char* arg_to_spade_json(struct arg_struct* n) { int i; char* tmp; NODE_START("Entity"); for(i=0; i<n->length; i++){ if(n->value[i]=='\\') n->value[i]='/'; if(n->value[i]=='\n') n->value[i]=' '; if(n->value[i]=='\t') n->value[i]=' '; } tmp = repl_str(n->value, "\"", "\\\""); if(tmp==NULL) tmp = n->value; __add_string_attribute("value", tmp, true); if(n->truncated==PROV_TRUNCATED) __add_string_attribute("truncated", "true", true); else __add_string_attribute("truncated", "false", true); NODE_END(); if(tmp != n->value) free(tmp); return buffer; }
char* task_to_spade_json(struct task_prov_struct* n) { NODE_START("Activity"); __add_uint32_attribute("pid", n->pid, true); __add_uint32_attribute("vpid", n->vpid, true); NODE_END(); return buffer; }
char* proc_to_spade_json(struct proc_prov_struct* n) { NODE_START("Entity"); __add_uint32_attribute("uid", n->uid, true); __add_uint32_attribute("gid", n->gid, true); __add_uint32_attribute("tgid", n->tgid, true); __add_uint32_attribute("utsns", n->utsns, true); __add_uint32_attribute("ipcns", n->ipcns, true); __add_uint32_attribute("mntns", n->mntns, true); __add_uint32_attribute("pidns", n->pidns, true); __add_uint32_attribute("netns", n->netns, true); __add_uint32_attribute("cgroupns", n->cgroupns, true); provenance_secid_to_secctx(n->secid, secctx, PATH_MAX); __add_string_attribute("secctx", secctx, true); __add_uint64_attribute("utime", n->utime, true); __add_uint64_attribute("stime", n->stime, true); __add_uint64_attribute("vm", n->vm, true); __add_uint64_attribute("rss", n->rss, true); __add_uint64_attribute("hw_vm", n->hw_vm, true); __add_uint64_attribute("hw_rss", n->hw_rss, true); __add_uint64_attribute("rbytes", n->rbytes, true); __add_uint64_attribute("wbytes", n->wbytes, true); __add_uint64_attribute("cancel_wbytes", n->cancel_wbytes, true); NODE_END(); return buffer; }
char* xattr_to_spade_json(struct xattr_prov_struct* n) { NODE_START("Entity"); __add_string_attribute("name", n->name, true); if(n->size>0){ __add_uint32_attribute("size", n->size, true); // TODO record value when present } NODE_END(); return buffer; }
char* inode_to_spade_json(struct inode_prov_struct* n) { NODE_START("Entity"); __add_uint32_attribute("uid", n->uid, true); __add_uint32_attribute("gid", n->gid, true); __add_uint32hex_attribute("mode", n->mode, true); __add_string_attribute("secctx", secctx, true); __add_uint32_attribute("ino", n->ino, true); __add_string_attribute("uuid", uuid_to_str(n->sb_uuid, uuid, UUID_STR_SIZE), true); NODE_END(); return buffer; }
char* iattr_to_spade_json(struct iattr_prov_struct* n) { NODE_START("Entity"); __add_uint32hex_attribute("valid", n->valid, true); __add_uint32hex_attribute("mode", n->mode, true); __add_uint32_attribute("uid", n->uid, true); __add_uint32_attribute("gid", n->gid, true); __add_int64_attribute("size", n->size, true); __add_int64_attribute("atime", n->atime, true); __add_int64_attribute("ctime", n->ctime, true); __add_int64_attribute("mtime", n->mtime, true); NODE_END(); return buffer; }
char* pckcnt_to_spade_json(struct pckcnt_struct* n) { char* cntenc; NODE_START("Entity"); cntenc = malloc( encode64Bound(n->length) ); base64encode(n->content, n->length, cntenc, encode64Bound(n->length)); __add_string_attribute("content", cntenc, true); free(cntenc); __add_uint32_attribute("length", n->length, true); if(n->truncated==PROV_TRUNCATED) __add_string_attribute("truncated", "true", true); else __add_string_attribute("truncated", "false", true); NODE_END(); return buffer; }
char* addr_to_spade_json(struct address_struct* n) { char host[NI_MAXHOST]; char serv[NI_MAXSERV]; int err; struct sockaddr *ad = (struct sockaddr*)&(n->addr); NODE_START("Entity"); if(ad->sa_family == AF_INET){ err = getnameinfo(ad, sizeof(struct sockaddr_in), host, NI_MAXHOST, serv, NI_MAXSERV, NI_NUMERICHOST | NI_NUMERICSERV); __add_string_attribute("type", "AF_INET", true); if (err < 0) { __add_string_attribute("host", "could not resolve", true); __add_string_attribute("service", "could not resolve", true); __add_string_attribute("error", gai_strerror(err), true); } else { __add_string_attribute("host", host, true); __add_string_attribute("service", serv, true); } }else if(ad->sa_family == AF_INET6){ err = getnameinfo(ad, sizeof(struct sockaddr_in6), host, NI_MAXHOST, serv, NI_MAXSERV, NI_NUMERICHOST | NI_NUMERICSERV); __add_string_attribute("type", "AF_INET6", true); if (err < 0) { __add_string_attribute("host", "could not resolve", true); __add_string_attribute("service", "could not resolve", true); __add_string_attribute("error", gai_strerror(err), true); } else { __add_string_attribute("host", host, true); __add_string_attribute("service", serv, true); } }else if(ad->sa_family == AF_UNIX){ __add_string_attribute("type", "AF_UNIX", true); __add_string_attribute("path", ((struct sockaddr_un*)ad)->sun_path, true); }else{ err = getnameinfo(ad, n->length, host, NI_MAXHOST, serv, NI_MAXSERV, NI_NUMERICHOST | NI_NUMERICSERV); __add_int32_attribute("type", ad->sa_family, true); if (err < 0) { __add_string_attribute("host", "could not resolve", true); __add_string_attribute("service", "could not resolve", true); __add_string_attribute("error", gai_strerror(err), true); } else { __add_string_attribute("host", host, true); __add_string_attribute("service", serv, true); } } NODE_END(); return buffer; }
char* packet_to_spade_json(struct pck_struct* n) { ID_ENCODE(n->identifier.buffer, PROV_IDENTIFIER_BUFFER_LENGTH, id, PROV_ID_STR_LEN); buffer[0]='\0'; update_time(); strncat(buffer, "{", BUFFER_LENGTH); __add_string_attribute("type", "Entity", false); __add_string_attribute("id", id, true); strncat(buffer, ",\"annotations\": {", BUFFER_LENGTH); __add_string_attribute("object_type", "packet", false); __add_date_attribute(true); __add_uint32_attribute("packet_id", n->identifier.packet_id.id, true); __add_uint32_attribute("seq", n->identifier.packet_id.seq, true); __add_ipv4_attribute("sender", n->identifier.packet_id.snd_ip, n->identifier.packet_id.snd_port, true); __add_ipv4_attribute("receiver", n->identifier.packet_id.rcv_ip, n->identifier.packet_id.rcv_port, true); __add_uint64_attribute("jiffies", n->jiffies, true); NODE_END(); return buffer; }
char* machine_to_spade_json(struct machine_struct* n){ char tmp[256]; NODE_START("Entity"); __add_string_attribute("u_sysname", n->utsname.sysname, true); __add_string_attribute("u_nodename", n->utsname.nodename, true); __add_string_attribute("u_release", n->utsname.release, true); __add_string_attribute("u_version", n->utsname.version, true); __add_string_attribute("u_machine", n->utsname.machine, true); __add_string_attribute("u_domainname", n->utsname.domainname, true); sprintf(tmp, "%d.%d.%d", n->cam_major, n->cam_minor, n->cam_patch); __add_string_attribute("k_version", tmp, true); __add_string_attribute("k_commit", n->commit, true); provenance_lib_version(tmp, 256); __add_string_attribute("l_version", tmp, true); provenance_lib_commit(tmp, 256); __add_string_attribute("l_commit", tmp, true); NODE_END(); return buffer; }
int march_solve_rec() { int branch_literal = 0, _result, _percentage_forced; int skip_left = 0, skip_right = 0, top_flag = 0; #ifdef DISTRIBUTION int record_index = current_record; top_flag = TOP_OF_TREE; if( fix_recorded_literals(record_index) == UNSAT ) return UNSAT; if( record_index == 0 ) record_index = init_new_record( ); #endif #ifdef SUPER_LINEAR if( depth < sl_depth ) subtree_size = 0; else if( subtree_size == SL_MAX ) return UNSAT; else subtree_size++; #endif #ifdef TIMEOUT if( (int) clock() > CLOCKS_PER_SEC * TIMEOUT ) return UNKNOWN; #endif #ifdef SUBTREE_SIZE path_length++; #endif #ifdef CUT_OFF if( depth <= CUT_OFF ) last_SAT_bin = -1; if( solution_bin == last_SAT_bin ) { #ifdef DISTRIBUTION records[ record_index ].UNSAT_flag = 1; #endif return UNSAT; } #endif #ifdef DETECT_COMPONENTS determine_components(); #endif #ifdef DISTRIBUTION branch_literal = records[record_index].branch_literal; if( branch_literal != 0 ) dist_acc_flag = 1; else // if( branch_literal == 0 ) #endif do { #ifdef LOCAL_AUTARKY int _depth; _depth = analyze_autarky(); if( _depth == 0 ) printf("c global autarky found at depth %i\n", depth ); else if( _depth != depth ) printf("c autarky found at depth %i (from %i)\n", depth, _depth ); #endif nodeCount++; // printf("node %i @ depth %i\n", nodeCount, depth ); if( ConstructCandidatesSet() == 0 ) { if( depth > 0 ) { if( checkSolution() == SAT ) return verifySolution(); } if( PreselectAll() == 0 ) return verifySolution(); } else ConstructPreselectedSet(); if( lookahead() == UNSAT ) { lookDead++; return UNSAT; } if( propagate_forced_literals() == UNSAT ) return UNSAT; branch_literal = get_signedBranchVariable(); // printf("c branch literal %i", branch_literal ); } while( (percentage_forced > 50.0) || (branch_literal == 0) ); #ifdef PLOT if( plotCount++ >= 10000 ) return UNSAT; printf("\t%i\t%.3f\t%i\n", plotCount, sum_plot / count_plot, depth ); #endif _percentage_forced = percentage_forced; #ifdef PARALLEL if( depth < para_depth ) if( para_bin & (1 << (para_depth - depth - 1) ) ) branch_literal *= -1; #endif // printf("branch_literal = %i at depth %i\n", branch_literal, depth ); #ifdef GLOBAL_AUTARKY if( depth == 0 ) { int i; for( i = 1; i <= nrofvars; i++ ) { TernaryImpReduction[ i ] = 0; TernaryImpReduction[ -i ] = 0; if( kSAT_flag ) { btb_size[ i ] = 0; btb_size[ -i ] = 0; } } if( kSAT_flag ) for( i = 0; i < nrofbigclauses; ++i ) clause_reduction[ i ] = 0; // branch_literal = 10; } #endif NODE_START(); #ifdef BLOCK_PRESELECT set_block_stamps( branch_literal ); #endif #ifdef DISTRIBUTION if( top_flag ) { branch_literal *= -1; current_rights++; UPDATE_BIN(); } skip_left = skip_node(); #endif if( (skip_left==0) && IFIUP( branch_literal, FIX_BRANCH_VARIABLE ) ) { #ifdef DISTRIBUTION current_record = LEFT_CHILD; #endif _result = recursive_solve(); #ifdef DISTRIBUTION LEFT_CHILD = current_record; #endif if( _result == SAT || _result == UNKNOWN ) return _result; } else { #ifdef DISTRIBUTION if( (LEFT_CHILD != 0) && records[ LEFT_CHILD ].UNSAT_flag == 0 ) { records[ LEFT_CHILD ].UNSAT_flag = 1; // printf("c left child %i UNSAT by parent!\n", LEFT_CHILD ); } #endif PUSH( r, STACK_BLOCK );} NODE_END(); #ifdef BACKJUMP if( backjump_literal != 0 ) if( timeAssignments[ backjump_literal ] >= NARY_MAX ) { // printf("backjumping at depth %i due to literal %i\n", depth, backjump_literal ); return UNSAT; } backjump_literal = 0; #endif #ifdef DISTRIBUTION if( top_flag ) { current_rights--; UPDATE_BIN(); } #endif percentage_forced = _percentage_forced; #ifdef PARALLEL if( depth < para_depth ) goto parallel_skip_node; #endif #ifdef GLOBAL_AUTARKY if( depth == 0 ) if( kSAT_flag ) { int i; for( i = 1; i <= nrofvars; ++i ) { assert( TernaryImpReduction[ i ] == 0 ); assert( TernaryImpReduction[ -i ] == 0 ); assert( btb_size[ i ] == 0 ); assert( btb_size[ -i ] == 0 ); } for( i = 0; i < nrofbigclauses; ++i ) { clause_red_depth[ i ] = nrofvars; clause_SAT_flag[ i ] = 0; } } if( kSAT_flag ) { int i; for( i = 1; i <= nrofvars; ++i ) { assert( TernaryImpReduction[ i ] >= 0 ); assert( TernaryImpReduction[ -i ] >= 0 ); assert( btb_size[ i ] >= 0 ); assert( btb_size[ -i ] >= 0 ); } } #endif NODE_START(); #ifdef BLOCK_PRESELECT set_block_stamps( branch_literal ); #endif if( top_flag == 0 ) { #ifdef DISTRIBUTION current_rights++; #endif UPDATE_BIN(); } #ifdef DISTRIBUTION skip_right = skip_node(); #endif if( (skip_right == 0) && IFIUP( -branch_literal, FIX_BRANCH_VARIABLE ) ) { #ifdef DISTRIBUTION current_record = RIGHT_CHILD; #endif _result = recursive_solve(); #ifdef DISTRIBUTION RIGHT_CHILD = current_record; #endif if( _result == SAT || _result == UNKNOWN ) return _result;} else { #ifdef DISTRIBUTION if( (RIGHT_CHILD != 0) && records[ RIGHT_CHILD ].UNSAT_flag == 0 ) { records[ RIGHT_CHILD ].UNSAT_flag = 1; // printf("c right child %i UNSAT by parent!\n", RIGHT_CHILD ); } #endif PUSH( r, STACK_BLOCK );} NODE_END(); if( top_flag == 0 ) { #ifdef DISTRIBUTION current_rights--; #endif UPDATE_BIN(); } #ifdef PARALLEL parallel_skip_node:; #endif // printf("ended node %i at depth %i\n", nodeCount, depth ); #ifdef SUBTREE_SIZE if( (skip_flag == 0) && (jump_depth == 0) && (current_rights == 0) ) { int subtree = path_length - depth; // float cost = nodeCount * (CLOCKS_PER_SEC / ((float)(clock() + 10 - first_time))); // printf("c nodes per second = %.3f at level %i\n", cost, depth ); if( jump_depth >= 30 ) jump_depth = 999; if( subtree > SUBTREE_SIZE ) { jump_depth = depth; while( subtree > 2*SUBTREE_SIZE ) { jump_depth++; subtree = subtree / 2; } if( jump_depth >= 20 ) jump_depth = 999; skip_flag = 1; } } #endif #ifdef DISTRIBUTION record_node( record_index, branch_literal, skip_left, skip_right ); current_record = record_index; #endif #ifdef BACKJUMP if( kSAT_flag ) { int *_rstackp = rstackp, nrval; while( --_rstackp > rstack ) { nrval = *_rstackp; if( (TernaryImpReduction[ nrval ] + TernaryImpReduction[ -nrval ]) != 0 ) { backjump_literal = nrval; break; } } } #endif #ifdef ADD_CONFLICT printConflict(); #endif return UNSAT; }
char* pathname_to_spade_json(struct file_name_struct* n) { NODE_START("Entity"); __add_string_attribute("pathname", n->name, true); NODE_END(); return buffer; }
char* str_msg_to_spade_json(struct str_struct* n) { NODE_START("Entity"); __add_string_attribute("log", n->str, true); NODE_END(); return buffer; }
char* shm_to_spade_json(struct shm_struct* n) { NODE_START("Entity"); __add_uint32hex_attribute("cf:mode", n->mode, true); NODE_END(); return buffer; }
char* msg_to_spade_json(struct msg_msg_struct* n) { NODE_START("Entity"); NODE_END(); return buffer; }
char* sb_to_spade_json(struct sb_struct* n) { NODE_START("Entity"); __add_string_attribute("cf:uuid", uuid_to_str(n->uuid, uuid, UUID_STR_SIZE), true); NODE_END(); return buffer; }