gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

run first test case success

Browse Source
This commit is contained in:
root
2024-09-14 11:29:12 +00:00
parent feb1576545
commit 20de47c873
18 changed files with 4733 additions and 4692 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/CMakeLists.txt
View File

@@ -14,7 +14,7 @@ add_definitions(-fPIC)
set(MAAT_SRC alignment.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c
maat_core.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c
maat_rule.c maat_object.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_attribute.c maat_stat.c)
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_stat.c)
set(LIB_SOURCE_FILES
${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c)

62
src/inc_internal/maat_attribute.h
View File

@@ -1,62 +0,0 @@
/*
**********************************************************************************************
* File: maat_attribute.h
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_ATTRIBUTE_H_
#define _MAAT_ATTRIBUTE_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "cJSON/cJSON.h"
#include "maat_table.h"
struct attribute_runtime;
void *attribute_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void attribute_schema_free(void *attribute_schema);
void *attribute_runtime_new(void *attribute_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void attribute_runtime_free(void *attribute_runtime);
void attribute_runtime_scan_times_inc(struct attribute_runtime *virt_rt,
int thread_id);
void attribute_runtime_scan_bytes_add(struct attribute_runtime *virt_rt,
int thread_id, long long val);
long long attribute_runtime_scan_bytes(void *virt_rt);
long long attribute_runtime_scan_times(void *attribute_runtime);
long long attribute_runtime_scan_cpu_time(void *attribute_runtime);
void attribute_runtime_hit_times_inc(struct attribute_runtime *virt_rt,
int thread_id);
long long attribute_runtime_hit_times(void *attribute_runtime);
void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt,
int thread_id, long long val);
long long attribute_runtime_hit_item_num(void *attribute_runtime);
#ifdef __cplusplus
}
#endif
#endif

4
src/inc_internal/maat_config_monitor.h
View File

@@ -28,8 +28,8 @@ void config_monitor_traverse(long long version, const cJSON *json_root,
const char *dec_key, struct log_handle *logger);
int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename,
cJSON *json_root, char *err_str, size_t err_str_sz);
void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff);
cJSON **json_root, char *err_str, size_t err_str_sz);
void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff);
#ifdef __cplusplus
}

1
src/inc_internal/maat_core.h
View File

@@ -31,7 +31,6 @@ extern "C"
#include "maat.h"
#include "maat_kv.h"
#include "maat_table.h"
#include "maat_attribute.h"
#include "maat_stat.h"
#include "hiredis/hiredis.h"

1
src/maat_api.c
View File

@@ -38,7 +38,6 @@
#include "maat_ipport_plugin.h"
#include "maat_fqdn_plugin.h"
#include "maat_bool_plugin.h"
#include "maat_attribute.h"
#include "maat_stat.h"
#include "uthash/utarray.h"

248
src/maat_attribute.c
View File

@@ -1,248 +0,0 @@
/*
**********************************************************************************************
* File: maat_attribute.c
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#include <assert.h>
#include "maat_kv.h"
#include "maat_utils.h"
#include "log/log.h"
#include "alignment.h"
#include "maat_core.h"
#include "maat_table.h"
#define MODULE_ATTRIBUTE module_name_str("maat.attribute")
struct attribute_schema {
int attribute_id;
int physical_table_id;
struct table_manager *ref_tbl_mgr;
};
struct attribute_runtime {
size_t n_worker_thread;
long long *scan_times;
long long *scan_bytes;
long long *scan_cpu_time;
long long *hit_times;
long long *hit_item_num;
};
void *attribute_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger)
{
struct attribute_schema *schema = ALLOC(struct attribute_schema, 1);
schema->ref_tbl_mgr = tbl_mgr;
cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (NULL == item || item->type != cJSON_Number) {
log_fatal(logger, MODULE_ATTRIBUTE,
"[%s:%d] attribute:<%s> schema has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
schema->attribute_id = item->valueint;
item = cJSON_GetObjectItem(json, "physical_table");
if (NULL == item || item->type != cJSON_String) {
log_fatal(logger, MODULE_ATTRIBUTE,
"[%s:%d] attribute:<%s> schema has no physical_table column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
schema->physical_table_id = table_manager_get_table_id(tbl_mgr, item->valuestring);
if (schema->physical_table_id < 0) {
log_fatal(logger, MODULE_ATTRIBUTE,
"[%s:%d] attribute:<%s>'s physical table:<%s> unregistered.",
__FUNCTION__, __LINE__, table_name, item->valuestring);
goto error;
}
return schema;
error:
FREE(schema);
return NULL;
}
void attribute_schema_free(void *attribute_schema)
{
FREE(attribute_schema);
}
void *attribute_runtime_new(void *attribute_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
if (NULL == attribute_schema) {
return NULL;
}
struct attribute_runtime *virt_rt = ALLOC(struct attribute_runtime, 1);
virt_rt->n_worker_thread = max_thread_num;
virt_rt->scan_times = alignment_int64_array_alloc(max_thread_num);
virt_rt->scan_bytes = alignment_int64_array_alloc(max_thread_num);
virt_rt->scan_cpu_time = alignment_int64_array_alloc(max_thread_num);
virt_rt->hit_times = alignment_int64_array_alloc(max_thread_num);
virt_rt->hit_item_num = alignment_int64_array_alloc(max_thread_num);
return virt_rt;
}
void attribute_runtime_free(void *attribute_runtime)
{
if (NULL == attribute_runtime) {
return;
}
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
if (virt_rt->scan_times != NULL) {
alignment_int64_array_free(virt_rt->scan_times);
virt_rt->scan_times = NULL;
}
if (virt_rt->scan_bytes != NULL) {
alignment_int64_array_free(virt_rt->scan_bytes);
virt_rt->scan_bytes = NULL;
}
if (virt_rt->scan_cpu_time != NULL) {
alignment_int64_array_free(virt_rt->scan_cpu_time);
virt_rt->scan_cpu_time = NULL;
}
if (virt_rt->hit_times != NULL) {
alignment_int64_array_free(virt_rt->hit_times);
virt_rt->hit_times = NULL;
}
if (virt_rt->hit_item_num != NULL) {
alignment_int64_array_free(virt_rt->hit_item_num);
virt_rt->hit_item_num = NULL;
}
FREE(virt_rt);
}
void attribute_runtime_scan_bytes_add(struct attribute_runtime *virt_rt,
int thread_id, long long val)
{
if (NULL == virt_rt || thread_id < 0) {
return;
}
alignment_int64_array_add(virt_rt->scan_bytes, thread_id, val);
}
long long attribute_runtime_scan_bytes(void *attribute_runtime)
{
if (NULL == attribute_runtime) {
return 0;
}
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->scan_bytes,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->scan_bytes,
virt_rt->n_worker_thread);
return sum;
}
void attribute_runtime_scan_times_inc(struct attribute_runtime *virt_rt,
int thread_id)
{
if (NULL == virt_rt || thread_id < 0) {
return;
}
alignment_int64_array_add(virt_rt->scan_times, thread_id, 1);
}
long long attribute_runtime_scan_times(void *attribute_runtime)
{
if (NULL == attribute_runtime) {
return 0;
}
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->scan_times,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->scan_times,
virt_rt->n_worker_thread);
return sum;
}
long long attribute_runtime_scan_cpu_time(void *attribute_runtime)
{
if (NULL == attribute_runtime) {
return 0;
}
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->scan_cpu_time,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->scan_cpu_time,
virt_rt->n_worker_thread);
return sum;
}
void attribute_runtime_hit_times_inc(struct attribute_runtime *virt_rt,
int thread_id)
{
if (NULL == virt_rt || thread_id < 0) {
return;
}
alignment_int64_array_add(virt_rt->hit_times, thread_id, 1);
}
long long attribute_runtime_hit_times(void *attribute_runtime)
{
if (NULL == attribute_runtime) {
return 0;
}
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->hit_times,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->hit_times,
virt_rt->n_worker_thread);
return sum;
}
void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt,
int thread_id, long long val)
{
if (NULL == virt_rt || thread_id < 0) {
return;
}
alignment_int64_array_add(virt_rt->hit_item_num, thread_id, val);
}
long long attribute_runtime_hit_item_num(void *attribute_runtime)
{
if (NULL == attribute_runtime) {
return 0;
}
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->hit_item_num,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->hit_item_num,
virt_rt->n_worker_thread);
return sum;
}

163
src/maat_config_monitor.c
View File

@@ -88,15 +88,13 @@ int my_scandir(const char *dir, struct dirent ***namelist,
static void config_load_json_content(const cJSON *json_root, const char *table_name, const char *key, void *u_param,
int (*update_fn)(const char *, const char *, void *, enum maat_operation))
{
cJSON *tmp_item = NULL;
cJSON *array_item = NULL;
int i;
tmp_item = cJSON_GetObjectItem(json_root, table_name);
array_item = cJSON_GetObjectItem(json_root, key);
if (array_item != NULL) {
for (i = 0; i < cJSON_GetArraySize(tmp_item); i++) {
cJSON *rule = cJSON_GetArrayItem(tmp_item, i);
for (i = 0; i < cJSON_GetArraySize(array_item); i++) {
cJSON *rule = cJSON_GetArrayItem(array_item, i);
if (rule == NULL) {
continue;
}
@@ -106,7 +104,7 @@ static void config_load_json_content(const cJSON *json_root, const char *table_n
continue;
}
update_fn(tmp_item->valuestring, rule_str, u_param, MAAT_OP_ADD);
update_fn(table_name, rule_str, u_param, MAAT_OP_ADD);
FREE(rule_str);
}
}
@@ -127,8 +125,10 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
}
cJSON *tmp_obj = NULL;
cJSON *rule_table = cJSON_GetObjectItem(json_root, "rule_table");
cJSON *object2object_table = cJSON_GetObjectItem(json_root, "object2object_table");
tmp_obj = cJSON_GetObjectItem(json_root, "objects");
tmp_obj = cJSON_GetObjectItem(json_root, "items");
if (tmp_obj != NULL) {
for (i = 0; i < cJSON_GetArraySize(tmp_obj); i++) {
cJSON *object = cJSON_GetArrayItem(tmp_obj, i);
@@ -136,11 +136,6 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
continue;
}
cJSON *regions = cJSON_GetObjectItem(object, "regions");
if (regions == NULL) {
continue;
}
cJSON *table_name = cJSON_GetObjectItem(object, "table_name");
if (table_name == NULL) {
continue;
@@ -158,25 +153,107 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
}
}
config_load_json_content(json_root, "object2object_table", "object_groups", u_param, update_fn);
config_load_json_content(json_root, "rule_table", "rules", u_param, update_fn);
config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn);
config_load_json_content(json_root, rule_table->valuestring, "rules", u_param, update_fn);
if (finish_fn != NULL) {
finish_fn(u_param);
}
}
void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff)
void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
{
json_root = cJSON_Parse((const char *)json_buff);
cJSON *top_objects = cJSON_GetObjectItem(json_root, "objects");
//cJSON *object_groups = cJSON_GetObjectItem(json_root, "object_groups");//TODO: object include object in rules
cJSON *rules = cJSON_GetObjectItem(json_root, "rules");
cJSON *tmp_rule = NULL;
*json_root = cJSON_Parse((const char *)json_buff);
cJSON *top_items = cJSON_GetObjectItem(*json_root, "items");
cJSON *top_objects = cJSON_GetObjectItem(*json_root, "objects");
cJSON *rules = cJSON_GetObjectItem(*json_root, "rules");
long long item_id = 1;
long long object_id = 1;
char str[10];
if (top_items == NULL) {
top_items = cJSON_CreateArray();
cJSON_AddItemToObject(*json_root, "items", top_items);
}
/*
"objects": [ "items": [
{ {
"object_name": "ASN1234", "table_name": "AS_NUMBER",
"object_id": 1, "table_content": {
"items": [ "item_id": "1",
{ "object_id": "1",
"table_name": "AS_NUMBER", --------------------> "keywords": "^AS1234$",
"table_type": "expr", "expr_type": "and"
"table_content": { }
"keywords": "^AS1234$", }
"expr_type": "and" ]
}
}
]
}
]
*/
cJSON *tmp_node = NULL;
cJSON_ArrayForEach(tmp_node, top_objects) {
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_node, "object_id");
cJSON *items = cJSON_GetObjectItem(tmp_node, "items");
cJSON *tmp_item = NULL;
cJSON_ArrayForEach(tmp_item, items) {
cJSON *table_name = cJSON_GetObjectItem(tmp_item, "table_name");
cJSON *table_content = cJSON_GetObjectItem(tmp_item, "table_content");
cJSON *new_item = cJSON_CreateObject();
cJSON *new_table_content = cJSON_Duplicate(table_content, 0);
if (object_id_obj == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", object_id);
cJSON_AddStringToObject(new_table_content, "object_id", str);
object_id++;
} else {
cJSON_AddStringToObject(new_table_content, "object_id", object_id_obj->valuestring);
}
if (cJSON_GetObjectItem(table_content, "item_id") == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", item_id);
cJSON_AddStringToObject(new_table_content, "item_id", str);
item_id++;
}
cJSON_AddStringToObject(new_item, "table_name", table_name->valuestring);
cJSON_AddItemToObject(new_item, "table_content", new_table_content);
cJSON_AddItemToArray(top_items, new_item);
}
}
/*
"rules": [ "items":[
{ {
"rule_id": "201", "table_name": "ATTR_APP_ID",
"conditions": [ "table_content": {
{ "item_id": "1",
"attribute_name": "ATTR_APP_ID", "object_id": "1",
"objects": [ "interval": "4001"
{
"items":[ --------------> }
"table_name": "APP_ID_DICT", }
"table_type": "interval", ]
"interval": "4001"
]
} "rules": [{
] "rule_id": "201",
} "conditions": [
], {
"misc": "blah, blah" "attribute_name": "ATTR_APP_ID",
} "object_ids": [1]
] }
]
"misc": "blah, blah"
}
]
*/
cJSON *tmp_rule = NULL;
cJSON_ArrayForEach(tmp_rule, rules) {
cJSON *tmp_condition = NULL;
cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "conditions");
@@ -184,26 +261,42 @@ void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff)
cJSON *tmp_object = NULL;
cJSON *object_id_array = cJSON_CreateArray();
cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects");
if (object_array == NULL) {
continue;
}
cJSON_ArrayForEach(tmp_object, object_array) {
//find items, generate item_id and object_id
cJSON *table_name = cJSON_GetObjectItem(tmp_object, "table_name");
cJSON *tmp_item = cJSON_CreateObject();
cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring));
cJSON *dup = cJSON_Duplicate(tmp_object, 0);
if (cJSON_GetObjectItem(dup, "item_id") == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", item_id);
cJSON_AddItemToObject(dup, "item_id", cJSON_CreateString(str));
item_id++;
}
if (cJSON_GetObjectItem(dup, "object_id") == NULL) {
memset(str, 0, sizeof(str));
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "object_id");
cJSON *items = cJSON_GetObjectItem(tmp_object, "items");
cJSON *item = NULL;
memset(str, 0, sizeof(str));
if (object_id_obj != NULL) {
snprintf(str, sizeof(str), "%s", object_id_obj->valuestring);
} else {
snprintf(str, sizeof(str), "%lld", object_id);
cJSON_AddItemToObject(dup, "object_id", cJSON_CreateString(str));
object_id++;
}
cJSON_AddItemToObject(tmp_item, "table_content", dup);
cJSON_AddItemToArray(top_objects, tmp_item);
cJSON_ArrayForEach(item, items) {
cJSON *table_name = cJSON_GetObjectItem(item, "table_name");
cJSON *tmp_item = cJSON_CreateObject();
cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring));
cJSON *dup = cJSON_Duplicate(cJSON_GetObjectItem(item, "table_content"), 1);
if (cJSON_GetObjectItem(dup, "item_id") == NULL) {
memset(str, 0, sizeof(str));
snprintf(str, sizeof(str), "%lld", item_id);
cJSON_AddStringToObject(dup, "item_id", str);
item_id++;
}
cJSON_AddStringToObject(dup, "object_id", str);
cJSON_AddItemToObject(tmp_item, "table_content", dup);
cJSON_AddItemToArray(top_items, tmp_item);
}
cJSON_AddItemToArray(object_id_array, cJSON_CreateString(str));
}
@@ -216,7 +309,7 @@ void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff)
}
int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename,
cJSON *json_root, char *err_str, size_t err_str_sz)
cJSON **json_root, char *err_str, size_t err_str_sz)
{
int ret = 0;
unsigned char *json_buff = NULL;

4
src/maat_core.c
View File

@@ -336,7 +336,7 @@ void maat_read_full_config(struct maat *maat_inst)
break;
case DATA_SOURCE_JSON_FILE:
ret = load_maat_json_rule_file(maat_inst, maat_inst->opts.json_ctx.json_file,
json_root, err_str, sizeof(err_str));
&json_root, err_str, sizeof(err_str));
if (ret < 0) {
log_fatal(maat_inst->logger, MODULE_MAAT_RULE,
"[%s:%d] Maat re-initiate with JSON file %s failed: %s",
@@ -460,7 +460,7 @@ void *rule_monitor_loop(void *arg)
md5_file(maat_inst->opts.json_ctx.json_file, md5_tmp);
if (0 != strcmp(md5_tmp, maat_inst->opts.json_ctx.effective_json_md5)) {
ret = load_maat_json_rule_file(maat_inst, maat_inst->opts.json_ctx.json_file,
json_root, err_str, sizeof(err_str));
&json_root, err_str, sizeof(err_str));
if (ret < 0) {
log_fatal(maat_inst->logger, MODULE_MAAT_RULE,
"[%s:%d] Maat re-initiate with JSON file %s (md5=%s)failed: %s\n",

1
src/maat_redis_monitor.c
View File

@@ -22,7 +22,6 @@
#include "maat_config_monitor.h"
#include "maat_redis_monitor.h"
#include "maat_plugin.h"
#include "maat_attribute.h"
#define MODULE_REDIS_MONITOR module_name_str("maat.redis_monitor")

38
src/maat_rule.c
View File

@@ -279,23 +279,25 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no negate_option or not string format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
if (tmp_obj) {
if (tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no negate_option or not string format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
if (strncmp(tmp_obj->valuestring, "true", 4) == 0) {
condition->negate_option = CONDITION_NEGATE_OPTION_SET;
} else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) {
condition->negate_option = CONDITION_NEGATE_OPTION_UNSET;
} else {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> negate_option:%s is illegal",
__FUNCTION__, __LINE__, table_name, tmp_obj->valuestring);
goto error;
}
if (strncmp(tmp_obj->valuestring, "true", 4) == 0) {
condition->negate_option = CONDITION_NEGATE_OPTION_SET;
} else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) {
condition->negate_option = CONDITION_NEGATE_OPTION_UNSET;
} else {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> negate_option:%s is illegal",
__FUNCTION__, __LINE__, table_name, tmp_obj->valuestring);
goto error;
}
}
if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_id, MAAT_OP_ADD, logger);
@@ -315,8 +317,8 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
for (int j = 0; j < n_object_ids; j++) {
cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j);
if (object_id_obj && object_id_obj->type == cJSON_Number) {
long long object_id = object_id_obj->valueint;
if (object_id_obj && object_id_obj->type == cJSON_String) {
long long object_id = atoll(object_id_obj->valuestring);
condition->object_ids[j] = object_id;
}
}

17
src/maat_table.c
View File

@@ -27,7 +27,6 @@
#include "maat_bool_plugin.h"
#include "maat_fqdn_plugin.h"
#include "maat_interval.h"
#include "maat_attribute.h"
#include "expr_matcher/expr_matcher.h"
#define MODULE_TABLE module_name_str("maat.table")
@@ -272,22 +271,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.rule_count = bool_plugin_runtime_rule_count,
.update_err_count = bool_plugin_runtime_update_err_count
},
#if 0
{
.type = TABLE_TYPE_ATTRIBUTE,
.new_schema = attribute_schema_new,
.free_schema = attribute_schema_free,
.new_runtime = attribute_runtime_new,
.free_runtime = attribute_runtime_free,
.update_runtime = NULL,
.commit_runtime = NULL,
.scan_times = attribute_runtime_scan_times,
.scan_bytes = attribute_runtime_scan_bytes,
.scan_cpu_time = attribute_runtime_scan_cpu_time,
.hit_times = attribute_runtime_hit_times,
.hit_item_num = attribute_runtime_hit_item_num
},
#endif
{
.type = TABLE_TYPE_RULE,
.new_schema = rule_schema_new,

24
test/json_update/corrupted.json
View File

@@ -10,23 +10,25 @@
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"objects": [
"conditions": [
{
"object_name": "Untitled",
"regions": [
"objects": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello&world",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello&world",
"expr_type": "none"
}
}
]
}
]
}
]
}
]
}
}

25
test/json_update/new.json
View File

@@ -1,6 +1,5 @@
{
"rule_table": "RULE_DEFAULT",
"object2rule_table": "OBJECT2RULE_DEFAULT",
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
@@ -11,23 +10,25 @@
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"objects": [
"conditions": [
{
"attribute": "HTTP_URL",
"regions": [
"objects": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "MESA&Maat",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "MESA&Maat",
"expr_type": "and"
}
}
]
}
]
}
]
}
]
}
}

29
test/json_update/old.json
View File

@@ -1,34 +1,35 @@
{
"rule_table": "RULE_DEFAULT",
"object2rule_table": "OBJECT2RULE_DEFAULT",
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": 1,
"rule_id": "1",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"objects": [
"conditions": [
{
"object_name": "Untitled",
"attribute": "HTTP_URL",
"regions": [
"attribute_name": "HTTP_URL",
"objects": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello&world",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello&world",
"expr_type": "and"
}
}
]
}
]
}
]
}
]
}
}

14
test/maat_framework_gtest.cpp
View File

@@ -108,16 +108,16 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
{
const char *hit_old_data = "Hello world! I'm eve.";
const char *hit_new_data = "Maat was borned in MESA.";
const char *table_name = "HTTP_URL";
const char *attribute_name = "HTTP_URL";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
int table_id = maat_get_table_id(maat_inst, table_name);
ASSERT_GT(table_id, 0);
int attribute_id = maat_get_attribute_id(maat_inst, attribute_name);
ASSERT_GT(attribute_id, 0);
int ret = maat_scan_string(maat_inst, table_id, hit_old_data,
int ret = maat_scan_string(maat_inst, attribute_id, hit_old_data,
strlen(hit_old_data), results, ARRAY_SIZE,
&n_hit_result, state);
if (is_old) {
@@ -127,12 +127,12 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
EXPECT_EQ(ret, MAAT_SCAN_OK);
}
ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE,
ret = maat_scan_not_logic(maat_inst, attribute_id, results, ARRAY_SIZE,
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_state_reset(state);
ret = maat_scan_string(maat_inst, table_id, hit_new_data,
ret = maat_scan_string(maat_inst, attribute_id, hit_new_data,
strlen(hit_new_data), results, ARRAY_SIZE,
&n_hit_result, state);
if (!is_old) {
@@ -142,7 +142,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
EXPECT_EQ(ret, MAAT_SCAN_OK);
}
ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE,
ret = maat_scan_not_logic(maat_inst, attribute_id, results, ARRAY_SIZE,
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);

8308
test/maat_json.json
View File

File diff suppressed because one or more lines are too long

482
test/table_info.json
View File

@@ -2,25 +2,13 @@
{
"table_id":0,
"table_name":"RULE_DEFAULT",
"table_type":"rule",
"valid_column":9,
"custom": {
"rule_id":1,
"tags":6,
"condition_num":8
}
"table_type":"rule"
},
{
"table_id":1,
"table_name":"RULE_ALIAS",
"table_type":"rule",
"valid_column":9,
"schema_tag": "{\"rule_alias\": \"rule\"}",
"custom": {
"rule_id":1,
"tags":6,
"condition_num":8
}
"schema_tag": "{\"rule_alias\": \"rule\"}"
},
{
"table_id":2,
@@ -28,90 +16,35 @@
"db_tables":["RULE_DEFAULT", "RULE_ALIAS"],
"default_rule_table":2,
"table_type":"rule",
"valid_column":9,
"schema_tag": "{\"rule_conjunction\": \"rule\"}",
"custom": {
"rule_id":1,
"tags":6,
"condition_num":8
}
},
{
"table_id":3,
"table_name":"OBJECT2RULE",
"db_tables":["OBJECT2RULE_DEFAULT", "OBJECT2RULE_ALIAS"],
"table_type":"object2rule",
"associated_rule_table_id":2,
"valid_column":6,
"schema_tag": "{\"object2rule\": \"object2rule\"}",
"custom": {
"object_id":1,
"rule_id":2,
"negate_option":3,
"attribute_name":4,
"condition_index":5
}
"schema_tag": "{\"rule_conjunction\": \"rule\"}"
},
{
"table_id":4,
"table_name":"RULE_FIREWALL_DEFAULT",
"table_type":"rule",
"valid_column":9,
"custom": {
"rule_id":1,
"tags":6,
"condition_num":8
}
"table_type":"rule"
},
{
"table_id":5,
"table_name":"RULE_FIREWALL_CONJUNCTION",
"db_tables":["RULE_FIREWALL_DEFAULT"],
"table_type":"rule",
"valid_column":9,
"custom": {
"rule_id":1,
"tags":6,
"condition_num":8
}
},
{
"table_id":6,
"table_name":"OBJECT2RULE_FIREWALL",
"table_type":"object2rule",
"associated_rule_table_id":5,
"valid_column":6,
"custom": {
"object_id":1,
"rule_id":2,
"negate_option":3,
"attribute_name":4,
"condition_index":5
}
"table_type":"rule"
},
{
"table_id":7,
"table_name":"OBJECT2OBJECT",
"table_type":"object2object",
"valid_column":4,
"custom": {
"object_id":1,
"included_sub_object_ids":2,
"excluded_sub_object_ids":3
}
"table_type":"object2object"
},
{
"table_id":8,
"table_name":"RULE_PLUGIN",
"db_tables":["RULE_DEFAULT", "RULE_ALIAS"],
"table_type":"plugin",
"valid_column":8,
"schema_tag": "{\"rule_plugin\": \"plugin\"}",
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1
"key_name": "rule_id"
}
},
{
@@ -119,12 +52,11 @@
"table_name":"RULE_FIREWALL_PLUGIN",
"db_tables":["RULE_FIREWALL_DEFAULT"],
"table_type":"plugin",
"valid_column":8,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1
"key_name":"TODO"
}
},
{
@@ -133,555 +65,260 @@
"db_tables":["HTTP_URL", "HTTP_HOST"],
"table_type":"expr",
"expr_engine":"rulescan",
"valid_column":5,
"schema_tag": "{\"http_region\": \"expr\"}",
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"supported_attributes":["HTTP_URL", "HTTP_URL_FILTER"],
"schema_tag": "{\"http_region\": \"expr\"}"
},
{
"table_id":11,
"table_name":"KEYWORDS_TABLE",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"supported_attributes":[
"HTTP_RESPONSE_KEYWORDS",
"HTTP_RESPONSE_KEYWORDS_1",
"HTTP_RESPONSE_KEYWORDS_2",
"HTTP_RESPONSE_KEYWORDS_3",
"HTTP_RESPONSE_KEYWORDS_4",
"HTTP_RESPONSE_KEYWORDS_5",
"HTTP_RESPONSE_KEYWORDS_6",
"HTTP_RESPONSE_KEYWORDS_7",
"HTTP_RESPONSE_KEYWORDS_8",
"HTTP_DUMMY",
"HTTP_NOT_LOGIC",
"HTTP_NOT_LOGIC_1"],
"schema_tag": "{\"http_response_keywords\": \"attribute\"}"
},
{
"table_id":12,
"table_name":"IP_CONFIG",
"table_type":"ip",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"ip":3,
"port":4
}
"supported_attributes": ["ATTRIBUTE_IP_CONFIG"]
},
{
"table_id":13,
"table_name":"CONTENT_SIZE",
"table_type":"interval",
"valid_column":4,
"custom": {
"item_id":1,
"object_id":2,
"interval":3
}
"table_type":"interval"
},
{
"table_id":14,
"table_name":"QD_ENTRY_INFO",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1
"key_name":"TODO"
}
},
{
"table_id":15,
"table_name":"HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":6,
"custom": {
"item_id":1,
"object_id":2,
"district":3,
"expr_type":4,
"keywords":5
}
"supported_attributes":["HTTP_REQUEST_HEADER", "HTTP_RESPONSE_HEADER"]
},
{
"table_id":16,
"table_name":"IMAGE_FP",
"table_type":"expr",
"valid_column":5,
"supported_attributes":["HTTP_URL", "HTTP_REQ_BODY"],
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"table_type":"expr"
},
{
"table_id":17,
"table_name":"TEST_EFFECTIVE_RANGE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1,
"tag":5
"key_name":"TODO"
}
},
{
"table_id":18,
"table_name":"TEST_FOREIGN_KEY",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"pointer",
"key":2,
"tag":3,
"foreign": [6,8]
"key_name":"TODO",
"foreign_names": ["TODO", "TODO"]
}
},
{
"table_id":19,
"table_name":"TEST_PLUGIN_EXDATA_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"pointer",
"key":2,
"tag":5
"key_name":"TODO"
}
},
{
"table_id":20,
"table_name":"IR_INTERCEPT_IP",
"table_type":"plugin",
"valid_column":14,
"custom": {
"gc_timeout_s":3,
"key_type":"pointer",
"key":2,
"tag":18
"key_name":"TODO"
}
},
{
"table_id":21,
"table_name":"APP_PAYLOAD",
"table_type":"expr_plus",
"valid_column":6,
"custom": {
"item_id":1,
"object_id":2,
"district":3,
"expr_type":4,
"keywords":5
}
"table_type":"expr_plus"
},
{
"table_id":22,
"table_name":"TROJAN_PAYLOAD",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"table_type":"expr"
},
{
"table_id":23,
"table_name":"MAIL_ADDR",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"table_type":"expr"
},
{
"table_id":24,
"table_name":"IP_PLUS_CONFIG",
"table_type":"ip",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"ip":3,
"port":4
}
},
{
"table_id":25,
"table_name":"HTTP_RESPONSE_KEYWORDS",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE",
"schema_tag": "{\"http_response_keywords\": \"attribute\"}"
},
{
"table_id":26,
"table_name":"HTTP_REQUEST_HEADER",
"table_type":"attribute",
"physical_table": "HTTP_SIGNATURE"
},
{
"table_id":27,
"table_name":"HTTP_RESPONSE_HEADER",
"table_type":"attribute",
"physical_table": "HTTP_SIGNATURE"
},
{
"table_id":28,
"table_name":"ATTRIBUTE_IP_PLUS_TABLE",
"db_tables":["ATTRIBUTE_IP_PLUS_SOURCE", "ATTRIBUTE_IP_PLUS_DESTINATION"],
"table_type":"attribute",
"physical_table": "IP_PLUS_CONFIG",
"supported_attributes":["ATTRIBUTE_IP_PLUS_TABLE", "ATTRIBUTE_IP_PLUS_SOURCE", "ATTRIBUTE_IP_PLUS_DESTINATION"],
"schema_tag": "{\"attribute_ip_plus_table\": \"attribute\"}"
},
{
"table_id":29,
"table_name":"TEST_IP_PLUGIN_WITH_EXDATA",
"table_type":"ip_plugin",
"valid_column":5,
"custom": {
"gc_timeout_s": 3,
"item_id":1,
"ip":3
"key_name":"TODO"
}
},
{
"table_id":30,
"table_name":"AS_NUMBER",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
},
{
"table_id":31,
"table_name":"SOURCE_IP_ASN",
"table_type":"attribute",
"physical_table":"AS_NUMBER"
},
{
"table_id":32,
"table_name":"DESTINATION_IP_ASN",
"table_type":"attribute",
"physical_table":"AS_NUMBER"
"supported_attributes":["SOURCE_IP_ASN", "DESTINATION_IP_ASN", "ASN_NOT_LOGIC"]
},
{
"table_id":33,
"table_name":"GeoLocation",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
},
{
"table_id":34,
"table_name":"SOURCE_IP_GEO",
"table_type":"attribute",
"physical_table":"GeoLocation"
"supported_attributes":["SOURCE_IP_GEO"]
},
{
"table_id":35,
"table_name":"INTERGER_PLUS",
"table_type":"interval_plus",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"district":3,
"interval":4
}
"table_type":"interval_plus"
},
{
"table_id":36,
"table_name":"TEST_FQDN_PLUGIN_WITH_EXDATA",
"table_type":"fqdn_plugin",
"valid_column":4,
"custom": {
"gc_timeout_s": 3,
"item_id":1,
"fqdn":2
"key_name":"TODO"
}
},
{
"table_id":37,
"table_name":"APP_ID",
"table_type":"interval",
"valid_column":4,
"custom": {
"item_id":1,
"object_id":2,
"interval":3
}
"table_type":"interval"
},
{
"table_id":38,
"table_name":"EMPTY_KEYWORD",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"table_type":"expr"
},
{
"table_id":39,
"table_name":"EMPTY_INTERGER",
"table_type":"interval",
"valid_column":4,
"custom": {
"item_id":1,
"object_id":2,
"interval":3
}
"table_type":"interval"
},
{
"table_id":40,
"table_name":"TEST_BOOL_PLUGIN_WITH_EXDATA",
"table_type":"bool_plugin",
"valid_column":4,
"custom": {
"gc_timeout_s": 3,
"item_id":1,
"bool_expr":2
"key_name":"TODO"
}
},
{
"table_id":41,
"table_name":"FLAG_CONFIG",
"table_type":"flag",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"flag":3,
"flag_mask":4
}
"table_type":"flag"
},
{
"table_id":42,
"table_name":"FLAG_PLUS_CONFIG",
"table_type":"flag_plus",
"valid_column":6,
"custom": {
"item_id":1,
"object_id":2,
"district":3,
"flag":4,
"flag_mask":5
}
"table_type":"flag_plus"
},
{
"table_id":43,
"table_name":"TEST_PLUGIN_LONG_KEY_TYPE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":2,
"tag":5
"key_name":"TODO"
}
},
{
"table_id":44,
"table_name":"TEST_PLUGIN_INT_KEY_TYPE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":4,
"key":2,
"tag":5
"key_name":"TODO"
}
},
{
"table_id":45,
"table_name":"TEST_PLUGIN_IP_KEY_TYPE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"ip_addr",
"addr_type":1,
"key":2
"key_name":"TODO"
}
},
{
"table_id":46,
"table_name":"HTTP_URL_FILTER",
"table_type":"attribute",
"physical_table": "HTTP_URL"
},
{
"table_id":47,
"table_name":"IP_PERF_CONFIG",
"table_type":"ip",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"ip":3,
"port":4
}
"table_type":"ip"
},
{
"table_id":48,
"table_name":"INTEGER_PERF_CONFIG",
"table_type":"interval",
"valid_column":4,
"custom": {
"item_id":1,
"object_id":2,
"interval":3
}
"table_type":"interval"
},
{
"table_id":49,
"table_name":"EXPR_LITERAL_PERF_CONFIG",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"table_type":"expr"
},
{
"table_id":50,
"table_name":"EXPR_REGEX_PERF_CONFIG",
"table_type":"expr",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"expr_type":3,
"keywords":4
}
"table_type":"expr"
},
{
"table_id":51,
"table_name":"FLAG_PERF_CONFIG",
"table_type":"flag",
"valid_column":5,
"custom": {
"item_id":1,
"object_id":2,
"flag":3,
"flag_mask":4
}
"table_type":"flag"
},
{
"table_id":52,
"table_name":"TEST_IPPORT_PLUGIN_WITH_EXDATA",
"table_type":"ipport_plugin",
"valid_column":6,
"custom": {
"gc_timeout_s": 3,
"item_id":1,
"ip_type":2,
"ip_addr":3,
"port1":4,
"port2":5
"key_name":"TODO"
}
},
{
"table_id":53,
"table_name":"ATTRIBUTE_IP_CONFIG",
"table_type":"attribute",
"physical_table": "IP_CONFIG"
},
{
"table_id":54,
"table_name":"HTTP_RESPONSE_KEYWORDS_1",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":55,
"table_name":"HTTP_RESPONSE_KEYWORDS_2",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":56,
"table_name":"HTTP_RESPONSE_KEYWORDS_3",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":57,
"table_name":"HTTP_RESPONSE_KEYWORDS_4",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":58,
"table_name":"HTTP_RESPONSE_KEYWORDS_5",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":59,
"table_name":"HTTP_RESPONSE_KEYWORDS_6",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":60,
"table_name":"HTTP_RESPONSE_KEYWORDS_7",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":61,
"table_name":"HTTP_RESPONSE_KEYWORDS_8",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":62,
"table_name":"HTTP_DUMMY",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":63,
"table_name":"HTTP_NOT_LOGIC",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":64,
"table_name":"HTTP_NOT_LOGIC_1",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":65,
"table_name":"ASN_NOT_LOGIC",
"table_type":"attribute",
"physical_table":"AS_NUMBER"
},
{
"table_id":66,
"table_name":"TEST_IP_PLUGIN_WITH_ADDR_FORMAT",
@@ -689,8 +326,7 @@
"valid_column":5,
"custom": {
"gc_timeout_s": 3,
"item_id":1,
"ip":3
"key_name":"TODO"
}
}
]

2
test/test_utils.cpp
View File

@@ -68,7 +68,7 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
return -1;
}
convert_maat_json_rule(json_root, (unsigned char *)json_buff);
convert_maat_json_rule(&json_root, (unsigned char *)json_buff);
redisContext *c = maat_connect_redis(redis_ip, redis_port, redis_db, logger);
if (NULL == c) {