diff --git a/.gitignore b/.gitignore index e7b5faf..7057e09 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Vscode .vscode/* +.cache/* # build build/* diff --git a/docs/configuration_management.md b/docs/configuration_management.md index efa2f6e..4410b18 100644 --- a/docs/configuration_management.md +++ b/docs/configuration_management.md @@ -153,7 +153,7 @@ To add a new table to the configuration, the following files need to be modified * Add the new table path and entry count to the table file index. -* Add the table information to the table description file (table_info.conf). +* Add the table information to the table description file (table_info.json). * Modify the configuration summary table to apply the new configuration. Ensure that the total number of configurations in the first row matches the actual number of configuration lines. diff --git a/docs/getting_started.md b/docs/getting_started.md index cc92a95..d3f3383 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -35,7 +35,7 @@ In the scanning scenario, it is necessary to configure the schema of multiple ta **(1) table schema** -Table schema is stored in a json file(such as table_info.conf), which is loaded when maat instance is created. +Table schema is stored in a json file(such as table_info.json), which is loaded when maat instance is created. ```json [ @@ -142,7 +142,7 @@ Configurations are stored in a json file(such as maat_json.json), which is loade #define ARRAY_SIZE 16 const char *json_filename = "./maat_json.json"; -const char *table_info_path = "./table_info.conf"; +const char *table_info_path = "./table_info.json"; int main() { @@ -151,14 +151,14 @@ int main() maat_options_set_json_file(opts, json_filename); maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO); - /* create maat instance, rules in table_info.conf will be loaded. */ + /* create maat instance, rules in table_info.json will be loaded. */ struct maat *maat_instance = maat_new(opts, table_info_path); assert(maat_instance != NULL); maat_options_free(opts); const char *table_name = "HTTP_URL"; /* maat_json.json has HTTP_URL rule */ int table_id = maat_get_table_id(maat_instance, table_name); - assert(table_id == 3); /* defined in table_info.conf */ + assert(table_id == 3); /* defined in table_info.json */ int thread_id = 0; long long results[ARRAY_SIZE] = {0}; @@ -171,7 +171,7 @@ int main() const char *scan_data = "Hello Maat, nice to meet you"; /** - * Becase maat instance has loaded rule in table_info.conf which keywords is "Hello Maat", + * Becase maat instance has loaded rule in table_info.json which keywords is "Hello Maat", so maat_scan_string should return hit flag and rule's rule_id stored in results array. */ int ret = maat_scan_string(maat_instance, table_id, scan_data, strlen(scan_data), @@ -241,7 +241,7 @@ In the callback scenario, only the schema of the corresponding table needs to be #define ARRAY_SIZE 16 const char *json_filename = "./maat_json.json"; -const char *table_info_path = "./table_info.conf"; +const char *table_info_path = "./table_info.json"; struct ip_plugin_ud { long long rule_id; @@ -298,14 +298,14 @@ int main() maat_options_set_json_file(opts, json_filename); maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO); - /* create maat instance, rules in table_info.conf will be loaded. */ + /* create maat instance, rules in table_info.json will be loaded. */ struct maat *maat_instance = maat_new(opts, table_info_path); assert(maat_instance != NULL); maat_options_free(opts); const char *table_name = "TEST_IP_PLUGIN_WITH_EXDATA"; /* maat_json.json has TEST_IP_PLUGIN_WITH_EXDATA rule */ int table_id = maat_get_table_id(maat_instance, table_name); - assert(table_id == 1); /* defined in table_info.conf */ + assert(table_id == 1); /* defined in table_info.json */ int ret = maat_plugin_table_ex_schema_register(maat_inst, table_name, ip_plugin_ex_new_cb, diff --git a/docs/maat_table.md b/docs/maat_table.md index aade183..ddba57b 100644 --- a/docs/maat_table.md +++ b/docs/maat_table.md @@ -59,7 +59,7 @@ Describe matching rules for strings. | **is_hexbin** | INT | 0(not HEX & case insensitive, this is default value) 1(HEX & case sensitive) 2(not HEX & case sensitive) | | **is_valid** | INT | 0(invalid), 1(valid) | -The table schema is stored in table_info.conf. +The table schema is stored in table_info.json. ```c { "table_id":3, //[0 ~ 1023], don't allow duplicate diff --git a/include/maat.h b/include/maat.h index 359e5cb..145c396 100644 --- a/include/maat.h +++ b/include/maat.h @@ -186,8 +186,9 @@ int maat_helper_verify_regex_expression(const char *expression); /* maat table API */ int maat_get_table_id(struct maat *instance, const char *table_name); +int maat_get_attribute_id(struct maat *instance, const char *attribute_name);//TODO: new API -const char *maat_get_table_schema_tag(struct maat *instance, int table_id); +const char *maat_get_table_schema_tag(struct maat *instance, int table_id);//TODO: delete /* return 0 if success, otherwise return -1 */ int maat_table_callback_register(struct maat *instance, int table_id, @@ -213,7 +214,7 @@ int maat_plugin_table_ex_schema_register(struct maat *instance, const char *tabl /** * NOTE: only plugin table support three key type(integer, pointer, ip_addr) - * specified in table_info.conf. If use ip_addr key type, then key should be + * specified in table_info.json. If use ip_addr key type, then key should be * ip address in network order. */ void *maat_plugin_table_get_ex_data(struct maat *instance, int table_id, diff --git a/src/inc_internal/maat_core.h b/src/inc_internal/maat_core.h index c50834c..e080423 100644 --- a/src/inc_internal/maat_core.h +++ b/src/inc_internal/maat_core.h @@ -189,7 +189,7 @@ struct maat { struct maat_state { struct maat *maat_inst; - struct rule_state *rule_state; + struct rule_compile_state *rule_compile_state; int Nth_scan; int district_id; //-1: Any District; -2: Unkonwn District; uint16_t thread_id; diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index 6a3dda3..f9634f9 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -60,7 +60,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids, size_t rule_ids_size, struct maat_state *state); size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, - struct rule_state *rule_state, + struct rule_compile_state *rule_compile_state, struct maat_hit_path *hit_path_array, size_t array_size, size_t n_hit_path); @@ -84,50 +84,50 @@ long long object2rule_runtime_rule_count(void *g2c_runtime); long long object2rule_runtime_update_err_count(void *g2c_runtime); /* maat rule state API */ -struct rule_state; -struct rule_state *rule_state_new(void); +struct rule_compile_state; +struct rule_compile_state *rule_compile_state_new(void); -void rule_state_reset(struct rule_state *rule_state); +void rule_compile_state_reset(struct rule_compile_state *rule_compile_state); -void rule_state_free(struct rule_state *rule_state, +void rule_compile_state_free(struct rule_compile_state *rule_compile_state, struct maat *maat_instance, int thread_id); -int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, +int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst, int attribute_id, int custom_rule_tbl_id, int Nth_scan, struct maat_item *hit_items, size_t n_hit_item); -void rule_state_clear_last_hit_object(struct rule_state *rule_state); +void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_state); -void rule_state_not_logic_update(struct rule_state *rule_state, +void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, struct maat *maat_inst, int attribute_id, int Nth_scan); -size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, +size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, struct object2object_runtime *g2g_rt, struct maat_hit_path *hit_path_array, size_t array_size); -size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state, +size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_hit_object *object_array, size_t array_size); -size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state); +size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *rule_compile_state); -size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state, +size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_hit_object *object_array, size_t array_size); -size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state); +size_t rule_compile_state_get_indirect_hit_object_cnt(struct rule_compile_state *rule_compile_state); -size_t rule_state_get_last_hit_objects(struct rule_state *rule_state, +size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_hit_object *object_arary, size_t array_size); -size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state); +size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state); -int rule_state_get_rule_table_id(struct rule_state *rule_state, +int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state, long long rule_id); #ifdef __cplusplus diff --git a/src/maat_api.c b/src/maat_api.c index 660d094..9d6f1c7 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -1766,12 +1766,12 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id, struct maat *maat_inst = state->maat_inst; //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } - if (NULL == state->rule_state) { - state->rule_state = rule_state_new(); + if (NULL == state->rule_compile_state) { + state->rule_compile_state = rule_compile_state_new(); alignment_int64_array_add(maat_inst->stat->rule_state_cnt, state->thread_id, 1); } @@ -1787,7 +1787,7 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id, hit_items[i].object_id = objects[i].object_id; } - rule_state_update(state->rule_state, maat_inst, table_id, + rule_compile_state_update(state->rule_compile_state, maat_inst, table_id, state->rule_table_id, state->Nth_scan, hit_items, n_hit_item); } @@ -1813,11 +1813,11 @@ maat_state_activate_hit_not_object(struct maat_state *state, int table_id) } //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } - rule_state_not_logic_update(state->rule_state, rule_rt, maat_inst, + rule_compile_state_not_logic_update(state->rule_compile_state, rule_rt, maat_inst, table_id, state->Nth_scan); } @@ -1883,7 +1883,7 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id, return -1; } - if (NULL == state->rule_state) { + if (NULL == state->rule_compile_state) { return 0; } @@ -2149,8 +2149,8 @@ void maat_state_reset(struct maat_state *state) state->district_id = DISTRICT_ANY; state->Nth_scan = 0; - if (state->rule_state != NULL) { - rule_state_reset(state->rule_state); + if (state->rule_compile_state != NULL) { + rule_compile_state_reset(state->rule_compile_state); } } @@ -2165,9 +2165,9 @@ void maat_state_free(struct maat_state *state) struct maat *maat_inst = state->maat_inst; long long thread_id = state->thread_id; - if (state->rule_state != NULL) { - rule_state_free(state->rule_state, maat_inst, thread_id); - state->rule_state = NULL; + if (state->rule_compile_state != NULL) { + rule_compile_state_free(state->rule_compile_state, maat_inst, thread_id); + state->rule_compile_state = NULL; alignment_int64_array_add(maat_inst->stat->rule_state_cnt, thread_id, -1); } @@ -2272,7 +2272,7 @@ int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids, } for (size_t i = 0; i < n_rule_ids; i++) { - rule_table_ids[i] = rule_state_get_rule_table_id(state->rule_state, + rule_table_ids[i] = rule_compile_state_get_rule_table_id(state->rule_compile_state, rule_ids[i]); } @@ -2293,7 +2293,7 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat return -1; } - if (NULL == state->rule_state) { + if (NULL == state->rule_compile_state) { return 0; } @@ -2313,13 +2313,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id); size_t hit_path_cnt = - rule_state_get_internal_hit_paths(state->rule_state, + rule_compile_state_get_internal_hit_paths(state->rule_compile_state, (struct rule_runtime *)rule_rt, (struct object2object_runtime *)g2g_runtime, path_array, array_size); return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt, - state->thread_id, state->rule_state, + state->thread_id, state->rule_compile_state, path_array, array_size, hit_path_cnt); } @@ -2340,21 +2340,21 @@ int maat_state_get_direct_hit_objects(struct maat_state *state, return -1; } - if (NULL == state->rule_state) { + if (NULL == state->rule_compile_state) { return 0; } - return rule_state_get_direct_hit_objects(state->rule_state, + return rule_compile_state_get_direct_hit_objects(state->rule_compile_state, object_array, array_size); } size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state) { - if (NULL == state || NULL == state->rule_state) { + if (NULL == state || NULL == state->rule_compile_state) { return 0; } - return rule_state_get_direct_hit_object_cnt(state->rule_state); + return rule_compile_state_get_direct_hit_object_cnt(state->rule_compile_state); } int maat_state_get_indirect_hit_objects(struct maat_state *state, @@ -2365,40 +2365,40 @@ int maat_state_get_indirect_hit_objects(struct maat_state *state, return -1; } - if (NULL == state->rule_state) { + if (NULL == state->rule_compile_state) { return 0; } - return rule_state_get_indirect_hit_objects(state->rule_state, + return rule_compile_state_get_indirect_hit_objects(state->rule_compile_state, object_array, array_size); } size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state) { - if (NULL == state || NULL == state->rule_state) { + if (NULL == state || NULL == state->rule_compile_state) { return 0; } - return rule_state_get_indirect_hit_object_cnt(state->rule_state); + return rule_compile_state_get_indirect_hit_object_cnt(state->rule_compile_state); } int maat_state_get_last_hit_objects(struct maat_state *state, struct maat_hit_object *object_array, size_t array_size) { - if (NULL == state || NULL == state->rule_state) { + if (NULL == state || NULL == state->rule_compile_state) { return 0; } - return rule_state_get_last_hit_objects(state->rule_state, + return rule_compile_state_get_last_hit_objects(state->rule_compile_state, object_array, array_size); } size_t maat_state_get_last_hit_object_cnt(struct maat_state *state) { - if (NULL == state || NULL == state->rule_state) { + if (NULL == state || NULL == state->rule_compile_state) { return 0; } - return rule_state_get_last_hit_object_cnt(state->rule_state); + return rule_compile_state_get_last_hit_object_cnt(state->rule_compile_state); } \ No newline at end of file diff --git a/src/maat_expr.c b/src/maat_expr.c index a4d9076..5286a64 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -954,8 +954,8 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, int attribute_id, struct maat_state *state) { //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } if (0 == expr_rt->rule_num) { @@ -1013,13 +1013,13 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, } next: - if (NULL == state->rule_state) { - state->rule_state = rule_state_new(); + if (NULL == state->rule_compile_state) { + state->rule_compile_state = rule_compile_state_new(); alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, state->thread_id, 1); } - return rule_state_update(state->rule_state, state->maat_inst, attribute_id, + return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_num); } @@ -1050,8 +1050,8 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt; //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } if (0 == expr_rt->rule_num) { @@ -1107,13 +1107,13 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, } next: - if (NULL == state->rule_state) { - state->rule_state = rule_state_new(); + if (NULL == state->rule_compile_state) { + state->rule_compile_state = rule_compile_state_new(); alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, state->thread_id, 1); } - return rule_state_update(state->rule_state, state->maat_inst, attribute_id, + return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_flag.c b/src/maat_flag.c index ed73dab..5f4aaaf 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -556,8 +556,8 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag, int attribute_id, struct maat_state *state) { //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } if (0 == flag_rt->rule_num) { @@ -609,13 +609,13 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, } next: - if (NULL == state->rule_state) { - state->rule_state = rule_state_new(); + if (NULL == state->rule_compile_state) { + state->rule_compile_state = rule_compile_state_new(); alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, state->thread_id, 1); } - return rule_state_update(state->rule_state, state->maat_inst, attribute_id, + return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_interval.c b/src/maat_interval.c index 81a8b05..f76db52 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -545,8 +545,8 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, long long integer, int attribute_id, struct maat_state *state) { //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } if (0 == interval_rt->rule_num) { @@ -598,13 +598,13 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, } next: - if (NULL == state->rule_state) { - state->rule_state = rule_state_new(); + if (NULL == state->rule_compile_state) { + state->rule_compile_state = rule_compile_state_new(); alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, state->thread_id, 1); } - return rule_state_update(state->rule_state, state->maat_inst, attribute_id, + return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_ip.c b/src/maat_ip.c index 86c3d78..3078001 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -523,8 +523,8 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state) { //clear rule_state->last_hit_object - if (state != NULL && state->rule_state != NULL) { - rule_state_clear_last_hit_object(state->rule_state); + if (state != NULL && state->rule_compile_state != NULL) { + rule_compile_state_clear_last_hit_object(state->rule_compile_state); } if (0 == ip_rt->rule_num) { @@ -593,13 +593,13 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, real_hit_item_cnt); } next: - if (NULL == state->rule_state) { - state->rule_state = rule_state_new(); + if (NULL == state->rule_compile_state) { + state->rule_compile_state = rule_compile_state_new(); alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, state->thread_id, 1); } - return rule_state_update(state->rule_state, state->maat_inst, attribute_id, + return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_rule.c b/src/maat_rule.c index 9fec6cc..144b2e7 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -163,7 +163,7 @@ struct rule2table_id { int table_id; }; -struct rule_state { +struct rule_compile_state { int Nth_scan; int this_scan_not_logic; time_t rule_rt_version; @@ -907,10 +907,9 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, // STEP 1, update condition_id of each rule void **data_array = NULL; struct maat_rule *iter_rule = NULL; - size_t node_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array); - *rule_cnt = node_cnt; + *rule_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array); - for (idx = 0; idx < node_cnt; idx++) { + for (idx = 0; idx < *rule_cnt; idx++) { iter_rule = (struct maat_rule *)data_array[idx]; has_condition_num = 0; for (i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { @@ -930,24 +929,12 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, // STEP 2, serial rule condition states to a bool expression array size_t expr_cnt = 0; - struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, node_cnt); + struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, *rule_cnt); - for (idx = 0; idx < node_cnt; idx++) { + for (idx = 0; idx < *rule_cnt; idx++) { iter_rule = (struct maat_rule *)data_array[idx]; for (i = 0, j = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { if (iter_rule->conditions[i].in_use) { -// TODO:mytest need to delete -#if 0 - struct condition_literal *tmp_cl = NULL; - for(tmp_cl = (struct condition_literal *)utarray_front(iter_rule->conditions[i].literals); tmp_cl !=NULL; - tmp_cl = (struct condition_literal *)utarray_next(iter_rule->conditions[i].literals, tmp_cl)) { - for (size_t it = 0; it < tmp_cl->object_cnt; it++) { - printf(" rule_rt:%p rule_id:%lld, condition_id:%llu, condition_query_key{%lld: %d, %d}\n", - rule_rt, iter_rule->rule_id, iter_rule->conditions[i].condition_id, tmp_cl->object_ids[it], - tmp_cl->attribute_id, iter_rule->conditions[i].negate_option); - } - } -#endif bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id; bool_expr_array[expr_cnt].items[j].negate_option = 0; j++; @@ -1124,7 +1111,7 @@ maat_rule_has_condition(struct maat_rule *rule, long long condition_id) } static size_t -rule_state_if_new_hit_rule(struct rule_state *rule_state, +rule_compile_state_if_new_hit_rule(struct rule_compile_state *rule_compile_state, struct maat_rule *rule) { size_t i = 0; @@ -1132,19 +1119,19 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state, int ret = 0; long long new_hit_condition_id = 0; - if (0 == rule_state->this_scan_not_logic) { - for (i = 0; i < utarray_len(rule_state->this_scan_hit_conditions); i++) { + if (0 == rule_compile_state->this_scan_not_logic) { + for (i = 0; i < utarray_len(rule_compile_state->this_scan_hit_conditions); i++) { new_hit_condition_id = - *(long long*)utarray_eltptr(rule_state->this_scan_hit_conditions, i); + *(long long*)utarray_eltptr(rule_compile_state->this_scan_hit_conditions, i); ret = maat_rule_has_condition(rule, new_hit_condition_id); if (ret) { r_in_c_cnt++; } } } else { - for (i = 0; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) { + for (i = 0; i < utarray_len(rule_compile_state->this_scan_hit_not_conditions); i++) { new_hit_condition_id = - *(long long*)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i); + *(long long*)utarray_eltptr(rule_compile_state->this_scan_hit_not_conditions, i); ret = maat_rule_has_condition(rule, new_hit_condition_id); if (ret) { r_in_c_cnt++; @@ -1156,20 +1143,20 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state, } static void -rule_state_update_hit_rule_table_id(struct rule_state *rule_state, +rule_compile_state_update_hit_rule_table_id(struct rule_compile_state *rule_compile_state, long long rule_id, int table_id) { - if (!utarray_find(rule_state->hit_rule_table_ids, &rule_id, + if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id, compare_rule_id)) { struct rule2table_id rule_table_id = {rule_id, table_id}; - utarray_push_back(rule_state->hit_rule_table_ids, &rule_table_id); - utarray_sort(rule_state->hit_rule_table_ids, compare_rule_id); + utarray_push_back(rule_compile_state->hit_rule_table_ids, &rule_table_id); + utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_id); } } static size_t maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, - struct rule_state *rule_state, + struct rule_compile_state *rule_compile_state, int thread_id, void **user_data_array, size_t ud_array_size) { @@ -1179,29 +1166,20 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, (thread_id * MAX_HIT_RULE_NUM); assert(thread_id >= 0); - if (0 == rule_state->rule_rt_version) { - rule_state->rule_rt_version = rule_rt->version; + if (0 == rule_compile_state->rule_rt_version) { + rule_compile_state->rule_rt_version = rule_rt->version; } if (NULL == rule_rt->bm || - 0 == utarray_len(rule_state->all_hit_conditions) || - rule_state->rule_rt_version != rule_rt->version) { + 0 == utarray_len(rule_compile_state->all_hit_conditions) || + rule_compile_state->rule_rt_version != rule_rt->version) { return 0; } - - //TODO:mytest need to delete - #if 0 - unsigned long long *p = utarray_eltptr(rule_state->all_hit_conditions, 0); - for (p = (unsigned long long *)utarray_front(rule_state->all_hit_conditions); p != NULL; - p = (unsigned long long *)utarray_next(rule_state->all_hit_conditions, p)) { - printf("before bool_matcher_match rule_rt:%p rule_state condition_id:%llu\n", rule_rt, *p); - } - #endif int bool_match_ret = bool_matcher_match(rule_rt->bm, - (unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0), - utarray_len(rule_state->all_hit_conditions), + (unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0), + utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM); for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) { rule = (struct maat_rule *)expr_match[i].user_tag; @@ -1212,12 +1190,12 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, } size_t n_new_hit_rule = - rule_state_if_new_hit_rule(rule_state, rule); + rule_compile_state_if_new_hit_rule(rule_compile_state, rule); if (rule->user_data != NULL && n_new_hit_rule > 0) { user_data_array[ud_result_cnt] = rule->user_data; ud_result_cnt++; - rule_state_update_hit_rule_table_id(rule_state, rule->rule_id, + rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_id, rule->table_id); } } @@ -1420,37 +1398,37 @@ static int maat_remove_object_from_rule(struct rcu_hash_table *hash_tbl, return 0; } -struct rule_state *rule_state_new(void) +struct rule_compile_state *rule_compile_state_new(void) { - struct rule_state *rule_state = ALLOC(struct rule_state, 1); + struct rule_compile_state *rule_compile_state = ALLOC(struct rule_compile_state, 1); - utarray_new(rule_state->internal_hit_paths, &ut_hit_path_icd); - utarray_new(rule_state->all_hit_conditions, &ut_condition_id_icd); - utarray_new(rule_state->this_scan_hit_conditions, &ut_condition_id_icd); - utarray_new(rule_state->this_scan_hit_not_conditions, &ut_condition_id_icd); - utarray_new(rule_state->exclude_not_conditions, &ut_condition_id_icd); - utarray_new(rule_state->direct_hit_objects, &ut_maat_hit_object_icd); - utarray_new(rule_state->indirect_hit_objects, &ut_maat_hit_object_icd); - utarray_new(rule_state->last_hit_objects, &ut_maat_hit_object_icd); - utarray_new(rule_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd); - rule_state->hit_not_tbl_objects = NULL; + utarray_new(rule_compile_state->internal_hit_paths, &ut_hit_path_icd); + utarray_new(rule_compile_state->all_hit_conditions, &ut_condition_id_icd); + utarray_new(rule_compile_state->this_scan_hit_conditions, &ut_condition_id_icd); + utarray_new(rule_compile_state->this_scan_hit_not_conditions, &ut_condition_id_icd); + utarray_new(rule_compile_state->exclude_not_conditions, &ut_condition_id_icd); + utarray_new(rule_compile_state->direct_hit_objects, &ut_maat_hit_object_icd); + utarray_new(rule_compile_state->indirect_hit_objects, &ut_maat_hit_object_icd); + utarray_new(rule_compile_state->last_hit_objects, &ut_maat_hit_object_icd); + utarray_new(rule_compile_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd); + rule_compile_state->hit_not_tbl_objects = NULL; - return rule_state; + return rule_compile_state; } static long long -rule_state_hit_not_tbl_objects_free(struct rule_state *rule_state) +rule_compile_state_hit_not_tbl_objects_free(struct rule_compile_state *rule_compile_state) { - if (NULL == rule_state) { + if (NULL == rule_compile_state) { return 0; } long long free_bytes = 0; struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL; - HASH_ITER(hh, rule_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) { + HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) { free_bytes += (sizeof(tbl_object) + utarray_len(tbl_object->object_ids) * sizeof(long long)); - HASH_DEL(rule_state->hit_not_tbl_objects, tbl_object); + HASH_DEL(rule_compile_state->hit_not_tbl_objects, tbl_object); if (tbl_object->object_ids != NULL) { utarray_free(tbl_object->object_ids); tbl_object->object_ids = NULL; @@ -1461,118 +1439,118 @@ rule_state_hit_not_tbl_objects_free(struct rule_state *rule_state) return free_bytes; } -void rule_state_reset(struct rule_state *rule_state) +void rule_compile_state_reset(struct rule_compile_state *rule_compile_state) { - if (NULL == rule_state) { + if (NULL == rule_compile_state) { return; } - rule_state->this_scan_not_logic = 0; - rule_state->Nth_scan = 0; - rule_state->rule_rt_version = 0; + rule_compile_state->this_scan_not_logic = 0; + rule_compile_state->Nth_scan = 0; + rule_compile_state->rule_rt_version = 0; - utarray_clear(rule_state->internal_hit_paths); - utarray_clear(rule_state->all_hit_conditions); - utarray_clear(rule_state->this_scan_hit_conditions); - utarray_clear(rule_state->this_scan_hit_not_conditions); - utarray_clear(rule_state->exclude_not_conditions); - utarray_clear(rule_state->direct_hit_objects); - utarray_clear(rule_state->indirect_hit_objects); - utarray_clear(rule_state->last_hit_objects); - utarray_clear(rule_state->hit_rule_table_ids); + utarray_clear(rule_compile_state->internal_hit_paths); + utarray_clear(rule_compile_state->all_hit_conditions); + utarray_clear(rule_compile_state->this_scan_hit_conditions); + utarray_clear(rule_compile_state->this_scan_hit_not_conditions); + utarray_clear(rule_compile_state->exclude_not_conditions); + utarray_clear(rule_compile_state->direct_hit_objects); + utarray_clear(rule_compile_state->indirect_hit_objects); + utarray_clear(rule_compile_state->last_hit_objects); + utarray_clear(rule_compile_state->hit_rule_table_ids); struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL; - HASH_ITER(hh, rule_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) { + HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) { utarray_clear(tbl_object->object_ids); } } -void rule_state_free(struct rule_state *rule_state, +void rule_compile_state_free(struct rule_compile_state *rule_compile_state, struct maat *maat_inst, int thread_id) { - if (NULL == rule_state) { + if (NULL == rule_compile_state) { return; } long long free_bytes = 0; - if (rule_state->internal_hit_paths != NULL) { - free_bytes += utarray_size(rule_state->internal_hit_paths) * + if (rule_compile_state->internal_hit_paths != NULL) { + free_bytes += utarray_size(rule_compile_state->internal_hit_paths) * sizeof(struct internal_hit_path); - utarray_free(rule_state->internal_hit_paths); - rule_state->internal_hit_paths = NULL; + utarray_free(rule_compile_state->internal_hit_paths); + rule_compile_state->internal_hit_paths = NULL; } - if (rule_state->all_hit_conditions != NULL) { - free_bytes += utarray_size(rule_state->all_hit_conditions) * + if (rule_compile_state->all_hit_conditions != NULL) { + free_bytes += utarray_size(rule_compile_state->all_hit_conditions) * sizeof(long long); - utarray_free(rule_state->all_hit_conditions); - rule_state->all_hit_conditions = NULL; + utarray_free(rule_compile_state->all_hit_conditions); + rule_compile_state->all_hit_conditions = NULL; } - if (rule_state->this_scan_hit_conditions != NULL) { - free_bytes += utarray_size(rule_state->this_scan_hit_conditions) * + if (rule_compile_state->this_scan_hit_conditions != NULL) { + free_bytes += utarray_size(rule_compile_state->this_scan_hit_conditions) * sizeof(long long); - utarray_free(rule_state->this_scan_hit_conditions); - rule_state->this_scan_hit_conditions = NULL; + utarray_free(rule_compile_state->this_scan_hit_conditions); + rule_compile_state->this_scan_hit_conditions = NULL; } - if (rule_state->this_scan_hit_not_conditions != NULL) { - free_bytes += utarray_size(rule_state->this_scan_hit_not_conditions) * + if (rule_compile_state->this_scan_hit_not_conditions != NULL) { + free_bytes += utarray_size(rule_compile_state->this_scan_hit_not_conditions) * sizeof(long long); - utarray_free(rule_state->this_scan_hit_not_conditions); - rule_state->this_scan_hit_not_conditions = NULL; + utarray_free(rule_compile_state->this_scan_hit_not_conditions); + rule_compile_state->this_scan_hit_not_conditions = NULL; } - if (rule_state->exclude_not_conditions != NULL) { - free_bytes += utarray_size(rule_state->exclude_not_conditions) * + if (rule_compile_state->exclude_not_conditions != NULL) { + free_bytes += utarray_size(rule_compile_state->exclude_not_conditions) * sizeof(long long); - utarray_free(rule_state->exclude_not_conditions); - rule_state->exclude_not_conditions = NULL; + utarray_free(rule_compile_state->exclude_not_conditions); + rule_compile_state->exclude_not_conditions = NULL; } - if (rule_state->direct_hit_objects != NULL) { - free_bytes += utarray_size(rule_state->direct_hit_objects) * + if (rule_compile_state->direct_hit_objects != NULL) { + free_bytes += utarray_size(rule_compile_state->direct_hit_objects) * sizeof(struct maat_hit_object); - utarray_free(rule_state->direct_hit_objects); - rule_state->direct_hit_objects = NULL; + utarray_free(rule_compile_state->direct_hit_objects); + rule_compile_state->direct_hit_objects = NULL; } - if (rule_state->indirect_hit_objects != NULL) { - free_bytes += utarray_size(rule_state->indirect_hit_objects) * + if (rule_compile_state->indirect_hit_objects != NULL) { + free_bytes += utarray_size(rule_compile_state->indirect_hit_objects) * sizeof(struct maat_hit_object); - utarray_free(rule_state->indirect_hit_objects); - rule_state->indirect_hit_objects = NULL; + utarray_free(rule_compile_state->indirect_hit_objects); + rule_compile_state->indirect_hit_objects = NULL; } - if (rule_state->last_hit_objects != NULL) { - free_bytes += utarray_size(rule_state->last_hit_objects) * + if (rule_compile_state->last_hit_objects != NULL) { + free_bytes += utarray_size(rule_compile_state->last_hit_objects) * sizeof(struct maat_hit_object); - utarray_free(rule_state->last_hit_objects); - rule_state->last_hit_objects = NULL; + utarray_free(rule_compile_state->last_hit_objects); + rule_compile_state->last_hit_objects = NULL; } - if (rule_state->hit_rule_table_ids != NULL) { - free_bytes += utarray_size(rule_state->hit_rule_table_ids) * + if (rule_compile_state->hit_rule_table_ids != NULL) { + free_bytes += utarray_size(rule_compile_state->hit_rule_table_ids) * sizeof(struct rule2table_id); - utarray_free(rule_state->hit_rule_table_ids); - rule_state->hit_rule_table_ids = NULL; + utarray_free(rule_compile_state->hit_rule_table_ids); + rule_compile_state->hit_rule_table_ids = NULL; } - free_bytes += rule_state_hit_not_tbl_objects_free(rule_state); + free_bytes += rule_compile_state_hit_not_tbl_objects_free(rule_compile_state); - FREE(rule_state); + FREE(rule_compile_state); - free_bytes += sizeof(struct rule_state); + free_bytes += sizeof(struct rule_compile_state); alignment_int64_array_add(maat_inst->stat->maat_state_free_bytes, thread_id, free_bytes); } static void -rule_state_add_internal_hit_path(struct rule_state *rule_state, +rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state, long long item_id, long long object_id, int attribute_id, int negate_option, int Nth_scan) { - if (NULL == rule_state) { + if (NULL == rule_compile_state) { return; } @@ -1583,7 +1561,7 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state, new_path.attribute_id = attribute_id; new_path.negate_option = negate_option; - utarray_push_back(rule_state->internal_hit_paths, &new_path); + utarray_push_back(rule_compile_state->internal_hit_paths, &new_path); } static int maat_rule_has_condition_query_key(struct maat_rule *rule, @@ -1724,7 +1702,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, } size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, - struct rule_state *rule_state, + struct rule_compile_state *rule_compile_state, struct maat_hit_path *hit_path_array, size_t array_size, size_t n_hit_path) { @@ -1736,14 +1714,14 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, (thread_id * MAX_HIT_RULE_NUM); assert(thread_id >= 0); - if (rule_state->rule_rt_version != rule_rt->version) { + if (rule_compile_state->rule_rt_version != rule_rt->version) { return 0; } int bool_match_ret = bool_matcher_match(rule_rt->bm, - (unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0), - utarray_len(rule_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM); + (unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0), + utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM); for (int idx = 0; idx < bool_match_ret; idx++) { rule = (struct maat_rule *)expr_match[idx].user_tag; @@ -1773,11 +1751,11 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, } static void -rule_state_add_direct_hit_objects(struct rule_state *rule_state, +rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_item *hit_items, size_t n_hit_items, int attribute_id) { - if (NULL == rule_state || NULL == hit_items) { + if (NULL == rule_compile_state || NULL == hit_items) { return; } @@ -1786,16 +1764,16 @@ rule_state_add_direct_hit_objects(struct rule_state *rule_state, hit_object.item_id = hit_items[i].item_id; hit_object.object_id = hit_items[i].object_id; hit_object.attribute_id = attribute_id; - utarray_push_back(rule_state->direct_hit_objects, &hit_object); + utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object); } } static void -rule_state_add_indirect_hit_objects(struct rule_state *rule_state, +rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state, long long *object_ids, size_t n_object_ids, int attribute_id) { - if (NULL == rule_state || NULL == object_ids) { + if (NULL == rule_compile_state || NULL == object_ids) { return; } @@ -1804,92 +1782,92 @@ rule_state_add_indirect_hit_objects(struct rule_state *rule_state, hit_object.item_id = 0; hit_object.object_id = object_ids[i]; hit_object.attribute_id = attribute_id; - utarray_push_back(rule_state->indirect_hit_objects, &hit_object); + utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object); } } static void -rule_state_add_hit_conditions(struct rule_state *rule_state, +rule_compile_state_add_hit_conditions(struct rule_compile_state *rule_compile_state, UT_array *condition_id_array) { size_t i = 0; long long *condition_id = NULL; - size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_conditions); + size_t new_condition_idx = utarray_len(rule_compile_state->this_scan_hit_conditions); for (i = 0; i < utarray_len(condition_id_array); i++) { condition_id = (long long *)utarray_eltptr(condition_id_array, i); - if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) { + if (utarray_find(rule_compile_state->all_hit_conditions, condition_id, compare_condition_id)) { continue; } - utarray_push_back(rule_state->this_scan_hit_conditions, condition_id); + utarray_push_back(rule_compile_state->this_scan_hit_conditions, condition_id); } - if ((utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx) > 0) { - utarray_reserve(rule_state->all_hit_conditions, - utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx); + if ((utarray_len(rule_compile_state->this_scan_hit_conditions) - new_condition_idx) > 0) { + utarray_reserve(rule_compile_state->all_hit_conditions, + utarray_len(rule_compile_state->this_scan_hit_conditions) - new_condition_idx); - for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_conditions); i++) { - condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_conditions, i); - utarray_push_back(rule_state->all_hit_conditions, condition_id); + for (i = new_condition_idx; i < utarray_len(rule_compile_state->this_scan_hit_conditions); i++) { + condition_id = (long long *)utarray_eltptr(rule_compile_state->this_scan_hit_conditions, i); + utarray_push_back(rule_compile_state->all_hit_conditions, condition_id); } - utarray_sort(rule_state->all_hit_conditions, compare_condition_id); + utarray_sort(rule_compile_state->all_hit_conditions, compare_condition_id); } } static void -rule_state_add_exclude_not_conditions(struct rule_state *rule_state, +rule_compile_state_add_exclude_not_conditions(struct rule_compile_state *rule_compile_state, UT_array *condition_id_array) { for (size_t i = 0; i < utarray_len(condition_id_array); i++) { long long *condition_id = (long long *)utarray_eltptr(condition_id_array, i); - if (utarray_find(rule_state->exclude_not_conditions, condition_id, + if (utarray_find(rule_compile_state->exclude_not_conditions, condition_id, compare_condition_id)) { continue; } - utarray_push_back(rule_state->exclude_not_conditions, condition_id); + utarray_push_back(rule_compile_state->exclude_not_conditions, condition_id); } - utarray_sort(rule_state->exclude_not_conditions, compare_condition_id); + utarray_sort(rule_compile_state->exclude_not_conditions, compare_condition_id); } static void -rule_state_add_hit_not_conditions(struct rule_state *rule_state, +rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compile_state, UT_array *condition_id_array) { size_t i = 0; long long *condition_id = NULL; - size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_not_conditions); + size_t new_condition_idx = utarray_len(rule_compile_state->this_scan_hit_not_conditions); for (i = 0; i < utarray_len(condition_id_array); i++) { condition_id = (long long *)utarray_eltptr(condition_id_array, i); - if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) { + if (utarray_find(rule_compile_state->all_hit_conditions, condition_id, compare_condition_id)) { continue; } - if (utarray_find(rule_state->exclude_not_conditions, condition_id, compare_condition_id)) { + if (utarray_find(rule_compile_state->exclude_not_conditions, condition_id, compare_condition_id)) { continue; } - utarray_push_back(rule_state->this_scan_hit_not_conditions, condition_id); + utarray_push_back(rule_compile_state->this_scan_hit_not_conditions, condition_id); } - if ((utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) { - utarray_reserve(rule_state->all_hit_conditions, - utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx); + if ((utarray_len(rule_compile_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) { + utarray_reserve(rule_compile_state->all_hit_conditions, + utarray_len(rule_compile_state->this_scan_hit_not_conditions) - new_condition_idx); - for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) { - condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i); - utarray_push_back(rule_state->all_hit_conditions, condition_id); + for (i = new_condition_idx; i < utarray_len(rule_compile_state->this_scan_hit_not_conditions); i++) { + condition_id = (long long *)utarray_eltptr(rule_compile_state->this_scan_hit_not_conditions, i); + utarray_push_back(rule_compile_state->all_hit_conditions, condition_id); } - utarray_sort(rule_state->all_hit_conditions, compare_condition_id); + utarray_sort(rule_compile_state->all_hit_conditions, compare_condition_id); } } static void -rule_state_update_hit_conditions(struct rule_state *rule_state, +rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, long long object_id, int attribute_id) { - if (NULL == rule_state || NULL == rule_rt) { + if (NULL == rule_compile_state || NULL == rule_rt) { return; } @@ -1898,23 +1876,23 @@ rule_state_update_hit_conditions(struct rule_state *rule_state, HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv); if (condition_id_kv != NULL) { - rule_state_add_hit_conditions(rule_state, condition_id_kv->condition_ids); + rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids); } key.negate_option = 1; HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv); if (condition_id_kv != NULL) { - rule_state_add_exclude_not_conditions(rule_state, condition_id_kv->condition_ids); + rule_compile_state_add_exclude_not_conditions(rule_compile_state, condition_id_kv->condition_ids); } } static void -rule_state_cache_hit_not_objects(struct rule_state *rule_state, +rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, long long *hit_object_ids, size_t n_hit_object_id, int attribute_id) { - if (NULL == rule_state || NULL == rule_rt) { + if (NULL == rule_compile_state || NULL == rule_rt) { return; } @@ -1923,7 +1901,7 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state, } struct table_object *tbl_object = NULL; - HASH_FIND(hh, rule_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object); + HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object); if (tbl_object != NULL) { for (size_t i = 0; i < n_hit_object_id; i++) { long long *object_id = (long long *)utarray_find(tbl_object->object_ids, @@ -1954,7 +1932,7 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state, tbl_object = ALLOC(struct table_object, 1); tbl_object->attribute_id = attribute_id; utarray_new(tbl_object->object_ids, &ut_rule_object_id_icd); - HASH_ADD_INT(rule_state->hit_not_tbl_objects, attribute_id, tbl_object); + HASH_ADD_INT(rule_compile_state->hit_not_tbl_objects, attribute_id, tbl_object); } if (!utarray_find(tbl_object->object_ids, &(condition_id_kv->key.object_id), @@ -1968,12 +1946,12 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state, } } -int rule_state_get_rule_table_id(struct rule_state *rule_state, +int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state, long long rule_id) { struct rule2table_id *tmp = NULL; - tmp = utarray_find(rule_state->hit_rule_table_ids, &rule_id, + tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id, compare_rule_id); if (NULL == tmp) { return -1; @@ -2456,12 +2434,12 @@ static int compare_rule_item(const void *a, const void *b) int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids, size_t rule_ids_size, struct maat_state *state) { - struct rule_state *rule_state = state->rule_state; + struct rule_compile_state *rule_compile_state = state->rule_compile_state; struct rule_item *rule_items[rule_ids_size]; // all hit condition_id -> rule_id size_t bool_match_ret = - maat_rule_bool_matcher_match(rule_rt, rule_state, + maat_rule_bool_matcher_match(rule_rt, rule_compile_state, state->thread_id, (void **)rule_items, rule_ids_size); @@ -2477,7 +2455,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids, return MIN(bool_match_ret, rule_ids_size); } -int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, +int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst, int attribute_id, int custom_rule_tbl_id, int Nth_scan, struct maat_item *hit_items, size_t n_hit_item) { @@ -2486,9 +2464,9 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, long long hit_object_ids[MAX_HIT_OBJECT_NUM]; struct maat_hit_object hit_object; - utarray_clear(rule_state->this_scan_hit_conditions); - rule_state->this_scan_not_logic = 0; - rule_state->Nth_scan = Nth_scan; + utarray_clear(rule_compile_state->this_scan_hit_conditions); + rule_compile_state->this_scan_not_logic = 0; + rule_compile_state->Nth_scan = Nth_scan; for (i = 0; i < hit_cnt; i++) { hit_object_ids[i] = hit_items[i].object_id; @@ -2496,7 +2474,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, hit_object.item_id = hit_items[i].item_id; hit_object.object_id = hit_items[i].object_id; hit_object.attribute_id = attribute_id; - utarray_push_back(rule_state->last_hit_objects, &hit_object); + utarray_push_back(rule_compile_state->last_hit_objects, &hit_object); } int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr); @@ -2510,19 +2488,19 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, hit_object.item_id = 0; hit_object.object_id = super_object_ids[i]; hit_object.attribute_id = attribute_id; - utarray_push_back(rule_state->last_hit_objects, &hit_object); + utarray_push_back(rule_compile_state->last_hit_objects, &hit_object); } if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) { for (i = 0; i < hit_cnt; i++) { - rule_state_add_internal_hit_path(rule_state, hit_items[i].item_id, + rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_id, hit_items[i].object_id, attribute_id, 0, Nth_scan); } } if (1 == maat_inst->opts.hit_object_on) { - rule_state_add_direct_hit_objects(rule_state, hit_items, hit_cnt, attribute_id); - rule_state_add_indirect_hit_objects(rule_state, super_object_ids, + rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_id); + rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_ids, super_object_cnt, attribute_id); } @@ -2543,39 +2521,39 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, } for (i = 0; i < hit_cnt; i++) { - rule_state_update_hit_conditions(rule_state, rule_rt, + rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt, hit_object_ids[i], attribute_id); } - rule_state_cache_hit_not_objects(rule_state, rule_rt, hit_object_ids, + rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_ids, hit_cnt, attribute_id); return hit_cnt; } -void rule_state_clear_last_hit_object(struct rule_state *rule_state) +void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_compile_state) { - if (NULL == rule_state) { + if (NULL == rule_compile_state) { return; } - utarray_clear(rule_state->last_hit_objects); + utarray_clear(rule_compile_state->last_hit_objects); } -void rule_state_not_logic_update(struct rule_state *rule_state, +void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, struct maat *maat_inst, int attribute_id, int Nth_scan) { - if (NULL == rule_state || NULL == maat_inst) { + if (NULL == rule_compile_state || NULL == maat_inst) { return; } - rule_state->this_scan_not_logic = 1; - rule_state->Nth_scan = Nth_scan; - utarray_clear(rule_state->this_scan_hit_not_conditions); + rule_compile_state->this_scan_not_logic = 1; + rule_compile_state->Nth_scan = Nth_scan; + utarray_clear(rule_compile_state->this_scan_hit_not_conditions); struct table_object *tbl_object = NULL; - HASH_FIND(hh, rule_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object); + HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object); if (NULL == tbl_object) { return; } @@ -2590,62 +2568,62 @@ void rule_state_not_logic_update(struct rule_state *rule_state, continue; } - rule_state_add_hit_not_conditions(rule_state, condition_id_kv->condition_ids); + rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids); if (1 == maat_inst->opts.hit_path_on) { - rule_state_add_internal_hit_path(rule_state, -1, *object_id, + rule_compile_state_add_internal_hit_path(rule_compile_state, -1, *object_id, attribute_id, 1, Nth_scan); } } } -size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state, +size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_hit_object *object_array, size_t array_size) { size_t i = 0; struct maat_hit_object *hit_object = NULL; - for (i = 0; i < utarray_len(rule_state->indirect_hit_objects) && i < array_size; i++) { + for (i = 0; i < utarray_len(rule_compile_state->indirect_hit_objects) && i < array_size; i++) { hit_object = - (struct maat_hit_object *)utarray_eltptr(rule_state->indirect_hit_objects, i); + (struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i); object_array[i].item_id = hit_object->item_id; object_array[i].object_id = hit_object->object_id; object_array[i].attribute_id = hit_object->attribute_id; } - utarray_clear(rule_state->indirect_hit_objects); + utarray_clear(rule_compile_state->indirect_hit_objects); return i; } -size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state) +size_t rule_compile_state_get_indirect_hit_object_cnt(struct rule_compile_state *rule_compile_state) { - return utarray_len(rule_state->indirect_hit_objects); + return utarray_len(rule_compile_state->indirect_hit_objects); } -size_t rule_state_get_last_hit_objects(struct rule_state *rule_state, +size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_hit_object *object_array, size_t array_size) { size_t i = 0; - for (i = 0; i < utarray_len(rule_state->last_hit_objects) && i < array_size; i++) { + for (i = 0; i < utarray_len(rule_compile_state->last_hit_objects) && i < array_size; i++) { object_array[i] = - *(struct maat_hit_object *)utarray_eltptr(rule_state->last_hit_objects, i); + *(struct maat_hit_object *)utarray_eltptr(rule_compile_state->last_hit_objects, i); } return i; } -size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state) +size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state) { - return utarray_len(rule_state->last_hit_objects); + return utarray_len(rule_compile_state->last_hit_objects); } -size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state, +size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_hit_object *object_array, size_t array_size) { - UT_array *direct_hit_object = rule_state->direct_hit_objects; + UT_array *direct_hit_object = rule_compile_state->direct_hit_objects; size_t i = 0; struct maat_hit_object *object = NULL; @@ -2656,17 +2634,17 @@ size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state, object_array[i].attribute_id = object->attribute_id; } - utarray_clear(rule_state->direct_hit_objects); + utarray_clear(rule_compile_state->direct_hit_objects); return i; } -size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state) +size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *rule_compile_state) { - return utarray_len(rule_state->direct_hit_objects); + return utarray_len(rule_compile_state->direct_hit_objects); } -size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, +size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, struct object2object_runtime *g2g_rt, struct maat_hit_path *hit_path_array, @@ -2675,9 +2653,9 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, size_t hit_path_cnt = 0; struct internal_hit_path *internal_path = NULL; - for (int i = 0; i < utarray_len(rule_state->internal_hit_paths); i++) { + for (int i = 0; i < utarray_len(rule_compile_state->internal_hit_paths); i++) { internal_path = - (struct internal_hit_path *)utarray_eltptr(rule_state->internal_hit_paths, i); + (struct internal_hit_path *)utarray_eltptr(rule_compile_state->internal_hit_paths, i); /* NOTE: maybe one item has been deleted, but it's item_id still exist in internal_hit_paths */ diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 0a2c170..4f7add6 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -41,11 +41,12 @@ add_subdirectory(object_nesting) add_subdirectory(ipport_plugin) add_subdirectory(benchmark) -configure_file(table_info.conf table_info.conf COPYONLY) -configure_file(tsg_table_info.conf tsg_table_info.conf COPYONLY) -configure_file(file_test_tableinfo.conf file_test_tableinfo.conf COPYONLY) -configure_file(expr_matcher.conf expr_matcher.conf COPYONLY) +configure_file(table_info.json table_info.json COPYONLY) +configure_file(tsg_table_info.json tsg_table_info.json COPYONLY) +configure_file(file_test_tableinfo.json file_test_tableinfo.json COPYONLY) +configure_file(expr_matcher.json expr_matcher.json COPYONLY) configure_file(maat_json.json maat_json.json COPYONLY) +configure_file(regex_expr.json regex_expr.json COPYONLY) file(COPY ntcrule DESTINATION ./) file(COPY tsgrule DESTINATION ./) diff --git a/test/benchmark/benchmark_gtest.cpp b/test/benchmark/benchmark_gtest.cpp index a9fbe81..d96a703 100644 --- a/test/benchmark/benchmark_gtest.cpp +++ b/test/benchmark/benchmark_gtest.cpp @@ -28,7 +28,7 @@ #define PERF_THREAD_NUM 5 #define MAX_SCAN_TIMES 1000000 -const char *g_table_info_path = "./benchmark_table_info.conf"; +const char *g_table_info_path = "./benchmark_table_info.json"; struct log_handle *g_logger = NULL; struct thread_param { diff --git a/test/expr_matcher.conf b/test/expr_matcher.json similarity index 100% rename from test/expr_matcher.conf rename to test/expr_matcher.json diff --git a/test/expr_matcher_gtest.cpp b/test/expr_matcher_gtest.cpp index 43efcac..4a51732 100644 --- a/test/expr_matcher_gtest.cpp +++ b/test/expr_matcher_gtest.cpp @@ -294,7 +294,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_normal_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -351,7 +351,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_normal_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -408,7 +408,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_left_unlimit_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -466,7 +466,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_left_unlimit_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -524,7 +524,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_right_unlimit_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -591,7 +591,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_right_unlimit_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -658,7 +658,7 @@ TEST(hs_expr_matcher_match, literal_sub_with_no_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -716,7 +716,7 @@ TEST(rs_expr_matcher_match, literal_sub_with_no_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -774,7 +774,7 @@ TEST(hs_expr_matcher_match, literal_exactly) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -822,7 +822,7 @@ TEST(rs_expr_matcher_match, literal_exactly) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -871,7 +871,7 @@ TEST(hs_expr_matcher_match, literal_prefix) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -931,7 +931,7 @@ TEST(rs_expr_matcher_match, literal_prefix) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -991,7 +991,7 @@ TEST(hs_expr_matcher_match, literal_suffix) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1051,7 +1051,7 @@ TEST(rs_expr_matcher_match, literal_suffix) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1111,7 +1111,7 @@ TEST(hs_expr_matcher_match, literal_sub_with_hex) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1150,7 +1150,7 @@ TEST(rs_expr_matcher_match, literal_sub_with_hex) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1189,7 +1189,7 @@ TEST(hs_expr_matcher_match, literal_with_chinese) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1218,7 +1218,7 @@ TEST(rs_expr_matcher_match, literal_with_chinese) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1247,7 +1247,7 @@ TEST(hs_expr_matcher_match, same_pattern_different_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1276,7 +1276,7 @@ TEST(rs_expr_matcher_match, same_pattern_different_offset) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1305,7 +1305,7 @@ TEST(hs_expr_matcher_match, long_scan_data) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1336,7 +1336,7 @@ TEST(rs_expr_matcher_match, long_scan_data) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1367,7 +1367,7 @@ TEST(expr_matcher_match, regex_expression_check) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./regex_expr.conf", rules, &n_rule); + int ret = parse_config_file("./regex_expr.json", rules, &n_rule); EXPECT_EQ(ret, 0); for (size_t i = 0; i < n_rule; i++) { @@ -1384,7 +1384,7 @@ TEST(hs_expr_matcher_stream, basic) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1428,7 +1428,7 @@ TEST(rs_expr_matcher_stream, basic) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1471,7 +1471,7 @@ TEST(hs_expr_matcher, regex_basic) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger); @@ -1504,7 +1504,7 @@ TEST(rs_expr_matcher, regex_basic) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger); @@ -1538,7 +1538,7 @@ TEST(hs_expr_matcher, regex_unicode) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1566,7 +1566,7 @@ TEST(rs_expr_matcher, regex_unicode) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = @@ -1594,7 +1594,7 @@ TEST(hs_expr_matcher, hit_pattern_num) struct expr_rule rules[64] = {0}; size_t n_rule = 0; - int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); + int ret = parse_config_file("./expr_matcher.json", rules, &n_rule); EXPECT_EQ(ret, 0); struct expr_matcher *matcher = diff --git a/test/file_test_tableinfo.conf b/test/file_test_tableinfo.json similarity index 100% rename from test/file_test_tableinfo.conf rename to test/file_test_tableinfo.json diff --git a/test/ipport_plugin/ipport_plugin_gtest.cpp b/test/ipport_plugin/ipport_plugin_gtest.cpp index f3138da..a57adce 100644 --- a/test/ipport_plugin/ipport_plugin_gtest.cpp +++ b/test/ipport_plugin/ipport_plugin_gtest.cpp @@ -14,7 +14,7 @@ #define ARRAY_SIZE 10 #define PERF_scan_times 1000 * 1000 -const char *g_table_info_path = "./ipport_plugin_table_info.conf"; +const char *g_table_info_path = "./ipport_plugin_table_info.json"; const char *log_file = "./ipport_plugin_gtest.log"; const char *g_ip_str = "116.71.169.140"; diff --git a/test/maat_ex_data_gtest.cpp b/test/maat_ex_data_gtest.cpp index a0b35df..8dd904c 100644 --- a/test/maat_ex_data_gtest.cpp +++ b/test/maat_ex_data_gtest.cpp @@ -9,7 +9,7 @@ #include #include -const char *g_table_info_path = "./table_info.conf"; +const char *g_table_info_path = "./table_info.json"; const char *g_json_filename = "maat_json.json"; struct log_handle *g_logger = NULL; struct maat *g_maat_inst = NULL; diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 6a206da..bd0d342 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -19,7 +19,7 @@ #define HIT_PATH_SIZE 128 #define WAIT_FOR_EFFECTIVE_S 2 -const char *g_table_info_path = "./table_info.conf"; +const char *g_table_info_path = "./table_info.json"; const char *g_json_filename = "maat_json.json"; size_t g_thread_num = 4; @@ -6978,7 +6978,7 @@ class FileTest : public testing::Test protected: static void SetUpTestCase() { const char *rule_folder = "./ntcrule/full/index"; - const char *table_info = "./file_test_tableinfo.conf"; + const char *table_info = "./file_test_tableinfo.json"; struct maat_options *opts = maat_options_new(); maat_options_set_caller_thread_number(opts, g_thread_num); diff --git a/test/maat_framework_perf_gtest.cpp b/test/maat_framework_perf_gtest.cpp index f7e7857..6225973 100644 --- a/test/maat_framework_perf_gtest.cpp +++ b/test/maat_framework_perf_gtest.cpp @@ -18,7 +18,7 @@ #define PERF_THREAD_NUM 5 #define PERF_SCAN_TIMES 1000 * 1000 -const char *g_table_info_path = "./table_info.conf"; +const char *g_table_info_path = "./table_info.json"; const char *g_json_filename = "maat_json.json"; struct thread_param { @@ -1495,7 +1495,7 @@ protected: static void SetUpTestCase() { logger = log_handle_create("./maat_framework_perf_gtest.log", 0); const char *rule_folder = "./tsgrule/index"; - const char *table_info = "./tsg_table_info.conf"; + const char *table_info = "./tsg_table_info.json"; struct maat_options *opts = maat_options_new(); maat_options_set_stat_file(opts, "./stat.log"); diff --git a/test/maat_input_mode_gtest.cpp b/test/maat_input_mode_gtest.cpp index f9a1be9..80eac90 100644 --- a/test/maat_input_mode_gtest.cpp +++ b/test/maat_input_mode_gtest.cpp @@ -11,7 +11,7 @@ #define MODULE_INPUT_MODE_GTEST module_name_str("maat.input_mode_gtest") -const char *g_table_info_path = "./table_info.conf"; +const char *g_table_info_path = "./table_info.json"; const char *g_json_filename = "maat_json.json"; struct log_handle *g_logger = NULL; diff --git a/test/object_nesting/object_nesting_gtest.cpp b/test/object_nesting/object_nesting_gtest.cpp index 1038106..7ecc6f4 100644 --- a/test/object_nesting/object_nesting_gtest.cpp +++ b/test/object_nesting/object_nesting_gtest.cpp @@ -15,7 +15,7 @@ #define WAIT_FOR_EFFECTIVE_S 2 #define MAX_G2G_SCAN_TIMES (1000 * 1000) -const char *g_table_info_path = "./object_exclude_table_info.conf"; +const char *g_table_info_path = "./object_exclude_table_info.json"; const char *log_file = "./object_exclude_gtest.log"; struct object_item { diff --git a/test/regex_expr.json b/test/regex_expr.json new file mode 100644 index 0000000..4313a96 --- /dev/null +++ b/test/regex_expr.json @@ -0,0 +1,111 @@ +{ + "expr_rules": [ + { + "rule_id": 301, + "pattern_num": 1, + "patterns": [ + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "yes", + "is_hexbin": "no", + "pattern": "[W|w]orld dream" + } + ] + }, + { + "rule_id": 302, + "pattern_num": 2, + "patterns": [ + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "yes", + "is_hexbin": "no", + "pattern": "[0-9]today" + }, + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "yes", + "is_hexbin": "no", + "pattern": "[0-9]Lunch" + } + ] + }, + { + "rule_id": 303, + "pattern_num": 2, + "patterns": [ + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "yes", + "is_hexbin": "no", + "pattern": "Cookie:\\s" + }, + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "yes", + "is_hexbin": "no", + "pattern": "head" + } + ] + }, + { + "rule_id": 304, + "pattern_num": 2, + "patterns": [ + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "no", + "is_hexbin": "no", + "pattern": "123^abc" + }, + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "no", + "is_hexbin": "no", + "pattern": "^123" + } + ] + }, + { + "rule_id": 305, + "pattern_num": 2, + "patterns": [ + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "no", + "is_hexbin": "no", + "pattern": "^123" + }, + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "no", + "is_hexbin": "no", + "pattern": "123^abc" + } + ] + }, + { + + "rule_id": 306, + "pattern_num": 1, + "patterns": [ + { + "pattern_type": "regex", + "match_method": "sub", + "case_sensitive": "no", + "is_hexbin": "no", + "pattern": "^[1-9]\\d{5}(18|19|([23]\\d))\\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\\d{3}[0-9Xx]$" + } + ] + } + ] +} \ No newline at end of file diff --git a/test/table_info.conf b/test/table_info.json similarity index 99% rename from test/table_info.conf rename to test/table_info.json index c57eaed..5a6ad84 100644 --- a/test/table_info.conf +++ b/test/table_info.json @@ -207,6 +207,7 @@ "table_name":"IMAGE_FP", "table_type":"expr", "valid_column":5, + "supported_attributes":["HTTP_URL", "HTTP_REQ_BODY"], "custom": { "item_id":1, "object_id":2, diff --git a/test/tsg_table_info.conf b/test/tsg_table_info.json similarity index 100% rename from test/tsg_table_info.conf rename to test/tsg_table_info.json diff --git a/tools/maat_redis_tool.cpp b/tools/maat_redis_tool.cpp index f18c151..08b9279 100644 --- a/tools/maat_redis_tool.cpp +++ b/tools/maat_redis_tool.cpp @@ -22,7 +22,7 @@ #define WORK_MODE_TEST_TRANS 2 const char *redis_dump_dir = "./redis_dump"; -const char *default_table_info = "./table_info.conf"; +const char *default_table_info = "./table_info.json"; static void maat_tool_print_usage(void) {