diff --git a/inc/Maat_rule.h b/inc/Maat_rule.h index dbeefbd..4744ec0 100644 --- a/inc/Maat_rule.h +++ b/inc/Maat_rule.h @@ -198,8 +198,9 @@ enum MAAT_SCAN_OPT { MAAT_SET_SCAN_DISTRICT=1, //VALUE is a const char*, SIZE= strlen(string). DEFAULT: no default. MAAT_SET_SCAN_LAST_REGION, //VALUE is NULL, SIZE=0. This option indicates that the follow scan is the last region of current scan combination. - MAAT_GET_SCAN_HIT_PATH //VALUE is struct Maat_hit_path_t*, an array of struct Maat_hit_path_t, SIZE= sizeof(struct Maat_hit_path_t)*N, + MAAT_GET_SCAN_HIT_PATH, //VALUE is struct Maat_hit_path_t*, an array of struct Maat_hit_path_t, SIZE= sizeof(struct Maat_hit_path_t)*N, //Maat_get_scan_status returns actual got number. + MAAT_SET_SCAN_NO_COUNT //VALUE is NULL, SIZE=0. This option indicates taht follow scan is a duplication of previous scan. }; //return 0 if success, return -1 when failed; int Maat_set_scan_status(Maat_feather_t feather, scan_status_t* mid, enum MAAT_SCAN_OPT type, const void* value, int size); diff --git a/src/entry/Maat_api.cpp b/src/entry/Maat_api.cpp index d465711..4a5774f 100644 --- a/src/entry/Maat_api.cpp +++ b/src/entry/Maat_api.cpp @@ -76,6 +76,19 @@ int insert_set_id(unsigned long long **set, size_t* size, size_t cnt, unsigned l } } +void scan_staus_count_inc(struct _OUTER_scan_status_t* _mid) +{ + if(_mid->is_no_count_scan) + { + _mid->is_no_count_scan=0; + } + else + { + _mid->scan_cnt++; + } + return; +} + void fill_maat_rule(struct Maat_rule_t *rule, const struct Maat_rule_head* rule_head, const char* srv_def, int srv_def_len) { memcpy(rule, rule_head, sizeof(struct Maat_rule_head)); @@ -1353,7 +1366,7 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id clock_gettime(CLOCK_MONOTONIC,&start); } _mid=grab_mid(mid,_feather, thread_num, 0); - _mid->scan_cnt++; + scan_staus_count_inc(_mid); if(data==NULL||data_len<=0) { return -1; @@ -1500,7 +1513,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id clock_gettime(CLOCK_MONOTONIC,&start); } _mid=grab_mid(mid, _feather, thread_num, 0); - _mid->scan_cnt++; + scan_staus_count_inc(_mid); int virtual_table_id=0; p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_INTERVAL, &virtual_table_id); @@ -1602,7 +1615,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id clock_gettime(CLOCK_MONOTONIC,&start); } _mid=grab_mid(mid, _feather, thread_num, 0); - _mid->scan_cnt++; + scan_staus_count_inc(_mid); int virtual_table_id=0; p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_STRING, &virtual_table_id); @@ -1805,7 +1818,7 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id clock_gettime(CLOCK_MONOTONIC,&start); } _mid=grab_mid(mid, _feather, thread_num, 0); - _mid->scan_cnt++; + scan_staus_count_inc(_mid); int virtual_table_id=0; enum MAAT_TABLE_TYPE table_type=TABLE_TYPE_INVALID; table_type=Maat_table_get_type_by_id(_feather->table_mgr, table_id); @@ -1993,7 +2006,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para clock_gettime(CLOCK_MONOTONIC, &start); } _mid=grab_mid(mid, sp->feather, sp->thread_num, 0); - _mid->scan_cnt++; + scan_staus_count_inc(_mid); if(data==NULL||data_len<=0||scanner==NULL) { return 0; @@ -2288,7 +2301,7 @@ int Maat_stream_scan_digest(stream_para_t * stream_para, const char * data, int clock_gettime(CLOCK_MONOTONIC,&start); } _mid=grab_mid(mid, sp->feather, sp->thread_num, 0); - _mid->scan_cnt++; + scan_staus_count_inc(_mid); if(data==NULL||data_len<=0) { @@ -2423,6 +2436,25 @@ int Maat_read_rule(Maat_feather_t feather, const struct Maat_rule_t* rule, enum } return ret; } + +int Maat_apply_scan_status(Maat_feather_t feather, scan_status_t *mid, + struct Maat_rule_t*result, int rule_num, int thread_num) +{ + struct _OUTER_scan_status_t* _mid=(struct _OUTER_scan_status_t*)(*mid); + struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; + struct scan_region_hit_wraper region_hit_wraper; + int ret=0; + if(!_mid||! (_mid->compile_mid)) + { + return 0; + } + memset(®ion_hit_wraper, 0, sizeof(region_hit_wraper)); + region_hit_wraper.Nth_scan=_mid->scan_cnt; + region_hit_wraper.n_hit_region=0; + ret=region_compile(_feather, _mid->compile_mid, ®ion_hit_wraper, result, rule_num, thread_num); + return ret; +} + int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCAN_OPT type,const void* value,int size) { struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather; @@ -2458,6 +2490,10 @@ int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCA assert(_mid->is_last_region==0); _mid->is_last_region=1; break; + case MAAT_SET_SCAN_NO_COUNT: + assert(_mid->is_no_count_scan==0); + _mid->is_no_count_scan=1; + break; default: _feather->scan_err_cnt++; return -1; diff --git a/src/entry/Maat_hierarchy.cpp b/src/entry/Maat_hierarchy.cpp index 2664de1..5289a70 100644 --- a/src/entry/Maat_hierarchy.cpp +++ b/src/entry/Maat_hierarchy.cpp @@ -1215,6 +1215,7 @@ size_t Maat_hierarchy_hit_path_select0(const struct Maat_hierarchy_compile_mid* void Maat_hierarchy_compile_mid_udpate(struct Maat_hierarchy* hier, struct Maat_hierarchy_compile_mid* mid, int region_id, int virtual_table_id, int Nth_scan, int Nth_region_result) { size_t i=0, j=0; + size_t n_exsited_path=0; unsigned long long *clause_id=0; struct Maat_hierarchy_hit_path* hit_path=NULL; struct Maat_hierarchy_region* region=NULL; @@ -1248,8 +1249,16 @@ void Maat_hierarchy_compile_mid_udpate(struct Maat_hierarchy* hier, struct Maat_ hit_path->path.region_id=region_id; hit_path->path.sub_group_id=group->group_id; hit_path->path.virtual_table_id=virtual_table_id; - TAILQ_INSERT_TAIL(&mid->hit_path_qhead, hit_path, entries); - mid->hit_path_cnt++; + n_exsited_path=hit_path_select(&mid->hit_path_qhead, &hit_path->path, NULL, 0); + if(n_exsited_path) + { + free(hit_path); + } + else + { + TAILQ_INSERT_TAIL(&mid->hit_path_qhead, hit_path, entries); + mid->hit_path_cnt++; + } } else { @@ -1263,6 +1272,12 @@ void Maat_hierarchy_compile_mid_udpate(struct Maat_hierarchy* hier, struct Maat_ hit_path->path.sub_group_id=group->group_id; hit_path->path.top_group_id=group->top_group_ids[i]; hit_path->path.virtual_table_id=virtual_table_id; + n_exsited_path=hit_path_select(&mid->hit_path_qhead, &hit_path->path, NULL, 0); + if(n_exsited_path) + { + free(hit_path); + continue; + } TAILQ_INSERT_TAIL(&mid->hit_path_qhead, hit_path, entries); mid->hit_path_cnt++; diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp index 34517d8..5737c2c 100644 --- a/src/entry/Maat_rule.cpp +++ b/src/entry/Maat_rule.cpp @@ -57,7 +57,7 @@ extern "C" } #endif -int MAAT_FRAME_VERSION_3_2_3_20210714=1; +int MAAT_FRAME_VERSION_3_3_1_20210715=1; int is_valid_table_name(const char* str) { diff --git a/src/entry/json2iris.cpp b/src/entry/json2iris.cpp index d67ff15..037839e 100644 --- a/src/entry/json2iris.cpp +++ b/src/entry/json2iris.cpp @@ -953,7 +953,7 @@ void table_idx_write_cb(const uchar * key, uint size, void * data, void * user) char line_cnt_str[32], err_str[256]; snprintf(line_cnt_str, sizeof(line_cnt_str), "%010d\n", table->line_count); - int ret=0; + UNUSED int ret=0; size_t table_file_sz=strlen(line_cnt_str)+table->write_pos; unsigned char* buff=ALLOC(unsigned char, table_file_sz); unsigned char* encrypt_buff=NULL; diff --git a/src/inc_internal/Maat_rule_internal.h b/src/inc_internal/Maat_rule_internal.h index 839165c..6449faa 100644 --- a/src/inc_internal/Maat_rule_internal.h +++ b/src/inc_internal/Maat_rule_internal.h @@ -169,6 +169,7 @@ struct _OUTER_scan_status_t unsigned short thread_num; unsigned char is_set_district; unsigned char is_last_region; + unsigned char is_no_count_scan; int district_id; int scan_cnt; struct Maat_hierarchy_compile_mid* compile_mid; diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index c8f14fd..45e5f43 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -4083,6 +4083,130 @@ TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419) Maat_clean_status(&mid); } +#define ScanStatus_Set_No_Count +TEST_F(MaatCmdTest, ScanStatusSetNoCount) +{ + Maat_feather_t feather=MaatCmdTest::_shared_feather; + + const char* g2c_tn="GROUP2COMPILE"; + const char* compile_table_name="COMPILE"; + const char* ip_table_name="IP_PLUS_CONFIG", *app_id_table_name="APP_ID"; + + struct Maat_rule_t compile1; + struct Maat_cmd_group2compile group11, group21, group22; + struct Maat_cmd_region region11, region21, region22; + + + memset(&compile1, 0, sizeof(compile1)); + compile1.config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1); + Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 2, 0, 0); + + + //region11->group11--clause1-->compile1 + // / + //region21->group21--clause2--/ + + + memset(&group11, 0, sizeof(group11)); + group11.group_id=Maat_command_get_new_group_id(feather); + group11.table_name=g2c_tn; + group11.compile_id=compile1.config_id; + group11.clause_index=1; + Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group11); + + memset(®ion11, 0, sizeof(region11)); + region11.region_id=Maat_command_get_new_region_id(feather); + region11.region_type=REGION_IP_PLUS; + region11.table_name=ip_table_name; + region11.ip_plus_rule.addr_type=ADDR_TYPE_IPv4; + region11.ip_plus_rule.saddr_format="range"; + region11.ip_plus_rule.src_ip1="192.168.3.1"; + region11.ip_plus_rule.src_ip2="192.168.3.4"; + region11.ip_plus_rule.sport_format="range"; + region11.ip_plus_rule.src_port1=region11.ip_plus_rule.src_port2=0; + + region11.ip_plus_rule.daddr_format="mask"; + region11.ip_plus_rule.dst_ip1="0.0.0.0"; + region11.ip_plus_rule.dst_ip2="255.255.255.255"; + region11.ip_plus_rule.dport_format="range"; + region11.ip_plus_rule.dst_port1=region11.ip_plus_rule.dst_port2=0; + Maat_command_raw_set_region(feather, MAAT_OP_ADD, ®ion11, group11.group_id); + + + memset(&group21, 0, sizeof(group21)); + group21.group_id=Maat_command_get_new_group_id(feather); + group21.table_name=g2c_tn; + group21.compile_id=compile1.config_id; + group21.clause_index=2; + Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group21); + + region21.region_id=Maat_command_get_new_region_id(feather); + region21.region_type=REGION_INTERVAL; + region21.table_name=app_id_table_name; + region21.interval_rule.up_boundary=region21.interval_rule.low_boundary=41; + Maat_command_raw_set_region(feather, MAAT_OP_ADD, ®ion21, group21.group_id); + + sleep(1); + + int table_id=0, ret=0, i=0; + struct Maat_rule_t result[4]; + scan_status_t mid=NULL; + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.3.2", 50001, "10.0.6.201", 80); + + int scan_app_id=42; + memset(result, 0, sizeof(result)); + table_id=Maat_table_register(feather, ip_table_name); + ret=Maat_scan_proto_addr(feather,table_id, &ipv4_addr, 6, result, 4, &mid,0); + EXPECT_EQ(ret, -2); + + table_id=Maat_table_register(feather, app_id_table_name); + ret=Maat_scan_intval(feather, table_id, scan_app_id, result, 4, &mid, 0); + EXPECT_EQ(ret, 0); + + + //region11->group11--clause1-->compile1 + // / + //region21->group21--clause2---/ + // / + //region22->group22-/ + + + memset(&group22, 0, sizeof(group22)); + group22.group_id=Maat_command_get_new_group_id(feather); + group22.table_name=g2c_tn; + group22.compile_id=compile1.config_id; + group22.clause_index=2; + Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group22); + + region22.region_id=Maat_command_get_new_region_id(feather); + region22.region_type=REGION_INTERVAL; + region22.table_name=app_id_table_name; + region22.interval_rule.up_boundary=region22.interval_rule.low_boundary=42; + Maat_command_raw_set_region(feather, MAAT_OP_ADD, ®ion22, group22.group_id); + + sleep(1); + + ret=Maat_scan_intval(feather, table_id, scan_app_id, result, 4, &mid, 0); + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, compile1.config_id); + for(i=0; i<100; i++) + { + Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_NO_COUNT, NULL, 0); + ret=Maat_scan_intval(feather, table_id, scan_app_id, result, 4, &mid, 0); + } + + struct Maat_hit_path_t hit_path[128]; + memset(hit_path, 0, sizeof(hit_path)); + int n_read=0; + n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path)); + EXPECT_EQ(n_read, 2); + + Maat_clean_status(&mid); + +} + TEST_F(MaatCmdTest, CompileDelete_TSG6548) { Maat_feather_t feather=MaatCmdTest::_shared_feather;