Maat_set_scan_status可以设置MAAT_SET_SCAN_NO_COUNT类型参数， 指示下一次扫描不进行计数，以减少hit path的存储开销。

inc/Maat_rule.h

@@ -198,8 +198,9 @@ enum MAAT_SCAN_OPT
 {
 	MAAT_SET_SCAN_DISTRICT=1,		//VALUE is a const char*, SIZE= strlen(string). DEFAULT: no default.
 	MAAT_SET_SCAN_LAST_REGION,		//VALUE is NULL, SIZE=0. This option indicates that the follow scan is the last region of current scan combination.
-	MAAT_GET_SCAN_HIT_PATH			//VALUE is struct Maat_hit_path_t*, an array of struct Maat_hit_path_t, SIZE= sizeof(struct Maat_hit_path_t)*N,
+	MAAT_GET_SCAN_HIT_PATH,			//VALUE is struct Maat_hit_path_t*, an array of struct Maat_hit_path_t, SIZE= sizeof(struct Maat_hit_path_t)*N,
 									//Maat_get_scan_status returns actual got number.
+	MAAT_SET_SCAN_NO_COUNT			//VALUE is NULL, SIZE=0. This option indicates taht follow scan is a duplication of previous scan.
 };
 //return 0 if success, return -1 when failed;
 int Maat_set_scan_status(Maat_feather_t feather, scan_status_t* mid, enum MAAT_SCAN_OPT type, const void* value, int size);

src/entry/Maat_api.cpp

@@ -76,6 +76,19 @@ int insert_set_id(unsigned long long **set, size_t* size, size_t cnt, unsigned l
 	}
 }
 
+void scan_staus_count_inc(struct _OUTER_scan_status_t* _mid)
+{
+	if(_mid->is_no_count_scan)
+	{
+		_mid->is_no_count_scan=0;
+	}
+	else
+	{
+		_mid->scan_cnt++;
+	}
+	return;
+}
+
 void fill_maat_rule(struct Maat_rule_t *rule, const struct Maat_rule_head* rule_head, const char* srv_def, int srv_def_len)
 {
 	memcpy(rule, rule_head, sizeof(struct Maat_rule_head));
@@ -1353,7 +1366,7 @@ int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
 		clock_gettime(CLOCK_MONOTONIC,&start);
 	}
 	_mid=grab_mid(mid,_feather, thread_num, 0);
-	_mid->scan_cnt++;
+	scan_staus_count_inc(_mid);
 	if(data==NULL||data_len<=0)
 	{
 		return -1;
@@ -1500,7 +1513,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id
 		clock_gettime(CLOCK_MONOTONIC,&start);
 	}
 	_mid=grab_mid(mid, _feather, thread_num, 0);
-	_mid->scan_cnt++;
+	scan_staus_count_inc(_mid);
 
 	int virtual_table_id=0;
 	p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_INTERVAL, &virtual_table_id);
@@ -1602,7 +1615,7 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
 		clock_gettime(CLOCK_MONOTONIC,&start);
 	}
 	_mid=grab_mid(mid, _feather, thread_num, 0);
-	_mid->scan_cnt++;
+	scan_staus_count_inc(_mid);
 	
 	int virtual_table_id=0;
 	p_table=Maat_table_get_scan_by_id(_feather->table_mgr, table_id, SCAN_TYPE_STRING, &virtual_table_id);
@@ -1805,7 +1818,7 @@ int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
 		clock_gettime(CLOCK_MONOTONIC,&start);
 	}
 	_mid=grab_mid(mid, _feather, thread_num, 0);
-	_mid->scan_cnt++;
+	scan_staus_count_inc(_mid);
 	int virtual_table_id=0;
 	enum MAAT_TABLE_TYPE table_type=TABLE_TYPE_INVALID;
 	table_type=Maat_table_get_type_by_id(_feather->table_mgr, table_id);
@@ -1993,7 +2006,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para
 		clock_gettime(CLOCK_MONOTONIC, &start);
 	}
 	_mid=grab_mid(mid, sp->feather, sp->thread_num, 0);
-	_mid->scan_cnt++;
+	scan_staus_count_inc(_mid);
 	if(data==NULL||data_len<=0||scanner==NULL)
 	{
 		return 0;
@@ -2288,7 +2301,7 @@ int Maat_stream_scan_digest(stream_para_t * stream_para, const char * data, int
 		clock_gettime(CLOCK_MONOTONIC,&start);
 	}
 	_mid=grab_mid(mid, sp->feather, sp->thread_num, 0);
-	_mid->scan_cnt++;
+	scan_staus_count_inc(_mid);
 
 	if(data==NULL||data_len<=0)
 	{
@@ -2423,6 +2436,25 @@ int Maat_read_rule(Maat_feather_t feather, const struct Maat_rule_t* rule, enum
 	}
 	return ret;
 }
+
+int Maat_apply_scan_status(Maat_feather_t feather, scan_status_t *mid,
+						struct Maat_rule_t*result, int rule_num, int thread_num)
+{
+	struct _OUTER_scan_status_t* _mid=(struct _OUTER_scan_status_t*)(*mid);
+	struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
+	struct scan_region_hit_wraper region_hit_wraper;
+	int ret=0;
+	if(!_mid||! (_mid->compile_mid))
+	{
+		return 0;
+	}
+	memset(&region_hit_wraper, 0, sizeof(region_hit_wraper));
+	region_hit_wraper.Nth_scan=_mid->scan_cnt;
+	region_hit_wraper.n_hit_region=0;
+	ret=region_compile(_feather, _mid->compile_mid, &region_hit_wraper, result, rule_num, thread_num);
+	return ret;
+}
+
 int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCAN_OPT type,const void* value,int size)
 {
 	struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
@@ -2458,6 +2490,10 @@ int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCA
 			assert(_mid->is_last_region==0);
 			_mid->is_last_region=1;
 			break;
+		case	MAAT_SET_SCAN_NO_COUNT:
+			assert(_mid->is_no_count_scan==0);
+			_mid->is_no_count_scan=1;
+			break;
 		default:
 			_feather->scan_err_cnt++;
 			return -1;

src/entry/Maat_hierarchy.cpp

@@ -1215,6 +1215,7 @@ size_t Maat_hierarchy_hit_path_select0(const struct Maat_hierarchy_compile_mid*
 void Maat_hierarchy_compile_mid_udpate(struct Maat_hierarchy* hier, struct Maat_hierarchy_compile_mid* mid, int region_id, int virtual_table_id, int Nth_scan, int Nth_region_result)
 {
 	size_t i=0, j=0;
+	size_t n_exsited_path=0;
 	unsigned long long *clause_id=0;
 	struct Maat_hierarchy_hit_path* hit_path=NULL;
 	struct Maat_hierarchy_region* region=NULL;
@@ -1248,8 +1249,16 @@ void Maat_hierarchy_compile_mid_udpate(struct Maat_hierarchy* hier, struct Maat_
 		hit_path->path.region_id=region_id;
 		hit_path->path.sub_group_id=group->group_id;
 		hit_path->path.virtual_table_id=virtual_table_id;
-		TAILQ_INSERT_TAIL(&mid->hit_path_qhead, hit_path, entries);
-		mid->hit_path_cnt++;
+		n_exsited_path=hit_path_select(&mid->hit_path_qhead, &hit_path->path, NULL, 0);
+		if(n_exsited_path)
+		{
+			free(hit_path);
+		}
+		else
+		{
+			TAILQ_INSERT_TAIL(&mid->hit_path_qhead, hit_path, entries);
+			mid->hit_path_cnt++;
+		}
 	}
 	else
 	{
@@ -1263,6 +1272,12 @@ void Maat_hierarchy_compile_mid_udpate(struct Maat_hierarchy* hier, struct Maat_
 			hit_path->path.sub_group_id=group->group_id;
 			hit_path->path.top_group_id=group->top_group_ids[i];
 			hit_path->path.virtual_table_id=virtual_table_id;
+			n_exsited_path=hit_path_select(&mid->hit_path_qhead, &hit_path->path, NULL, 0);
+			if(n_exsited_path)
+			{
+				free(hit_path);
+				continue;
+			}
 			TAILQ_INSERT_TAIL(&mid->hit_path_qhead, hit_path, entries);
 			mid->hit_path_cnt++;
 

src/entry/Maat_rule.cpp

@@ -57,7 +57,7 @@ extern "C"
 }
 #endif
 
-int MAAT_FRAME_VERSION_3_2_3_20210714=1;
+int MAAT_FRAME_VERSION_3_3_1_20210715=1;
 
 int is_valid_table_name(const char* str)
 {

src/entry/json2iris.cpp

@@ -953,7 +953,7 @@ void table_idx_write_cb(const uchar * key, uint size, void * data, void * user)
 	char line_cnt_str[32], err_str[256];
 	snprintf(line_cnt_str, sizeof(line_cnt_str), "%010d\n", table->line_count);
 
-	int ret=0;
+	UNUSED int ret=0;
 	size_t table_file_sz=strlen(line_cnt_str)+table->write_pos;
 	unsigned char* buff=ALLOC(unsigned char, table_file_sz);
 	unsigned char* encrypt_buff=NULL;

src/inc_internal/Maat_rule_internal.h

@@ -169,6 +169,7 @@ struct _OUTER_scan_status_t
 	unsigned short thread_num;
 	unsigned char is_set_district;
 	unsigned char is_last_region;
+	unsigned char is_no_count_scan;
 	int district_id;
 	int scan_cnt;
 	struct Maat_hierarchy_compile_mid* compile_mid;

test/test_maatframe.cpp

@@ -4083,6 +4083,130 @@ TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419)
 	Maat_clean_status(&mid);
 
 }
+#define ScanStatus_Set_No_Count
+TEST_F(MaatCmdTest, ScanStatusSetNoCount)
+{
+	Maat_feather_t feather=MaatCmdTest::_shared_feather;
+
+	const char* g2c_tn="GROUP2COMPILE";
+	const char* compile_table_name="COMPILE";
+	const char* ip_table_name="IP_PLUS_CONFIG", *app_id_table_name="APP_ID";
+
+	struct Maat_rule_t compile1;
+	struct Maat_cmd_group2compile group11, group21, group22;
+	struct Maat_cmd_region region11, region21, region22;
+
+
+	memset(&compile1, 0, sizeof(compile1));
+	compile1.config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1);
+	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 2, 0, 0);
+
+	
+	//region11->group11--clause1-->compile1
+	//					    	   /    
+	//region21->group21--clause2--/
+
+
+	memset(&group11, 0, sizeof(group11));
+	group11.group_id=Maat_command_get_new_group_id(feather);
+	group11.table_name=g2c_tn;
+	group11.compile_id=compile1.config_id;
+	group11.clause_index=1;
+	Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group11);
+
+	memset(&region11, 0, sizeof(region11));
+	region11.region_id=Maat_command_get_new_region_id(feather);
+	region11.region_type=REGION_IP_PLUS;
+	region11.table_name=ip_table_name;
+	region11.ip_plus_rule.addr_type=ADDR_TYPE_IPv4;
+	region11.ip_plus_rule.saddr_format="range";
+	region11.ip_plus_rule.src_ip1="192.168.3.1";
+	region11.ip_plus_rule.src_ip2="192.168.3.4";
+	region11.ip_plus_rule.sport_format="range";
+	region11.ip_plus_rule.src_port1=region11.ip_plus_rule.src_port2=0;
+
+	region11.ip_plus_rule.daddr_format="mask";
+	region11.ip_plus_rule.dst_ip1="0.0.0.0";
+	region11.ip_plus_rule.dst_ip2="255.255.255.255";
+	region11.ip_plus_rule.dport_format="range";
+	region11.ip_plus_rule.dst_port1=region11.ip_plus_rule.dst_port2=0;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region11, group11.group_id);
+
+
+	memset(&group21, 0, sizeof(group21));
+	group21.group_id=Maat_command_get_new_group_id(feather);
+	group21.table_name=g2c_tn;
+	group21.compile_id=compile1.config_id;
+	group21.clause_index=2;
+	Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group21);
+
+	region21.region_id=Maat_command_get_new_region_id(feather);
+	region21.region_type=REGION_INTERVAL;
+	region21.table_name=app_id_table_name;
+	region21.interval_rule.up_boundary=region21.interval_rule.low_boundary=41;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region21, group21.group_id);
+
+	sleep(1);
+
+	int table_id=0, ret=0, i=0;
+	struct Maat_rule_t result[4];
+	scan_status_t mid=NULL;
+	struct ipaddr ipv4_addr;
+	struct stream_tuple4_v4 v4_addr;
+	ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.3.2", 50001, "10.0.6.201", 80);
+
+	int scan_app_id=42;
+	memset(result, 0, sizeof(result));
+	table_id=Maat_table_register(feather, ip_table_name);
+	ret=Maat_scan_proto_addr(feather,table_id, &ipv4_addr, 6, result, 4, &mid,0);
+	EXPECT_EQ(ret, -2);
+
+	table_id=Maat_table_register(feather, app_id_table_name);
+	ret=Maat_scan_intval(feather, table_id, scan_app_id, result, 4, &mid, 0);
+	EXPECT_EQ(ret, 0);
+
+
+	//region11->group11--clause1-->compile1
+	//					    	    /    
+	//region21->group21--clause2---/
+	//					 /
+	//region22->group22-/
+
+
+	memset(&group22, 0, sizeof(group22));
+	group22.group_id=Maat_command_get_new_group_id(feather);
+	group22.table_name=g2c_tn;
+	group22.compile_id=compile1.config_id;
+	group22.clause_index=2;
+	Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group22);
+
+	region22.region_id=Maat_command_get_new_region_id(feather);
+	region22.region_type=REGION_INTERVAL;
+	region22.table_name=app_id_table_name;
+	region22.interval_rule.up_boundary=region22.interval_rule.low_boundary=42;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region22, group22.group_id);
+	
+	sleep(1);
+	
+	ret=Maat_scan_intval(feather, table_id, scan_app_id, result, 4, &mid, 0);
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, compile1.config_id);
+	for(i=0; i<100; i++)
+	{
+		Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_NO_COUNT, NULL, 0);
+		ret=Maat_scan_intval(feather, table_id, scan_app_id, result, 4, &mid, 0);
+	}
+
+	struct Maat_hit_path_t hit_path[128];
+	memset(hit_path, 0, sizeof(hit_path));
+	int n_read=0;
+	n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+	EXPECT_EQ(n_read, 2);
+
+	Maat_clean_status(&mid);
+
+}
+
 TEST_F(MaatCmdTest, CompileDelete_TSG6548)
 {
 	Maat_feather_t feather=MaatCmdTest::_shared_feather;