diff --git a/include/maat.h b/include/maat.h index 7facde1..578ac2b 100644 --- a/include/maat.h +++ b/include/maat.h @@ -100,10 +100,8 @@ struct maat *maat_new(struct maat_options *opts, const char *table_info_path); void maat_free(struct maat *instance); /* maat table API */ -/* return table_id(>=0) if success,otherwise return -1 */ -int maat_table_get_id(struct maat *instance, const char *table_name); /* return 0 if success, otherwise return -1 */ -int maat_table_callback_register(struct maat *instance, int table_id, +int maat_table_callback_register(struct maat *instance, const char *table_name, maat_start_callback_t *start, maat_update_callback_t *update, maat_finish_callback_t *finish, @@ -115,7 +113,7 @@ int maat_compile_table_ex_schema_register(struct maat *instance, const char *tab maat_rule_ex_free_func_t *free_func, maat_rule_ex_dup_func_t *dup_func, long argl, void *argp); -void *maat_compile_table_get_ex_data(struct maat *instance, int table_id, int compile_id, size_t idx); +void *maat_compile_table_get_ex_data(struct maat *instance, const char *table_name, int compile_id, size_t idx); /* maat plugin table API */ int maat_plugin_table_ex_schema_register(struct maat *instance, const char *table_name, @@ -126,8 +124,15 @@ int maat_plugin_table_ex_schema_register(struct maat *instance, const char *tabl /* returned data is duplicated by dup_func of maat_plugin_table_ex_schema_register, caller is responsible to free the data. */ int maat_ip_plugin_table_get_ex_data(struct maat *instance, const char *table_name, - const struct ip_addr *ip, - void **ex_data_array, size_t n_ex_data); + const struct ip_addr *ip, void **ex_data_array, + size_t n_ex_data); + +int maat_fqdn_plugin_table_get_ex_data(struct maat *instance, const char *table_name, + const char *fqdn, void **ex_data_array, size_t n_ex_data); + +int maat_bool_plugin_table_get_ex_data(struct maat *instance, const char *table_name, + unsigned long long *item_ids, size_t n_item, + void **ex_data_array, size_t n_ex_data); /* maat scan API */ struct maat_state; @@ -145,27 +150,27 @@ struct maat_state; * MAAT_SCAN_HALF_HIT * MAAT_SCAN_HIT */ -int maat_scan_flag(struct maat *instance, int table_id, int thread_id, +int maat_scan_flag(struct maat *instance, const char *table_name, int thread_id, uint64_t flag, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state); -int maat_scan_integer(struct maat *instance, int table_id, int thread_id, +int maat_scan_integer(struct maat *instance, const char *table_name, int thread_id, unsigned int intval, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state); -int maat_scan_ipv4(struct maat *instance, int table_id, int thread_id, +int maat_scan_ipv4(struct maat *instance, const char *table_name, int thread_id, uint32_t ip_addr, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state); -int maat_scan_ipv6(struct maat *instance, int table_id, int thread_id, +int maat_scan_ipv6(struct maat *instance, const char *table_name, int thread_id, uint8_t *ip_addr, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state); -int maat_scan_string(struct maat *instance, int table_id, int thread_id, +int maat_scan_string(struct maat *instance, const char *table_name, int thread_id, const char *data, size_t data_len, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state); struct maat_stream; -struct maat_stream *maat_scan_stream_open(struct maat *instance, int table_id, int thread_id); +struct maat_stream *maat_scan_stream_open(struct maat *instance, const char *table_name, int thread_id); int maat_scan_stream(struct maat_stream **stream, int thread_id, const char* data, int data_len, int results[], size_t *n_result, struct maat_state **state); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ee02fb8..544c0b1 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -58,5 +58,4 @@ target_link_libraries(maat_frame_shared intervalmatcher-static) # install set(CMAKE_INSTALL_PREFIX /opt/MESA/) install(FILES ${PROJECT_SOURCE_DIR}/include/maat.h DESTINATION ${CMAKE_INSTALL_PREFIX}/include/MESA/ COMPONENT HEADER) -install(FILES ${PROJECT_SOURCE_DIR}/include/bool_matcher.h DESTINATION ${CMAKE_INSTALL_PREFIX}/include/MESA/ COMPONENT HEADER) install(TARGETS maat_frame_shared LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib/ COMPONENT LIBRARIES) \ No newline at end of file diff --git a/src/inc_internal/maat_bool_plugin.h b/src/inc_internal/maat_bool_plugin.h index 3865eaf..4b6656c 100644 --- a/src/inc_internal/maat_bool_plugin.h +++ b/src/inc_internal/maat_bool_plugin.h @@ -51,6 +51,9 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime); +int bool_plugin_runtime_get_ex_data(void *fqdn_plugin_runtime, unsigned long long *item_ids, + size_t n_item, void **ex_data_array, size_t n_ex_data); + #ifdef __cplusplus } #endif diff --git a/src/inc_internal/maat_fqdn_plugin.h b/src/inc_internal/maat_fqdn_plugin.h index 922d0fc..799de81 100644 --- a/src/inc_internal/maat_fqdn_plugin.h +++ b/src/inc_internal/maat_fqdn_plugin.h @@ -51,6 +51,8 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime); +int fqdn_plugin_runtime_get_ex_data(void *fqdn_plugin_runtime, const char *fqdn, + void **ex_data_array, size_t n_ex_data); #ifdef __cplusplus } #endif diff --git a/src/maat_api.c b/src/maat_api.c index ac7fb59..40516e9 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -33,6 +33,7 @@ #include "maat_ip.h" #include "maat_plugin.h" #include "maat_ip_plugin.h" +#include "maat_fqdn_plugin.h" #include "maat_virtual.h" #define MODULE_MAAT_API module_name_str("maat.api") @@ -418,13 +419,17 @@ const char *generic_plugin_runtime_get_cached_row(void *custom_rt, enum table_ty } /* must be plugin table */ -int maat_table_callback_register(struct maat *maat_instance, int table_id, +int maat_table_callback_register(struct maat *maat_instance, const char *table_name, maat_start_callback_t *start, maat_update_callback_t *update, maat_finish_callback_t *finish, void *u_para) { int ret = -1; + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + return -1; + } pthread_mutex_lock(&(maat_instance->background_update_mutex)); void *schema = table_manager_get_schema(maat_instance->tbl_mgr, table_id); @@ -500,8 +505,13 @@ int maat_compile_table_ex_schema_register(struct maat *maat_instance, const char argl, argp, maat_instance->logger); } -void *maat_compile_table_get_ex_data(struct maat *maat_instance, int table_id, int compile_id, size_t idx) +void *maat_compile_table_get_ex_data(struct maat *maat_instance, const char *table_name, int compile_id, size_t idx) { + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + return NULL; + } + struct compile_schema *schema = (struct compile_schema *)table_manager_get_schema(maat_instance->tbl_mgr, table_id); return compile_table_get_rule_ex_data(schema, compile_id, idx); @@ -661,8 +671,8 @@ int maat_plugin_table_ex_schema_register(struct maat *maat_instance, const char } int maat_ip_plugin_table_get_ex_data(struct maat *maat_instance, const char *table_name, - const struct ip_addr *ip_addr, - void **ex_data_array, size_t n_ex_data) + const struct ip_addr *ip_addr, void **ex_data_array, + size_t n_ex_data) { if (NULL == maat_instance || NULL == table_name || NULL == ip_addr || NULL == ex_data_array || 0 == n_ex_data) { @@ -691,6 +701,67 @@ int maat_ip_plugin_table_get_ex_data(struct maat *maat_instance, const char *tab return n_hit_ex_data; } +int maat_fqdn_plugin_table_get_ex_data(struct maat *maat_instance, const char *table_name, + const char *fqdn, void **ex_data_array, size_t n_ex_data) +{ + if (NULL == maat_instance || NULL == table_name || NULL == fqdn || + NULL == ex_data_array || 0 == n_ex_data) { + return -1; + } + + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + log_error(maat_instance->logger, MODULE_MAAT_API, + "table_name:%s not registered yet, can't register ex_schema.", table_name); + return -1; + } + + struct maat_runtime *maat_rt = maat_instance->maat_rt; + if (NULL == maat_rt) { + return -1; + } + + void *fqdn_plugin_rt = table_manager_get_runtime(maat_rt->ref_tbl_mgr, table_id); + if (NULL == fqdn_plugin_rt) { + return -1; + } + + int n_hit_ex_data = fqdn_plugin_runtime_get_ex_data(fqdn_plugin_rt, fqdn, ex_data_array, n_ex_data); + + return n_hit_ex_data; +} + +int maat_bool_plugin_table_get_ex_data(struct maat *maat_instance, const char *table_name, + unsigned long long *item_ids, size_t n_item, + void **ex_data_array, size_t n_ex_data) +{ + if (NULL == maat_instance || NULL == table_name || NULL == item_ids || + NULL == ex_data_array || 0 == n_ex_data) { + return -1; + } + + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + log_error(maat_instance->logger, MODULE_MAAT_API, + "table_name:%s not registered yet, can't register ex_schema.", table_name); + return -1; + } + + struct maat_runtime *maat_rt = maat_instance->maat_rt; + if (NULL == maat_rt) { + return -1; + } + + void *bool_plugin_rt = table_manager_get_runtime(maat_rt->ref_tbl_mgr, table_id); + if (NULL == bool_plugin_rt) { + return -1; + } + + int n_hit_ex_data = bool_plugin_runtime_get_ex_data(bool_plugin_rt, item_ids, n_item, ex_data_array, n_ex_data); + + return n_hit_ex_data; +} + struct maat_state *make_outer_state(struct maat *maat_instance, int thread_id) { struct maat_state *outer_state = NULL; @@ -749,15 +820,20 @@ size_t hit_group_to_compile(void *compile_runtime, int *compile_ids, size_t comp return n_hit_compile; } -int maat_scan_flag(struct maat *maat_instance, int table_id, int thread_id, +int maat_scan_flag(struct maat *maat_instance, const char *table_name, int thread_id, uint64_t flag, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state) { - if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM) - || (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) { + if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) || + (NULL == results) || (0 == n_result) || (NULL == state)) { return MAAT_SCAN_ERR; } + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + return MAAT_SCAN_ERR; + } + struct maat_state *mid = NULL; mid = grab_state(state, maat_instance, thread_id); mid->scan_cnt++; @@ -874,15 +950,20 @@ int maat_scan_flag(struct maat *maat_instance, int table_id, int thread_id, return MAAT_SCAN_OK; } -int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id, +int maat_scan_integer(struct maat *maat_instance, const char *table_name, int thread_id, unsigned int intval, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state) { - if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM) - || (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) { + if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) || + (NULL == results) || (0 == n_result) || (NULL == state)) { return MAAT_SCAN_ERR; } + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + return MAAT_SCAN_ERR; + } + struct maat_state *mid = NULL; mid = grab_state(state, maat_instance, thread_id); mid->scan_cnt++; @@ -1005,12 +1086,17 @@ int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id, return MAAT_SCAN_OK; } -int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id, +int maat_scan_ipv4(struct maat *maat_instance, const char *table_name, int thread_id, uint32_t ip_addr, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state) { - if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM) || - (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) { + if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) || + (NULL == results) || (0 == n_result) || (NULL == state)) { + return MAAT_SCAN_ERR; + } + + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { return MAAT_SCAN_ERR; } @@ -1132,16 +1218,21 @@ int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id, } -int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id, +int maat_scan_ipv6(struct maat *maat_instance, const char *table_name, int thread_id, uint8_t *ip_addr, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state) { - if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM) || - (thread_id < 0) || (NULL == ip_addr) || (NULL == results) || (0 == n_result) || + if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) || + (NULL == ip_addr) || (NULL == results) || (0 == n_result) || (NULL == state)) { return MAAT_SCAN_ERR; } + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + return MAAT_SCAN_ERR; + } + struct maat_state *mid = NULL; mid = grab_state(state, maat_instance, thread_id); mid->scan_cnt++; @@ -1257,16 +1348,21 @@ int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id, return MAAT_SCAN_OK; } -int maat_scan_string(struct maat *maat_instance, int table_id, int thread_id, +int maat_scan_string(struct maat *maat_instance, const char *table_name, int thread_id, const char *data, size_t data_len, int *results, size_t n_result, size_t *n_hit_result, struct maat_state **state) { - if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM) - || (thread_id < 0) || (NULL == data) || (0 == data_len) - || (NULL == results) || (0 == n_result) || (NULL == state)) { + if ((NULL == maat_instance) || NULL == table_name || (thread_id < 0) || + (NULL == data) || (0 == data_len) || (NULL == results) || + (0 == n_result) || (NULL == state)) { return MAAT_SCAN_ERR; } + int table_id = maat_table_get_id(maat_instance, table_name); + if (table_id < 0) { + return MAAT_SCAN_ERR; + } + struct maat_state *mid = NULL; mid = grab_state(state, maat_instance, thread_id); mid->scan_cnt++; @@ -1387,7 +1483,7 @@ int maat_scan_string(struct maat *maat_instance, int table_id, int thread_id, return MAAT_SCAN_OK; } -struct maat_stream *maat_scan_stream_open(struct maat *instance, int table_id, int thread_id) +struct maat_stream *maat_scan_stream_open(struct maat *instance, const char *table_name, int thread_id) { return NULL; } diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index 39f38de..52034f9 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -488,4 +488,31 @@ struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_run struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime; return bool_plugin_rt->ex_data_rt; +} + +int bool_plugin_runtime_get_ex_data(void *bool_plugin_runtime, unsigned long long *item_ids, + size_t n_item, void **ex_data_array, size_t n_ex_data) +{ + if (NULL == bool_plugin_runtime) { + return -1; + } + + struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime; + if (NULL == bool_plugin_rt->matcher) { + log_info(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, + "bool_matcher is NULL, can't get ex data"); + return 0; + } + + struct bool_expr_match results[n_ex_data]; + memset(results, 0, sizeof(results)); + + n_item = ull_dedup(item_ids, n_item); + int n_result = bool_matcher_match(bool_plugin_rt->matcher, item_ids, n_item, results, n_ex_data); + for (int i = 0; i < n_result; i++) { + ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(bool_plugin_rt->ex_data_rt, + (struct ex_data_container *)results[i].user_tag); + } + + return n_result; } \ No newline at end of file diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index 28f2d26..8590836 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -427,4 +427,31 @@ struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_run struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime; return fqdn_plugin_rt->ex_data_rt; +} + + +int fqdn_plugin_runtime_get_ex_data(void *fqdn_plugin_runtime, const char *query_fqdn, + void **ex_data_array, size_t n_ex_data) +{ + if (NULL == fqdn_plugin_runtime) { + return -1; + } + + struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime; + if (NULL == fqdn_plugin_rt->engine) { + log_info(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, + "fqdn_engine is NULL, can't get ex data"); + return 0; + } + + struct FQDN_match results[n_ex_data]; + memset(results, 0, sizeof(results)); + + int n_result = FQDN_engine_search(fqdn_plugin_rt->engine, query_fqdn, strlen(query_fqdn), results, n_ex_data); + for (int i = 0; i < n_result; i++) { + ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(fqdn_plugin_rt->ex_data_rt, + (struct ex_data_container *)results[i].user_tag); + } + + return n_result; } \ No newline at end of file diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 09e0f45..38d8f20 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -35,7 +35,7 @@ protected: }; TEST_F(MaatFlagScan, basic) { - int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG"); + const char *flag_table_name = "FLAG_CONFIG"; //compile_id:192 flag: 0000 0001 mask: 0000 0011 //scan_data: 0000 1001 or 0000 1101 should hit @@ -43,7 +43,7 @@ TEST_F(MaatFlagScan, basic) { int results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results, + int ret = maat_scan_flag(g_maat_instance, flag_table_name, 0, scan_data, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -58,7 +58,7 @@ TEST_F(MaatFlagScan, basic) { scan_data = 13; memset(results, 0, sizeof(results)); n_hit_result = 0; - ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results, + ret = maat_scan_flag(g_maat_instance, flag_table_name, 0, scan_data, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -68,7 +68,7 @@ TEST_F(MaatFlagScan, basic) { scan_data = 6; memset(results, 0, sizeof(results)); n_hit_result = 0; - ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results, + ret = maat_scan_flag(g_maat_instance, flag_table_name, 0, scan_data, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -76,8 +76,8 @@ TEST_F(MaatFlagScan, basic) { } TEST_F(MaatFlagScan, withExprRegion) { - int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG"); - int expr_table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL"); + const char *flag_table_name = "FLAG_CONFIG"; + const char *expr_table_name = "HTTP_URL_LITERAL"; //compile_id:193 flag: 0000 0010 mask: 0000 0011 //scan_data: 0000 0010 or 0000 0100 should hit @@ -86,7 +86,7 @@ TEST_F(MaatFlagScan, withExprRegion) { size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results, + int ret = maat_scan_flag(g_maat_instance, flag_table_name, 0, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -97,7 +97,7 @@ TEST_F(MaatFlagScan, withExprRegion) { EXPECT_NE(n_read, 0); const char *expr_scan_data = "hello world"; - ret = maat_scan_string(g_maat_instance, expr_table_id, 0, expr_scan_data, + ret = maat_scan_string(g_maat_instance, expr_table_name, 0, expr_scan_data, strlen(expr_scan_data), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -107,7 +107,7 @@ TEST_F(MaatFlagScan, withExprRegion) { } TEST_F(MaatFlagScan, hitMultiCompile) { - int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG"); + const char *flag_table_name = "FLAG_CONFIG"; //compile_id:192 flag: 0000 0001 mask: 0000 0011 //compile_id:194 flag: 0001 0101 mask: 0001 1111 @@ -117,7 +117,7 @@ TEST_F(MaatFlagScan, hitMultiCompile) { size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results, + int ret = maat_scan_flag(g_maat_instance, flag_table_name, 0, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -144,12 +144,13 @@ protected: }; TEST_F(MaatStringScan, Expr8) { - int table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE"); + const char *table_name = "KEYWORDS_TABLE"; + char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; int results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data), + int ret = maat_scan_string(g_maat_instance, table_name, 0, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -168,10 +169,9 @@ TEST_F(MaatStringScan, Regex) { size_t n_hit_result = 0; struct maat_state *state = NULL; const char *cookie = "Cookie: Txa123aheadBCAxd"; - int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_REGEX"); - ASSERT_GT(table_id, 0); + const char *table_name = "HTTP_URL_REGEX"; - ret = maat_scan_string(g_maat_instance, table_id, 0, cookie, strlen(cookie), + ret = maat_scan_string(g_maat_instance, table_name, 0, cookie, strlen(cookie), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(results[0], 146); @@ -208,17 +208,15 @@ TEST_F(MaatStringScan, ExprPlus) { const char *region_name2 ="我的diStricT"; const char *scan_data1 = "http://www.cyberessays.com/search_results.php?action=search&query=abckkk,1234567"; const char *scan_data2 = "Addis Sapphire Hotel"; + const char *table_name = "HTTP_SIGNATURE"; - int table_id = maat_table_get_id(g_maat_instance, "HTTP_SIGNATURE"); - ASSERT_GT(table_id, 0); - - int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), + int ret = maat_scan_string(g_maat_instance, table_name, 0, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_ERR);//Should return error for district not setting. ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1)); ASSERT_EQ(ret, 0); - ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), + ret = maat_scan_string(g_maat_instance, table_name, 0, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(results[0], 128); @@ -226,7 +224,7 @@ TEST_F(MaatStringScan, ExprPlus) { ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2)); ASSERT_EQ(ret, 0); - ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2), + ret = maat_scan_string(g_maat_instance, table_name, 0, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(results[0], 190); @@ -351,13 +349,13 @@ TEST_F(MaatStringScan, ExprPlusWithOffset) } #endif TEST_F(MaatStringScan, dynamic_config) { - int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL"); + const char *table_name = "HTTP_URL_LITERAL"; char data[128] = "hello world"; int results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, + int ret = maat_scan_string(g_maat_instance, table_name, 0, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -384,7 +382,6 @@ TEST_F(MaatStringScan, dynamic_config) { EXPECT_EQ(ret, 1); /* add new line in HTTP_URL_LITERAL table */ - const char *table_name = "HTTP_URL_LITERAL"; const char *table_line_add = "9999\t8888\thello world\t0\t0\t0\t1\t"; memset(&line_rule, 0, sizeof(line_rule)); line_rule.rule_id = 9999; @@ -395,7 +392,7 @@ TEST_F(MaatStringScan, dynamic_config) { sleep(2); state = NULL; - ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, + ret = maat_scan_string(g_maat_instance, table_name, 0, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -431,7 +428,7 @@ TEST_F(MaatStringScan, dynamic_config) { sleep(2); state = NULL; - ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, + ret = maat_scan_string(g_maat_instance, table_name, 0, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -451,7 +448,7 @@ protected: }; TEST_F(MaatIPScan, IPv4) { - int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG"); + const char *table_name = "IP_PLUS_CONFIG"; char ip_str[32] = "10.0.7.100"; uint32_t sip; int ret = inet_pton(AF_INET, ip_str, &sip); @@ -460,7 +457,7 @@ TEST_F(MaatIPScan, IPv4) { int results[ARRAY_SIZE] = {-1}; size_t n_hit_result = 0; struct maat_state *state = NULL; - ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(g_maat_instance, table_name, 0, sip, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -470,7 +467,7 @@ TEST_F(MaatIPScan, IPv4) { } TEST_F(MaatIPScan, IPv6) { - int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG"); + const char *table_name = "IP_PLUS_CONFIG"; char ip_str[32] = "1001:da8:205:1::101"; uint8_t sip[16]; int ret = inet_pton(AF_INET6, ip_str, &sip); @@ -480,7 +477,7 @@ TEST_F(MaatIPScan, IPv6) { memset(results, -1, sizeof(results)); size_t n_hit_result = 0; struct maat_state *state = NULL; - ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(g_maat_instance, table_name, 0, sip, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -490,7 +487,7 @@ TEST_F(MaatIPScan, IPv6) { } TEST_F(MaatIPScan, dynamic_config) { - int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG"); + const char *table_name = "IP_PLUS_CONFIG"; char ip_str[32] = "100.100.100.100"; uint32_t sip; @@ -500,7 +497,7 @@ TEST_F(MaatIPScan, dynamic_config) { int results[ARRAY_SIZE] = {-1}; size_t n_hit_result = 0; struct maat_state *state = NULL; - ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(g_maat_instance, table_name, 0, sip, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -528,7 +525,6 @@ TEST_F(MaatIPScan, dynamic_config) { EXPECT_EQ(ret, 1); /* add new line in IP_PLUS_CONFIG */ - const char *table_name = "IP_PLUS_CONFIG"; const char *table_line_add = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t1"; memset(&line_rule, 0, sizeof(line_rule)); line_rule.rule_id = 9998; @@ -539,7 +535,7 @@ TEST_F(MaatIPScan, dynamic_config) { sleep(2); state = NULL; - ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(g_maat_instance, table_name, 0, sip, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -593,17 +589,14 @@ TEST_F(MaatIntervalScan, Pure) { struct maat_state *state = NULL; const char *table_name = "CONTENT_SIZE"; - int table_id = maat_table_get_id(g_maat_instance, table_name); - ASSERT_GT(table_id, 0); - unsigned int scan_data1 = 2015; - int ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE, + int ret = maat_scan_integer(g_maat_instance, table_name, 0, scan_data1, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); maat_state_free(&state); unsigned int scan_data2 = 300; - ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data2, results, ARRAY_SIZE, + ret = maat_scan_integer(g_maat_instance, table_name, 0, scan_data2, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -615,16 +608,13 @@ TEST_F(MaatIntervalScan, IntervalPlus) { size_t n_hit_result = 0; struct maat_state *state = NULL; const char *table_name = "INTERGER_PLUS"; - - int table_id = maat_table_get_id(g_maat_instance, table_name); - ASSERT_GT(table_id, 0); - const char *district_str = "interval.plus"; + int ret = maat_state_set_scan_district(g_maat_instance, &state, district_str, strlen(district_str)); EXPECT_EQ(ret, 0); unsigned int scan_data1 = 2020; - ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE, + ret = maat_scan_integer(g_maat_instance, table_name, 0, scan_data1, results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -649,26 +639,20 @@ TEST_F(NOTLogic, ScanNotAtLast) { const char *string_should_not_hit = "This string contains both must-contained-string-of-rule-144 and must-not-contained-string-of-rule-144."; int results[ARRAY_SIZE] = {0}; - size_t n_hit_result = 0; + size_t n_hit_result = 0; struct maat_state *state = NULL; const char *hit_table_name = "HTTP_URL_LITERAL"; const char *not_hit_table_name = "KEYWORDS_TABLE"; - - int hit_table_id = maat_table_get_id(g_maat_instance, hit_table_name); - ASSERT_GT(hit_table_id, 0); - int ret = maat_scan_string(g_maat_instance, hit_table_id, 0, string_should_hit, strlen(string_should_hit), + int ret = maat_scan_string(g_maat_instance, hit_table_name, 0, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(results[0], 144); - int not_hit_table_id = maat_table_get_id(g_maat_instance, not_hit_table_name); - ASSERT_GT(not_hit_table_id, 0); - maat_state_set_last_scan(g_maat_instance, &state); - ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_should_not_hit, strlen(string_should_not_hit), + ret = maat_scan_string(g_maat_instance, not_hit_table_name, 0, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); maat_state_free(&state); @@ -728,8 +712,9 @@ protected: }; TEST_F(PluginTable, Callback) { - int table_id = maat_table_get_id(g_maat_instance, "QD_ENTRY_INFO"); - int ret = maat_table_callback_register(g_maat_instance, table_id, + const char *table_name = "QD_ENTRY_INFO"; + + int ret = maat_table_callback_register(g_maat_instance, table_name, maat_read_entry_start_cb, maat_read_entry_cb, maat_read_entry_finish_cb, @@ -861,12 +846,9 @@ TEST_F(VirtualTable, basic) { size_t n_hit_result = 0; struct maat_state *state = NULL; const char *table_name = "HTTP_RESPONSE_KEYWORDS"; - - int table_id = maat_table_get_id(g_maat_instance, table_name); - ASSERT_GT(table_id, 0); char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; - int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data), + int ret = maat_scan_string(g_maat_instance, table_name, 0, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -943,9 +925,6 @@ TEST_F(CompileTable, CompileEXData) { const char *table_name = "HTTP_URL_LITERAL"; const char *expect_name = "I have a name"; - int table_id = maat_table_get_id(g_maat_instance, table_name); - ASSERT_GT(table_id, 0); - int ex_data_counter = 0; int ex_param_idx = maat_compile_table_ex_schema_register(g_maat_instance, "COMPILE_ALIAS", compile_ex_param_new, @@ -955,11 +934,11 @@ TEST_F(CompileTable, CompileEXData) { ASSERT_TRUE(ex_param_idx>=0); EXPECT_EQ(ex_data_counter, 1); - int ret = maat_scan_string(g_maat_instance, table_id, 0, url, strlen(url), + int ret = maat_scan_string(g_maat_instance, table_name, 0, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - void *ex_data = maat_compile_table_get_ex_data(g_maat_instance, table_id, 0, ex_param_idx); + void *ex_data = maat_compile_table_get_ex_data(g_maat_instance, table_name, 0, ex_param_idx); ASSERT_TRUE(ex_data!=NULL); struct rule_ex_param *param = (struct rule_ex_param *)ex_data; EXPECT_EQ(param->id, 7799); diff --git a/test/maat_input_mode_gtest.cpp b/test/maat_input_mode_gtest.cpp index 8c1e467..3967903 100644 --- a/test/maat_input_mode_gtest.cpp +++ b/test/maat_input_mode_gtest.cpp @@ -36,13 +36,12 @@ TEST(json_mode, maat_scan_string) { struct maat *maat_instance = maat_new(opts, table_info_path); EXPECT_TRUE(maat_instance != NULL); - int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE"); - + const char *table_name = "KEYWORDS_TABLE"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; int results[5] = {0}; size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_string(maat_instance, table_id, 0, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_instance, table_name, 0, scan_data, strlen(scan_data), results, sizeof(results), &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -81,13 +80,12 @@ TEST(iris_mode, maat_scan_string) { struct maat *maat_instance = maat_new(opts, table_info_path); EXPECT_TRUE(maat_instance != NULL); - int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE"); - + const char *table_name = "KEYWORDS_TABLE"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; int results[5] = {0}; size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_string(maat_instance, table_id, 0, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_instance, table_name, 0, scan_data, strlen(scan_data), results, sizeof(results), &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -202,13 +200,12 @@ TEST(redis_mode, maat_scan_string) { maat_options_set_logger(opts, g_logger); struct maat *maat_instance = maat_new(opts, table_info_path); - int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE"); - + const char *table_name = "KEYWORDS_TABLE"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; int results[5] = {0}; size_t n_hit_result = 0; struct maat_state *state = NULL; - int ret = maat_scan_string(maat_instance, table_id, 0, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_instance, table_name, 0, scan_data, strlen(scan_data), results, sizeof(results), &n_hit_result, &state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1);