diff --git a/scanner/ip_matcher/ip_matcher.cpp b/scanner/ip_matcher/ip_matcher.cpp index 0e09bc5..9e59b2c 100644 --- a/scanner/ip_matcher/ip_matcher.cpp +++ b/scanner/ip_matcher/ip_matcher.cpp @@ -15,16 +15,6 @@ pid_t ip_matcher_gettid() return syscall(SYS_gettid); } -static const char *ip_matcher_module_name_str(const char *name) -{ - static __thread char module[64]; - snprintf(module,sizeof(module),"%s(%d)", name, ip_matcher_gettid()); - - return module; -} - -#define MODULE_IP_MATCHER ip_matcher_module_name_str("maat.ip_matcher") - int ipmatcher_VERSION_2020_05_13 = 0; struct ip_matcher @@ -32,7 +22,6 @@ struct ip_matcher CRuleMatch * ipv4_matcher; CRuleMatch * ipv6_matcher; - struct log_handle *logger; #ifdef RULESCAN_DEBUG //for test double search_time; @@ -70,7 +59,6 @@ struct ip_matcher * ip_matcher_new(struct ip_rule * rules, size_t rule_num, mem_bytes = sizeof(struct ip_matcher); matcher->ipv4_matcher = NULL; matcher->ipv6_matcher = NULL; - matcher->logger = logger; map ipv4_rules; map ipv6_rules; @@ -141,7 +129,7 @@ int ip_matcher_match(struct ip_matcher* matcher, struct ip_data* data, if(tmp_matcher==NULL) { - return -1; + return 0; } int ret = tmp_matcher->search_rule(data,result,size); diff --git a/src/maat_api.c b/src/maat_api.c index 1dcf9f0..181d989 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -1012,13 +1012,11 @@ int flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, int group_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt, thread_id, flag, vtable_id, state); - if (group_hit_cnt < 0) { - return -1; + if (group_hit_cnt <= 0) { + return group_hit_cnt; } - if (group_hit_cnt > 0) { - flag_runtime_scan_hit_inc((struct flag_runtime *)flag_rt, thread_id); - } + flag_runtime_scan_hit_inc((struct flag_runtime *)flag_rt, thread_id); return group_hit_cnt; } @@ -1044,13 +1042,11 @@ int interval_scan(struct table_manager *tbl_mgr, int thread_id, long long intege int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt, thread_id, integer, vtable_id, state); - if (group_hit_cnt < 0) { - return -1; + if (group_hit_cnt <= 0) { + return group_hit_cnt; } - if (group_hit_cnt > 0) { - interval_runtime_scan_hit_inc((struct interval_runtime *)interval_rt, thread_id); - } + interval_runtime_scan_hit_inc((struct interval_runtime *)interval_rt, thread_id); return group_hit_cnt; } @@ -1073,14 +1069,12 @@ int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4, (uint8_t *)&ip_addr, port, proto, vtable_id, state); - if (group_hit_cnt < 0) { - return -1; - } - - if (group_hit_cnt > 0) { - ip_runtime_scan_hit_inc((struct ip_runtime *)ip_rt, thread_id); + if (group_hit_cnt <= 0) { + return group_hit_cnt; } + ip_runtime_scan_hit_inc((struct ip_runtime *)ip_rt, thread_id); + return group_hit_cnt; } @@ -1101,14 +1095,12 @@ int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, ip_addr, port, proto, vtable_id, state); - if (group_hit_cnt < 0) { - return -1; - } - - if (group_hit_cnt > 0) { - ip_runtime_scan_hit_inc((struct ip_runtime *)ip_rt, thread_id); + if (group_hit_cnt <= 0) { + return group_hit_cnt; } + ip_runtime_scan_hit_inc((struct ip_runtime *)ip_rt, thread_id); + return group_hit_cnt; } @@ -1133,13 +1125,11 @@ int string_scan(struct table_manager *tbl_mgr, int thread_id, const char *data, int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt, thread_id, data, data_len, vtable_id, state); - if (group_hit_cnt < 0) { - return -1; + if (group_hit_cnt <= 0) { + return group_hit_cnt; } - if (group_hit_cnt > 0) { - expr_runtime_scan_hit_inc((struct expr_runtime *)expr_rt, thread_id); - } + expr_runtime_scan_hit_inc((struct expr_runtime *)expr_rt, thread_id); return group_hit_cnt; } @@ -1153,7 +1143,8 @@ int expr_stream_scan(struct maat_stream *stream, const char *data, size_t data_l struct table_manager *tbl_mgr = stream->ref_maat_instance->tbl_mgr; enum table_type table_type = table_manager_get_table_type(tbl_mgr, stream->physical_table_id); - if (table_type == TABLE_TYPE_EXPR_PLUS && DISTRICT_FLAG_UNSET == state->is_set_district) { + if (table_type == TABLE_TYPE_EXPR_PLUS && + DISTRICT_FLAG_UNSET == state->is_set_district) { // maat_instance->scan_err_cnt++; return -1; } @@ -1169,13 +1160,11 @@ int expr_stream_scan(struct maat_stream *stream, const char *data, size_t data_l int group_hit_cnt = expr_runtime_stream_scan((struct expr_runtime *)expr_rt, stream->s_handle, data, data_len, stream->vtable_id, state); - if (group_hit_cnt < 0) { - return -1; + if (group_hit_cnt <= 0) { + return group_hit_cnt; } - if (group_hit_cnt > 0) { - expr_runtime_scan_hit_inc((struct expr_runtime *)expr_rt, stream->thread_id); - } + expr_runtime_scan_hit_inc((struct expr_runtime *)expr_rt, stream->thread_id); return group_hit_cnt; } diff --git a/src/maat_compile.c b/src/maat_compile.c index 8d37af7..b797e25 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -1831,15 +1831,9 @@ int maat_compile_state_update(struct rcu_hash_table *item_htable, int vtable_id, { struct maat_item *item = NULL; long long hit_group_ids[MAX_SCANNER_HIT_GROUP_NUM]; - memset(hit_group_ids, 0, sizeof(hit_group_ids)); + memset(hit_group_ids, -1, sizeof(hit_group_ids)); size_t hit_group_cnt = 0; - void *g2g_rt = table_manager_get_runtime(state->maat_instance->tbl_mgr, - state->maat_instance->g2g_table_id); - if (NULL == g2g_rt) { - return -1; - } - for (size_t i = 0; i < hit_item_cnt; i++) { item = (struct maat_item *)rcu_hash_find(item_htable, (char *)&(hit_item_ids[i]), sizeof(long long)); //assert(item != NULL); @@ -1876,6 +1870,12 @@ int maat_compile_state_update(struct rcu_hash_table *item_htable, int vtable_id, return 0; } + void *g2g_rt = table_manager_get_runtime(state->maat_instance->tbl_mgr, + state->maat_instance->g2g_table_id); + if (NULL == g2g_rt) { + return 0; + } + long long top_group_ids[MAX_SCANNER_HIT_GROUP_NUM]; memset(top_group_ids, -1, sizeof(top_group_ids)); int top_group_cnt = group2group_runtime_get_top_groups(g2g_rt, hit_group_ids, diff --git a/src/maat_expr.c b/src/maat_expr.c index 9ad4826..f15b083 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -863,7 +863,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *d int real_hit_item_cnt = 0; long long district_id = state->district_id; - memset(hit_item_ids, 0, sizeof(hit_item_ids)); + memset(hit_item_ids, -1, sizeof(hit_item_ids)); for (size_t i = 0; i < n_hit_item; i++) { item = (struct maat_item_inner *)(hit_results[i].user_tag); @@ -919,7 +919,7 @@ int expr_runtime_stream_scan(struct expr_runtime *expr_rt, struct adapter_hs_str } long long hit_item_ids[MAX_SCANNER_HIT_ITEM_NUM]; - memset(hit_item_ids, 0, sizeof(hit_item_ids)); + memset(hit_item_ids, -1, sizeof(hit_item_ids)); for (size_t i = 0; i < n_hit_item; i++) { hit_item_ids[i] = hit_results[i].item_id; diff --git a/src/maat_flag.c b/src/maat_flag.c index 74efa76..5c73264 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -500,7 +500,7 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, int real_hit_item_cnt = 0; long long district_id = state->district_id; - memset(hit_item_ids, 0, sizeof(hit_item_ids)); + memset(hit_item_ids, -1, sizeof(hit_item_ids)); for (int i = 0; i < n_hit_item; i++) { item = (struct maat_item_inner *)(hit_results[i].user_tag); diff --git a/src/maat_interval.c b/src/maat_interval.c index 624ee1c..fe28c62 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -496,7 +496,7 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, int real_hit_item_cnt = 0; long long district_id = state->district_id; - memset(hit_item_ids, 0, sizeof(hit_item_ids)); + memset(hit_item_ids, -1, sizeof(hit_item_ids)); for (int i = 0; i < n_hit_item; i++) { item = (struct maat_item_inner *)(hit_results[i].user_tag); diff --git a/src/maat_ip.c b/src/maat_ip.c index 8672f0b..e6c1f2c 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -691,7 +691,7 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ret = 0; size_t real_hit_index = 0; long long hit_item_ids[MAX_SCANNER_HIT_ITEM_NUM]; - memset(hit_item_ids, 0, sizeof(hit_item_ids)); + memset(hit_item_ids, -1, sizeof(hit_item_ids)); // any ip, so scan port+proto if (1 == any_ip_flag) {