From 3cb68178e338bccc695c107332d301dee9b5eacf Mon Sep 17 00:00:00 2001
From: liuwentan <liuwentan@geedgenetworks.com>
Date: Fri, 2 Jun 2023 15:36:42 +0800
Subject: [PATCH] [OPTIMIZE]hit pattern num maxium:512

---
 scanner/adapter_hs/adapter_hs.cpp | 21 +++++++++------------
 src/inc_internal/maat_utils.h     |  3 +--
 src/maat_table.c                  | 24 ++++++++++++------------
 3 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/scanner/adapter_hs/adapter_hs.cpp b/scanner/adapter_hs/adapter_hs.cpp
index 3fb9af3..fb0e725 100644
--- a/scanner/adapter_hs/adapter_hs.cpp
+++ b/scanner/adapter_hs/adapter_hs.cpp
@@ -23,6 +23,7 @@
 #include "../bool_matcher/bool_matcher.h"
 
 #define MAX_OFFSET_NUM 1024
+#define MAX_HIT_PATTERN_NUM  512
 
 pid_t hs_gettid() 
 {
@@ -549,6 +550,10 @@ int matched_event_cb(unsigned int id, unsigned long long from,
         return 0;
     }
 
+    if (utarray_len(matched_pat->pattern_ids) >= MAX_HIT_PATTERN_NUM) {
+        return 0;
+    }
+
     // duplicate pattern_id
     if (utarray_find(matched_pat->pattern_ids, &pattern_id, compare_pattern_id)) {
         return 0;
@@ -628,7 +633,7 @@ struct adapter_hs_stream *adapter_hs_stream_open(struct adapter_hs *hs_instance,
     hs_stream->matched_pat->ref_hs_attr = hs_instance->hs_attr;
     hs_stream->matched_pat->n_patterns = hs_instance->n_patterns;
     utarray_new(hs_stream->matched_pat->pattern_ids, &ut_pattern_id_icd);
-    utarray_reserve(hs_stream->matched_pat->pattern_ids, hs_instance->n_patterns);
+    utarray_reserve(hs_stream->matched_pat->pattern_ids, MAX_HIT_PATTERN_NUM);
 
     int err_count = 0;
     if (hs_instance->hs_rt->literal_db != NULL) {
@@ -769,19 +774,10 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data
         return 0;
     }
 
-    if (n_pattern_id > MAX_SCANNER_HIT_PATTERN_NUM) {
-        n_pattern_id = MAX_SCANNER_HIT_PATTERN_NUM;
-    }
-
-    unsigned long long pattern_ids[MAX_SCANNER_HIT_PATTERN_NUM];
+    unsigned long long pattern_ids[n_pattern_id];
 
     for (size_t i = 0; i < n_pattern_id; i++) {
-        if (i >= MAX_SCANNER_HIT_PATTERN_NUM) {
-            break;
-        }
-
-        unsigned long long pattern_id = *(unsigned long long *)utarray_eltptr(hs_stream->matched_pat->pattern_ids, i);
-        pattern_ids[i] = pattern_id;
+        pattern_ids[i] = *(unsigned long long *)utarray_eltptr(hs_stream->matched_pat->pattern_ids, i);
     }
 
     int ret = 0;
@@ -802,6 +798,7 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data
         results[index].user_tag = bool_matcher_results[index].user_tag;
     }
     *n_hit_result = bool_matcher_ret;
+
 next:
     FREE(bool_matcher_results);
     utarray_clear(hs_stream->matched_pat->pattern_ids);
diff --git a/src/inc_internal/maat_utils.h b/src/inc_internal/maat_utils.h
index 4803f4b..5e65129 100644
--- a/src/inc_internal/maat_utils.h
+++ b/src/inc_internal/maat_utils.h
@@ -54,8 +54,7 @@ extern "C"
 
 #define	MAX_SCANNER_HIT_COMPILE_NUM  4096
 #define MAX_SCANNER_HIT_GROUP_NUM    4096
-#define MAX_SCANNER_HIT_ITEM_NUM    4096
-#define MAX_SCANNER_HIT_PATTERN_NUM  4096 * 8
+#define MAX_SCANNER_HIT_ITEM_NUM     4096
 
 enum ip_format {
     IP_FORMAT_SINGLE = 1,
diff --git a/src/maat_table.c b/src/maat_table.c
index 3d25370..91a2ec6 100644
--- a/src/maat_table.c
+++ b/src/maat_table.c
@@ -612,12 +612,12 @@ static int register_tablename2id(cJSON *json, struct maat_kv_store *tablename2id
                 return -1;
             }
 
-            if (maat_kv_read(tablename2id_map, tmp_item->valuestring, &tmp_table_id) > 0) {
-                log_error(logger, MODULE_TABLE,
-                          "[%s:%d] table:<%s>(table_id:%lld) has already been registered, can't register again",
-                          __FUNCTION__, __LINE__, tmp_item->valuestring, tmp_table_id);
-                return -1;
-            }
+            // if (maat_kv_read(tablename2id_map, tmp_item->valuestring, &tmp_table_id) > 0) {
+            //     log_error(logger, MODULE_TABLE,
+            //               "[%s:%d] table:<%s>(table_id:%lld) has already been registered, can't register again",
+            //               __FUNCTION__, __LINE__, tmp_item->valuestring, tmp_table_id);
+            //     return -1;
+            // }
 
             maat_kv_register(tablename2id_map, tmp_item->valuestring, table_id);
         }
@@ -638,12 +638,12 @@ static int register_tablename2id(cJSON *json, struct maat_kv_store *tablename2id
         return -1;
     }
 
-    if (maat_kv_read(tablename2id_map, item->valuestring, &tmp_table_id) > 0) {
-        log_error(logger, MODULE_TABLE,
-                  "[%s:%d] table:<%s>(table_id:%lld) has already been registered, can't register again",
-                  __FUNCTION__, __LINE__, item->valuestring, tmp_table_id);
-        return -1;
-    }
+    // if (maat_kv_read(tablename2id_map, item->valuestring, &tmp_table_id) > 0) {
+    //     log_error(logger, MODULE_TABLE,
+    //               "[%s:%d] table:<%s>(table_id:%lld) has already been registered, can't register again",
+    //               __FUNCTION__, __LINE__, item->valuestring, tmp_table_id);
+    //     return -1;
+    // }
 
     maat_kv_register(tablename2id_map, item->valuestring, table_id);