= 0) n_of_threads = 1;

	char * matchmode = getenv("MATCH_MODE");
	bool stream_mode = true;
	if (matchmode != nullptr && strcmp(matchmode, "block") == 0){
		stream_mode = false;
	}
	
	bool fail_open = strcmp(getenv("FIREGEX_NFQUEUE_FAIL_OPEN"), "1") == 0;

	regex_config.reset(new RegexRules(stream_mode));

	MultiThreadQueue<RegexNfQueue> queue_manager(n_of_threads);
	osyncstream(cout) << "QUEUE " << queue_manager.queue_num() << endl;
	cerr << "[info] [main] Queue: " << queue_manager.queue_num() << " threads assigned: " << n_of_threads << " stream mode: " << stream_mode << " fail open: " << fail_open << endl;

	thread qthr([&](){
		queue_manager.start();
	});
	config_updater();
	qthr.join();

}
c++ refactoring, init pypi projects, gh action added 2025-02-09 22:32:48 +01:00			`#include "regex/regex_rules.cpp"`
			`#include "regex/regexfilter.cpp"`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`#include "classes/netfilter.cpp"`
c++ refactoring, init pypi projects, gh action added 2025-02-09 22:32:48 +01:00			`#include <syncstream>`
Go -> C++ 2022-07-15 10:08:54 +02:00			`#include <iostream>`
Finished but not working 2022-07-16 14:22:33 +02:00
Go -> C++ 2022-07-15 10:08:54 +02:00			`using namespace std;`
User-Space thread balancing + refactoring 2025-02-16 16:33:34 +01:00			`using namespace Firegex::Regex;`
			`using Firegex::NfQueue::MultiThreadQueue;`
C++ file developping 2022-07-15 17:26:40 +02:00
less copy and less lock 2025-02-17 13:07:06 +01:00			`/*`
			`Compile options:`
			`USE_PIPES_FOR_BLOKING_QUEUE - use pipes instead of conditional variable, queue and mutex for blocking queue`
			`*/`


c++ filter done 2022-07-16 15:24:05 +02:00			`void config_updater (){`
Fixes and small changes 2022-07-18 23:01:24 +02:00			`string line;`
c++ filter done 2022-07-16 15:24:05 +02:00			`while (true){`
			`getline(cin, line);`
Python integration with c++ binary (not totally working yet) 2022-07-18 18:52:14 +02:00			`if (cin.eof()){`
Iptables -> NFtables 2022-07-19 15:17:34 +02:00			`cerr << "[fatal] [updater] cin.eof()" << endl;`
Python integration with c++ binary (not totally working yet) 2022-07-18 18:52:14 +02:00			`exit(EXIT_FAILURE);`
			`}`
c++ filter done 2022-07-16 15:24:05 +02:00			`if (cin.bad()){`
Iptables -> NFtables 2022-07-19 15:17:34 +02:00			`cerr << "[fatal] [updater] cin.bad()" << endl;`
c++ filter done 2022-07-16 15:24:05 +02:00			`exit(EXIT_FAILURE);`
			`}`
			`cerr << "[info] [updater] Updating configuration with line " << line << endl;`
			`istringstream config_stream(line);`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`vector<string> raw_rules;`

c++ filter done 2022-07-16 15:24:05 +02:00			`while(!config_stream.eof()){`
Fixes and small changes 2022-07-18 23:01:24 +02:00			`string data;`
c++ filter done 2022-07-16 15:24:05 +02:00			`config_stream >> data;`
Python integration with c++ binary (not totally working yet) 2022-07-18 18:52:14 +02:00			`if (data != "" && data != "\n"){`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`raw_rules.push_back(data);`
Python integration with c++ binary (not totally working yet) 2022-07-18 18:52:14 +02:00			`}`
c++ filter done 2022-07-16 15:24:05 +02:00			`}`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`try{`
			`regex_config.reset(new RegexRules(raw_rules, regex_config->stream_mode()));`
improves on the nfregex binary 2025-02-03 02:04:10 +01:00			`cerr << "[info] [updater] Config update done to ver "<< regex_config->ver() << endl;`
c++ refactoring, init pypi projects, gh action added 2025-02-09 22:32:48 +01:00			`osyncstream(cout) << "ACK OK" << endl;`
drop stream on udp (due to missing method to keep stream) + ack on reload config 2025-02-05 01:48:36 +01:00			`}catch(const std::exception& e){`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`cerr << "[error] [updater] Failed to build new configuration!" << endl;`
c++ refactoring, init pypi projects, gh action added 2025-02-09 22:32:48 +01:00			`osyncstream(cout) << "ACK FAIL " << e.what() << endl;`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`}`
			`}`
improves on the nfregex binary x3 2025-02-04 21:09:03 +01:00
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`}`

			`int main(int argc, char *argv[]){`
regex checked by hyperscan directly with error messages 2025-02-18 21:20:19 +01:00
			`char * test_regex = getenv("FIREGEX_TEST_REGEX");`
			`if (test_regex != nullptr){`
			`cerr << "[info] [main] Testing regex: " << test_regex << endl;`
			`try{`
			`RegexRules::compile_regex(test_regex);`
			`cerr << "[info] [main] Test passed" << endl;`
			`return 0;`
			`}catch(const std::exception& e){`
			`cerr << "[error] [updater] Test failed" << endl;`
			`cout << e.what() << flush;`
			`return 1;`
			`}`
			`}`

Fixes 2022-07-22 00:34:57 +02:00			`int n_of_threads = 1;`
Fixes and improvements in thread managment 2022-08-02 19:45:28 +00:00			`char * n_threads_str = getenv("NTHREADS");`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`if (n_threads_str != nullptr) n_of_threads = ::atoi(n_threads_str);`
Fixes 2022-07-22 00:34:57 +02:00			`if(n_of_threads <= 0) n_of_threads = 1;`
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00
			`char * matchmode = getenv("MATCH_MODE");`
			`bool stream_mode = true;`
			`if (matchmode != nullptr && strcmp(matchmode, "block") == 0){`
			`stream_mode = false;`
			`}`
optional nfqueue fail-open option 2025-02-18 17:36:15 +01:00
			`bool fail_open = strcmp(getenv("FIREGEX_NFQUEUE_FAIL_OPEN"), "1") == 0;`
improves on the nfregex binary x5 2025-02-04 22:51:30 +01:00
nfqueue to hyperscan and stream match, removed proxyregex 2025-02-02 19:54:42 +01:00			`regex_config.reset(new RegexRules(stream_mode));`
User-Space thread balancing + refactoring 2025-02-16 16:33:34 +01:00
			`MultiThreadQueue<RegexNfQueue> queue_manager(n_of_threads);`
			`osyncstream(cout) << "QUEUE " << queue_manager.queue_num() << endl;`
optional nfqueue fail-open option 2025-02-18 17:36:15 +01:00			`cerr << "[info] [main] Queue: " << queue_manager.queue_num() << " threads assigned: " << n_of_threads << " stream mode: " << stream_mode << " fail open: " << fail_open << endl;`
C++ file developping 2022-07-15 17:26:40 +02:00
User-Space thread balancing + refactoring 2025-02-16 16:33:34 +01:00			`thread qthr([&](){`
			`queue_manager.start();`
			`});`
C++ file developping 2022-07-15 17:26:40 +02:00			`config_updater();`
User-Space thread balancing + refactoring 2025-02-16 16:33:34 +01:00			`qthr.join();`

Go -> C++ 2022-07-15 10:08:54 +02:00			`}`