gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.rename rule_state to rule_compile_state

Browse Source 
2.recover regex_expr.json to make expr_matcher_gtest pass
This commit is contained in:
root
2024-08-30 08:28:58 +00:00
parent 54a70f19d9
commit 537c75887d
28 changed files with 433 additions and 340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,5 +1,6 @@
# Vscode # Vscode
.vscode/* .vscode/*
.cache/*
# build # build
build/* build/*

2
docs/configuration_management.md
View File

@@ -153,7 +153,7 @@ To add a new table to the configuration, the following files need to be modified
* Add the new table path and entry count to the table file index. * Add the new table path and entry count to the table file index.
* Add the table information to the table description file (table_info.conf). * Add the table information to the table description file (table_info.json).
* Modify the configuration summary table to apply the new configuration. Ensure that the total number of configurations in the first row matches the actual number of configuration lines. * Modify the configuration summary table to apply the new configuration. Ensure that the total number of configurations in the first row matches the actual number of configuration lines.

16
docs/getting_started.md
View File

@@ -35,7 +35,7 @@ In the scanning scenario, it is necessary to configure the schema of multiple ta
**(1) table schema** **(1) table schema**
Table schema is stored in a json file(such as table_info.conf), which is loaded when maat instance is created. Table schema is stored in a json file(such as table_info.json), which is loaded when maat instance is created.
```json ```json
[ [
@@ -142,7 +142,7 @@ Configurations are stored in a json file(such as maat_json.json), which is loade
#define ARRAY_SIZE 16 #define ARRAY_SIZE 16
const char *json_filename = "./maat_json.json"; const char *json_filename = "./maat_json.json";
const char *table_info_path = "./table_info.conf"; const char *table_info_path = "./table_info.json";
int main() int main()
{ {
@@ -151,14 +151,14 @@ int main()
maat_options_set_json_file(opts, json_filename); maat_options_set_json_file(opts, json_filename);
maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO); maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO);
/* create maat instance, rules in table_info.conf will be loaded. */ /* create maat instance, rules in table_info.json will be loaded. */
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
assert(maat_instance != NULL); assert(maat_instance != NULL);
maat_options_free(opts); maat_options_free(opts);
const char *table_name = "HTTP_URL"; /* maat_json.json has HTTP_URL rule */ const char *table_name = "HTTP_URL"; /* maat_json.json has HTTP_URL rule */
int table_id = maat_get_table_id(maat_instance, table_name); int table_id = maat_get_table_id(maat_instance, table_name);
assert(table_id == 3); /* defined in table_info.conf */ assert(table_id == 3); /* defined in table_info.json */
int thread_id = 0; int thread_id = 0;
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
@@ -171,7 +171,7 @@ int main()
const char *scan_data = "Hello Maat, nice to meet you"; const char *scan_data = "Hello Maat, nice to meet you";
/** /**
* Becase maat instance has loaded rule in table_info.conf which keywords is "Hello Maat", * Becase maat instance has loaded rule in table_info.json which keywords is "Hello Maat",
so maat_scan_string should return hit flag and rule's rule_id stored in results array. so maat_scan_string should return hit flag and rule's rule_id stored in results array.
*/ */
int ret = maat_scan_string(maat_instance, table_id, scan_data, strlen(scan_data), int ret = maat_scan_string(maat_instance, table_id, scan_data, strlen(scan_data),
@@ -241,7 +241,7 @@ In the callback scenario, only the schema of the corresponding table needs to be
#define ARRAY_SIZE 16 #define ARRAY_SIZE 16
const char *json_filename = "./maat_json.json"; const char *json_filename = "./maat_json.json";
const char *table_info_path = "./table_info.conf"; const char *table_info_path = "./table_info.json";
struct ip_plugin_ud { struct ip_plugin_ud {
long long rule_id; long long rule_id;
@@ -298,14 +298,14 @@ int main()
maat_options_set_json_file(opts, json_filename); maat_options_set_json_file(opts, json_filename);
maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO); maat_options_set_logger(opts, "./sample_test.log", LOG_LEVEL_INFO);
/* create maat instance, rules in table_info.conf will be loaded. */ /* create maat instance, rules in table_info.json will be loaded. */
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
assert(maat_instance != NULL); assert(maat_instance != NULL);
maat_options_free(opts); maat_options_free(opts);
const char *table_name = "TEST_IP_PLUGIN_WITH_EXDATA"; /* maat_json.json has TEST_IP_PLUGIN_WITH_EXDATA rule */ const char *table_name = "TEST_IP_PLUGIN_WITH_EXDATA"; /* maat_json.json has TEST_IP_PLUGIN_WITH_EXDATA rule */
int table_id = maat_get_table_id(maat_instance, table_name); int table_id = maat_get_table_id(maat_instance, table_name);
assert(table_id == 1); /* defined in table_info.conf */ assert(table_id == 1); /* defined in table_info.json */
int ret = maat_plugin_table_ex_schema_register(maat_inst, table_name, int ret = maat_plugin_table_ex_schema_register(maat_inst, table_name,
ip_plugin_ex_new_cb, ip_plugin_ex_new_cb,

2
docs/maat_table.md
View File

@@ -59,7 +59,7 @@ Describe matching rules for strings.
| **is_hexbin** | INT | 0(not HEX & case insensitive, this is default value) 1(HEX & case sensitive) 2(not HEX & case sensitive) | | **is_hexbin** | INT | 0(not HEX & case insensitive, this is default value) 1(HEX & case sensitive) 2(not HEX & case sensitive) |
| **is_valid** | INT | 0(invalid), 1(valid) | | **is_valid** | INT | 0(invalid), 1(valid) |
The table schema is stored in table_info.conf. The table schema is stored in table_info.json.
```c ```c
{ {
"table_id":3, //[0 ~ 1023], don't allow duplicate "table_id":3, //[0 ~ 1023], don't allow duplicate

5
include/maat.h
View File

@@ -186,8 +186,9 @@ int maat_helper_verify_regex_expression(const char *expression);
/* maat table API */ /* maat table API */
int maat_get_table_id(struct maat *instance, const char *table_name); int maat_get_table_id(struct maat *instance, const char *table_name);
int maat_get_attribute_id(struct maat *instance, const char *attribute_name);//TODO: new API
const char *maat_get_table_schema_tag(struct maat *instance, int table_id); const char *maat_get_table_schema_tag(struct maat *instance, int table_id);//TODO: delete
/* return 0 if success, otherwise return -1 */ /* return 0 if success, otherwise return -1 */
int maat_table_callback_register(struct maat *instance, int table_id, int maat_table_callback_register(struct maat *instance, int table_id,
@@ -213,7 +214,7 @@ int maat_plugin_table_ex_schema_register(struct maat *instance, const char *tabl
/** /**
* NOTE: only plugin table support three key type(integer, pointer, ip_addr) * NOTE: only plugin table support three key type(integer, pointer, ip_addr)
* specified in table_info.conf. If use ip_addr key type, then key should be * specified in table_info.json. If use ip_addr key type, then key should be
* ip address in network order. * ip address in network order.
*/ */
void *maat_plugin_table_get_ex_data(struct maat *instance, int table_id, void *maat_plugin_table_get_ex_data(struct maat *instance, int table_id,

2
src/inc_internal/maat_core.h
View File

@@ -189,7 +189,7 @@ struct maat {
struct maat_state { struct maat_state {
struct maat *maat_inst; struct maat *maat_inst;
struct rule_state *rule_state; struct rule_compile_state *rule_compile_state;
int Nth_scan; int Nth_scan;
int district_id; //-1: Any District; -2: Unkonwn District; int district_id; //-1: Any District; -2: Unkonwn District;
uint16_t thread_id; uint16_t thread_id;

32
src/inc_internal/maat_rule.h
View File

@@ -60,7 +60,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
size_t rule_ids_size, struct maat_state *state); size_t rule_ids_size, struct maat_state *state);
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_state *rule_state, struct rule_compile_state *rule_compile_state,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path); size_t array_size, size_t n_hit_path);
@@ -84,50 +84,50 @@ long long object2rule_runtime_rule_count(void *g2c_runtime);
long long object2rule_runtime_update_err_count(void *g2c_runtime); long long object2rule_runtime_update_err_count(void *g2c_runtime);
/* maat rule state API */ /* maat rule state API */
struct rule_state; struct rule_compile_state;
struct rule_state *rule_state_new(void); struct rule_compile_state *rule_compile_state_new(void);
void rule_state_reset(struct rule_state *rule_state); void rule_compile_state_reset(struct rule_compile_state *rule_compile_state);
void rule_state_free(struct rule_state *rule_state, void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_instance, int thread_id); struct maat *maat_instance, int thread_id);
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan, int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item); struct maat_item *hit_items, size_t n_hit_item);
void rule_state_clear_last_hit_object(struct rule_state *rule_state); void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_state);
void rule_state_not_logic_update(struct rule_state *rule_state, void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
struct maat *maat_inst, int attribute_id, struct maat *maat_inst, int attribute_id,
int Nth_scan); int Nth_scan);
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt, struct object2object_runtime *g2g_rt,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size); size_t array_size);
size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state, size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array, struct maat_hit_object *object_array,
size_t array_size); size_t array_size);
size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state); size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *rule_compile_state);
size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state, size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array, struct maat_hit_object *object_array,
size_t array_size); size_t array_size);
size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state); size_t rule_compile_state_get_indirect_hit_object_cnt(struct rule_compile_state *rule_compile_state);
size_t rule_state_get_last_hit_objects(struct rule_state *rule_state, size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_arary, struct maat_hit_object *object_arary,
size_t array_size); size_t array_size);
size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state); size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state);
int rule_state_get_rule_table_id(struct rule_state *rule_state, int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id); long long rule_id);
#ifdef __cplusplus #ifdef __cplusplus

60
src/maat_api.c
View File

@@ -1766,12 +1766,12 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id,
struct maat *maat_inst = state->maat_inst; struct maat *maat_inst = state->maat_inst;
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
state->rule_state = rule_state_new(); state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(maat_inst->stat->rule_state_cnt, alignment_int64_array_add(maat_inst->stat->rule_state_cnt,
state->thread_id, 1); state->thread_id, 1);
} }
@@ -1787,7 +1787,7 @@ static void maat_state_add_hit_object(struct maat_state *state, int table_id,
hit_items[i].object_id = objects[i].object_id; hit_items[i].object_id = objects[i].object_id;
} }
rule_state_update(state->rule_state, maat_inst, table_id, rule_compile_state_update(state->rule_compile_state, maat_inst, table_id,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item); hit_items, n_hit_item);
} }
@@ -1813,11 +1813,11 @@ maat_state_activate_hit_not_object(struct maat_state *state, int table_id)
} }
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
rule_state_not_logic_update(state->rule_state, rule_rt, maat_inst, rule_compile_state_not_logic_update(state->rule_compile_state, rule_rt, maat_inst,
table_id, state->Nth_scan); table_id, state->Nth_scan);
} }
@@ -1883,7 +1883,7 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id,
return -1; return -1;
} }
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
return 0; return 0;
} }
@@ -2149,8 +2149,8 @@ void maat_state_reset(struct maat_state *state)
state->district_id = DISTRICT_ANY; state->district_id = DISTRICT_ANY;
state->Nth_scan = 0; state->Nth_scan = 0;
if (state->rule_state != NULL) { if (state->rule_compile_state != NULL) {
rule_state_reset(state->rule_state); rule_compile_state_reset(state->rule_compile_state);
} }
} }
@@ -2165,9 +2165,9 @@ void maat_state_free(struct maat_state *state)
struct maat *maat_inst = state->maat_inst; struct maat *maat_inst = state->maat_inst;
long long thread_id = state->thread_id; long long thread_id = state->thread_id;
if (state->rule_state != NULL) { if (state->rule_compile_state != NULL) {
rule_state_free(state->rule_state, maat_inst, thread_id); rule_compile_state_free(state->rule_compile_state, maat_inst, thread_id);
state->rule_state = NULL; state->rule_compile_state = NULL;
alignment_int64_array_add(maat_inst->stat->rule_state_cnt, alignment_int64_array_add(maat_inst->stat->rule_state_cnt,
thread_id, -1); thread_id, -1);
} }
@@ -2272,7 +2272,7 @@ int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids,
} }
for (size_t i = 0; i < n_rule_ids; i++) { for (size_t i = 0; i < n_rule_ids; i++) {
rule_table_ids[i] = rule_state_get_rule_table_id(state->rule_state, rule_table_ids[i] = rule_compile_state_get_rule_table_id(state->rule_compile_state,
rule_ids[i]); rule_ids[i]);
} }
@@ -2293,7 +2293,7 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return -1; return -1;
} }
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
return 0; return 0;
} }
@@ -2313,13 +2313,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id); void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
size_t hit_path_cnt = size_t hit_path_cnt =
rule_state_get_internal_hit_paths(state->rule_state, rule_compile_state_get_internal_hit_paths(state->rule_compile_state,
(struct rule_runtime *)rule_rt, (struct rule_runtime *)rule_rt,
(struct object2object_runtime *)g2g_runtime, (struct object2object_runtime *)g2g_runtime,
path_array, array_size); path_array, array_size);
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt, return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,
state->thread_id, state->rule_state, state->thread_id, state->rule_compile_state,
path_array, array_size, hit_path_cnt); path_array, array_size, hit_path_cnt);
} }
@@ -2340,21 +2340,21 @@ int maat_state_get_direct_hit_objects(struct maat_state *state,
return -1; return -1;
} }
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_state_get_direct_hit_objects(state->rule_state, return rule_compile_state_get_direct_hit_objects(state->rule_compile_state,
object_array, array_size); object_array, array_size);
} }
size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state) size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state)
{ {
if (NULL == state || NULL == state->rule_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_state_get_direct_hit_object_cnt(state->rule_state); return rule_compile_state_get_direct_hit_object_cnt(state->rule_compile_state);
} }
int maat_state_get_indirect_hit_objects(struct maat_state *state, int maat_state_get_indirect_hit_objects(struct maat_state *state,
@@ -2365,40 +2365,40 @@ int maat_state_get_indirect_hit_objects(struct maat_state *state,
return -1; return -1;
} }
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_state_get_indirect_hit_objects(state->rule_state, return rule_compile_state_get_indirect_hit_objects(state->rule_compile_state,
object_array, array_size); object_array, array_size);
} }
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state) size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state)
{ {
if (NULL == state || NULL == state->rule_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_state_get_indirect_hit_object_cnt(state->rule_state); return rule_compile_state_get_indirect_hit_object_cnt(state->rule_compile_state);
} }
int maat_state_get_last_hit_objects(struct maat_state *state, int maat_state_get_last_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array, struct maat_hit_object *object_array,
size_t array_size) size_t array_size)
{ {
if (NULL == state || NULL == state->rule_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_state_get_last_hit_objects(state->rule_state, return rule_compile_state_get_last_hit_objects(state->rule_compile_state,
object_array, array_size); object_array, array_size);
} }
size_t maat_state_get_last_hit_object_cnt(struct maat_state *state) size_t maat_state_get_last_hit_object_cnt(struct maat_state *state)
{ {
if (NULL == state || NULL == state->rule_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_state_get_last_hit_object_cnt(state->rule_state); return rule_compile_state_get_last_hit_object_cnt(state->rule_compile_state);
} }

20
src/maat_expr.c
View File

@@ -954,8 +954,8 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
int attribute_id, struct maat_state *state) int attribute_id, struct maat_state *state)
{ {
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
if (0 == expr_rt->rule_num) { if (0 == expr_rt->rule_num) {
@@ -1013,13 +1013,13 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
} }
next: next:
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
state->rule_state = rule_state_new(); state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1); state->thread_id, 1);
} }
return rule_state_update(state->rule_state, state->maat_inst, attribute_id, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num); hit_maat_items, real_hit_item_num);
} }
@@ -1050,8 +1050,8 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt; struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
if (0 == expr_rt->rule_num) { if (0 == expr_rt->rule_num) {
@@ -1107,13 +1107,13 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
} }
next: next:
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
state->rule_state = rule_state_new(); state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1); state->thread_id, 1);
} }
return rule_state_update(state->rule_state, state->maat_inst, attribute_id, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

10
src/maat_flag.c
View File

@@ -556,8 +556,8 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int attribute_id, struct maat_state *state) long long flag, int attribute_id, struct maat_state *state)
{ {
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
if (0 == flag_rt->rule_num) { if (0 == flag_rt->rule_num) {
@@ -609,13 +609,13 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
} }
next: next:
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
state->rule_state = rule_state_new(); state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1); state->thread_id, 1);
} }
return rule_state_update(state->rule_state, state->maat_inst, attribute_id, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

10
src/maat_interval.c
View File

@@ -545,8 +545,8 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state) long long integer, int attribute_id, struct maat_state *state)
{ {
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
if (0 == interval_rt->rule_num) { if (0 == interval_rt->rule_num) {
@@ -598,13 +598,13 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
} }
next: next:
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
state->rule_state = rule_state_new(); state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1); state->thread_id, 1);
} }
return rule_state_update(state->rule_state, state->maat_inst, attribute_id, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

10
src/maat_ip.c
View File

@@ -523,8 +523,8 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state) uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state)
{ {
//clear rule_state->last_hit_object //clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) { if (state != NULL && state->rule_compile_state != NULL) {
rule_state_clear_last_hit_object(state->rule_state); rule_compile_state_clear_last_hit_object(state->rule_compile_state);
} }
if (0 == ip_rt->rule_num) { if (0 == ip_rt->rule_num) {
@@ -593,13 +593,13 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
real_hit_item_cnt); real_hit_item_cnt);
} }
next: next:
if (NULL == state->rule_state) { if (NULL == state->rule_compile_state) {
state->rule_state = rule_state_new(); state->rule_compile_state = rule_compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt, alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1); state->thread_id, 1);
} }
return rule_state_update(state->rule_state, state->maat_inst, attribute_id, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

402
src/maat_rule.c
View File

@@ -163,7 +163,7 @@ struct rule2table_id {
int table_id; int table_id;
}; };
struct rule_state { struct rule_compile_state {
int Nth_scan; int Nth_scan;
int this_scan_not_logic; int this_scan_not_logic;
time_t rule_rt_version; time_t rule_rt_version;
@@ -907,10 +907,9 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
// STEP 1, update condition_id of each rule // STEP 1, update condition_id of each rule
void **data_array = NULL; void **data_array = NULL;
struct maat_rule *iter_rule = NULL; struct maat_rule *iter_rule = NULL;
size_t node_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array); *rule_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array);
*rule_cnt = node_cnt;
for (idx = 0; idx < node_cnt; idx++) { for (idx = 0; idx < *rule_cnt; idx++) {
iter_rule = (struct maat_rule *)data_array[idx]; iter_rule = (struct maat_rule *)data_array[idx];
has_condition_num = 0; has_condition_num = 0;
for (i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { for (i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
@@ -930,24 +929,12 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
// STEP 2, serial rule condition states to a bool expression array // STEP 2, serial rule condition states to a bool expression array
size_t expr_cnt = 0; size_t expr_cnt = 0;
struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, node_cnt); struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, *rule_cnt);
for (idx = 0; idx < node_cnt; idx++) { for (idx = 0; idx < *rule_cnt; idx++) {
iter_rule = (struct maat_rule *)data_array[idx]; iter_rule = (struct maat_rule *)data_array[idx];
for (i = 0, j = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { for (i = 0, j = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
if (iter_rule->conditions[i].in_use) { if (iter_rule->conditions[i].in_use) {
// TODO:mytest need to delete
#if 0
struct condition_literal *tmp_cl = NULL;
for(tmp_cl = (struct condition_literal *)utarray_front(iter_rule->conditions[i].literals); tmp_cl !=NULL;
tmp_cl = (struct condition_literal *)utarray_next(iter_rule->conditions[i].literals, tmp_cl)) {
for (size_t it = 0; it < tmp_cl->object_cnt; it++) {
printf("<before bool_matcher_new> rule_rt:%p rule_id:%lld, condition_id:%llu, condition_query_key{%lld: %d, %d}\n",
rule_rt, iter_rule->rule_id, iter_rule->conditions[i].condition_id, tmp_cl->object_ids[it],
tmp_cl->attribute_id, iter_rule->conditions[i].negate_option);
}
}
#endif
bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id; bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id;
bool_expr_array[expr_cnt].items[j].negate_option = 0; bool_expr_array[expr_cnt].items[j].negate_option = 0;
j++; j++;
@@ -1124,7 +1111,7 @@ maat_rule_has_condition(struct maat_rule *rule, long long condition_id)
} }
static size_t static size_t
rule_state_if_new_hit_rule(struct rule_state *rule_state, rule_compile_state_if_new_hit_rule(struct rule_compile_state *rule_compile_state,
struct maat_rule *rule) struct maat_rule *rule)
{ {
size_t i = 0; size_t i = 0;
@@ -1132,19 +1119,19 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state,
int ret = 0; int ret = 0;
long long new_hit_condition_id = 0; long long new_hit_condition_id = 0;
if (0 == rule_state->this_scan_not_logic) { if (0 == rule_compile_state->this_scan_not_logic) {
for (i = 0; i < utarray_len(rule_state->this_scan_hit_conditions); i++) { for (i = 0; i < utarray_len(rule_compile_state->this_scan_hit_conditions); i++) {
new_hit_condition_id = new_hit_condition_id =
*(long long*)utarray_eltptr(rule_state->this_scan_hit_conditions, i); *(long long*)utarray_eltptr(rule_compile_state->this_scan_hit_conditions, i);
ret = maat_rule_has_condition(rule, new_hit_condition_id); ret = maat_rule_has_condition(rule, new_hit_condition_id);
if (ret) { if (ret) {
r_in_c_cnt++; r_in_c_cnt++;
} }
} }
} else { } else {
for (i = 0; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) { for (i = 0; i < utarray_len(rule_compile_state->this_scan_hit_not_conditions); i++) {
new_hit_condition_id = new_hit_condition_id =
*(long long*)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i); *(long long*)utarray_eltptr(rule_compile_state->this_scan_hit_not_conditions, i);
ret = maat_rule_has_condition(rule, new_hit_condition_id); ret = maat_rule_has_condition(rule, new_hit_condition_id);
if (ret) { if (ret) {
r_in_c_cnt++; r_in_c_cnt++;
@@ -1156,20 +1143,20 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state,
} }
static void static void
rule_state_update_hit_rule_table_id(struct rule_state *rule_state, rule_compile_state_update_hit_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id, int table_id) long long rule_id, int table_id)
{ {
if (!utarray_find(rule_state->hit_rule_table_ids, &rule_id, if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id)) { compare_rule_id)) {
struct rule2table_id rule_table_id = {rule_id, table_id}; struct rule2table_id rule_table_id = {rule_id, table_id};
utarray_push_back(rule_state->hit_rule_table_ids, &rule_table_id); utarray_push_back(rule_compile_state->hit_rule_table_ids, &rule_table_id);
utarray_sort(rule_state->hit_rule_table_ids, compare_rule_id); utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_id);
} }
} }
static size_t static size_t
maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
struct rule_state *rule_state, struct rule_compile_state *rule_compile_state,
int thread_id, void **user_data_array, int thread_id, void **user_data_array,
size_t ud_array_size) size_t ud_array_size)
{ {
@@ -1179,29 +1166,20 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
(thread_id * MAX_HIT_RULE_NUM); (thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0); assert(thread_id >= 0);
if (0 == rule_state->rule_rt_version) { if (0 == rule_compile_state->rule_rt_version) {
rule_state->rule_rt_version = rule_rt->version; rule_compile_state->rule_rt_version = rule_rt->version;
} }
if (NULL == rule_rt->bm || if (NULL == rule_rt->bm ||
0 == utarray_len(rule_state->all_hit_conditions) || 0 == utarray_len(rule_compile_state->all_hit_conditions) ||
rule_state->rule_rt_version != rule_rt->version) { rule_compile_state->rule_rt_version != rule_rt->version) {
return 0; return 0;
} }
//TODO:mytest need to delete
#if 0
unsigned long long *p = utarray_eltptr(rule_state->all_hit_conditions, 0);
for (p = (unsigned long long *)utarray_front(rule_state->all_hit_conditions); p != NULL;
p = (unsigned long long *)utarray_next(rule_state->all_hit_conditions, p)) {
printf("before bool_matcher_match rule_rt:%p rule_state condition_id:%llu\n", rule_rt, *p);
}
#endif
int bool_match_ret = int bool_match_ret =
bool_matcher_match(rule_rt->bm, bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0), (unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_state->all_hit_conditions), utarray_len(rule_compile_state->all_hit_conditions),
expr_match, MAX_HIT_RULE_NUM); expr_match, MAX_HIT_RULE_NUM);
for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) { for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) {
rule = (struct maat_rule *)expr_match[i].user_tag; rule = (struct maat_rule *)expr_match[i].user_tag;
@@ -1212,12 +1190,12 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
} }
size_t n_new_hit_rule = size_t n_new_hit_rule =
rule_state_if_new_hit_rule(rule_state, rule); rule_compile_state_if_new_hit_rule(rule_compile_state, rule);
if (rule->user_data != NULL && n_new_hit_rule > 0) { if (rule->user_data != NULL && n_new_hit_rule > 0) {
user_data_array[ud_result_cnt] = rule->user_data; user_data_array[ud_result_cnt] = rule->user_data;
ud_result_cnt++; ud_result_cnt++;
rule_state_update_hit_rule_table_id(rule_state, rule->rule_id, rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_id,
rule->table_id); rule->table_id);
} }
} }
@@ -1420,37 +1398,37 @@ static int maat_remove_object_from_rule(struct rcu_hash_table *hash_tbl,
return 0; return 0;
} }
struct rule_state *rule_state_new(void) struct rule_compile_state *rule_compile_state_new(void)
{ {
struct rule_state *rule_state = ALLOC(struct rule_state, 1); struct rule_compile_state *rule_compile_state = ALLOC(struct rule_compile_state, 1);
utarray_new(rule_state->internal_hit_paths, &ut_hit_path_icd); utarray_new(rule_compile_state->internal_hit_paths, &ut_hit_path_icd);
utarray_new(rule_state->all_hit_conditions, &ut_condition_id_icd); utarray_new(rule_compile_state->all_hit_conditions, &ut_condition_id_icd);
utarray_new(rule_state->this_scan_hit_conditions, &ut_condition_id_icd); utarray_new(rule_compile_state->this_scan_hit_conditions, &ut_condition_id_icd);
utarray_new(rule_state->this_scan_hit_not_conditions, &ut_condition_id_icd); utarray_new(rule_compile_state->this_scan_hit_not_conditions, &ut_condition_id_icd);
utarray_new(rule_state->exclude_not_conditions, &ut_condition_id_icd); utarray_new(rule_compile_state->exclude_not_conditions, &ut_condition_id_icd);
utarray_new(rule_state->direct_hit_objects, &ut_maat_hit_object_icd); utarray_new(rule_compile_state->direct_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_state->indirect_hit_objects, &ut_maat_hit_object_icd); utarray_new(rule_compile_state->indirect_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_state->last_hit_objects, &ut_maat_hit_object_icd); utarray_new(rule_compile_state->last_hit_objects, &ut_maat_hit_object_icd);
utarray_new(rule_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd); utarray_new(rule_compile_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd);
rule_state->hit_not_tbl_objects = NULL; rule_compile_state->hit_not_tbl_objects = NULL;
return rule_state; return rule_compile_state;
} }
static long long static long long
rule_state_hit_not_tbl_objects_free(struct rule_state *rule_state) rule_compile_state_hit_not_tbl_objects_free(struct rule_compile_state *rule_compile_state)
{ {
if (NULL == rule_state) { if (NULL == rule_compile_state) {
return 0; return 0;
} }
long long free_bytes = 0; long long free_bytes = 0;
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL; struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) { HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
free_bytes += free_bytes +=
(sizeof(tbl_object) + utarray_len(tbl_object->object_ids) * sizeof(long long)); (sizeof(tbl_object) + utarray_len(tbl_object->object_ids) * sizeof(long long));
HASH_DEL(rule_state->hit_not_tbl_objects, tbl_object); HASH_DEL(rule_compile_state->hit_not_tbl_objects, tbl_object);
if (tbl_object->object_ids != NULL) { if (tbl_object->object_ids != NULL) {
utarray_free(tbl_object->object_ids); utarray_free(tbl_object->object_ids);
tbl_object->object_ids = NULL; tbl_object->object_ids = NULL;
@@ -1461,118 +1439,118 @@ rule_state_hit_not_tbl_objects_free(struct rule_state *rule_state)
return free_bytes; return free_bytes;
} }
void rule_state_reset(struct rule_state *rule_state) void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
{ {
if (NULL == rule_state) { if (NULL == rule_compile_state) {
return; return;
} }
rule_state->this_scan_not_logic = 0; rule_compile_state->this_scan_not_logic = 0;
rule_state->Nth_scan = 0; rule_compile_state->Nth_scan = 0;
rule_state->rule_rt_version = 0; rule_compile_state->rule_rt_version = 0;
utarray_clear(rule_state->internal_hit_paths); utarray_clear(rule_compile_state->internal_hit_paths);
utarray_clear(rule_state->all_hit_conditions); utarray_clear(rule_compile_state->all_hit_conditions);
utarray_clear(rule_state->this_scan_hit_conditions); utarray_clear(rule_compile_state->this_scan_hit_conditions);
utarray_clear(rule_state->this_scan_hit_not_conditions); utarray_clear(rule_compile_state->this_scan_hit_not_conditions);
utarray_clear(rule_state->exclude_not_conditions); utarray_clear(rule_compile_state->exclude_not_conditions);
utarray_clear(rule_state->direct_hit_objects); utarray_clear(rule_compile_state->direct_hit_objects);
utarray_clear(rule_state->indirect_hit_objects); utarray_clear(rule_compile_state->indirect_hit_objects);
utarray_clear(rule_state->last_hit_objects); utarray_clear(rule_compile_state->last_hit_objects);
utarray_clear(rule_state->hit_rule_table_ids); utarray_clear(rule_compile_state->hit_rule_table_ids);
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL; struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) { HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
utarray_clear(tbl_object->object_ids); utarray_clear(tbl_object->object_ids);
} }
} }
void rule_state_free(struct rule_state *rule_state, void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_inst, int thread_id) struct maat *maat_inst, int thread_id)
{ {
if (NULL == rule_state) { if (NULL == rule_compile_state) {
return; return;
} }
long long free_bytes = 0; long long free_bytes = 0;
if (rule_state->internal_hit_paths != NULL) { if (rule_compile_state->internal_hit_paths != NULL) {
free_bytes += utarray_size(rule_state->internal_hit_paths) * free_bytes += utarray_size(rule_compile_state->internal_hit_paths) *
sizeof(struct internal_hit_path); sizeof(struct internal_hit_path);
utarray_free(rule_state->internal_hit_paths); utarray_free(rule_compile_state->internal_hit_paths);
rule_state->internal_hit_paths = NULL; rule_compile_state->internal_hit_paths = NULL;
} }
if (rule_state->all_hit_conditions != NULL) { if (rule_compile_state->all_hit_conditions != NULL) {
free_bytes += utarray_size(rule_state->all_hit_conditions) * free_bytes += utarray_size(rule_compile_state->all_hit_conditions) *
sizeof(long long); sizeof(long long);
utarray_free(rule_state->all_hit_conditions); utarray_free(rule_compile_state->all_hit_conditions);
rule_state->all_hit_conditions = NULL; rule_compile_state->all_hit_conditions = NULL;
} }
if (rule_state->this_scan_hit_conditions != NULL) { if (rule_compile_state->this_scan_hit_conditions != NULL) {
free_bytes += utarray_size(rule_state->this_scan_hit_conditions) * free_bytes += utarray_size(rule_compile_state->this_scan_hit_conditions) *
sizeof(long long); sizeof(long long);
utarray_free(rule_state->this_scan_hit_conditions); utarray_free(rule_compile_state->this_scan_hit_conditions);
rule_state->this_scan_hit_conditions = NULL; rule_compile_state->this_scan_hit_conditions = NULL;
} }
if (rule_state->this_scan_hit_not_conditions != NULL) { if (rule_compile_state->this_scan_hit_not_conditions != NULL) {
free_bytes += utarray_size(rule_state->this_scan_hit_not_conditions) * free_bytes += utarray_size(rule_compile_state->this_scan_hit_not_conditions) *
sizeof(long long); sizeof(long long);
utarray_free(rule_state->this_scan_hit_not_conditions); utarray_free(rule_compile_state->this_scan_hit_not_conditions);
rule_state->this_scan_hit_not_conditions = NULL; rule_compile_state->this_scan_hit_not_conditions = NULL;
} }
if (rule_state->exclude_not_conditions != NULL) { if (rule_compile_state->exclude_not_conditions != NULL) {
free_bytes += utarray_size(rule_state->exclude_not_conditions) * free_bytes += utarray_size(rule_compile_state->exclude_not_conditions) *
sizeof(long long); sizeof(long long);
utarray_free(rule_state->exclude_not_conditions); utarray_free(rule_compile_state->exclude_not_conditions);
rule_state->exclude_not_conditions = NULL; rule_compile_state->exclude_not_conditions = NULL;
} }
if (rule_state->direct_hit_objects != NULL) { if (rule_compile_state->direct_hit_objects != NULL) {
free_bytes += utarray_size(rule_state->direct_hit_objects) * free_bytes += utarray_size(rule_compile_state->direct_hit_objects) *
sizeof(struct maat_hit_object); sizeof(struct maat_hit_object);
utarray_free(rule_state->direct_hit_objects); utarray_free(rule_compile_state->direct_hit_objects);
rule_state->direct_hit_objects = NULL; rule_compile_state->direct_hit_objects = NULL;
} }
if (rule_state->indirect_hit_objects != NULL) { if (rule_compile_state->indirect_hit_objects != NULL) {
free_bytes += utarray_size(rule_state->indirect_hit_objects) * free_bytes += utarray_size(rule_compile_state->indirect_hit_objects) *
sizeof(struct maat_hit_object); sizeof(struct maat_hit_object);
utarray_free(rule_state->indirect_hit_objects); utarray_free(rule_compile_state->indirect_hit_objects);
rule_state->indirect_hit_objects = NULL; rule_compile_state->indirect_hit_objects = NULL;
} }
if (rule_state->last_hit_objects != NULL) { if (rule_compile_state->last_hit_objects != NULL) {
free_bytes += utarray_size(rule_state->last_hit_objects) * free_bytes += utarray_size(rule_compile_state->last_hit_objects) *
sizeof(struct maat_hit_object); sizeof(struct maat_hit_object);
utarray_free(rule_state->last_hit_objects); utarray_free(rule_compile_state->last_hit_objects);
rule_state->last_hit_objects = NULL; rule_compile_state->last_hit_objects = NULL;
} }
if (rule_state->hit_rule_table_ids != NULL) { if (rule_compile_state->hit_rule_table_ids != NULL) {
free_bytes += utarray_size(rule_state->hit_rule_table_ids) * free_bytes += utarray_size(rule_compile_state->hit_rule_table_ids) *
sizeof(struct rule2table_id); sizeof(struct rule2table_id);
utarray_free(rule_state->hit_rule_table_ids); utarray_free(rule_compile_state->hit_rule_table_ids);
rule_state->hit_rule_table_ids = NULL; rule_compile_state->hit_rule_table_ids = NULL;
} }
free_bytes += rule_state_hit_not_tbl_objects_free(rule_state); free_bytes += rule_compile_state_hit_not_tbl_objects_free(rule_compile_state);
FREE(rule_state); FREE(rule_compile_state);
free_bytes += sizeof(struct rule_state); free_bytes += sizeof(struct rule_compile_state);
alignment_int64_array_add(maat_inst->stat->maat_state_free_bytes, alignment_int64_array_add(maat_inst->stat->maat_state_free_bytes,
thread_id, free_bytes); thread_id, free_bytes);
} }
static void static void
rule_state_add_internal_hit_path(struct rule_state *rule_state, rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
long long item_id, long long object_id, long long item_id, long long object_id,
int attribute_id, int negate_option, int Nth_scan) int attribute_id, int negate_option, int Nth_scan)
{ {
if (NULL == rule_state) { if (NULL == rule_compile_state) {
return; return;
} }
@@ -1583,7 +1561,7 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state,
new_path.attribute_id = attribute_id; new_path.attribute_id = attribute_id;
new_path.negate_option = negate_option; new_path.negate_option = negate_option;
utarray_push_back(rule_state->internal_hit_paths, &new_path); utarray_push_back(rule_compile_state->internal_hit_paths, &new_path);
} }
static int maat_rule_has_condition_query_key(struct maat_rule *rule, static int maat_rule_has_condition_query_key(struct maat_rule *rule,
@@ -1724,7 +1702,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
} }
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_state *rule_state, struct rule_compile_state *rule_compile_state,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path) size_t array_size, size_t n_hit_path)
{ {
@@ -1736,14 +1714,14 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
(thread_id * MAX_HIT_RULE_NUM); (thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0); assert(thread_id >= 0);
if (rule_state->rule_rt_version != rule_rt->version) { if (rule_compile_state->rule_rt_version != rule_rt->version) {
return 0; return 0;
} }
int bool_match_ret = int bool_match_ret =
bool_matcher_match(rule_rt->bm, bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0), (unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM); utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);
for (int idx = 0; idx < bool_match_ret; idx++) { for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag; rule = (struct maat_rule *)expr_match[idx].user_tag;
@@ -1773,11 +1751,11 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
} }
static void static void
rule_state_add_direct_hit_objects(struct rule_state *rule_state, rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items, struct maat_item *hit_items,
size_t n_hit_items, int attribute_id) size_t n_hit_items, int attribute_id)
{ {
if (NULL == rule_state || NULL == hit_items) { if (NULL == rule_compile_state || NULL == hit_items) {
return; return;
} }
@@ -1786,16 +1764,16 @@ rule_state_add_direct_hit_objects(struct rule_state *rule_state,
hit_object.item_id = hit_items[i].item_id; hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id; hit_object.object_id = hit_items[i].object_id;
hit_object.attribute_id = attribute_id; hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->direct_hit_objects, &hit_object); utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object);
} }
} }
static void static void
rule_state_add_indirect_hit_objects(struct rule_state *rule_state, rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
long long *object_ids, long long *object_ids,
size_t n_object_ids, int attribute_id) size_t n_object_ids, int attribute_id)
{ {
if (NULL == rule_state || NULL == object_ids) { if (NULL == rule_compile_state || NULL == object_ids) {
return; return;
} }
@@ -1804,92 +1782,92 @@ rule_state_add_indirect_hit_objects(struct rule_state *rule_state,
hit_object.item_id = 0; hit_object.item_id = 0;
hit_object.object_id = object_ids[i]; hit_object.object_id = object_ids[i];
hit_object.attribute_id = attribute_id; hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->indirect_hit_objects, &hit_object); utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object);
} }
} }
static void static void
rule_state_add_hit_conditions(struct rule_state *rule_state, rule_compile_state_add_hit_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array) UT_array *condition_id_array)
{ {
size_t i = 0; size_t i = 0;
long long *condition_id = NULL; long long *condition_id = NULL;
size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_conditions); size_t new_condition_idx = utarray_len(rule_compile_state->this_scan_hit_conditions);
for (i = 0; i < utarray_len(condition_id_array); i++) { for (i = 0; i < utarray_len(condition_id_array); i++) {
condition_id = (long long *)utarray_eltptr(condition_id_array, i); condition_id = (long long *)utarray_eltptr(condition_id_array, i);
if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) { if (utarray_find(rule_compile_state->all_hit_conditions, condition_id, compare_condition_id)) {
continue; continue;
} }
utarray_push_back(rule_state->this_scan_hit_conditions, condition_id); utarray_push_back(rule_compile_state->this_scan_hit_conditions, condition_id);
} }
if ((utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx) > 0) { if ((utarray_len(rule_compile_state->this_scan_hit_conditions) - new_condition_idx) > 0) {
utarray_reserve(rule_state->all_hit_conditions, utarray_reserve(rule_compile_state->all_hit_conditions,
utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx); utarray_len(rule_compile_state->this_scan_hit_conditions) - new_condition_idx);
for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_conditions); i++) { for (i = new_condition_idx; i < utarray_len(rule_compile_state->this_scan_hit_conditions); i++) {
condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_conditions, i); condition_id = (long long *)utarray_eltptr(rule_compile_state->this_scan_hit_conditions, i);
utarray_push_back(rule_state->all_hit_conditions, condition_id); utarray_push_back(rule_compile_state->all_hit_conditions, condition_id);
} }
utarray_sort(rule_state->all_hit_conditions, compare_condition_id); utarray_sort(rule_compile_state->all_hit_conditions, compare_condition_id);
} }
} }
static void static void
rule_state_add_exclude_not_conditions(struct rule_state *rule_state, rule_compile_state_add_exclude_not_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array) UT_array *condition_id_array)
{ {
for (size_t i = 0; i < utarray_len(condition_id_array); i++) { for (size_t i = 0; i < utarray_len(condition_id_array); i++) {
long long *condition_id = (long long *)utarray_eltptr(condition_id_array, i); long long *condition_id = (long long *)utarray_eltptr(condition_id_array, i);
if (utarray_find(rule_state->exclude_not_conditions, condition_id, if (utarray_find(rule_compile_state->exclude_not_conditions, condition_id,
compare_condition_id)) { compare_condition_id)) {
continue; continue;
} }
utarray_push_back(rule_state->exclude_not_conditions, condition_id); utarray_push_back(rule_compile_state->exclude_not_conditions, condition_id);
} }
utarray_sort(rule_state->exclude_not_conditions, compare_condition_id); utarray_sort(rule_compile_state->exclude_not_conditions, compare_condition_id);
} }
static void static void
rule_state_add_hit_not_conditions(struct rule_state *rule_state, rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array) UT_array *condition_id_array)
{ {
size_t i = 0; size_t i = 0;
long long *condition_id = NULL; long long *condition_id = NULL;
size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_not_conditions); size_t new_condition_idx = utarray_len(rule_compile_state->this_scan_hit_not_conditions);
for (i = 0; i < utarray_len(condition_id_array); i++) { for (i = 0; i < utarray_len(condition_id_array); i++) {
condition_id = (long long *)utarray_eltptr(condition_id_array, i); condition_id = (long long *)utarray_eltptr(condition_id_array, i);
if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) { if (utarray_find(rule_compile_state->all_hit_conditions, condition_id, compare_condition_id)) {
continue; continue;
} }
if (utarray_find(rule_state->exclude_not_conditions, condition_id, compare_condition_id)) { if (utarray_find(rule_compile_state->exclude_not_conditions, condition_id, compare_condition_id)) {
continue; continue;
} }
utarray_push_back(rule_state->this_scan_hit_not_conditions, condition_id); utarray_push_back(rule_compile_state->this_scan_hit_not_conditions, condition_id);
} }
if ((utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) { if ((utarray_len(rule_compile_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) {
utarray_reserve(rule_state->all_hit_conditions, utarray_reserve(rule_compile_state->all_hit_conditions,
utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx); utarray_len(rule_compile_state->this_scan_hit_not_conditions) - new_condition_idx);
for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) { for (i = new_condition_idx; i < utarray_len(rule_compile_state->this_scan_hit_not_conditions); i++) {
condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i); condition_id = (long long *)utarray_eltptr(rule_compile_state->this_scan_hit_not_conditions, i);
utarray_push_back(rule_state->all_hit_conditions, condition_id); utarray_push_back(rule_compile_state->all_hit_conditions, condition_id);
} }
utarray_sort(rule_state->all_hit_conditions, compare_condition_id); utarray_sort(rule_compile_state->all_hit_conditions, compare_condition_id);
} }
} }
static void static void
rule_state_update_hit_conditions(struct rule_state *rule_state, rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
long long object_id, int attribute_id) long long object_id, int attribute_id)
{ {
if (NULL == rule_state || NULL == rule_rt) { if (NULL == rule_compile_state || NULL == rule_rt) {
return; return;
} }
@@ -1898,23 +1876,23 @@ rule_state_update_hit_conditions(struct rule_state *rule_state,
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv); HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) { if (condition_id_kv != NULL) {
rule_state_add_hit_conditions(rule_state, condition_id_kv->condition_ids); rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids);
} }
key.negate_option = 1; key.negate_option = 1;
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv); HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) { if (condition_id_kv != NULL) {
rule_state_add_exclude_not_conditions(rule_state, condition_id_kv->condition_ids); rule_compile_state_add_exclude_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
} }
} }
static void static void
rule_state_cache_hit_not_objects(struct rule_state *rule_state, rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
long long *hit_object_ids, long long *hit_object_ids,
size_t n_hit_object_id, int attribute_id) size_t n_hit_object_id, int attribute_id)
{ {
if (NULL == rule_state || NULL == rule_rt) { if (NULL == rule_compile_state || NULL == rule_rt) {
return; return;
} }
@@ -1923,7 +1901,7 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state,
} }
struct table_object *tbl_object = NULL; struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object); HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
if (tbl_object != NULL) { if (tbl_object != NULL) {
for (size_t i = 0; i < n_hit_object_id; i++) { for (size_t i = 0; i < n_hit_object_id; i++) {
long long *object_id = (long long *)utarray_find(tbl_object->object_ids, long long *object_id = (long long *)utarray_find(tbl_object->object_ids,
@@ -1954,7 +1932,7 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state,
tbl_object = ALLOC(struct table_object, 1); tbl_object = ALLOC(struct table_object, 1);
tbl_object->attribute_id = attribute_id; tbl_object->attribute_id = attribute_id;
utarray_new(tbl_object->object_ids, &ut_rule_object_id_icd); utarray_new(tbl_object->object_ids, &ut_rule_object_id_icd);
HASH_ADD_INT(rule_state->hit_not_tbl_objects, attribute_id, tbl_object); HASH_ADD_INT(rule_compile_state->hit_not_tbl_objects, attribute_id, tbl_object);
} }
if (!utarray_find(tbl_object->object_ids, &(condition_id_kv->key.object_id), if (!utarray_find(tbl_object->object_ids, &(condition_id_kv->key.object_id),
@@ -1968,12 +1946,12 @@ rule_state_cache_hit_not_objects(struct rule_state *rule_state,
} }
} }
int rule_state_get_rule_table_id(struct rule_state *rule_state, int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id) long long rule_id)
{ {
struct rule2table_id *tmp = NULL; struct rule2table_id *tmp = NULL;
tmp = utarray_find(rule_state->hit_rule_table_ids, &rule_id, tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id); compare_rule_id);
if (NULL == tmp) { if (NULL == tmp) {
return -1; return -1;
@@ -2456,12 +2434,12 @@ static int compare_rule_item(const void *a, const void *b)
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids, int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
size_t rule_ids_size, struct maat_state *state) size_t rule_ids_size, struct maat_state *state)
{ {
struct rule_state *rule_state = state->rule_state; struct rule_compile_state *rule_compile_state = state->rule_compile_state;
struct rule_item *rule_items[rule_ids_size]; struct rule_item *rule_items[rule_ids_size];
// all hit condition_id -> rule_id // all hit condition_id -> rule_id
size_t bool_match_ret = size_t bool_match_ret =
maat_rule_bool_matcher_match(rule_rt, rule_state, maat_rule_bool_matcher_match(rule_rt, rule_compile_state,
state->thread_id, state->thread_id,
(void **)rule_items, (void **)rule_items,
rule_ids_size); rule_ids_size);
@@ -2477,7 +2455,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
return MIN(bool_match_ret, rule_ids_size); return MIN(bool_match_ret, rule_ids_size);
} }
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan, int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item) struct maat_item *hit_items, size_t n_hit_item)
{ {
@@ -2486,9 +2464,9 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
long long hit_object_ids[MAX_HIT_OBJECT_NUM]; long long hit_object_ids[MAX_HIT_OBJECT_NUM];
struct maat_hit_object hit_object; struct maat_hit_object hit_object;
utarray_clear(rule_state->this_scan_hit_conditions); utarray_clear(rule_compile_state->this_scan_hit_conditions);
rule_state->this_scan_not_logic = 0; rule_compile_state->this_scan_not_logic = 0;
rule_state->Nth_scan = Nth_scan; rule_compile_state->Nth_scan = Nth_scan;
for (i = 0; i < hit_cnt; i++) { for (i = 0; i < hit_cnt; i++) {
hit_object_ids[i] = hit_items[i].object_id; hit_object_ids[i] = hit_items[i].object_id;
@@ -2496,7 +2474,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
hit_object.item_id = hit_items[i].item_id; hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id; hit_object.object_id = hit_items[i].object_id;
hit_object.attribute_id = attribute_id; hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->last_hit_objects, &hit_object); utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
} }
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr); int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
@@ -2510,19 +2488,19 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
hit_object.item_id = 0; hit_object.item_id = 0;
hit_object.object_id = super_object_ids[i]; hit_object.object_id = super_object_ids[i];
hit_object.attribute_id = attribute_id; hit_object.attribute_id = attribute_id;
utarray_push_back(rule_state->last_hit_objects, &hit_object); utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
} }
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) { if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) { for (i = 0; i < hit_cnt; i++) {
rule_state_add_internal_hit_path(rule_state, hit_items[i].item_id, rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_id,
hit_items[i].object_id, attribute_id, 0, Nth_scan); hit_items[i].object_id, attribute_id, 0, Nth_scan);
} }
} }
if (1 == maat_inst->opts.hit_object_on) { if (1 == maat_inst->opts.hit_object_on) {
rule_state_add_direct_hit_objects(rule_state, hit_items, hit_cnt, attribute_id); rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_id);
rule_state_add_indirect_hit_objects(rule_state, super_object_ids, rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_ids,
super_object_cnt, attribute_id); super_object_cnt, attribute_id);
} }
@@ -2543,39 +2521,39 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
} }
for (i = 0; i < hit_cnt; i++) { for (i = 0; i < hit_cnt; i++) {
rule_state_update_hit_conditions(rule_state, rule_rt, rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt,
hit_object_ids[i], attribute_id); hit_object_ids[i], attribute_id);
} }
rule_state_cache_hit_not_objects(rule_state, rule_rt, hit_object_ids, rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_ids,
hit_cnt, attribute_id); hit_cnt, attribute_id);
return hit_cnt; return hit_cnt;
} }
void rule_state_clear_last_hit_object(struct rule_state *rule_state) void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_compile_state)
{ {
if (NULL == rule_state) { if (NULL == rule_compile_state) {
return; return;
} }
utarray_clear(rule_state->last_hit_objects); utarray_clear(rule_compile_state->last_hit_objects);
} }
void rule_state_not_logic_update(struct rule_state *rule_state, void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
struct maat *maat_inst, int attribute_id, struct maat *maat_inst, int attribute_id,
int Nth_scan) int Nth_scan)
{ {
if (NULL == rule_state || NULL == maat_inst) { if (NULL == rule_compile_state || NULL == maat_inst) {
return; return;
} }
rule_state->this_scan_not_logic = 1; rule_compile_state->this_scan_not_logic = 1;
rule_state->Nth_scan = Nth_scan; rule_compile_state->Nth_scan = Nth_scan;
utarray_clear(rule_state->this_scan_hit_not_conditions); utarray_clear(rule_compile_state->this_scan_hit_not_conditions);
struct table_object *tbl_object = NULL; struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object); HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
if (NULL == tbl_object) { if (NULL == tbl_object) {
return; return;
} }
@@ -2590,62 +2568,62 @@ void rule_state_not_logic_update(struct rule_state *rule_state,
continue; continue;
} }
rule_state_add_hit_not_conditions(rule_state, condition_id_kv->condition_ids); rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
if (1 == maat_inst->opts.hit_path_on) { if (1 == maat_inst->opts.hit_path_on) {
rule_state_add_internal_hit_path(rule_state, -1, *object_id, rule_compile_state_add_internal_hit_path(rule_compile_state, -1, *object_id,
attribute_id, 1, Nth_scan); attribute_id, 1, Nth_scan);
} }
} }
} }
size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state, size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array, struct maat_hit_object *object_array,
size_t array_size) size_t array_size)
{ {
size_t i = 0; size_t i = 0;
struct maat_hit_object *hit_object = NULL; struct maat_hit_object *hit_object = NULL;
for (i = 0; i < utarray_len(rule_state->indirect_hit_objects) && i < array_size; i++) { for (i = 0; i < utarray_len(rule_compile_state->indirect_hit_objects) && i < array_size; i++) {
hit_object = hit_object =
(struct maat_hit_object *)utarray_eltptr(rule_state->indirect_hit_objects, i); (struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i);
object_array[i].item_id = hit_object->item_id; object_array[i].item_id = hit_object->item_id;
object_array[i].object_id = hit_object->object_id; object_array[i].object_id = hit_object->object_id;
object_array[i].attribute_id = hit_object->attribute_id; object_array[i].attribute_id = hit_object->attribute_id;
} }
utarray_clear(rule_state->indirect_hit_objects); utarray_clear(rule_compile_state->indirect_hit_objects);
return i; return i;
} }
size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state) size_t rule_compile_state_get_indirect_hit_object_cnt(struct rule_compile_state *rule_compile_state)
{ {
return utarray_len(rule_state->indirect_hit_objects); return utarray_len(rule_compile_state->indirect_hit_objects);
} }
size_t rule_state_get_last_hit_objects(struct rule_state *rule_state, size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array, struct maat_hit_object *object_array,
size_t array_size) size_t array_size)
{ {
size_t i = 0; size_t i = 0;
for (i = 0; i < utarray_len(rule_state->last_hit_objects) && i < array_size; i++) { for (i = 0; i < utarray_len(rule_compile_state->last_hit_objects) && i < array_size; i++) {
object_array[i] = object_array[i] =
*(struct maat_hit_object *)utarray_eltptr(rule_state->last_hit_objects, i); *(struct maat_hit_object *)utarray_eltptr(rule_compile_state->last_hit_objects, i);
} }
return i; return i;
} }
size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state) size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state)
{ {
return utarray_len(rule_state->last_hit_objects); return utarray_len(rule_compile_state->last_hit_objects);
} }
size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state, size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_hit_object *object_array, struct maat_hit_object *object_array,
size_t array_size) size_t array_size)
{ {
UT_array *direct_hit_object = rule_state->direct_hit_objects; UT_array *direct_hit_object = rule_compile_state->direct_hit_objects;
size_t i = 0; size_t i = 0;
struct maat_hit_object *object = NULL; struct maat_hit_object *object = NULL;
@@ -2656,17 +2634,17 @@ size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state,
object_array[i].attribute_id = object->attribute_id; object_array[i].attribute_id = object->attribute_id;
} }
utarray_clear(rule_state->direct_hit_objects); utarray_clear(rule_compile_state->direct_hit_objects);
return i; return i;
} }
size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state) size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *rule_compile_state)
{ {
return utarray_len(rule_state->direct_hit_objects); return utarray_len(rule_compile_state->direct_hit_objects);
} }
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt, struct object2object_runtime *g2g_rt,
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
@@ -2675,9 +2653,9 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
size_t hit_path_cnt = 0; size_t hit_path_cnt = 0;
struct internal_hit_path *internal_path = NULL; struct internal_hit_path *internal_path = NULL;
for (int i = 0; i < utarray_len(rule_state->internal_hit_paths); i++) { for (int i = 0; i < utarray_len(rule_compile_state->internal_hit_paths); i++) {
internal_path = internal_path =
(struct internal_hit_path *)utarray_eltptr(rule_state->internal_hit_paths, i); (struct internal_hit_path *)utarray_eltptr(rule_compile_state->internal_hit_paths, i);
/* /*
NOTE: maybe one item has been deleted, but it's item_id still exist in internal_hit_paths NOTE: maybe one item has been deleted, but it's item_id still exist in internal_hit_paths
*/ */

9
test/CMakeLists.txt
View File

@@ -41,11 +41,12 @@ add_subdirectory(object_nesting)
add_subdirectory(ipport_plugin) add_subdirectory(ipport_plugin)
add_subdirectory(benchmark) add_subdirectory(benchmark)
configure_file(table_info.conf table_info.conf COPYONLY) configure_file(table_info.json table_info.json COPYONLY)
configure_file(tsg_table_info.conf tsg_table_info.conf COPYONLY) configure_file(tsg_table_info.json tsg_table_info.json COPYONLY)
configure_file(file_test_tableinfo.conf file_test_tableinfo.conf COPYONLY) configure_file(file_test_tableinfo.json file_test_tableinfo.json COPYONLY)
configure_file(expr_matcher.conf expr_matcher.conf COPYONLY) configure_file(expr_matcher.json expr_matcher.json COPYONLY)
configure_file(maat_json.json maat_json.json COPYONLY) configure_file(maat_json.json maat_json.json COPYONLY)
configure_file(regex_expr.json regex_expr.json COPYONLY)
file(COPY ntcrule DESTINATION ./) file(COPY ntcrule DESTINATION ./)
file(COPY tsgrule DESTINATION ./) file(COPY tsgrule DESTINATION ./)

2
test/benchmark/benchmark_gtest.cpp
View File

@@ -28,7 +28,7 @@
#define PERF_THREAD_NUM 5 #define PERF_THREAD_NUM 5
#define MAX_SCAN_TIMES 1000000 #define MAX_SCAN_TIMES 1000000
const char *g_table_info_path = "./benchmark_table_info.conf"; const char *g_table_info_path = "./benchmark_table_info.json";
struct log_handle *g_logger = NULL; struct log_handle *g_logger = NULL;
struct thread_param { struct thread_param {

0
test/expr_matcher.conf → test/expr_matcher.json
View File

60
test/expr_matcher_gtest.cpp
View File

@@ -294,7 +294,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_normal_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -351,7 +351,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_normal_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -408,7 +408,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_left_unlimit_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -466,7 +466,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_left_unlimit_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -524,7 +524,7 @@ TEST(hs_expr_matcher_match, literal_sub_has_right_unlimit_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -591,7 +591,7 @@ TEST(rs_expr_matcher_match, literal_sub_has_right_unlimit_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -658,7 +658,7 @@ TEST(hs_expr_matcher_match, literal_sub_with_no_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -716,7 +716,7 @@ TEST(rs_expr_matcher_match, literal_sub_with_no_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -774,7 +774,7 @@ TEST(hs_expr_matcher_match, literal_exactly)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -822,7 +822,7 @@ TEST(rs_expr_matcher_match, literal_exactly)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -871,7 +871,7 @@ TEST(hs_expr_matcher_match, literal_prefix)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -931,7 +931,7 @@ TEST(rs_expr_matcher_match, literal_prefix)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -991,7 +991,7 @@ TEST(hs_expr_matcher_match, literal_suffix)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1051,7 +1051,7 @@ TEST(rs_expr_matcher_match, literal_suffix)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1111,7 +1111,7 @@ TEST(hs_expr_matcher_match, literal_sub_with_hex)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1150,7 +1150,7 @@ TEST(rs_expr_matcher_match, literal_sub_with_hex)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1189,7 +1189,7 @@ TEST(hs_expr_matcher_match, literal_with_chinese)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1218,7 +1218,7 @@ TEST(rs_expr_matcher_match, literal_with_chinese)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1247,7 +1247,7 @@ TEST(hs_expr_matcher_match, same_pattern_different_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1276,7 +1276,7 @@ TEST(rs_expr_matcher_match, same_pattern_different_offset)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1305,7 +1305,7 @@ TEST(hs_expr_matcher_match, long_scan_data)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1336,7 +1336,7 @@ TEST(rs_expr_matcher_match, long_scan_data)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1367,7 +1367,7 @@ TEST(expr_matcher_match, regex_expression_check)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./regex_expr.conf", rules, &n_rule); int ret = parse_config_file("./regex_expr.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
for (size_t i = 0; i < n_rule; i++) { for (size_t i = 0; i < n_rule; i++) {
@@ -1384,7 +1384,7 @@ TEST(hs_expr_matcher_stream, basic)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1428,7 +1428,7 @@ TEST(rs_expr_matcher_stream, basic)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1471,7 +1471,7 @@ TEST(hs_expr_matcher, regex_basic)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger); ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger);
@@ -1504,7 +1504,7 @@ TEST(rs_expr_matcher, regex_basic)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger); ret = expr_matcher_verify_regex_expression("[0-9]rain", g_logger);
@@ -1538,7 +1538,7 @@ TEST(hs_expr_matcher, regex_unicode)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1566,7 +1566,7 @@ TEST(rs_expr_matcher, regex_unicode)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =
@@ -1594,7 +1594,7 @@ TEST(hs_expr_matcher, hit_pattern_num)
struct expr_rule rules[64] = {0}; struct expr_rule rules[64] = {0};
size_t n_rule = 0; size_t n_rule = 0;
int ret = parse_config_file("./expr_matcher.conf", rules, &n_rule); int ret = parse_config_file("./expr_matcher.json", rules, &n_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct expr_matcher *matcher = struct expr_matcher *matcher =

0
test/file_test_tableinfo.conf → test/file_test_tableinfo.json
View File

2
test/ipport_plugin/ipport_plugin_gtest.cpp
View File

@@ -14,7 +14,7 @@
#define ARRAY_SIZE 10 #define ARRAY_SIZE 10
#define PERF_scan_times 1000 * 1000 #define PERF_scan_times 1000 * 1000
const char *g_table_info_path = "./ipport_plugin_table_info.conf"; const char *g_table_info_path = "./ipport_plugin_table_info.json";
const char *log_file = "./ipport_plugin_gtest.log"; const char *log_file = "./ipport_plugin_gtest.log";
const char *g_ip_str = "116.71.169.140"; const char *g_ip_str = "116.71.169.140";

2
test/maat_ex_data_gtest.cpp
View File

@@ -9,7 +9,7 @@
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include <limits.h> #include <limits.h>
const char *g_table_info_path = "./table_info.conf"; const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json"; const char *g_json_filename = "maat_json.json";
struct log_handle *g_logger = NULL; struct log_handle *g_logger = NULL;
struct maat *g_maat_inst = NULL; struct maat *g_maat_inst = NULL;

4
test/maat_framework_gtest.cpp
View File

@@ -19,7 +19,7 @@
#define HIT_PATH_SIZE 128 #define HIT_PATH_SIZE 128
#define WAIT_FOR_EFFECTIVE_S 2 #define WAIT_FOR_EFFECTIVE_S 2
const char *g_table_info_path = "./table_info.conf"; const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json"; const char *g_json_filename = "maat_json.json";
size_t g_thread_num = 4; size_t g_thread_num = 4;
@@ -6978,7 +6978,7 @@ class FileTest : public testing::Test
protected: protected:
static void SetUpTestCase() { static void SetUpTestCase() {
const char *rule_folder = "./ntcrule/full/index"; const char *rule_folder = "./ntcrule/full/index";
const char *table_info = "./file_test_tableinfo.conf"; const char *table_info = "./file_test_tableinfo.json";
struct maat_options *opts = maat_options_new(); struct maat_options *opts = maat_options_new();
maat_options_set_caller_thread_number(opts, g_thread_num); maat_options_set_caller_thread_number(opts, g_thread_num);

4
test/maat_framework_perf_gtest.cpp
View File

@@ -18,7 +18,7 @@
#define PERF_THREAD_NUM 5 #define PERF_THREAD_NUM 5
#define PERF_SCAN_TIMES 1000 * 1000 #define PERF_SCAN_TIMES 1000 * 1000
const char *g_table_info_path = "./table_info.conf"; const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json"; const char *g_json_filename = "maat_json.json";
struct thread_param { struct thread_param {
@@ -1495,7 +1495,7 @@ protected:
static void SetUpTestCase() { static void SetUpTestCase() {
logger = log_handle_create("./maat_framework_perf_gtest.log", 0); logger = log_handle_create("./maat_framework_perf_gtest.log", 0);
const char *rule_folder = "./tsgrule/index"; const char *rule_folder = "./tsgrule/index";
const char *table_info = "./tsg_table_info.conf"; const char *table_info = "./tsg_table_info.json";
struct maat_options *opts = maat_options_new(); struct maat_options *opts = maat_options_new();
maat_options_set_stat_file(opts, "./stat.log"); maat_options_set_stat_file(opts, "./stat.log");

2
test/maat_input_mode_gtest.cpp
View File

@@ -11,7 +11,7 @@
#define MODULE_INPUT_MODE_GTEST module_name_str("maat.input_mode_gtest") #define MODULE_INPUT_MODE_GTEST module_name_str("maat.input_mode_gtest")
const char *g_table_info_path = "./table_info.conf"; const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json"; const char *g_json_filename = "maat_json.json";
struct log_handle *g_logger = NULL; struct log_handle *g_logger = NULL;

2
test/object_nesting/object_nesting_gtest.cpp
View File

@@ -15,7 +15,7 @@
#define WAIT_FOR_EFFECTIVE_S 2 #define WAIT_FOR_EFFECTIVE_S 2
#define MAX_G2G_SCAN_TIMES (1000 * 1000) #define MAX_G2G_SCAN_TIMES (1000 * 1000)
const char *g_table_info_path = "./object_exclude_table_info.conf"; const char *g_table_info_path = "./object_exclude_table_info.json";
const char *log_file = "./object_exclude_gtest.log"; const char *log_file = "./object_exclude_gtest.log";
struct object_item { struct object_item {

111
test/regex_expr.json Normal file
View File

@@ -0,0 +1,111 @@
{
"expr_rules": [
{
"rule_id": 301,
"pattern_num": 1,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[W|w]orld dream"
}
]
},
{
"rule_id": 302,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]today"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]Lunch"
}
]
},
{
"rule_id": 303,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "Cookie:\\s"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "head"
}
]
},
{
"rule_id": 304,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "123^abc"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "^123"
}
]
},
{
"rule_id": 305,
"pattern_num": 2,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "^123"
},
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "123^abc"
}
]
},
{
"rule_id": 306,
"pattern_num": 1,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "no",
"is_hexbin": "no",
"pattern": "^[1-9]\\d{5}(18|19|([23]\\d))\\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\\d{3}[0-9Xx]$"
}
]
}
]
}

1
test/table_info.conf → test/table_info.json
View File

@@ -207,6 +207,7 @@
"table_name":"IMAGE_FP", "table_name":"IMAGE_FP",
"table_type":"expr", "table_type":"expr",
"valid_column":5, "valid_column":5,
"supported_attributes":["HTTP_URL", "HTTP_REQ_BODY"],
"custom": { "custom": {
"item_id":1, "item_id":1,
"object_id":2, "object_id":2,

0
test/tsg_table_info.conf → test/tsg_table_info.json
View File

2
tools/maat_redis_tool.cpp
View File

@@ -22,7 +22,7 @@
#define WORK_MODE_TEST_TRANS 2 #define WORK_MODE_TEST_TRANS 2
const char *redis_dump_dir = "./redis_dump"; const char *redis_dump_dir = "./redis_dump";
const char *default_table_info = "./table_info.conf"; const char *default_table_info = "./table_info.json";
static void maat_tool_print_usage(void) static void maat_tool_print_usage(void)
{ {