gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.rename rule_state to rule_compile_state

Browse Source 
2.recover regex_expr.json to make expr_matcher_gtest pass
This commit is contained in:
root
2024-08-30 08:28:58 +00:00
parent 54a70f19d9
commit 537c75887d
28 changed files with 433 additions and 340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,5 +1,6 @@
# Vscode
.vscode/*
.cache/*
# build
build/*

2
docs/configuration_management.md
View File

@@ -153,7 +153,7 @@ To add a new table to the configuration, the following files need to be modified
* Add the new table path and entry count to the table file index.
* Add the table information to the table description file (table_info.conf).
* Add the table information to the table description file (table_info.json).
* Modify the configuration summary table to apply the new configuration. Ensure that the total number of configurations in the first row matches the actual number of configuration lines.

16
docs/getting_started.md
View File

@@ -35,7 +35,7 @@ In the scanning scenario, it is necessary to configure the schema of multiple ta
**(1) table schema**
Table schema is stored in a json file(such as table_info.conf), which is loaded when maat instance is created.
Table schema is stored in a json file(such as table_info.json), which is loaded when maat instance is created.
```json
[
@@ -142,7 +142,7 @@ Configurations are stored in a json file(such as maat_json.json), which is loade
#define ARRAY_SIZE 16
const char *json_filename = "./maat_json.json";
const char *table_info_path = "./table_info.conf";
const char *table_info_path = "./table_info.json";
int main()
{
@@ -151,14 +151,14 @@ int main()
maat_options_set_json_file(opts, json_filename);
maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO);
/* create maat instance, rules in table_info.conf will be loaded. */
/* create maat instance, rules in table_info.json will be loaded. */
struct maat *maat_instance = maat_new(opts, table_info_path);
assert(maat_instance != NULL);
maat_options_free(opts);
const char *table_name = "HTTP_URL"; /* maat_json.json has HTTP_URL rule */
int table_id = maat_get_table_id(maat_instance, table_name);
assert(table_id == 3); /* defined in table_info.conf */
assert(table_id == 3); /* defined in table_info.json */
int thread_id = 0;
long long results[ARRAY_SIZE] = {0};
@@ -171,7 +171,7 @@ int main()
const char *scan_data = "Hello Maat, nice to meet you";
/**
* Becase maat instance has loaded rule in table_info.conf which keywords is "Hello Maat",
* Becase maat instance has loaded rule in table_info.json which keywords is "Hello Maat",
so maat_scan_string should return hit flag and rule's rule_id stored in results array.
*/
int ret = maat_scan_string(maat_instance, table_id, scan_data, strlen(scan_data),
@@ -241,7 +241,7 @@ In the callback scenario, only the schema of the corresponding table needs to be
#define ARRAY_SIZE 16
const char *json_filename = "./maat_json.json";
const char *table_info_path = "./table_info.conf";
const char *table_info_path = "./table_info.json";
struct ip_plugin_ud {
long long rule_id;
@@ -298,14 +298,14 @@ int main()
maat_options_set_json_file(opts, json_filename);
maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO);
/* create maat instance, rules in table_info.conf will be loaded. */
/* create maat instance, rules in table_info.json will be loaded. */
struct maat *maat_instance = maat_new(opts, table_info_path);
assert(maat_instance != NULL);
maat_options_free(opts);
const char *table_name = "TEST_IP_PLUGIN_WITH_EXDATA"; /* maat_json.json has TEST_IP_PLUGIN_WITH_EXDATA rule */
int table_id = maat_get_table_id(maat_instance, table_name);
assert(table_id == 1); /* defined in table_info.conf */
assert(table_id == 1); /* defined in table_info.json */
int ret = maat_plugin_table_ex_schema_register(maat_inst, table_name,
ip_plugin_ex_new_cb,

2
docs/maat_table.md
View File

@@ -59,7 +59,7 @@ Describe matching rules for strings.
| **is_hexbin** | INT | 0(not HEX & case insensitive, this is default value) 1(HEX & case sensitive) 2(not HEX & case sensitive) |
| **is_valid** | INT | 0(invalid), 1(valid) |
The table schema is stored in table_info.conf.
The table schema is stored in table_info.json.
```c
{
"table_id":3, //[0 ~ 1023], don't allow duplicate

5
include/maat.h
View File

@@ -186,8 +186,9 @@ int maat_helper_verify_regex_expression(const char *expression);
/* maat table API */
int maat_get_table_id(struct maat *instance, const char *table_name);
int maat_get_attribute_id(struct maat *instance, const char *attribute_name);//TODO: new API
const char *maat_get_table_schema_tag(struct maat *instance, int table_id);
const char *maat_get_table_schema_tag(struct maat *instance, int table_id);//TODO: delete
/* return 0 if success, otherwise return -1 */
int maat_table_callback_register(struct maat *instance, int table_id,
@@ -213,7 +214,7 @@ int maat_plugin_table_ex_schema_register(struct maat *instance, const char *tabl
/**
* NOTE: only plugin table support three key type(integer, pointer, ip_addr)
* specified in table_info.conf. If use ip_addr key type, then key should be
* specified in table_info.json. If use ip_addr key type, then key should be
* ip address in network order.
*/
void *maat_plugin_table_get_ex_data(struct maat *instance, int table_id,

2
src/inc_internal/maat_core.h
View File

@@ -189,7 +189,7 @@ struct maat {
struct maat_state {
struct maat *maat_inst;
struct rule_state *rule_state;
struct rule_compile_state *rule_compile_state;
int Nth_scan;
int district_id; //-1: Any District; -2: Unkonwn District;
uint16_t thread_id;

32
src/inc_internal/maat_rule.h
View File

@@ -60,7 +60,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
size_t rule_ids_size, struct maat_state *state);
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_state *rule_state,
struct rule_compile_state *rule_compile_state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path);
@@ -84,50 +84,50 @@ long long object2rule_runtime_rule_count(void *g2c_runtime);
long long object2rule_runtime_update_err_count(void *g2c_runtime);
/* maat rule state API */
struct rule_state;
struct rule_state *rule_state_new(void);
struct rule_compile_state;
struct rule_compile_state *rule_compile_state_new(void);
void rule_state_reset(struct rule_state *rule_state);
void rule_compile_state_reset(struct rule_compile_state *rule_compile_state);
void rule_state_free(struct rule_state *rule_state,
void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_instance, int thread_id);
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void rule_state_clear_last_hit_object(struct rule_state *rule_state);
void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_state);
void rule_state_not_logic_update(struct rule_state *rule_state,
void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int attribute_id,
int Nth_scan);
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt,
struct maat_hit_path *hit_path_array,
size_t array_size);
size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state,
size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array,
size_t array_size);
size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state);
size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *rule_compile_state);
size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state,
size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array,
size_t array_size);
size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state);
size_t rule_compile_state_get_indirect_hit_object_cnt(struct rule_compile_state *rule_compile_state);
size_t rule_state_get_last_hit_objects(struct rule_state *rule_state,
size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_arary,
size_t array_size);
size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state);
size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state);
int rule_state_get_rule_table_id(struct rule_state *rule_state,
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id);
#ifdef __cplusplus

60
src/maat_api.c
View File

@@ -1766,12 +1766,12 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id,
struct maat *maat_inst = state->maat_inst;
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
if (NULL == state->rule_compile_state) {
state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
@@ -1787,7 +1787,7 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id,
hit_items[i].object_id = objects[i].object_id;
}
rule_state_update(state->rule_state, maat_inst, table_id,
rule_compile_state_update(state->rule_compile_state, maat_inst, table_id,
state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item);
}
@@ -1813,11 +1813,11 @@ maat_state_activate_hit_not_object(struct maat_state *state, int table_id)
}
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
rule_state_not_logic_update(state->rule_state, rule_rt, maat_inst,
rule_compile_state_not_logic_update(state->rule_compile_state, rule_rt, maat_inst,
table_id, state->Nth_scan);
}
@@ -1883,7 +1883,7 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id,
return -1;
}
if (NULL == state->rule_state) {
if (NULL == state->rule_compile_state) {
return 0;
}
@@ -2149,8 +2149,8 @@ void maat_state_reset(struct maat_state *state)
state->district_id = DISTRICT_ANY;
state->Nth_scan = 0;
if (state->rule_state != NULL) {
rule_state_reset(state->rule_state);
if (state->rule_compile_state != NULL) {
rule_compile_state_reset(state->rule_compile_state);
}
}
@@ -2165,9 +2165,9 @@ void maat_state_free(struct maat_state *state)
struct maat *maat_inst = state->maat_inst;
long long thread_id = state->thread_id;
if (state->rule_state != NULL) {
rule_state_free(state->rule_state, maat_inst, thread_id);
state->rule_state = NULL;
if (state->rule_compile_state != NULL) {
rule_compile_state_free(state->rule_compile_state, maat_inst, thread_id);
state->rule_compile_state = NULL;
alignment_int64_array_add(maat_inst->stat->rule_state_cnt,
thread_id, -1);
}
@@ -2272,7 +2272,7 @@ int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids,
}
for (size_t i = 0; i < n_rule_ids; i++) {
rule_table_ids[i] = rule_state_get_rule_table_id(state->rule_state,
rule_table_ids[i] = rule_compile_state_get_rule_table_id(state->rule_compile_state,
rule_ids[i]);
}
@@ -2293,7 +2293,7 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return -1;
}
if (NULL == state->rule_state) {
if (NULL == state->rule_compile_state) {
return 0;
}
@@ -2313,13 +2313,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
size_t hit_path_cnt =
rule_state_get_internal_hit_paths(state->rule_state,
rule_compile_state_get_internal_hit_paths(state->rule_compile_state,
(struct rule_runtime *)rule_rt,
(struct object2object_runtime *)g2g_runtime,
path_array, array_size);
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,
state->thread_id, state->rule_state,
state->thread_id, state->rule_compile_state,
path_array, array_size, hit_path_cnt);
}
@@ -2340,21 +2340,21 @@ int maat_state_get_direct_hit_objects(struct maat_state *state,
return -1;
}
if (NULL == state->rule_state) {
if (NULL == state->rule_compile_state) {
return 0;
}
return rule_state_get_direct_hit_objects(state->rule_state,
return rule_compile_state_get_direct_hit_objects(state->rule_compile_state,
object_array, array_size);
}
size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_state) {
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
return rule_state_get_direct_hit_object_cnt(state->rule_state);
return rule_compile_state_get_direct_hit_object_cnt(state->rule_compile_state);
}
int maat_state_get_indirect_hit_objects(struct maat_state *state,
@@ -2365,40 +2365,40 @@ int maat_state_get_indirect_hit_objects(struct maat_state *state,
return -1;
}
if (NULL == state->rule_state) {
if (NULL == state->rule_compile_state) {
return 0;
}
return rule_state_get_indirect_hit_objects(state->rule_state,
return rule_compile_state_get_indirect_hit_objects(state->rule_compile_state,
object_array, array_size);
}
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_state) {
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
return rule_state_get_indirect_hit_object_cnt(state->rule_state);
return rule_compile_state_get_indirect_hit_object_cnt(state->rule_compile_state);
}
int maat_state_get_last_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size)
{
if (NULL == state || NULL == state->rule_state) {
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
return rule_state_get_last_hit_objects(state->rule_state,
return rule_compile_state_get_last_hit_objects(state->rule_compile_state,
object_array, array_size);
}
size_t maat_state_get_last_hit_object_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_state) {
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
return rule_state_get_last_hit_object_cnt(state->rule_state);
return rule_compile_state_get_last_hit_object_cnt(state->rule_compile_state);
}

20
src/maat_expr.c
View File

@@ -954,8 +954,8 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
if (0 == expr_rt->rule_num) {
@@ -1013,13 +1013,13 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
}
next:
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
if (NULL == state->rule_compile_state) {
state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num);
}
@@ -1050,8 +1050,8 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
if (0 == expr_rt->rule_num) {
@@ -1107,13 +1107,13 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
}
next:
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
if (NULL == state->rule_compile_state) {
state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

10
src/maat_flag.c
View File

@@ -556,8 +556,8 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
if (0 == flag_rt->rule_num) {
@@ -609,13 +609,13 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
}
next:
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
if (NULL == state->rule_compile_state) {
state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

10
src/maat_interval.c
View File

@@ -545,8 +545,8 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
if (0 == interval_rt->rule_num) {
@@ -598,13 +598,13 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
}
next:
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
if (NULL == state->rule_compile_state) {
state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

10
src/maat_ip.c
View File

@@ -523,8 +523,8 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state);
if (state != NULL && state->rule_compile_state != NULL) {
rule_compile_state_clear_last_hit_object(state->rule_compile_state);
}
if (0 == ip_rt->rule_num) {
@@ -593,13 +593,13 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
real_hit_item_cnt);
}
next:
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
if (NULL == state->rule_compile_state) {
state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

402
src/maat_rule.c
View File

@@ -163,7 +163,7 @@ struct rule2table_id {
int table_id;
};
struct rule_state {
struct rule_compile_state {
int Nth_scan;
int this_scan_not_logic;
time_t rule_rt_version;
@@ -907,10 +907,9 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
// STEP 1, update condition_id of each rule
void **data_array = NULL;
struct maat_rule *iter_rule = NULL;
size_t node_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array);
*rule_cnt = node_cnt;
*rule_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array);
for (idx = 0; idx < node_cnt; idx++) {
for (idx = 0; idx < *rule_cnt; idx++) {
iter_rule = (struct maat_rule *)data_array[idx];
has_condition_num = 0;
for (i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
@@ -930,24 +929,12 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
// STEP 2, serial rule condition states to a bool expression array
size_t expr_cnt = 0;
struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, node_cnt);
struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, *rule_cnt);
for (idx = 0; idx < node_cnt; idx++) {
for (idx = 0; idx < *rule_cnt; idx++) {
iter_rule = (struct maat_rule *)data_array[idx];
for (i = 0, j = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
if (iter_rule->conditions[i].in_use) {
// TODO:mytest need to delete
#if 0
struct condition_literal *tmp_cl = NULL;
for(tmp_cl = (struct condition_literal *)utarray_front(iter_rule->conditions[i].literals); tmp_cl !=NULL;
tmp_cl = (struct condition_literal *)utarray_next(iter_rule->conditions[i].literals, tmp_cl)) {
for (size_t it = 0; it < tmp_cl->object_cnt; it++) {
printf("<before bool_matcher_new> rule_rt:%p rule_id:%lld, condition_id:%llu, condition_query_key{%lld: %d, %d}\n",
rule_rt, iter_rule->rule_id, iter_rule->conditions[i].condition_id, tmp_cl->object_ids[it],
tmp_cl->attribute_id, iter_rule->conditions[i].negate_option);
}
}
#endif
bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id;
bool_expr_array[expr_cnt].items[j].negate_option = 0;
j++;
@@ -1124,7 +1111,7 @@ maat_rule_has_condition(struct maat_rule *rule, long long condition_id)
}
static size_t
rule_state_if_new_hit_rule(struct rule_state *rule_state,
rule_compile_state_if_new_hit_rule(struct rule_compile_state *rule_compile_state,
struct maat_rule *rule)
{
size_t i = 0;
@@ -1132,19 +1119,19 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state,
int ret = 0;
long long new_hit_condition_id = 0;
if (0 == rule_state->this_scan_not_logic) {
for (i = 0; i < utarray_len(rule_state->this_scan_hit_conditions); i++) {
if (0 == rule_compile_state->this_scan_not_logic) {
for (i = 0; i < utarray_len(rule_compile_state->this_scan_hit_conditions); i++) {
new_hit_condition_id =
*(long long*)utarray_eltptr(rule_state->this_scan_hit_conditions, i);
*(long long*)utarray_eltptr(rule_compile_state->this_scan_hit_conditions, i);
ret = maat_rule_has_condition(rule, new_hit_condition_id);
if (ret) {
r_in_c_cnt++;
}
}
} else {
for (i = 0; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) {
for (i = 0; i < utarray_len(rule_compile_state->this_scan_hit_not_conditions); i++) {
new_hit_condition_id =
*(long long*)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i);
*(long long*)utarray_eltptr(rule_compile_state->this_scan_hit_not_conditions, i);
ret = maat_rule_has_condition(rule, new_hit_condition_id);
if (ret) {
r_in_c_cnt++;
@@ -1156,20 +1143,20 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state,
}
static void
rule_state_update_hit_rule_table_id(struct rule_state *rule_state,
rule_compile_state_update_hit_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id, int table_id)
{
if (!utarray_find(rule_state->hit_rule_table_ids, &rule_id,
if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id)) {
struct rule2table_id rule_table_id = {rule_id, table_id};
utarray_push_back(rule_state->hit_rule_table_ids, &rule_table_id);
utarray_sort(rule_state->hit_rule_table_ids, compare_rule_id);
utarray_push_back(rule_compile_state->hit_rule_table_ids, &rule_table_id);
utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_id);
}
}
static size_t
maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
struct rule_state *rule_state,
struct rule_compile_state *rule_compile_state,
int thread_id, void **user_data_array,
size_t ud_array_size)
{
@@ -1179,29 +1166,20 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
(thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0);
if (0 == rule_state->rule_rt_version) {
rule_state->rule_rt_version = rule_rt->version;
if (0 == rule_compile_state->rule_rt_version) {
rule_compile_state->rule_rt_version = rule_rt->version;
}
if (NULL == rule_rt->bm ||
0 == utarray_len(rule_state->all_hit_conditions) ||
rule_state->rule_rt_version != rule_rt->version) {
0 == utarray_len(rule_compile_state->all_hit_conditions) ||
rule_compile_state->rule_rt_version != rule_rt->version) {
return 0;
}
//TODO:mytest need to delete
#if 0
unsigned long long *p = utarray_eltptr(rule_state->all_hit_conditions, 0);
for (p = (unsigned long long *)utarray_front(rule_state->all_hit_conditions); p != NULL;
p = (unsigned long long *)utarray_next(rule_state->all_hit_conditions, p)) {
printf("before bool_matcher_match rule_rt:%p rule_state condition_id:%llu\n", rule_rt, *p);
}
#endif
int bool_match_ret =
bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0),
utarray_len(rule_state->all_hit_conditions),
(unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_compile_state->all_hit_conditions),
expr_match, MAX_HIT_RULE_NUM);
for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) {
rule = (struct maat_rule *)expr_match[i].user_tag;
@@ -1212,12 +1190,12 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
}
size_t n_new_hit_rule =
rule_state_if_new_hit_rule(rule_state, rule);
rule_compile_state_if_new_hit_rule(rule_compile_state, rule);
if (rule->user_data != NULL && n_new_hit_rule > 0) {
user_data_array[ud_result_cnt] = rule->user_data;
ud_result_cnt++;
rule_state_update_hit_rule_table_id(rule_state, rule->rule_id,
rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_id,
rule->table_id);
}
}
@@ -1420,37 +1398,37 @@ static int maat_remove_object_from_rule(struct rcu_hash_table *hash_tbl,
return 0;
}
struct rule_state *rule_state_new(void)
struct rule_compile_state *rule_compile_state_new(void)
{
struct rule_state *rule_state = ALLOC(struct rule_state, 1);
struct rule_compile_state *rule_compile_state = ALLOC(struct rule_compile_state, 1);
utarray_new(rule_state->internal_hit_paths, &ut_hit_path_icd);
utarray_new(rule_state->all_hit_conditions, &ut_condition_id_icd);
utarray_new(rule_state->this_scan_hit_conditions, &ut_condition_id_icd);
utarray_new(rule_state->this_scan_hit_not_conditions, &ut_condition_id_icd);
utarray_new(rule_state->exclude_not_conditions, &ut_condition_id_icd);
utarray_new(rule_state->direct_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_state->indirect_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_state->last_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd);
rule_state->hit_not_tbl_objects = NULL;
utarray_new(rule_compile_state->internal_hit_paths, &ut_hit_path_icd);
utarray_new(rule_compile_state->all_hit_conditions, &ut_condition_id_icd);
utarray_new(rule_compile_state->this_scan_hit_conditions, &ut_condition_id_icd);
utarray_new(rule_compile_state->this_scan_hit_not_conditions, &ut_condition_id_icd);
utarray_new(rule_compile_state->exclude_not_conditions, &ut_condition_id_icd);
utarray_new(rule_compile_state->direct_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_compile_state->indirect_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_compile_state->last_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_compile_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd);
rule_compile_state->hit_not_tbl_objects = NULL;
return rule_state;
return rule_compile_state;
}
static long long
rule_state_hit_not_tbl_objects_free(struct rule_state *rule_state)
rule_compile_state_hit_not_tbl_objects_free(struct rule_compile_state *rule_compile_state)
{
if (NULL == rule_state) {
if (NULL == rule_compile_state) {
return 0;
}
long long free_bytes = 0;
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
free_bytes +=
(sizeof(tbl_object) + utarray_len(tbl_object->object_ids) * sizeof(long long));
HASH_DEL(rule_state->hit_not_tbl_objects, tbl_object);
HASH_DEL(rule_compile_state->hit_not_tbl_objects, tbl_object);
if (tbl_object->object_ids != NULL) {
utarray_free(tbl_object->object_ids);
tbl_object->object_ids = NULL;
@@ -1461,118 +1439,118 @@ rule_state_hit_not_tbl_objects_free(struct rule_state *rule_state)
return free_bytes;
}
void rule_state_reset(struct rule_state *rule_state)
void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
{
if (NULL == rule_state) {
if (NULL == rule_compile_state) {
return;
}
rule_state->this_scan_not_logic = 0;
rule_state->Nth_scan = 0;
rule_state->rule_rt_version = 0;
rule_compile_state->this_scan_not_logic = 0;
rule_compile_state->Nth_scan = 0;
rule_compile_state->rule_rt_version = 0;
utarray_clear(rule_state->internal_hit_paths);
utarray_clear(rule_state->all_hit_conditions);
utarray_clear(rule_state->this_scan_hit_conditions);
utarray_clear(rule_state->this_scan_hit_not_conditions);
utarray_clear(rule_state->exclude_not_conditions);
utarray_clear(rule_state->direct_hit_objects);
utarray_clear(rule_state->indirect_hit_objects);
utarray_clear(rule_state->last_hit_objects);
utarray_clear(rule_state->hit_rule_table_ids);
utarray_clear(rule_compile_state->internal_hit_paths);
utarray_clear(rule_compile_state->all_hit_conditions);
utarray_clear(rule_compile_state->this_scan_hit_conditions);
utarray_clear(rule_compile_state->this_scan_hit_not_conditions);
utarray_clear(rule_compile_state->exclude_not_conditions);
utarray_clear(rule_compile_state->direct_hit_objects);
utarray_clear(rule_compile_state->indirect_hit_objects);
utarray_clear(rule_compile_state->last_hit_objects);
utarray_clear(rule_compile_state->hit_rule_table_ids);
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
utarray_clear(tbl_object->object_ids);
}
}
void rule_state_free(struct rule_state *rule_state,
void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_inst, int thread_id)
{
if (NULL == rule_state) {
if (NULL == rule_compile_state) {
return;
}
long long free_bytes = 0;
if (rule_state->internal_hit_paths != NULL) {
free_bytes += utarray_size(rule_state->internal_hit_paths) *
if (rule_compile_state->internal_hit_paths != NULL) {
free_bytes += utarray_size(rule_compile_state->internal_hit_paths) *
sizeof(struct internal_hit_path);
utarray_free(rule_state->internal_hit_paths);
rule_state->internal_hit_paths = NULL;
utarray_free(rule_compile_state->internal_hit_paths);
rule_compile_state->internal_hit_paths = NULL;
}
if (rule_state->all_hit_conditions != NULL) {
free_bytes += utarray_size(rule_state->all_hit_conditions) *
if (rule_compile_state->all_hit_conditions != NULL) {
free_bytes += utarray_size(rule_compile_state->all_hit_conditions) *
sizeof(long long);
utarray_free(rule_state->all_hit_conditions);
rule_state->all_hit_conditions = NULL;
utarray_free(rule_compile_state->all_hit_conditions);
rule_compile_state->all_hit_conditions = NULL;
}
if (rule_state->this_scan_hit_conditions != NULL) {
free_bytes += utarray_size(rule_state->this_scan_hit_conditions) *
if (rule_compile_state->this_scan_hit_conditions != NULL) {
free_bytes += utarray_size(rule_compile_state->this_scan_hit_conditions) *
sizeof(long long);
utarray_free(rule_state->this_scan_hit_conditions);
rule_state->this_scan_hit_conditions = NULL;
utarray_free(rule_compile_state->this_scan_hit_conditions);
rule_compile_state->this_scan_hit_conditions = NULL;
}
if (rule_state->this_scan_hit_not_conditions != NULL) {
free_bytes += utarray_size(rule_state->this_scan_hit_not_conditions) *
if (rule_compile_state->this_scan_hit_not_conditions != NULL) {
free_bytes += utarray_size(rule_compile_state->this_scan_hit_not_conditions) *
sizeof(long long);
utarray_free(rule_state->this_scan_hit_not_conditions);
rule_state->this_scan_hit_not_conditions = NULL;
utarray_free(rule_compile_state->this_scan_hit_not_conditions);
rule_compile_state->this_scan_hit_not_conditions = NULL;
}
if (rule_state->exclude_not_conditions != NULL) {
free_bytes += utarray_size(rule_state->exclude_not_conditions) *
if (rule_compile_state->exclude_not_conditions != NULL) {
free_bytes += utarray_size(rule_compile_state->exclude_not_conditions) *
sizeof(long long);
utarray_free(rule_state->exclude_not_conditions);
rule_state->exclude_not_conditions = NULL;
utarray_free(rule_compile_state->exclude_not_conditions);
rule_compile_state->exclude_not_conditions = NULL;
}
if (rule_state->direct_hit_objects != NULL) {
free_bytes += utarray_size(rule_state->direct_hit_objects) *
if (rule_compile_state->direct_hit_objects != NULL) {
free_bytes += utarray_size(rule_compile_state->direct_hit_objects) *
sizeof(struct maat_hit_object);
utarray_free(rule_state->direct_hit_objects);
rule_state->direct_hit_objects = NULL;
utarray_free(rule_compile_state->direct_hit_objects);
rule_compile_state->direct_hit_objects = NULL;
}
if (rule_state->indirect_hit_objects != NULL) {
free_bytes += utarray_size(rule_state->indirect_hit_objects) *
if (rule_compile_state->indirect_hit_objects != NULL) {
free_bytes += utarray_size(rule_compile_state->indirect_hit_objects) *
sizeof(struct maat_hit_object);
utarray_free(rule_state->indirect_hit_objects);
rule_state->indirect_hit_objects = NULL;
utarray_free(rule_compile_state->indirect_hit_objects);
rule_compile_state->indirect_hit_objects = NULL;
}
if (rule_state->last_hit_objects != NULL) {
free_bytes += utarray_size(rule_state->last_hit_objects) *
if (rule_compile_state->last_hit_objects != NULL) {
free_bytes += utarray_size(rule_compile_state->last_hit_objects) *
sizeof(struct maat_hit_object);
utarray_free(rule_state->last_hit_objects);
rule_state->last_hit_objects = NULL;
utarray_free(rule_compile_state->last_hit_objects);
rule_compile_state->last_hit_objects = NULL;
}
if (rule_state->hit_rule_table_ids != NULL) {
free_bytes += utarray_size(rule_state->hit_rule_table_ids) *
if (rule_compile_state->hit_rule_table_ids != NULL) {
free_bytes += utarray_size(rule_compile_state->hit_rule_table_ids) *
sizeof(struct rule2table_id);
utarray_free(rule_state->hit_rule_table_ids);
rule_state->hit_rule_table_ids = NULL;
utarray_free(rule_compile_state->hit_rule_table_ids);
rule_compile_state->hit_rule_table_ids = NULL;
}
free_bytes += rule_state_hit_not_tbl_objects_free(rule_state);
free_bytes += rule_compile_state_hit_not_tbl_objects_free(rule_compile_state);
FREE(rule_state);
FREE(rule_compile_state);
free_bytes += sizeof(struct rule_state);
free_bytes += sizeof(struct rule_compile_state);
alignment_int64_array_add(maat_inst->stat->maat_state_free_bytes,
thread_id, free_bytes);
}
static void
rule_state_add_internal_hit_path(struct rule_state *rule_state,
rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
long long item_id, long long object_id,
int attribute_id, int negate_option, int Nth_scan)
{
if (NULL == rule_state) {
if (NULL == rule_compile_state) {
return;
}
@@ -1583,7 +1561,7 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state,
new_path.attribute_id = attribute_id;
new_path.negate_option = negate_option;
utarray_push_back(rule_state->internal_hit_paths, &new_path);
utarray_push_back(rule_compile_state->internal_hit_paths, &new_path);
}
static int maat_rule_has_condition_query_key(struct maat_rule *rule,
@@ -1724,7 +1702,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
}
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_state *rule_state,
struct rule_compile_state *rule_compile_state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path)
{
@@ -1736,14 +1714,14 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
(thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0);
if (rule_state->rule_rt_version != rule_rt->version) {
if (rule_compile_state->rule_rt_version != rule_rt->version) {
return 0;
}
int bool_match_ret =
bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0),
utarray_len(rule_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);
(unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);
for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag;
@@ -1773,11 +1751,11 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
}
static void
rule_state_add_direct_hit_objects(struct rule_state *rule_state,
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items,
size_t n_hit_items, int attribute_id)
{
if (NULL == rule_state || NULL == hit_items) {
if (NULL == rule_compile_state || NULL == hit_items) {
return;
}
@@ -1786,16 +1764,16 @@ rule_state_add_direct_hit_objects(struct rule_state *rule_state,
hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id;
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->direct_hit_objects, &hit_object);
utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object);
}
}
static void
rule_state_add_indirect_hit_objects(struct rule_state *rule_state,
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
long long *object_ids,
size_t n_object_ids, int attribute_id)
{
if (NULL == rule_state || NULL == object_ids) {
if (NULL == rule_compile_state || NULL == object_ids) {
return;
}
@@ -1804,92 +1782,92 @@ rule_state_add_indirect_hit_objects(struct rule_state *rule_state,
hit_object.item_id = 0;
hit_object.object_id = object_ids[i];
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->indirect_hit_objects, &hit_object);
utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object);
}
}
static void
rule_state_add_hit_conditions(struct rule_state *rule_state,
rule_compile_state_add_hit_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array)
{
size_t i = 0;
long long *condition_id = NULL;
size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_conditions);
size_t new_condition_idx = utarray_len(rule_compile_state->this_scan_hit_conditions);
for (i = 0; i < utarray_len(condition_id_array); i++) {
condition_id = (long long *)utarray_eltptr(condition_id_array, i);
if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) {
if (utarray_find(rule_compile_state->all_hit_conditions, condition_id, compare_condition_id)) {
continue;
}
utarray_push_back(rule_state->this_scan_hit_conditions, condition_id);
utarray_push_back(rule_compile_state->this_scan_hit_conditions, condition_id);
}
if ((utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx) > 0) {
utarray_reserve(rule_state->all_hit_conditions,
utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx);
if ((utarray_len(rule_compile_state->this_scan_hit_conditions) - new_condition_idx) > 0) {
utarray_reserve(rule_compile_state->all_hit_conditions,
utarray_len(rule_compile_state->this_scan_hit_conditions) - new_condition_idx);
for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_conditions); i++) {
condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_conditions, i);
utarray_push_back(rule_state->all_hit_conditions, condition_id);
for (i = new_condition_idx; i < utarray_len(rule_compile_state->this_scan_hit_conditions); i++) {
condition_id = (long long *)utarray_eltptr(rule_compile_state->this_scan_hit_conditions, i);
utarray_push_back(rule_compile_state->all_hit_conditions, condition_id);
}
utarray_sort(rule_state->all_hit_conditions, compare_condition_id);
utarray_sort(rule_compile_state->all_hit_conditions, compare_condition_id);
}
}
static void
rule_state_add_exclude_not_conditions(struct rule_state *rule_state,
rule_compile_state_add_exclude_not_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array)
{
for (size_t i = 0; i < utarray_len(condition_id_array); i++) {
long long *condition_id = (long long *)utarray_eltptr(condition_id_array, i);
if (utarray_find(rule_state->exclude_not_conditions, condition_id,
if (utarray_find(rule_compile_state->exclude_not_conditions, condition_id,
compare_condition_id)) {
continue;
}
utarray_push_back(rule_state->exclude_not_conditions, condition_id);
utarray_push_back(rule_compile_state->exclude_not_conditions, condition_id);
}
utarray_sort(rule_state->exclude_not_conditions, compare_condition_id);
utarray_sort(rule_compile_state->exclude_not_conditions, compare_condition_id);
}
static void
rule_state_add_hit_not_conditions(struct rule_state *rule_state,
rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array)
{
size_t i = 0;
long long *condition_id = NULL;
size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_not_conditions);
size_t new_condition_idx = utarray_len(rule_compile_state->this_scan_hit_not_conditions);
for (i = 0; i < utarray_len(condition_id_array); i++) {
condition_id = (long long *)utarray_eltptr(condition_id_array, i);
if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) {
if (utarray_find(rule_compile_state->all_hit_conditions, condition_id, compare_condition_id)) {
continue;
}
if (utarray_find(rule_state->exclude_not_conditions, condition_id, compare_condition_id)) {
if (utarray_find(rule_compile_state->exclude_not_conditions, condition_id, compare_condition_id)) {
continue;
}
utarray_push_back(rule_state->this_scan_hit_not_conditions, condition_id);
utarray_push_back(rule_compile_state->this_scan_hit_not_conditions, condition_id);
}
if ((utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) {
utarray_reserve(rule_state->all_hit_conditions,
utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx);
if ((utarray_len(rule_compile_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) {
utarray_reserve(rule_compile_state->all_hit_conditions,
utarray_len(rule_compile_state->this_scan_hit_not_conditions) - new_condition_idx);
for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) {
condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i);
utarray_push_back(rule_state->all_hit_conditions, condition_id);
for (i = new_condition_idx; i < utarray_len(rule_compile_state->this_scan_hit_not_conditions); i++) {
condition_id = (long long *)utarray_eltptr(rule_compile_state->this_scan_hit_not_conditions, i);
utarray_push_back(rule_compile_state->all_hit_conditions, condition_id);
}
utarray_sort(rule_state->all_hit_conditions, compare_condition_id);
utarray_sort(rule_compile_state->all_hit_conditions, compare_condition_id);
}
}
static void
rule_state_update_hit_conditions(struct rule_state *rule_state,
rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
long long object_id, int attribute_id)
{
if (NULL == rule_state || NULL == rule_rt) {
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
}
@@ -1898,23 +1876,23 @@ rule_state_update_hit_conditions(struct rule_state *rule_state,
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_state_add_hit_conditions(rule_state, condition_id_kv->condition_ids);
rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids);
}
key.negate_option = 1;
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_state_add_exclude_not_conditions(rule_state, condition_id_kv->condition_ids);
rule_compile_state_add_exclude_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
}
}
static void
rule_state_cache_hit_not_objects(struct rule_state *rule_state,
rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
long long *hit_object_ids,
size_t n_hit_object_id, int attribute_id)
{
if (NULL == rule_state || NULL == rule_rt) {
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
}
@@ -1923,7 +1901,7 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state,
}
struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
if (tbl_object != NULL) {
for (size_t i = 0; i < n_hit_object_id; i++) {
long long *object_id = (long long *)utarray_find(tbl_object->object_ids,
@@ -1954,7 +1932,7 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state,
tbl_object = ALLOC(struct table_object, 1);
tbl_object->attribute_id = attribute_id;
utarray_new(tbl_object->object_ids, &ut_rule_object_id_icd);
HASH_ADD_INT(rule_state->hit_not_tbl_objects, attribute_id, tbl_object);
HASH_ADD_INT(rule_compile_state->hit_not_tbl_objects, attribute_id, tbl_object);
}
if (!utarray_find(tbl_object->object_ids, &(condition_id_kv->key.object_id),
@@ -1968,12 +1946,12 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state,
}
}
int rule_state_get_rule_table_id(struct rule_state *rule_state,
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id)
{
struct rule2table_id *tmp = NULL;
tmp = utarray_find(rule_state->hit_rule_table_ids, &rule_id,
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id);
if (NULL == tmp) {
return -1;
@@ -2456,12 +2434,12 @@ static int compare_rule_item(const void *a, const void *b)
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
size_t rule_ids_size, struct maat_state *state)
{
struct rule_state *rule_state = state->rule_state;
struct rule_compile_state *rule_compile_state = state->rule_compile_state;
struct rule_item *rule_items[rule_ids_size];
// all hit condition_id -> rule_id
size_t bool_match_ret =
maat_rule_bool_matcher_match(rule_rt, rule_state,
maat_rule_bool_matcher_match(rule_rt, rule_compile_state,
state->thread_id,
(void **)rule_items,
rule_ids_size);
@@ -2477,7 +2455,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
return MIN(bool_match_ret, rule_ids_size);
}
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item)
{
@@ -2486,9 +2464,9 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
long long hit_object_ids[MAX_HIT_OBJECT_NUM];
struct maat_hit_object hit_object;
utarray_clear(rule_state->this_scan_hit_conditions);
rule_state->this_scan_not_logic = 0;
rule_state->Nth_scan = Nth_scan;
utarray_clear(rule_compile_state->this_scan_hit_conditions);
rule_compile_state->this_scan_not_logic = 0;
rule_compile_state->Nth_scan = Nth_scan;
for (i = 0; i < hit_cnt; i++) {
hit_object_ids[i] = hit_items[i].object_id;
@@ -2496,7 +2474,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id;
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->last_hit_objects, &hit_object);
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
@@ -2510,19 +2488,19 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
hit_object.item_id = 0;
hit_object.object_id = super_object_ids[i];
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->last_hit_objects, &hit_object);
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) {
rule_state_add_internal_hit_path(rule_state, hit_items[i].item_id,
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_id,
hit_items[i].object_id, attribute_id, 0, Nth_scan);
}
}
if (1 == maat_inst->opts.hit_object_on) {
rule_state_add_direct_hit_objects(rule_state, hit_items, hit_cnt, attribute_id);
rule_state_add_indirect_hit_objects(rule_state, super_object_ids,
rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_id);
rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_ids,
super_object_cnt, attribute_id);
}
@@ -2543,39 +2521,39 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
}
for (i = 0; i < hit_cnt; i++) {
rule_state_update_hit_conditions(rule_state, rule_rt,
rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt,
hit_object_ids[i], attribute_id);
}
rule_state_cache_hit_not_objects(rule_state, rule_rt, hit_object_ids,
rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_ids,
hit_cnt, attribute_id);
return hit_cnt;
}
void rule_state_clear_last_hit_object(struct rule_state *rule_state)
void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_compile_state)
{
if (NULL == rule_state) {
if (NULL == rule_compile_state) {
return;
}
utarray_clear(rule_state->last_hit_objects);
utarray_clear(rule_compile_state->last_hit_objects);
}
void rule_state_not_logic_update(struct rule_state *rule_state,
void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int attribute_id,
int Nth_scan)
{
if (NULL == rule_state || NULL == maat_inst) {
if (NULL == rule_compile_state || NULL == maat_inst) {
return;
}
rule_state->this_scan_not_logic = 1;
rule_state->Nth_scan = Nth_scan;
utarray_clear(rule_state->this_scan_hit_not_conditions);
rule_compile_state->this_scan_not_logic = 1;
rule_compile_state->Nth_scan = Nth_scan;
utarray_clear(rule_compile_state->this_scan_hit_not_conditions);
struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
if (NULL == tbl_object) {
return;
}
@@ -2590,62 +2568,62 @@ void rule_state_not_logic_update(struct rule_state *rule_state,
continue;
}
rule_state_add_hit_not_conditions(rule_state, condition_id_kv->condition_ids);
rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
if (1 == maat_inst->opts.hit_path_on) {
rule_state_add_internal_hit_path(rule_state, -1, *object_id,
rule_compile_state_add_internal_hit_path(rule_compile_state, -1, *object_id,
attribute_id, 1, Nth_scan);
}
}
}
size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state,
size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array,
size_t array_size)
{
size_t i = 0;
struct maat_hit_object *hit_object = NULL;
for (i = 0; i < utarray_len(rule_state->indirect_hit_objects) && i < array_size; i++) {
for (i = 0; i < utarray_len(rule_compile_state->indirect_hit_objects) && i < array_size; i++) {
hit_object =
(struct maat_hit_object *)utarray_eltptr(rule_state->indirect_hit_objects, i);
(struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i);
object_array[i].item_id = hit_object->item_id;
object_array[i].object_id = hit_object->object_id;
object_array[i].attribute_id = hit_object->attribute_id;
}
utarray_clear(rule_state->indirect_hit_objects);
utarray_clear(rule_compile_state->indirect_hit_objects);
return i;
}
size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state)
size_t rule_compile_state_get_indirect_hit_object_cnt(struct rule_compile_state *rule_compile_state)
{
return utarray_len(rule_state->indirect_hit_objects);
return utarray_len(rule_compile_state->indirect_hit_objects);
}
size_t rule_state_get_last_hit_objects(struct rule_state *rule_state,
size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array,
size_t array_size)
{
size_t i = 0;
for (i = 0; i < utarray_len(rule_state->last_hit_objects) && i < array_size; i++) {
for (i = 0; i < utarray_len(rule_compile_state->last_hit_objects) && i < array_size; i++) {
object_array[i] =
*(struct maat_hit_object *)utarray_eltptr(rule_state->last_hit_objects, i);
*(struct maat_hit_object *)utarray_eltptr(rule_compile_state->last_hit_objects, i);
}
return i;
}
size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state)
size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state)
{
return utarray_len(rule_state->last_hit_objects);
return utarray_len(rule_compile_state->last_hit_objects);
}
size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state,
size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array,
size_t array_size)
{
UT_array *direct_hit_object = rule_state->direct_hit_objects;
UT_array *direct_hit_object = rule_compile_state->direct_hit_objects;
size_t i = 0;
struct maat_hit_object *object = NULL;
@@ -2656,17 +2634,17 @@ size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state,
object_array[i].attribute_id = object->attribute_id;
}
utarray_clear(rule_state->direct_hit_objects);
utarray_clear(rule_compile_state->direct_hit_objects);
return i;
}
size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state)
size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *rule_compile_state)
{
return utarray_len(rule_state->direct_hit_objects);
return utarray_len(rule_compile_state->direct_hit_objects);
}
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt,
struct maat_hit_path *hit_path_array,
@@ -2675,9 +2653,9 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
size_t hit_path_cnt = 0;
struct internal_hit_path *internal_path = NULL;
for (int i = 0; i < utarray_len(rule_state->internal_hit_paths); i++) {
for (int i = 0; i < utarray_len(rule_compile_state->internal_hit_paths); i++) {
internal_path =
(struct internal_hit_path *)utarray_eltptr(rule_state->internal_hit_paths, i);
(struct internal_hit_path *)utarray_eltptr(rule_compile_state->internal_hit_paths, i);
/*
NOTE: maybe one item has been deleted, but it's item_id still exist in internal_hit_paths
*/

9
test/CMakeLists.txt
View File

@@ -41,11 +41,12 @@ add_subdirectory(object_nesting)
add_subdirectory(ipport_plugin)
add_subdirectory(benchmark)
configure_file(table_info.conf table_info.conf COPYONLY)
configure_file(tsg_table_info.conf tsg_table_info.conf COPYONLY)
configure_file(file_test_tableinfo.conf file_test_tableinfo.conf COPYONLY)
configure_file(expr_matcher.conf expr_matcher.conf COPYONLY)
configure_file(table_info.json table_info.json COPYONLY)
configure_file(tsg_table_info.json tsg_table_info.json COPYONLY)
configure_file(file_test_tableinfo.json file_test_tableinfo.json COPYONLY)
configure_file(expr_matcher.json expr_matcher.json COPYONLY)
configure_file(maat_json.json maat_json.json COPYONLY)
configure_file(regex_expr.json regex_expr.json COPYONLY)
file(COPY ntcrule DESTINATION ./)
file(COPY tsgrule DESTINATION ./)

2
test/benchmark/benchmark_gtest.cpp
View File

@@ -28,7 +28,7 @@
#define PERF_THREAD_NUM 5
#define MAX_SCAN_TIMES 1000000
const char *g_table_info_path = "./benchmark_table_info.conf";
const char *g_table_info_path = "./benchmark_table_info.json";
struct log_handle *g_logger = NULL;
struct thread_param {

0
test/expr_matcher.conf → test/expr_matcher.json
View File

60
test/expr_matcher_gtest.cpp
View File

@@ -294,7 +294,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_normal_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -351,7 +351,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_normal_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -408,7 +408,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_left_unlimit_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -466,7 +466,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_left_unlimit_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -524,7 +524,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_right_unlimit_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -591,7 +591,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_right_unlimit_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -658,7 +658,7 @@ TEST(hs_expr_matcher_match, literal_sub_with_no_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -716,7 +716,7 @@ TEST(rs_expr_matcher_match, literal_sub_with_no_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -774,7 +774,7 @@ TEST(hs_expr_matcher_match, literal_exactly)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -822,7 +822,7 @@ TEST(rs_expr_matcher_match, literal_exactly)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -871,7 +871,7 @@ TEST(hs_expr_matcher_match, literal_prefix)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -931,7 +931,7 @@ TEST(rs_expr_matcher_match, literal_prefix)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -991,7 +991,7 @@ TEST(hs_expr_matcher_match, literal_suffix)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1051,7 +1051,7 @@ TEST(rs_expr_matcher_match, literal_suffix)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1111,7 +1111,7 @@ TEST(hs_expr_matcher_match, literal_sub_with_hex)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1150,7 +1150,7 @@ TEST(rs_expr_matcher_match, literal_sub_with_hex)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1189,7 +1189,7 @@ TEST(hs_expr_matcher_match, literal_with_chinese)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1218,7 +1218,7 @@ TEST(rs_expr_matcher_match, literal_with_chinese)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1247,7 +1247,7 @@ TEST(hs_expr_matcher_match, same_pattern_different_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1276,7 +1276,7 @@ TEST(rs_expr_matcher_match, same_pattern_different_offset)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1305,7 +1305,7 @@ TEST(hs_expr_matcher_match, long_scan_data)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1336,7 +1336,7 @@ TEST(rs_expr_matcher_match, long_scan_data)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1367,7 +1367,7 @@ TEST(expr_matcher_match, regex_expression_check)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./regex_expr.conf", rules, &n_rule);
int ret = parse_config_file("./regex_expr.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < n_rule; i++) {
@@ -1384,7 +1384,7 @@ TEST(hs_expr_matcher_stream, basic)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1428,7 +1428,7 @@ TEST(rs_expr_matcher_stream, basic)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1471,7 +1471,7 @@ TEST(hs_expr_matcher, regex_basic)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger);
@@ -1504,7 +1504,7 @@ TEST(rs_expr_matcher, regex_basic)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger);
@@ -1538,7 +1538,7 @@ TEST(hs_expr_matcher, regex_unicode)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1566,7 +1566,7 @@ TEST(rs_expr_matcher, regex_unicode)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =
@@ -1594,7 +1594,7 @@ TEST(hs_expr_matcher, hit_pattern_num)
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule);
int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct expr_matcher *matcher =

0
test/file_test_tableinfo.conf → test/file_test_tableinfo.json
View File

2
test/ipport_plugin/ipport_plugin_gtest.cpp
View File

@@ -14,7 +14,7 @@
#define ARRAY_SIZE 10
#define PERF_scan_times 1000 * 1000
const char *g_table_info_path = "./ipport_plugin_table_info.conf";
const char *g_table_info_path = "./ipport_plugin_table_info.json";
const char *log_file = "./ipport_plugin_gtest.log";
const char *g_ip_str = "116.71.169.140";

2
test/maat_ex_data_gtest.cpp
View File

@@ -9,7 +9,7 @@
#include <gtest/gtest.h>
#include <limits.h>
const char *g_table_info_path = "./table_info.conf";
const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json";
struct log_handle *g_logger = NULL;
struct maat *g_maat_inst = NULL;

4
test/maat_framework_gtest.cpp
View File

@@ -19,7 +19,7 @@
#define HIT_PATH_SIZE 128
#define WAIT_FOR_EFFECTIVE_S 2
const char *g_table_info_path = "./table_info.conf";
const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json";
size_t g_thread_num = 4;
@@ -6978,7 +6978,7 @@ class FileTest : public testing::Test
protected:
static void SetUpTestCase() {
const char *rule_folder = "./ntcrule/full/index";
const char *table_info = "./file_test_tableinfo.conf";
const char *table_info = "./file_test_tableinfo.json";
struct maat_options *opts = maat_options_new();
maat_options_set_caller_thread_number(opts, g_thread_num);

4
test/maat_framework_perf_gtest.cpp
View File

@@ -18,7 +18,7 @@
#define PERF_THREAD_NUM 5
#define PERF_SCAN_TIMES 1000 * 1000
const char *g_table_info_path = "./table_info.conf";
const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json";
struct thread_param {
@@ -1495,7 +1495,7 @@ protected:
static void SetUpTestCase() {
logger = log_handle_create("./maat_framework_perf_gtest.log", 0);
const char *rule_folder = "./tsgrule/index";
const char *table_info = "./tsg_table_info.conf";
const char *table_info = "./tsg_table_info.json";
struct maat_options *opts = maat_options_new();
maat_options_set_stat_file(opts, "./stat.log");

2
test/maat_input_mode_gtest.cpp
View File

@@ -11,7 +11,7 @@
#define MODULE_INPUT_MODE_GTEST module_name_str("maat.input_mode_gtest")
const char *g_table_info_path = "./table_info.conf";
const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json";
struct log_handle *g_logger = NULL;

2
test/object_nesting/object_nesting_gtest.cpp
View File

@@ -15,7 +15,7 @@
#define WAIT_FOR_EFFECTIVE_S 2
#define MAX_G2G_SCAN_TIMES (1000 * 1000)
const char *g_table_info_path = "./object_exclude_table_info.conf";
const char *g_table_info_path = "./object_exclude_table_info.json";
const char *log_file = "./object_exclude_gtest.log";
struct object_item {

111
test/regex_expr.json Normal file
View File

@@ -0,0 +1,111 @@
{
"expr_rules": [
{
"rule_id": 301,
"pattern_num": 1,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[W|w]orld dream"
}
]
},
{
"rule_id": 302,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]today"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]Lunch"
}
]
},
{
"rule_id": 303,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "Cookie:\\s"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "head"
}
]
},
{
"rule_id": 304,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "123^abc"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "^123"
}
]
},
{
"rule_id": 305,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "^123"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "123^abc"
}
]
},
{
"rule_id": 306,
"pattern_num": 1,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "^[1-9]\\d{5}(18|19|([23]\\d))\\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\\d{3}[0-9Xx]$"
}
]
}
]
}

1
test/table_info.conf → test/table_info.json
View File

@@ -207,6 +207,7 @@
"table_name":"IMAGE_FP",
"table_type":"expr",
"valid_column":5,
"supported_attributes":["HTTP_URL", "HTTP_REQ_BODY"],
"custom": {
"item_id":1,
"object_id":2,

0
test/tsg_table_info.conf → test/tsg_table_info.json
View File

2
tools/maat_redis_tool.cpp
View File

@@ -22,7 +22,7 @@
#define WORK_MODE_TEST_TRANS 2
const char *redis_dump_dir = "./redis_dump";
const char *default_table_info = "./table_info.conf";
const char *default_table_info = "./table_info.json";
static void maat_tool_print_usage(void)
{