gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename terminology "group" to "object"

Browse Source
This commit is contained in:
root
2024-08-22 10:26:59 +00:00
parent 72cf89723d
commit 54a70f19d9
75 changed files with 4634 additions and 4634 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
docs/api_reference.md
View File

@@ -16,7 +16,7 @@ After that, call maat_new to create a maat instance. Next, for the two main usag
* Call the maat_scan_xx interface to perform the scan task and return the hit rule_id.
* If you are interested in the hit item, group, or path information, you can call the maat_state_get_xx interface as needed.
* If you are interested in the hit item, object, or path information, you can call the maat_state_get_xx interface as needed.
* Callback Scenario
@@ -55,7 +55,7 @@ After that, call maat_new to create a maat instance. Next, for the two main usag
* [maat_options_set_json_file_decrypt_key](#maat_options_set_json_file_decrypt_key)
* [maat_options_set_expr_engine](#maat_options_set_expr_engine)
* [maat_options_set_hit_path_enabled](#maat_options_set_hit_path_enabled)
* [maat_options_set_hit_group_enabled](#maat_options_set_hit_group_enabled)
* [maat_options_set_hit_object_enabled](#maat_options_set_hit_object_enabled)
## maat instance
@@ -72,12 +72,12 @@ After that, call maat_new to create a maat instance. Next, for the two main usag
* [maat_state_get_hit_paths](#maat_state_get_hit_paths)
* [maat_state_get_rule_table_ids](#maat_state_get_rule_table_ids)
* [maat_state_get_scan_count](#maat_state_get_scan_count)
* [maat_state_get_direct_hit_groups](#maat_state_get_direct_hit_groups)
* [maat_state_get_direct_hit_group_cnt](#maat_state_get_direct_hit_group_cnt)
* [maat_state_get_indirect_hit_groups](#maat_state_get_indirect_hit_groups)
* [maat_state_get_indirect_hit_group_cnt](#maat_state_get_indirect_hit_group_cnt)
* [maat_state_get_last_hit_groups](#maat_state_get_last_hit_groups)
* [maat_state_get_last_hit_group_cnt](#maat_state_get_last_hit_group_cnt)
* [maat_state_get_direct_hit_objects](#maat_state_get_direct_hit_objects)
* [maat_state_get_direct_hit_object_cnt](#maat_state_get_direct_hit_object_cnt)
* [maat_state_get_indirect_hit_objects](#maat_state_get_indirect_hit_objects)
* [maat_state_get_indirect_hit_object_cnt](#maat_state_get_indirect_hit_object_cnt)
* [maat_state_get_last_hit_objects](#maat_state_get_last_hit_objects)
* [maat_state_get_last_hit_object_cnt](#maat_state_get_last_hit_object_cnt)
## maat scan
@@ -86,7 +86,7 @@ After that, call maat_new to create a maat instance. Next, for the two main usag
* [maat_scan_ipv4](#maat_scan_ipv4)
* [maat_scan_ipv6](#maat_scan_ipv6)
* [maat_scan_string](#maat_scan_string)
* [maat_scan_group](#maat_scan_group)
* [maat_scan_object](#maat_scan_object)
* [maat_scan_not_logic](#maat_scan_not_logic)
## maat stream
@@ -500,13 +500,13 @@ By default, maat does not store the hit path, and you can call this interface if
**Returns**: success(0), failure(-1)
### maat_options_set_hit_group_enabled
### maat_options_set_hit_object_enabled
```c
int maat_options_set_hit_group_enabled(struct maat_options *opts);
int maat_options_set_hit_object_enabled(struct maat_options *opts);
```
By default, maat does not store the hit groups, and you can call this interface if you need to get this information.
By default, maat does not store the hit objects, and you can call this interface if you need to get this information.
**Parameters**:
* opts - The pointer of maat_options structure.
@@ -548,7 +548,7 @@ Destroy a maat instance.
struct maat_state *maat_state_new(struct maat *instance, int thread_id);
```
Before performing the actual scanning task, you need to call this interface to create a per-thread maat_state structure, which will be used as an input parameter when calling the maat_scan_xx interface to store the intermediate scanning state. This is especially useful in composite scanning scenarios to accurately provide all hit results from multiple scans. Additionally, hit paths, group_id of hits, and other information generated by the scanning are temporarily stored in it, and can be retrieved through the maat_state_get_xx interface.
Before performing the actual scanning task, you need to call this interface to create a per-thread maat_state structure, which will be used as an input parameter when calling the maat_scan_xx interface to store the intermediate scanning state. This is especially useful in composite scanning scenarios to accurately provide all hit results from multiple scans. Additionally, hit paths, object_id of hits, and other information generated by the scanning are temporarily stored in it, and can be retrieved through the maat_state_get_xx interface.
**Parameters**:
* instance - Maat instance created by maat_new().
@@ -609,7 +609,7 @@ int maat_state_set_scan_rule_table(struct maat_state *state,
int rule_table_id);
```
Maat supports loading multiple rule tables and building their respective runtime. Within the table schema, there is a rule table that has a `default_rule_table` field, indicating that maat will use the runtime of this table to calculate which rule_id will be hit by the hit group_id. If the caller wants to use another rule table runtime for the above calculation, this interface can be invoked to set it up.
Maat supports loading multiple rule tables and building their respective runtime. Within the table schema, there is a rule table that has a `default_rule_table` field, indicating that maat will use the runtime of this table to calculate which rule_id will be hit by the hit object_id. If the caller wants to use another rule table runtime for the above calculation, this interface can be invoked to set it up.
**Parameters**:
* state - Pointer to the maat state structure.
@@ -670,106 +670,106 @@ Gets the number of scans since maat state was created.
**Returns**: The number of scans.
### maat_state_get_direct_hit_groups
### maat_state_get_direct_hit_objects
```c
int maat_state_get_direct_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_direct_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size);
```
Get the direct hit_groups, including the table_id from the scan input, the item_id and its group_id in the corresponding item table.
Get the direct hit_objects, including the table_id from the scan input, the item_id and its object_id in the corresponding item table.
`Note`: hit_groups may be duplicated.
`Note`: hit_objects may be duplicated.
**Parameters**:
* state - Pointer to the maat state structure.
* group_array - Array to store the maat_hit_groups.
* object_array - Array to store the maat_hit_objects.
* array_size - Size of the array.
**Returns**: The number of direct hit_groups on success, and -1 is returned on failure.
**Returns**: The number of direct hit_objects on success, and -1 is returned on failure.
### maat_state_get_direct_hit_group_cnt
### maat_state_get_direct_hit_object_cnt
```c
size_t maat_state_get_direct_hit_group_cnt(struct maat_state *state);
size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state);
```
Get the number of direct hit_groups.
Get the number of direct hit_objects.
**Parameters**:
* state - Pointer to the maat state structure.
**Returns**: The number of direct hit_groups.
**Returns**: The number of direct hit_objects.
### maat_state_get_indirect_hit_groups
### maat_state_get_indirect_hit_objects
```c
int maat_state_get_indirect_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_indirect_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size);
```
Gets the indirect hit_groups, including the table_id from the scan input, the id of the super groups referencing the hit items.
Gets the indirect hit_objects, including the table_id from the scan input, the id of the super objects referencing the hit items.
`Note`: hit_groups may be duplicated.
`Note`: hit_objects may be duplicated.
**Parameters**:
* state - Pointer to the maat state structure.
* group_array - Array to store the maat_hit_groups.
* object_array - Array to store the maat_hit_objects.
* array_size - Size of the array.
**Returns**: The number of indirect hit_groups on success, and -1 is returned on failure.
**Returns**: The number of indirect hit_objects on success, and -1 is returned on failure.
### maat_state_get_indirect_hit_group_cnt
### maat_state_get_indirect_hit_object_cnt
```c
size_t maat_state_get_indirect_hit_group_cnt(struct maat_state *state);
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state);
```
Get the number of indirect hit_groups.
Get the number of indirect hit_objects.
**Parameters**:
* state - Pointer to the maat state structure.
**Returns**: The number of indirect hit_groups.
**Returns**: The number of indirect hit_objects.
### maat_state_get_last_hit_groups
### maat_state_get_last_hit_objects
```c
int maat_state_get_last_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_last_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size);
```
Get all hit_groups in the latest scan, including the table_id from the scan input, the item_id and its group_id in the corresponding item table, the id of the super groups referencing the hit items.
Get all hit_objects in the latest scan, including the table_id from the scan input, the item_id and its object_id in the corresponding item table, the id of the super objects referencing the hit items.
`Note`: hit_groups is not duplicated.
`Note`: hit_objects is not duplicated.
**Parameters**:
* state - Pointer to the maat state structure.
* group_array - Array to store the maat_hit_groups.
* object_array - Array to store the maat_hit_objects.
* array_size - Size of the array.
**Returns**: The number of all hit_groups in the latest scan on success, and -1 is returned on failure.
**Returns**: The number of all hit_objects in the latest scan on success, and -1 is returned on failure.
### maat_state_get_last_hit_group_cnt
### maat_state_get_last_hit_object_cnt
```c
size_t maat_state_get_last_hit_group_cnt(struct maat_state *state);
size_t maat_state_get_last_hit_object_cnt(struct maat_state *state);
```
Get the number of all hit_groups in the latest scan.
Get the number of all hit_objects in the latest scan.
**Parameters**:
* state - Pointer to the maat state structure.
**Returns**: The number of all hit_groups in the latest scan.
**Returns**: The number of all hit_objects in the latest scan.
### maat_scan_flag
@@ -841,16 +841,16 @@ int maat_scan_string(struct maat *instance, int table_id,
Same as above, the difference is that the data to be scanned is a string.
### maat_scan_group
### maat_scan_object
```c
int maat_scan_group(struct maat *instance, int table_id,
struct maat_hit_group *groups, size_t n_group,
int maat_scan_object(struct maat *instance, int table_id,
struct maat_hit_object *objects, size_t n_object,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state);
```
Different from the above interface, the input to this interface is the hit item_id and group_id. Therefore, there is no need to execute the underlying scanning engine. It only needs to calculate the hit rule_id based on the hit group_id.
Different from the above interface, the input to this interface is the hit item_id and object_id. Therefore, there is no need to execute the underlying scanning engine. It only needs to calculate the hit rule_id based on the hit object_id.
### maat_scan_not_logic

4
docs/configuration_management.md
View File

@@ -9,7 +9,7 @@ Maat supports three configuration loading modes:
## 1.<a name='Redis mode'></a> Redis mode
As shown in the diagram below, the data source is stored in the relational database `MariaDB`. An adapter writes this data into the `leader redis`, which is then distributed through redis's `leader-follower synchronization` mechanism. The storage structure design in redis for configurations does not need to consider the logical relationships between rule, group, and item. Maat will construct these logical relationships internally after loading the configurations from redis.
As shown in the diagram below, the data source is stored in the relational database `MariaDB`. An adapter writes this data into the `leader redis`, which is then distributed through redis's `leader-follower synchronization` mechanism. The storage structure design in redis for configurations does not need to consider the logical relationships between rule, object, and item. Maat will construct these logical relationships internally after loading the configurations from redis.
<img src="./imgs/sync-with-redis.png" width="600" height="300" >
@@ -26,7 +26,7 @@ As shown in the diagram below, the data source is stored in the relational datab
| MAAT_LABEL_INDEX | Label index | Sorted Set, where the element is the configuration table name, rule_id, and the score is the label_id | |
| EFFECTIVE_RULE:TableName,ID OBSOLETE_RULE:TableName,ID | Main configuration | string | Active configurations, loaded one by one by MAAT. |
| SEQUENCE_REGION | Region ID generation sequence | INTEGER | Used by producers to generate unique region_id(item_id) |
| SEQUENCE_GROUP | Group ID generation sequence | INTEGER | Used by producers to generate unique group_id |
| SEQUENCE_OBJECT | Object ID generation sequence | INTEGER | Used by producers to generate unique object_id |
| EXPIRE_OP_LOCK | Distributed lock | string "locked" | Ensures that at most one writer performs eviction. |
`Note`: The following api supports writing one line of configuration to redis.

34
docs/getting_started.md
View File

@@ -31,7 +31,7 @@ A complete use case consists of three parts:
### Case1
In the scanning scenario, it is necessary to configure the schema of multiple tables, including the item table, group2rule table, and rule table. If there is also group nesting involved, the schema of the group2group table needs to be configured.
In the scanning scenario, it is necessary to configure the schema of multiple tables, including the item table, object2rule table, and rule table. If there is also object nesting involved, the schema of the object2object table needs to be configured.
**(1) table schema**
@@ -53,12 +53,12 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
},
{
"table_id":1,
"table_name":"GROUP2RULE",
"table_type":"group2rule",
"associated_rule_table_id":0, /* associate rule table_id, group2rule table shares the same runtime with the corresponding rule table, so it needs to be mapped to the corresponding rule table. */
"table_name":"OBJECT2RULE",
"table_type":"object2rule",
"associated_rule_table_id":0, /* associate rule table_id, object2rule table shares the same runtime with the corresponding rule table, so it needs to be mapped to the corresponding rule table. */
"valid_column":3,
"custom": {
"group_id":1,
"object_id":1,
"rule_id":2,
"negate_option":4,
"attribute_name":5,
@@ -67,13 +67,13 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
},
{
"table_id":2,
"table_name":"GROUP2GROUP",
"table_type":"group2group",
"table_name":"OBJECT2OBJECT",
"table_type":"object2object",
"valid_column":4,
"custom": {
"group_id":1,
"included_sub_group_ids":2,
"excluded_sub_group_ids":3
"object_id":1,
"included_sub_object_ids":2,
"excluded_sub_object_ids":3
}
},
{
@@ -83,7 +83,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -99,8 +99,8 @@ Configurations are stored in a json file(such as maat_json.json), which is loade
```json
{
"rule_table": "RULE",
"group2rule_table": "GROUP2RULE",
"group2group_table": "GROUP2GROUP",
"object2rule_table": "OBJECT2RULE",
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": 123,
@@ -110,9 +110,9 @@ Configurations are stored in a json file(such as maat_json.json), which is loade
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
"objects": [
{
"group_name": "Untitled",
"object_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
@@ -216,8 +216,8 @@ In the callback scenario, only the schema of the corresponding table needs to be
```json
{
"rule_table": "RULE",
"group2rule_table": "GROUP2RULE",
"group2group_table": "GROUP2GROUP",
"object2rule_table": "OBJECT2RULE",
"object2object_table": "OBJECT2OBJECT",
"plugin_table": {
"table_name": "TEST_IP_PLUGIN_WITH_EXDATA",
"table_content": [

158
docs/group_hierarchy.md
View File

@@ -1,158 +0,0 @@
# Group(Object) hierarchies
A group can reference other groups, and can also be referenced by other groups. For example, group_A references group_B, group_A is the superior group of group_B, and group_B is the subordinate group of group_A. There are two reference relationships between groups: `include` and `exclude`.
## Include
Include is equivalent to the inclusion semantics in set theory. For example, when group_A is included by group_B, if a traffic attribute satisfies group_A, group_B is satisfied.
## Exclude
A group defines a subset of an group type, such as network addresses or port numbers. The definition is made using items, which can be used to add to or exclude from the group definition. Groups can also have subordinate groups whose definitions are included in the superior group.
There are rules of precedence to take into account when defining groups:
- Excluding has precedence over including in the same group.
- Items in a superior group have precedence over items in a subordinate group.
- Items in a superior group are not taken into account in a subordinate group, if the subordinate group is used directly in a rule.
- Peer groups (different subordinate groups of the same superior group) do not affect each other.
In short, to determine the set defined by a group, perform the following calculation:
1. For each subordinate group (remember sibling groups do not affect each other):
- Add included items.
- Subtract excluded items.
2. Add included items in the group itself, overriding any excludes in the subordinate groups.
3. Subtract excluded items in the group itself.
The following figure shows a group with an included set and an excluded subset.
<img src="./imgs/exclude.png" width="350" height="200" >
Now, consider adding a subordinate group. The subordinate group also has an included set and an excluded subset. If the superior group is used, the result is shown in the following figure “A superior and subordinate group”.
<img src="./imgs/hierarchy-and-exclude.png" width="350" height="230" >
As can be seen, the excluded item in the subordinate group is overwritten since it is in the included set of the superior group. Also, the excluded item from the superior group excludes part of the included item in the subordinate.
If only the subordinate group is used in a rule condition, the superior group items are disregarded, leaving the set shown in the next figure, “The subordinate group”.
<img src="./imgs/sub-exclude.png" width="350" height="230" >
Restrictions:
- A group can only include or exclude groups of the same type.
- A group should include at least one subordinate group. (Exclude only is not allowed)
- Traffic attribute using stream scan cannot allow use object(group) with exclude, i.e., keywords object on HTTP Response Body, Email attachment.
Now, let's see a graph of hierarchy example, where the dotted line means exclude. The matched subordinate groups and activated superiors are listed in the following table.
Now, let's see a graph of hierarchy example, where the dotted line means exclude. If the matched subordinate groups: **{g11, g13}**, then activated superiors: **{g2, g7}**.
<img src="./imgs/group-hierarchy1.png" width="750" height="350" >
The analysis process is as follows:
**matched groups {g11, g13}**
**Level 1**: g11 => incl{g6, g7} excl{null}, g13 => incl{g3} excl{g4}; new matched groups {g6, g7, g3}, `all matched groups` {g11, g13, g6, g7, g3}
**new matched groups {g6, g7, g3}**
**Level 2**: g6 => incl{g1} excl{g2, g3}, g7 => incl{g2, g4} excl{g6}; new matched groups {g1, g2, g4}, `all matched groups` {g11, g13, g7, g1, g2, g4}
**new matched groups {g1, g2, g4}**
**Level 3**: end
Check the validity of `all matched groups` {g11, g13, g7, g1, g2, g4}:
1. g11, g13 are the originally matched nodes, so keep {g11, g13}.
2. g7 is derived from the match of g11, implying that g10 is not matched (if g10 is matched, then g7 is not matched, as the exclude priority is higher), so keep g7.
3. g1 is derived from the match of g6, but since g6 is excluded due to both g11 and g7, and g6 excludes g7 with higher priority, g1 is no longer matched. Therefore, remove g1 from the set.
3. g1 is derived from the match of g6, which in turn is derived from the match of g11. However, since g7 is also matched and g6 excludes g7 with higher priority, g7's match causes g6 to be unmatched, and consequently, g1 is no longer matched. Therefore, g1 is removed from the set.
4. g2 is derived from the match of g7, with the implied condition that g6 is not matched, so keep g2.
5. Finally, `all matched groups` {g11, g13, g7, g2}, `matched super groups` {g2, g7}.
Remove the dotted line from g7 to g6, as shown in the diagram below. If the matched subordinate groups: **{g11, g13}**, then activated groups: **{g1, g6, g7}**.
<img src="./imgs/group-hierarchy2.png" width="750" height="350" >
The analysis process is as follows:
**matched groups {g11, g13}**
**Level 1**: g11 => incl{g6, g7} excl{null}, g13 => incl{g3} excl{g4}; new matched groups {g6, g7, g3}, `all matched groups` {g11, g13, g6, g7, g3}
**new matched groups {g6, g7, g3}**
**Level 2**: g6 => incl{g1} excl{g2, g3}, g7 => incl{g2, g4} excl{null}; new matched groups {g1, g2, g4}, `all matched groups` {g11, g13, g6, g1, g7, g2, g4}
**new matched groups {g1, g2, g4}**
**Level 3**: end
Check the validity of `all matched groups` {g11, g13, g6, g1, g7, g2, g4}:
1. g11, g13 are the originally matched nodes, so keep {g11, g13}.
2. g6 is derived from the match of g11, implying the g10 is not matched(if g10 is matched, then g7 is not matched, as the exclude priority is higher), so keep g6.
3. g1 is derived from the match of g6, which in turn is derived from the match of g11, implying the g5 is not matched, so keep g1.
4. g7 is derived from the match of g11, implying the g10 is not matched, so keep g7.
5. g2 is derived from the match of g7. However, since g6 is also matched and g2 excludes g6 with higher priority, g6's match causes g2 to be unmatched. Therefore, g2 is removed from the set.
6. g4 is derived from the match of g7. However, since g13 is also matched and g4 excludes g13 with higher priority, g13's match causes g4 to be unmatched. Therefore, g4 is removed from the set.
7. Finally, `all matched groups` {g11, g13, g1, g6, g7}, `matched super groups` {g1, g6, g7}.
Again remove the dotted line from g13 to g4, as shown in the diagram below. If the matched subordinate groups: **{g11, g13}**, then activated superiors: **{g1, g4, g6, g7}**.
<img src="./imgs/group-hierarchy3.png" width="750" height="350" >
The analysis process is as follows:
**matched groups {g11, g13}**
**Level 1**: g11 => incl{g6, g7} excl{null}, g13 => incl{g3} excl{null}; new matched groups {g6, g7, g3}, `all matched groups` {g11, g13, g6, g7, g3}
**new matched groups {g6, g7, g3}**
**Level 2**: g6 => incl{g1} excl{g2, g3}, g7 => incl{g2, g4} excl{null}; new matched groups {g1, g2, g4}, `all matched groups` {g11, g13, g6, g1, g7, g2, g4}
**new matched groups {g1, g2, g4}**
**Level 3**: end
Check the validity of `all matched groups` {g11, g13, g6, g1, g7, g2, g4}:
1. g11, g13 are the originally matched nodes, so keep {g11, g13}.
2. g6 is derived from the match of g11, implying the g10 is not matched(if g10 is matched, then g7 is not matched, as the exclude priority is higher), so keep g6.
3. g1 is derived from the match of g6, which in turn is derived from the match of g11, implying the g5 is not matched, so keep g1.
4. g7 is derived from the match of g11, implying the g10 is not matched, so keep g7.
5. g2 is derived from the match of g7. However, since g6 is also matched and g2 excludes g6 with higher priority, g6's match causes g2 to be unmatched. Therefore, g2 is removed from the set.
6. g4 is derived from the match of g13, so keep g4.
7. Finally, `all matched groups` {g11, g13, g6, g1, g7, g4}, `matched super groups` {g1, g4, g6, g7}.
The above example is strictly consistent with the case `GroupExcludeTest.level_3_function` in the [test/group_nesting](../test/group_nesting/) test. Please run it to see the actual execution results.

6
docs/history.md
View File

@@ -8,15 +8,15 @@
| v3.1.20| 2021-4-28 | Add explanation for loading gzip-compressed JSON files | Zheng Chao |
| v3.1.5 | 2021-3-12 | Add matching examples for callback class FQDN table | Zheng Chao |
| v3.1.4 | 2020-11-04| When content foreign key is "null," it represents an empty file | Zheng Chao |
| v3.1.1 | 2020-9-27 | Add explanation for creating attributes on multiple different types of physical tables | Zheng Chao |
| v3.1.1 | 2020-9-27 | Add explanation for creating virtual tables on multiple different types of physical tables | Zheng Chao |
| v3.1.0 | 2020-9-18 | Add FQDN callback table | Zheng Chao |
| v3.0.4 | 2020-8-17 | Add extended numerical domain configuration interval_plus | Zheng Chao |
| v3.0 | 2020-6-29 | Maat 3.0, support conditions, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao |
| v3.0 | 2020-6-29 | Maat 3.0, support clauses, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao |
| v2.8 | 2020-3-13 | Support composite tables | Zheng Chao |
| v2.8 | 2020-2-11 | Support Hit Path | Zheng Chao |
| v2.8 | 2020-2-4 | Support sorting strategies by Evaluation Order | Zheng Chao |
| v2.8 | 2020-1-22 | Maat JSON file encryption support, see 17.3 | Zheng Chao |
| v2.8 | 2019-7-28 | 1. No longer compatible with no grouping tables 2. Support attributes | Zheng Chao |
| v2.8 | 2019-7-28 | 1. No longer compatible with no grouping tables 2. Support virtual tables | Zheng Chao |
| v2.7.2 | 2019-7-10 | Expand IP configuration table to support CIDR format | Zheng Chao |
| v2.7.1 | 2019-5-23 | Rename rich IP class configuration table to extended IP configuration table | Zheng Chao |
| v2.7.0 | 2019-5-12 | 1. Add explanation for subgroup relationships 2. Add explanation for rich IP class configuration | Zheng Chao |

0
docs/imgs/NOT-clause-groups.png → docs/imgs/NOT-clause-objects.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 42 KiB

0
docs/imgs/group-hierarchy1.png → docs/imgs/object-hierarchy1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 62 KiB

0
docs/imgs/group-hierarchy2.png → docs/imgs/object-hierarchy2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 61 KiB

After

Width:  |  Height:  |  Size: 61 KiB

0
docs/imgs/group-hierarchy3.png → docs/imgs/object-hierarchy3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 60 KiB

92
docs/logical_combinations.md
View File

@@ -1,26 +1,26 @@
# Logical combinations
When you understand the [configuration relationship](./overview.md#12-configuration-relationship) and [group hierarchy](./group_hierarchy.md), you will find multiple layers of logical relationships. Are all these logical relationships necessary? If yes, what are the use cases targeted by each? This document serves as a cheat sheet for you to understand the logical combinations of maat rules.
When you understand the [configuration relationship](./overview.md#12-configuration-relationship) and [object hierarchy](./object_hierarchy.md), you will find multiple layers of logical relationships. Are all these logical relationships necessary? If yes, what are the use cases targeted by each? This document serves as a cheat sheet for you to understand the logical combinations of maat rules.
Before describing specific rules, we need to define the syntax of logical combinations. A rule is written using infix notation, which consists of operands, operators, and parentheses. The operands are rule IDs, and operators are "!(NOT)", "&(AND)", "|(OR)".
Before showing how to configure the specific rules, we need some raw materials (items). The following is the configuration information for the different types of item tables:
**keywords(table_id=1)**
| item_id | group_id | keywords |
| item_id | object_id | keywords |
| ------- | -------- | ------------- |
| 101 | 201 | www.baidu.com |
| 102 | 202 | baidu.com |
**ip address(table_id=2)**
| item_id | group_id | ip range |
| item_id | object_id | ip range |
| ------- | -------- | --------------------------- |
| 110 | 210 | 192.168.1.1 ~ 192.168.1.255 |
| 111 | 211 | 192.168.1.11 ~ 192.168.1.20 |
| 112 | 212 | 192.168.1.21 ~ 192.168.1.30 |
**port(table_id=3)**
| item_id | group_id | interval range |
| item_id | object_id | interval range |
| ------- | -------- | -------------- |
| 120 | 220 | 100 ~ 200 |
| 121 | 221 | 80 ~ 80 |
@@ -29,7 +29,7 @@ Before showing how to configure the specific rules, we need some raw materials (
* [AND logic](#and-logic)
* [OR logic](#or-logic)
* [NOT logic](#not-logic)
* [Group exclude](#group-exclude)
* [Object exclude](#object-exclude)
## AND logic
@@ -37,62 +37,62 @@ Before showing how to configure the specific rules, we need some raw materials (
* case1: Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.20 from accessing the website www.baidu.com.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* www.baidu.com => group_id(201)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* www.baidu.com => object_id(201)
```bash
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, group2, condition_index2}
= {attribute1, object1, condition_index1} & {attribute2, object2, condition_index2}
= {2, 211, 1} & {1, 201, 2}
```
* case2: To block the traffic whose source IP address is 192.168.1.11 to 192.168.1.20 and source port 80.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* 端口80 ~ 80 => group_id(221)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* 端口80 ~ 80 => object_id(221)
```bash
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, group2, condition_index2}
= {attribute1, object1, condition_index1} & {attribute2, object2, condition_index2}
= {2, 211, 1} & {3, 221, 2}
```
The JSON configuration for the logical `AND` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=152.
group_name: "152_mail_addr" and group_name: "interval_group_refered" are two conditions of this rule, with a logical `AND` relationship between them.
object_name: "152_mail_addr" and object_name: "interval_object_refered" are two conditions of this rule, with a logical `AND` relationship between them.
## OR logic
`Note`: Multiple groups under the same condition have a logical 'OR' relationship.
`Note`: Multiple objects under the same condition have a logical 'OR' relationship.
* case1 Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.30 from accessing the website www.baidu.com.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* 192.168.1.21 ~ 192.168.1.30 => group_id(212)
* www.baidu.com => group_id(201)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* 192.168.1.21 ~ 192.168.1.30 => object_id(212)
* www.baidu.com => object_id(201)
```bash
rule(rule) = condition1 & condition2
= {attribute1, (group1 | group2), condition_index1} & {attribute2, group3, condition_index2}
= {attribute1, (object1 | object2), condition_index1} & {attribute2, object3, condition_index2}
= {2, (211 | 212), 1} & {1, 201, 2}
```
* case2: To block the traffic whose source ip address is 192.168.1.11 to 192.168.1.20 and source port 80 or 443.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* port 80 ~ 80 => group_id(221)
* port 443 ~ 443 => group_id(222)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* port 80 ~ 80 => object_id(221)
* port 443 ~ 443 => object_id(222)
```bash
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, (group2 | group3), condition_index2}
= {attribute1, object1, condition_index1} & {attribute2, (object2 | object3), condition_index2}
= {2, 211, 1} & {3, (221 | 222), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=152.
group_name: "152_mail_addr" contains two regions(items) with a logical `OR` relationship between them.
object_name: "152_mail_addr" contains two regions(items) with a logical `OR` relationship between them.
## NOT logic
@@ -101,76 +101,76 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela
* case1: Hosts with source ip addresses ranging from 192.168.1.11 to 192.168.1.20 are allowed to access websites other than www.baidu.com.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* www.baidu.com => group_id(201)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* www.baidu.com => object_id(201)
```bash
rule(rule) = condition1 & !condition2
= {attribute1, group1, condition_index1} & !{attribute2, group2, condition_index2}
= {attribute1, object1, condition_index1} & !{attribute2, object2, condition_index2}
= {2, 211, 1} & !{1, 201, 2}
```
* case2: To block the traffic whose source ip address is in 192.168.1.11 to 192.168.1.20 and the source port is not 80 or 443.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* port 80 ~ 80 => group_id(221)
* port 443 ~ 443 => group_id(222)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* port 80 ~ 80 => object_id(221)
* port 443 ~ 443 => object_id(222)
```bash
rule(rule) = condition1 & !condition2
= {attribute1, group1, condition_index1} & !{attribute2, (group2 | group3), condition_index2}
= {attribute1, object1, condition_index1} & !{attribute2, (object2 | object3), condition_index2}
= {2, 211, 1} & !{3, (221 | 222), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=145.
The group_name: "123_IP_group" is a negate condition of this rule.
The object_name: "123_IP_object" is a negate condition of this rule.
## Group exclude
## Object exclude
`Note`: The `exclude` relationship only applies between groups of the same type, such as super_group1 = include {group1}, exclude {group2}.
`Note`: The `exclude` relationship only applies between objects of the same type, such as super_object1 = include {object1}, exclude {object2}.
Constraint: The super group cannot consist only of exclude groups; it must contain at least one include group.
Constraint: The super object cannot consist only of exclude objects; it must contain at least one include object.
* case1: Deny hosts with source IP addresses in the range of 192.168.1.1 to 192.168.1.255 but not in the range of 192.168.1.11 to 192.168.1.20 from accessing the website www.baidu.com.
* 192.168.1.1 ~ 192.168.1.255 => group_id(210)
* 192.168.1.11 ~ 192.168.20 => group_id(211)
* www.baidu.com => group_id(201)
* 192.168.1.1 ~ 192.168.1.255 => object_id(210)
* 192.168.1.11 ~ 192.168.20 => object_id(211)
* www.baidu.com => object_id(201)
In this case, you need to configure super_group1 first.
In this case, you need to configure super_object1 first.
```bash
super_group1 = group1 exclude group2
super_object1 = object1 exclude object2
= 210 exclude 211
```
And then configure the rule.
```bash
rule(rule) = condition1 & condition2
= {attribute1, super_group1, condition_index1} & {attribute2, group2, condition_index2}
= {attribute1, super_object1, condition_index1} & {attribute2, object2, condition_index2}
= {2, (210 exclude 211), 1} & {1, 201, 2}
```
* case2: Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.20 from accessing subdomains of baidu.com except for www.baidu.com.
* 192.168.1.11 ~ 192.168.1.20 => group_id(211)
* www.baidu.com => group_id(201)
* baidu.com => group_id(202)
* 192.168.1.11 ~ 192.168.1.20 => object_id(211)
* www.baidu.com => object_id(201)
* baidu.com => object_id(202)
In this case, you need to configure super_group2 first.
In this case, you need to configure super_object2 first.
```bash
super_group2 = group2 exclude group3
super_object2 = object2 exclude object3
= 202 exclude 201
```
And then configure the rule.
```bash
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, super_group2, condition_index2}
= {attribute1, object1, condition_index1} & {attribute2, super_object2, condition_index2}
= {2, 211, 1} & {1, (202 exclude 201), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=200.
The group_name: "ExcludeLogicGroup200" is a super group that includes an include group "ExcludeLogicGroup200_1" and an exclude group "ExcludeLogicGroup200_2".
The object_name: "ExcludeLogicObject200" is a super object that includes an include object "ExcludeLogicObject200_1" and an exclude object "ExcludeLogicObject200_2".

90
docs/maat_table.md
View File

@@ -12,8 +12,8 @@ Maat tables are divided into two categories: physical tables that actually exist
The types of physical tables are as follows:
- [item table](#11-item-table)
- [rule table](#12-rule-table)
- [group2rule table](#13-group2rule-table)
- [group2group table](#14-group2group-table)
- [object2rule table](#13-object2rule-table)
- [object2object table](#14-object2object-table)
- [plugin table](#15-plugin-table)
- [ip_plugin table](#16-ip_plugin-table)
- [fqdn_plugin table](#17-fqdn_plugin-table)
@@ -39,11 +39,11 @@ Each item table must has the following columns:
- item_id: In a maat instance, the item id is globally unique, meaning that the item id of different tables must not be duplicate.
- group_id: Indicate the group to which the item belongs, an item belongs to only one group.
- object_id: Indicate the object to which the item belongs, an item belongs to only one object.
- is_valid: In incremental updates, 1(valid means add) 0(invalid means del)
The range of item_id(group_id, rule_id) is 02^63which is 8 bytes.
The range of item_id(object_id, rule_id) is 02^63which is 8 bytes.
#### 1.1.1 <a name='exprtable'></a> expr item table
@@ -52,7 +52,7 @@ Describe matching rules for strings.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------------- | ------- |
| **item_id** | LONG LONG | primary key |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | LONG LONG | leaf object id, can be referenced by object2object & object2rule table |
| **keywords** | VARCHAR2(1024) | field to match during scanning |
| **expr_type** | INT | 0(keywords), 1(AND expr), 2(regular expr), 3(substring with offset)
| **match_method** | INT | only useful when expr_type is 0. 0(sub), 1(suffix), 2(prefix), 3(exactly) |
@@ -68,7 +68,7 @@ The table schema is stored in table_info.conf.
"valid_column":7, //7th column(is_valid field)
"custom": {
"item_id":1, //1st column(item_id field)
"group_id":2, //2nd column(group_id field)
"object_id":2, //2nd column(object_id field)
"keywords":3, //3rd column(keywords field)
"expr_type":4, //4th column(expr_type field)
"match_method":5,//5th column(match_method field)
@@ -86,7 +86,7 @@ The table schema is stored in table_info.conf.
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -158,7 +158,7 @@ Describe extended matching rules for strings by adding the district column.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------------- | ------- |
| **item_id** | LONG LONG | primary key |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | LONG LONG | leaf object id, can be referenced by object2object & object2rule table |
| **district** | VARCHAR2(1024) | describe the effective position of the keywords |
| **keywords** | VARCHAR2(1024) | field to match during scanning |
| **expr_type** | INT | 0(keywords), 1(AND expr), 2(regular expr), 3(substring with offset)
@@ -183,7 +183,7 @@ Describe matching rules for IP address. Both the address and port are represente
| **FieldName** | **type** | **constraint** |
| -------------- | ------------ | -------------- |
| **item_id** | LONG LONG | primary key |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | LONG LONG | leaf object id, can be referenced by object2object & object2rule table |
| **addr_type** | INT | Ipv4 = 4 Ipv6 = 6 |
| **addr_format**| VARCHAR2(40) | ip addr format, single/range/CIDR/mask |
| **ip1** | VARCHAR2(40) | start ip |
@@ -197,7 +197,7 @@ Determine whether an integer is within a certain numerical range.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | INT | leaf object id, can be referenced by object2object & object2rule table |
| **low_boundary** | INT | lower bound of the numerical range(including lb), 0 ~ (2^32 - 1)|
| **up_boundary** | INT | upper bound of the numerical range(including ub), 0 ~ (2^32 - 1)|
| **is_valid** | INT | 0(invalid), 1(valid) |
@@ -209,7 +209,7 @@ Describe extended matching rules for integer by adding the district column.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | INT | leaf object id, can be referenced by object2object & object2rule table |
| **district** | VARCHAR2(1024)| describe the effective position of the keywords |
| **low_boundary** | INT | lower bound of the numerical range(including lb), 0 ~ (2^32 - 1)|
| **up_boundary** | INT | upper bound of the numerical range(including ub), 0 ~ (2^32 - 1)|
@@ -220,7 +220,7 @@ Describe extended matching rules for integer by adding the district column.
| **FieldName** | **type** | **constraint** |
| ------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | INT | leaf object id, can be referenced by object2object & object2rule table |
| **flag** | INT | flag, 0 ~ (2^32 - 1)|
| **flag_mask** | INT | flag_mask, 0 ~ (2^32 - 1)|
| **is_valid** | INT | 0(invalid), 1(valid) |
@@ -230,7 +230,7 @@ Describe extended matching rules for integer by adding the district column.
| **FieldName** | **type** | **constraint** |
| ------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **object_id** | INT | leaf object id, can be referenced by object2object & object2rule table |
| **district** | INT | describe the effective position of the flag |
| **flag** | INT | flag, 0 ~ (2^32 - 1)|
| **flag_mask** | INT | flag_mask, 0 ~ (2^32 - 1)|
@@ -247,30 +247,30 @@ Describe the specific policy, one maat instance can has multiple rule tables wit
| **is_valid** | INT | 0(invalid)1(valid) |
| **condition_num** | INT | no more than 8 conditions |
### 1.3 <a name='Group2RuleTable'></a> group2rule table
### 1.3 <a name='Object2RuleTable'></a> object2rule table
Describe the relationship between group and rule.
Describe the relationship between object and rule.
| **FieldName** | **type** | **constraint** |
| ----------------- | ------------- | -------------- |
| **group_ids** | VARCHAR(256) | group ids are separated by commas(g1,g2,g3) |
| **object_ids** | VARCHAR(256) | object ids are separated by commas(g1,g2,g3) |
| **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) |
| **negate_option** | INT | logical 'NOT', identify a negate condition, 0(no) 1(yes) |
| **attribute** | VARCHAR2(256) | attribute name, NOT NULL |
| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same condition ID are logical 'OR' |
| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. objects with the same condition ID are logical 'OR' |
NOTE: If group_id is invalid in xx_item table, it must be marked as invalid in this table.
NOTE: If object_id is invalid in xx_item table, it must be marked as invalid in this table.
### 1.4 <a name='Group2GroupTable'></a> group2group table
### 1.4 <a name='Object2ObjectTable'></a> object2object table
Describe the relationship between groups.
Describe the relationship between objects.
| **FieldName** | **type** | **constraint** |
| ---------------------- | ------------ | ---------------|
| **group_id** | LONG LONG | reference from xx_item table's group_id |
| **incl_sub_group_ids** | VARCHAR(256) | included sub group ids are separated by commas(g1,g2,g3)|
| **excl_sub_group_ids** | VARCHAR(256) | excluded sub group ids are separated by commas(g4,g5)|
| **object_id** | LONG LONG | reference from xx_item table's object_id |
| **incl_sub_object_ids** | VARCHAR(256) | included sub object ids are separated by commas(g1,g2,g3)|
| **excl_sub_object_ids** | VARCHAR(256) | excluded sub object ids are separated by commas(g4,g5)|
| **is_valid** | Bool | (invalid), 1(valid) |
@@ -359,7 +359,7 @@ For example: HTTP_REGION is the conjunction of HTTP_URL and HTTP_HOST.
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -396,13 +396,13 @@ Before notifying the callback table, Maat fetches the foreign keys to local file
By matching the tags accepted by Maat with the configuration tags, selective configuration loading is achieved. Configuration tags are a collection of tag arrays, denoted as "tag_sets", while Maat accepts tags are tag arrays denoted as "tags".
Configuration tags are tags stored on compilation configurations or group configurations, identifying where the configuration is effective in which Maat instances. It consists of multiple tag sets, where multiple tags within a set are ANDed, and multiple values of a tag are ORed.
Configuration tags are tags stored on compilation configurations or object configurations, identifying where the configuration is effective in which Maat instances. It consists of multiple tag sets, where multiple tags within a set are ANDed, and multiple values of a tag are ORed.
## 2. Table runtime
Maat loads the configuration of different types of tables into memory to form the corresponding runtime for each table. We can see all table types from the table schema, and the runtime for the item table is similar, as it is an abstraction of the scanning engine. When we provide the data to be scanned and call the corresponding scanning interface, we can return whether the item is hit or not, and if it is hit, we can return the corresponding items group_id.
Maat loads the configuration of different types of tables into memory to form the corresponding runtime for each table. We can see all table types from the table schema, and the runtime for the item table is similar, as it is an abstraction of the scanning engine. When we provide the data to be scanned and call the corresponding scanning interface, we can return whether the item is hit or not, and if it is hit, we can return the corresponding items object_id.
From the [configuration relationship](./overview.md#12-configuration-relationship) diagram, we can see how the hit group is referenced by other groups or rules. If a hit group is referenced by other groups or rules, there will be one or more hit paths that follow the `item_id -> group_id` {-> super group_id} `-> rule_id`. This requires two special runtimes: group2group_runtime and rule_runtime.
From the [configuration relationship](./overview.md#12-configuration-relationship) diagram, we can see how the hit object is referenced by other objects or rules. If a hit object is referenced by other objects or rules, there will be one or more hit paths that follow the `item_id -> object_id` {-> super object_id} `-> rule_id`. This requires two special runtimes: object2object_runtime and rule_runtime.
Based on this, we can divide the runtime into the following three categories:
@@ -412,8 +412,8 @@ Based on this, we can divide the runtime into the following three categories:
* flag_runtime
* interval_runtime
2. group & rule table runtime
* group2group_runtime
2. object & rule table runtime
* object2object_runtime
* rule_runtime
3. xx_plugin table runtime
@@ -431,15 +431,15 @@ Among the four types of runtimes mentioned above, `expr_runtime` is relatively u
**Note**: Due to the inability to unify the native rulescan usage with hyperscan, a partial refactoring has been done on rulescan. The refactored rulescan follows the same interface and usage as hyperscan, making it compatible with the design of the expr_matcher abstraction layer.
### 2.2 group & rule table runtime
### 2.2 object & rule table runtime
#### 2.2.1 group2group runtime
#### 2.2.1 object2object runtime
The `group2group_runtime` is a runtime that is built based on the reference relationships between groups, which are stored in the [group2group table](#14-group2group-table). From the [group hierarchy](./group_hierarchy.md), we can understand that if a hit occurs in a leaf group that is referenced by other groups, there may be certain super groups that are also hit. This is exactly the functionality provided by this runtime.
The `object2object_runtime` is a runtime that is built based on the reference relationships between objects, which are stored in the [object2object table](#14-object2object-table). From the [object hierarchy](./object_hierarchy.md), we can understand that if a hit occurs in a leaf object that is referenced by other objects, there may be certain super objects that are also hit. This is exactly the functionality provided by this runtime.
#### 2.2.2 rule runtime
In addition to the rule table, there is also the group2rule table in the table schema. However, from a runtime perspective, the configurations of these two tables together constitute rule_runtime. This means that there is no standalone group2rule_runtime. Rule_runtime is the most complex among all runtime types because it serves multiple functions.
In addition to the rule table, there is also the object2rule table in the table schema. However, from a runtime perspective, the configurations of these two tables together constitute rule_runtime. This means that there is no standalone object2rule_runtime. Rule_runtime is the most complex among all runtime types because it serves multiple functions.
**Note:** This will involve the terminology of [condition](./terminology.md#condition).
@@ -449,7 +449,7 @@ In addition to the rule table, there is also the group2rule table in the table s
* rule2 = condition1 & condition2 = {attribute1, g2} & {attribute2, g3}
Given the matched attribute_id and group_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2.
Given the matched attribute_id and object_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with negate-conditions, returning the matched rule_id:
@@ -459,9 +459,9 @@ In addition to the rule table, there is also the group2rule table in the table s
If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, negate_option, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> object_id ->** {super_object_id} -> condition{**attribute_id, negate_option, condition_index} -> rule_id**. If the matched object is not referenced by a rule, a half hit path can be obtained: **item_id -> object_id** -> {super_object_id}.
4. Getting the matched group_ids and the count of hit groups.
4. Getting the matched object_ids and the count of hit objects.
The internal structure of rule_runtime is as follows, including the control plane for configuration loading and the data plane for external calls.
@@ -469,33 +469,33 @@ The internal structure of rule_runtime is as follows, including the control plan
* **Control plane**
Rule runtime loads the rule table and group2rule table configurations into memory, assigning a unique condition_id to all conditions of each rule. The following three parts are constructed based on the condition_id:
Rule runtime loads the rule table and object2rule table configurations into memory, assigning a unique condition_id to all conditions of each rule. The following three parts are constructed based on the condition_id:
1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, negate_option}, value:condition_id.
2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{object_id, attribute_id, negate_option}, value:condition_id.
3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, negate_option}, value:condition_id.
3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{object_id, attribute_id, negate_option}, value:condition_id.
* **Data Plane**
On the data plane, services are provided externally through the maat API, primarily with the following three types of interfaces:
1. **maat_scan_xx**: This interface dynamically generates the hit {item_id, group_id}.
1. **maat_scan_xx**: This interface dynamically generates the hit {item_id, object_id}.
* The hit item_id and group_id form a half-hit path.
* The hit item_id and object_id form a half-hit path.
* The group_id that is hit and the scanned `attribute_id` form the key {group_id, attribute_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash.
* The object_id that is hit and the scanned `attribute_id` form the key {object_id, attribute_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash.
* Use the key {group_id, attribute_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {group_id, attribute_id, 0} => condition_id, leading to the deduction that {group_id, attribute_id, 1} => NOT_condition_id does not hit.
* Use the key {object_id, attribute_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {object_id, attribute_id, 0} => condition_id, leading to the deduction that {object_id, attribute_id, 1} => NOT_condition_id does not hit.
* Identify the group_ids in attribute_id table that appear in the NOT_condition and add them to the `NOT_condition_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_condition_group` for the attribute_id table.
* Identify the object_ids in attribute_id table that appear in the NOT_condition and add them to the `NOT_condition_object` set. Ensure that this set does not contain any object_id that was hit during scanning. If any such object_id is present, remove it from the set to form the final `NOT_condition_object` for the attribute_id table.
* Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate negate-condition logic.
* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition.
* Traverse the `NOT_condition_object` of `attribute_id`. For each `object_id`, form a key `{object_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition.
* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the negate-condition which will become full-hit path.

2
docs/monitor_tools.md
View File

@@ -24,7 +24,7 @@ The statistical information in the above figure is divided into two parts, part1
- NOT_condition_num: total number of negate-conditions
- excl_grp_num: total number of exclude groups
- excl_grp_num: total number of exclude objects
- garbage_queue_len: number of elements in the garbage queue

158
docs/object_hierarchy.md Normal file
View File

@@ -0,0 +1,158 @@
# Object(Object) hierarchies
A object can reference other objects, and can also be referenced by other objects. For example, object_A references object_B, object_A is the superior object of object_B, and object_B is the subordinate object of object_A. There are two reference relationships between objects: `include` and `exclude`.
## Include
Include is equivalent to the inclusion semantics in set theory. For example, when object_A is included by object_B, if a traffic attribute satisfies object_A, object_B is satisfied.
## Exclude
A object defines a subset of an object type, such as network addresses or port numbers. The definition is made using items, which can be used to add to or exclude from the object definition. Objects can also have subordinate objects whose definitions are included in the superior object.
There are rules of precedence to take into account when defining objects:
- Excluding has precedence over including in the same object.
- Items in a superior object have precedence over items in a subordinate object.
- Items in a superior object are not taken into account in a subordinate object, if the subordinate object is used directly in a rule.
- Peer objects (different subordinate objects of the same superior object) do not affect each other.
In short, to determine the set defined by a object, perform the following calculation:
1. For each subordinate object (remember sibling objects do not affect each other):
- Add included items.
- Subtract excluded items.
2. Add included items in the object itself, overriding any excludes in the subordinate objects.
3. Subtract excluded items in the object itself.
The following figure shows a object with an included set and an excluded subset.
<img src="./imgs/exclude.png" width="350" height="200" >
Now, consider adding a subordinate object. The subordinate object also has an included set and an excluded subset. If the superior object is used, the result is shown in the following figure “A superior and subordinate object”.
<img src="./imgs/hierarchy-and-exclude.png" width="350" height="230" >
As can be seen, the excluded item in the subordinate object is overwritten since it is in the included set of the superior object. Also, the excluded item from the superior object excludes part of the included item in the subordinate.
If only the subordinate object is used in a rule condition, the superior object items are disregarded, leaving the set shown in the next figure, “The subordinate object”.
<img src="./imgs/sub-exclude.png" width="350" height="230" >
Restrictions:
- A object can only include or exclude objects of the same type.
- A object should include at least one subordinate object. (Exclude only is not allowed)
- Traffic attribute using stream scan cannot allow use object(object) with exclude, i.e., keywords object on HTTP Response Body, Email attachment.
Now, let's see a graph of hierarchy example, where the dotted line means exclude. The matched subordinate objects and activated superiors are listed in the following table.
Now, let's see a graph of hierarchy example, where the dotted line means exclude. If the matched subordinate objects: **{g11, g13}**, then activated superiors: **{g2, g7}**.
<img src="./imgs/object-hierarchy1.png" width="750" height="350" >
The analysis process is as follows:
**matched objects {g11, g13}**
**Level 1**: g11 => incl{g6, g7} excl{null}, g13 => incl{g3} excl{g4}; new matched objects {g6, g7, g3}, `all matched objects` {g11, g13, g6, g7, g3}
**new matched objects {g6, g7, g3}**
**Level 2**: g6 => incl{g1} excl{g2, g3}, g7 => incl{g2, g4} excl{g6}; new matched objects {g1, g2, g4}, `all matched objects` {g11, g13, g7, g1, g2, g4}
**new matched objects {g1, g2, g4}**
**Level 3**: end
Check the validity of `all matched objects` {g11, g13, g7, g1, g2, g4}:
1. g11, g13 are the originally matched nodes, so keep {g11, g13}.
2. g7 is derived from the match of g11, implying that g10 is not matched (if g10 is matched, then g7 is not matched, as the exclude priority is higher), so keep g7.
3. g1 is derived from the match of g6, but since g6 is excluded due to both g11 and g7, and g6 excludes g7 with higher priority, g1 is no longer matched. Therefore, remove g1 from the set.
3. g1 is derived from the match of g6, which in turn is derived from the match of g11. However, since g7 is also matched and g6 excludes g7 with higher priority, g7's match causes g6 to be unmatched, and consequently, g1 is no longer matched. Therefore, g1 is removed from the set.
4. g2 is derived from the match of g7, with the implied condition that g6 is not matched, so keep g2.
5. Finally, `all matched objects` {g11, g13, g7, g2}, `matched super objects` {g2, g7}.
Remove the dotted line from g7 to g6, as shown in the diagram below. If the matched subordinate objects: **{g11, g13}**, then activated objects: **{g1, g6, g7}**.
<img src="./imgs/object-hierarchy2.png" width="750" height="350" >
The analysis process is as follows:
**matched objects {g11, g13}**
**Level 1**: g11 => incl{g6, g7} excl{null}, g13 => incl{g3} excl{g4}; new matched objects {g6, g7, g3}, `all matched objects` {g11, g13, g6, g7, g3}
**new matched objects {g6, g7, g3}**
**Level 2**: g6 => incl{g1} excl{g2, g3}, g7 => incl{g2, g4} excl{null}; new matched objects {g1, g2, g4}, `all matched objects` {g11, g13, g6, g1, g7, g2, g4}
**new matched objects {g1, g2, g4}**
**Level 3**: end
Check the validity of `all matched objects` {g11, g13, g6, g1, g7, g2, g4}:
1. g11, g13 are the originally matched nodes, so keep {g11, g13}.
2. g6 is derived from the match of g11, implying the g10 is not matched(if g10 is matched, then g7 is not matched, as the exclude priority is higher), so keep g6.
3. g1 is derived from the match of g6, which in turn is derived from the match of g11, implying the g5 is not matched, so keep g1.
4. g7 is derived from the match of g11, implying the g10 is not matched, so keep g7.
5. g2 is derived from the match of g7. However, since g6 is also matched and g2 excludes g6 with higher priority, g6's match causes g2 to be unmatched. Therefore, g2 is removed from the set.
6. g4 is derived from the match of g7. However, since g13 is also matched and g4 excludes g13 with higher priority, g13's match causes g4 to be unmatched. Therefore, g4 is removed from the set.
7. Finally, `all matched objects` {g11, g13, g1, g6, g7}, `matched super objects` {g1, g6, g7}.
Again remove the dotted line from g13 to g4, as shown in the diagram below. If the matched subordinate objects: **{g11, g13}**, then activated superiors: **{g1, g4, g6, g7}**.
<img src="./imgs/object-hierarchy3.png" width="750" height="350" >
The analysis process is as follows:
**matched objects {g11, g13}**
**Level 1**: g11 => incl{g6, g7} excl{null}, g13 => incl{g3} excl{null}; new matched objects {g6, g7, g3}, `all matched objects` {g11, g13, g6, g7, g3}
**new matched objects {g6, g7, g3}**
**Level 2**: g6 => incl{g1} excl{g2, g3}, g7 => incl{g2, g4} excl{null}; new matched objects {g1, g2, g4}, `all matched objects` {g11, g13, g6, g1, g7, g2, g4}
**new matched objects {g1, g2, g4}**
**Level 3**: end
Check the validity of `all matched objects` {g11, g13, g6, g1, g7, g2, g4}:
1. g11, g13 are the originally matched nodes, so keep {g11, g13}.
2. g6 is derived from the match of g11, implying the g10 is not matched(if g10 is matched, then g7 is not matched, as the exclude priority is higher), so keep g6.
3. g1 is derived from the match of g6, which in turn is derived from the match of g11, implying the g5 is not matched, so keep g1.
4. g7 is derived from the match of g11, implying the g10 is not matched, so keep g7.
5. g2 is derived from the match of g7. However, since g6 is also matched and g2 excludes g6 with higher priority, g6's match causes g2 to be unmatched. Therefore, g2 is removed from the set.
6. g4 is derived from the match of g13, so keep g4.
7. Finally, `all matched objects` {g11, g13, g6, g1, g7, g4}, `matched super objects` {g1, g4, g6, g7}.
The above example is strictly consistent with the case `ObjectExcludeTest.level_3_function` in the [test/object_nesting](../test/object_nesting/) test. Please run it to see the actual execution results.

14
docs/overview.md
View File

@@ -7,7 +7,7 @@ Before proceeding, please make sure you are familiar with the [terminology](./te
As mentioned in the readme, maat has two typical usage patterns:
**Pattern 1**
* Update rules in the item table, group2rule table, and rule table
* Update rules in the item table, object2rule table, and rule table
* Call the maat scanning api to determine if the actual traffic hits the effective rules
* If a rule is hit, maat can provide detailed information about the hit rule
@@ -20,15 +20,15 @@ As mentioned in the readme, maat has two typical usage patterns:
Different types of configurations are stored in different tables. For all configuration types, please refer to the [table schema](./maat_table.md#1-table-schema).
The physical tables are mainly divided into three categories: the item table, group rule relationship table (rule table, group2rule table, group2group table), and xx_plugin table. The first two types of tables are used for maat traffic scanning, while the xx_plugin table is used as a callback table, which can obtain the detailed configuration information for a specific key.
The physical tables are mainly divided into three categories: the item table, object rule relationship table (rule table, object2rule table, object2object table), and xx_plugin table. The first two types of tables are used for maat traffic scanning, while the xx_plugin table is used as a callback table, which can obtain the detailed configuration information for a specific key.
### 1.2 Configuration relationship
As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, condition, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users.
As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, object, literal, condition, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users.
In addition, groups support nesting. For more detailed information, please refer to [group hierarchy](./group_hierarchy.md).
In addition, objects support nesting. For more detailed information, please refer to [object hierarchy](./object_hierarchy.md).
If we define literal_id = {attribute_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT".
If we define literal_id = {attribute_id, object_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT".
<img src="./imgs/rule_diagram.png" width="800" height="450" >
@@ -56,7 +56,7 @@ The diagram illustrates the overall architecture of maat, including the control
* **Data Plane**
When calling the maat scanning interface, it subsequently calls the table runtime of the corresponding table, then proceeds to the scanning engine. Upon the scanning engine returning a hit group, it further searches for the matching `rule_id` through group2group runtime, group2rule runtime, and rule runtime, which is then returned to the caller. In addition, if the caller is interested in the hit path, they can also retrieve it through the interfaces provided by maat.
When calling the maat scanning interface, it subsequently calls the table runtime of the corresponding table, then proceeds to the scanning engine. Upon the scanning engine returning a hit object, it further searches for the matching `rule_id` through object2object runtime, object2rule runtime, and rule runtime, which is then returned to the caller. In addition, if the caller is interested in the hit path, they can also retrieve it through the interfaces provided by maat.
The scanning mentioned above all uses the `effective runtime`. If there are configuration changes, it will trigger the construction of `updating runtime`. Once this construction is completed, it will become effective runtime, and the original effective runtime will be put into the garbage collection queue waiting to be recycled.
@@ -102,7 +102,7 @@ maat_framework_perf_gtest: The performance test set is mainly used to test the t
* benchmark: Maat performance benchmark test, testing the scanning time of different scanning interfaces under different scale rule sets.
* group_nesting: Functionality and performance test set for group nesting.
* object_nesting: Functionality and performance test set for object nesting.
* ipport_plugin: Functionality and performance test set for the ipport_plugin table.

30
docs/terminology.md
View File

@@ -1,7 +1,7 @@
# Terminology
* [Item](#item)
* [Group(Object)](#groupobject)
* [Object(Object)](#objectobject)
* [Rule(Policy)](#rulepolicy)
* [Condition(Condition)](#condition)
* [Literal](#literal)
@@ -32,27 +32,27 @@ As a filter for network attributes, the smallest unit of a rule
There are multiple types of items stored in corresponding tables such as string, IP and numerical range, more details can be found in [Item table](./maat_table.md#11-item-table).
## Group(Object)
## Object(Object)
A group defines a set that can contain different types of items and can also reference other groups. The definition is made using items, which can be used to add to or exclude from the group definition. Groups can also have subordinate groups whose definitions are included in or excluded from the superior group.
A object defines a set that can contain different types of items and can also reference other objects. The definition is made using items, which can be used to add to or exclude from the object definition. Objects can also have subordinate objects whose definitions are included in or excluded from the superior object.
- An item only belongs to one group, but one group can has multiple items. The multiple items under the same group are logical 'OR' relationships. e.g.(g1 = item1 | item2).
- An item only belongs to one object, but one object can has multiple items. The multiple items under the same object are logical 'OR' relationships. e.g.(g1 = item1 | item2).
- A group can be included or excluded by other groups. For example, if group1 and group2 is included by group3, then the group3 is called the superior(super) group, and group1(group2) is called the subordinate(sub) group. There's a logical 'OR' relationship between the included sub groups under the same group, e.g.(g3 = incl-g1 | incl-g2). There's a logical 'AND' relationship between included group and excluded group under the same group, e.g.(g4 = incl-g1 & excl-g2).
- A object can be included or excluded by other objects. For example, if object1 and object2 is included by object3, then the object3 is called the superior(super) object, and object1(object2) is called the subordinate(sub) object. There's a logical 'OR' relationship between the included sub objects under the same object, e.g.(g3 = incl-g1 | incl-g2). There's a logical 'AND' relationship between included object and excluded object under the same object, e.g.(g4 = incl-g1 & excl-g2).
- Group supports multi-level nesting, see [group hierarchy](./overview.md#groupobject-nesting-and-hierarchies)
- Object supports multi-level nesting, see [object hierarchy](./overview.md#objectobject-nesting-and-hierarchies)
- A Group can be referenced by different rules.
- A Object can be referenced by different rules.
The relationship between group and group is stored in the [group2group table](./maat_table.md#14-group2group-table).
The relationship between object and object is stored in the [object2object table](./maat_table.md#14-object2object-table).
## Rule(Policy)
A conjunctive normal form(CNF) consisting of multiple groups and attributes.
A conjunctive normal form(CNF) consisting of multiple objects and attributes.
`Note`: A rule can contain up to 8 conditions and multiple conditions in the same rule can be logical 'AND' and logical 'NOT' relationships.
The relationship between group and rule is stored in the [group2rule table](./maat_table.md#13-group2rule-table).
The relationship between object and rule is stored in the [object2rule table](./maat_table.md#13-object2rule-table).
<img src="./imgs/CNF.jpg" alt="exclude" style="zoom:80%" />
@@ -64,11 +64,11 @@ Conditions are divided into two categories based on whether they contain the log
## Literal
A Literal consists of `attribute_id(attribute id)` and `group_id`. During the rules loading process, a unique condition_id will be generated based on the combination of attribute_id and group_id in the same condition.
A Literal consists of `attribute_id(attribute id)` and `object_id`. During the rules loading process, a unique condition_id will be generated based on the combination of attribute_id and object_id in the same condition.
## Physical table
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [group2rule table](./maat_table.md#13-group2rule-table), [group2group table](./maat_table.md#14-group2group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [object2rule table](./maat_table.md#13-object2rule-table), [object2object table](./maat_table.md#14-object2object-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
## Attribute
@@ -86,7 +86,7 @@ Defines the type of table and the configuration format, determining the specific
## Table runtime
The runtime generated by loading the configuration in the table into memory. Different tables have different runtimes. The group2rule table is merged with the corresponding rule table to generate a rule runtime, meaning there is no separate group2rule runtime.
The runtime generated by loading the configuration in the table into memory. Different tables have different runtimes. The object2rule table is merged with the corresponding rule table to generate a rule runtime, meaning there is no separate object2rule runtime.
Different scanning api use runtimes of different tables. For example, the HTTP_URL table is of type expr, and its corresponding scanning interface is maat_scan_string. Therefore, when calling this scanning interface, the API internally uses the runtime of the HTTP_URL table to perform the actual scanning task.
@@ -112,11 +112,11 @@ Maat supports not only block-based scanning but also stream-based scanning. For
## Half/Full hit
From the diagram of [configuration relationship](./overview.md#12-configuration-relationship), it can be seen that if the group that is hit is not referenced by rule, or even if referenced by rule, but after logical operations no rule is hit, then this hit is called a half hit; if a rule is hit, then this hit is called a full hit.
From the diagram of [configuration relationship](./overview.md#12-configuration-relationship), it can be seen that if the object that is hit is not referenced by rule, or even if referenced by rule, but after logical operations no rule is hit, then this hit is called a half hit; if a rule is hit, then this hit is called a full hit.
## Hit path
From the relationship of item, group, and rule mentioned above, if a scan hits a certain rule, there must be a logical path composed of item_id -> group_id -> rule_id. Maat names this path the hit path. If a group has nested references, the hit path should be item_id -> sub_group_id -> group_id -> rule_id.
From the relationship of item, object, and rule mentioned above, if a scan hits a certain rule, there must be a logical path composed of item_id -> object_id -> rule_id. Maat names this path the hit path. If a object has nested references, the hit path should be item_id -> sub_object_id -> object_id -> rule_id.
## Redis

46
include/maat.h
View File

@@ -33,21 +33,21 @@ struct maat_hit_path {
int negate_option; // 1 means negate condition(condition)
int condition_index; // 0 ~ 7
long long item_id;
long long sub_group_id;
long long top_group_id;
long long sub_object_id;
long long top_object_id;
long long rule_id;
};
struct maat_hit_group {
struct maat_hit_object {
long long item_id;
long long group_id;
long long object_id;
int attribute_id;
};
enum maat_scan_status {
MAAT_SCAN_ERR = -1, //scan error
MAAT_SCAN_OK, //scan but not hit(group or rule)
MAAT_SCAN_HALF_HIT, //half hit: hit group, not hit rule
MAAT_SCAN_OK, //scan but not hit(object or rule)
MAAT_SCAN_HALF_HIT, //half hit: hit object, not hit rule
MAAT_SCAN_HIT //scan hit rule
};
@@ -158,7 +158,7 @@ int maat_options_set_expr_engine(struct maat_options *opts, enum maat_expr_engin
int maat_options_set_hit_path_enabled(struct maat_options *opts);
int maat_options_set_hit_group_enabled(struct maat_options *opts);
int maat_options_set_hit_object_enabled(struct maat_options *opts);
/* maat_instance API */
struct maat *maat_new(struct maat_options *opts, const char *table_info_path);
@@ -287,8 +287,8 @@ int maat_scan_string(struct maat *instance, int table_id,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state);
int maat_scan_group(struct maat *instance, int table_id,
struct maat_hit_group *groups, size_t n_group,
int maat_scan_object(struct maat *instance, int table_id,
struct maat_hit_object *objects, size_t n_object,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state);
@@ -330,34 +330,34 @@ int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids,
size_t maat_state_get_scan_count(struct maat_state *state);
/**
* @brief direct group means group corresponding to item
* @brief direct object means object corresponding to item
*
* NOTE: hit groups may be duplicated
* NOTE: hit objects may be duplicated
*
*/
int maat_state_get_direct_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_direct_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size);
size_t maat_state_get_direct_hit_group_cnt(struct maat_state *state);
size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state);
/**
* @brief indirect group means superior group
* @brief indirect object means superior object
*
* NOTE: hit groups may be duplicated
* NOTE: hit objects may be duplicated
*/
int maat_state_get_indirect_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_indirect_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size);
size_t maat_state_get_indirect_hit_group_cnt(struct maat_state *state);
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state);
/**
* @brief get last scan hit groups(including direct/indirect)
* @brief get last scan hit objects(including direct/indirect)
*/
int maat_state_get_last_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_last_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size);
size_t maat_state_get_last_hit_group_cnt(struct maat_state *state);
size_t maat_state_get_last_hit_object_cnt(struct maat_state *state);
#ifdef __cplusplus
}

2
readme.md
View File

@@ -28,7 +28,7 @@ Read [getting started](./docs/getting_started.md) for building steps and play wi
* [Configuration management](./docs/configuration_management.md)
* [Group hierarchy](./docs/group_hierarchy.md)
* [Object hierarchy](./docs/object_hierarchy.md)
* [Logical combinations](./docs/logical_combinations.md)

2
src/CMakeLists.txt
View File

@@ -13,7 +13,7 @@ add_definitions(-D_GNU_SOURCE)
add_definitions(-fPIC)
set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c
maat_core.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c
maat_rule.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c
maat_rule.c maat_object.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_attribute.c maat_stat.c)
set(LIB_SOURCE_FILES

6
src/inc_internal/maat_core.h
View File

@@ -44,7 +44,7 @@ extern "C"
#define INVALID_VERSION -1
#define mr_region_id_var "SEQUENCE_REGION"
#define mr_group_id_var "SEQUENCE_GROUP"
#define mr_object_id_var "SEQUENCE_OBJECT"
enum tag_match {
TAG_MATCH_ERR = -1,
@@ -54,7 +54,7 @@ enum tag_match {
struct maat_item {
long long item_id;
long long group_id;
long long object_id;
};
struct maat_runtime {
@@ -121,7 +121,7 @@ struct maat_options {
int stat_on;
int perf_on;
int hit_path_on;
int hit_group_on;
int hit_object_on;
int deferred_load_on;
int maat_json_is_gzipped;

4
src/inc_internal/maat_expr.h
View File

@@ -45,9 +45,9 @@ long long expr_runtime_get_version(void *expr_runtime);
/* expr runtime scan API */
/**
* @brief scan string to get hit group_ids
* @brief scan string to get hit object_ids
*
* @retval the num of hit group_id
* @retval the num of hit object_id
*/
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, int attribute_id, struct maat_state *state);

4
src/inc_internal/maat_flag.h
View File

@@ -43,9 +43,9 @@ long long flag_runtime_rule_count(void *flag_runtime);
/* flag runtime scan API */
/**
* @brief scan flag to get hit group_ids
* @brief scan flag to get hit object_ids
*
* @retval the num of hit group_id
* @retval the num of hit object_id
*/
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
int attribute_id, struct maat_state *state);

58
src/inc_internal/maat_group.h
View File

@@ -1,58 +0,0 @@
/*
**********************************************************************************************
* File: maat_group.h
* Description:
* Authors: Liu wentan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_GROUP_H_
#define _MAAT_GROUP_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include <stdint.h>
#include "cJSON/cJSON.h"
#include "maat_kv.h"
#include "maat_table.h"
struct maat_group;
struct group2group_runtime;
/* group2group schema API */
void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void group2group_schema_free(void *g2g_schema);
/* group2group runtime API */
void *group2group_runtime_new(void *g2g_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void group2group_runtime_free(void *g2g_runtime);
int group2group_runtime_update(void *g2g_runtime, void *g2g_schema, const char *table_name,
const char *line, int valid_column);
int group2group_runtime_commit(void *g2g_runtime, const char *table_name, long long maat_rt_version);
size_t group2group_runtime_get_super_groups(void *g2g_runtime, long long *group_ids,
size_t n_group_ids, long long *super_group_ids,
size_t super_group_ids_size);
long long group2group_runtime_rule_count(void *g2g_runtime);
long long group2group_runtime_exclude_rule_count(void *g2g_runtime);
long long group2group_runtime_update_err_count(void *g2g_runtime);
#ifdef __cplusplus
}
#endif
#endif

4
src/inc_internal/maat_interval.h
View File

@@ -44,9 +44,9 @@ long long interval_runtime_rule_count(void *interval_runtime);
/* interval runtime scan API */
/**
* @brief scan interval to get hit group_ids
* @brief scan interval to get hit object_ids
*
* @retval the num of hit group_id
* @retval the num of hit object_id
*/
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state);

4
src/inc_internal/maat_limits.h
View File

@@ -22,8 +22,8 @@ extern "C"
#define MAX_NAME_STR_LEN 128
#define MAX_IP_STR_LEN 64
#define MAX_INSTANCE_NAME_LEN 15
#define MAX_GROUP_IDS_STR_LEN 256
#define MAX_GROUP_CNT 128
#define MAX_OBJECT_IDS_STR_LEN 256
#define MAX_OBJECT_CNT 128
#define MAX_CONJ_PARENTS_NUM 16
#ifdef __cplusplus

58
src/inc_internal/maat_object.h Normal file
View File

@@ -0,0 +1,58 @@
/*
**********************************************************************************************
* File: maat_object.h
* Description:
* Authors: Liu wentan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_OBJECT_H_
#define _MAAT_OBJECT_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include <stdint.h>
#include "cJSON/cJSON.h"
#include "maat_kv.h"
#include "maat_table.h"
struct maat_object;
struct object2object_runtime;
/* object2object schema API */
void *object2object_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void object2object_schema_free(void *g2g_schema);
/* object2object runtime API */
void *object2object_runtime_new(void *g2g_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void object2object_runtime_free(void *g2g_runtime);
int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, const char *table_name,
const char *line, int valid_column);
int object2object_runtime_commit(void *g2g_runtime, const char *table_name, long long maat_rt_version);
size_t object2object_runtime_get_super_objects(void *g2g_runtime, long long *object_ids,
size_t n_object_ids, long long *super_object_ids,
size_t super_object_ids_size);
long long object2object_runtime_rule_count(void *g2g_runtime);
long long object2object_runtime_exclude_rule_count(void *g2g_runtime);
long long object2object_runtime_update_err_count(void *g2g_runtime);
#ifdef __cplusplus
}
#endif
#endif

46
src/inc_internal/maat_rule.h
View File

@@ -25,17 +25,17 @@ extern "C"
struct rule_schema;
struct rule_runtime;
struct rule_state;
struct group2group_runtime;
struct object2object_runtime;
/* rule schema API */
void *rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void rule_schema_free(void *rule_schema);
void *group2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
void *object2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void group2rule_schema_free(void *g2c_schema);
int group2rule_associated_rule_table_id(void *g2c_schema);
void object2rule_schema_free(void *g2c_schema);
int object2rule_associated_rule_table_id(void *g2c_schema);
/* rule runtime API */
void *rule_runtime_new(void *rule_schema, size_t max_thread_num,
@@ -64,24 +64,24 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path);
/* group2rule runtime API */
void *group2rule_runtime_new(void *g2c_schema, size_t max_thread_num,
/* object2rule runtime API */
void *object2rule_runtime_new(void *g2c_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void group2rule_runtime_init(void *g2c_runtime, void *rule_runtime);
void object2rule_runtime_init(void *g2c_runtime, void *rule_runtime);
void group2rule_runtime_free(void *g2c_runtime);
void object2rule_runtime_free(void *g2c_runtime);
int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
int object2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
const char *table_name, const char *line,
int valid_column);
long long group2rule_runtime_not_condition_count(void *g2c_runtime);
long long object2rule_runtime_not_condition_count(void *g2c_runtime);
long long group2rule_runtime_rule_count(void *g2c_runtime);
long long object2rule_runtime_rule_count(void *g2c_runtime);
long long group2rule_runtime_update_err_count(void *g2c_runtime);
long long object2rule_runtime_update_err_count(void *g2c_runtime);
/* maat rule state API */
struct rule_state;
@@ -96,7 +96,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void rule_state_clear_last_hit_group(struct rule_state *rule_state);
void rule_state_clear_last_hit_object(struct rule_state *rule_state);
void rule_state_not_logic_update(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
@@ -105,27 +105,27 @@ void rule_state_not_logic_update(struct rule_state *rule_state,
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
struct group2group_runtime *g2g_rt,
struct object2object_runtime *g2g_rt,
struct maat_hit_path *hit_path_array,
size_t array_size);
size_t rule_state_get_direct_hit_groups(struct rule_state *rule_state,
struct maat_hit_group *group_array,
size_t rule_state_get_direct_hit_objects(struct rule_state *rule_state,
struct maat_hit_object *object_array,
size_t array_size);
size_t rule_state_get_direct_hit_group_cnt(struct rule_state *rule_state);
size_t rule_state_get_direct_hit_object_cnt(struct rule_state *rule_state);
size_t rule_state_get_indirect_hit_groups(struct rule_state *rule_state,
struct maat_hit_group *group_array,
size_t rule_state_get_indirect_hit_objects(struct rule_state *rule_state,
struct maat_hit_object *object_array,
size_t array_size);
size_t rule_state_get_indirect_hit_group_cnt(struct rule_state *rule_state);
size_t rule_state_get_indirect_hit_object_cnt(struct rule_state *rule_state);
size_t rule_state_get_last_hit_groups(struct rule_state *rule_state,
struct maat_hit_group *group_arary,
size_t rule_state_get_last_hit_objects(struct rule_state *rule_state,
struct maat_hit_object *object_arary,
size_t array_size);
size_t rule_state_get_last_hit_group_cnt(struct rule_state *rule_state);
size_t rule_state_get_last_hit_object_cnt(struct rule_state *rule_state);
int rule_state_get_rule_table_id(struct rule_state *rule_state,
long long rule_id);

6
src/inc_internal/maat_table.h
View File

@@ -40,8 +40,8 @@ enum table_type {
//above are physical table
TABLE_TYPE_ATTRIBUTE,
TABLE_TYPE_RULE,
TABLE_TYPE_GROUP2GROUP,
TABLE_TYPE_GROUP2RULE,
TABLE_TYPE_OBJECT2OBJECT,
TABLE_TYPE_OBJECT2RULE,
TABLE_TYPE_MAX
};
@@ -85,7 +85,7 @@ const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, in
enum table_type table_manager_get_table_type(struct table_manager *tbl_mgr, int table_id);
int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr);
int table_manager_get_group2group_table_id(struct table_manager *tbl_mgr);
int table_manager_get_object2object_table_id(struct table_manager *tbl_mgr);
int table_manager_get_valid_column(struct table_manager *tbl_mgr, int table_id);

2
src/inc_internal/maat_utils.h
View File

@@ -56,7 +56,7 @@ extern "C"
#define MAX_HIT_PATH_NUM 4096
#define MAX_HIT_RULE_NUM 4096
#define MAX_HIT_GROUP_NUM 4096
#define MAX_HIT_OBJECT_NUM 4096
#define MAX_HIT_ITEM_NUM 4096
#define IPV4 4

466
src/json2iris.c
View File

@@ -28,22 +28,22 @@
#define MAX_COLUMN_NUM 32
#define MAX_PATH_LINE 512
#define MAX_BUFF_LEN 4096
#define MAX_GROUP_ID_STR 128
#define MAX_OBJECT_ID_STR 128
const int json_version = 1;
const char *untitled_group_name = "Untitled";
long long untitled_group_id = 123456789;
const char *untitled_object_name = "Untitled";
long long untitled_object_id = 123456789;
enum maat_group_relation {
enum maat_object_relation {
PARENT_TYPE_RULE = 0,
PARENT_TYPE_GROUP
PARENT_TYPE_OBJECT
};
struct group_info {
int group_id;
char group_name[NAME_MAX];
UT_array *incl_sub_group_ids;
UT_array *excl_sub_group_ids;
struct object_info {
int object_id;
char object_name[NAME_MAX];
UT_array *incl_sub_object_ids;
UT_array *excl_sub_object_ids;
UT_hash_handle hh;
};
@@ -59,19 +59,19 @@ struct iris_table {
};
struct iris_description {
int group_cnt;
int object_cnt;
int region_cnt;
char tmp_iris_dir[MAX_PATH_LINE];
char tmp_iris_index_dir[MAX_PATH_LINE];
char index_path[PATH_MAX];
struct iris_table *group_table;
struct iris_table *group2group_table;
struct iris_table *group2rule_table;
struct iris_table *object_table;
struct iris_table *object2object_table;
struct iris_table *object2rule_table;
struct iris_table *rule_table;
struct group_info *group_name_map;
struct object_info *object_name_map;
struct iris_table *iris_table_map;
struct maat_kv_store *str2int_map;
@@ -130,8 +130,8 @@ static void free_iris_table_info(void *p)
static int
set_iris_descriptor(const char *json_file, cJSON *json,
const char *encrypt_key, const char *encrypt_algo,
const char *rule_tn, const char *group2rule_tn,
const char* group2group_tn, redisContext *redis_write_ctx,
const char *rule_tn, const char *object2rule_tn,
const char* object2object_tn, redisContext *redis_write_ctx,
struct iris_description *iris_cfg)
{
memset(iris_cfg, 0, sizeof(struct iris_description));
@@ -183,10 +183,10 @@ set_iris_descriptor(const char *json_file, cJSON *json,
iris_cfg->rule_table = query_table_info(iris_cfg, rule_tn,
TABLE_TYPE_RULE);
iris_cfg->group2rule_table = query_table_info(iris_cfg, group2rule_tn,
TABLE_TYPE_GROUP2RULE);
iris_cfg->group2group_table = query_table_info(iris_cfg, group2group_tn,
TABLE_TYPE_GROUP2GROUP);
iris_cfg->object2rule_table = query_table_info(iris_cfg, object2rule_tn,
TABLE_TYPE_OBJECT2RULE);
iris_cfg->object2object_table = query_table_info(iris_cfg, object2object_tn,
TABLE_TYPE_OBJECT2OBJECT);
if (encrypt_key && encrypt_algo) {
iris_cfg->encrypt_key = maat_strdup(encrypt_key);
@@ -198,21 +198,21 @@ set_iris_descriptor(const char *json_file, cJSON *json,
static void clear_iris_descriptor(struct iris_description *iris_cfg)
{
if (iris_cfg->group_name_map != NULL) {
struct group_info *node = NULL;
struct group_info *tmp = NULL;
HASH_ITER(hh, iris_cfg->group_name_map, node, tmp) {
if (node->incl_sub_group_ids != NULL) {
utarray_free(node->incl_sub_group_ids);
node->incl_sub_group_ids = NULL;
if (iris_cfg->object_name_map != NULL) {
struct object_info *node = NULL;
struct object_info *tmp = NULL;
HASH_ITER(hh, iris_cfg->object_name_map, node, tmp) {
if (node->incl_sub_object_ids != NULL) {
utarray_free(node->incl_sub_object_ids);
node->incl_sub_object_ids = NULL;
}
if (node->excl_sub_group_ids != NULL) {
utarray_free(node->excl_sub_group_ids);
node->excl_sub_group_ids = NULL;
if (node->excl_sub_object_ids != NULL) {
utarray_free(node->excl_sub_object_ids);
node->excl_sub_object_ids = NULL;
}
HASH_DELETE(hh, iris_cfg->group_name_map, node);
HASH_DELETE(hh, iris_cfg->object_name_map, node);
FREE(node);
}
}
@@ -301,31 +301,31 @@ write_plugin_line(cJSON *plug_table_json, int sequence,
return 0;
}
static struct group_info *group_info_read(struct group_info *group_name_map,
const char *group_name)
static struct object_info *object_info_read(struct object_info *object_name_map,
const char *object_name)
{
struct group_info *node = NULL;
HASH_FIND(hh, group_name_map, group_name, strlen(group_name), node);
struct object_info *node = NULL;
HASH_FIND(hh, object_name_map, object_name, strlen(object_name), node);
return node;
}
UT_icd ut_json2iris_group_id_icd = {sizeof(int), NULL, NULL, NULL};
static struct group_info *
group_info_add_unsafe(struct iris_description *p_iris, const char *group_name,
long long group_id)
UT_icd ut_json2iris_object_id_icd = {sizeof(int), NULL, NULL, NULL};
static struct object_info *
object_info_add_unsafe(struct iris_description *p_iris, const char *object_name,
long long object_id)
{
struct group_info *group_info = ALLOC(struct group_info, 1);
utarray_new(group_info->incl_sub_group_ids, &ut_json2iris_group_id_icd);
utarray_new(group_info->excl_sub_group_ids, &ut_json2iris_group_id_icd);
struct object_info *object_info = ALLOC(struct object_info, 1);
utarray_new(object_info->incl_sub_object_ids, &ut_json2iris_object_id_icd);
utarray_new(object_info->excl_sub_object_ids, &ut_json2iris_object_id_icd);
group_info->group_id = group_id;
strncpy(group_info->group_name, group_name, sizeof(group_info->group_name));
object_info->object_id = object_id;
strncpy(object_info->object_name, object_name, sizeof(object_info->object_name));
HASH_ADD_KEYPTR(hh, p_iris->group_name_map, group_info->group_name,
strlen(group_name), group_info);
HASH_ADD_KEYPTR(hh, p_iris->object_name_map, object_info->object_name,
strlen(object_name), object_info);
return group_info;
return object_info;
}
static int get_region_seq(struct iris_description *iris_cfg)
@@ -435,7 +435,7 @@ write_flag_line(cJSON *region_json, struct iris_description *p_iris,
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "group_id";
json_cmd[cmd_cnt].json_string = "object_id";
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
@@ -473,7 +473,7 @@ write_expr_line(cJSON *region_json, struct iris_description *p_iris,
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "group_id";
json_cmd[cmd_cnt].json_string = "object_id";
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
@@ -512,7 +512,7 @@ write_ip_line(cJSON *region_json, struct iris_description *p_iris,
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "group_id";
json_cmd[cmd_cnt].json_string = "object_id";
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
@@ -548,7 +548,7 @@ write_interval_line(cJSON *region_json, struct iris_description *p_iris,
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "group_id";
json_cmd[cmd_cnt].json_string = "object_id";
json_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
@@ -571,7 +571,7 @@ write_interval_line(cJSON *region_json, struct iris_description *p_iris,
}
static int
write_region_rule(cJSON *region_json, int rule_id, int group_id,
write_region_rule(cJSON *region_json, int rule_id, int object_id,
struct iris_description *p_iris, struct log_handle *logger)
{
cJSON *item = cJSON_GetObjectItem(region_json, "table_name");
@@ -613,7 +613,7 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id,
int region_id = get_region_seq(p_iris);
cJSON_AddNumberToObject(table_content, "region_id", region_id);
cJSON_AddNumberToObject(table_content, "group_id", group_id);
cJSON_AddNumberToObject(table_content, "object_id", object_id);
cJSON_AddNumberToObject(table_content, "is_valid", 1);
struct iris_table *table_info = query_table_info(p_iris, table_name,
@@ -642,8 +642,8 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id,
}
static int
write_group2rule_line(int *group_ids, size_t n_group_id,
int rule_id, int group_negate_option,
write_object2rule_line(int *object_ids, size_t n_object_id,
int rule_id, int object_negate_option,
int condition_index, const char *attribute,
struct iris_description *p_iris,
struct iris_table *g2c_table)
@@ -654,26 +654,26 @@ write_group2rule_line(int *group_ids, size_t n_group_id,
if (g2c_table != NULL) {
table = g2c_table;
} else {
if (NULL == p_iris->group2rule_table) {
if (NULL == p_iris->object2rule_table) {
return -1;
}
table = p_iris->group2rule_table;
table = p_iris->object2rule_table;
}
if (n_group_id > 1) {
if (n_object_id > 1) {
char tmp_str[64] = {0};
char group_id_str[2048] = {0};
char object_id_str[2048] = {0};
for (size_t i = 0; i < n_group_id; i++) {
snprintf(tmp_str, sizeof(tmp_str), "%d,", group_ids[i]);
strcat(group_id_str, tmp_str);
for (size_t i = 0; i < n_object_id; i++) {
snprintf(tmp_str, sizeof(tmp_str), "%d,", object_ids[i]);
strcat(object_id_str, tmp_str);
}
group_id_str[strlen(group_id_str) - 1] = '\0';
snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str,
rule_id, group_negate_option, attribute, condition_index);
object_id_str[strlen(object_id_str) - 1] = '\0';
snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", object_id_str,
rule_id, object_negate_option, attribute, condition_index);
} else {
snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0],
rule_id, group_negate_option, attribute, condition_index);
snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", object_ids[0],
rule_id, object_negate_option, attribute, condition_index);
}
table->write_pos += memcat(&(table->buff), table->write_pos,
@@ -684,60 +684,60 @@ write_group2rule_line(int *group_ids, size_t n_group_id,
}
static int
write_group2group_line(int group_id, UT_array *incl_sub_group_ids,
UT_array *excl_sub_group_ids,
write_object2object_line(int object_id, UT_array *incl_sub_object_ids,
UT_array *excl_sub_object_ids,
struct iris_description *p_iris)
{
char buff[MAX_BUFF_LEN*4] = {0};
struct iris_table *table = p_iris->group2group_table;
struct iris_table *table = p_iris->object2object_table;
if (NULL == table) {
return -1;
}
size_t i = 0, pos = 0;
char incl_sub_group_id_str[MAX_BUFF_LEN] = {0};
char excl_sub_group_id_str[MAX_BUFF_LEN] = {0};
char incl_sub_object_id_str[MAX_BUFF_LEN] = {0};
char excl_sub_object_id_str[MAX_BUFF_LEN] = {0};
if (0 == utarray_len(incl_sub_group_ids) &&
0 == utarray_len(excl_sub_group_ids)) {
if (0 == utarray_len(incl_sub_object_ids) &&
0 == utarray_len(excl_sub_object_ids)) {
return 0;
}
int *tmp_id = NULL;
char tmp_str[MAX_GROUP_ID_STR] = {0};
for (i = 0; i < utarray_len(incl_sub_group_ids); i++) {
tmp_id = (int *)utarray_eltptr(incl_sub_group_ids, i);
char tmp_str[MAX_OBJECT_ID_STR] = {0};
for (i = 0; i < utarray_len(incl_sub_object_ids); i++) {
tmp_id = (int *)utarray_eltptr(incl_sub_object_ids, i);
sprintf(tmp_str, "%d,", *tmp_id);
sprintf(incl_sub_group_id_str + pos, "%s", tmp_str);
sprintf(incl_sub_object_id_str + pos, "%s", tmp_str);
pos += strlen(tmp_str);
}
const char *null_str = "null";
size_t str_len = strlen(incl_sub_group_id_str);
size_t str_len = strlen(incl_sub_object_id_str);
if (str_len > 0) {
incl_sub_group_id_str[str_len - 1] = '\0';
incl_sub_object_id_str[str_len - 1] = '\0';
} else {
memcpy(incl_sub_group_id_str, null_str, strlen(null_str));
memcpy(incl_sub_object_id_str, null_str, strlen(null_str));
}
pos = 0;
memset(tmp_str, 0, sizeof(tmp_str));
for (i = 0; i < utarray_len(excl_sub_group_ids); i++) {
tmp_id = (int *)utarray_eltptr(excl_sub_group_ids, i);
for (i = 0; i < utarray_len(excl_sub_object_ids); i++) {
tmp_id = (int *)utarray_eltptr(excl_sub_object_ids, i);
sprintf(tmp_str, "%d,", *tmp_id);
sprintf(excl_sub_group_id_str + pos, "%s", tmp_str);
sprintf(excl_sub_object_id_str + pos, "%s", tmp_str);
pos += strlen(tmp_str);
}
str_len = strlen(excl_sub_group_id_str);
str_len = strlen(excl_sub_object_id_str);
if (str_len > 0) {
excl_sub_group_id_str[str_len - 1] = '\0';
excl_sub_object_id_str[str_len - 1] = '\0';
} else {
memcpy(excl_sub_group_id_str, null_str, strlen(null_str));
memcpy(excl_sub_object_id_str, null_str, strlen(null_str));
}
snprintf(buff, sizeof(buff), "%d\t%s\t%s\t1\n", group_id,
incl_sub_group_id_str, excl_sub_group_id_str);
snprintf(buff, sizeof(buff), "%d\t%s\t%s\t1\n", object_id,
incl_sub_object_id_str, excl_sub_object_id_str);
table->write_pos += memcat(&(table->buff), table->write_pos,
&(table->buff_sz), buff, strlen(buff));
@@ -747,119 +747,119 @@ write_group2group_line(int group_id, UT_array *incl_sub_group_ids,
}
static int
write_group_rule(cJSON *group_json, int parent_id,
write_object_rule(cJSON *object_json, int parent_id,
int parent_type, int tracking_rule_id,
int Nth_group, struct iris_description *p_iris,
int Nth_object, struct iris_description *p_iris,
struct log_handle *logger)
{
int ret = 0;
int group_negate_option = 0;
int object_negate_option = 0;
int condition_index = 0;
const char *group_name = NULL;
char group_name_array[32][MAX_NAME_STR_LEN];
size_t group_name_cnt = 0;
long long group_id = -1;
const char *object_name = NULL;
char object_name_array[32][MAX_NAME_STR_LEN];
size_t object_name_cnt = 0;
long long object_id = -1;
const char *attribute = NULL;
struct iris_table *g2c_table = NULL;
cJSON *item = cJSON_GetObjectItem(group_json, "group_name");
cJSON *item = cJSON_GetObjectItem(object_json, "object_name");
if (NULL == item) {
group_name = untitled_group_name;
object_name = untitled_object_name;
} else if (item->type == cJSON_String) {
group_name = item->valuestring;
object_name = item->valuestring;
} else if (item->type == cJSON_Array) {
group_name_cnt = cJSON_GetArraySize(item);
assert(group_name_cnt <= 32);
for (size_t i = 0; i < group_name_cnt; i++) {
object_name_cnt = cJSON_GetArraySize(item);
assert(object_name_cnt <= 32);
for (size_t i = 0; i < object_name_cnt; i++) {
cJSON *tmp_json = cJSON_GetArrayItem(item, i);
if (NULL == tmp_json || tmp_json->type != cJSON_String) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] group_name of rule:%d format error",
"[%s:%d] object_name of rule:%d format error",
__FUNCTION__, __LINE__, parent_id);
return -1;
}
memset(group_name_array[i], 0, sizeof(group_name_array[i]));
memcpy(group_name_array[i], tmp_json->valuestring,
memset(object_name_array[i], 0, sizeof(object_name_array[i]));
memcpy(object_name_array[i], tmp_json->valuestring,
strlen(tmp_json->valuestring));
}
}
item = cJSON_GetObjectItem(group_json, "group_id");
item = cJSON_GetObjectItem(object_json, "object_id");
if (item != NULL && item->type == cJSON_Number) {
group_id = item->valueint;
object_id = item->valueint;
}
if (parent_type == PARENT_TYPE_RULE) {
item = cJSON_GetObjectItem(group_json, "attribute");
item = cJSON_GetObjectItem(object_json, "attribute");
if (NULL == item || item->type != cJSON_String) {
attribute = "null";
} else {
attribute = item->valuestring;
}
item = cJSON_GetObjectItem(group_json, "negate_option");
item = cJSON_GetObjectItem(object_json, "negate_option");
if (NULL == item || item->type != cJSON_Number) {
group_negate_option = 0;
object_negate_option = 0;
} else {
group_negate_option = item->valueint;
object_negate_option = item->valueint;
}
item = cJSON_GetObjectItem(group_json, "condition_index");
item = cJSON_GetObjectItem(object_json, "condition_index");
if (NULL == item || item->type != cJSON_Number) {
condition_index = Nth_group;
condition_index = Nth_object;
} else {
condition_index = item->valueint;
}
item = cJSON_GetObjectItem(group_json, "g2c_table_name");
item = cJSON_GetObjectItem(object_json, "g2c_table_name");
if (item != NULL && item->type == cJSON_String) {
g2c_table = query_table_info(p_iris, item->valuestring,
TABLE_TYPE_GROUP2RULE);
TABLE_TYPE_OBJECT2RULE);
}
}
if (group_name_cnt > 0) {
int group_ids[group_name_cnt];
for (size_t i = 0; i < group_name_cnt; i++) {
struct group_info *group_info =
group_info_read(p_iris->group_name_map, group_name_array[i]);
if (NULL == group_info) {
log_fatal(logger, MODULE_JSON2IRIS, "[%s:%d] group_name:%s"
" has no group_id", __FUNCTION__, __LINE__,
group_name_array[i]);
if (object_name_cnt > 0) {
int object_ids[object_name_cnt];
for (size_t i = 0; i < object_name_cnt; i++) {
struct object_info *object_info =
object_info_read(p_iris->object_name_map, object_name_array[i]);
if (NULL == object_info) {
log_fatal(logger, MODULE_JSON2IRIS, "[%s:%d] object_name:%s"
" has no object_id", __FUNCTION__, __LINE__,
object_name_array[i]);
return -1;
}
group_ids[i] = group_info->group_id;
object_ids[i] = object_info->object_id;
}
assert(parent_type == PARENT_TYPE_RULE);
ret = write_group2rule_line(group_ids, group_name_cnt, parent_id,
group_negate_option, condition_index,
ret = write_object2rule_line(object_ids, object_name_cnt, parent_id,
object_negate_option, condition_index,
attribute, p_iris, g2c_table);
} else {
struct group_info *group_info =
group_info_read(p_iris->group_name_map, group_name);
// exist group name, regions and sub groups will be ommit.
if (NULL == group_info) {
if (0 == strncasecmp(group_name, untitled_group_name,
strlen(untitled_group_name))) {
group_id = untitled_group_id;
struct object_info *object_info =
object_info_read(p_iris->object_name_map, object_name);
// exist object name, regions and sub objects will be ommit.
if (NULL == object_info) {
if (0 == strncasecmp(object_name, untitled_object_name,
strlen(untitled_object_name))) {
object_id = untitled_object_id;
}
if (-1 == group_id) {
if (-1 == object_id) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] group_name:<%s> has no group_id",
__FUNCTION__, __LINE__, group_name);
"[%s:%d] object_name:<%s> has no object_id",
__FUNCTION__, __LINE__, object_name);
return -1;
}
group_info = group_info_add_unsafe(p_iris, group_name, group_id);
cJSON *region_json = cJSON_GetObjectItem(group_json, "regions");
object_info = object_info_add_unsafe(p_iris, object_name, object_id);
cJSON *region_json = cJSON_GetObjectItem(object_json, "regions");
if (region_json != NULL) {
cJSON *region_rule = NULL;
cJSON_ArrayForEach(region_rule, region_json) {
ret = write_region_rule(region_rule, tracking_rule_id,
group_info->group_id, p_iris, logger);
object_info->object_id, p_iris, logger);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] rule rule %d write region error",
@@ -869,14 +869,14 @@ write_group_rule(cJSON *group_json, int parent_id,
}
}
cJSON *sub_groups = cJSON_GetObjectItem(group_json, "sub_groups");
if (sub_groups != NULL) {
cJSON *sub_objects = cJSON_GetObjectItem(object_json, "sub_objects");
if (sub_objects != NULL) {
// recursively
int i = 0;
cJSON_ArrayForEach(item, sub_groups) {
cJSON_ArrayForEach(item, sub_objects) {
i++;
ret = write_group_rule(item, group_info->group_id,
PARENT_TYPE_GROUP, tracking_rule_id,
ret = write_object_rule(item, object_info->object_id,
PARENT_TYPE_OBJECT, tracking_rule_id,
i, p_iris, logger);
if (ret < 0) {
return -1;
@@ -884,21 +884,21 @@ write_group_rule(cJSON *group_json, int parent_id,
}
}
if (NULL == region_json && NULL == sub_groups) {
if (NULL == region_json && NULL == sub_objects) {
log_info(logger, MODULE_JSON2IRIS,
"[%s:%d] A group of rule rule %d has neither regions, "
"sub groups, nor refered another existed group",
"[%s:%d] A object of rule rule %d has neither regions, "
"sub objects, nor refered another existed object",
__FUNCTION__, __LINE__, tracking_rule_id);
}
}
if (parent_type == PARENT_TYPE_RULE) {
ret = write_group2rule_line(&(group_info->group_id), 1, parent_id,
group_negate_option, condition_index,
ret = write_object2rule_line(&(object_info->object_id), 1, parent_id,
object_negate_option, condition_index,
attribute, p_iris, g2c_table);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] rule:%d write group error",
"[%s:%d] rule:%d write object error",
__FUNCTION__, __LINE__, parent_id);
return -1;
}
@@ -921,14 +921,14 @@ write_rule_line(cJSON *rule, struct iris_description *p_iris,
}
int rule_id = item->valueint;
cJSON *group_array = cJSON_GetObjectItem(rule, "groups");
int group_num = cJSON_GetArraySize(group_array);
int *condition_ids = ALLOC(int, group_num);
cJSON *object_array = cJSON_GetObjectItem(rule, "objects");
int object_num = cJSON_GetArraySize(object_array);
int *condition_ids = ALLOC(int, object_num);
int condition_num = 0;
cJSON *group_obj = NULL;
cJSON *object_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
item = cJSON_GetObjectItem(group_obj, "condition_index");
cJSON_ArrayForEach(object_obj, object_array) {
item = cJSON_GetObjectItem(object_obj, "condition_index");
if (item) {
int i = 0;
int condition_index = item->valueint;
@@ -947,7 +947,7 @@ write_rule_line(cJSON *rule, struct iris_description *p_iris,
FREE(condition_ids);
if (condition_num == 0) {
condition_num = group_num;
condition_num = object_num;
}
cJSON_AddNumberToObject(rule, "condition_num", condition_num);
@@ -1086,67 +1086,67 @@ static int write_index_file(struct iris_description *p_iris,
return 0;
}
int recursive_traverse_sub_groups(cJSON *group_obj, struct iris_description *p_iris,
int recursive_traverse_sub_objects(cJSON *object_obj, struct iris_description *p_iris,
struct log_handle *logger)
{
cJSON *sub_group_array = cJSON_GetObjectItem(group_obj, "sub_groups");
if (NULL == sub_group_array) {
cJSON *sub_object_array = cJSON_GetObjectItem(object_obj, "sub_objects");
if (NULL == sub_object_array) {
return 0;
}
cJSON *item = cJSON_GetObjectItem(group_obj, "group_name");
cJSON *item = cJSON_GetObjectItem(object_obj, "object_name");
if (NULL == item || item->type != cJSON_String) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] has no group_name before sub_groups.");
"[%s:%d] has no object_name before sub_objects.");
return -1;
}
const char *parent_group_name = item->valuestring;
struct group_info *parent_group = group_info_read(p_iris->group_name_map,
const char *parent_object_name = item->valuestring;
struct object_info *parent_object = object_info_read(p_iris->object_name_map,
item->valuestring);
if (NULL == parent_group) {
item = cJSON_GetObjectItem(group_obj, "group_id");
if (NULL == parent_object) {
item = cJSON_GetObjectItem(object_obj, "object_id");
if (NULL == item || item->type != cJSON_Number) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] group_name:%s has no group_id.", parent_group_name);
"[%s:%d] object_name:%s has no object_id.", parent_object_name);
return -1;
}
parent_group = group_info_add_unsafe(p_iris, parent_group_name, item->valueint);
parent_object = object_info_add_unsafe(p_iris, parent_object_name, item->valueint);
}
cJSON *sub_group_obj = NULL;
cJSON_ArrayForEach(sub_group_obj, sub_group_array) {
cJSON *tmp_item1 = cJSON_GetObjectItem(sub_group_obj, "group_name");
cJSON *sub_object_obj = NULL;
cJSON_ArrayForEach(sub_object_obj, sub_object_array) {
cJSON *tmp_item1 = cJSON_GetObjectItem(sub_object_obj, "object_name");
if (NULL == tmp_item1 || tmp_item1->type != cJSON_String) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d]group:%s's sub_groups has no group_name",
__FUNCTION__, __LINE__, parent_group_name);
"[%s:%d]object:%s's sub_objects has no object_name",
__FUNCTION__, __LINE__, parent_object_name);
return -1;
}
int group_id = -1;
int object_id = -1;
int is_exclude = 0;
cJSON *tmp_item2 = cJSON_GetObjectItem(sub_group_obj, "group_id");
cJSON *tmp_item2 = cJSON_GetObjectItem(sub_object_obj, "object_id");
if (NULL == tmp_item2) {
struct group_info *group = group_info_read(p_iris->group_name_map,
struct object_info *object = object_info_read(p_iris->object_name_map,
tmp_item1->valuestring);
assert(group != NULL);
group_id = group->group_id;
assert(object != NULL);
object_id = object->object_id;
} else {
group_id = tmp_item2->valueint;
object_id = tmp_item2->valueint;
}
cJSON *tmp_item3 = cJSON_GetObjectItem(sub_group_obj, "is_exclude");
cJSON *tmp_item3 = cJSON_GetObjectItem(sub_object_obj, "is_exclude");
if (tmp_item3 != NULL && tmp_item3->type == cJSON_Number) {
is_exclude = tmp_item3->valueint;
}
if (0 == is_exclude) {
utarray_push_back(parent_group->incl_sub_group_ids, &group_id);
utarray_push_back(parent_object->incl_sub_object_ids, &object_id);
} else {
utarray_push_back(parent_group->excl_sub_group_ids, &group_id);
utarray_push_back(parent_object->excl_sub_object_ids, &object_id);
}
int ret = recursive_traverse_sub_groups(sub_group_obj, p_iris, logger);
int ret = recursive_traverse_sub_objects(sub_object_obj, p_iris, logger);
if (ret < 0) {
return -1;
}
@@ -1155,21 +1155,21 @@ int recursive_traverse_sub_groups(cJSON *group_obj, struct iris_description *p_i
return 0;
}
static int write_group2group_rule(struct iris_description *p_iris,
static int write_object2object_rule(struct iris_description *p_iris,
struct log_handle *logger)
{
int ret = 0;
struct group_info *group_info = NULL, *tmp_group_info = NULL;
struct object_info *object_info = NULL, *tmp_object_info = NULL;
HASH_ITER(hh, p_iris->group_name_map, group_info, tmp_group_info) {
ret = write_group2group_line(group_info->group_id,
group_info->incl_sub_group_ids,
group_info->excl_sub_group_ids,
HASH_ITER(hh, p_iris->object_name_map, object_info, tmp_object_info) {
ret = write_object2object_line(object_info->object_id,
object_info->incl_sub_object_ids,
object_info->excl_sub_object_ids,
p_iris);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] write group2group line failed for super_group:%d",
__FUNCTION__, __LINE__, group_info->group_id);
"[%s:%d] write object2object line failed for super_object:%d",
__FUNCTION__, __LINE__, object_info->object_id);
return -1;
}
}
@@ -1182,7 +1182,7 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
{
int i = 0;
int ret = 0;
static struct group_info *parent_group = NULL; // TODO
static struct object_info *parent_object = NULL; // TODO
cJSON *plug_tables = cJSON_GetObjectItem(json, "plugin_table");
if (plug_tables != NULL) {
@@ -1193,35 +1193,35 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
}
}
cJSON *group_array = cJSON_GetObjectItem(json, "groups"); // sub-group to group
if (group_array != NULL) {
cJSON *group_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
const char *parent_group_name = NULL;
cJSON *item = cJSON_GetObjectItem(group_obj, "parent_group");
cJSON *object_array = cJSON_GetObjectItem(json, "objects"); // sub-object to object
if (object_array != NULL) {
cJSON *object_obj = NULL;
cJSON_ArrayForEach(object_obj, object_array) {
const char *parent_object_name = NULL;
cJSON *item = cJSON_GetObjectItem(object_obj, "parent_object");
if (NULL == item || item->type != cJSON_String) {
parent_group_name = untitled_group_name;
parent_object_name = untitled_object_name;
} else {
parent_group_name = item->string;
parent_object_name = item->string;
}
parent_group = group_info_read(p_iris->group_name_map, parent_group_name);
if (NULL == parent_group) {
parent_group = group_info_add_unsafe(p_iris, parent_group_name,
untitled_group_id);
parent_object = object_info_read(p_iris->object_name_map, parent_object_name);
if (NULL == parent_object) {
parent_object = object_info_add_unsafe(p_iris, parent_object_name,
untitled_object_id);
}
item = cJSON_GetObjectItem(group_obj, "group_id");
item = cJSON_GetObjectItem(object_obj, "object_id");
if (NULL == item || item->type != cJSON_Number) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d]Global groups has group with no group_id.",
"[%s:%d]Global objects has object with no object_id.",
__FUNCTION__, __LINE__);
return -1;
}
utarray_push_back(parent_group->incl_sub_group_ids, &item->valueint);
ret = write_group_rule(group_obj, parent_group->group_id,
PARENT_TYPE_GROUP, 0, 0, p_iris, logger);
utarray_push_back(parent_object->incl_sub_object_ids, &item->valueint);
ret = write_object_rule(object_obj, parent_object->object_id,
PARENT_TYPE_OBJECT, 0, 0, p_iris, logger);
if (ret < 0) {
return -1;
}
@@ -1245,26 +1245,26 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
return -1;
}
group_array = cJSON_GetObjectItem(rule_obj, "groups");
if (NULL == group_array) {
object_array = cJSON_GetObjectItem(rule_obj, "objects");
if (NULL == object_array) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] rule rule %d have no group",
"[%s:%d] rule rule %d have no object",
__FUNCTION__, __LINE__, rule_id);
return -1;
}
int group_cnt = cJSON_GetArraySize(group_array);
if (group_cnt <= 0) {
int object_cnt = cJSON_GetArraySize(object_array);
if (object_cnt <= 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] rule rule %d have no groups",
"[%s:%d] rule rule %d have no objects",
__FUNCTION__, __LINE__, rule_id);
return -1;
}
i = 0;
cJSON *group_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
ret = write_group_rule(group_obj, rule_id, PARENT_TYPE_RULE,
cJSON *object_obj = NULL;
cJSON_ArrayForEach(object_obj, object_array) {
ret = write_object_rule(object_obj, rule_id, PARENT_TYPE_RULE,
rule_id, i, p_iris, logger);
if (ret < 0) {
return -1;
@@ -1274,11 +1274,11 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
}
cJSON_ArrayForEach(rule_obj, rule_array) {
cJSON *group_array = cJSON_GetObjectItem(rule_obj, "groups");
cJSON *object_array = cJSON_GetObjectItem(rule_obj, "objects");
cJSON *group_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
ret = recursive_traverse_sub_groups(group_obj, p_iris, logger);
cJSON *object_obj = NULL;
cJSON_ArrayForEach(object_obj, object_array) {
ret = recursive_traverse_sub_objects(object_obj, p_iris, logger);
if (ret < 0) {
return -1;
}
@@ -1286,7 +1286,7 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
}
}
ret = write_group2group_rule(p_iris, logger);
ret = write_object2object_rule(p_iris, logger);
if (ret < 0) {
return -1;
}
@@ -1307,8 +1307,8 @@ int json2iris(const char *json_buff, const char *json_filename,
int ret = -1;
cJSON *tmp_obj = NULL;
const char *rule_tbl_name = NULL;
const char *group2rule_tbl_name = NULL;
const char *group2group_tbl_name = NULL;
const char *object2rule_tbl_name = NULL;
const char *object2object_tbl_name = NULL;
struct iris_description iris_cfg;
memset(&iris_cfg, 0, sizeof(iris_cfg));
@@ -1326,19 +1326,19 @@ int json2iris(const char *json_buff, const char *json_filename,
rule_tbl_name = tmp_obj->valuestring;
}
tmp_obj = cJSON_GetObjectItem(json, "group2rule_table");
tmp_obj = cJSON_GetObjectItem(json, "object2rule_table");
if (tmp_obj) {
group2rule_tbl_name = tmp_obj->valuestring;
object2rule_tbl_name = tmp_obj->valuestring;
}
tmp_obj = cJSON_GetObjectItem(json, "group2group_table");
tmp_obj = cJSON_GetObjectItem(json, "object2object_table");
if (tmp_obj) {
group2group_tbl_name = tmp_obj->valuestring;
object2object_tbl_name = tmp_obj->valuestring;
}
ret = set_iris_descriptor(json_filename, json, encrypt_key, encrypt_algo,
rule_tbl_name, group2rule_tbl_name,
group2group_tbl_name, redis_write_ctx, &iris_cfg);
rule_tbl_name, object2rule_tbl_name,
object2object_tbl_name, redis_write_ctx, &iris_cfg);
if (ret < 0) {
goto error_out;
}

224
src/maat_api.c
View File

@@ -29,7 +29,7 @@
#include "ip_matcher.h"
#include "adapter_hs.h"
#include "maat_garbage_collection.h"
#include "maat_group.h"
#include "maat_object.h"
#include "maat_expr.h"
#include "maat_flag.h"
#include "maat_interval.h"
@@ -288,13 +288,13 @@ int maat_options_set_hit_path_enabled(struct maat_options *opts)
return 0;
}
int maat_options_set_hit_group_enabled(struct maat_options *opts)
int maat_options_set_hit_object_enabled(struct maat_options *opts)
{
if (NULL == opts) {
return -1;
}
opts->hit_group_on = 1;
opts->hit_object_on = 1;
return 0;
}
@@ -1081,22 +1081,22 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
}
}
int group_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
thread_id, flag, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
//Note: object_hit_cnt is equivalent to item_hit_cnt
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
thread_id, object_hit_cnt);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
flag_runtime_hit_times_inc((struct flag_runtime *)flag_rt, thread_id);
return group_hit_cnt;
return object_hit_cnt;
}
static int
@@ -1133,22 +1133,22 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
}
}
int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id, integer, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
//Note: object_hit_cnt is equivalent to item_hit_cnt
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
thread_id, object_hit_cnt);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
interval_runtime_hit_times_inc((struct interval_runtime *)interval_rt, thread_id);
return group_hit_cnt;
return object_hit_cnt;
}
static int
@@ -1179,22 +1179,22 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
}
}
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, port, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
//Note: object_hit_cnt is equivalent to item_hit_cnt
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
thread_id, object_hit_cnt);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
ip_runtime_hit_times_inc((struct ip_runtime *)ip_rt, thread_id);
return group_hit_cnt;
return object_hit_cnt;
}
static int
@@ -1225,22 +1225,22 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
}
}
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
ip_addr, port, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
//Note: object_hit_cnt is equivalent to item_hit_cnt
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
thread_id, object_hit_cnt);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
ip_runtime_hit_times_inc((struct ip_runtime *)ip_rt, thread_id);
return group_hit_cnt;
return object_hit_cnt;
}
static int
@@ -1280,27 +1280,27 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
}
}
int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, data, data_len,
attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
//Note: object_hit_cnt is equivalent to item_hit_cnt
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
thread_id, object_hit_cnt);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
expr_runtime_hit_times_inc((struct expr_runtime *)expr_rt, thread_id);
return group_hit_cnt;
return object_hit_cnt;
}
static size_t
group_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
object_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
struct maat_state *state)
{
int rule_table_id =
@@ -1363,9 +1363,9 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
}
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1373,8 +1373,8 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
if (hit_object_cnt > 0) {
sum_hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
@@ -1397,7 +1397,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
} else if (hit_object_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
} else {
return MAAT_SCAN_OK;
@@ -1448,9 +1448,9 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
}
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1458,8 +1458,8 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
if (hit_object_cnt > 0) {
sum_hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
@@ -1482,7 +1482,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
} else if (hit_object_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
} else {
return MAAT_SCAN_OK;
@@ -1532,9 +1532,9 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
}
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1542,8 +1542,8 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
if (hit_object_cnt > 0) {
sum_hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
@@ -1566,7 +1566,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
} else if (hit_object_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
} else {
return MAAT_SCAN_OK;
@@ -1616,9 +1616,9 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
}
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1626,8 +1626,8 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
if (hit_object_cnt > 0) {
sum_hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
@@ -1650,7 +1650,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
} else if (hit_object_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
} else {
return MAAT_SCAN_OK;
@@ -1719,9 +1719,9 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
}
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
data_len, phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
@@ -1729,8 +1729,8 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
if (hit_object_cnt > 0) {
sum_hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
@@ -1753,21 +1753,21 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
} else if (hit_object_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
} else {
return MAAT_SCAN_OK;
}
}
static void maat_state_add_hit_group(struct maat_state *state, int table_id,
struct maat_hit_group *groups, size_t n_group)
static void maat_state_add_hit_object(struct maat_state *state, int table_id,
struct maat_hit_object *objects, size_t n_object)
{
struct maat *maat_inst = state->maat_inst;
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
if (NULL == state->rule_state) {
@@ -1776,15 +1776,15 @@ static void maat_state_add_hit_group(struct maat_state *state, int table_id,
state->thread_id, 1);
}
size_t n_hit_item = n_group;
if (n_group >= MAX_HIT_GROUP_NUM) {
n_hit_item = MAX_HIT_GROUP_NUM;
size_t n_hit_item = n_object;
if (n_object >= MAX_HIT_OBJECT_NUM) {
n_hit_item = MAX_HIT_OBJECT_NUM;
}
struct maat_item hit_items[n_hit_item];
for (size_t i = 0; i < n_hit_item; i++) {
hit_items[i].item_id = groups[i].item_id;
hit_items[i].group_id = groups[i].group_id;
hit_items[i].item_id = objects[i].item_id;
hit_items[i].object_id = objects[i].object_id;
}
rule_state_update(state->rule_state, maat_inst, table_id,
@@ -1793,7 +1793,7 @@ static void maat_state_add_hit_group(struct maat_state *state, int table_id,
}
static void
maat_state_activate_hit_not_group(struct maat_state *state, int table_id)
maat_state_activate_hit_not_object(struct maat_state *state, int table_id)
{
if (NULL == state) {
return;
@@ -1812,22 +1812,22 @@ maat_state_activate_hit_not_group(struct maat_state *state, int table_id)
return;
}
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
rule_state_not_logic_update(state->rule_state, rule_rt, maat_inst,
table_id, state->Nth_scan);
}
int maat_scan_group(struct maat *maat_inst, int table_id,
struct maat_hit_group *groups, size_t n_group,
int maat_scan_object(struct maat *maat_inst, int table_id,
struct maat_hit_object *objects, size_t n_object,
long long *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || table_id < 0 || table_id >= MAX_TABLE_NUM ||
(NULL == groups) || (0 == n_group) || (NULL == results) ||
(NULL == objects) || (0 == n_object) || (NULL == results) ||
(0 == n_result) || (NULL == n_hit_result) || (NULL == state) ||
(state->thread_id < 0)) {
return -1;
@@ -1852,15 +1852,15 @@ int maat_scan_group(struct maat *maat_inst, int table_id,
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt,
state->thread_id);
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
state->thread_id, n_group);
state->thread_id, n_object);
}
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_add_hit_group(state, table_id, groups, n_group);
size_t hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
maat_state_add_hit_object(state, table_id, objects, n_object);
size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = hit_rule_cnt;
maat_runtime_ref_dec(maat_rt, state->thread_id);
@@ -1895,8 +1895,8 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_activate_hit_not_group(state, table_id);
size_t hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
maat_state_activate_hit_not_object(state, table_id);
size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = hit_rule_cnt;
maat_runtime_ref_dec(maat_rt, state->thread_id);
@@ -2004,22 +2004,22 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
}
}
int group_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data,
int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data,
data_len, stream->attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
//Note: object_hit_cnt is equivalent to item_hit_cnt
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
stream->thread_id, group_hit_cnt);
stream->thread_id, object_hit_cnt);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, stream->thread_id);
}
expr_runtime_stream_hit_times_inc(stream->expr_rt_stream, stream->thread_id);
return group_hit_cnt;
return object_hit_cnt;
}
int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data_len,
@@ -2055,15 +2055,15 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data
alignment_int64_array_add(maat_inst->stat->thread_call_cnt,
maat_stream->thread_id, 1);
int hit_group_cnt = expr_stream_scan(maat_stream, data, data_len, state);
if (hit_group_cnt < 0) {
int hit_object_cnt = expr_stream_scan(maat_stream, data, data_len, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
if (hit_object_cnt > 0) {
sum_hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
@@ -2081,7 +2081,7 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
} else if (hit_object_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
} else {
return MAAT_SCAN_OK;
@@ -2309,13 +2309,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return -1;
}
int g2g_table_id = table_manager_get_group2group_table_id(maat_inst->tbl_mgr);
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
size_t hit_path_cnt =
rule_state_get_internal_hit_paths(state->rule_state,
(struct rule_runtime *)rule_rt,
(struct group2group_runtime *)g2g_runtime,
(struct object2object_runtime *)g2g_runtime,
path_array, array_size);
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,
@@ -2332,11 +2332,11 @@ size_t maat_state_get_scan_count(struct maat_state *state)
return state->Nth_scan;
}
int maat_state_get_direct_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_direct_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size)
{
if (NULL == state || NULL == group_array || 0 == array_size) {
if (NULL == state || NULL == object_array || 0 == array_size) {
return -1;
}
@@ -2344,24 +2344,24 @@ int maat_state_get_direct_hit_groups(struct maat_state *state,
return 0;
}
return rule_state_get_direct_hit_groups(state->rule_state,
group_array, array_size);
return rule_state_get_direct_hit_objects(state->rule_state,
object_array, array_size);
}
size_t maat_state_get_direct_hit_group_cnt(struct maat_state *state)
size_t maat_state_get_direct_hit_object_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return rule_state_get_direct_hit_group_cnt(state->rule_state);
return rule_state_get_direct_hit_object_cnt(state->rule_state);
}
int maat_state_get_indirect_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_indirect_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size)
{
if (NULL == state || NULL == group_array || 0 == array_size) {
if (NULL == state || NULL == object_array || 0 == array_size) {
return -1;
}
@@ -2369,36 +2369,36 @@ int maat_state_get_indirect_hit_groups(struct maat_state *state,
return 0;
}
return rule_state_get_indirect_hit_groups(state->rule_state,
group_array, array_size);
return rule_state_get_indirect_hit_objects(state->rule_state,
object_array, array_size);
}
size_t maat_state_get_indirect_hit_group_cnt(struct maat_state *state)
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return rule_state_get_indirect_hit_group_cnt(state->rule_state);
return rule_state_get_indirect_hit_object_cnt(state->rule_state);
}
int maat_state_get_last_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
int maat_state_get_last_hit_objects(struct maat_state *state,
struct maat_hit_object *object_array,
size_t array_size)
{
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return rule_state_get_last_hit_groups(state->rule_state,
group_array, array_size);
return rule_state_get_last_hit_objects(state->rule_state,
object_array, array_size);
}
size_t maat_state_get_last_hit_group_cnt(struct maat_state *state)
size_t maat_state_get_last_hit_object_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return rule_state_get_last_hit_group_cnt(state->rule_state);
return rule_state_get_last_hit_object_cnt(state->rule_state);
}

2
src/maat_command.c
View File

@@ -158,7 +158,7 @@ redis_flushDB(redisContext *ctx, int db_index, struct log_handle *logger)
append_cmd_cnt++;
redisAppendCommand(ctx, "SET %s 1", mr_region_id_var);
append_cmd_cnt++;
redisAppendCommand(ctx, "SET %s 1", mr_group_id_var);
redisAppendCommand(ctx, "SET %s 1", mr_object_id_var);
append_cmd_cnt++;
redisAppendCommand(ctx, "EXEC");
append_cmd_cnt++;

30
src/maat_expr.c
View File

@@ -21,7 +21,7 @@
#include "maat.h"
#include "maat_core.h"
#include "maat_rule.h"
#include "maat_group.h"
#include "maat_object.h"
#include "alignment.h"
#include "maat_garbage_collection.h"
@@ -35,7 +35,7 @@
struct expr_schema {
int item_id_column;
int group_id_column;
int object_id_column;
int district_column;
int keywords_column;
int expr_type_column;
@@ -63,7 +63,7 @@ enum match_method {
struct expr_item {
long long item_id;
long long group_id;
long long object_id;
char keywords[MAX_KEYWORDS_STR_LEN + 1];
enum expr_type expr_type;
void *user_data;
@@ -175,15 +175,15 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
}
expr_item->item_id = atoll(line + column_offset);
ret = get_column_pos(line, expr_schema->group_id_column, &column_offset,
ret = get_column_pos(line, expr_schema->object_id_column, &column_offset,
&column_len);
if (ret < 0) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no group_id in line:%s",
"[%s:%d] expr table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
expr_item->group_id = atoll(line + column_offset);
expr_item->object_id = atoll(line + column_offset);
ret = get_column_pos(line, expr_schema->keywords_column, &column_offset, &column_len);
if (ret < 0) {
@@ -311,12 +311,12 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
goto error;
}
custom_item = cJSON_GetObjectItem(item, "group_id");
custom_item = cJSON_GetObjectItem(item, "object_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
expr_schema->group_id_column = custom_item->valueint;
expr_schema->object_id_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> schema has no group_id column",
"[%s:%d] expr table:<%s> schema has no object_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -953,9 +953,9 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len,
int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
if (0 == expr_rt->rule_num) {
@@ -1002,7 +1002,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
}
hit_maat_items[real_hit_item_num].item_id = item_id;
hit_maat_items[real_hit_item_num].group_id = expr_item->group_id;
hit_maat_items[real_hit_item_num].object_id = expr_item->object_id;
real_hit_item_num++;
}
}
@@ -1049,9 +1049,9 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
{
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
if (0 == expr_rt->rule_num) {
@@ -1097,7 +1097,7 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].group_id = expr_item->group_id;
hit_maat_items[real_hit_item_cnt].object_id = expr_item->object_id;
real_hit_item_cnt++;
}

22
src/maat_flag.c
View File

@@ -26,7 +26,7 @@
struct flag_schema {
int item_id_column;
int group_id_column;
int object_id_column;
int district_column;
int flag_column;
int flag_mask_column;
@@ -36,7 +36,7 @@ struct flag_schema {
struct flag_item {
long long item_id;
long long group_id;
long long object_id;
long long flag;
long long flag_mask;
void *user_data;
@@ -104,12 +104,12 @@ void *flag_schema_new(cJSON *json, struct table_manager *tbl_mgr,
goto error;
}
custom_item = cJSON_GetObjectItem(item, "group_id");
custom_item = cJSON_GetObjectItem(item, "object_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->group_id_column = custom_item->valueint;
schema->object_id_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> schema has no group_id column",
"[%s:%d] flag table:<%s> schema has no object_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -326,15 +326,15 @@ flag_item_new(struct flag_schema *schema, const char *table_name,
}
item->item_id = atoll(line + column_offset);
ret = get_column_pos(line, schema->group_id_column, &column_offset,
ret = get_column_pos(line, schema->object_id_column, &column_offset,
&column_len);
if (ret < 0) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no group_id in line:%s",
"[%s:%d] flag table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
item->group_id = atoll(line + column_offset);
item->object_id = atoll(line + column_offset);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
@@ -555,9 +555,9 @@ long long flag_runtime_rule_count(void *flag_runtime)
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
if (0 == flag_rt->rule_num) {
@@ -598,7 +598,7 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].group_id = flag_item->group_id;
hit_maat_items[real_hit_item_cnt].object_id = flag_item->object_id;
real_hit_item_cnt++;
}
}

1252
src/maat_group.c
View File

File diff suppressed because it is too large Load Diff

22
src/maat_interval.c
View File

@@ -23,7 +23,7 @@
struct interval_schema {
int item_id_column;
int group_id_column;
int object_id_column;
int district_column;
int interval_column;
int table_id;
@@ -32,7 +32,7 @@ struct interval_schema {
struct interval_item {
long long item_id;
long long group_id;
long long object_id;
int low_boundary;
int up_boundary;
void *user_data;
@@ -100,12 +100,12 @@ void *interval_schema_new(cJSON *json, struct table_manager *tbl_mgr,
goto error;
}
custom_item = cJSON_GetObjectItem(item, "group_id");
custom_item = cJSON_GetObjectItem(item, "object_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
schema->group_id_column = custom_item->valueint;
schema->object_id_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> schema has no group_id column",
"[%s:%d] interval table:<%s> schema has no object_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -289,15 +289,15 @@ interval_item_new(struct interval_schema *schema, const char *table_name,
}
item->item_id = atoll(line + column_offset);
ret = get_column_pos(line, schema->group_id_column, &column_offset,
ret = get_column_pos(line, schema->object_id_column, &column_offset,
&column_len);
if (ret < 0) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no group_id in line:%s",
"[%s:%d] interval table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
item->group_id = atoll(line + column_offset);
item->object_id = atoll(line + column_offset);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
@@ -544,9 +544,9 @@ long long interval_runtime_rule_count(void *interval_runtime)
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
if (0 == interval_rt->rule_num) {
@@ -587,7 +587,7 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].group_id = int_item->group_id;
hit_maat_items[real_hit_item_cnt].object_id = int_item->object_id;
real_hit_item_cnt++;
}
}

22
src/maat_ip.c
View File

@@ -25,7 +25,7 @@
struct ip_schema {
int item_id_column;
int group_id_column;
int object_id_column;
int ip_column;
int table_id;
int port_column;
@@ -44,7 +44,7 @@ struct ipv6_item_rule {
struct ip_item {
long long item_id;
long long group_id;
long long object_id;
int addr_type;
union {
struct ipv4_item_rule ipv4;
@@ -107,12 +107,12 @@ void *ip_schema_new(cJSON *json, struct table_manager *tbl_mgr,
goto error;
}
custom_item = cJSON_GetObjectItem(item, "group_id");
custom_item = cJSON_GetObjectItem(item, "object_id");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
ip_schema->group_id_column = custom_item->valueint;
ip_schema->object_id_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> schema has no group_id column",
"[%s:%d] ip table:<%s> schema has no object_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -164,15 +164,15 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name,
}
ip_item->item_id = atoll(line + column_offset);
ret = get_column_pos(line, ip_schema->group_id_column, &column_offset,
ret = get_column_pos(line, ip_schema->object_id_column, &column_offset,
&column_len);
if (ret < 0) {
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no group_id in line:%s",
"[%s:%d] ip table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
ip_item->group_id = atoll(line + column_offset);
ip_item->object_id = atoll(line + column_offset);
ret = get_column_pos(line, ip_schema->ip_column, &column_offset,
&column_len);
@@ -522,9 +522,9 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
//clear rule_state->last_hit_object
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
rule_state_clear_last_hit_object(state->rule_state);
}
if (0 == ip_rt->rule_num) {
@@ -584,7 +584,7 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
}
hit_maat_items[real_hit_item_cnt].item_id = ip_results[i].rule_id;
hit_maat_items[real_hit_item_cnt].group_id = ip_item->group_id;
hit_maat_items[real_hit_item_cnt].object_id = ip_item->object_id;
real_hit_item_cnt++;
}

1252
src/maat_object.c Normal file
View File

File diff suppressed because it is too large Load Diff

568
src/maat_rule.c
View File

File diff suppressed because it is too large Load Diff

16
src/maat_stat.c
View File

@@ -17,7 +17,7 @@
#include "alignment.h"
#include "maat_ip.h"
#include "maat_rule.h"
#include "maat_group.h"
#include "maat_object.h"
#include "maat_plugin.h"
#include "maat_expr.h"
@@ -30,7 +30,7 @@ enum MAAT_FS_STATUS {
STATUS_PLUGIN_CACHE_NUM,
STATUS_PLUGIN_ACC_NUM,
STATUS_CONDITION_REF_NOT_NUM,
STATUS_GROUP_REF_EXCL_NUM, //group reference exclude group num
STATUS_OBJECT_REF_EXCL_NUM, //object reference exclude object num
STATUS_HIT_RULE_NUM,
STATUS_MAAT_STATE_NUM,
STATUS_MAAT_PER_STATE_MEM,
@@ -78,7 +78,7 @@ static void fs_global_metric_register(struct maat_stat *stat)
stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "NOT_condition_num");
stat->g_metric_id[STATUS_GROUP_REF_EXCL_NUM] =
stat->g_metric_id[STATUS_OBJECT_REF_EXCL_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "excl_grp");
stat->g_metric_id[STATUS_GARBAGE_QUEUE_LEN] =
@@ -272,11 +272,11 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
plugin_cache_num += plugin_runtime_cached_row_count(runtime);
plugin_rule_num += plugin_runtime_rule_count(runtime);
break;
case TABLE_TYPE_GROUP2RULE:
g2c_not_condition_num += group2rule_runtime_not_condition_count(runtime);
case TABLE_TYPE_OBJECT2RULE:
g2c_not_condition_num += object2rule_runtime_not_condition_count(runtime);
break;
case TABLE_TYPE_GROUP2GROUP:
g2g_excl_rule_num += group2group_runtime_exclude_rule_count(runtime);
case TABLE_TYPE_OBJECT2OBJECT:
g2g_excl_rule_num += object2object_runtime_exclude_rule_count(runtime);
break;
case TABLE_TYPE_EXPR:
case TABLE_TYPE_EXPR_PLUS:
@@ -419,7 +419,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
NULL, 0, g2c_not_condition_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_GROUP_REF_EXCL_NUM],
stat->g_metric_id[STATUS_OBJECT_REF_EXCL_NUM],
NULL, 0, g2g_excl_rule_num);
}

56
src/maat_table.c
View File

@@ -19,7 +19,7 @@
#include "maat_expr.h"
#include "maat_ip.h"
#include "maat_rule.h"
#include "maat_group.h"
#include "maat_object.h"
#include "maat_flag.h"
#include "maat_plugin.h"
#include "maat_ip_plugin.h"
@@ -289,26 +289,26 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.update_err_count = rule_runtime_update_err_count
},
{
.type = TABLE_TYPE_GROUP2GROUP,
.new_schema = group2group_schema_new,
.free_schema = group2group_schema_free,
.new_runtime = group2group_runtime_new,
.free_runtime = group2group_runtime_free,
.update_runtime = group2group_runtime_update,
.commit_runtime = group2group_runtime_commit,
.rule_count = group2group_runtime_rule_count,
.update_err_count = group2group_runtime_update_err_count
.type = TABLE_TYPE_OBJECT2OBJECT,
.new_schema = object2object_schema_new,
.free_schema = object2object_schema_free,
.new_runtime = object2object_runtime_new,
.free_runtime = object2object_runtime_free,
.update_runtime = object2object_runtime_update,
.commit_runtime = object2object_runtime_commit,
.rule_count = object2object_runtime_rule_count,
.update_err_count = object2object_runtime_update_err_count
},
{
.type = TABLE_TYPE_GROUP2RULE,
.new_schema = group2rule_schema_new,
.free_schema = group2rule_schema_free,
.new_runtime = group2rule_runtime_new,
.free_runtime = group2rule_runtime_free,
.update_runtime = group2rule_runtime_update,
.type = TABLE_TYPE_OBJECT2RULE,
.new_schema = object2rule_schema_new,
.free_schema = object2rule_schema_free,
.new_runtime = object2rule_runtime_new,
.free_runtime = object2rule_runtime_free,
.update_runtime = object2rule_runtime_update,
.commit_runtime = NULL,
.rule_count = group2rule_runtime_rule_count,
.update_err_count = group2rule_runtime_update_err_count
.rule_count = object2rule_runtime_rule_count,
.update_err_count = object2rule_runtime_update_err_count
}
};
@@ -500,8 +500,8 @@ static void maat_table_schema_free(void *schema, enum table_type table_type)
static void register_reserved_word(struct maat_kv_store *reserved_word_map)
{
maat_kv_register(reserved_word_map, "rule", TABLE_TYPE_RULE);
maat_kv_register(reserved_word_map, "group2rule", TABLE_TYPE_GROUP2RULE);
maat_kv_register(reserved_word_map, "group2group", TABLE_TYPE_GROUP2GROUP);
maat_kv_register(reserved_word_map, "object2rule", TABLE_TYPE_OBJECT2RULE);
maat_kv_register(reserved_word_map, "object2object", TABLE_TYPE_OBJECT2OBJECT);
maat_kv_register(reserved_word_map, "flag", TABLE_TYPE_FLAG);
maat_kv_register(reserved_word_map, "flag_plus", TABLE_TYPE_FLAG_PLUS);
maat_kv_register(reserved_word_map, "expr", TABLE_TYPE_EXPR);
@@ -905,7 +905,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
}
if (maat_tbl->table_type == TABLE_TYPE_GROUP2GROUP) {
if (maat_tbl->table_type == TABLE_TYPE_OBJECT2OBJECT) {
g2g_table_id = maat_tbl->table_id;
}
@@ -930,7 +930,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
tbl_mgr->g2g_table_id = g2g_table_id;
log_info(logger, MODULE_TABLE, "default rule table id: %d", default_rule_table_id);
log_info(logger, MODULE_TABLE, "group2group table id: %d", g2g_table_id);
log_info(logger, MODULE_TABLE, "object2object table id: %d", g2g_table_id);
next:
FREE(json_buff);
maat_kv_store_free(reserved_word_map);
@@ -990,18 +990,18 @@ int table_manager_runtime_create(struct table_manager *tbl_mgr, size_t max_threa
garbage_bin, tbl_mgr->logger);
}
/* group2rule runtime depends on associated rule runtime,
/* object2rule runtime depends on associated rule runtime,
must make sure associated rule runtime already exist */
for (i = 0; i < MAX_TABLE_NUM; i++) {
table_type = table_manager_get_table_type(tbl_mgr, i);
if (table_type != TABLE_TYPE_GROUP2RULE) {
if (table_type != TABLE_TYPE_OBJECT2RULE) {
continue;
}
void *schema = table_manager_get_schema(tbl_mgr, i);
if (NULL == schema) {
log_fatal(tbl_mgr->logger, MODULE_TABLE,
"[%s:%d] group2rule table(table_id:%d) schema is null",
"[%s:%d] object2rule table(table_id:%d) schema is null",
__FUNCTION__, __LINE__, i);
continue;
}
@@ -1011,9 +1011,9 @@ int table_manager_runtime_create(struct table_manager *tbl_mgr, size_t max_threa
continue;
}
int asso_rule_table_id = group2rule_associated_rule_table_id(schema);
int asso_rule_table_id = object2rule_associated_rule_table_id(schema);
void *rule_updating_rt = table_manager_get_updating_runtime(tbl_mgr, asso_rule_table_id);
group2rule_runtime_init(g2c_updating_rt, rule_updating_rt);
object2rule_runtime_init(g2c_updating_rt, rule_updating_rt);
}
return 0;
@@ -1163,7 +1163,7 @@ int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr)
return tbl_mgr->default_rule_table_id;
}
int table_manager_get_group2group_table_id(struct table_manager *tbl_mgr)
int table_manager_get_object2object_table_id(struct table_manager *tbl_mgr)
{
if (NULL == tbl_mgr) {
return -1;

4
src/maat_utils.c
View File

@@ -603,8 +603,8 @@ int ids_str2longlong_array(const char *ids_str, UT_array *ids_array)
subtoken = strtok_r(str, seps, &saveptr);
if (subtoken == NULL)
break;
long long group_id = atoll(subtoken);
utarray_push_back(ids_array, &group_id);
long long object_id = atoll(subtoken);
utarray_push_back(ids_array, &object_id);
counter++;
}

4
test/CMakeLists.txt
View File

@@ -37,7 +37,7 @@ target_link_libraries(bool_matcher_gtest maat_frame_static gtest_static)
add_executable(maat_ex_data_gtest maat_ex_data_gtest.cpp)
target_link_libraries(maat_ex_data_gtest maat_frame_static gtest_static)
add_subdirectory(group_nesting)
add_subdirectory(object_nesting)
add_subdirectory(ipport_plugin)
add_subdirectory(benchmark)
@@ -52,7 +52,7 @@ file(COPY tsgrule DESTINATION ./)
file(COPY testdata DESTINATION ./)
file(COPY test_streamfiles DESTINATION ./)
file(COPY json_update DESTINATION ./)
file(COPY group_nesting DESTINATION ./)
file(COPY object_nesting DESTINATION ./)
file(COPY ipport_plugin DESTINATION ./)
file(COPY benchmark DESTINATION ./)

248
test/benchmark/benchmark_gtest.cpp
View File

@@ -137,7 +137,7 @@ void generate_rule_sample(const char *table_name, int sample_count)
fclose(fp);
}
void generate_group2rule_sample(const char *table_name, const char *attribute_name,
void generate_object2rule_sample(const char *table_name, const char *attribute_name,
int sample_count)
{
FILE *fp = fopen(table_name, "w+");
@@ -527,11 +527,11 @@ protected:
}
fprintf(fp, "REGEX_100\t100\t./regex_rules/REGEX_100\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_100", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_100", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -623,7 +623,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("./RULE_PERF");
system_cmd_rmdir("./GROUP2RULE_PERF");
system_cmd_rmdir("./OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -694,11 +694,11 @@ protected:
}
fprintf(fp, "REGEX_200\t200\t./regex_rules/REGEX_200\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_200", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_200", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -790,7 +790,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("./RULE_PERF");
system_cmd_rmdir("./GROUP2RULE_PERF");
system_cmd_rmdir("./OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -861,11 +861,11 @@ protected:
}
fprintf(fp, "REGEX_300\t300\t./regex_rules/REGEX_300\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_300", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_300", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -957,7 +957,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("./RULE_PERF");
system_cmd_rmdir("./GROUP2RULE_PERF");
system_cmd_rmdir("./OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -1028,11 +1028,11 @@ protected:
}
fprintf(fp, "REGEX_500\t500\t./regex_rules/REGEX_500\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_500", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_500", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -1124,7 +1124,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("./RULE_PERF");
system_cmd_rmdir("./GROUP2RULE_PERF");
system_cmd_rmdir("./OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -1195,11 +1195,11 @@ protected:
}
fprintf(fp, "REGEX_1K\t1000\t./regex_rules/REGEX_1K\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_1K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_1K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -1291,7 +1291,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("./RULE_PERF");
system_cmd_rmdir("./GROUP2RULE_PERF");
system_cmd_rmdir("./OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -1362,11 +1362,11 @@ protected:
}
fprintf(fp, "REGEX_2K\t2000\t./regex_rules/REGEX_2K\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_2K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_2K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -1458,7 +1458,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("./RULE_PERF");
system_cmd_rmdir("./GROUP2RULE_PERF");
system_cmd_rmdir("./OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -1529,11 +1529,11 @@ protected:
}
fprintf(fp, "REGEX_3K\t3000\t./regex_rules/REGEX_3K\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_3K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_3K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -1625,7 +1625,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -1696,11 +1696,11 @@ protected:
}
fprintf(fp, "REGEX_5K\t5000\t./regex_rules/REGEX_5K\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_5K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_5K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -1792,7 +1792,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -1863,11 +1863,11 @@ protected:
}
fprintf(fp, "REGEX_10K\t10000\t./regex_rules/REGEX_10K\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_10K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_10K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -1959,7 +1959,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -2030,11 +2030,11 @@ protected:
}
fprintf(fp, "REGEX_15K\t15000\t./regex_rules/REGEX_15K\n");
fprintf(fp, "RULE_PERF\t10\t./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF\t10\t./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF\t10\t./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "REGEX_15K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "REGEX_15K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -2126,7 +2126,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -2198,11 +2198,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_1K 1000 ./EXPR_LITERAL_1K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_1K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_1K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -2294,7 +2294,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -2366,11 +2366,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_5K 5000 ./EXPR_LITERAL_5K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_5K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_5K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -2462,7 +2462,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -2534,11 +2534,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_10K 10000 ./EXPR_LITERAL_10K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_10K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_10K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -2630,7 +2630,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -2702,11 +2702,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_50K 50000 ./EXPR_LITERAL_50K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_50K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_50K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -2798,7 +2798,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -2870,11 +2870,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_100K 100000 ./EXPR_LITERAL_100K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_100K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_100K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -2966,7 +2966,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -3038,11 +3038,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_500K 500000 ./EXPR_LITERAL_500K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_500K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_500K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -3134,7 +3134,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -3206,11 +3206,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_1M 1000000 ./EXPR_LITERAL_1M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_1M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_1M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -3302,7 +3302,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -3374,11 +3374,11 @@ protected:
}
fprintf(fp, "EXPR_LITERAL_2M 2000000 ./EXPR_LITERAL_2M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "EXPR_LITERAL_2M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "EXPR_LITERAL_2M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -3470,7 +3470,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -3542,11 +3542,11 @@ protected:
}
fprintf(fp, "STREAM_1K 1000 ./STREAM_1K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_1K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_1K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -3635,7 +3635,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -3704,11 +3704,11 @@ protected:
}
fprintf(fp, "STREAM_5K 5000 ./STREAM_5K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_5K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_5K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -3797,7 +3797,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -3866,11 +3866,11 @@ protected:
}
fprintf(fp, "STREAM_10K 10000 ./STREAM_10K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_10K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_10K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -3959,7 +3959,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4028,11 +4028,11 @@ protected:
}
fprintf(fp, "STREAM_50K 50000 ./STREAM_50K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_50K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_50K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4121,7 +4121,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4190,11 +4190,11 @@ protected:
}
fprintf(fp, "STREAM_100K 100000 ./STREAM_100K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_100K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_100K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4283,7 +4283,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4352,11 +4352,11 @@ protected:
}
fprintf(fp, "STREAM_500K 500000 ./STREAM_500K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_500K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_500K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4445,7 +4445,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4514,11 +4514,11 @@ protected:
}
fprintf(fp, "STREAM_1M 1000000 ./STREAM_1M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_1M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_1M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4607,7 +4607,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4676,11 +4676,11 @@ protected:
}
fprintf(fp, "STREAM_2M 2000000 ./STREAM_2M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "STREAM_2M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "STREAM_2M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4769,7 +4769,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4838,11 +4838,11 @@ protected:
}
fprintf(fp, "IP_1K 1000 ./IP_1K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_1K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_1K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4856,7 +4856,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -4928,11 +4928,11 @@ protected:
}
fprintf(fp, "IP_5K 5000 ./IP_5K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_5K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_5K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -4946,7 +4946,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5018,11 +5018,11 @@ protected:
}
fprintf(fp, "IP_10K 10000 ./IP_10K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_10K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_10K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5036,7 +5036,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5108,11 +5108,11 @@ protected:
}
fprintf(fp, "IP_50K 50000 ./IP_50K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_50K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_50K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5126,7 +5126,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5198,11 +5198,11 @@ protected:
}
fprintf(fp, "IP_100K 100000 ./IP_100K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_100K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_100K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5216,7 +5216,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5288,11 +5288,11 @@ protected:
}
fprintf(fp, "IP_500K 500000 ./IP_500K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_500K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_500K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5306,7 +5306,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5378,11 +5378,11 @@ protected:
}
fprintf(fp, "IP_1M 1000000 ./IP_1M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_1M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_1M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5396,7 +5396,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5468,11 +5468,11 @@ protected:
}
fprintf(fp, "IP_5M 5000000 ./IP_5M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_5M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_5M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5486,7 +5486,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5558,11 +5558,11 @@ protected:
}
fprintf(fp, "IP_10M 10000000 ./IP_10M\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "IP_10M", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "IP_10M", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5576,7 +5576,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5648,11 +5648,11 @@ protected:
}
fprintf(fp, "INTEGER_1K 1000 ./INTEGER_1K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "INTEGER_1K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "INTEGER_1K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5666,7 +5666,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5738,11 +5738,11 @@ protected:
}
fprintf(fp, "INTEGER_5K 5000 ./INTEGER_5K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "INTEGER_5K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "INTEGER_5K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5756,7 +5756,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5828,11 +5828,11 @@ protected:
}
fprintf(fp, "INTEGER_10K 10000 ./INTEGER_10K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "INTEGER_10K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "INTEGER_10K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5846,7 +5846,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -5918,11 +5918,11 @@ protected:
}
fprintf(fp, "FLAG_1K 1000 ./FLAG_1K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "FLAG_1K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "FLAG_1K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -5936,7 +5936,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -6008,11 +6008,11 @@ protected:
}
fprintf(fp, "FLAG_5K 5000 ./FLAG_5K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "FLAG_5K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "FLAG_5K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -6026,7 +6026,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;
@@ -6098,11 +6098,11 @@ protected:
}
fprintf(fp, "FLAG_10K 10000 ./FLAG_10K\n");
fprintf(fp, "RULE_PERF 10 ./RULE_PERF\n");
fprintf(fp, "GROUP2RULE_PERF 10 ./GROUP2RULE_PERF\n");
fprintf(fp, "OBJECT2RULE_PERF 10 ./OBJECT2RULE_PERF\n");
fclose(fp);
generate_rule_sample("RULE_PERF", 10);
generate_group2rule_sample("GROUP2RULE_PERF", "FLAG_10K", 10);
generate_object2rule_sample("OBJECT2RULE_PERF", "FLAG_10K", 10);
struct maat_options *opts = maat_options_new();
maat_options_set_logger(opts, "./benchmark_gtest.log", LOG_LEVEL_INFO);
@@ -6116,7 +6116,7 @@ protected:
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
system_cmd_rmdir("RULE_PERF");
system_cmd_rmdir("GROUP2RULE_PERF");
system_cmd_rmdir("OBJECT2RULE_PERF");
}
static struct log_handle *logger;

102
test/benchmark/benchmark_table_info.conf
View File

@@ -6,7 +6,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -20,7 +20,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -34,7 +34,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -48,7 +48,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -62,7 +62,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -76,7 +76,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -90,7 +90,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -104,7 +104,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -118,7 +118,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -132,7 +132,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -150,7 +150,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -168,7 +168,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -186,7 +186,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -204,7 +204,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -222,7 +222,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -240,7 +240,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -258,7 +258,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -276,7 +276,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -294,7 +294,7 @@
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
@@ -312,7 +312,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"low_boundary":3,
"up_boundary":4
}
@@ -324,7 +324,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"low_boundary":3,
"up_boundary":4
}
@@ -336,7 +336,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"low_boundary":3,
"up_boundary":4
}
@@ -348,7 +348,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"low_boundary":3,
"up_boundary":4
}
@@ -360,7 +360,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"low_boundary":3,
"up_boundary":4
}
@@ -372,7 +372,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}
@@ -384,7 +384,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}
@@ -396,7 +396,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}
@@ -408,7 +408,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}
@@ -420,7 +420,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}
@@ -432,7 +432,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -446,7 +446,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -460,7 +460,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -474,7 +474,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -488,7 +488,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -502,7 +502,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -516,7 +516,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -530,7 +530,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -544,7 +544,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -565,12 +565,12 @@
},
{
"table_id":40,
"table_name":"GROUP2RULE_PERF",
"table_type":"group2rule",
"table_name":"OBJECT2RULE_PERF",
"table_type":"object2rule",
"associated_rule_table_id":39,
"valid_column":6,
"custom": {
"group_id":1,
"object_id":1,
"rule_id":2,
"negate_option":3,
"attribute_name":4,
@@ -584,7 +584,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -598,7 +598,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -612,7 +612,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -626,7 +626,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -640,7 +640,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -654,7 +654,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -668,7 +668,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -682,7 +682,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -696,7 +696,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -710,7 +710,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,

36
test/file_test_tableinfo.conf
View File

@@ -36,23 +36,23 @@
},
{
"table_id":3,
"table_name":"NTC_GROUP2GROUP",
"table_type":"group2group",
"table_name":"NTC_OBJECT2OBJECT",
"table_type":"object2object",
"valid_column":4,
"custom": {
"group_id":1,
"included_sub_group_ids":2,
"excluded_sub_group_ids":3
"object_id":1,
"included_sub_object_ids":2,
"excluded_sub_object_ids":3
}
},
{
"table_id":4,
"table_name":"NTC_GROUP2RULE",
"table_type":"group2rule",
"table_name":"NTC_OBJECT2RULE",
"table_type":"object2rule",
"associated_rule_table_id":2,
"valid_column":3,
"custom": {
"group_id":1,
"object_id":1,
"rule_id":2,
"negate_option":4,
"attribute_name":5,
@@ -66,7 +66,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"ip":3,
"port":4
}
@@ -78,7 +78,7 @@
"valid_column":4,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"interval":3
}
},
@@ -89,7 +89,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"ip":3,
"port":4
}
@@ -102,7 +102,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -117,7 +117,7 @@
"valid_column":8,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"keywords":4,
"expr_type":5,
@@ -133,7 +133,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -147,7 +147,7 @@
"valid_column":8,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"keywords":4,
"expr_type":5,
@@ -162,7 +162,7 @@
"valid_column":8,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"keywords":4,
"expr_type":5,
@@ -177,7 +177,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
@@ -191,7 +191,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,

4
test/group_nesting/CMakeLists.txt
View File

@@ -1,4 +0,0 @@
include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal)
add_executable(group_nesting_gtest group_nesting_gtest.cpp)
target_link_libraries(group_nesting_gtest maat_frame_static gtest_static)

51
test/group_nesting/group_nesting_L3.conf
View File

@@ -1,51 +0,0 @@
{
"add_items": [
{
"group_id": 5,
"included_sub_group_ids": "8",
"excluded_sub_group_ids": "9"
},
{
"group_id": 1,
"included_sub_group_ids": "6,9",
"excluded_sub_group_ids": "5"
},
{
"group_id": 6,
"included_sub_group_ids": "10,11",
"excluded_sub_group_ids": "7"
},
{
"group_id": 7,
"included_sub_group_ids": "11,12",
"excluded_sub_group_ids": "10"
},
{
"group_id": 2,
"included_sub_group_ids": "7",
"excluded_sub_group_ids": "6"
},
{
"group_id": 4,
"included_sub_group_ids": "7",
"excluded_sub_group_ids": "13"
},
{
"group_id": 3,
"included_sub_group_ids": "13",
"excluded_sub_group_ids": "6"
}
],
"del_items": [
{
"group_id": 6,
"included_sub_group_ids": "null",
"excluded_sub_group_ids": "7"
},
{
"group_id": 4,
"included_sub_group_ids": "null",
"excluded_sub_group_ids": "13"
}
]
}

76
test/group_nesting/group_nesting_L4.conf
View File

@@ -1,76 +0,0 @@
{
"add_items": [
{
"group_id": 8,
"included_sub_group_ids": "14",
"excluded_sub_group_ids": "15"
},
{
"group_id": 9,
"included_sub_group_ids": "14,16",
"excluded_sub_group_ids": "null"
},
{
"group_id": 5,
"included_sub_group_ids": "8",
"excluded_sub_group_ids": "9"
},
{
"group_id": 1,
"included_sub_group_ids": "6,9",
"excluded_sub_group_ids": "5"
},
{
"group_id": 10,
"included_sub_group_ids": "16",
"excluded_sub_group_ids": "null"
},
{
"group_id": 7,
"included_sub_group_ids": "10,12",
"excluded_sub_group_ids": "null"
},
{
"group_id": 6,
"included_sub_group_ids": "7,11",
"excluded_sub_group_ids": "10"
},
{
"group_id": 11,
"included_sub_group_ids": "17",
"excluded_sub_group_ids": "null"
},
{
"group_id": 12,
"included_sub_group_ids": "17",
"excluded_sub_group_ids": "null"
},
{
"group_id":13,
"included_sub_group_ids": "17",
"excluded_sub_group_ids": "18"
},
{
"group_id": 2,
"included_sub_group_ids": "7",
"excluded_sub_group_ids": "6"
},
{
"group_id": 4,
"included_sub_group_ids": "7",
"excluded_sub_group_ids": "13"
},
{
"group_id": 3,
"included_sub_group_ids": "13",
"excluded_sub_group_ids": "6"
}
],
"del_items": [
{
"group_id": 6,
"included_sub_group_ids": "null",
"excluded_sub_group_ids": "10"
}
]
}

56
test/group_nesting/group_nesting_exceed.conf
View File

@@ -1,56 +0,0 @@
{
"add_items": [
{
"group_id": 3,
"included_sub_group_ids": "6",
"excluded_sub_group_ids": "7"
},
{
"group_id": 1,
"included_sub_group_ids": "3,7",
"excluded_sub_group_ids": "4"
},
{
"group_id": 10,
"included_sub_group_ids": "13",
"excluded_sub_group_ids": "null"
},
{
"group_id": 11,
"included_sub_group_ids": "10",
"excluded_sub_group_ids": "null"
},
{
"group_id": 8,
"included_sub_group_ids": "11",
"excluded_sub_group_ids": "null"
},
{
"group_id": 5,
"included_sub_group_ids": "8",
"excluded_sub_group_ids": "null"
},
{
"group_id": 4,
"included_sub_group_ids": "5",
"excluded_sub_group_ids": "null"
},
{
"group_id": 12,
"included_sub_group_ids": "5",
"excluded_sub_group_ids": "2"
},
{
"group_id": 2,
"included_sub_group_ids": "4",
"excluded_sub_group_ids": "null"
}
],
"del_items": [
{
"group_id": 10,
"included_sub_group_ids": "13",
"excluded_sub_group_ids": "null"
}
]
}

492
test/group_nesting/group_nesting_gtest.cpp
View File

@@ -1,492 +0,0 @@
#include "maat.h"
#include "log/log.h"
#include "cJSON/cJSON.h"
#include "maat_core.h"
#include "uthash/utarray.h"
#include "maat_utils.h"
#include "maat_command.h"
#include "maat_group.h"
#include <gtest/gtest.h>
#define MODULE_GROUP_NESTING_GTEST module_name_str("maat.group_nesting_gtest")
#define MAX_IDS_STR_LEN 64
#define MAX_ITEM_NUM 64
#define WAIT_FOR_EFFECTIVE_S 2
#define MAX_G2G_SCAN_TIMES (1000 * 1000)
const char *g_table_info_path = "./group_exclude_table_info.conf";
const char *log_file = "./group_exclude_gtest.log";
struct group_item {
long long group_id;
char incl_sub_ids_str[MAX_IDS_STR_LEN];
char excl_sub_ids_str[MAX_IDS_STR_LEN];
};
struct group2group_rule {
size_t n_add_item;
size_t n_del_item;
struct group_item add_items[MAX_ITEM_NUM];
struct group_item del_items[MAX_ITEM_NUM];
};
UT_icd ut_ex_group_id_icd = {sizeof(long long), NULL, NULL, NULL};
static int
parse_config_file(const char *filename, struct group2group_rule *rules)
{
unsigned char *json_buff = NULL;
size_t json_buff_size = 0;
int ret = load_file_to_memory(filename, &json_buff, &json_buff_size);
if (ret < 0) {
printf("load file:%s to memory failed.\n", filename);
return -1;
}
size_t rule_cnt = 0;
cJSON *items_array = NULL;
cJSON *root = cJSON_Parse((const char *)json_buff);
if (NULL == root) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
items_array = cJSON_GetObjectItem(root, "add_items");
if (NULL == items_array) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rule_cnt = cJSON_GetArraySize(items_array);
for (size_t i = 0; i < rule_cnt; i++) {
cJSON *item_obj = cJSON_GetArrayItem(items_array, i);
cJSON *tmp_item = cJSON_GetObjectItem(item_obj, "group_id");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
rules->add_items[i].group_id = tmp_item->valueint;
}
tmp_item = cJSON_GetObjectItem(item_obj, "included_sub_group_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->add_items[i].incl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
tmp_item = cJSON_GetObjectItem(item_obj, "excluded_sub_group_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->add_items[i].excl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
}
rules->n_add_item = rule_cnt;
items_array = cJSON_GetObjectItem(root, "del_items");
if (NULL == items_array) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rule_cnt = cJSON_GetArraySize(items_array);
for (size_t i = 0; i < rule_cnt; i++) {
cJSON *item_obj = cJSON_GetArrayItem(items_array, i);
cJSON *tmp_item = cJSON_GetObjectItem(item_obj, "group_id");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
rules->del_items[i].group_id = tmp_item->valueint;
}
tmp_item = cJSON_GetObjectItem(item_obj, "included_sub_group_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->del_items[i].incl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
tmp_item = cJSON_GetObjectItem(item_obj, "excluded_sub_group_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->del_items[i].excl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
}
rules->n_del_item = rule_cnt;
next:
cJSON_Delete(root);
FREE(json_buff);
return ret;
}
class MaatGroupExclude : public testing::Test
{
protected:
static void SetUpTestCase() {
unsigned char *json_buff = NULL;
size_t json_buff_size = 0;
logger = log_handle_create(log_file, 0);
garbage_bin = maat_garbage_bin_new(60);
int ret = load_file_to_memory(g_table_info_path, &json_buff, &json_buff_size);
if (ret < 0) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "load_file_to_memory failed.");
assert(0);
}
cJSON *root = cJSON_Parse((const char *)json_buff);
if (!root) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "cJSON_Parse failed.");
assert(0);
}
g2g_schema = group2group_schema_new(root, NULL, "EXCLUDE_GROUP2GROUP", logger);
FREE(json_buff);
cJSON_Delete(root);
if (NULL == g2g_schema) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "group2group_schema_new failed.");
assert(0);
}
}
static void TearDownTestCase() {
log_handle_destroy(logger);
maat_garbage_bin_free(garbage_bin);
group2group_schema_free(g2g_schema);
}
static void *g2g_schema;
static struct log_handle *logger;
static struct maat_garbage_bin *garbage_bin;
};
void *MaatGroupExclude::g2g_schema;
struct log_handle *MaatGroupExclude::logger;
struct maat_garbage_bin *MaatGroupExclude::garbage_bin;
TEST_F(MaatGroupExclude, level_3_function) {
char table_line[1024];
struct group2group_rule rules;
const char *table_name = "EXCLUDE_GROUP2GROUP";
void *g2g_runtime = group2group_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "group2group_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("group_nesting_L3.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].group_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
group2group_runtime_commit(g2g_runtime, table_name, 1);
long long hit_group_ids[2] = {11, 13};
long long super_group_ids[MAX_ITEM_NUM];
size_t super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 2);
EXPECT_EQ(super_group_ids[0], 2);
EXPECT_EQ(super_group_ids[1], 7);
//delete group_id = 7, super_group_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].group_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 2);
super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 3);
EXPECT_EQ(super_group_ids[0], 1);
EXPECT_EQ(super_group_ids[1], 6);
EXPECT_EQ(super_group_ids[2], 7);
//delete group_id = 13, super_group_id = 4, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].group_id,
rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 3);
super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 4);
EXPECT_EQ(super_group_ids[0], 1);
EXPECT_EQ(super_group_ids[1], 4);
EXPECT_EQ(super_group_ids[2], 6);
EXPECT_EQ(super_group_ids[3], 7);
group2group_runtime_free(g2g_runtime);
}
TEST_F(MaatGroupExclude, level_3_perf) {
char table_line[1024];
struct group2group_rule rules;
const char *table_name = "EXCLUDE_GROUP2GROUP";
void *g2g_runtime = group2group_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "group2group_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("group_nesting_L3.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].group_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
group2group_runtime_commit(g2g_runtime, table_name, 4);
long long hit_group_ids[2] = {11, 13};
long long super_group_ids[MAX_ITEM_NUM];
struct timespec start, end;
struct log_handle *logger = MaatGroupExclude::logger;
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
long long time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_GROUP_NESTING_GTEST, "level_3_basic hit 2 super_groups scan consume time %lldms",
time_elapse_ms);
//delete group_id = 7, super_group_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].group_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 5);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_GROUP_NESTING_GTEST, "level_3_basic hit 3 super_groups scan consume time %lldms",
time_elapse_ms);
//delete group_id = 13, super_group_id = 4, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].group_id,
rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 6);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_GROUP_NESTING_GTEST, "level_3_basic hit 4 super_groups scan consume time %lldms",
time_elapse_ms);
group2group_runtime_free(g2g_runtime);
}
TEST_F(MaatGroupExclude, level_4_function) {
char table_line[1024];
struct group2group_rule rules;
const char *table_name = "EXCLUDE_GROUP2GROUP";
void *g2g_runtime = group2group_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "group2group_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("group_nesting_L4.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].group_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
group2group_runtime_commit(g2g_runtime, table_name, 7);
long long hit_group_ids[2] = {14, 16};
long long super_group_ids[MAX_ITEM_NUM];
size_t super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 5);
EXPECT_EQ(super_group_ids[0], 4);
EXPECT_EQ(super_group_ids[1], 7);
EXPECT_EQ(super_group_ids[2], 8);
EXPECT_EQ(super_group_ids[3], 9);
EXPECT_EQ(super_group_ids[4], 10);
//delete group_id = 10, super_group_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].group_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 8);
super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 7);
EXPECT_EQ(super_group_ids[0], 1);
EXPECT_EQ(super_group_ids[1], 4);
EXPECT_EQ(super_group_ids[2], 6);
EXPECT_EQ(super_group_ids[3], 7);
EXPECT_EQ(super_group_ids[4], 8);
EXPECT_EQ(super_group_ids[5], 9);
EXPECT_EQ(super_group_ids[6], 10);
group2group_runtime_free(g2g_runtime);
}
TEST_F(MaatGroupExclude, level_4_perf) {
char table_line[1024];
struct group2group_rule rules;
const char *table_name = "EXCLUDE_GROUP2GROUP";
void *g2g_runtime = group2group_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "group2group_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("group_nesting_L4.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].group_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
group2group_runtime_commit(g2g_runtime, table_name, 7);
long long hit_group_ids[2] = {14, 16};
long long super_group_ids[MAX_ITEM_NUM];
struct timespec start, end;
struct log_handle *logger = MaatGroupExclude::logger;
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
long long time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_GROUP_NESTING_GTEST, "level_4_basic hit 5 super_groups scan consume time %lldms",
time_elapse_ms);
//delete group_id = 10, super_group_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].group_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 8);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_GROUP_NESTING_GTEST, "level_4_basic hit 7 super_groups scan consume time %lldms",
time_elapse_ms);
group2group_runtime_free(g2g_runtime);
}
TEST_F(MaatGroupExclude, level_exceed_function) {
char table_line[1024];
struct group2group_rule rules;
const char *table_name = "EXCLUDE_GROUP2GROUP";
void *g2g_runtime = group2group_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_GROUP_NESTING_GTEST, "group2group_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("group_nesting_exceed.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].group_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
group2group_runtime_commit(g2g_runtime, table_name, 8);
long long hit_group_ids[2] = {7, 13};
long long super_group_ids[MAX_ITEM_NUM];
size_t super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 6);
EXPECT_EQ(super_group_ids[0], 4);
EXPECT_EQ(super_group_ids[1], 5);
EXPECT_EQ(super_group_ids[2], 8);
EXPECT_EQ(super_group_ids[3], 10);
EXPECT_EQ(super_group_ids[4], 11);
EXPECT_EQ(super_group_ids[5], 12);
//delete group_id = 13, super_group_id = 10, is_exclude = 0
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].group_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
group2group_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
group2group_runtime_commit(g2g_runtime, table_name, 9);
hit_group_ids[0] = 7;
hit_group_ids[1] = 10;
super_group_cnt = group2group_runtime_get_super_groups(g2g_runtime, hit_group_ids, 2,
super_group_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_group_cnt, 5);
EXPECT_EQ(super_group_ids[0], 2);
EXPECT_EQ(super_group_ids[1], 4);
EXPECT_EQ(super_group_ids[2], 5);
EXPECT_EQ(super_group_ids[3], 8);
EXPECT_EQ(super_group_ids[4], 11);
group2group_runtime_free(g2g_runtime);
}
int main(int argc, char ** argv)
{
int ret = 0;
::testing::InitGoogleTest(&argc, argv);
ret = RUN_ALL_TESTS();
return ret;
}

11
test/group_nesting/group_nesting_table_info.conf
View File

@@ -1,11 +0,0 @@
{
"table_id":1,
"table_name":"EXCLUDE_GROUP2GROUP",
"table_type":"group2group",
"valid_column":4,
"custom": {
"group_id":1,
"included_sub_group_ids":2,
"excluded_sub_group_ids":3
}
}

6
test/json_update/corrupted.json
View File

@@ -1,6 +1,6 @@
{
"rule_table": "RULE_DEFAULT",
"group_table": "GROUP",
"object_table": "OBJECT",
"rules": [
{
"rule_id": 1,
@@ -10,9 +10,9 @@
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
"objects": [
{
"group_name": "Untitled",
"object_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",

6
test/json_update/new.json
View File

@@ -1,7 +1,7 @@
{
"rule_table": "RULE_DEFAULT",
"group2rule_table": "GROUP2RULE_DEFAULT",
"group2group_table": "GROUP2GROUP",
"object2rule_table": "OBJECT2RULE_DEFAULT",
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": 2,
@@ -11,7 +11,7 @@
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
"objects": [
{
"attribute": "HTTP_URL",
"regions": [

8
test/json_update/old.json
View File

@@ -1,7 +1,7 @@
{
"rule_table": "RULE_DEFAULT",
"group2rule_table": "GROUP2RULE_DEFAULT",
"group2group_table": "GROUP2GROUP",
"object2rule_table": "OBJECT2RULE_DEFAULT",
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": 1,
@@ -11,9 +11,9 @@
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"groups": [
"objects": [
{
"group_name": "Untitled",
"object_name": "Untitled",
"attribute": "HTTP_URL",
"regions": [
{

1436
test/maat_framework_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

32
test/maat_framework_perf_gtest.cpp
View File

@@ -40,15 +40,15 @@ test_add_expr_command(struct maat *maat_inst, const char *table_name,
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, "OBJECT2RULE_DEFAULT",
MAAT_OP_ADD, object_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords, "null", 1, 0);
object_id, keywords, "null", 1, 0);
EXPECT_EQ(ret, 1);
}
@@ -62,15 +62,15 @@ test_add_ip_command(struct maat *maat_inst, const char *table_name,
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, "OBJECT2RULE_DEFAULT",
MAAT_OP_ADD, object_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = ip_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, ip, 0);
object_id, ip, 0);
EXPECT_EQ(ret, 1);
}
@@ -84,9 +84,9 @@ test_add_integer_command(struct maat *maat_inst, const char *table_name,
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, "OBJECT2RULE_DEFAULT",
MAAT_OP_ADD, object_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -94,7 +94,7 @@ test_add_integer_command(struct maat *maat_inst, const char *table_name,
char interval_range_str[64] = {0};
snprintf(interval_range_str, sizeof(interval_range_str), "%d-%d", low_boundary, up_boundary);
ret = interval_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, interval_range_str, NULL, 0);
object_id, interval_range_str, NULL, 0);
EXPECT_EQ(ret, 1);
}
@@ -108,15 +108,15 @@ test_add_flag_command(struct maat *maat_inst, const char *table_name,
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, "OBJECT2RULE_DEFAULT",
MAAT_OP_ADD, object_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = flag_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, flag, flag_mask, 0);
object_id, flag, flag_mask, 0);
EXPECT_EQ(ret, 1);
}

1000
test/maat_json.json
View File

File diff suppressed because one or more lines are too long

0
test/ntcrule/full/2018-10-09/APP_GROUP.0000050997 → test/ntcrule/full/2018-10-09/APP_OBJECT.0000050997
View File

0
test/ntcrule/full/2018-10-09/MM_GROUP.0000050997 → test/ntcrule/full/2018-10-09/MM_OBJECT.0000050997
View File

0
test/ntcrule/full/2018-10-09/NTC_GROUP2RULE.0000050997 → test/ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997
View File

0
test/ntcrule/full/2018-10-09/WHITE_LIST_GROUP.0000050997 → test/ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997
View File

8
test/ntcrule/full/index/full_config_index.0000050997
View File

@@ -1,11 +1,11 @@
APP_RULE 21 ./ntcrule/full/2018-10-09/APP_RULE.0000050997
APP_GROUP 37 ./ntcrule/full/2018-10-09/APP_GROUP.0000050997
APP_OBJECT 37 ./ntcrule/full/2018-10-09/APP_OBJECT.0000050997
APP_PAYLOAD 1 ./ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997
APP_POLICY 16 ./ntcrule/full/2018-10-09/APP_POLICY.0000050997
DDOS_PROTECT_TARGET_IP_CB 1 ./ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997
MM_AV_URL 1 ./ntcrule/full/2018-10-09/MM_AV_URL.0000050997
MM_RULE 1 ./ntcrule/full/2018-10-09/MM_RULE.0000050997
MM_GROUP 1 ./ntcrule/full/2018-10-09/MM_GROUP.0000050997
MM_OBJECT 1 ./ntcrule/full/2018-10-09/MM_OBJECT.0000050997
NTC_ASN_IP 1 ./ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997
NTC_BGP_AS 10 ./ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997
NTC_RULE 78 ./ntcrule/full/2018-10-09/NTC_RULE.0000050997
@@ -13,7 +13,7 @@ NTC_DNS_FAKE_IP_CB 3 ./ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997
NTC_DNS_REGION 15 ./ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997
NTC_DNS_RES_STRATEGY 2 ./ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997
NTC_FTP_URL 5 ./ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997
NTC_GROUP2RULE 103 ./ntcrule/full/2018-10-09/NTC_GROUP2RULE.0000050997
NTC_OBJECT2RULE 103 ./ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997
NTC_HTTP_REQ_BODY 4 ./ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997
NTC_HTTP_RES_BODY 14 ./ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997
NTC_HTTP_URL 9 ./ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997
@@ -22,5 +22,5 @@ NTC_MAIL_HDR 14 ./ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997
NTC_UNIVERSAL_IP 23 ./ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997
NTC_UNIVERSAL_PROTO_TYPE 23 ./ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997
WHITE_LIST_RULE 1 ./ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997
WHITE_LIST_GROUP 1 ./ntcrule/full/2018-10-09/WHITE_LIST_GROUP.0000050997
WHITE_LIST_OBJECT 1 ./ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997
WHITE_LIST_IP 1 ./ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997

4
test/object_nesting/CMakeLists.txt Normal file
View File

@@ -0,0 +1,4 @@
include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal)
add_executable(object_nesting_gtest object_nesting_gtest.cpp)
target_link_libraries(object_nesting_gtest maat_frame_static gtest_static)

51
test/object_nesting/object_nesting_L3.conf Normal file
View File

@@ -0,0 +1,51 @@
{
"add_items": [
{
"object_id": 5,
"included_sub_object_ids": "8",
"excluded_sub_object_ids": "9"
},
{
"object_id": 1,
"included_sub_object_ids": "6,9",
"excluded_sub_object_ids": "5"
},
{
"object_id": 6,
"included_sub_object_ids": "10,11",
"excluded_sub_object_ids": "7"
},
{
"object_id": 7,
"included_sub_object_ids": "11,12",
"excluded_sub_object_ids": "10"
},
{
"object_id": 2,
"included_sub_object_ids": "7",
"excluded_sub_object_ids": "6"
},
{
"object_id": 4,
"included_sub_object_ids": "7",
"excluded_sub_object_ids": "13"
},
{
"object_id": 3,
"included_sub_object_ids": "13",
"excluded_sub_object_ids": "6"
}
],
"del_items": [
{
"object_id": 6,
"included_sub_object_ids": "null",
"excluded_sub_object_ids": "7"
},
{
"object_id": 4,
"included_sub_object_ids": "null",
"excluded_sub_object_ids": "13"
}
]
}

0
test/group_nesting/group_nesting_L3.png → test/object_nesting/object_nesting_L3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 200 KiB

After

Width:  |  Height:  |  Size: 200 KiB

76
test/object_nesting/object_nesting_L4.conf Normal file
View File

@@ -0,0 +1,76 @@
{
"add_items": [
{
"object_id": 8,
"included_sub_object_ids": "14",
"excluded_sub_object_ids": "15"
},
{
"object_id": 9,
"included_sub_object_ids": "14,16",
"excluded_sub_object_ids": "null"
},
{
"object_id": 5,
"included_sub_object_ids": "8",
"excluded_sub_object_ids": "9"
},
{
"object_id": 1,
"included_sub_object_ids": "6,9",
"excluded_sub_object_ids": "5"
},
{
"object_id": 10,
"included_sub_object_ids": "16",
"excluded_sub_object_ids": "null"
},
{
"object_id": 7,
"included_sub_object_ids": "10,12",
"excluded_sub_object_ids": "null"
},
{
"object_id": 6,
"included_sub_object_ids": "7,11",
"excluded_sub_object_ids": "10"
},
{
"object_id": 11,
"included_sub_object_ids": "17",
"excluded_sub_object_ids": "null"
},
{
"object_id": 12,
"included_sub_object_ids": "17",
"excluded_sub_object_ids": "null"
},
{
"object_id":13,
"included_sub_object_ids": "17",
"excluded_sub_object_ids": "18"
},
{
"object_id": 2,
"included_sub_object_ids": "7",
"excluded_sub_object_ids": "6"
},
{
"object_id": 4,
"included_sub_object_ids": "7",
"excluded_sub_object_ids": "13"
},
{
"object_id": 3,
"included_sub_object_ids": "13",
"excluded_sub_object_ids": "6"
}
],
"del_items": [
{
"object_id": 6,
"included_sub_object_ids": "null",
"excluded_sub_object_ids": "10"
}
]
}

0
test/group_nesting/group_nesting_L4.png → test/object_nesting/object_nesting_L4.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 74 KiB

56
test/object_nesting/object_nesting_exceed.conf Normal file
View File

@@ -0,0 +1,56 @@
{
"add_items": [
{
"object_id": 3,
"included_sub_object_ids": "6",
"excluded_sub_object_ids": "7"
},
{
"object_id": 1,
"included_sub_object_ids": "3,7",
"excluded_sub_object_ids": "4"
},
{
"object_id": 10,
"included_sub_object_ids": "13",
"excluded_sub_object_ids": "null"
},
{
"object_id": 11,
"included_sub_object_ids": "10",
"excluded_sub_object_ids": "null"
},
{
"object_id": 8,
"included_sub_object_ids": "11",
"excluded_sub_object_ids": "null"
},
{
"object_id": 5,
"included_sub_object_ids": "8",
"excluded_sub_object_ids": "null"
},
{
"object_id": 4,
"included_sub_object_ids": "5",
"excluded_sub_object_ids": "null"
},
{
"object_id": 12,
"included_sub_object_ids": "5",
"excluded_sub_object_ids": "2"
},
{
"object_id": 2,
"included_sub_object_ids": "4",
"excluded_sub_object_ids": "null"
}
],
"del_items": [
{
"object_id": 10,
"included_sub_object_ids": "13",
"excluded_sub_object_ids": "null"
}
]
}

0
test/group_nesting/group_nesting_exceed.png → test/object_nesting/object_nesting_exceed.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 46 KiB

492
test/object_nesting/object_nesting_gtest.cpp Normal file
View File

@@ -0,0 +1,492 @@
#include "maat.h"
#include "log/log.h"
#include "cJSON/cJSON.h"
#include "maat_core.h"
#include "uthash/utarray.h"
#include "maat_utils.h"
#include "maat_command.h"
#include "maat_object.h"
#include <gtest/gtest.h>
#define MODULE_OBJECT_NESTING_GTEST module_name_str("maat.object_nesting_gtest")
#define MAX_IDS_STR_LEN 64
#define MAX_ITEM_NUM 64
#define WAIT_FOR_EFFECTIVE_S 2
#define MAX_G2G_SCAN_TIMES (1000 * 1000)
const char *g_table_info_path = "./object_exclude_table_info.conf";
const char *log_file = "./object_exclude_gtest.log";
struct object_item {
long long object_id;
char incl_sub_ids_str[MAX_IDS_STR_LEN];
char excl_sub_ids_str[MAX_IDS_STR_LEN];
};
struct object2object_rule {
size_t n_add_item;
size_t n_del_item;
struct object_item add_items[MAX_ITEM_NUM];
struct object_item del_items[MAX_ITEM_NUM];
};
UT_icd ut_ex_object_id_icd = {sizeof(long long), NULL, NULL, NULL};
static int
parse_config_file(const char *filename, struct object2object_rule *rules)
{
unsigned char *json_buff = NULL;
size_t json_buff_size = 0;
int ret = load_file_to_memory(filename, &json_buff, &json_buff_size);
if (ret < 0) {
printf("load file:%s to memory failed.\n", filename);
return -1;
}
size_t rule_cnt = 0;
cJSON *items_array = NULL;
cJSON *root = cJSON_Parse((const char *)json_buff);
if (NULL == root) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
items_array = cJSON_GetObjectItem(root, "add_items");
if (NULL == items_array) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rule_cnt = cJSON_GetArraySize(items_array);
for (size_t i = 0; i < rule_cnt; i++) {
cJSON *item_obj = cJSON_GetArrayItem(items_array, i);
cJSON *tmp_item = cJSON_GetObjectItem(item_obj, "object_id");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
rules->add_items[i].object_id = tmp_item->valueint;
}
tmp_item = cJSON_GetObjectItem(item_obj, "included_sub_object_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->add_items[i].incl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
tmp_item = cJSON_GetObjectItem(item_obj, "excluded_sub_object_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->add_items[i].excl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
}
rules->n_add_item = rule_cnt;
items_array = cJSON_GetObjectItem(root, "del_items");
if (NULL == items_array) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rule_cnt = cJSON_GetArraySize(items_array);
for (size_t i = 0; i < rule_cnt; i++) {
cJSON *item_obj = cJSON_GetArrayItem(items_array, i);
cJSON *tmp_item = cJSON_GetObjectItem(item_obj, "object_id");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
rules->del_items[i].object_id = tmp_item->valueint;
}
tmp_item = cJSON_GetObjectItem(item_obj, "included_sub_object_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->del_items[i].incl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
tmp_item = cJSON_GetObjectItem(item_obj, "excluded_sub_object_ids");
if (tmp_item != NULL && tmp_item->type == cJSON_String) {
memcpy(rules->del_items[i].excl_sub_ids_str, tmp_item->valuestring,
strlen(tmp_item->valuestring));
}
}
rules->n_del_item = rule_cnt;
next:
cJSON_Delete(root);
FREE(json_buff);
return ret;
}
class MaatObjectExclude : public testing::Test
{
protected:
static void SetUpTestCase() {
unsigned char *json_buff = NULL;
size_t json_buff_size = 0;
logger = log_handle_create(log_file, 0);
garbage_bin = maat_garbage_bin_new(60);
int ret = load_file_to_memory(g_table_info_path, &json_buff, &json_buff_size);
if (ret < 0) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "load_file_to_memory failed.");
assert(0);
}
cJSON *root = cJSON_Parse((const char *)json_buff);
if (!root) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "cJSON_Parse failed.");
assert(0);
}
g2g_schema = object2object_schema_new(root, NULL, "EXCLUDE_OBJECT2OBJECT", logger);
FREE(json_buff);
cJSON_Delete(root);
if (NULL == g2g_schema) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_schema_new failed.");
assert(0);
}
}
static void TearDownTestCase() {
log_handle_destroy(logger);
maat_garbage_bin_free(garbage_bin);
object2object_schema_free(g2g_schema);
}
static void *g2g_schema;
static struct log_handle *logger;
static struct maat_garbage_bin *garbage_bin;
};
void *MaatObjectExclude::g2g_schema;
struct log_handle *MaatObjectExclude::logger;
struct maat_garbage_bin *MaatObjectExclude::garbage_bin;
TEST_F(MaatObjectExclude, level_3_function) {
char table_line[1024];
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("object_nesting_L3.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
object2object_runtime_commit(g2g_runtime, table_name, 1);
long long hit_object_ids[2] = {11, 13};
long long super_object_ids[MAX_ITEM_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 2);
EXPECT_EQ(super_object_ids[0], 2);
EXPECT_EQ(super_object_ids[1], 7);
//delete object_id = 7, super_object_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 2);
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 3);
EXPECT_EQ(super_object_ids[0], 1);
EXPECT_EQ(super_object_ids[1], 6);
EXPECT_EQ(super_object_ids[2], 7);
//delete object_id = 13, super_object_id = 4, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].object_id,
rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 3);
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 4);
EXPECT_EQ(super_object_ids[0], 1);
EXPECT_EQ(super_object_ids[1], 4);
EXPECT_EQ(super_object_ids[2], 6);
EXPECT_EQ(super_object_ids[3], 7);
object2object_runtime_free(g2g_runtime);
}
TEST_F(MaatObjectExclude, level_3_perf) {
char table_line[1024];
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("object_nesting_L3.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
object2object_runtime_commit(g2g_runtime, table_name, 4);
long long hit_object_ids[2] = {11, 13};
long long super_object_ids[MAX_ITEM_NUM];
struct timespec start, end;
struct log_handle *logger = MaatObjectExclude::logger;
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
long long time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_3_basic hit 2 super_objects scan consume time %lldms",
time_elapse_ms);
//delete object_id = 7, super_object_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 5);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_3_basic hit 3 super_objects scan consume time %lldms",
time_elapse_ms);
//delete object_id = 13, super_object_id = 4, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].object_id,
rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 6);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_3_basic hit 4 super_objects scan consume time %lldms",
time_elapse_ms);
object2object_runtime_free(g2g_runtime);
}
TEST_F(MaatObjectExclude, level_4_function) {
char table_line[1024];
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("object_nesting_L4.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
object2object_runtime_commit(g2g_runtime, table_name, 7);
long long hit_object_ids[2] = {14, 16};
long long super_object_ids[MAX_ITEM_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 5);
EXPECT_EQ(super_object_ids[0], 4);
EXPECT_EQ(super_object_ids[1], 7);
EXPECT_EQ(super_object_ids[2], 8);
EXPECT_EQ(super_object_ids[3], 9);
EXPECT_EQ(super_object_ids[4], 10);
//delete object_id = 10, super_object_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 8);
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 7);
EXPECT_EQ(super_object_ids[0], 1);
EXPECT_EQ(super_object_ids[1], 4);
EXPECT_EQ(super_object_ids[2], 6);
EXPECT_EQ(super_object_ids[3], 7);
EXPECT_EQ(super_object_ids[4], 8);
EXPECT_EQ(super_object_ids[5], 9);
EXPECT_EQ(super_object_ids[6], 10);
object2object_runtime_free(g2g_runtime);
}
TEST_F(MaatObjectExclude, level_4_perf) {
char table_line[1024];
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("object_nesting_L4.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
object2object_runtime_commit(g2g_runtime, table_name, 7);
long long hit_object_ids[2] = {14, 16};
long long super_object_ids[MAX_ITEM_NUM];
struct timespec start, end;
struct log_handle *logger = MaatObjectExclude::logger;
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
long long time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_4_basic hit 5 super_objects scan consume time %lldms",
time_elapse_ms);
//delete object_id = 10, super_object_id = 6, is_exclude = 1
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 8);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_4_basic hit 7 super_objects scan consume time %lldms",
time_elapse_ms);
object2object_runtime_free(g2g_runtime);
}
TEST_F(MaatObjectExclude, level_exceed_function) {
char table_line[1024];
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
memset(&rules, 0, sizeof(rules));
int ret = parse_config_file("object_nesting_exceed.conf", &rules);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < rules.n_add_item; i++) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
}
object2object_runtime_commit(g2g_runtime, table_name, 8);
long long hit_object_ids[2] = {7, 13};
long long super_object_ids[MAX_ITEM_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 6);
EXPECT_EQ(super_object_ids[0], 4);
EXPECT_EQ(super_object_ids[1], 5);
EXPECT_EQ(super_object_ids[2], 8);
EXPECT_EQ(super_object_ids[3], 10);
EXPECT_EQ(super_object_ids[4], 11);
EXPECT_EQ(super_object_ids[5], 12);
//delete object_id = 13, super_object_id = 10, is_exclude = 0
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, 4);
object2object_runtime_commit(g2g_runtime, table_name, 9);
hit_object_ids[0] = 7;
hit_object_ids[1] = 10;
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 5);
EXPECT_EQ(super_object_ids[0], 2);
EXPECT_EQ(super_object_ids[1], 4);
EXPECT_EQ(super_object_ids[2], 5);
EXPECT_EQ(super_object_ids[3], 8);
EXPECT_EQ(super_object_ids[4], 11);
object2object_runtime_free(g2g_runtime);
}
int main(int argc, char ** argv)
{
int ret = 0;
::testing::InitGoogleTest(&argc, argv);
ret = RUN_ALL_TESTS();
return ret;
}

11
test/object_nesting/object_nesting_table_info.conf Normal file
View File

@@ -0,0 +1,11 @@
{
"table_id":1,
"table_name":"EXCLUDE_OBJECT2OBJECT",
"table_type":"object2object",
"valid_column":4,
"custom": {
"object_id":1,
"included_sub_object_ids":2,
"excluded_sub_object_ids":3
}
}

72
test/table_info.conf
View File

@@ -38,14 +38,14 @@
},
{
"table_id":3,
"table_name":"GROUP2RULE",
"db_tables":["GROUP2RULE_DEFAULT", "GROUP2RULE_ALIAS"],
"table_type":"group2rule",
"table_name":"OBJECT2RULE",
"db_tables":["OBJECT2RULE_DEFAULT", "OBJECT2RULE_ALIAS"],
"table_type":"object2rule",
"associated_rule_table_id":2,
"valid_column":6,
"schema_tag": "{\"group2rule\": \"group2rule\"}",
"schema_tag": "{\"object2rule\": \"object2rule\"}",
"custom": {
"group_id":1,
"object_id":1,
"rule_id":2,
"negate_option":3,
"attribute_name":4,
@@ -77,12 +77,12 @@
},
{
"table_id":6,
"table_name":"GROUP2RULE_FIREWALL",
"table_type":"group2rule",
"table_name":"OBJECT2RULE_FIREWALL",
"table_type":"object2rule",
"associated_rule_table_id":5,
"valid_column":6,
"custom": {
"group_id":1,
"object_id":1,
"rule_id":2,
"negate_option":3,
"attribute_name":4,
@@ -91,13 +91,13 @@
},
{
"table_id":7,
"table_name":"GROUP2GROUP",
"table_type":"group2group",
"table_name":"OBJECT2OBJECT",
"table_type":"object2object",
"valid_column":4,
"custom": {
"group_id":1,
"included_sub_group_ids":2,
"excluded_sub_group_ids":3
"object_id":1,
"included_sub_object_ids":2,
"excluded_sub_object_ids":3
}
},
{
@@ -137,7 +137,7 @@
"schema_tag": "{\"http_region\": \"expr\"}",
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -149,7 +149,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -161,7 +161,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"ip":3,
"port":4
}
@@ -173,7 +173,7 @@
"valid_column":4,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"interval":3
}
},
@@ -196,7 +196,7 @@
"valid_column":6,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"expr_type":4,
"keywords":5
@@ -209,7 +209,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -271,7 +271,7 @@
"valid_column":6,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"expr_type":4,
"keywords":5
@@ -284,7 +284,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -296,7 +296,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -308,7 +308,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"ip":3,
"port":4
}
@@ -358,7 +358,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -382,7 +382,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -400,7 +400,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"interval":4
}
@@ -423,7 +423,7 @@
"valid_column":4,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"interval":3
}
},
@@ -434,7 +434,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -446,7 +446,7 @@
"valid_column":4,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"interval":3
}
},
@@ -468,7 +468,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}
@@ -480,7 +480,7 @@
"valid_column":6,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"district":3,
"flag":4,
"flag_mask":5
@@ -537,7 +537,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"ip":3,
"port":4
}
@@ -549,7 +549,7 @@
"valid_column":4,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"interval":3
}
},
@@ -560,7 +560,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -572,7 +572,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"expr_type":3,
"keywords":4
}
@@ -584,7 +584,7 @@
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"flag":3,
"flag_mask":4
}

42
test/test_utils.cpp
View File

@@ -165,21 +165,21 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
return maat_cmd_set_line(maat_inst, &line_rule);
}
#define TO_GROUP2X_KEY(group_id, parent_id, condition_index) \
(((unsigned long)group_id<<32|parent_id) + condition_index)
#define TO_OBJECT2X_KEY(object_id, parent_id, condition_index) \
(((unsigned long)object_id<<32|parent_id) + condition_index)
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
int object2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long rule_id, int negate_option,
const char *attribute_name, int condition_index,
int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d",
group_id, rule_id, negate_option, attribute_name, condition_index, op);
object_id, rule_id, negate_option, attribute_name, condition_index, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, condition_index);
line_rule.rule_id = TO_OBJECT2X_KEY(object_id, rule_id, condition_index);
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
@@ -187,16 +187,16 @@ int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
return maat_cmd_set_line(maat_inst, &line_rule);
}
int group2group_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long sub_group_id, int expire_after)
int object2object_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long sub_object_id, int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%s\t%d", group_id, sub_group_id,
sprintf(table_line, "%lld\t%lld\t%s\t%d", object_id, sub_object_id,
"null", op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_GROUP2X_KEY(group_id, sub_group_id, 0);
line_rule.rule_id = TO_OBJECT2X_KEY(object_id, sub_object_id, 0);
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
@@ -206,7 +206,7 @@ int group2group_table_set_line(struct maat *maat_inst, const char *table_name,
int expr_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *keywords,
long long object_id, const char *keywords,
const char *district, int expr_type, int expire_after)
{
char table_line[1024] = {0};
@@ -222,10 +222,10 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name,
if (table_type == TABLE_TYPE_EXPR_PLUS) {
sprintf(table_line, "%lld\t%lld\t%s\t%d\t%s\t%d",
item_id, group_id, district, expr_type, keywords, op);
item_id, object_id, district, expr_type, keywords, op);
} else {
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d",
item_id, group_id, expr_type, keywords, op);
item_id, object_id, expr_type, keywords, op);
}
struct maat_cmd_line line_rule;
@@ -238,7 +238,7 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name,
}
int interval_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id, long long group_id,
enum maat_operation op, long long item_id, long long object_id,
const char *port_str, const char *district, int expire_after)
{
char table_line[1024] = {0};
@@ -254,10 +254,10 @@ int interval_table_set_line(struct maat *maat_inst, const char *table_name,
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
sprintf(table_line, "%lld\t%lld\t%s\t%s\t%d",
item_id, group_id, district, port_str, op);
item_id, object_id, district, port_str, op);
} else {
sprintf(table_line, "%lld\t%lld\t%s\t%d",
item_id, group_id, port_str, op);
item_id, object_id, port_str, op);
}
struct maat_cmd_line line_rule;
@@ -271,7 +271,7 @@ int interval_table_set_line(struct maat *maat_inst, const char *table_name,
int ip_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *ip, int expire_after)
long long object_id, const char *ip, int expire_after)
{
char table_line[1024] = {0};
int table_id = maat_get_table_id(maat_inst, table_name);
@@ -280,7 +280,7 @@ int ip_table_set_line(struct maat *maat_inst, const char *table_name,
}
sprintf(table_line, "%lld\t%lld\t%s\t0-65535\t%d",
item_id, group_id, ip, op);
item_id, object_id, ip, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = item_id;
@@ -292,7 +292,7 @@ int ip_table_set_line(struct maat *maat_inst, const char *table_name,
}
int flag_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, long long flag,
long long object_id, long long flag,
long long flag_mask, int expire_after)
{
char table_line[1024] = {0};
@@ -302,7 +302,7 @@ int flag_table_set_line(struct maat *maat_inst, const char *table_name,
}
sprintf(table_line, "%lld\t%lld\t%lld\t%lld\t%d",
item_id, group_id, flag, flag_mask, op);
item_id, object_id, flag, flag_mask, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = item_id;

18
test/test_utils.h
View File

@@ -18,33 +18,33 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
const char *user_region, int condition_num,
int expire_after);
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
int object2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long rule_id, int negate_option,
const char *attribute_name, int condition_index,
int expire_after);
int group2group_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long sub_group_id, int expire_after);
int object2object_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long sub_object_id, int expire_after);
int expr_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *keywords,
long long object_id, const char *keywords,
const char *district, int expr_type, int expire_after);
int interval_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *port_str,
long long object_id, const char *port_str,
const char *district, int expire_after);
int ip_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *ip, int expire_after);
long long object_id, const char *ip, int expire_after);
int flag_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, long long flag,
long long object_id, long long flag,
long long flag_mask, int expire_after);
void random_keyword_generate(char *keyword_buf, size_t sz);

2
test/tsg_table_info.conf
View File

@@ -16,7 +16,7 @@
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"object_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,