gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cpp->c and expr support configurable generation of literal_db or regex_db

Browse Source
This commit is contained in:
liuwentan
2023-02-15 11:53:46 +08:00
parent d5e6808e1f
commit 379efcf027
74 changed files with 1621 additions and 927 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CMakeLists.txt
View File

@@ -3,9 +3,9 @@ project(maatframe)
include_directories(${PROJECT_SOURCE_DIR}/include) include_directories(${PROJECT_SOURCE_DIR}/include)
set(CMAKE_C_FLAGS "-std=gnu99 -Wall") set(CMAKE_C_FLAGS "-std=gnu99 -fgnu89-inline -fPIC -Wall")
set(CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS} -Wall) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall")
set(MAAT_DEPEND_DYN_LIB pthread m crypto z)
include_directories(include) include_directories(include)
enable_testing() enable_testing()

0
scanner/bool_matcher.h → include/bool_matcher.h
View File

16
include/maat/maat.h → include/maat.h
View File

@@ -16,7 +16,7 @@
#ifndef _MAAT_H_ #ifndef _MAAT_H_
#define _MAAT_H_ #define _MAAT_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -48,6 +48,18 @@ enum maat_scan_status {
MAAT_SCAN_HIT //scan hit compile MAAT_SCAN_HIT //scan hit compile
}; };
#define MAX_SERVICE_DEFINE_LEN 128
struct maat_rule {
int config_id;
int service_id;
uint8_t do_log;
uint8_t do_blacklist;
uint8_t action;
uint8_t reserved;
int serv_def_len;
char service_defined[MAX_SERVICE_DEFINE_LEN];
};
typedef void maat_start_callback_t(int update_type, void *u_param); typedef void maat_start_callback_t(int update_type, void *u_param);
typedef void maat_update_callback_t(int table_id, const char *table_line, void *u_para); typedef void maat_update_callback_t(int table_id, const char *table_line, void *u_para);
typedef void maat_finish_callback_t(void *u_para); typedef void maat_finish_callback_t(void *u_para);
@@ -176,7 +188,7 @@ void maat_state_free(struct maat_state **state);
/* return hit object compile_id */ /* return hit object compile_id */
int maat_hit_object_compile_id(struct maat *instance, struct maat_hit_object *obj); int maat_hit_object_compile_id(struct maat *instance, struct maat_hit_object *obj);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

366
scanner/adapter_hs.cpp
View File

@@ -75,40 +75,40 @@ struct adapter_hs_stream {
}; };
struct matched_pattern { struct matched_pattern {
unsigned int pattern_id; unsigned long long pattern_id;
unsigned long matched_l_offset; unsigned long matched_l_offset;
unsigned long matched_r_offset; unsigned long matched_r_offset;
UT_hash_handle hh; UT_hash_handle hh;
}; };
struct matched_pattern_set { struct matched_pattern_container {
UT_array *pat_ids; UT_array *pat_ids;
unsigned int pattern_id; unsigned long long pattern_id;
unsigned long long l_matched; unsigned long long l_matched;
unsigned long long r_matched; unsigned long long r_matched;
struct matched_pattern *pat_hash; struct matched_pattern *pat_hash;
}; };
struct pattern_offset { struct pattern_attribute {
unsigned int pattern_id; unsigned long long pattern_id;
unsigned long l_offset; enum hs_match_mode match_mode;
unsigned long r_offset; int l_offset;
int r_offset;
}; };
struct hs_tag { struct hs_tag {
size_t n_pat_offset; size_t n_pat_attr;
struct pattern_offset *pat_offset; struct pattern_attribute *pat_attr;
void *user_tag; void *user_tag;
}; };
static int adpt_hs_alloc_scratch(struct adapter_hs_runtime *hs_rt, static int adpt_hs_alloc_scratch(struct adapter_hs_runtime *hs_rt, size_t n_worker_thread,
size_t n_worker_thread, int pattern_type, enum hs_pattern_type pattern_type, struct log_handle *logger)
struct log_handle *logger)
{ {
hs_database_t *database = NULL; hs_database_t *database = NULL;
hs_rt->scratchs = ALLOC(hs_scratch_t *, n_worker_thread); hs_rt->scratchs = ALLOC(hs_scratch_t *, n_worker_thread);
if (pattern_type == PATTERN_TYPE_STR) { if (pattern_type == HS_PATTERN_TYPE_STR) {
database = hs_rt->literal_db; database = hs_rt->literal_db;
} else { } else {
database = hs_rt->regex_db; database = hs_rt->regex_db;
@@ -146,21 +146,22 @@ static int adpt_hs_alloc_scratch(struct adapter_hs_runtime *hs_rt,
* @retval 0(success) -1(failed) * @retval 0(success) -1(failed)
*/ */
static int adpt_hs_build_database(struct adapter_hs_runtime *hs_rt, static int adpt_hs_build_database(struct adapter_hs_runtime *hs_rt,
struct adpt_hs_compile_data *literal_cd, struct adpt_hs_compile_data *compile_data,
struct adpt_hs_compile_data *regex_cd, enum hs_pattern_type pattern_type,
int scan_mode, struct log_handle *logger) enum hs_scan_mode scan_mode,
struct log_handle *logger)
{ {
hs_error_t err; hs_error_t err;
hs_compile_error_t *compile_err = NULL; hs_compile_error_t *compile_err = NULL;
if (NULL == hs_rt) { if (NULL == hs_rt || NULL == compile_data) {
return -1; return -1;
} }
if (literal_cd != NULL) { if (pattern_type == HS_PATTERN_TYPE_STR) {
err = hs_compile_lit_multi((const char *const *)literal_cd->patterns, literal_cd->flags, err = hs_compile_lit_multi((const char *const *)compile_data->patterns, compile_data->flags,
literal_cd->ids, literal_cd->pattern_lens, literal_cd->n_patterns, compile_data->ids, compile_data->pattern_lens, compile_data->n_patterns,
scan_mode, NULL, &hs_rt->literal_db, &compile_err); scan_mode, NULL, &hs_rt->literal_db, &compile_err);
if (err != HS_SUCCESS) { if (err != HS_SUCCESS) {
if (compile_err) { if (compile_err) {
log_error(logger, MODULE_ADAPTER_HS, log_error(logger, MODULE_ADAPTER_HS,
@@ -168,37 +169,23 @@ static int adpt_hs_build_database(struct adapter_hs_runtime *hs_rt,
} }
hs_free_compile_error(compile_err); hs_free_compile_error(compile_err);
goto error; return -1;
} }
} } else {
err = hs_compile_ext_multi((const char *const *)compile_data->patterns, compile_data->flags,
if (regex_cd != NULL) { compile_data->ids, NULL, compile_data->n_patterns,
err = hs_compile_ext_multi((const char *const *)regex_cd->patterns, regex_cd->flags, scan_mode, NULL, &hs_rt->regex_db, &compile_err);
regex_cd->ids, NULL, regex_cd->n_patterns,
scan_mode, NULL, &hs_rt->regex_db, &compile_err);
if (err != HS_SUCCESS) { if (err != HS_SUCCESS) {
if (compile_err) { if (compile_err) {
log_error(logger, MODULE_ADAPTER_HS, "%s compile error: %s", log_error(logger, MODULE_ADAPTER_HS, "%s compile error: %s",
__func__, compile_err->message); __func__, compile_err->message);
} }
hs_free_compile_error(compile_err); hs_free_compile_error(compile_err);
goto error; return -1;
} }
} }
return 0; return 0;
error:
if (hs_rt->literal_db != NULL) {
hs_free_database(hs_rt->literal_db);
hs_rt->literal_db = NULL;
}
if (hs_rt->regex_db != NULL) {
hs_free_database(hs_rt->regex_db);
hs_rt->regex_db = NULL;
}
return -1;
} }
struct adpt_hs_compile_data *adpt_hs_compile_data_new(size_t n_patterns) struct adpt_hs_compile_data *adpt_hs_compile_data_new(size_t n_patterns)
@@ -232,172 +219,130 @@ void adpt_hs_compile_data_free(struct adpt_hs_compile_data *hs_cd, size_t n_patt
FREE(hs_cd); FREE(hs_cd);
} }
struct adapter_hs * struct adapter_hs *adapter_hs_initialize(enum hs_scan_mode scan_mode,
adapter_hs_initialize(int scan_mode, size_t n_worker_thread, enum hs_pattern_type pattern_type,
and_expr_t *expr_array, size_t n_expr_array, size_t n_worker_thread,
struct log_handle *logger) and_expr_t *exprs, size_t n_expr,
struct log_handle *logger)
{ {
if ((scan_mode != HS_SCAN_MODE_BLOCK && scan_mode != HS_SCAN_MODE_STREAM) || if ((scan_mode != HS_SCAN_MODE_BLOCK && scan_mode != HS_SCAN_MODE_STREAM) ||
0 == n_worker_thread || NULL == expr_array || 0 == n_expr_array) { (pattern_type != HS_PATTERN_TYPE_STR && pattern_type != HS_PATTERN_TYPE_REG) ||
0 == n_worker_thread || NULL == exprs || 0 == n_expr) {
log_error(logger, MODULE_ADAPTER_HS, log_error(logger, MODULE_ADAPTER_HS,
"%s input parameters illegal!", __func__); "%s input parameters illegal!", __func__);
return NULL; return NULL;
} }
/* get the sum of pattern */ /* get the sum of pattern */
size_t literal_pattern_num = 0; size_t pattern_num = 0;
size_t regex_pattern_num = 0;
for (size_t i = 0; i < n_expr_array; i++) { for (size_t i = 0; i < n_expr; i++) {
if (expr_array[i].n_patterns > MAX_EXPR_PATTERN_NUM) { if (exprs[i].n_patterns > MAX_EXPR_PATTERN_NUM) {
log_error(logger, MODULE_ADAPTER_HS, log_error(logger, MODULE_ADAPTER_HS,
"the number of patterns in one expression should less than %d", "the number of patterns in one expression should less than %d",
MAX_EXPR_PATTERN_NUM); MAX_EXPR_PATTERN_NUM);
return NULL; return NULL;
} }
for (size_t j = 0; j < expr_array[i].n_patterns; j++) { for (size_t j = 0; j < exprs[i].n_patterns; j++) {
/* pat_len should not 0 */ if (0 == exprs[i].patterns[j].pat_len) {
if (0 == expr_array[i].patterns[j].pat_len) { log_error(logger, MODULE_ADAPTER_HS, "expr pattern length should not 0");
return NULL; return NULL;
} }
if (expr_array[i].patterns[j].type == PATTERN_TYPE_STR) { pattern_num++;
literal_pattern_num++;
} else if (expr_array[i].patterns[j].type == PATTERN_TYPE_REG) {
regex_pattern_num++;
} else {
log_error(logger, MODULE_ADAPTER_HS, "unknown pattern type: %d",
expr_array[i].patterns[j].type);
return NULL;
}
} }
} }
struct adpt_hs_compile_data *literal_cd = NULL; if (0 == pattern_num) {
struct adpt_hs_compile_data *regex_cd = NULL; log_error(logger, MODULE_ADAPTER_HS, "expr array has no valid pattern");
if (literal_pattern_num > 0) { return NULL;
literal_cd = adpt_hs_compile_data_new(literal_pattern_num);
} }
if (regex_pattern_num > 0) { struct adpt_hs_compile_data *compile_data = NULL;
regex_cd = adpt_hs_compile_data_new(regex_pattern_num); compile_data = adpt_hs_compile_data_new(pattern_num);
}
uint32_t literal_index = 0; uint32_t pattern_index = 0;
uint32_t regex_index = 0; struct bool_expr *bool_exprs = ALLOC(struct bool_expr, n_expr);
uint32_t pattern_id = 0;
/* alloc exprs for bool matcher*/
struct bool_expr *exprs = ALLOC(struct bool_expr, n_expr_array);
/* populate adpt_hs_compile_data and bool_expr */ /* populate adpt_hs_compile_data and bool_expr */
for (size_t i = 0; i < n_expr_array; i++) { for (size_t i = 0; i < n_expr; i++) {
struct hs_tag *hs_tag = ALLOC(struct hs_tag, 1); struct hs_tag *hs_tag = ALLOC(struct hs_tag, 1);
hs_tag->pat_offset = ALLOC(struct pattern_offset, expr_array[i].n_patterns); hs_tag->pat_attr = ALLOC(struct pattern_attribute, exprs[i].n_patterns);
hs_tag->n_pat_offset = expr_array[i].n_patterns; hs_tag->n_pat_attr = exprs[i].n_patterns;
hs_tag->user_tag = expr_array[i].user_tag; hs_tag->user_tag = exprs[i].user_tag;
for (size_t j = 0; j < expr_array[i].n_patterns; j++) { for (size_t j = 0; j < exprs[i].n_patterns; j++) {
size_t pat_len = 0; size_t pat_len = 0;
hs_tag->pat_offset[j].pattern_id = pattern_id; hs_tag->pat_attr[j].pattern_id = pattern_index;
hs_tag->pat_offset[j].l_offset = expr_array[i].patterns[j].l_offset; hs_tag->pat_attr[j].match_mode = exprs[i].patterns[j].match_mode;
hs_tag->pat_offset[j].r_offset = expr_array[i].patterns[j].r_offset; if (exprs[i].patterns[j].match_mode == HS_MATCH_MODE_SUB) {
hs_tag->pat_attr[j].l_offset = exprs[i].patterns[j].l_offset;
if (expr_array[i].patterns[j].type == PATTERN_TYPE_STR) { hs_tag->pat_attr[j].r_offset = exprs[i].patterns[j].r_offset;
literal_cd->ids[literal_index] = pattern_id;
/* set flags */
literal_cd->flags[literal_index] = HS_FLAG_SOM_LEFTMOST;
if (expr_array[i].patterns[j].case_sensitive == 1) {
literal_cd->flags[literal_index] |= HS_FLAG_CASELESS;
}
pat_len = expr_array[i].patterns[j].pat_len;
literal_cd->pattern_lens[literal_index] = pat_len;
literal_cd->patterns[literal_index] = ALLOC(char, pat_len);
memcpy(literal_cd->patterns[literal_index],
expr_array[i].patterns[j].pat,
expr_array[i].patterns[j].pat_len);
literal_index++;
} else {
regex_cd->ids[regex_index] = pattern_id;
/* set flags */
regex_cd->flags[regex_index] = HS_FLAG_SOM_LEFTMOST;
if (expr_array[i].patterns[j].case_sensitive == 1) {
regex_cd->flags[literal_index] |= HS_FLAG_CASELESS;
}
pat_len = expr_array[i].patterns[j].pat_len;
regex_cd->pattern_lens[regex_index] = pat_len;
regex_cd->patterns[regex_index] = ALLOC(char, pat_len);
memcpy(regex_cd->patterns[regex_index],
expr_array[i].patterns[j].pat,
expr_array[i].patterns[j].pat_len);
regex_index++;
} }
exprs[i].items[j].item_id = pattern_id;
pattern_id++; compile_data->ids[pattern_index] = pattern_index;
compile_data->flags[pattern_index] = HS_FLAG_SOM_LEFTMOST;
if (exprs[i].patterns[j].case_sensitive == HS_CASE_INSESITIVE) {
compile_data->flags[pattern_index] |= HS_FLAG_CASELESS;
}
pat_len = exprs[i].patterns[j].pat_len;
compile_data->pattern_lens[pattern_index] = pat_len;
compile_data->patterns[pattern_index] = ALLOC(char, pat_len);
memcpy(compile_data->patterns[pattern_index], exprs[i].patterns[j].pat,
exprs[i].patterns[j].pat_len);
bool_exprs[i].items[j].item_id = pattern_index;
pattern_index++;
} }
exprs[i].expr_id = expr_array[i].expr_id;
exprs[i].item_num = expr_array[i].n_patterns;
exprs[i].user_tag = hs_tag;
}
if (literal_cd != NULL) { bool_exprs[i].expr_id = exprs[i].expr_id;
literal_cd->n_patterns = literal_index; bool_exprs[i].item_num = exprs[i].n_patterns;
} bool_exprs[i].user_tag = hs_tag;
if (regex_cd != NULL) {
regex_cd->n_patterns = regex_index;
} }
compile_data->n_patterns = pattern_index;
int ret = -1; int ret = -1;
int max_patterns_type = 0;
size_t mem_size = 0; size_t mem_size = 0;
struct adapter_hs *hs_instance = ALLOC(struct adapter_hs, 1); struct adapter_hs *hs_instance = ALLOC(struct adapter_hs, 1);
hs_instance->n_worker_thread = n_worker_thread; hs_instance->n_worker_thread = n_worker_thread;
hs_instance->n_patterns = pattern_id; hs_instance->n_patterns = pattern_index;
hs_instance->n_expr = n_expr_array; hs_instance->n_expr = n_expr;
hs_instance->hs_rt = ALLOC(struct adapter_hs_runtime, 1); hs_instance->hs_rt = ALLOC(struct adapter_hs_runtime, 1);
//mytest
// for (size_t i = 0; i < n_expr_array; i++) {
// printf("exprs[%zu] expr_id:%llu, item_num:%zu\n", i, exprs[i].expr_id, exprs[i].item_num);
// for (size_t j = 0; j < exprs[i].item_num; j++) {
// printf("item[%zu] item_id: %llu\n", j, exprs[i].items[j].item_id);
// }
// }
/* create bool matcher */ /* create bool matcher */
hs_instance->hs_rt->bm = bool_matcher_new(exprs, n_expr_array, &mem_size); hs_instance->hs_rt->bm = bool_matcher_new(bool_exprs, n_expr, &mem_size);
if (hs_instance->hs_rt->bm != NULL) { if (hs_instance->hs_rt->bm != NULL) {
log_info(logger, MODULE_ADAPTER_HS, log_info(logger, MODULE_ADAPTER_HS,
"Adapter_hs module: build bool matcher of %zu expressions with %zu bytes memory", "Adapter_hs module: build bool matcher of %zu expressions with %zu bytes memory",
n_expr_array, mem_size); n_expr, mem_size);
} else { } else {
log_error(logger, MODULE_ADAPTER_HS, "Adapter_hs module: build bool matcher failed"); log_error(logger, MODULE_ADAPTER_HS, "Adapter_hs module: build bool matcher failed");
goto error; goto error;
} }
FREE(exprs); FREE(bool_exprs);
/* build hs database */ /* build hs database */
ret = adpt_hs_build_database(hs_instance->hs_rt, literal_cd, regex_cd, scan_mode, logger); ret = adpt_hs_build_database(hs_instance->hs_rt, compile_data, pattern_type, scan_mode, logger);
if (ret < 0) { if (ret < 0) {
goto error; goto error;
} }
if (literal_cd != NULL) { if (compile_data != NULL) {
adpt_hs_compile_data_free(literal_cd, literal_index); adpt_hs_compile_data_free(compile_data, pattern_index);
} }
if (regex_cd != NULL) { ret = adpt_hs_alloc_scratch(hs_instance->hs_rt, n_worker_thread, pattern_type, logger);
adpt_hs_compile_data_free(regex_cd, regex_index);
}
/* which pattern type has more patterns, use it as hs_alloc_scratch's input parameter */
if (literal_pattern_num > regex_pattern_num) {
max_patterns_type = PATTERN_TYPE_STR;
} else {
max_patterns_type = PATTERN_TYPE_REG;
}
ret = adpt_hs_alloc_scratch(hs_instance->hs_rt, n_worker_thread, max_patterns_type, logger);
if (ret < 0) { if (ret < 0) {
goto error; goto error;
} }
@@ -456,7 +401,7 @@ static inline int compare_pattern_id(const void *a, const void *b)
} }
} }
UT_icd ut_pattern_id_icd = {sizeof(unsigned int), NULL, NULL, NULL}; UT_icd ut_pattern_id_icd = {sizeof(unsigned long long), NULL, NULL, NULL};
/** /**
* @param id: pattern id * @param id: pattern id
*/ */
@@ -464,24 +409,62 @@ int matched_event_cb(unsigned int id, unsigned long long from,
unsigned long long to, unsigned int flags, unsigned long long to, unsigned int flags,
void *ctx) { void *ctx) {
// put id in set // put id in set
printf("matched_event_cb, expr_id:%u, from:%llu to:%llu\n", id, from, to); struct matched_pattern_container *matched_pat_container = (struct matched_pattern_container *)ctx;
unsigned long long pattern_id = id;
struct matched_pattern_set *matched_pattern_set = (struct matched_pattern_set *)ctx; if (utarray_find(matched_pat_container->pat_ids, &pattern_id, compare_pattern_id)) {
unsigned int pattern_id = id;
if (utarray_find(matched_pattern_set->pat_ids, &pattern_id, compare_pattern_id)) {
return -1; return -1;
} }
matched_pattern_set->pattern_id = pattern_id; utarray_push_back(matched_pat_container->pat_ids, &pattern_id);
matched_pattern_set->l_matched = from; utarray_sort(matched_pat_container->pat_ids, compare_pattern_id);
matched_pattern_set->r_matched = to;
utarray_push_back(matched_pattern_set->pat_ids, &pattern_id); struct matched_pattern *matched_pat = ALLOC(struct matched_pattern, 1);
utarray_sort(matched_pattern_set->pat_ids, compare_pattern_id); matched_pat->pattern_id = pattern_id;
matched_pat->matched_l_offset = from;
matched_pat->matched_r_offset = to;
HASH_ADD_INT(matched_pat_container->pat_hash, pattern_id, matched_pat);
return 0; return 0;
} }
int is_real_matched_pattern(struct matched_pattern *matched_pat, enum hs_match_mode match_mode,
size_t data_len, int attr_l_offset, int attr_r_offset)
{
if (match_mode == HS_MATCH_MODE_EXACTLY) {
if (matched_pat->matched_l_offset == 0 &&
matched_pat->matched_r_offset == data_len) {
return 0;
}
} else if (match_mode == HS_MATCH_MODE_PREFIX) {
if (matched_pat->matched_l_offset == 0) {
return 0;
}
} else if (match_mode == HS_MATCH_MODE_SUFFIX) {
if (matched_pat->matched_r_offset == data_len) {
return 0;
}
} else if (match_mode == HS_MATCH_MODE_SUB) {
if (attr_l_offset == -1) {
attr_l_offset = 0;
}
if (attr_r_offset == -1) {
attr_r_offset = (int)data_len;
}
if (matched_pat->matched_l_offset >= (unsigned long)attr_l_offset &&
matched_pat->matched_r_offset <= (unsigned long)attr_r_offset) {
return 0;
}
} else {
assert(0);
}
return -1;
}
int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id, int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
const char *data, size_t data_len, const char *data, size_t data_len,
struct hs_scan_result *results, struct hs_scan_result *results,
@@ -496,16 +479,16 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
hs_scratch_t *scratch = hs_rt->scratchs[thread_id]; hs_scratch_t *scratch = hs_rt->scratchs[thread_id];
hs_error_t err; hs_error_t err;
struct matched_pattern_set matched_pat_set; struct matched_pattern_container matched_pat_container;
matched_pat_set.pat_hash = NULL; matched_pat_container.pat_hash = NULL;
utarray_new(matched_pat_set.pat_ids, &ut_pattern_id_icd); utarray_new(matched_pat_container.pat_ids, &ut_pattern_id_icd);
utarray_reserve(matched_pat_set.pat_ids, hs_instance->n_patterns); utarray_reserve(matched_pat_container.pat_ids, hs_instance->n_patterns);
int err_count = 0; int err_count = 0;
if (hs_rt->literal_db != NULL) { if (hs_rt->literal_db != NULL) {
err = hs_scan(hs_rt->literal_db, data, data_len, 0, scratch, err = hs_scan(hs_rt->literal_db, data, data_len, 0, scratch,
matched_event_cb, &matched_pat_set); matched_event_cb, &matched_pat_container);
if (err != HS_SUCCESS) { if (err != HS_SUCCESS) {
//log_error() //log_error()
err_count++; err_count++;
@@ -514,7 +497,7 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
if (hs_rt->regex_db != NULL) { if (hs_rt->regex_db != NULL) {
err = hs_scan(hs_rt->regex_db, data, data_len, 0, scratch, err = hs_scan(hs_rt->regex_db, data, data_len, 0, scratch,
matched_event_cb, &matched_pat_set); matched_event_cb, &matched_pat_container);
if (err != HS_SUCCESS) { if (err != HS_SUCCESS) {
//log_error() //log_error()
err_count++; err_count++;
@@ -525,27 +508,20 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
return -1; return -1;
} }
struct matched_pattern *matched_pat = ALLOC(struct matched_pattern, 1); size_t matched_pattern_ids_cnt = utarray_len(matched_pat_container.pat_ids);
unsigned int pattern_id = matched_pat_set.pattern_id; size_t i = 0;
matched_pat->pattern_id = pattern_id;
matched_pat->matched_l_offset = matched_pat_set.l_matched;
matched_pat->matched_r_offset = matched_pat_set.r_matched;
HASH_ADD_INT(matched_pat_set.pat_hash, pattern_id, matched_pat);
size_t matched_pattern_ids_cnt = utarray_len(matched_pat_set.pat_ids);
unsigned long long items[matched_pattern_ids_cnt]; unsigned long long items[matched_pattern_ids_cnt];
memset(items, 0, sizeof(unsigned long long) * matched_pattern_ids_cnt); memset(items, 0, sizeof(unsigned long long) * matched_pattern_ids_cnt);
for (size_t i = 0; i < matched_pattern_ids_cnt; i++) { for (i = 0; i < matched_pattern_ids_cnt; i++) {
items[i] = *(unsigned long long *)utarray_eltptr(matched_pat_set.pat_ids, i); items[i] = *(unsigned long long *)utarray_eltptr(matched_pat_container.pat_ids, i);
} }
int ret = 0; int ret = 0;
int matched_index = 0; int matched_index = 0;
int real_matched_index = 0; int real_matched_index = 0;
struct bool_expr_match *bool_matcher_results = NULL; struct hs_tag *hs_tag = NULL;
bool_matcher_results = ALLOC(struct bool_expr_match, hs_instance->n_expr); struct bool_expr_match *bool_matcher_results = ALLOC(struct bool_expr_match, hs_instance->n_expr);
int bool_matcher_ret = bool_matcher_match(hs_rt->bm, items, matched_pattern_ids_cnt, int bool_matcher_ret = bool_matcher_match(hs_rt->bm, items, matched_pattern_ids_cnt,
bool_matcher_results, hs_instance->n_expr); bool_matcher_results, hs_instance->n_expr);
if (bool_matcher_ret < 0) { if (bool_matcher_ret < 0) {
@@ -558,16 +534,20 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
} }
for (matched_index = 0; matched_index < bool_matcher_ret; matched_index++) { for (matched_index = 0; matched_index < bool_matcher_ret; matched_index++) {
//results[matched_index].item_id = bool_matcher_results[matched_index].expr_id; hs_tag = (struct hs_tag *)bool_matcher_results[matched_index].user_tag;
struct hs_tag *hs_tag = (struct hs_tag *)bool_matcher_results[matched_index].user_tag;
for (size_t i = 0; i < hs_tag->n_pat_offset; i++) { /* check if real matched pattern, because pattern match_mode is different */
//命中的 item = pat1 & pat2 for (i = 0; i < hs_tag->n_pat_attr; i++) {
int pattern_id = hs_tag->pat_offset[i].pattern_id; struct matched_pattern *tmp_matched_pat = NULL;
struct matched_pattern *matched_pat = NULL; int pattern_id = hs_tag->pat_attr[i].pattern_id;
HASH_FIND_INT(matched_pat_set.pat_hash, &pattern_id, matched_pat); HASH_FIND_INT(matched_pat_container.pat_hash, &pattern_id, tmp_matched_pat);
if (matched_pat) { if (tmp_matched_pat) {
if (matched_pat->matched_l_offset >= hs_tag->pat_offset[i].l_offset && int matched_ret = is_real_matched_pattern(tmp_matched_pat,
matched_pat->matched_r_offset <= hs_tag->pat_offset[i].r_offset) { hs_tag->pat_attr[i].match_mode,
data_len,
hs_tag->pat_attr[i].l_offset,
hs_tag->pat_attr[i].r_offset);
if (0 == matched_ret) {
results[real_matched_index].item_id = bool_matcher_results[matched_index].expr_id; results[real_matched_index].item_id = bool_matcher_results[matched_index].expr_id;
results[real_matched_index].user_tag = hs_tag->user_tag; results[real_matched_index].user_tag = hs_tag->user_tag;
real_matched_index++; real_matched_index++;
@@ -576,15 +556,15 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
} }
} }
} }
*n_hit_result = bool_matcher_ret; *n_hit_result = real_matched_index;
next: next:
FREE(bool_matcher_results); FREE(bool_matcher_results);
struct matched_pattern *pattern = NULL, *tmp_pattern = NULL; struct matched_pattern *pattern = NULL, *tmp_pattern = NULL;
HASH_ITER(hh, matched_pat_set.pat_hash, pattern, tmp_pattern) { HASH_ITER(hh, matched_pat_container.pat_hash, pattern, tmp_pattern) {
HASH_DELETE(hh, matched_pat_set.pat_hash, pattern); HASH_DELETE(hh, matched_pat_container.pat_hash, pattern);
FREE(pattern); FREE(pattern);
} }
utarray_free(matched_pat_set.pat_ids); utarray_free(matched_pat_container.pat_ids);
return ret; return ret;
} }

52
scanner/adapter_hs.h
View File

@@ -11,7 +11,7 @@
#ifndef _ADAPTER_HS_H_ #ifndef _ADAPTER_HS_H_
#define _ADAPTER_HS_H_ #define _ADAPTER_HS_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -32,10 +32,24 @@ enum hs_scan_mode {
HS_SCAN_MODE_MAX HS_SCAN_MODE_MAX
}; };
/* pattern type: PATTERN_TYPE_STR(pure literal string) or PATTERN_TYPE_REG(regex expression) */ /* match method */
enum pattern_type { enum hs_match_mode {
PATTERN_TYPE_STR = 0, HS_MATCH_MODE_EXACTLY = 1, /* scan data must match pattern exactly */
PATTERN_TYPE_REG, HS_MATCH_MODE_PREFIX, /* pattern must in the head of scan_data */
HS_MATCH_MODE_SUFFIX, /* pattern must in the end of scan_data */
HS_MATCH_MODE_SUB, /* pattern must in the range[l_offset, r_offset] of scan_data */
HS_MATCH_MODE_MAX
};
enum hs_pattern_type {
HS_PATTERN_TYPE_STR = 0, /* pure literal string */
HS_PATTERN_TYPE_REG, /* regex expression */
HS_PATTERN_TYPE_MAX
};
enum hs_case_sensitive {
HS_CASE_SENSITIVE = 0,
HS_CASE_INSESITIVE
}; };
struct hs_scan_result { struct hs_scan_result {
@@ -44,16 +58,15 @@ struct hs_scan_result {
}; };
typedef struct { typedef struct {
/* pattern type */ enum hs_case_sensitive case_sensitive;
int type; enum hs_match_mode match_mode;
/* default 0(sensitive) 1(insensitive) */ /*
int case_sensitive; * just match in scan_data's range of [l_offset, r_offset], -1 means no limits
* for example:
/* (0)sub string match (1)complete match */ * [-1, r_offset] means the pattern must in scan_data's [0 ~ r_offset]
int match_mode; * [l_offset, -1] means the pattern must in scan_data's [l_offset ~ end]
*/
/* just match in scan_data's range of [l_offset, r_offset] */
int l_offset; int l_offset;
int r_offset; int r_offset;
@@ -81,10 +94,11 @@ typedef struct {
* *
* @retval the pointer to adapter_hs instance * @retval the pointer to adapter_hs instance
*/ */
struct adapter_hs * struct adapter_hs *adapter_hs_initialize(enum hs_scan_mode scan_mode,
adapter_hs_initialize(int scan_mode, size_t n_worker_thread, enum hs_pattern_type pattern_type,
and_expr_t *expr_array, size_t n_expr_array, size_t n_worker_thread,
struct log_handle *logger); and_expr_t *exprs, size_t n_expr,
struct log_handle *logger);
/** /**
* @brief scan input data to match logic AND expression, return all matched expr_id * @brief scan input data to match logic AND expression, return all matched expr_id
@@ -120,7 +134,7 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *stream, const char *data, s
void adapter_hs_stream_close(struct adapter_hs_stream *stream); void adapter_hs_stream_close(struct adapter_hs_stream *stream);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

4
scanner/fqdn_engine.cpp
View File

@@ -44,7 +44,7 @@ struct packedRT_t
unsigned char B[4]; unsigned char B[4];
}; };
void * aligned_malloc(size_t size, size_t align) static void * aligned_malloc(size_t size, size_t align)
{ {
void * malloc_ptr; void * malloc_ptr;
void * aligned_ptr; void * aligned_ptr;
@@ -73,7 +73,7 @@ void * aligned_malloc(size_t size, size_t align)
return aligned_ptr; return aligned_ptr;
} }
void aligned_free(void * aligned_ptr) static void aligned_free(void * aligned_ptr)
{ {
if (aligned_ptr) if (aligned_ptr)
{ {

42
src/CMakeLists.txt
View File

@@ -7,12 +7,13 @@ set(MAAT_FRAME_VERSION ${MAAT_FRAME_MAJOR_VERSION}.${MAAT_FRAME_MINOR_VERSION}.$
message(STATUS "Maat Frame, Version: ${MAAT_FRAME_VERSION}") message(STATUS "Maat Frame, Version: ${MAAT_FRAME_VERSION}")
add_definitions(-D_GNU_SOURCE)
add_definitions(-fPIC) add_definitions(-fPIC)
set(MAAT_SRC json2iris.cpp maat_api.cpp rcu_hash.cpp maat_garbage_collection.cpp maat_config_monitor.cpp set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c
maat_rule.cpp maat_kv.cpp maat_ex_data.cpp maat_utils.cpp maat_command.cpp maat_redis_monitor.cpp maat_rule.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c
maat_table.cpp maat_compile.cpp maat_group.cpp maat_ip.cpp maat_flag.cpp maat_interval.cpp maat_table.c maat_compile.c maat_group.c maat_ip.c maat_flag.c maat_interval.c
maat_expr.cpp maat_plugin.cpp maat_ip_plugin.cpp maat_bool_plugin.cpp maat_fqdn_plugin.cpp maat_expr.c maat_fqdn.c maat_port_proto.c maat_plugin.c maat_ip_plugin.c maat_bool_plugin.c
maat_virtual.cpp) maat_fqdn_plugin.c maat_virtual.c)
set(LIB_SOURCE_FILES set(LIB_SOURCE_FILES
${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c) ${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c)
@@ -28,18 +29,31 @@ set_target_properties(maat_frame_static PROPERTIES LINKER_LANGUAGE CXX)
set_target_properties(maat_frame_static PROPERTIES OUTPUT_NAME maatframe) set_target_properties(maat_frame_static PROPERTIES OUTPUT_NAME maatframe)
set_target_properties(maat_frame_static PROPERTIES CLEAN_DIRECT_OUTPUT 1) set_target_properties(maat_frame_static PROPERTIES CLEAN_DIRECT_OUTPUT 1)
target_link_libraries(maat_frame_static adapter-static hiredis-static igraph-static flagmatcher-static intervalmatcher-static pthread crypto z) target_link_libraries(maat_frame_static hiredis-static ${MAAT_DEPEND_DYN_LIB})
target_link_libraries(maat_frame_static igraph-static)
target_link_libraries(maat_frame_static ipmatcher-static)
target_link_libraries(maat_frame_static adapter-static)
target_link_libraries(maat_frame_static flagmatcher-static)
target_link_libraries(maat_frame_static intervalmatcher-static)
# Shared Library Output # Shared Library Output
#add_library(maat_frame_shared SHARED ${MAAT_SRC} ${LIB_SOURCE_FILES}) add_library(maat_frame_shared SHARED ${MAAT_SRC} ${LIB_SOURCE_FILES})
#set_target_properties(maat_frame_shared PROPERTIES LINKER_LANGUAGE CXX) set_target_properties(maat_frame_shared PROPERTIES LINKER_LANGUAGE CXX)
#set_target_properties(maat_frame_shared PROPERTIES OUTPUT_NAME maatframe) set_target_properties(maat_frame_shared PROPERTIES OUTPUT_NAME maatframe)
#set_target_properties(maat_frame_shared PROPERTIES CLEAN_DIRECT_OUTPUT 1) set_target_properties(maat_frame_shared PROPERTIES CLEAN_DIRECT_OUTPUT 1)
#set_target_properties(maat_frame_shared PROPERTIES VERSION ${MAAT_FRAME_MAJOR_VERSION}.${MAAT_FRAME_MINOR_VERSION}) set_target_properties(maat_frame_shared PROPERTIES VERSION ${MAAT_FRAME_MAJOR_VERSION}.${MAAT_FRAME_MINOR_VERSION})
#set_target_properties(maat_frame_shared PROPERTIES SOVERSION ${MAAT_FRAME_MAJOR_VERSION}) set_target_properties(maat_frame_shared PROPERTIES SOVERSION ${MAAT_FRAME_MAJOR_VERSION})
set_target_properties(maat_frame_shared PROPERTIES LINK_FLAGS "-Wl,--version-script=${CMAKE_CURRENT_LIST_DIR}/version.map")
#target_link_libraries(maat_frame_shared hyperscan_static) target_link_libraries(maat_frame_shared hiredis-static ${MAAT_DEPEND_DYN_LIB})
target_link_libraries(maat_frame_shared igraph-static ${MAAT_DEPEND_DYN_LIB})
target_link_libraries(maat_frame_shared ipmatcher-static)
target_link_libraries(maat_frame_shared adapter-static)
target_link_libraries(maat_frame_shared flagmatcher-static)
target_link_libraries(maat_frame_shared intervalmatcher-static)
# install # install
set(CMAKE_INSTALL_PREFIX /opt/MESA/) set(CMAKE_INSTALL_PREFIX /opt/MESA/)
#install(FILES ${PROJECT_SOURCE_DIR}/include/maat DESTINATION ${CMAKE_INSTALL_PREFIX}/include/MESA/ COMPONENT HEADER) install(FILES ${PROJECT_SOURCE_DIR}/include/maat.h DESTINATION ${CMAKE_INSTALL_PREFIX}/include/MESA/ COMPONENT HEADER)
install(FILES ${PROJECT_SOURCE_DIR}/include/bool_matcher.h DESTINATION ${CMAKE_INSTALL_PREFIX}/include/MESA/ COMPONENT HEADER)
install(TARGETS maat_frame_shared LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib/ COMPONENT LIBRARIES)

67
src/alignment.c Normal file
View File

@@ -0,0 +1,67 @@
/*
**********************************************************************************************
* File: alignment.c
* Description:
* Authors: Zheng Chao <zhengchao@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#include <stdlib.h>
#include <string.h>
#include "alignment.h"
#define CPU_CACHE_ALIGMENT 64
inline long long *alignment_int64_array_alloc(int size)
{
return (long long *)calloc(CPU_CACHE_ALIGMENT, size);
}
inline long long alignment_int64_array_sum(long long *array, int size)
{
int offset = 0;
long long sum = 0;
for (int i = 0; i < size; i++) {
offset = (CPU_CACHE_ALIGMENT / sizeof(long long)) * i;
sum += array[offset];
}
return sum;
}
inline long long alignment_int64_array_add(long long *array, int offset, long long op_val)
{
int idx = (CPU_CACHE_ALIGMENT / sizeof(long long)) * offset;
array[idx] += op_val;
return array[idx];
}
inline long long alignment_int64_array_cnt(long long *array, int size)
{
int offset = 0;
int cnt = 0;
for (int i = 0; i < size; i++) {
offset = (CPU_CACHE_ALIGMENT / sizeof(long long)) * i;
if (array[offset] > 0) {
cnt++;
}
}
return cnt;
}
inline void alignment_int64_array_reset(long long *array, int size)
{
memset(array, 0, CPU_CACHE_ALIGMENT * size);
}
inline void alignment_int64_array_free(long long *array)
{
free(array);
}

60
src/inc_internal/alignment.h
View File

@@ -11,68 +11,24 @@
#ifndef _ALIGNMENT_H_ #ifndef _ALIGNMENT_H_
#define _ALIGNMENT_H_ #define _ALIGNMENT_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include <stdlib.h> long long *alignment_int64_array_alloc(int size);
#include <string.h>
#define CPU_CACHE_ALIGMENT 64 long long alignment_int64_array_sum(long long *array, int size);
inline long long *alignment_int64_array_alloc(int size) long long alignment_int64_array_add(long long *array, int offset, long long op_val);
{
return (long long *)calloc(CPU_CACHE_ALIGMENT, size);
}
inline long long alignment_int64_array_sum(long long *array, int size) long long alignment_int64_array_cnt(long long *array, int size);
{
int offset = 0;
long long sum = 0;
for (int i = 0; i < size; i++) { void alignment_int64_array_reset(long long *array, int size);
offset = (CPU_CACHE_ALIGMENT / sizeof(long long)) * i;
sum += array[offset];
}
return sum; void alignment_int64_array_free(long long *array);
}
inline long long alignment_int64_array_add(long long *array, int offset, long long op_val) #ifdef __cplusplus
{
int idx = (CPU_CACHE_ALIGMENT / sizeof(long long)) * offset;
array[idx] += op_val;
return array[idx];
}
inline long long alignment_int64_array_cnt(long long *array, int size)
{
int offset = 0;
int cnt = 0;
for (int i = 0; i < size; i++) {
offset = (CPU_CACHE_ALIGMENT / sizeof(long long)) * i;
if (array[offset] > 0) {
cnt++;
}
}
return cnt;
}
inline void alignment_int64_array_reset(long long *array, int size)
{
memset(array, 0, CPU_CACHE_ALIGMENT * size);
}
inline void alignment_int64_array_free(long long *array)
{
free(array);
}
#ifdef __cpluscplus
} }
#endif #endif

5
src/inc_internal/json2iris.h
View File

@@ -11,19 +11,20 @@
#ifndef _JSON2IRIS_H_ #ifndef _JSON2IRIS_H_
#define _JSON2IRIS_H_ #define _JSON2IRIS_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "hiredis/hiredis.h" #include "hiredis/hiredis.h"
#include "log/log.h"
int json2iris(const char *json_buff, const char *json_filename, int json2iris(const char *json_buff, const char *json_filename,
redisContext *redis_write_ctx, char *iris_dir_buf, redisContext *redis_write_ctx, char *iris_dir_buf,
int buf_len, char *encrypt_key, char *encrypt_algo, int buf_len, char *encrypt_key, char *encrypt_algo,
struct log_handle *logger); struct log_handle *logger);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

10
src/inc_internal/maat_bool_plugin.h
View File

@@ -11,16 +11,18 @@
#ifndef _MAAT_BOOL_PLUGIN_H_ #ifndef _MAAT_BOOL_PLUGIN_H_
#define _MAAT_BOOL_PLUGIN_H_ #define _MAAT_BOOL_PLUGIN_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "log/log.h" #include "maat.h"
#include "maat/maat.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
struct bool_plugin_runtime; struct bool_plugin_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
/* bool plugin schema API */ /* bool plugin schema API */
void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *bool_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -49,7 +51,7 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime); struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

6
src/inc_internal/maat_command.h
View File

@@ -11,11 +11,13 @@
#ifndef _MAAT_COMMAND_H_ #ifndef _MAAT_COMMAND_H_
#define _MAAT_COMMAND_H_ #define _MAAT_COMMAND_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "maat.h"
enum maat_operation { enum maat_operation {
MAAT_OP_DEL = 0, MAAT_OP_DEL = 0,
MAAT_OP_ADD, MAAT_OP_ADD,
@@ -39,7 +41,7 @@ struct maat_cmd_line
*/ */
int maat_cmd_set_line(struct maat *maat_instance, const struct maat_cmd_line *line_rule); int maat_cmd_set_line(struct maat *maat_instance, const struct maat_cmd_line *line_rule);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

4
src/inc_internal/maat_common.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_COMMON_H_ #ifndef _MAAT_COMMON_H_
#define _MAAT_COMMON_H_ #define _MAAT_COMMON_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -41,7 +41,7 @@ struct maat_options {
}; };
}; };
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

12
src/inc_internal/maat_compile.h
View File

@@ -11,14 +11,13 @@
#ifndef _MAAT_COMPILE_H_ #ifndef _MAAT_COMPILE_H_
#define _MAAT_COMPILE_H_ #define _MAAT_COMPILE_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "log/log.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
#include "maat/maat.h" #include "maat.h"
#include "maat_kv.h" #include "maat_kv.h"
#include "maat_rule.h" #include "maat_rule.h"
@@ -32,6 +31,11 @@ struct compile_ex_data_schema {
int table_id; int table_id;
}; };
struct compile_schema;
struct compile_runtime;
struct maat_compile_state;
struct group2group_runtime;
/* compile schema API */ /* compile schema API */
void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger); const char *table_name, struct log_handle *logger);
@@ -93,7 +97,7 @@ int maat_compile_state_update(struct maat_item *item_hash, int vtable_id,
int maat_compile_state_has_NOT_clause(struct maat_compile_state *compile_state); int maat_compile_state_has_NOT_clause(struct maat_compile_state *compile_state);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

4
src/inc_internal/maat_config_monitor.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_CONFIG_MONITOR_H_ #ifndef _MAAT_CONFIG_MONITOR_H_
#define _MAAT_CONFIG_MONITOR_H_ #define _MAAT_CONFIG_MONITOR_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -27,7 +27,7 @@ void config_monitor_traverse(long long version, const char *idx_dir,
int load_maat_json_file(struct maat *maat_instance, const char *json_filename, int load_maat_json_file(struct maat *maat_instance, const char *json_filename,
char *err_str, size_t err_str_sz); char *err_str, size_t err_str_sz);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

6
src/inc_internal/maat_ex_data.h
View File

@@ -11,12 +11,12 @@
#ifndef _MAAT_EX_DATA_H_ #ifndef _MAAT_EX_DATA_H_
#define _MAAT_EX_DATA_H_ #define _MAAT_EX_DATA_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "maat/maat.h" #include "maat.h"
#include "rcu_hash.h" #include "rcu_hash.h"
struct ex_data_container { struct ex_data_container {
@@ -90,7 +90,7 @@ void *ex_data_runtime_get_custom_data(struct ex_data_runtime *ex_data_rt,
size_t ex_data_runtime_ex_container_count(struct ex_data_runtime *ex_data_rt); size_t ex_data_runtime_ex_container_count(struct ex_data_runtime *ex_data_rt);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

19
src/inc_internal/maat_expr.h
View File

@@ -11,15 +11,18 @@
#ifndef _MAAT_EXPR_H_ #ifndef _MAAT_EXPR_H_
#define _MAAT_EXPR_H_ #define _MAAT_EXPR_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "log/log.h" #include "maat_rule.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
struct expr_runtime; struct expr_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger); const char *table_name, struct log_handle *logger);
@@ -41,13 +44,13 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name);
* *
* @retval the num of hit group_id * @retval the num of hit group_id
*/ */
int expr_runtime_scan_string(struct expr_runtime *expr_rt, int thread_id, int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len, const char *data, size_t data_len,
int *group_ids, size_t group_ids_size, int *group_ids, size_t group_ids_size,
int vtable_ids, struct maat_state *state); int vtable_ids, struct maat_state *state);
void expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id); void expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_scan_stream(struct expr_runtime *expr_rt, const char *data, int expr_runtime_stream_scan(struct expr_runtime *expr_rt, const char *data,
size_t data_len, int *group_ids, size_t group_ids_size, size_t data_len, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state); int vtable_id, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime *expr_rt); void expr_runtime_stream_close(struct expr_runtime *expr_rt);
@@ -55,7 +58,7 @@ void expr_runtime_stream_close(struct expr_runtime *expr_rt);
void expr_runtime_scan_hit_inc(struct expr_runtime *expr_rt, int thread_id); void expr_runtime_scan_hit_inc(struct expr_runtime *expr_rt, int thread_id);
long long expr_runtime_scan_hit_sum(struct expr_runtime *expr_rt, int n_thread); long long expr_runtime_scan_hit_sum(struct expr_runtime *expr_rt, int n_thread);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

15
src/inc_internal/maat_flag.h
View File

@@ -11,17 +11,20 @@
#ifndef _MAAT_FLAG_H_ #ifndef _MAAT_FLAG_H_
#define _MAAT_FLAG_H_ #define _MAAT_FLAG_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include <stdint.h> #include <stdint.h>
#include "log/log.h" #include "maat_rule.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
struct flag_runtime; struct flag_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger); const char *table_name, struct log_handle *logger);
@@ -43,14 +46,14 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name);
* *
* @retval the num of hit group_id * @retval the num of hit group_id
*/ */
int flag_runtime_scan_flag(struct flag_runtime *flag_rt, int thread_id, int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
uint64_t flag, int *group_ids, size_t group_ids_size, uint64_t flag, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state); int vtable_id, struct maat_state *state);
void flag_runtime_scan_hit_inc(struct flag_runtime *flag_rt, int thread_id); void flag_runtime_scan_hit_inc(struct flag_runtime *flag_rt, int thread_id);
long long flag_runtime_scan_hit_sum(struct flag_runtime *flag_rt, int n_thread); long long flag_runtime_scan_hit_sum(struct flag_runtime *flag_rt, int n_thread);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

55
src/inc_internal/maat_fqdn.h Normal file
View File

@@ -0,0 +1,55 @@
/*
**********************************************************************************************
* File: maat_fqdn.h
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_FQDN_H_
#define _MAAT_FQDN_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "maat_rule.h"
#include "cJSON/cJSON.h"
struct fqdn_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
void *fqdn_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void fqdn_schema_free(void *fqdn_schema);
/* fqdn runtime API */
void *fqdn_runtime_new(void *fqdn_schema, int max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void fqdn_runtime_free(void *fqdn_runtime);
int fqdn_runtime_update(void *fqdn_runtime, void *fqdn_schema,
const char *line, int valid_column);
int fqdn_runtime_commit(void *fqdn_runtime, const char *table_name);
struct ex_data_runtime *fqdn_runtime_get_ex_data_rt(struct fqdn_runtime *fqdn_rt);
/* fqdn runtime scan API */
int fqdn_runtime_scan(struct fqdn_runtime *fqdn_rt, int thread_id, int port,
int proto, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state);
void fqdn_runtime_scan_hit_inc(struct fqdn_runtime *fqdn_rt, int thread_id);
long long fqdn_runtime_scan_hit_sum(struct fqdn_runtime *fqdn_rt, int n_thread);
#ifdef __cplusplus
}
#endif
#endif

10
src/inc_internal/maat_fqdn_plugin.h
View File

@@ -11,16 +11,18 @@
#ifndef _MAAT_FQDN_PLUGIN_H_ #ifndef _MAAT_FQDN_PLUGIN_H_
#define _MAAT_FQDN_PLUGIN_H_ #define _MAAT_FQDN_PLUGIN_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "log/log.h" #include "maat.h"
#include "maat/maat.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
struct fqdn_plugin_runtime; struct fqdn_plugin_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
/* fqdn plugin schema API */ /* fqdn plugin schema API */
void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *fqdn_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -49,7 +51,7 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime); struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

4
src/inc_internal/maat_garbage_collection.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_GARBAGE_COLLECTION_H_ #ifndef _MAAT_GARBAGE_COLLECTION_H_
#define _MAAT_GARBAGE_COLLECTION_H_ #define _MAAT_GARBAGE_COLLECTION_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -33,7 +33,7 @@ size_t maat_garbage_bin_get_size(struct maat_garbage_bin *bin);
void maat_garbage_collect_by_force(struct maat_garbage_bin *bin); void maat_garbage_collect_by_force(struct maat_garbage_bin *bin);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

9
src/inc_internal/maat_group.h
View File

@@ -11,17 +11,18 @@
#ifndef _MAAT_GROUP_H_ #ifndef _MAAT_GROUP_H_
#define _MAAT_GROUP_H_ #define _MAAT_GROUP_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
#include "uthash/uthash.h"
#include "igraph/igraph.h"
#include "maat_kv.h" #include "maat_kv.h"
struct maat_group; struct maat_group;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
/* group2group schema API */ /* group2group schema API */
void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -49,7 +50,7 @@ int group2group_runtime_update(void *g2g_runtime, void *g2g_schema,
const char *line, int valid_column); const char *line, int valid_column);
int group2group_runtime_commit(void *g2g_runtime, const char *table_name); int group2group_runtime_commit(void *g2g_runtime, const char *table_name);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

15
src/inc_internal/maat_interval.h
View File

@@ -11,17 +11,20 @@
#ifndef _MAAT_INTERVAL_H_ #ifndef _MAAT_INTERVAL_H_
#define _MAAT_INTERVAL_H_ #define _MAAT_INTERVAL_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include <stdint.h> #include <stdint.h>
#include "log/log.h" #include "maat_rule.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
struct interval_runtime; struct interval_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger); const char *table_name, struct log_handle *logger);
@@ -43,14 +46,14 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name);
* *
* @retval the num of hit group_id * @retval the num of hit group_id
*/ */
int interval_runtime_scan_intval(struct interval_runtime *interval_rt, int thread_id, int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
uint64_t integer, int *group_ids, size_t group_ids_size, uint64_t integer, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state); int vtable_id, struct maat_state *state);
void interval_runtime_scan_hit_inc(struct interval_runtime *interval_rt, int thread_id); void interval_runtime_scan_hit_inc(struct interval_runtime *interval_rt, int thread_id);
long long interval_runtime_scan_hit_sum(struct interval_runtime *interval_rt, int n_thread); long long interval_runtime_scan_hit_sum(struct interval_runtime *interval_rt, int n_thread);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

11
src/inc_internal/maat_ip.h
View File

@@ -11,12 +11,17 @@
#ifndef _MAAT_IP_H_ #ifndef _MAAT_IP_H_
#define _MAAT_IP_H_ #define _MAAT_IP_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "cJSON/cJSON.h"
struct ip_runtime; struct ip_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger); const char *table_name, struct log_handle *logger);
@@ -35,14 +40,14 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name);
struct ex_data_runtime *ip_runtime_get_ex_data_rt(struct ip_runtime *ip_rt); struct ex_data_runtime *ip_runtime_get_ex_data_rt(struct ip_runtime *ip_rt);
/* ip runtime scan API */ /* ip runtime scan API */
int ip_runtime_scan_ip(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int *group_ids, size_t group_id_size, uint8_t *ip_addr, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state); int vtable_id, struct maat_state *state);
void ip_runtime_scan_hit_inc(struct ip_runtime *ip_rt, int thread_id); void ip_runtime_scan_hit_inc(struct ip_runtime *ip_rt, int thread_id);
long long ip_runtime_scan_hit_sum(struct ip_runtime *ip_rt, int n_thread); long long ip_runtime_scan_hit_sum(struct ip_runtime *ip_rt, int n_thread);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

10
src/inc_internal/maat_ip_plugin.h
View File

@@ -11,16 +11,18 @@
#ifndef _MAAT_IP_PLUGIN_H_ #ifndef _MAAT_IP_PLUGIN_H_
#define _MAAT_IP_PLUGIN_H_ #define _MAAT_IP_PLUGIN_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "log/log.h" #include "maat.h"
#include "maat/maat.h"
#include "cJSON/cJSON.h" #include "cJSON/cJSON.h"
struct ip_plugin_runtime; struct ip_plugin_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
/* ip plugin schema API */ /* ip plugin schema API */
void *ip_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *ip_plugin_schema_new(cJSON *json, struct table_manager *tbl_mgr,
@@ -49,7 +51,7 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name);
struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime); struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

6
src/inc_internal/maat_kv.h
View File

@@ -11,11 +11,13 @@
#ifndef _MAAT_KV_H_ #ifndef _MAAT_KV_H_
#define _MAAT_KV_H_ #define _MAAT_KV_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include <stddef.h>
struct maat_kv_store; struct maat_kv_store;
struct maat_kv_store *maat_kv_store_new(void); struct maat_kv_store *maat_kv_store_new(void);
@@ -30,7 +32,7 @@ int maat_kv_read_unNull(struct maat_kv_store *store, const char *key, size_t key
struct maat_kv_store *maat_kv_store_duplicate(struct maat_kv_store *store); struct maat_kv_store *maat_kv_store_duplicate(struct maat_kv_store *store);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

4
src/inc_internal/maat_limits.h
View File

@@ -11,14 +11,14 @@
#ifndef _MAAT_LIMITS_H_ #ifndef _MAAT_LIMITS_H_
#define _MAAT_LIMITS_H_ #define _MAAT_LIMITS_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#define MAX_KEYWORDS_STR 1024 #define MAX_KEYWORDS_STR 1024
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

7
src/inc_internal/maat_plugin.h
View File

@@ -11,12 +11,13 @@
#ifndef _MAAT_PLUGIN_H_ #ifndef _MAAT_PLUGIN_H_
#define _MAAT_PLUGIN_H_ #define _MAAT_PLUGIN_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "maat/maat.h" #include "cJSON/cJSON.h"
#include "maat.h"
#define MAX_FOREIGN_CLMN_NUM 8 #define MAX_FOREIGN_CLMN_NUM 8
@@ -59,7 +60,7 @@ int plugin_runtime_commit(void *plugin_runtime, const char *table_name);
struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime); struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

56
src/inc_internal/maat_port_proto.h Normal file
View File

@@ -0,0 +1,56 @@
/*
**********************************************************************************************
* File: maat_port_proto.h
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_PORT_PROTO_H_
#define _MAAT_PORT_PROTO_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "maat_rule.h"
#include "cJSON/cJSON.h"
/* pp is short for port proto */
struct pp_runtime;
struct table_manager;
struct log_handle;
struct maat_garbage_bin;
void *pp_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void pp_schema_free(void *pp_schema);
/* ip runtime API */
void *pp_runtime_new(void *pp_schema, int max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void pp_runtime_free(void *pp_runtime);
int pp_runtime_update(void *pp_runtime, void *pp_schema,
const char *line, int valid_column);
int pp_runtime_commit(void *pp_runtime, const char *table_name);
struct ex_data_runtime *pp_runtime_get_ex_data_rt(struct pp_runtime *pp_rt);
/* ip runtime scan API */
int pp_runtime_scan(struct pp_runtime *pp_rt, int thread_id, int port,
int proto, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state);
void pp_runtime_scan_hit_inc(struct pp_runtime *pp_rt, int thread_id);
long long pp_runtime_scan_hit_sum(struct pp_runtime *pp_rt, int n_thread);
#ifdef __cplusplus
}
#endif
#endif

4
src/inc_internal/maat_redis_monitor.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_REDIS_MONITOR_H_ #ifndef _MAAT_REDIS_MONITOR_H_
#define _MAAT_REDIS_MONITOR_H_ #define _MAAT_REDIS_MONITOR_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -25,7 +25,7 @@ void redis_monitor_traverse(long long version, struct source_redis_ctx *mr_ctx,
int (*update_fn)(const char *, const char *, void *), int (*update_fn)(const char *, const char *, void *),
void (*finish_fn)(void *), void *u_param); void (*finish_fn)(void *), void *u_param);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

18
src/inc_internal/maat_rule.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_RULE_H_ #ifndef _MAAT_RULE_H_
#define _MAAT_RULE_H_ #define _MAAT_RULE_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -29,8 +29,10 @@ extern "C"
#include "uthash/uthash.h" #include "uthash/uthash.h"
#include "maat_command.h" #include "maat_command.h"
#include "IPMatcher.h" #include "IPMatcher.h"
#include "maat.h"
#include "maat_kv.h" #include "maat_kv.h"
#include "maat_table.h" #include "maat_table.h"
#include "maat_rule.h"
#include "maat_virtual.h" #include "maat_virtual.h"
#define MAX_TABLE_NUM 256 #define MAX_TABLE_NUM 256
@@ -66,18 +68,6 @@ struct maat_rule_head {
int serv_def_len; int serv_def_len;
}; };
#define MAX_SERVICE_DEFINE_LEN 128
struct maat_rule {
int config_id;
int service_id;
uint8_t do_log;
uint8_t do_blacklist;
uint8_t action;
uint8_t reserved;
int serv_def_len;
char service_defined[MAX_SERVICE_DEFINE_LEN];
};
#define ITEM_RULE_MAGIC 0x4d3c2b1a #define ITEM_RULE_MAGIC 0x4d3c2b1a
struct maat_item_inner { struct maat_item_inner {
long long magic_num; long long magic_num;
@@ -329,7 +319,7 @@ void maat_cmd_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head, void fill_maat_rule(struct maat_rule *rule, const struct maat_rule_head *rule_head,
const char *srv_def, int srv_def_len); const char *srv_def, int srv_def_len);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

6
src/inc_internal/maat_table.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_TABLE_H_ #ifndef _MAAT_TABLE_H_
#define _MAAT_TABLE_H_ #define _MAAT_TABLE_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -19,6 +19,8 @@ extern "C"
#include <stddef.h> #include <stddef.h>
#include <cJSON/cJSON.h> #include <cJSON/cJSON.h>
#include "maat_garbage_collection.h"
enum table_type { enum table_type {
TABLE_TYPE_INVALID = -1, TABLE_TYPE_INVALID = -1,
TABLE_TYPE_FLAG = 0, TABLE_TYPE_FLAG = 0,
@@ -74,7 +76,7 @@ void *table_manager_get_runtime(struct table_manager *tbl_mgr, int table_id);
int table_manager_update_runtime(struct table_manager *tbl_mgr, int table_id, const char *line); int table_manager_update_runtime(struct table_manager *tbl_mgr, int table_id, const char *line);
void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id); void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

13
src/inc_internal/maat_utils.h
View File

@@ -11,7 +11,7 @@
#ifndef _MAAT_UTILS_H_ #ifndef _MAAT_UTILS_H_
#define _MAAT_UTILS_H_ #define _MAAT_UTILS_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -67,12 +67,7 @@ enum maat_ip_format ip_format_str2int(const char *format);
int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2, int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, const char *ip2,
uint32_t range_begin[], uint32_t range_end[]); uint32_t range_begin[], uint32_t range_end[]);
inline void ipv6_ntoh(unsigned int *v6_addr)
{
for (unsigned int i = 0; i < 4; i++) {
v6_addr[i] = ntohl(v6_addr[i]);
}
}
#define UNUSED __attribute__((unused)) #define UNUSED __attribute__((unused))
@@ -80,6 +75,8 @@ const char *module_name_str(const char *name);
char *maat_strdup(const char *s); char *maat_strdup(const char *s);
void ipv6_ntoh(unsigned int *v6_addr);
int get_column_pos(const char *line, int column_seq, size_t *offset, size_t *len); int get_column_pos(const char *line, int column_seq, size_t *offset, size_t *len);
/* the column value must be integer */ /* the column value must be integer */
@@ -111,7 +108,7 @@ int system_cmd_mkdir(const char* path);
int system_cmd_rmdir(const char *dir); int system_cmd_rmdir(const char *dir);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

9
src/inc_internal/maat_virtual.h
View File

@@ -11,11 +11,13 @@
#ifndef _MAAT_VIRTUAL_H_ #ifndef _MAAT_VIRTUAL_H_
#define _MAAT_VIRTUAL_H_ #define _MAAT_VIRTUAL_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#include "cJSON/cJSON.h"
enum scan_type { enum scan_type {
SCAN_TYPE_INVALID = -1, SCAN_TYPE_INVALID = -1,
SCAN_TYPE_NONE = 0, SCAN_TYPE_NONE = 0,
@@ -30,6 +32,9 @@ enum scan_type {
SCAN_TYPE_MAX SCAN_TYPE_MAX
}; };
struct table_manager;
struct log_handle;
void *virtual_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *virtual_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger); const char *table_name, struct log_handle *logger);
@@ -37,7 +42,7 @@ void virtual_schema_free(void *virtual_schema);
int virtual_table_get_physical_table_id(void *virtual_schema, enum scan_type type); int virtual_table_get_physical_table_id(void *virtual_schema, enum scan_type type);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

4
src/inc_internal/rcu_hash.h
View File

@@ -11,7 +11,7 @@
#ifndef _RCU_HASH_H_ #ifndef _RCU_HASH_H_
#define _RCU_HASH_H_ #define _RCU_HASH_H_
#ifdef __cpluscplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
@@ -62,7 +62,7 @@ size_t rcu_hash_garbage_queue_len(struct rcu_hash_table *htable);
size_t rcu_hash_list_updating_data(struct rcu_hash_table *htable, void ***data_array); size_t rcu_hash_list_updating_data(struct rcu_hash_table *htable, void ***data_array);
#ifdef __cpluscplus #ifdef __cplusplus
} }
#endif #endif

0
src/json2iris.cpp → src/json2iris.c
View File

117
src/maat_api.cpp → src/maat_api.c
View File

@@ -14,7 +14,7 @@
#include "maat_utils.h" #include "maat_utils.h"
#include "json2iris.h" #include "json2iris.h"
#include "maat/maat.h" #include "maat.h"
#include "maat_rule.h" #include "maat_rule.h"
#include "maat_common.h" #include "maat_common.h"
#include "maat_kv.h" #include "maat_kv.h"
@@ -29,6 +29,7 @@
#include "maat_group.h" #include "maat_group.h"
#include "maat_expr.h" #include "maat_expr.h"
#include "maat_flag.h" #include "maat_flag.h"
#include "maat_interval.h"
#include "maat_ip.h" #include "maat_ip.h"
#include "maat_plugin.h" #include "maat_plugin.h"
#include "maat_ip_plugin.h" #include "maat_ip_plugin.h"
@@ -41,6 +42,12 @@ enum district_set_flag {
DISTRICT_FLAG_SET DISTRICT_FLAG_SET
}; };
struct maat_stream {
struct maat *maat_instance;
struct maat_runtime *ref_maat_rt;
int vtable_id;
};
enum scan_type maat_table_get_scan_type(enum table_type table_type) enum scan_type maat_table_get_scan_type(enum table_type table_type)
{ {
enum scan_type ret = SCAN_TYPE_INVALID; enum scan_type ret = SCAN_TYPE_INVALID;
@@ -381,12 +388,12 @@ int maat_table_get_id(struct maat *maat_instance, const char *table_name)
return table_id; return table_id;
} }
inline void maat_runtime_ref_inc(struct maat_runtime *maat_rt, int thread_id) static inline void maat_runtime_ref_inc(struct maat_runtime *maat_rt, int thread_id)
{ {
alignment_int64_array_add(maat_rt->ref_cnt, thread_id, 1); alignment_int64_array_add(maat_rt->ref_cnt, thread_id, 1);
} }
inline void maat_runtime_ref_dec(struct maat_runtime *maat_rt, int thread_id) static inline void maat_runtime_ref_dec(struct maat_runtime *maat_rt, int thread_id)
{ {
alignment_int64_array_add(maat_rt->ref_cnt, thread_id, -1); alignment_int64_array_add(maat_rt->ref_cnt, thread_id, -1);
} }
@@ -701,7 +708,7 @@ struct maat_state *grab_state(struct maat_state **state, struct maat *maat_insta
return mid; return mid;
} }
inline int scan_status_should_compile_NOT(struct maat_state *state) static inline int scan_status_should_compile_NOT(struct maat_state *state)
{ {
if (state && (LAST_SCAN_SET == state->is_last_scan) && state->compile_state if (state && (LAST_SCAN_SET == state->is_last_scan) && state->compile_state
&& maat_compile_state_has_NOT_clause(state->compile_state)) { && maat_compile_state_has_NOT_clause(state->compile_state)) {
@@ -723,7 +730,7 @@ int maat_scan_flag(struct maat *maat_instance, int table_id, int thread_id,
uint64_t flag, int *results, size_t n_result, uint64_t flag, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state) size_t *n_hit_result, struct maat_state **state)
{ {
if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM) if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM)
|| (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) { || (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
@@ -762,7 +769,7 @@ int maat_scan_flag(struct maat *maat_instance, int table_id, int thread_id,
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
int group_hit_cnt = flag_runtime_scan_flag((struct flag_runtime *)flag_rt, int group_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
thread_id, thread_id,
flag, group_ids, flag, group_ids,
MAX_SCANNER_HIT_GROUP_NUM, MAX_SCANNER_HIT_GROUP_NUM,
@@ -814,11 +821,99 @@ int maat_scan_flag(struct maat *maat_instance, int table_id, int thread_id,
return MAAT_SCAN_OK; return MAAT_SCAN_OK;
} }
int maat_scan_integer(struct maat *instance, int table_id, int thread_id, int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id,
unsigned int intval, int *results, size_t n_result, unsigned int intval, int *results, size_t n_result,
size_t *n_hit_result, struct maat_state **state) size_t *n_hit_result, struct maat_state **state)
{ {
return 0; if ((NULL == maat_instance) || (table_id < 0) || (table_id >= MAX_TABLE_NUM)
|| (thread_id < 0) || (NULL == results) || (0 == n_result) || (NULL == state)) {
return MAAT_SCAN_ERR;
}
struct maat_state *mid = NULL;
mid = grab_state(state, maat_instance, thread_id);
mid->scan_cnt++;
int physical_table_id = 0;
int vtable_id = 0;
enum table_type table_type = table_manager_get_table_type(maat_instance->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
//find physical table id
void *virtual_schema = table_manager_get_schema(maat_instance->tbl_mgr, table_id);
physical_table_id = virtual_table_get_physical_table_id(virtual_schema, SCAN_TYPE_FLAG);
if (physical_table_id < 0) {
return MAAT_SCAN_ERR;
}
} else {
physical_table_id = table_id;
}
if (NULL == maat_instance->maat_rt) {
log_error(maat_instance->logger, MODULE_MAAT_API,
"maat_scan_string error because of maat_runtime is NULL");
return MAAT_SCAN_OK;
}
maat_runtime_ref_inc(maat_instance->maat_rt, thread_id);
alignment_int64_array_add(maat_instance->thread_call_cnt, thread_id, 1);
int group_ids[MAX_SCANNER_HIT_GROUP_NUM] = {-1};
void *interval_rt = table_manager_get_runtime(maat_instance->tbl_mgr, table_id);
if (NULL == interval_rt) {
return MAAT_SCAN_ERR;
}
int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id,
intval, group_ids,
MAX_SCANNER_HIT_GROUP_NUM,
vtable_id, mid);
if (group_hit_cnt < 0) {
return MAAT_SCAN_ERR;
}
size_t n_hit_compile = 0;
if (group_hit_cnt > 0 || scan_status_should_compile_NOT(mid)) {
// come here means group_hit_cnt > 0, at least MAAT_SCAN_HALF_HIT, or MAAT_SCAN_HIT
if (group_hit_cnt > 0) {
interval_runtime_scan_hit_inc((struct interval_runtime *)interval_rt, thread_id);
}
int compile_table_id = -1;
if (mid->compile_table_id == -1) {
compile_table_id = maat_instance->default_compile_table_id;
} else {
compile_table_id = mid->compile_table_id;
}
void *compile_rt = table_manager_get_runtime(maat_instance->tbl_mgr, compile_table_id);
n_hit_compile = hit_group_to_compile(compile_rt, results, n_result, mid);
*n_hit_result = n_hit_compile;
assert(mid->is_last_scan < LAST_SCAN_FINISHED);
if (LAST_SCAN_SET == mid->is_last_scan) {
mid->is_last_scan = LAST_SCAN_FINISHED;
}
}
if (n_hit_compile > 0) {
alignment_int64_array_add(maat_instance->hit_cnt, thread_id, 1);
if (0 == group_hit_cnt) {
//hit NOT group
alignment_int64_array_add(maat_instance->not_grp_hit_cnt, thread_id, 1);
}
return MAAT_SCAN_HIT;
} else {
// n_hit_compile == 0
if (group_hit_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
}
}
maat_runtime_ref_dec(maat_instance->maat_rt, thread_id);
return MAAT_SCAN_OK;
} }
int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id, int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id,
@@ -857,7 +952,7 @@ int maat_scan_ipv4(struct maat *maat_instance, int table_id, int thread_id,
// return 0; // return 0;
// } // }
int group_hit_cnt = ip_runtime_scan_ip((struct ip_runtime *)ip_rt, thread_id, IPv4, int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, group_ids, sizeof(group_ids), (uint8_t *)&ip_addr, group_ids, sizeof(group_ids),
vtable_id, mid); vtable_id, mid);
if (group_hit_cnt < 0) { if (group_hit_cnt < 0) {
@@ -944,7 +1039,7 @@ int maat_scan_ipv6(struct maat *maat_instance, int table_id, int thread_id,
// return 0; // return 0;
// } // }
int group_hit_cnt = ip_runtime_scan_ip((struct ip_runtime *)ip_rt, thread_id, IPv6, ip_addr, int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, ip_addr,
group_ids, sizeof(group_ids), vtable_id, mid); group_ids, sizeof(group_ids), vtable_id, mid);
if (group_hit_cnt < 0) { if (group_hit_cnt < 0) {
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
@@ -1045,7 +1140,7 @@ int maat_scan_string(struct maat *maat_instance, int table_id, int thread_id,
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
int group_hit_cnt = expr_runtime_scan_string((struct expr_runtime *)expr_rt, int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, thread_id,
data, data_len, group_ids, data, data_len, group_ids,
MAX_SCANNER_HIT_GROUP_NUM, MAX_SCANNER_HIT_GROUP_NUM,

0
src/maat_bool_plugin.cpp → src/maat_bool_plugin.c
View File

0
src/maat_command.cpp → src/maat_command.c
View File

1
src/maat_compile.cpp → src/maat_compile.c
View File

@@ -20,7 +20,6 @@
#include "maat_compile.h" #include "maat_compile.h"
#include "maat_garbage_collection.h" #include "maat_garbage_collection.h"
#include "maat_group.h" #include "maat_group.h"
#include "maat/maat.h"
#include "rcu_hash.h" #include "rcu_hash.h"
#include "maat_table.h" #include "maat_table.h"

0
src/maat_config_monitor.cpp → src/maat_config_monitor.c
View File

5
src/maat_ex_data.cpp → src/maat_ex_data.c
View File

@@ -14,7 +14,6 @@
#include "uthash/uthash.h" #include "uthash/uthash.h"
#include "uthash/utarray.h" #include "uthash/utarray.h"
#include "log/log.h" #include "log/log.h"
#include "rcu_hash.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_ex_data.h" #include "maat_ex_data.h"
@@ -69,8 +68,8 @@ void ex_data_runtime_free(struct ex_data_runtime *ex_data_rt)
if (ex_data_rt->cache_rows != NULL) { if (ex_data_rt->cache_rows != NULL) {
utarray_free(ex_data_rt->cache_rows); utarray_free(ex_data_rt->cache_rows);
ex_data_rt->cache_rows=NULL; ex_data_rt->cache_rows = NULL;
ex_data_rt->cache_row_num=0; ex_data_rt->cache_row_num = 0;
} }
if (ex_data_rt->htable != NULL) { if (ex_data_rt->htable != NULL) {

123
src/maat_expr.cpp → src/maat_expr.c
View File

@@ -35,6 +35,7 @@ struct expr_schema {
int match_method_column; int match_method_column;
int is_hexbin_column; int is_hexbin_column;
enum hs_scan_mode scan_mode; /* adapter_hs scan mode */ enum hs_scan_mode scan_mode; /* adapter_hs scan mode */
enum hs_pattern_type pattern_type; /* literal or regex */
int table_id; //ugly int table_id; //ugly
struct table_manager *ref_tbl_mgr; struct table_manager *ref_tbl_mgr;
}; };
@@ -61,13 +62,14 @@ struct expr_item {
int district_id; int district_id;
char keywords[MAX_KEYWORDS_STR]; char keywords[MAX_KEYWORDS_STR];
enum expr_type expr_type; enum expr_type expr_type;
enum match_method match_method; enum hs_match_mode match_mode;
int is_hexbin; int is_hexbin;
int is_case_sensitive; int is_case_sensitive;
}; };
struct expr_runtime { struct expr_runtime {
enum hs_scan_mode scan_mode; enum hs_scan_mode scan_mode;
enum hs_pattern_type pattern_type;
struct adapter_hs *hs; struct adapter_hs *hs;
struct adapter_hs_stream *hs_stream; struct adapter_hs_stream *hs_stream;
struct rcu_hash_table *htable; struct rcu_hash_table *htable;
@@ -111,28 +113,28 @@ enum expr_type int_to_expr_type(int expr_type)
return type; return type;
} }
enum match_method int_to_match_method_type(int match_method_type) enum hs_match_mode int_to_match_mode(int match_method)
{ {
enum match_method type = MATCH_METHOD_MAX; enum hs_match_mode mode = HS_MATCH_MODE_MAX;
switch (match_method_type) { switch (match_method) {
case 0: case 0:
type = MATCH_METHOD_SUB; mode = HS_MATCH_MODE_SUB;
break; break;
case 1: case 1:
type = MATCH_METHOD_RIGHT; mode = HS_MATCH_MODE_SUFFIX;
break; break;
case 2: case 2:
type = MATCH_METHOD_LEFT; mode = HS_MATCH_MODE_PREFIX;
break; break;
case 3: case 3:
type = MATCH_METHOD_COMPLETE; mode = HS_MATCH_MODE_EXACTLY;
break; break;
default: default:
break; break;
} }
return type; return mode;
} }
struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schema, struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schema,
@@ -205,7 +207,7 @@ struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schem
} }
match_method_type = atoi(line + column_offset); match_method_type = atoi(line + column_offset);
expr_item->match_method = int_to_match_method_type(match_method_type); expr_item->match_mode = int_to_match_mode(match_method_type);
ret = get_column_pos(line, expr_schema->is_hexbin_column, &column_offset, &column_len); ret = get_column_pos(line, expr_schema->is_hexbin_column, &column_offset, &column_len);
if (ret < 0) { if (ret < 0) {
@@ -252,7 +254,6 @@ struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schem
} }
memcpy(expr_item->keywords, (line + column_offset), column_len); memcpy(expr_item->keywords, (line + column_offset), column_len);
return expr_item; return expr_item;
error: error:
FREE(expr_item); FREE(expr_item);
@@ -264,17 +265,42 @@ void expr_item_free(struct expr_item *expr_item)
FREE(expr_item); FREE(expr_item);
} }
enum hs_scan_mode scan_mode_str_to_enum(const char *mode_str)
{
enum hs_scan_mode scan_mode = HS_SCAN_MODE_MAX;
if (strcmp(mode_str, "block") == 0) {
scan_mode = HS_SCAN_MODE_BLOCK;
} else if (strcmp(mode_str, "stream") == 0) {
scan_mode = HS_SCAN_MODE_STREAM;
} else {
assert(0);
}
return scan_mode;
}
enum hs_pattern_type pattern_type_str_to_enum(const char *type_str)
{
enum hs_pattern_type pattern_type = HS_PATTERN_TYPE_MAX;
if (strcmp(type_str, "literal") == 0) {
pattern_type = HS_PATTERN_TYPE_STR;
} else if (strcmp(type_str, "regex") == 0) {
pattern_type = HS_PATTERN_TYPE_REG;
} else {
assert(0);
}
return pattern_type;
}
void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger) const char *table_name, struct log_handle *logger)
{ {
int read_cnt = 0; int read_cnt = 0;
struct expr_schema *expr_schema = ALLOC(struct expr_schema, 1); struct expr_schema *expr_schema = ALLOC(struct expr_schema, 1);
struct maat_kv_store *scan_mode_map = maat_kv_store_new();
maat_kv_register(scan_mode_map, "block", HS_SCAN_MODE_BLOCK);
maat_kv_register(scan_mode_map, "stream", HS_SCAN_MODE_STREAM);
int ret = -1;
cJSON *custom_item = NULL; cJSON *custom_item = NULL;
cJSON *item = cJSON_GetObjectItem(json, "table_id"); cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (item != NULL && item->type == cJSON_Number) { if (item != NULL && item->type == cJSON_Number) {
@@ -291,13 +317,13 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
custom_item = cJSON_GetObjectItem(item, "scan_mode"); custom_item = cJSON_GetObjectItem(item, "scan_mode");
if (custom_item != NULL && custom_item->type == cJSON_String) { if (custom_item != NULL && custom_item->type == cJSON_String) {
ret = maat_kv_read(scan_mode_map, custom_item->valuestring, expr_schema->scan_mode = scan_mode_str_to_enum(custom_item->valuestring);
(int*)&(expr_schema->scan_mode)); read_cnt++;
if (ret < 0) { }
log_error(logger, MODULE_EXPR, "scan_mode %s illegal",
custom_item->valuestring); custom_item = cJSON_GetObjectItem(item, "pattern_type");
goto error; if (custom_item != NULL && custom_item->type == cJSON_String) {
} expr_schema->pattern_type = pattern_type_str_to_enum(custom_item->valuestring);
read_cnt++; read_cnt++;
} }
@@ -319,10 +345,10 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
read_cnt++; read_cnt++;
} }
/* expr_plus has district */
custom_item = cJSON_GetObjectItem(item, "district"); custom_item = cJSON_GetObjectItem(item, "district");
if (custom_item != NULL && custom_item->type == cJSON_Number) { if (custom_item != NULL && custom_item->type == cJSON_Number) {
expr_schema->district_column = custom_item->valueint; expr_schema->district_column = custom_item->valueint;
read_cnt++;
} }
custom_item = cJSON_GetObjectItem(item, "expr_type"); custom_item = cJSON_GetObjectItem(item, "expr_type");
@@ -345,14 +371,12 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
expr_schema->ref_tbl_mgr = tbl_mgr; expr_schema->ref_tbl_mgr = tbl_mgr;
if (read_cnt < 8) { if (read_cnt < 9) {
goto error; goto error;
} }
maat_kv_store_free(scan_mode_map);
return expr_schema; return expr_schema;
error: error:
maat_kv_store_free(scan_mode_map);
FREE(expr_schema); FREE(expr_schema);
return NULL; return NULL;
} }
@@ -394,6 +418,7 @@ void *expr_runtime_new(void *expr_schema, int max_thread_num,
expr_rt->htable = rcu_hash_new(expr_ex_data_free); expr_rt->htable = rcu_hash_new(expr_ex_data_free);
expr_rt->scan_mode = schema->scan_mode; expr_rt->scan_mode = schema->scan_mode;
expr_rt->pattern_type = schema->pattern_type;
expr_rt->item_user_data_free = maat_item_inner_free; expr_rt->item_user_data_free = maat_item_inner_free;
expr_rt->n_worker_thread = max_thread_num; expr_rt->n_worker_thread = max_thread_num;
expr_rt->ref_garbage_bin = garbage_bin; expr_rt->ref_garbage_bin = garbage_bin;
@@ -477,17 +502,18 @@ int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key,
return 0; return 0;
} }
enum pattern_type expr_type2pattern_type(enum expr_type expr_type) enum hs_pattern_type expr_type2pattern_type(enum expr_type expr_type)
{ {
enum pattern_type pattern_type = PATTERN_TYPE_STR; enum hs_pattern_type pattern_type = HS_PATTERN_TYPE_MAX;
switch (expr_type) { switch (expr_type) {
case EXPR_TYPE_STRING: case EXPR_TYPE_STRING:
case EXPR_TYPE_AND: case EXPR_TYPE_AND:
case EXPR_TYPE_OFFSET: case EXPR_TYPE_OFFSET:
pattern_type = HS_PATTERN_TYPE_STR;
break; break;
case EXPR_TYPE_REGEX: case EXPR_TYPE_REGEX:
pattern_type = PATTERN_TYPE_REG; pattern_type = HS_PATTERN_TYPE_REG;
break; break;
default: default:
break; break;
@@ -496,7 +522,7 @@ enum pattern_type expr_type2pattern_type(enum expr_type expr_type)
return pattern_type; return pattern_type;
} }
int converHextoint(char srctmp) int convertHextoint(char srctmp)
{ {
if (isdigit(srctmp)) { if (isdigit(srctmp)) {
return srctmp - '0'; return srctmp - '0';
@@ -512,8 +538,8 @@ size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
size_t resultlen = 0; size_t resultlen = 0;
int high,low; int high,low;
for (int i = 0; i < hex_len && size > resultlen; i += 2, resultlen++) { for (int i = 0; i < hex_len && size > resultlen; i += 2, resultlen++) {
high = converHextoint(hex[i]); high = convertHextoint(hex[i]);
low = converHextoint(hex[i+1]); low = convertHextoint(hex[i+1]);
binary[resultlen] = high * 16 + low; binary[resultlen] = high * 16 + low;
} }
@@ -612,15 +638,15 @@ and_expr_t *expr_item_to_expr_rule(struct expr_item *expr_item, void *user_data,
size_t sub_key_len = 0; size_t sub_key_len = 0;
for (i = 0; i < sub_expr_cnt; i++) { for (i = 0; i < sub_expr_cnt; i++) {
expr_rule->expr_id = expr_item->item_id;
if (FALSE == expr_item->is_case_sensitive) { if (FALSE == expr_item->is_case_sensitive) {
// insensitive // insensitive
expr_rule->patterns[i].case_sensitive = 1; expr_rule->patterns[i].case_sensitive = HS_CASE_INSESITIVE;
} }
expr_rule->patterns[i].type = expr_type2pattern_type(expr_item->expr_type); enum hs_pattern_type pattern_type = expr_type2pattern_type(expr_item->expr_type);
if (TRUE == expr_item->is_hexbin && expr_rule->patterns[i].type != EXPR_TYPE_REGEX) { if (TRUE == expr_item->is_hexbin && pattern_type != HS_PATTERN_TYPE_REG) {
region_str_len = strlen(sub_key_array[i]) + 1; region_str_len = strlen(sub_key_array[i]) + 1;
region_string = ALLOC(char, region_str_len); region_string = ALLOC(char, region_str_len);
region_str_len = hex2bin(sub_key_array[i], strlen(sub_key_array[i]), region_string, region_str_len); region_str_len = hex2bin(sub_key_array[i], strlen(sub_key_array[i]), region_string, region_str_len);
@@ -637,11 +663,26 @@ and_expr_t *expr_item_to_expr_rule(struct expr_item *expr_item, void *user_data,
memcpy(expr_rule->patterns[i].pat, sub_key_array[i], sub_key_len); memcpy(expr_rule->patterns[i].pat, sub_key_array[i], sub_key_len);
expr_rule->patterns[i].pat_len = sub_key_len; expr_rule->patterns[i].pat_len = sub_key_len;
} }
}
expr_rule->patterns[i].match_mode = expr_item->match_mode;
if (expr_rule->patterns[i].match_mode == HS_MATCH_MODE_SUB) {
expr_rule->patterns[i].l_offset = key_left_offset[i];
expr_rule->patterns[i].r_offset = key_right_offset[i];
}
}
expr_rule->expr_id = expr_item->item_id;
expr_rule->user_tag = user_data; expr_rule->user_tag = user_data;
expr_rule->n_patterns = sub_expr_cnt; expr_rule->n_patterns = sub_expr_cnt;
//mytest
// printf("expr_rule->expr_id:%u\n", expr_rule->expr_id);
// printf("expr_rule->n_patterns:%zu\n", expr_rule->n_patterns);
// for (size_t i = 0; i < expr_rule->n_patterns; i++) {
// printf("expr_rule->patterns[%zu].pat:%s\n", i, expr_rule->patterns[i].pat);
// printf("expr_rule->patterns[%zu].pat_len:%zu\n", i, expr_rule->patterns[i].pat_len);
// printf("expr_rule->patterns[%zu].l_offset:%d\n", i, expr_rule->patterns[i].l_offset);
// printf("expr_rule->patterns[%zu].r_offset:%d\n", i, expr_rule->patterns[i].r_offset);
// }
return expr_rule; return expr_rule;
} }
@@ -755,7 +796,7 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name)
log_info(expr_rt->logger, MODULE_EXPR, log_info(expr_rt->logger, MODULE_EXPR,
"table[%s] committing %zu expr rules for rebuilding adapter_hs engine", "table[%s] committing %zu expr rules for rebuilding adapter_hs engine",
table_name, rule_cnt); table_name, rule_cnt);
new_adapter_hs = adapter_hs_initialize(expr_rt->scan_mode, new_adapter_hs = adapter_hs_initialize(expr_rt->scan_mode, expr_rt->pattern_type,
expr_rt->n_worker_thread, expr_rt->n_worker_thread,
rules, rule_cnt, rules, rule_cnt,
expr_rt->logger); expr_rt->logger);
@@ -781,7 +822,7 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name)
return ret; return ret;
} }
int expr_runtime_scan_string(struct expr_runtime *expr_rt, int thread_id, int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len, const char *data, size_t data_len,
int *group_ids, size_t group_ids_size, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state) int vtable_id, struct maat_state *state)
@@ -839,7 +880,7 @@ void expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
expr_rt->hs_stream = hs_stream; expr_rt->hs_stream = hs_stream;
} }
int expr_runtime_scan_stream(struct expr_runtime *expr_rt, const char *data, int expr_runtime_stream_scan(struct expr_runtime *expr_rt, const char *data,
size_t data_len, int *group_ids, size_t group_ids_size, size_t data_len, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state) int vtable_id, struct maat_state *state)
{ {

2
src/maat_flag.cpp → src/maat_flag.c
View File

@@ -410,7 +410,7 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name)
return ret; return ret;
} }
int flag_runtime_scan_flag(struct flag_runtime *flag_rt, int thread_id, int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
uint64_t flag, int *group_ids, size_t group_ids_size, uint64_t flag, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state) int vtable_id, struct maat_state *state)
{ {

72
src/maat_fqdn.c Normal file
View File

@@ -0,0 +1,72 @@
/*
**********************************************************************************************
* File: maat_fqdn.cpp
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#include "maat_fqdn.h"
#include "log/log.h"
struct fqdn_runtime {
};
void *fqdn_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger)
{
return NULL;
}
void fqdn_schema_free(void *fqdn_schema)
{
}
void *fqdn_runtime_new(void *fqdn_schema, int max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
return NULL;
}
void fqdn_runtime_free(void *fqdn_runtime)
{
}
int fqdn_runtime_update(void *fqdn_runtime, void *fqdn_schema,
const char *line, int valid_column)
{
return 0;
}
int fqdn_runtime_commit(void *fqdn_runtime, const char *table_name)
{
return 0;
}
struct ex_data_runtime *fqdn_runtime_get_ex_data_rt(struct fqdn_runtime *fqdn_rt)
{
return NULL;
}
int fqdn_runtime_scan(struct fqdn_runtime *fqdn_rt, int thread_id, int port,
int proto, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state)
{
return 0;
}
void fqdn_runtime_scan_hit_inc(struct fqdn_runtime *fqdn_rt, int thread_id)
{
}
long long fqdn_runtime_scan_hit_sum(struct fqdn_runtime *fqdn_rt, int n_thread)
{
return 0;
}

0
src/maat_fqdn_plugin.cpp → src/maat_fqdn_plugin.c
View File

0
src/maat_garbage_collection.cpp → src/maat_garbage_collection.c
View File

3
src/maat_group.cpp → src/maat_group.c
View File

@@ -11,11 +11,12 @@
#include <assert.h> #include <assert.h>
#include <pthread.h> #include <pthread.h>
#include "log/log.h"
#include "maat_group.h" #include "maat_group.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "uthash/uthash.h" #include "uthash/uthash.h"
#include "igraph/igraph.h" #include "igraph/igraph.h"
#include "log/log.h" #include "maat_kv.h"
#define MODULE_GROUP module_name_str("maat.group") #define MODULE_GROUP module_name_str("maat.group")

2
src/maat_interval.cpp → src/maat_interval.c
View File

@@ -439,7 +439,7 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name)
return ret; return ret;
} }
int interval_runtime_scan_intval(struct interval_runtime *interval_rt, int thread_id, int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
uint64_t integer, uint64_t integer,
int *group_ids, size_t group_ids_size, int *group_ids, size_t group_ids_size,
int vtable_id, struct maat_state *state) int vtable_id, struct maat_state *state)

3
src/maat_ip.cpp → src/maat_ip.c
View File

@@ -12,7 +12,6 @@
#include <assert.h> #include <assert.h>
#include "log/log.h" #include "log/log.h"
#include "cJSON/cJSON.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_ex_data.h" #include "maat_ex_data.h"
#include "IPMatcher.h" #include "IPMatcher.h"
@@ -479,7 +478,7 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name)
return ret; return ret;
} }
int ip_runtime_scan_ip(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int *group_ids, size_t group_id_size, uint8_t *ip_addr, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state) int vtable_id, struct maat_state *state)
{ {

1
src/maat_ip_plugin.cpp → src/maat_ip_plugin.c
View File

@@ -10,6 +10,7 @@
#include <assert.h> #include <assert.h>
#include "log/log.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_ip_plugin.h" #include "maat_ip_plugin.h"
#include "maat_ex_data.h" #include "maat_ex_data.h"

1
src/maat_kv.cpp → src/maat_kv.c
View File

@@ -8,7 +8,6 @@
*********************************************************************************************** ***********************************************************************************************
*/ */
#include <stddef.h>
#include <ctype.h> #include <ctype.h>
#include "uthash/uthash.h" #include "uthash/uthash.h"

1
src/maat_plugin.cpp → src/maat_plugin.c
View File

@@ -11,7 +11,6 @@
#include <assert.h> #include <assert.h>
#include "log/log.h" #include "log/log.h"
#include "cJSON/cJSON.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_rule.h" #include "maat_rule.h"
#include "maat_plugin.h" #include "maat_plugin.h"

69
src/maat_port_proto.c Normal file
View File

@@ -0,0 +1,69 @@
/*
**********************************************************************************************
* File: maat_ip.cpp
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/
#include "maat_port_proto.h"
#include "log/log.h"
void *pp_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger)
{
}
void pp_schema_free(void *pp_schema)
{
}
/* ip runtime API */
void *pp_runtime_new(void *pp_schema, int max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
}
void pp_runtime_free(void *pp_runtime)
{
}
int pp_runtime_update(void *pp_runtime, void *pp_schema,
const char *line, int valid_column)
{
}
int pp_runtime_commit(void *pp_runtime, const char *table_name)
{
}
struct ex_data_runtime *pp_runtime_get_ex_data_rt(struct pp_runtime *pp_rt)
{
}
int pp_runtime_scan(struct pp_runtime *pp_rt, int thread_id, int port,
int proto, int *group_ids, size_t group_id_size,
int vtable_id, struct maat_state *state)
{
}
void pp_runtime_scan_hit_inc(struct pp_runtime *pp_rt, int thread_id)
{
}
long long pp_runtime_scan_hit_sum(struct pp_runtime *pp_rt, int n_thread)
{
}

2
src/maat_redis_monitor.cpp → src/maat_redis_monitor.c
View File

@@ -13,7 +13,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <stdio.h> #include <stdio.h>
#include "maat/maat.h" #include "maat.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_command.h" #include "maat_command.h"
#include "maat_config_monitor.h" #include "maat_config_monitor.h"

0
src/maat_rule.cpp → src/maat_rule.c
View File

1
src/maat_table.cpp → src/maat_table.c
View File

@@ -15,7 +15,6 @@
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_table.h" #include "maat_table.h"
#include "maat_rule.h" #include "maat_rule.h"
#include "maat_garbage_collection.h"
#include "maat_kv.h" #include "maat_kv.h"
#include "maat_expr.h" #include "maat_expr.h"
#include "maat_ip.h" #include "maat_ip.h"

19
src/maat_utils.cpp → src/maat_utils.c
View File

@@ -32,6 +32,13 @@ const char *module_name_str(const char *name)
return module; return module;
} }
inline void ipv6_ntoh(unsigned int *v6_addr)
{
for (unsigned int i = 0; i < 4; i++) {
v6_addr[i] = ntohl(v6_addr[i]);
}
}
char *maat_strdup(const char *s) char *maat_strdup(const char *s)
{ {
if (NULL == s) { if (NULL == s) {
@@ -440,7 +447,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
return -1; return -1;
} }
ipv4_addr = ntohl(ipv4_addr); //ipv4_addr = ntohl(ipv4_addr);
uint32_t ipv4_range_end = 0; uint32_t ipv4_range_end = 0;
uint32_t ipv4_mask = 0; uint32_t ipv4_mask = 0;
switch (format) { switch (format) {
@@ -450,7 +457,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
ipv4_range_end = ntohl(ipv4_range_end); //ipv4_range_end = ntohl(ipv4_range_end);
range_end[0] = ipv4_range_end; range_end[0] = ipv4_range_end;
break; break;
case IP_FORMAT_MASK: case IP_FORMAT_MASK:
@@ -458,7 +465,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
ipv4_mask = ntohl(ipv4_mask); //ipv4_mask = ntohl(ipv4_mask);
range_begin[0] = ipv4_addr & ipv4_mask; range_begin[0] = ipv4_addr & ipv4_mask;
range_end[0] = ipv4_addr | ~ipv4_mask; range_end[0] = ipv4_addr | ~ipv4_mask;
break; break;
@@ -485,7 +492,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
ipv6_ntoh(ipv6_addr); //ipv6_ntoh(ipv6_addr);
switch (format) { switch (format) {
case IP_FORMAT_RANGE: case IP_FORMAT_RANGE:
@@ -493,7 +500,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
ipv6_ntoh(ipv6_range_end); //ipv6_ntoh(ipv6_range_end);
memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr)); memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr));
memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end)); memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end));
@@ -503,7 +510,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
ipv6_ntoh(ipv6_mask); //ipv6_ntoh(ipv6_mask);
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
range_begin[i]=ipv6_addr[i] & ipv6_mask[i]; range_begin[i]=ipv6_addr[i] & ipv6_mask[i];

1
src/maat_virtual.cpp → src/maat_virtual.c
View File

@@ -10,7 +10,6 @@
#include <assert.h> #include <assert.h>
#include "cJSON/cJSON.h"
#include "maat_kv.h" #include "maat_kv.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "log/log.h" #include "log/log.h"

0
src/rcu_hash.cpp → src/rcu_hash.c
View File

9
src/version.map Normal file
View File

@@ -0,0 +1,9 @@
VERS_3.0{
global:
extern "C" {
*MAAT_FRAME_VERSION_*;
*maat_*;
*bool_matcher_*;
};
local: *;
};

6
test/CMakeLists.txt
View File

@@ -1,9 +1,10 @@
include_directories(${PROJECT_SOURCE_DIR}/include)
include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal) include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal)
include_directories(${PROJECT_SOURCE_DIR}/deps) include_directories(${PROJECT_SOURCE_DIR}/deps)
include_directories(${PROJECT_SOURCE_DIR}/scanner) include_directories(${PROJECT_SOURCE_DIR}/scanner)
add_executable(maat_api_gtest maat_api_gtest.cpp) add_executable(maat_api_gtest maat_api_gtest.cpp)
target_link_libraries(maat_api_gtest maat_frame_static gtest_static) target_link_libraries(maat_api_gtest maat_frame_shared gtest_static)
add_executable(rcu_hash_gtest rcu_hash_gtest.cpp) add_executable(rcu_hash_gtest rcu_hash_gtest.cpp)
target_link_libraries(rcu_hash_gtest maat_frame_static gtest_static) target_link_libraries(rcu_hash_gtest maat_frame_static gtest_static)
@@ -19,5 +20,6 @@ target_link_libraries(adapter_hs_gtest maat_frame_static gtest_static)
file(COPY rule DESTINATION ./) file(COPY rule DESTINATION ./)
file(COPY table_info.conf DESTINATION ./) file(COPY table_info.conf DESTINATION ./)
file(COPY and_expr.conf DESTINATION ./) file(COPY literal_expr.conf DESTINATION ./)
file(COPY regex_expr.conf DESTINATION ./)
file(COPY maat_json.json DESTINATION ./) file(COPY maat_json.json DESTINATION ./)

692
test/adapter_hs_gtest.cpp
View File

@@ -3,61 +3,146 @@
#include "log/log.h" #include "log/log.h"
#include "adapter_hs.h" #include "adapter_hs.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "cJSON/cJSON.h"
struct log_handle *g_logger = NULL; struct log_handle *g_logger = NULL;
int parse_and_expr_file(const char *filename, and_expr_t expr[], size_t *n_expr) enum hs_match_mode match_method_to_match_mode(const char *method)
{ {
FILE *fp = fopen(filename, "r"); enum hs_match_mode mode = HS_MATCH_MODE_MAX;
char line[4096] = {0}; if (strcmp(method, "sub") == 0) {
size_t i = 0; mode = HS_MATCH_MODE_SUB;
while (NULL != fgets(line, sizeof(line), fp)) { } else if (strcmp(method, "exactly") == 0) {
if (line[0] == '#' || line[0] == ' ' || line[0] == '\t') { mode = HS_MATCH_MODE_EXACTLY;
memset(line, 0, sizeof(line)); } else if (strcmp(method, "prefix") == 0) {
continue; mode = HS_MATCH_MODE_PREFIX;
} else if (strcmp(method, "suffix") == 0) {
mode = HS_MATCH_MODE_SUFFIX;
} else {
assert(0);
}
return mode;
}
enum hs_case_sensitive case_sensitive_str_to_enum(const char *str)
{
enum hs_case_sensitive case_sensitive = HS_CASE_SENSITIVE;
if (strcmp(str, "yes") == 0) {
case_sensitive = HS_CASE_SENSITIVE;
} else if (strcmp(str, "no") == 0) {
case_sensitive = HS_CASE_INSESITIVE;
} else {
assert(0);
}
return case_sensitive;
}
int parse_config_file(const char *filename, and_expr_t exprs[], size_t *n_expr)
{
unsigned char *json_buff = NULL;
size_t json_buff_size = 0;
int ret = load_file_to_memory(filename, &json_buff, &json_buff_size);
if (ret < 0) {
printf("load file:%s to memory failed.\n", filename);
return -1;
}
size_t rule_cnt = 0;
cJSON *rules_obj = NULL;
cJSON *root = cJSON_Parse((const char *)json_buff);
if (NULL == root) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rules_obj = cJSON_GetObjectItem(root, "expr_rules");
if (NULL == rules_obj) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rule_cnt = cJSON_GetArraySize(rules_obj);
for (size_t i = 0; i < rule_cnt; i++) {
cJSON *expr_obj = cJSON_GetArrayItem(rules_obj, i);
cJSON *tmp_item = cJSON_GetObjectItem(expr_obj, "expr_id");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
exprs[i].expr_id = tmp_item->valueint;
} }
char pattern_buf[1024] = {0}; tmp_item = cJSON_GetObjectItem(expr_obj, "pattern_num");
int ret = sscanf(line, "%u\t%lu\t%s", &(expr[i].expr_id), &(expr[i].n_patterns), pattern_buf); if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
EXPECT_NE(ret, 0); exprs[i].n_patterns = tmp_item->valueint;
}
str_unescape(pattern_buf); tmp_item = cJSON_GetObjectItem(expr_obj, "patterns");
char *expr_token = NULL; if (NULL == tmp_item || tmp_item->type != cJSON_Array) {
char *sub_expr_token = NULL; printf("json has no patterns array.\n");
char *save_expr_ptr = NULL; ret = -1;
size_t j = 0; goto next;
for (expr_token = pattern_buf; ; expr_token = NULL) { }
sub_expr_token = strtok_r(expr_token, "&", &save_expr_ptr);
if (sub_expr_token == NULL) { size_t pattern_cnt = cJSON_GetArraySize(tmp_item);
break; for (size_t j = 0; j < pattern_cnt; j++) {
cJSON *pat_item = cJSON_GetArrayItem(tmp_item, j);
cJSON *item = cJSON_GetObjectItem(pat_item, "match_method");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].match_mode = match_method_to_match_mode(item->valuestring);
} }
char *pattern_token = sub_expr_token; item = cJSON_GetObjectItem(pat_item, "case_sensitive");
char *save_pattern_ptr = NULL; if (item != NULL && item->type == cJSON_String) {
char *sub_pattern_token = strtok_r(pattern_token, ":", &save_pattern_ptr); exprs[i].patterns[j].case_sensitive = case_sensitive_str_to_enum(item->valuestring);
expr[i].patterns[j].type = atoi(sub_pattern_token); }
size_t str_len = strlen(save_pattern_ptr);
expr[i].patterns[j].pat = (char *)calloc(sizeof(char), str_len);
memcpy(expr[i].patterns[j].pat, save_pattern_ptr, str_len);
expr[i].patterns[j].pat_len = str_len;
j++;
}
i++;
memset(line, 0, sizeof(line));
}
*n_expr = i;
fclose(fp);
return 0; item = cJSON_GetObjectItem(pat_item, "pattern");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring));
memcpy(exprs[i].patterns[j].pat, item->valuestring, strlen(item->valuestring));
exprs[i].patterns[j].pat_len = strlen(item->valuestring);
}
if (exprs[i].patterns->match_mode == HS_MATCH_MODE_SUB) {
item = cJSON_GetObjectItem(pat_item, "offset");
if (item != NULL && item->type == cJSON_String) {
int key_left_offset = -1;
int key_right_offset = -1;
sscanf(item->valuestring, "%d~%d", &key_left_offset, &key_right_offset);
if (key_left_offset < -1 || key_right_offset < -1) {
printf("Error: offset should not less than -1, left_offset:%d, right_offset:%d\n",
key_left_offset, key_right_offset);
}
exprs[i].patterns[j].l_offset = key_left_offset;
exprs[i].patterns[j].r_offset = key_right_offset;
} else {
exprs[i].patterns[j].l_offset = -1;
exprs[i].patterns[j].r_offset = -1;
}
}
}
exprs[i].n_patterns = pattern_cnt;
}
*n_expr = rule_cnt;
next:
cJSON_Delete(root);
return ret;
} }
void expr_array_free(and_expr_t expr_array[], size_t n_expr_array) void expr_array_free(and_expr_t expr_array[], size_t n_expr_array)
{ {
for (size_t i = 0; i < n_expr_array; i++) { for (size_t i = 0; i < n_expr_array; i++) {
for (size_t j = 0; j < expr_array[i].n_patterns; j++) { for (size_t j = 0; j < expr_array[i].n_patterns; j++) {
free(expr_array[i].patterns[j].pat); if (expr_array[i].patterns[j].pat != NULL) {
expr_array[i].patterns[j].pat = NULL; free(expr_array[i].patterns[j].pat);
expr_array[i].patterns[j].pat = NULL;
}
} }
} }
} }
@@ -68,15 +153,15 @@ TEST(block_mode_initialize, invalid_input_parameter)
and_expr_t exprs[64]; and_expr_t exprs[64];
/* case1: invalid scan_mode parameter */ /* case1: invalid scan_mode parameter */
hs_instance = adapter_hs_initialize(0, 1, exprs, 1, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, exprs, 1, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
/* case2: invalid expr parameter */ /* case2: invalid expr parameter */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, nullptr, 1, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, nullptr, 1, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
/* case3: invalid expr num */ /* case3: invalid expr num */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, exprs, 0, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, exprs, 0, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
} }
@@ -85,312 +170,398 @@ TEST(block_mode_scan, invalid_input_parameter)
and_expr_t expr_array[64]; and_expr_t expr_array[64];
size_t n_expr_array = 0; size_t n_expr_array = 0;
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, nullptr, 0, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, nullptr, 0, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
hs_instance = adapter_hs_initialize(0, 1, expr_array, n_expr_array, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
n_expr_array = 1; n_expr_array = 1;
expr_array[0].expr_id = 101; expr_array[0].expr_id = 101;
expr_array[0].n_patterns = 10; expr_array[0].n_patterns = 10;
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, expr_array, n_expr_array, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
memset(expr_array, 0, sizeof(expr_array)); memset(expr_array, 0, sizeof(expr_array));
n_expr_array = 1; n_expr_array = 1;
expr_array[0].expr_id = 101; expr_array[0].expr_id = 101;
expr_array[0].n_patterns = 1; expr_array[0].n_patterns = 1;
expr_array[0].patterns[0].type = 0; hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, nullptr);
} }
TEST(block_mode_scan, literal_hit1) TEST(block_mode_scan, literal_sub_has_normal_offset)
{ {
and_expr_t expr_array[64] = {0}; and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0; size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 10); EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, expr_array, n_expr_array, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char data0[64] = "luis"; char scan_data1[64] = "hello aaa";
struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 0);
char data1[64] = "hello";
struct hs_scan_result result1[64] = {0};
size_t n_result1 = 0;
ret = adapter_hs_scan(hs_instance, 0, data1, strlen(data1), result1, 64, &n_result1);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result1, 1);
EXPECT_EQ(result1[0].item_id, 101);
char data2[64] = "world";
struct hs_scan_result result2[64] = {0};
size_t n_result2 = 0;
ret = adapter_hs_scan(hs_instance, 0, data2, strlen(data2), result2, 64, &n_result2);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result2, 1);
EXPECT_EQ(result2[0].item_id, 102);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_hit2)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1,
expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char data0[64] = "hello maat";
struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 2);
EXPECT_EQ(result0[0].item_id, 103);
EXPECT_EQ(result0[1].item_id, 101);
char data1[64] = "maat World";
struct hs_scan_result result1[64] = {0};
size_t n_result1 = 0;
ret = adapter_hs_scan(hs_instance, 0, data1, strlen(data1), result1, 64, &n_result1);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result1, 2);
EXPECT_EQ(result1[0].item_id, 103);
EXPECT_EQ(result1[1].item_id, 102);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_hit3)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char data0[64] = "hello world";
struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 3);
EXPECT_EQ(result0[0].item_id, 104);
EXPECT_EQ(result0[1].item_id, 102);
EXPECT_EQ(result0[2].item_id, 101);
char data1[64] = "hello World";
struct hs_scan_result result1[64] = {0};
size_t n_result1 = 0;
ret = adapter_hs_scan(hs_instance, 0, data1, strlen(data1), result1, 64, &n_result1);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result1, 2);
EXPECT_EQ(result1[0].item_id, 102);
EXPECT_EQ(result1[1].item_id, 101);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_russian_hit3)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char data0[64] = "يىلىدىكى";
struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 1);
EXPECT_EQ(result0[0].item_id, 109);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_case_insensitive_hit4)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char data0[64] = "today";
struct hs_scan_result result[64] = {0}; struct hs_scan_result result[64] = {0};
size_t n_result = 0; size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result, 64, &n_result);
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0); EXPECT_EQ(n_result, 0);
char data1[64] = "Today"; char scan_data2[64] = "Ahello aaa";
n_result = 0;
memset(result, 0, sizeof(result)); memset(result, 0, sizeof(result));
ret = adapter_hs_scan(hs_instance, 0, data1, strlen(data1), result, 64, &n_result); n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1); EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 110); EXPECT_EQ(result[0].item_id, 101);
char scan_data3[64] = "Aahello aaa";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = nullptr;
} }
TEST(block_mode_scan, literal_and_regex1) TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
{ {
and_expr_t expr_array[64] = {0}; and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0; size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello bbb";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 102);
char scan_data2[64] = "Ahello bbb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 102);
char scan_data3[64] = "Aahello bbb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ccc";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data2[64] = "1234hello ccc";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data3[64] = "12345hello ccc";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 103);
char scan_data4[64] = "12345hello cccAaBb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 103);
char scan_data5[64] = "123456hello cccAaBb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data5, strlen(scan_data5), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 103);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_sub_with_no_offset)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ddd";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 104);
char scan_data2[64] = "123hello ddd";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 104);
char scan_data3[64] = "123hello ddd456";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 104);
char scan_data4[64] = "helloddd";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_exactly)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello eee";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 105);
char scan_data2[64] = "Ahello eee";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data3[64] = "hello eeeB";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, literal_prefix)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char data0[64] = "1hello world"; char scan_data1[64] = "hello fff";
struct hs_scan_result result0[64] = {0}; struct hs_scan_result result[64] = {0};
size_t n_result0 = 0; size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 4);
EXPECT_EQ(result0[0].item_id, 105);
EXPECT_EQ(result0[1].item_id, 104);
EXPECT_EQ(result0[2].item_id, 102);
EXPECT_EQ(result0[3].item_id, 101);
char data1[64] = "8hello World"; ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
struct hs_scan_result result1[64] = {0};
size_t n_result1 = 0;
ret = adapter_hs_scan(hs_instance, 0, data1, strlen(data1), result1, 64, &n_result1);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result1, 2); EXPECT_EQ(n_result, 1);
EXPECT_EQ(result1[0].item_id, 102); EXPECT_EQ(result[0].item_id, 106);
EXPECT_EQ(result1[1].item_id, 101);
char scan_data2[64] = "Ahello fff";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data3[64] = "Ahello fffBCD";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data4[64] = "hello fffBCD";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 106);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = nullptr;
} }
TEST(block_mode_scan, literal_and_regex2) TEST(block_mode_scan, literal_suffix)
{ {
and_expr_t expr_array[64] = {0}; and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0; size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char data0[64] = "1hello 2world"; char scan_data1[64] = "hello ggg";
struct hs_scan_result result0[64] = {0}; struct hs_scan_result result[64] = {0};
size_t n_result0 = 0; size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 5);
EXPECT_EQ(result0[0].item_id, 106);
EXPECT_EQ(result0[1].item_id, 105);
EXPECT_EQ(result0[2].item_id, 104);
EXPECT_EQ(result0[3].item_id, 102);
EXPECT_EQ(result0[4].item_id, 101);
char data1[64] = "8hello 9World"; ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
struct hs_scan_result result1[64] = {0};
size_t n_result1 = 0;
ret = adapter_hs_scan(hs_instance, 0, data1, strlen(data1), result1, 64, &n_result1);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result1, 2); EXPECT_EQ(n_result, 1);
EXPECT_EQ(result1[0].item_id, 102); EXPECT_EQ(result[0].item_id, 107);
EXPECT_EQ(result1[1].item_id, 101);
char scan_data2[64] = "ABChello ggg";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 107);
char scan_data3[64] = "ABChello gggDEF";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data4[64] = "hello gggDEF";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = nullptr;
} }
TEST(block_mode_scan, regex_hit1) // TEST(block_mode_scan, literal_sub_with_hexbin)
// {
// and_expr_t expr_array[64] = {0};
// size_t n_expr_array = 0;
// int ret = parse_config_file("./and_expr.conf", expr_array, &n_expr_array);
// EXPECT_EQ(ret, 0);
// struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1,
// expr_array, n_expr_array, g_logger);
// EXPECT_NE(hs_instance, nullptr);
// expr_array_free(expr_array, n_expr_array);
// char data0[64] = "Cookie: Txa123aheadBCAxd";
// struct hs_scan_result result0[64] = {0};
// size_t n_result0 = 0;
// ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
// EXPECT_EQ(ret, 0);
// EXPECT_EQ(n_result0, 1);
// EXPECT_EQ(result0[0].item_id, 107);
// adapter_hs_destroy(hs_instance);
// hs_instance = nullptr;
// }
TEST(block_mode_scan, literal_with_chinese)
{ {
and_expr_t expr_array[64] = {0}; and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0; size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char data0[64] = "Cookie: Txa123aheadBCAxd"; char data0[64] = "#中国 你好";
struct hs_scan_result result0[64] = {0}; struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0; size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0); ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 1); EXPECT_EQ(n_result0, 1);
EXPECT_EQ(result0[0].item_id, 107); EXPECT_EQ(result0[0].item_id, 114);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
}
TEST(block_mode_scan, chinese_hit1)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
int ret = parse_and_expr_file("./and_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1,
expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
expr_array_free(expr_array, n_expr_array);
char data0[64] = "中国 你好";
struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 1);
EXPECT_EQ(result0[0].item_id, 108);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = nullptr;
@@ -405,5 +576,6 @@ int main(int argc, char **argv)
ret = RUN_ALL_TESTS(); ret = RUN_ALL_TESTS();
log_handle_destroy(g_logger); log_handle_destroy(g_logger);
return ret; return ret;
} }

14
test/and_expr.conf
View File

@@ -1,14 +0,0 @@
# logic AND expressions sample
# expr_id pattern_num expression(several patterns)
# pattern_type:pattern_string&pattern_type:pattern_string&...
# PATTERN_TYPE_STR(0) PATTERN_TYPE_REG(1)
101 1 0:hello
102 1 1:[W|w]orld
103 1 0:maat
104 2 0:hello&0:world
105 2 1:[0-9]hello&0:world
106 2 1:[0-9]hello&1:[0-9]world
107 2 1:Cookie:\\s&1:head
108 1 0:你好
109 1 0:يىلىدىكى
110 1 0:Today

146
test/literal_expr.conf Normal file
View File

@@ -0,0 +1,146 @@
{
"expr_rules": [
{
"expr_id": 101,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello aaa",
"offset": "1~10"
}
]
},
{
"expr_id": 102,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello bbb",
"offset": "-1~10"
}
]
},
{
"expr_id": 103,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello ccc",
"offset": "5~-1"
}
]
},
{
"expr_id": 104,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello ddd"
}
]
},
{
"expr_id": 105,
"pattern_num": 1,
"patterns": [
{
"match_method": "exactly",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello eee"
}
]
},
{
"expr_id": 106,
"pattern_num": 1,
"patterns": [
{
"match_method": "prefix",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello fff"
}
]
},
{
"expr_id": 107,
"pattern_num": 1,
"patterns": [
{
"match_method": "suffix",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "hello ggg"
}
]
},
{
"expr_id": 108,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "yes",
"pattern": "2f68746d6c"
}
]
},
{
"expr_id": 109,
"pattern_num": 2,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "multi"
},
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "pat"
}
]
},
{
"expr_id": 110,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "#中国"
}
]
},
{
"expr_id": 111,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "يىلىدىكى"
}
]
}
]
}

2
test/maat_api_gtest.cpp
View File

@@ -1,4 +1,4 @@
#include "maat/maat.h" #include "maat.h"
#include <gtest/gtest.h> #include <gtest/gtest.h>

207
test/maat_framework_gtest.cpp
View File

@@ -1,11 +1,12 @@
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include "maat/maat.h" #include "maat.h"
#include "maat_rule.h" #include "maat_rule.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_command.h" #include "maat_command.h"
#include "IPMatcher.h" #include "IPMatcher.h"
#include "json2iris.h" #include "json2iris.h"
#include "log/log.h"
#include "maat_config_monitor.h" #include "maat_config_monitor.h"
#define MODULE_FRAMEWORK_GTEST module_name_str("maat.framework_gtest") #define MODULE_FRAMEWORK_GTEST module_name_str("maat.framework_gtest")
@@ -15,6 +16,8 @@ const char *json_path="./maat_json.json";
const char *json_filename = "maat_json.json"; const char *json_filename = "maat_json.json";
struct maat *g_maat_instance = NULL; struct maat *g_maat_instance = NULL;
extern int system_cmd_rmdir(const char *dir);
class MaatFlagScan : public testing::Test class MaatFlagScan : public testing::Test
{ {
protected: protected:
@@ -234,7 +237,9 @@ TEST_F(MaatStringScan, ExprPlus) {
EXPECT_EQ(results[0], 190); EXPECT_EQ(results[0], 190);
maat_state_free(&state); maat_state_free(&state);
} }
//TODO: //TODO:
#if 0
TEST_F(MaatStringScan, ShouldNotHitExprPlus) { TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
int results[5] = {0}; int results[5] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
@@ -259,6 +264,7 @@ TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name)); int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit), ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, 5, &n_hit_result, &state); results, 5, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
@@ -348,41 +354,7 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
maat_state_free(&state); maat_state_free(&state);
} }
#endif
#if 0
TEST_F(MaatStringScan, hit_two_expr) {
int table_id = MaatStringScan::table_id;
char data[128] = "should hit aaa bbb";
int results[5] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 139);
EXPECT_EQ(results[1], 138);
maat_state_free(&state);
}
TEST_F(MaatStringScan, hit_three_expr) {
int table_id = MaatStringScan::table_id;
char data[128] = "should hit aaa bbb C#中国";
int results[5] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 3);
EXPECT_EQ(results[0], 139);
EXPECT_EQ(results[1], 138);
EXPECT_EQ(results[2], 129);
maat_state_free(&state);
}
class MaatIPScan : public testing::Test class MaatIPScan : public testing::Test
{ {
@@ -399,9 +371,9 @@ protected:
}; };
int MaatIPScan::table_id; int MaatIPScan::table_id;
TEST_F(MaatIPScan, hit_ip) { TEST_F(MaatIPScan, IPv4) {
int table_id = MaatIPScan::table_id; int table_id = MaatIPScan::table_id;
char ip_str[32] = "192.168.58.20"; char ip_str[32] = "10.0.7.100";
uint32_t sip; uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip); int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
@@ -409,166 +381,36 @@ TEST_F(MaatIPScan, hit_ip) {
int results[3] = {-1}; int results[3] = {-1};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, 3,
&n_hit_result, &state); &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 7);
maat_state_free(&state);
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results),
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
}
TEST_F(MaatStringScan, hit_ip_and_port_range) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "IP_PLUS_CONFIG");
char ip_str[32] = "192.168.50.24";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 4);
maat_state_free(&state);
memset(results, 0, sizeof(results));
n_hit_result = 0;
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 4);
maat_state_free(&state);
memset(results, 0, sizeof(results));
n_hit_result = 0;
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
}
TEST(maat_scan_ipv4, hit_ip_range_and_port_range) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "IP_PLUS_CONFIG");
char ip_str1[32] = "10.0.1.20";
char ip_str2[32] = "10.0.1.25";
char ip_str3[32] = "10.0.1.26";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str1, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 8);
maat_state_free(&state);
ret = inet_pton(AF_INET, ip_str2, &sip);
EXPECT_EQ(ret, 1);
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 8);
maat_state_free(&state);
ret = inet_pton(AF_INET, ip_str3, &sip);
EXPECT_EQ(ret, 1);
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
}
TEST(maat_scan_ipv4, hit_ip_cidr_and_port_range) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "IP_PLUS_CONFIG");
char ip_str1[32] = "192.168.0.1";
char ip_str2[32] = "192.168.0.0";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str1, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 50);
maat_state_free(&state);
ret = inet_pton(AF_INET, ip_str2, &sip);
EXPECT_EQ(ret, 1);
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
}
TEST(maat_scan_ipv4, hit_ip_cidr_and_port_mask) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "IP_PLUS_CONFIG");
char ip_str[32] = "192.168.40.10";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 63); EXPECT_EQ(results[0], 169);
EXPECT_EQ(results[1], 67); EXPECT_EQ(results[1], 154);
maat_state_free(&state);
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state); maat_state_free(&state);
} }
TEST(maat_scan_ipv6, hit_ip_range_and_port_mask) { TEST_F(MaatIPScan, IPv6) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "IP_PLUS_CONFIG"); int table_id = MaatIPScan::table_id;
char ip_str[32] = "1001:da8:205:1::101"; char ip_str[32] = "1001:da8:205:1::101";
uint8_t sip6[128]; uint8_t sip[16];
int ret = inet_pton(AF_INET6, ip_str, sip6); int ret = inet_pton(AF_INET6, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
int results[3] = {-1}; int results[3] = {-1};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip6, results, sizeof(results), &n_hit_result, &state); ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, 3,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 47); EXPECT_EQ(results[0], 155);
maat_state_free(&state);
state = NULL;
ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip6, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state); maat_state_free(&state);
} }
TEST(maat_scan_string, dynamic_config) { TEST_F(MaatStringScan, dynamic_config) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "HTTP_URL"); int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL");
char data[128] = "hello world"; char data[128] = "hello world";
int results[5] = {0}; int results[5] = {0};
@@ -597,8 +439,8 @@ TEST(maat_scan_string, dynamic_config) {
maat_state_free(&state); maat_state_free(&state);
} }
TEST(maat_scan_ip, dynamic_config) { TEST_F(MaatIPScan, dynamic_config) {
int table_id = table_manager_get_table_id(g_maat_instance->tbl_mgr, "IP_PLUS_CONFIG"); int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "10.0.6.201"; char ip_str[32] = "10.0.6.201";
uint32_t sip; uint32_t sip;
@@ -630,7 +472,6 @@ TEST(maat_scan_ip, dynamic_config) {
EXPECT_EQ(results[0], 9998); EXPECT_EQ(results[0], 9998);
maat_state_free(&state); maat_state_free(&state);
} }
#endif
int count_line_num_cb(const char *table_name, const char *line, void *u_para) int count_line_num_cb(const char *table_name, const char *line, void *u_para)
{ {

8
test/maat_input_mode_gtest.cpp
View File

@@ -1,4 +1,4 @@
#include "maat/maat.h" #include "maat.h"
#include "maat_utils.h" #include "maat_utils.h"
#include "maat_rule.h" #include "maat_rule.h"
#include "json2iris.h" #include "json2iris.h"
@@ -36,7 +36,7 @@ TEST(json_mode, maat_scan_string) {
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
EXPECT_NE(maat_instance, nullptr); EXPECT_NE(maat_instance, nullptr);
int table_id = table_manager_get_table_id(maat_instance->tbl_mgr, "KEYWORDS_TABLE"); int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8";
int results[5] = {0}; int results[5] = {0};
@@ -81,7 +81,7 @@ TEST(iris_mode, maat_scan_string) {
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
EXPECT_NE(maat_instance, nullptr); EXPECT_NE(maat_instance, nullptr);
int table_id = table_manager_get_table_id(maat_instance->tbl_mgr, "KEYWORDS_TABLE"); int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8";
int results[5] = {0}; int results[5] = {0};
@@ -202,7 +202,7 @@ TEST(redis_mode, maat_scan_string) {
maat_options_set_logger(opts, g_logger); maat_options_set_logger(opts, g_logger);
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
int table_id = table_manager_get_table_id(maat_instance->tbl_mgr, "KEYWORDS_TABLE"); int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8";
int results[5] = {0}; int results[5] = {0};

52
test/regex_expr.conf Normal file
View File

@@ -0,0 +1,52 @@
{
"expr_rules": [
{
"expr_id": 301,
"pattern_num": 1,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[W|w]orld dream"
}
]
},
{
"expr_id": 302,
"pattern_num": 2,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]today"
},
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]Lunch"
}
]
},
{
"expr_id": 303,
"pattern_num": 2,
"patterns": [
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "Cookie:\\s"
},
{
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "head"
}
]
},
]
}

29
test/table_info.conf
View File

@@ -47,6 +47,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -62,6 +63,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -77,6 +79,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"regex",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -89,7 +92,7 @@
"table_id":5, "table_id":5,
"table_name":"IP_CONFIG", "table_name":"IP_CONFIG",
"table_type":"ip_plus", "table_type":"ip_plus",
"valid_column":7, "valid_column":18,
"custom": { "custom": {
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
@@ -128,6 +131,7 @@
"valid_column":8, "valid_column":8,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"district":3, "district":3,
@@ -144,6 +148,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -218,6 +223,7 @@
"valid_column":8, "valid_column":8,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"district":3, "district":3,
@@ -234,6 +240,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -250,6 +257,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -262,7 +270,7 @@
"table_id":20, "table_id":20,
"table_name":"IP_PLUS_CONFIG", "table_name":"IP_PLUS_CONFIG",
"table_type":"ip_plus", "table_type":"ip_plus",
"valid_column":7, "valid_column":18,
"custom": { "custom": {
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
@@ -326,6 +334,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -353,6 +362,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -410,6 +420,7 @@
"valid_column":7, "valid_column":7,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"keywords":3, "keywords":3,
@@ -451,5 +462,19 @@
"flag":3, "flag":3,
"flag_mask":4 "flag_mask":4
} }
},
{
"table_id":43,
"table_name":"PORT_PROTO_CONFIG",
"table_type":"port_proto",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"port_format":3,
"port1":4,
"port2":5,
"proto":6
}
} }
] ]

11
vendor/CMakeLists.txt vendored
View File

@@ -5,6 +5,9 @@ include(ExternalProject)
set(VENDOR_ROOT ${CMAKE_BINARY_DIR}/vendor) set(VENDOR_ROOT ${CMAKE_BINARY_DIR}/vendor)
set(VENDOR_BUILD ${CMAKE_BINARY_DIR}/vendor/vbuild) set(VENDOR_BUILD ${CMAKE_BINARY_DIR}/vendor/vbuild)
set(CMAKE_C_FLAGS "-std=gnu99 -fPIC -Wall")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall")
# GoogleTest # GoogleTest
ExternalProject_Add(GoogleTest PREFIX GoogleTest ExternalProject_Add(GoogleTest PREFIX GoogleTest
URL ${CMAKE_CURRENT_SOURCE_DIR}/googletest-release-1.8.0.tar.gz URL ${CMAKE_CURRENT_SOURCE_DIR}/googletest-release-1.8.0.tar.gz
@@ -40,7 +43,7 @@ ExternalProject_Add(ragel PREFIX ragel
ExternalProject_Add(hyperscan PREFIX hyperscan ExternalProject_Add(hyperscan PREFIX hyperscan
URL ${CMAKE_CURRENT_SOURCE_DIR}/hyperscan-5.4.0.tar.gz URL ${CMAKE_CURRENT_SOURCE_DIR}/hyperscan-5.4.0.tar.gz
DEPENDS ragel DEPENDS ragel
CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${VENDOR_BUILD} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_C_FLAGS="-fPIC") CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${VENDOR_BUILD} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC")
ExternalProject_Get_Property(hyperscan INSTALL_DIR) ExternalProject_Get_Property(hyperscan INSTALL_DIR)
file(MAKE_DIRECTORY ${VENDOR_BUILD}/include) file(MAKE_DIRECTORY ${VENDOR_BUILD}/include)
@@ -81,7 +84,7 @@ file(MAKE_DIRECTORY ${VENDOR_BUILD}/include)
add_library(hiredis-static STATIC IMPORTED GLOBAL) add_library(hiredis-static STATIC IMPORTED GLOBAL)
add_dependencies(hiredis-static hiredis) add_dependencies(hiredis-static hiredis)
set_property(TARGET hiredis-static PROPERTY IMPORTED_LOCATION ${VENDOR_BUILD}/lib64/libhiredisd.a) set_property(TARGET hiredis-static PROPERTY IMPORTED_LOCATION ${VENDOR_BUILD}/lib64/libhiredis.a)
set_property(TARGET hiredis-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${VENDOR_BUILD}/include) set_property(TARGET hiredis-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${VENDOR_BUILD}/include)
#igraph-0.7.1 #igraph-0.7.1
@@ -103,7 +106,7 @@ set_property(TARGET igraph-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTA
#flag-matcher #flag-matcher
ExternalProject_Add(flagmatcher PREFIX flagmatcher ExternalProject_Add(flagmatcher PREFIX flagmatcher
URL ${CMAKE_CURRENT_SOURCE_DIR}/flag-matcher.tar.gz URL ${CMAKE_CURRENT_SOURCE_DIR}/flag-matcher-1.0.1.tar.gz
CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${VENDOR_BUILD} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_C_FLAGS="-fPIC") CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${VENDOR_BUILD} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_C_FLAGS="-fPIC")
ExternalProject_Get_Property(flagmatcher INSTALL_DIR) ExternalProject_Get_Property(flagmatcher INSTALL_DIR)
@@ -116,7 +119,7 @@ set_property(TARGET flagmatcher-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES $
#interval-matcher #interval-matcher
ExternalProject_Add(intervalmatcher PREFIX intervalmatcher ExternalProject_Add(intervalmatcher PREFIX intervalmatcher
URL ${CMAKE_CURRENT_SOURCE_DIR}/interval-matcher.tar.gz URL ${CMAKE_CURRENT_SOURCE_DIR}/interval-matcher-1.0.1.tar.gz
CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${VENDOR_BUILD} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_C_FLAGS="-fPIC") CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${VENDOR_BUILD} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_C_FLAGS="-fPIC")
ExternalProject_Get_Property(intervalmatcher INSTALL_DIR) ExternalProject_Get_Property(intervalmatcher INSTALL_DIR)

BIN
vendor/flag-matcher.tar.gz → vendor/flag-matcher-1.0.1.tar.gz vendored
View File

Binary file not shown.

BIN
vendor/interval-matcher.tar.gz → vendor/interval-matcher-1.0.1.tar.gz vendored
View File

Binary file not shown.