gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename terminology "compile" to "rule"

Browse Source
This commit is contained in:
root
2024-08-22 03:11:15 +00:00
parent a4ca92ea41
commit 678ddd718a
44 changed files with 2586 additions and 2586 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docs/api_reference.md
View File

@@ -14,7 +14,7 @@ After that, call maat_new to create a maat instance. Next, for the two main usag
* Call maat_state_new to create a maat_state structure to save the intermediate state of the scan.
* Call the maat_scan_xx interface to perform the scan task and return the hit compile_id.
* Call the maat_scan_xx interface to perform the scan task and return the hit rule_id.
* If you are interested in the hit item, group, or path information, you can call the maat_state_get_xx interface as needed.
@@ -68,9 +68,9 @@ After that, call maat_new to create a maat instance. Next, for the two main usag
* [maat_state_reset](#maat_state_reset)
* [maat_state_free](#maat_state_free)
* [maat_state_set_scan_district](#maat_state_set_scan_district)
* [maat_state_set_scan_compile_table](#maat_state_set_scan_compile_table)
* [maat_state_set_scan_rule_table](#maat_state_set_scan_rule_table)
* [maat_state_get_hit_paths](#maat_state_get_hit_paths)
* [maat_state_get_compile_table_ids](#maat_state_get_compile_table_ids)
* [maat_state_get_rule_table_ids](#maat_state_get_rule_table_ids)
* [maat_state_get_scan_count](#maat_state_get_scan_count)
* [maat_state_get_direct_hit_groups](#maat_state_get_direct_hit_groups)
* [maat_state_get_direct_hit_group_cnt](#maat_state_get_direct_hit_group_cnt)
@@ -602,18 +602,18 @@ To set the field to be matched in the next scan, for example: if you want to mat
**Returns**: success(0) failure(-1)
### maat_state_set_scan_compile_table
### maat_state_set_scan_rule_table
```c
int maat_state_set_scan_compile_table(struct maat_state *state,
int compile_table_id);
int maat_state_set_scan_rule_table(struct maat_state *state,
int rule_table_id);
```
Maat supports loading multiple compile tables and building their respective runtime. Within the table schema, there is a compile table that has a `default_compile_table` field, indicating that maat will use the runtime of this table to calculate which compile_id will be hit by the hit group_id. If the caller wants to use another compile table runtime for the above calculation, this interface can be invoked to set it up.
Maat supports loading multiple rule tables and building their respective runtime. Within the table schema, there is a rule table that has a `default_rule_table` field, indicating that maat will use the runtime of this table to calculate which rule_id will be hit by the hit group_id. If the caller wants to use another rule table runtime for the above calculation, this interface can be invoked to set it up.
**Parameters**:
* state - Pointer to the maat state structure.
* compile_table_id - The compile table ID.
* rule_table_id - The rule table ID.
**Returns**: success(0) failure(-1)
@@ -636,24 +636,24 @@ Gets all hit paths since maat state was created.
**Returns**: The number of hit paths is returned on success, and -1 is returned on failure.
### maat_state_get_compile_table_ids
### maat_state_get_rule_table_ids
```c
int maat_state_get_compile_table_ids(struct maat_state *state,
long long *compile_ids,
size_t n_compile_ids,
int *compile_table_ids);
int maat_state_get_rule_table_ids(struct maat_state *state,
long long *rule_ids,
size_t n_rule_ids,
int *rule_table_ids);
```
Get the ID of the table that compile_id belongs to.
Get the ID of the table that rule_id belongs to.
**Parameters**:
* state - Pointer to the maat state structure.
* compile_ids - Array of compile_ids.
* n_compild_ids - The number of compile_ids.
* compile_table_ids - The array of id of the tables to which each compile id belongs.
* rule_ids - Array of rule_ids.
* n_compild_ids - The number of rule_ids.
* rule_table_ids - The array of id of the tables to which each rule id belongs.
**Returns**: The number of compile table ids is return on success, and -1 is returned on failure.
**Returns**: The number of rule table ids is return on success, and -1 is returned on failure.
### maat_state_get_scan_count
@@ -780,15 +780,15 @@ int maat_scan_flag(struct maat *instance, int table_id, long long flag,
struct maat_state *state);
```
Check if the `flag` in the scan input hits the rules in the effective compile table. If there is a hit, put the compile_id of the rules into the results array and put the number of hit compile_ids into n_hit_result.
Check if the `flag` in the scan input hits the rules in the effective rule table. If there is a hit, put the rule_id of the rules into the results array and put the number of hit rule_ids into n_hit_result.
**Parameters**:
* instance - Maat instance created by maat_new().
* table_id - ID of the table to be scanned.
* flag - Data to be scanned.
* results - Array to store hit compile_ids.
* results - Array to store hit rule_ids.
* n_result - Size of the results array.
* n_hit_result - The number of hit compile_ids.
* n_hit_result - The number of hit rule_ids.
* state - Used to store the intermediate state of the scan.
**Returns**:
@@ -850,7 +850,7 @@ int maat_scan_group(struct maat *instance, int table_id,
size_t *n_hit_result, struct maat_state *state);
```
Different from the above interface, the input to this interface is the hit item_id and group_id. Therefore, there is no need to execute the underlying scanning engine. It only needs to calculate the hit compile_id based on the hit group_id.
Different from the above interface, the input to this interface is the hit item_id and group_id. Therefore, there is no need to execute the underlying scanning engine. It only needs to calculate the hit rule_id based on the hit group_id.
### maat_scan_not_logic
@@ -861,7 +861,7 @@ int maat_scan_not_logic(struct maat *instance, int table_id,
size_t *n_hit_result, struct maat_state *state);
```
If the compile configuration contains NOT-clauses, this interface needs to be called to activate the calculation of compile_id involving NOT-clauses. This means that other scanning interfaces will not activate NOT-clauses except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three compile_id were hit. The NOT-clause was expected to be activated, so this interface was called and two new compile_id were hit.
If the rule configuration contains NOT-clauses, this interface needs to be called to activate the calculation of rule_id involving NOT-clauses. This means that other scanning interfaces will not activate NOT-clauses except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-clause was expected to be activated, so this interface was called and two new rule_id were hit.
Since this interface only activates non-clauses and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned.
@@ -894,15 +894,15 @@ int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len,
struct maat_state *state);
```
This interface is used to perform streaming scanning tasks, for example: in a session, consecutively scanning multiple packets and providing the hit compile_ids.
This interface is used to perform streaming scanning tasks, for example: in a session, consecutively scanning multiple packets and providing the hit rule_ids.
**Parameters**:
* stream - Maat_stream handle created by maat_stream_new().
* data - Data to be scanned.
* data_len - The length of the data.
* results - Array to store hit compile_ids.
* results - Array to store hit rule_ids.
* n_result - Size of the results array.
* n_hit_result - The number of hit compile_ids.
* n_hit_result - The number of hit rule_ids.
* state - Used to store the intermediate state of the scan.
**Returns**:

6
docs/configuration_management.md
View File

@@ -9,7 +9,7 @@ Maat supports three configuration loading modes:
## 1.<a name='Redis mode'></a> Redis mode
As shown in the diagram below, the data source is stored in the relational database `MariaDB`. An adapter writes this data into the `leader redis`, which is then distributed through redis's `leader-follower synchronization` mechanism. The storage structure design in redis for configurations does not need to consider the logical relationships between compile, group, and item. Maat will construct these logical relationships internally after loading the configurations from redis.
As shown in the diagram below, the data source is stored in the relational database `MariaDB`. An adapter writes this data into the `leader redis`, which is then distributed through redis's `leader-follower synchronization` mechanism. The storage structure design in redis for configurations does not need to consider the logical relationships between rule, group, and item. Maat will construct these logical relationships internally after loading the configurations from redis.
<img src="./imgs/sync-with-redis.png" width="600" height="300" >
@@ -23,7 +23,7 @@ As shown in the diagram below, the data source is stored in the relational datab
| MAAT_UPDATE_STATUS | Configuration status | sorted set, where the member is a configuration rule and the score is the version number | MAAT reads this using ZRANGEBYSCORE command. |
| MAAT_RULE_TIMER | Main configuration timeout information | Sorted Set, where the member is a configuration rule and the score is the timeout | MAAT configuration update thread periodically checks timeout status and sets timeout state. |
| MAAT_VERSION_TIMER | Version creation time | Sorted Set | Stores the creation time of each version, where the score is the version creation time and the member is the version, used to keep MAAT_UPDATE_STATUS within a smaller scale. |
| MAAT_LABEL_INDEX | Label index | Sorted Set, where the element is the configuration table name, compile_id, and the score is the label_id | |
| MAAT_LABEL_INDEX | Label index | Sorted Set, where the element is the configuration table name, rule_id, and the score is the label_id | |
| EFFECTIVE_RULE:TableName,ID OBSOLETE_RULE:TableName,ID | Main configuration | string | Active configurations, loaded one by one by MAAT. |
| SEQUENCE_REGION | Region ID generation sequence | INTEGER | Used by producers to generate unique region_id(item_id) |
| SEQUENCE_GROUP | Group ID generation sequence | INTEGER | Used by producers to generate unique group_id |
@@ -161,6 +161,6 @@ To manually add an existing table configuration, the following files need to be
* Append a new line to the table file that needs modification. The region_id should not conflict with any existing domain tables, and update the first line of the file with the new number of rows.
* Add the summary information of the new configuration to the configuration summary table. Ensure it matches the compile_id in the table file and does not conflict with any existing compile_id. Update the first line of the file with the new number of rows.
* Add the summary information of the new configuration to the configuration summary table. Ensure it matches the rule_id in the table file and does not conflict with any existing rule_id. Update the first line of the file with the new number of rows.
* Modify the row counts for the configuration summary table and domain tables in the table index file.

30
docs/getting_started.md
View File

@@ -31,7 +31,7 @@ A complete use case consists of three parts:
### Case1
In the scanning scenario, it is necessary to configure the schema of multiple tables, including the item table, group2compile table, and compile table. If there is also group nesting involved, the schema of the group2group table needs to be configured.
In the scanning scenario, it is necessary to configure the schema of multiple tables, including the item table, group2rule table, and rule table. If there is also group nesting involved, the schema of the group2group table needs to be configured.
**(1) table schema**
@@ -41,25 +41,25 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
[
{
"table_id":0,
"table_name":"COMPILE",
"table_type":"compile",
"default_compile_table":0, /* key:indicate this is the default compile table, value:can be anything(not care) */
"table_name":"RULE",
"table_type":"rule",
"default_rule_table":0, /* key:indicate this is the default rule table, value:can be anything(not care) */
"valid_column":8,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":9
}
},
{
"table_id":1,
"table_name":"GROUP2COMPILE",
"table_type":"group2compile",
"associated_compile_table_id":0, /* associate compile table_id, group2compile table shares the same runtime with the corresponding compile table, so it needs to be mapped to the corresponding compile table. */
"table_name":"GROUP2RULE",
"table_type":"group2rule",
"associated_rule_table_id":0, /* associate rule table_id, group2rule table shares the same runtime with the corresponding rule table, so it needs to be mapped to the corresponding rule table. */
"valid_column":3,
"custom": {
"group_id":1,
"compile_id":2,
"rule_id":2,
"not_flag":4,
"virtual_table_name":5,
"clause_index":6
@@ -98,12 +98,12 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
Configurations are stored in a json file(such as maat_json.json), which is loaded when maat instance is created.
```json
{
"compile_table": "COMPILE",
"group2compile_table": "GROUP2COMPILE",
"rule_table": "RULE",
"group2rule_table": "GROUP2RULE",
"group2group_table": "GROUP2GROUP",
"rules": [
{
"compile_id": 123,
"rule_id": 123,
"service": 1,
"action": 1,
"do_blacklist": 1,
@@ -172,7 +172,7 @@ int main()
/**
* Becase maat instance has loaded rule in table_info.conf which keywords is "Hello Maat",
so maat_scan_string should return hit flag and rule's compile_id stored in results array.
so maat_scan_string should return hit flag and rule's rule_id stored in results array.
*/
int ret = maat_scan_string(maat_instance, table_id, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
@@ -215,8 +215,8 @@ In the callback scenario, only the schema of the corresponding table needs to be
```json
{
"compile_table": "COMPILE",
"group2compile_table": "GROUP2COMPILE",
"rule_table": "RULE",
"group2rule_table": "GROUP2RULE",
"group2group_table": "GROUP2GROUP",
"plugin_table": {
"table_name": "TEST_IP_PLUGIN_WITH_EXDATA",

34
docs/logical_combinations.md
View File

@@ -33,7 +33,7 @@ Before showing how to configure the specific rules, we need some raw materials (
## AND logic
`Note`: Each compile supports a maximum of 8 clauses, which are connected by the logical 'AND' relationship, with clause index ranging from 0 to 7.
`Note`: Each rule supports a maximum of 8 clauses, which are connected by the logical 'AND' relationship, with clause index ranging from 0 to 7.
* case1: Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.20 from accessing the website www.baidu.com.
@@ -41,7 +41,7 @@ Before showing how to configure the specific rules, we need some raw materials (
* www.baidu.com => group_id(201)
```bash
compile(rule) = clause1 & clause2
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, group2, clause_index2}
= {2, 211, 1} & {1, 201, 2}
```
@@ -52,14 +52,14 @@ compile(rule) = clause1 & clause2
* 端口80 ~ 80 => group_id(221)
```bash
compile(rule) = clause1 & clause2
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, group2, clause_index2}
= {2, 211, 1} & {3, 221, 2}
```
The JSON configuration for the logical `AND` can be referenced at [unit_test Json configuration](../test/maat_json.json) with compile_id=152.
The JSON configuration for the logical `AND` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=152.
group_name: "152_mail_addr" and group_name: "interval_group_refered" are two clauses of this compile, with a logical `AND` relationship between them.
group_name: "152_mail_addr" and group_name: "interval_group_refered" are two clauses of this rule, with a logical `AND` relationship between them.
## OR logic
@@ -73,7 +73,7 @@ group_name: "152_mail_addr" and group_name: "interval_group_refered" are two cla
* www.baidu.com => group_id(201)
```bash
compile(rule) = clause1 & clause2
rule(rule) = clause1 & clause2
= {vtable1, (group1 | group2), clause_index1} & {vtable2, group3, clause_index2}
= {2, (211 | 212), 1} & {1, 201, 2}
```
@@ -85,12 +85,12 @@ compile(rule) = clause1 & clause2
* port 443 ~ 443 => group_id(222)
```bash
compile(rule) = clause1 & clause2
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, (group2 | group3), clause_index2}
= {2, 211, 1} & {3, (221 | 222), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with compile_id=152.
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=152.
group_name: "152_mail_addr" contains two regions(items) with a logical `OR` relationship between them.
@@ -105,7 +105,7 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela
* www.baidu.com => group_id(201)
```bash
compile(rule) = clause1 & !clause2
rule(rule) = clause1 & !clause2
= {vtable1, group1, clause_index1} & !{vtable2, group2, clause_index2}
= {2, 211, 1} & !{1, 201, 2}
```
@@ -117,14 +117,14 @@ compile(rule) = clause1 & !clause2
* port 443 ~ 443 => group_id(222)
```bash
compile(rule) = clause1 & !clause2
rule(rule) = clause1 & !clause2
= {vtable1, group1, clause_index1} & !{vtable2, (group2 | group3), clause_index2}
= {2, 211, 1} & !{3, (221 | 222), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with compile_id=145.
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=145.
The group_name: "123_IP_group" is a NOT clause of this compile.
The group_name: "123_IP_group" is a NOT clause of this rule.
## Group exclude
@@ -145,9 +145,9 @@ super_group1 = group1 exclude group2
= 210 exclude 211
```
And then configure the compile.
And then configure the rule.
```bash
compile(rule) = clause1 & clause2
rule(rule) = clause1 & clause2
= {vtable1, super_group1, clause_index1} & {vtable2, group2, clause_index2}
= {2, (210 exclude 211), 1} & {1, 201, 2}
```
@@ -164,13 +164,13 @@ super_group2 = group2 exclude group3
= 202 exclude 201
```
And then configure the compile.
And then configure the rule.
```bash
compile(rule) = clause1 & clause2
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, super_group2, clause_index2}
= {2, 211, 1} & {1, (202 exclude 201), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with compile_id=200.
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=200.
The group_name: "ExcludeLogicGroup200" is a super group that includes an include group "ExcludeLogicGroup200_1" and an exclude group "ExcludeLogicGroup200_2".

74
docs/maat_table.md
View File

@@ -11,8 +11,8 @@ Maat tables are divided into two categories: physical tables that actually exist
The types of physical tables are as follows:
- [item table](#11-item-table)
- [compile table](#12-compile-table)
- [group2compile table](#13-group2compile-table)
- [rule table](#12-rule-table)
- [group2rule table](#13-group2rule-table)
- [group2group table](#14-group2group-table)
- [plugin table](#15-plugin-table)
- [ip_plugin table](#16-ip_plugin-table)
@@ -43,7 +43,7 @@ Each item table must has the following columns:
- is_valid: In incremental updates, 1(valid means add) 0(invalid means del)
The range of item_id(group_id, compile_id) is 02^63which is 8 bytes.
The range of item_id(group_id, rule_id) is 02^63which is 8 bytes.
#### 1.1.1 <a name='exprtable'></a> expr item table
@@ -52,7 +52,7 @@ Describe matching rules for strings.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------------- | ------- |
| **item_id** | LONG LONG | primary key |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2rule table |
| **keywords** | VARCHAR2(1024) | field to match during scanning |
| **expr_type** | INT | 0(keywords), 1(AND expr), 2(regular expr), 3(substring with offset)
| **match_method** | INT | only useful when expr_type is 0. 0(sub), 1(suffix), 2(prefix), 3(exactly) |
@@ -158,7 +158,7 @@ Describe extended matching rules for strings by adding the district column.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------------- | ------- |
| **item_id** | LONG LONG | primary key |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2rule table |
| **district** | VARCHAR2(1024) | describe the effective position of the keywords |
| **keywords** | VARCHAR2(1024) | field to match during scanning |
| **expr_type** | INT | 0(keywords), 1(AND expr), 2(regular expr), 3(substring with offset)
@@ -183,7 +183,7 @@ Describe matching rules for IP address. Both the address and port are represente
| **FieldName** | **type** | **constraint** |
| -------------- | ------------ | -------------- |
| **item_id** | LONG LONG | primary key |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | LONG LONG | leaf group id, can be referenced by group2group & group2rule table |
| **addr_type** | INT | Ipv4 = 4 Ipv6 = 6 |
| **addr_format**| VARCHAR2(40) | ip addr format, single/range/CIDR/mask |
| **ip1** | VARCHAR2(40) | start ip |
@@ -197,7 +197,7 @@ Determine whether an integer is within a certain numerical range.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **low_boundary** | INT | lower bound of the numerical range(including lb), 0 ~ (2^32 - 1)|
| **up_boundary** | INT | upper bound of the numerical range(including ub), 0 ~ (2^32 - 1)|
| **is_valid** | INT | 0(invalid), 1(valid) |
@@ -209,7 +209,7 @@ Describe extended matching rules for integer by adding the district column.
| **FieldName** | **type** | **constraint** |
| ---------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **district** | VARCHAR2(1024)| describe the effective position of the keywords |
| **low_boundary** | INT | lower bound of the numerical range(including lb), 0 ~ (2^32 - 1)|
| **up_boundary** | INT | upper bound of the numerical range(including ub), 0 ~ (2^32 - 1)|
@@ -220,7 +220,7 @@ Describe extended matching rules for integer by adding the district column.
| **FieldName** | **type** | **constraint** |
| ------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **flag** | INT | flag, 0 ~ (2^32 - 1)|
| **flag_mask** | INT | flag_mask, 0 ~ (2^32 - 1)|
| **is_valid** | INT | 0(invalid), 1(valid) |
@@ -230,31 +230,31 @@ Describe extended matching rules for integer by adding the district column.
| **FieldName** | **type** | **constraint** |
| ------------- | -------- | -------------- |
| **item_id** | INT | primary key |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2compile table |
| **group_id** | INT | leaf group id, can be referenced by group2group & group2rule table |
| **district** | INT | describe the effective position of the flag |
| **flag** | INT | flag, 0 ~ (2^32 - 1)|
| **flag_mask** | INT | flag_mask, 0 ~ (2^32 - 1)|
| **is_valid** | INT | 0(invalid), 1(valid) |
### 1.2 <a name='CompileTable'></a> compile table
### 1.2 <a name='RuleTable'></a> rule table
Describe the specific policy, one maat instance can has multiple compile tables with different names.
Describe the specific policy, one maat instance can has multiple rule tables with different names.
| **FieldName** | **type** | **constraint** |
| -------------- | -------------- | --------------- |
| **compile_id** | LONG LONG | primary key, compile id |
| **rule_id** | LONG LONG | primary key, rule id |
| **tags** | VARCHAR2(1024) | default 0means no tag |
| **is_valid** | INT | 0(invalid)1(valid) |
| **clause_num** | INT | no more than 8 clauses |
### 1.3 <a name='Group2CompileTable'></a> group2compile table
### 1.3 <a name='Group2RuleTable'></a> group2rule table
Describe the relationship between group and compile.
Describe the relationship between group and rule.
| **FieldName** | **type** | **constraint** |
| ----------------- | ------------- | -------------- |
| **group_ids** | VARCHAR(256) | group ids are separated by commas(g1,g2,g3) |
| **compile_id** | LONG LONG | compile id |
| **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) |
| **not_flag** | INT | logical 'NOT', identify a NOT clause, 0(no) 1(yes) |
| **virtual_table** | VARCHAR2(256) | virtual table name, NOT NULL |
@@ -402,7 +402,7 @@ Configuration tags are tags stored on compilation configurations or group config
Maat loads the configuration of different types of tables into memory to form the corresponding runtime for each table. We can see all table types from the table schema, and the runtime for the item table is similar, as it is an abstraction of the scanning engine. When we provide the data to be scanned and call the corresponding scanning interface, we can return whether the item is hit or not, and if it is hit, we can return the corresponding items group_id.
From the [configuration relationship](./overview.md#12-configuration-relationship) diagram, we can see how the hit group is referenced by other groups or compiles. If a hit group is referenced by other groups or compiles, there will be one or more hit paths that follow the `item_id -> group_id` {-> super group_id} `-> compile_id`. This requires two special runtimes: group2group_runtime and compile_runtime.
From the [configuration relationship](./overview.md#12-configuration-relationship) diagram, we can see how the hit group is referenced by other groups or rules. If a hit group is referenced by other groups or rules, there will be one or more hit paths that follow the `item_id -> group_id` {-> super group_id} `-> rule_id`. This requires two special runtimes: group2group_runtime and rule_runtime.
Based on this, we can divide the runtime into the following three categories:
@@ -412,9 +412,9 @@ Based on this, we can divide the runtime into the following three categories:
* flag_runtime
* interval_runtime
2. group & compile table runtime
2. group & rule table runtime
* group2group_runtime
* compile_runtime
* rule_runtime
3. xx_plugin table runtime
* plugin_runtime
@@ -431,47 +431,47 @@ Among the four types of runtimes mentioned above, `expr_runtime` is relatively u
**Note**: Due to the inability to unify the native rulescan usage with hyperscan, a partial refactoring has been done on rulescan. The refactored rulescan follows the same interface and usage as hyperscan, making it compatible with the design of the expr_matcher abstraction layer.
### 2.2 group & compile table runtime
### 2.2 group & rule table runtime
#### 2.2.1 group2group runtime
The `group2group_runtime` is a runtime that is built based on the reference relationships between groups, which are stored in the [group2group table](#14-group2group-table). From the [group hierarchy](./group_hierarchy.md), we can understand that if a hit occurs in a leaf group that is referenced by other groups, there may be certain super groups that are also hit. This is exactly the functionality provided by this runtime.
#### 2.2.2 compile runtime
#### 2.2.2 rule runtime
In addition to the compile table, there is also the group2compile table in the table schema. However, from a runtime perspective, the configurations of these two tables together constitute compile_runtime. This means that there is no standalone group2compile_runtime. Compile_runtime is the most complex among all runtime types because it serves multiple functions.
In addition to the rule table, there is also the group2rule table in the table schema. However, from a runtime perspective, the configurations of these two tables together constitute rule_runtime. This means that there is no standalone group2rule_runtime. Rule_runtime is the most complex among all runtime types because it serves multiple functions.
**Note:** This will involve the terminology of [clause](./terminology.md#clause).
1. For expressions without NOT-clauses, returning the matched compile_id:
1. For expressions without NOT-clauses, returning the matched rule_id:
* compile1 = clause1 & clause2 = {vtable1, g1} & {vtable2, g2}
* rule1 = clause1 & clause2 = {vtable1, g1} & {vtable2, g2}
* compile2 = clause1 & clause2 = {vtable1, g2} & {vtable2, g3}
* rule2 = clause1 & clause2 = {vtable1, g2} & {vtable2, g3}
Given the matched vtable_id and group_id, all matching compile_ids can be provided. For example, if scanning vtable1 matches g2 and vtable2 matches g3, compile_runtime will return the matched compile_id 2.
Given the matched vtable_id and group_id, all matching rule_ids can be provided. For example, if scanning vtable1 matches g2 and vtable2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with NOT-clauses, returning the matched compile_id:
2. For expressions with NOT-clauses, returning the matched rule_id:
* compile3 = clause1 & !clause2 = {vtable1, g1} & !{vtable2, g2}
* rule3 = clause1 & !clause2 = {vtable1, g1} & !{vtable2, g2}
* compile4 = !clause1 & clause2 = !{vtable1, g2} & {vtable2, g3}
* rule4 = !clause1 & clause2 = !{vtable1, g2} & {vtable2, g3}
If scanning vtable1 matches g1 and vtable2 matches g3, compile_runtime will return the matched compile_id 4.
If scanning vtable1 matches g1 and vtable2 matches g3, rule_runtime will return the matched rule_id 4.
3. If a compile_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> clause{**vtable_id, not_flag, clause_index} -> compile_id**. If the matched group is not referenced by a compile, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> clause{**vtable_id, not_flag, clause_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
4. Getting the matched group_ids and the count of hit groups.
The internal structure of compile_runtime is as follows, including the control plane for configuration loading and the data plane for external calls.
The internal structure of rule_runtime is as follows, including the control plane for configuration loading and the data plane for external calls.
![compile runtime](./imgs/compile-runtime.png)
![rule runtime](./imgs/rule-runtime.png)
* **Control plane**
Compile runtime loads the compile table and group2compile table configurations into memory, assigning a unique clause_id to all clauses of each compile. The following three parts are constructed based on the clause_id:
Rule runtime loads the rule table and group2rule table configurations into memory, assigning a unique clause_id to all clauses of each rule. The following three parts are constructed based on the clause_id:
1. All clause_ids under the same compile are used to construct AND expressions, and all compile AND expressions are used to build a bool_matcher.
1. All clause_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
2. For not_flag=0 (clauses), a `clause_id hash` is built, key:{group_id, vtable_id, not_flag}, value:clause_id.
@@ -491,12 +491,12 @@ On the data plane, services are provided externally through the maat API, primar
* Identify the group_ids in vtable_id table that appear in the NOT_clause and add them to the `NOT_clause_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_clause_group` for the vtable_id table.
* Use the hit clause_ids to determine if there are any hit compile_ids. If there are, populate the half-hit path which will become full-hit path.
* Use the hit clause_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate NOT-clause logic.
* Traverse the `NOT_clause_group` of `vtable_id`. For each `group_id`, form a key `{group_id, vtable_id, 1}` to obtain the `NOT_clause_id`. If it is in the `exclude clause_ids` set, ignore it; otherwise, add it to the `all hit clause_ids` set as a hit `NOT_clause_id`, and record the half-hit path of the NOT-clause.
* Use the `all hit clause_ids` to calculate if there are any newly hit compile_ids. If there are, populate the half-hit path of the NOT-clause which will become full-hit path.
* Use the `all hit clause_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-clause which will become full-hit path.
3. **xx_get_hit_path**: This interface is used to retrieve the hit path.

4
docs/monitor_tools.md
View File

@@ -28,13 +28,13 @@ The statistical information in the above figure is divided into two parts, part1
- garbage_queue_len: number of elements in the garbage queue
- hit_compile_num: total number of hits on compile
- hit_rule_num: total number of hits on rule
- state_num: total number of current maat_state
- per_state_num: number of bytes occupied by each maat_state on average
- compile_state_num: total number of current compile_state created within maat_state during partial hits or hits
- rule_state_num: total number of current rule_state created within maat_state during partial hits or hits
- stream_num: total number of scanned streams

12
docs/overview.md
View File

@@ -7,7 +7,7 @@ Before proceeding, please make sure you are familiar with the [terminology](./te
As mentioned in the readme, maat has two typical usage patterns:
**Pattern 1**
* Update rules in the item table, group2compile table, and compile table
* Update rules in the item table, group2rule table, and rule table
* Call the maat scanning api to determine if the actual traffic hits the effective rules
* If a rule is hit, maat can provide detailed information about the hit rule
@@ -20,15 +20,15 @@ As mentioned in the readme, maat has two typical usage patterns:
Different types of configurations are stored in different tables. For all configuration types, please refer to the [table schema](./maat_table.md#1-table-schema).
The physical tables are mainly divided into three categories: the item table, group compile relationship table (compile table, group2compile table, group2group table), and xx_plugin table. The first two types of tables are used for maat traffic scanning, while the xx_plugin table is used as a callback table, which can obtain the detailed configuration information for a specific key.
The physical tables are mainly divided into three categories: the item table, group rule relationship table (rule table, group2rule table, group2group table), and xx_plugin table. The first two types of tables are used for maat traffic scanning, while the xx_plugin table is used as a callback table, which can obtain the detailed configuration information for a specific key.
### 1.2 Configuration relationship
As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, clause, compile, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users.
As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, clause, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users.
In addition, groups support nesting. For more detailed information, please refer to [group hierarchy](./group_hierarchy.md).
If we define literal_id = {virtual_table_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same clause have a logical “OR” relationship. The multiple clauses that form the same compile have a logical “AND” relationship, and there can be a maximum of 8 clauses within the same compile. In addition, the clause itself supports logical "NOT".
If we define literal_id = {virtual_table_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same clause have a logical “OR” relationship. The multiple clauses that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 clauses within the same rule. In addition, the clause itself supports logical "NOT".
<img src="./imgs/rule_diagram.png" width="800" height="450" >
@@ -56,7 +56,7 @@ The diagram illustrates the overall architecture of maat, including the control
* **Data Plane**
When calling the maat scanning interface, it subsequently calls the table runtime of the corresponding table, then proceeds to the scanning engine. Upon the scanning engine returning a hit group, it further searches for the matching `compile_id` through group2group runtime, group2compile runtime, and compile runtime, which is then returned to the caller. In addition, if the caller is interested in the hit path, they can also retrieve it through the interfaces provided by maat.
When calling the maat scanning interface, it subsequently calls the table runtime of the corresponding table, then proceeds to the scanning engine. Upon the scanning engine returning a hit group, it further searches for the matching `rule_id` through group2group runtime, group2rule runtime, and rule runtime, which is then returned to the caller. In addition, if the caller is interested in the hit path, they can also retrieve it through the interfaces provided by maat.
The scanning mentioned above all uses the `effective runtime`. If there are configuration changes, it will trigger the construction of `updating runtime`. Once this construction is completed, it will become effective runtime, and the original effective runtime will be put into the garbage collection queue waiting to be recycled.
@@ -117,7 +117,7 @@ All of the benchmarks are run on the same TSG-X device. Here are the details of
```bash
scan consume: The time consumption of a single scan, calculated as the average of 1,000,000 scans for each of the 5 threads.
In scenarios with different numbers of rules, each rule hits only one item → one compile.
In scenarios with different numbers of rules, each rule hits only one item → one rule.
Configuration capacity:

18
docs/terminology.md
View File

@@ -2,7 +2,7 @@
* [Item](#item)
* [Group(Object)](#groupobject)
* [Compile(Policy)](#compilepolicy)
* [Rule(Policy)](#rulepolicy)
* [Clause(Condition)](#clause)
* [Literal](#literal)
* [Physical table](#physical-table)
@@ -42,17 +42,17 @@ A group defines a set that can contain different types of items and can also ref
- Group supports multi-level nesting, see [group hierarchy](./overview.md#groupobject-nesting-and-hierarchies)
- A Group can be referenced by different compiles.
- A Group can be referenced by different rules.
The relationship between group and group is stored in the [group2group table](./maat_table.md#14-group2group-table).
## Compile(Policy)
## Rule(Policy)
A conjunctive normal form(CNF) consisting of multiple groups and virtual tables.
`Note`: A compile can contain up to 8 clauses and multiple clauses in the same compile can be logical 'AND' and logical 'NOT' relationships.
`Note`: A rule can contain up to 8 clauses and multiple clauses in the same rule can be logical 'AND' and logical 'NOT' relationships.
The relationship between group and compile is stored in the [group2compile table](./maat_table.md#13-group2compile-table).
The relationship between group and rule is stored in the [group2rule table](./maat_table.md#13-group2rule-table).
<img src="./imgs/CNF.jpg" alt="exclude" style="zoom:80%" />
@@ -68,7 +68,7 @@ A Literal consists of `vtable_id(virtual table id)` and `group_id`. During the r
## Physical table
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [compile table](./maat_table.md#12-compile-table), [group2compile table](./maat_table.md#13-group2compile-table), [group2group table](./maat_table.md#14-group2group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [group2rule table](./maat_table.md#13-group2rule-table), [group2group table](./maat_table.md#14-group2group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
## Virtual table
@@ -86,7 +86,7 @@ Defines the type of table and the configuration format, determining the specific
## Table runtime
The runtime generated by loading the configuration in the table into memory. Different tables have different runtimes. The group2compile table is merged with the corresponding compile table to generate a compile runtime, meaning there is no separate group2compile runtime.
The runtime generated by loading the configuration in the table into memory. Different tables have different runtimes. The group2rule table is merged with the corresponding rule table to generate a rule runtime, meaning there is no separate group2rule runtime.
Different scanning api use runtimes of different tables. For example, the HTTP_URL table is of type expr, and its corresponding scanning interface is maat_scan_string. Therefore, when calling this scanning interface, the API internally uses the runtime of the HTTP_URL table to perform the actual scanning task.
@@ -112,11 +112,11 @@ Maat supports not only block-based scanning but also stream-based scanning. For
## Half/Full hit
From the diagram of [configuration relationship](./overview.md#12-configuration-relationship), it can be seen that if the group that is hit is not referenced by compile, or even if referenced by compile, but after logical operations no compile is hit, then this hit is called a half hit; if a compile is hit, then this hit is called a full hit.
From the diagram of [configuration relationship](./overview.md#12-configuration-relationship), it can be seen that if the group that is hit is not referenced by rule, or even if referenced by rule, but after logical operations no rule is hit, then this hit is called a half hit; if a rule is hit, then this hit is called a full hit.
## Hit path
From the relationship of item, group, and compile mentioned above, if a scan hits a certain compile, there must be a logical path composed of item_id -> group_id -> compile_id. Maat names this path the hit path. If a group has nested references, the hit path should be item_id -> sub_group_id -> group_id -> compile_id.
From the relationship of item, group, and rule mentioned above, if a scan hits a certain rule, there must be a logical path composed of item_id -> group_id -> rule_id. Maat names this path the hit path. If a group has nested references, the hit path should be item_id -> sub_group_id -> group_id -> rule_id.
## Redis

18
include/maat.h
View File

@@ -35,7 +35,7 @@ struct maat_hit_path {
long long item_id;
long long sub_group_id;
long long top_group_id;
long long compile_id;
long long rule_id;
};
struct maat_hit_group {
@@ -46,9 +46,9 @@ struct maat_hit_group {
enum maat_scan_status {
MAAT_SCAN_ERR = -1, //scan error
MAAT_SCAN_OK, //scan but not hit(group or compile)
MAAT_SCAN_HALF_HIT, //half hit: hit group, not hit compile
MAAT_SCAN_HIT //scan hit compile
MAAT_SCAN_OK, //scan but not hit(group or rule)
MAAT_SCAN_HALF_HIT, //half hit: hit group, not hit rule
MAAT_SCAN_HIT //scan hit rule
};
enum maat_update_type {
@@ -245,9 +245,9 @@ struct maat_state;
* @param instance: maat instance created by maat_new()
* @param table_id: the id of table which to be scanned
* @param thread_id: thread index
* @param results: array to store hit compile id
* @param results: array to store hit rule id
* @param n_result: the array size
* @param n_hit_result: the number of hit compile id
* @param n_hit_result: the number of hit rule id
* @param state: scan mid status
*
* @retval MAAT_SCAN_ERR
@@ -316,13 +316,13 @@ void maat_state_free(struct maat_state *state);
int maat_state_set_scan_district(struct maat_state *state, int table_id,
const char *district, size_t district_len);
int maat_state_set_scan_compile_table(struct maat_state *state, int compile_table_id);
int maat_state_set_scan_rule_table(struct maat_state *state, int rule_table_id);
int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *path_array,
size_t array_size);
int maat_state_get_compile_table_ids(struct maat_state *state, long long *compile_ids,
size_t n_compile_ids, int *compile_table_ids);
int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids,
size_t n_rule_ids, int *rule_table_ids);
/**
* @brief get the total number of scans after maat_state_new

2
src/CMakeLists.txt
View File

@@ -13,7 +13,7 @@ add_definitions(-D_GNU_SOURCE)
add_definitions(-fPIC)
set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c
maat_core.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c
maat_compile.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c
maat_rule.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_virtual.c maat_stat.c)
set(LIB_SOURCE_FILES

137
src/inc_internal/maat_compile.h
View File

@@ -1,137 +0,0 @@
/*
**********************************************************************************************
* File: maat_compile.h
* Description:
* Authors: Liu wentan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_COMPILE_H_
#define _MAAT_COMPILE_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "cJSON/cJSON.h"
#include "rcu_hash.h"
#include "maat.h"
#include "maat_kv.h"
#include "maat_core.h"
struct compile_schema;
struct compile_runtime;
struct compile_state;
struct group2group_runtime;
/* compile schema API */
void *compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void compile_schema_free(void *compile_schema);
void *group2compile_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void group2compile_schema_free(void *g2c_schema);
int group2compile_associated_compile_table_id(void *g2c_schema);
/* compile runtime API */
void *compile_runtime_new(void *compile_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void compile_runtime_free(void *compile_runtime);
void compile_runtime_init(void *compile_runtime, struct maat_runtime *maat_rt);
int compile_runtime_update(void *compile_runtime, void *compile_schema,
const char *table_name, const char *line,
int valid_column);
int compile_runtime_commit(void *compile_runtime, const char *table_name,
long long maat_rt_version);
long long compile_runtime_rule_count(void *compile_runtime);
long long compile_runtime_update_err_count(void *compile_runtime);
int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids,
size_t compile_ids_size, struct maat_state *state);
size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, int thread_id,
struct compile_state *compile_state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path);
/* group2compile runtime API */
void *group2compile_runtime_new(void *g2c_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void group2compile_runtime_init(void *g2c_runtime, void *compile_runtime);
void group2compile_runtime_free(void *g2c_runtime);
int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema,
const char *table_name, const char *line,
int valid_column);
long long group2compile_runtime_not_clause_count(void *g2c_runtime);
long long group2compile_runtime_rule_count(void *g2c_runtime);
long long group2compile_runtime_update_err_count(void *g2c_runtime);
/* maat compile state API */
struct compile_state;
struct compile_state *compile_state_new(void);
void compile_state_reset(struct compile_state *compile_state);
void compile_state_free(struct compile_state *compile_state,
struct maat *maat_instance, int thread_id);
int compile_state_update(struct compile_state *compile_state, struct maat *maat_inst,
int vtable_id, int custom_compile_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void compile_state_clear_last_hit_group(struct compile_state *compile_state);
void compile_state_not_logic_update(struct compile_state *compile_state,
struct compile_runtime *compile_rt,
struct maat *maat_inst, int vtable_id,
int Nth_scan);
size_t compile_state_get_internal_hit_paths(struct compile_state *compile_state,
struct compile_runtime *compile_rt,
struct group2group_runtime *g2g_rt,
struct maat_hit_path *hit_path_array,
size_t array_size);
size_t compile_state_get_direct_hit_groups(struct compile_state *compile_state,
struct maat_hit_group *group_array,
size_t array_size);
size_t compile_state_get_direct_hit_group_cnt(struct compile_state *compile_state);
size_t compile_state_get_indirect_hit_groups(struct compile_state *compile_state,
struct maat_hit_group *group_array,
size_t array_size);
size_t compile_state_get_indirect_hit_group_cnt(struct compile_state *compile_state);
size_t compile_state_get_last_hit_groups(struct compile_state *compile_state,
struct maat_hit_group *group_arary,
size_t array_size);
size_t compile_state_get_last_hit_group_cnt(struct compile_state *compile_state);
int compile_state_get_compile_table_id(struct compile_state *compile_state,
long long compile_id);
#ifdef __cplusplus
}
#endif
#endif

12
src/inc_internal/maat_core.h
View File

@@ -8,8 +8,8 @@
***********************************************************************************************
*/
#ifndef _MAAT_RULE_H_
#define _MAAT_RULE_H_
#ifndef _MAAT_CORE_H_
#define _MAAT_CORE_H_
#ifdef __cplusplus
extern "C"
@@ -153,9 +153,9 @@ struct maat_stat {
long long *thread_call_cnt;
long long *stream_cnt;
long long *hit_compile_cnt;
long long *hit_rule_cnt;
long long *maat_state_cnt;
long long *compile_state_cnt;
long long *rule_state_cnt;
long long *maat_state_free_cnt;
long long *maat_state_free_bytes;
@@ -189,11 +189,11 @@ struct maat {
struct maat_state {
struct maat *maat_inst;
struct compile_state *compile_state;
struct rule_state *rule_state;
int Nth_scan;
int district_id; //-1: Any District; -2: Unkonwn District;
uint16_t thread_id;
int16_t compile_table_id;
int16_t rule_table_id;
uint8_t district_flag;
uint8_t logic_not_flag;
};

137
src/inc_internal/maat_rule.h Normal file
View File

@@ -0,0 +1,137 @@
/*
**********************************************************************************************
* File: maat_rule.h
* Description:
* Authors: Liu wentan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_RULE_H_
#define _MAAT_RULE_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "cJSON/cJSON.h"
#include "rcu_hash.h"
#include "maat.h"
#include "maat_kv.h"
#include "maat_core.h"
struct rule_schema;
struct rule_runtime;
struct rule_state;
struct group2group_runtime;
/* rule schema API */
void *rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void rule_schema_free(void *rule_schema);
void *group2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void group2rule_schema_free(void *g2c_schema);
int group2rule_associated_rule_table_id(void *g2c_schema);
/* rule runtime API */
void *rule_runtime_new(void *rule_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void rule_runtime_free(void *rule_runtime);
void rule_runtime_init(void *rule_runtime, struct maat_runtime *maat_rt);
int rule_runtime_update(void *rule_runtime, void *rule_schema,
const char *table_name, const char *line,
int valid_column);
int rule_runtime_commit(void *rule_runtime, const char *table_name,
long long maat_rt_version);
long long rule_runtime_rule_count(void *rule_runtime);
long long rule_runtime_update_err_count(void *rule_runtime);
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
size_t rule_ids_size, struct maat_state *state);
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_state *rule_state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path);
/* group2rule runtime API */
void *group2rule_runtime_new(void *g2c_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void group2rule_runtime_init(void *g2c_runtime, void *rule_runtime);
void group2rule_runtime_free(void *g2c_runtime);
int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
const char *table_name, const char *line,
int valid_column);
long long group2rule_runtime_not_clause_count(void *g2c_runtime);
long long group2rule_runtime_rule_count(void *g2c_runtime);
long long group2rule_runtime_update_err_count(void *g2c_runtime);
/* maat rule state API */
struct rule_state;
struct rule_state *rule_state_new(void);
void rule_state_reset(struct rule_state *rule_state);
void rule_state_free(struct rule_state *rule_state,
struct maat *maat_instance, int thread_id);
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
int vtable_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void rule_state_clear_last_hit_group(struct rule_state *rule_state);
void rule_state_not_logic_update(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int vtable_id,
int Nth_scan);
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
struct group2group_runtime *g2g_rt,
struct maat_hit_path *hit_path_array,
size_t array_size);
size_t rule_state_get_direct_hit_groups(struct rule_state *rule_state,
struct maat_hit_group *group_array,
size_t array_size);
size_t rule_state_get_direct_hit_group_cnt(struct rule_state *rule_state);
size_t rule_state_get_indirect_hit_groups(struct rule_state *rule_state,
struct maat_hit_group *group_array,
size_t array_size);
size_t rule_state_get_indirect_hit_group_cnt(struct rule_state *rule_state);
size_t rule_state_get_last_hit_groups(struct rule_state *rule_state,
struct maat_hit_group *group_arary,
size_t array_size);
size_t rule_state_get_last_hit_group_cnt(struct rule_state *rule_state);
int rule_state_get_rule_table_id(struct rule_state *rule_state,
long long rule_id);
#ifdef __cplusplus
}
#endif
#endif

16
src/inc_internal/maat_table.h
View File

@@ -39,9 +39,9 @@ enum table_type {
TABLE_TYPE_BOOL_PLUGIN,
//above are physical table
TABLE_TYPE_VIRTUAL,
TABLE_TYPE_COMPILE,
TABLE_TYPE_RULE,
TABLE_TYPE_GROUP2GROUP,
TABLE_TYPE_GROUP2COMPILE,
TABLE_TYPE_GROUP2RULE,
TABLE_TYPE_MAX
};
@@ -65,14 +65,14 @@ int table_manager_get_table_id(struct table_manager *tbl_mgr, const char *table_
* @brief get table_name's all conjunction parents' table_id
*
* for example: "table_id": 1,
* "table_name":"COMPILE_CONJ"
* "db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"]
* "table_name":"RULE_CONJ"
* "db_tables":["RULE_DEFAULT", "RULE_ALIAS"]
*
* "table_id": 2,
* "table_name": "COMPILE_PLUGIN",
* "db_tables": ["COMPILE_DEFAULT"]
* "table_name": "RULE_PLUGIN",
* "db_tables": ["RULE_DEFAULT"]
*
* so COMPILE_DEFAULT has two conjunction parents whose table_id is 1 and 2.
* so RULE_DEFAULT has two conjunction parents whose table_id is 1 and 2.
*/
int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const char *table_name,
long long *table_ids_array, size_t n_table_ids_array);
@@ -84,7 +84,7 @@ const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, in
enum table_type table_manager_get_table_type(struct table_manager *tbl_mgr, int table_id);
int table_manager_get_default_compile_table_id(struct table_manager *tbl_mgr);
int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr);
int table_manager_get_group2group_table_id(struct table_manager *tbl_mgr);
int table_manager_get_valid_column(struct table_manager *tbl_mgr, int table_id);

2
src/inc_internal/maat_utils.h
View File

@@ -55,7 +55,7 @@ extern "C"
#endif
#define MAX_HIT_PATH_NUM 4096
#define MAX_HIT_COMPILE_NUM 4096
#define MAX_HIT_RULE_NUM 4096
#define MAX_HIT_GROUP_NUM 4096
#define MAX_HIT_ITEM_NUM 4096

206
src/json2iris.c
View File

@@ -35,7 +35,7 @@ const char *untitled_group_name = "Untitled";
long long untitled_group_id = 123456789;
enum maat_group_relation {
PARENT_TYPE_COMPILE = 0,
PARENT_TYPE_RULE = 0,
PARENT_TYPE_GROUP
};
@@ -68,8 +68,8 @@ struct iris_description {
struct iris_table *group_table;
struct iris_table *group2group_table;
struct iris_table *group2compile_table;
struct iris_table *compile_table;
struct iris_table *group2rule_table;
struct iris_table *rule_table;
struct group_info *group_name_map;
struct iris_table *iris_table_map;
@@ -130,7 +130,7 @@ static void free_iris_table_info(void *p)
static int
set_iris_descriptor(const char *json_file, cJSON *json,
const char *encrypt_key, const char *encrypt_algo,
const char *compile_tn, const char *group2compile_tn,
const char *rule_tn, const char *group2rule_tn,
const char* group2group_tn, redisContext *redis_write_ctx,
struct iris_description *iris_cfg)
{
@@ -181,10 +181,10 @@ set_iris_descriptor(const char *json_file, cJSON *json,
maat_kv_register(iris_cfg->str2int_map, "hexbin", 1);
maat_kv_register(iris_cfg->str2int_map, "case plain", 2);
iris_cfg->compile_table = query_table_info(iris_cfg, compile_tn,
TABLE_TYPE_COMPILE);
iris_cfg->group2compile_table = query_table_info(iris_cfg, group2compile_tn,
TABLE_TYPE_GROUP2COMPILE);
iris_cfg->rule_table = query_table_info(iris_cfg, rule_tn,
TABLE_TYPE_RULE);
iris_cfg->group2rule_table = query_table_info(iris_cfg, group2rule_tn,
TABLE_TYPE_GROUP2RULE);
iris_cfg->group2group_table = query_table_info(iris_cfg, group2group_tn,
TABLE_TYPE_GROUP2GROUP);
@@ -571,14 +571,14 @@ write_interval_line(cJSON *region_json, struct iris_description *p_iris,
}
static int
write_region_rule(cJSON *region_json, int compile_id, int group_id,
write_region_rule(cJSON *region_json, int rule_id, int group_id,
struct iris_description *p_iris, struct log_handle *logger)
{
cJSON *item = cJSON_GetObjectItem(region_json, "table_name");
if (NULL == item || item->type != cJSON_String) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d's table_name not defined "
"or format error", __FUNCTION__, __LINE__, compile_id);
"[%s:%d] rule rule %d's table_name not defined "
"or format error", __FUNCTION__, __LINE__, rule_id);
return -1;
}
const char *table_name = item->valuestring;
@@ -586,9 +586,9 @@ write_region_rule(cJSON *region_json, int compile_id, int group_id,
item = cJSON_GetObjectItem(region_json, "table_type");
if (NULL == item || item->type != cJSON_String) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d's table name %s's table_type "
"[%s:%d] rule rule %d's table name %s's table_type "
"not defined or format error", __FUNCTION__, __LINE__,
compile_id, table_name);
rule_id, table_name);
return -1;
}
@@ -597,17 +597,17 @@ write_region_rule(cJSON *region_json, int compile_id, int group_id,
int ret = maat_kv_read(p_iris->str2int_map, table_type_str, &table_type_int, 1);
if (ret != 1) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d table name %s's table_type %s invalid",
__FUNCTION__, __LINE__, compile_id, table_name, table_type_str);
"[%s:%d] rule rule %d table name %s's table_type %s invalid",
__FUNCTION__, __LINE__, rule_id, table_name, table_type_str);
return -1;
}
cJSON *table_content = cJSON_GetObjectItem(region_json, "table_content");
if (NULL == table_content || table_content->type != cJSON_Object) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d table name %s's table_content "
"[%s:%d] rule rule %d table name %s's table_content "
"not defined or format error", __FUNCTION__, __LINE__,
compile_id, table_name);
rule_id, table_name);
return -1;
}
@@ -642,8 +642,8 @@ write_region_rule(cJSON *region_json, int compile_id, int group_id,
}
static int
write_group2compile_line(int *group_ids, size_t n_group_id,
int compile_id, int group_not_flag,
write_group2rule_line(int *group_ids, size_t n_group_id,
int rule_id, int group_not_flag,
int clause_index, const char *vtable,
struct iris_description *p_iris,
struct iris_table *g2c_table)
@@ -654,10 +654,10 @@ write_group2compile_line(int *group_ids, size_t n_group_id,
if (g2c_table != NULL) {
table = g2c_table;
} else {
if (NULL == p_iris->group2compile_table) {
if (NULL == p_iris->group2rule_table) {
return -1;
}
table = p_iris->group2compile_table;
table = p_iris->group2rule_table;
}
if (n_group_id > 1) {
@@ -670,10 +670,10 @@ write_group2compile_line(int *group_ids, size_t n_group_id,
}
group_id_str[strlen(group_id_str) - 1] = '\0';
snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str,
compile_id, group_not_flag, vtable, clause_index);
rule_id, group_not_flag, vtable, clause_index);
} else {
snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0],
compile_id, group_not_flag, vtable, clause_index);
rule_id, group_not_flag, vtable, clause_index);
}
table->write_pos += memcat(&(table->buff), table->write_pos,
@@ -748,7 +748,7 @@ write_group2group_line(int group_id, UT_array *incl_sub_group_ids,
static int
write_group_rule(cJSON *group_json, int parent_id,
int parent_type, int tracking_compile_id,
int parent_type, int tracking_rule_id,
int Nth_group, struct iris_description *p_iris,
struct log_handle *logger)
{
@@ -774,7 +774,7 @@ write_group_rule(cJSON *group_json, int parent_id,
cJSON *tmp_json = cJSON_GetArrayItem(item, i);
if (NULL == tmp_json || tmp_json->type != cJSON_String) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] group_name of compile:%d format error",
"[%s:%d] group_name of rule:%d format error",
__FUNCTION__, __LINE__, parent_id);
return -1;
}
@@ -789,7 +789,7 @@ write_group_rule(cJSON *group_json, int parent_id,
group_id = item->valueint;
}
if (parent_type == PARENT_TYPE_COMPILE) {
if (parent_type == PARENT_TYPE_RULE) {
item = cJSON_GetObjectItem(group_json, "virtual_table");
if (NULL == item || item->type != cJSON_String) {
virtual_table = "null";
@@ -814,7 +814,7 @@ write_group_rule(cJSON *group_json, int parent_id,
item = cJSON_GetObjectItem(group_json, "g2c_table_name");
if (item != NULL && item->type == cJSON_String) {
g2c_table = query_table_info(p_iris, item->valuestring,
TABLE_TYPE_GROUP2COMPILE);
TABLE_TYPE_GROUP2RULE);
}
}
@@ -831,8 +831,8 @@ write_group_rule(cJSON *group_json, int parent_id,
}
group_ids[i] = group_info->group_id;
}
assert(parent_type == PARENT_TYPE_COMPILE);
ret = write_group2compile_line(group_ids, group_name_cnt, parent_id,
assert(parent_type == PARENT_TYPE_RULE);
ret = write_group2rule_line(group_ids, group_name_cnt, parent_id,
group_not_flag, clause_index,
virtual_table, p_iris, g2c_table);
@@ -858,12 +858,12 @@ write_group_rule(cJSON *group_json, int parent_id,
if (region_json != NULL) {
cJSON *region_rule = NULL;
cJSON_ArrayForEach(region_rule, region_json) {
ret = write_region_rule(region_rule, tracking_compile_id,
ret = write_region_rule(region_rule, tracking_rule_id,
group_info->group_id, p_iris, logger);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d write region error",
__FUNCTION__, __LINE__, tracking_compile_id);
"[%s:%d] rule rule %d write region error",
__FUNCTION__, __LINE__, tracking_rule_id);
return -1;
}
}
@@ -876,7 +876,7 @@ write_group_rule(cJSON *group_json, int parent_id,
cJSON_ArrayForEach(item, sub_groups) {
i++;
ret = write_group_rule(item, group_info->group_id,
PARENT_TYPE_GROUP, tracking_compile_id,
PARENT_TYPE_GROUP, tracking_rule_id,
i, p_iris, logger);
if (ret < 0) {
return -1;
@@ -886,19 +886,19 @@ write_group_rule(cJSON *group_json, int parent_id,
if (NULL == region_json && NULL == sub_groups) {
log_info(logger, MODULE_JSON2IRIS,
"[%s:%d] A group of compile rule %d has neither regions, "
"[%s:%d] A group of rule rule %d has neither regions, "
"sub groups, nor refered another existed group",
__FUNCTION__, __LINE__, tracking_compile_id);
__FUNCTION__, __LINE__, tracking_rule_id);
}
}
if (parent_type == PARENT_TYPE_COMPILE) {
ret = write_group2compile_line(&(group_info->group_id), 1, parent_id,
if (parent_type == PARENT_TYPE_RULE) {
ret = write_group2rule_line(&(group_info->group_id), 1, parent_id,
group_not_flag, clause_index,
virtual_table, p_iris, g2c_table);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile:%d write group error",
"[%s:%d] rule:%d write group error",
__FUNCTION__, __LINE__, parent_id);
return -1;
}
@@ -909,19 +909,19 @@ write_group_rule(cJSON *group_json, int parent_id,
}
static int
write_compile_line(cJSON *compile, struct iris_description *p_iris,
write_rule_line(cJSON *rule, struct iris_description *p_iris,
struct log_handle *logger)
{
cJSON *item=cJSON_GetObjectItem(compile, "compile_id");
cJSON *item=cJSON_GetObjectItem(rule, "rule_id");
if (item->type != cJSON_Number) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile_id format not number",
"[%s:%d] rule_id format not number",
__FUNCTION__, __LINE__);
return -1;
}
int compile_id = item->valueint;
int rule_id = item->valueint;
cJSON *group_array = cJSON_GetObjectItem(compile, "groups");
cJSON *group_array = cJSON_GetObjectItem(rule, "groups");
int group_num = cJSON_GetArraySize(group_array);
int *clause_ids = ALLOC(int, group_num);
int clause_num = 0;
@@ -950,80 +950,80 @@ write_compile_line(cJSON *compile, struct iris_description *p_iris,
clause_num = group_num;
}
cJSON_AddNumberToObject(compile, "clause_num", clause_num);
cJSON_AddNumberToObject(rule, "clause_num", clause_num);
struct translate_command compile_cmd[MAX_COLUMN_NUM];
memset(compile_cmd, 0, sizeof(compile_cmd));
struct translate_command rule_cmd[MAX_COLUMN_NUM];
memset(rule_cmd, 0, sizeof(rule_cmd));
int cmd_cnt = 0;
compile_cmd[cmd_cnt].json_string = "compile_id";
compile_cmd[cmd_cnt].json_type = cJSON_Number;
rule_cmd[cmd_cnt].json_string = "rule_id";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "service";
compile_cmd[cmd_cnt].json_type = cJSON_Number;
rule_cmd[cmd_cnt].json_string = "service";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "action";
compile_cmd[cmd_cnt].json_type = cJSON_Number;
rule_cmd[cmd_cnt].json_string = "action";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "do_blacklist";
compile_cmd[cmd_cnt].json_type = cJSON_Number;
rule_cmd[cmd_cnt].json_string = "do_blacklist";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "do_log";
compile_cmd[cmd_cnt].json_type = cJSON_Number;
rule_cmd[cmd_cnt].json_string = "do_log";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "tags";
compile_cmd[cmd_cnt].json_type = cJSON_String;
compile_cmd[cmd_cnt].empty_allowed = 1;
compile_cmd[cmd_cnt].default_string = "{}";
rule_cmd[cmd_cnt].json_string = "tags";
rule_cmd[cmd_cnt].json_type = cJSON_String;
rule_cmd[cmd_cnt].empty_allowed = 1;
rule_cmd[cmd_cnt].default_string = "{}";
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "user_region";
compile_cmd[cmd_cnt].json_type = cJSON_String;
rule_cmd[cmd_cnt].json_string = "user_region";
rule_cmd[cmd_cnt].json_type = cJSON_String;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "clause_num";
compile_cmd[cmd_cnt].json_type = cJSON_Number;
rule_cmd[cmd_cnt].json_string = "clause_num";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "is_valid";
compile_cmd[cmd_cnt].json_type = cJSON_String;
compile_cmd[cmd_cnt].str2int_flag = 1;
rule_cmd[cmd_cnt].json_string = "is_valid";
rule_cmd[cmd_cnt].json_type = cJSON_String;
rule_cmd[cmd_cnt].str2int_flag = 1;
cmd_cnt++;
compile_cmd[cmd_cnt].json_string = "modified_time";
compile_cmd[cmd_cnt].json_type = cJSON_String;
compile_cmd[cmd_cnt].empty_allowed = 1;
rule_cmd[cmd_cnt].json_string = "modified_time";
rule_cmd[cmd_cnt].json_type = cJSON_String;
rule_cmd[cmd_cnt].empty_allowed = 1;
time_t curr_time;
time(&curr_time);
static char temp[21];
snprintf(temp, 21, "%ld", curr_time);
compile_cmd[cmd_cnt].default_string = temp;
rule_cmd[cmd_cnt].default_string = temp;
cmd_cnt++;
struct iris_table *table_info = NULL;
item = cJSON_GetObjectItem(compile,"compile_table_name");
item = cJSON_GetObjectItem(rule,"rule_table_name");
if (NULL == item || item->type != cJSON_String) {
if (NULL == p_iris->compile_table) {
if (NULL == p_iris->rule_table) {
return -1;
}
table_info = p_iris->compile_table;
table_info = p_iris->rule_table;
} else {
table_info = query_table_info(p_iris, item->valuestring, TABLE_TYPE_COMPILE);
table_info = query_table_info(p_iris, item->valuestring, TABLE_TYPE_RULE);
}
int ret = direct_write_rule(compile, p_iris->str2int_map, compile_cmd,
int ret = direct_write_rule(rule, p_iris->str2int_map, rule_cmd,
cmd_cnt, table_info, logger);
if (ret < 0) {
return -1;
}
return compile_id;
return rule_id;
}
static void write_table_idx(struct iris_description *p_iris,
@@ -1228,44 +1228,44 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
}
}
int compile_cnt = 0;
cJSON *compile_array = cJSON_GetObjectItem(json, "rules");
if (compile_array != NULL) {
compile_cnt = cJSON_GetArraySize(compile_array);
int rule_cnt = 0;
cJSON *rule_array = cJSON_GetObjectItem(json, "rules");
if (rule_array != NULL) {
rule_cnt = cJSON_GetArraySize(rule_array);
}
if (compile_cnt > 0) {
cJSON *compile_obj = NULL;
cJSON_ArrayForEach(compile_obj, compile_array) {
int compile_id = write_compile_line(compile_obj, p_iris, logger);
if (compile_id < 0) {
if (rule_cnt > 0) {
cJSON *rule_obj = NULL;
cJSON_ArrayForEach(rule_obj, rule_array) {
int rule_id = write_rule_line(rule_obj, p_iris, logger);
if (rule_id < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] In %d compile rule",
"[%s:%d] In %d rule rule",
__FUNCTION__, __LINE__, i);
return -1;
}
group_array = cJSON_GetObjectItem(compile_obj, "groups");
group_array = cJSON_GetObjectItem(rule_obj, "groups");
if (NULL == group_array) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d have no group",
__FUNCTION__, __LINE__, compile_id);
"[%s:%d] rule rule %d have no group",
__FUNCTION__, __LINE__, rule_id);
return -1;
}
int group_cnt = cJSON_GetArraySize(group_array);
if (group_cnt <= 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] compile rule %d have no groups",
__FUNCTION__, __LINE__, compile_id);
"[%s:%d] rule rule %d have no groups",
__FUNCTION__, __LINE__, rule_id);
return -1;
}
i = 0;
cJSON *group_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
ret = write_group_rule(group_obj, compile_id, PARENT_TYPE_COMPILE,
compile_id, i, p_iris, logger);
ret = write_group_rule(group_obj, rule_id, PARENT_TYPE_RULE,
rule_id, i, p_iris, logger);
if (ret < 0) {
return -1;
}
@@ -1273,8 +1273,8 @@ static int write_iris(cJSON *json, struct iris_description *p_iris,
}
}
cJSON_ArrayForEach(compile_obj, compile_array) {
cJSON *group_array = cJSON_GetObjectItem(compile_obj, "groups");
cJSON_ArrayForEach(rule_obj, rule_array) {
cJSON *group_array = cJSON_GetObjectItem(rule_obj, "groups");
cJSON *group_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
@@ -1306,8 +1306,8 @@ int json2iris(const char *json_buff, const char *json_filename,
{
int ret = -1;
cJSON *tmp_obj = NULL;
const char *compile_tbl_name = NULL;
const char *group2compile_tbl_name = NULL;
const char *rule_tbl_name = NULL;
const char *group2rule_tbl_name = NULL;
const char *group2group_tbl_name = NULL;
struct iris_description iris_cfg;
@@ -1321,14 +1321,14 @@ int json2iris(const char *json_buff, const char *json_filename,
goto error_out;
}
tmp_obj = cJSON_GetObjectItem(json, "compile_table");
tmp_obj = cJSON_GetObjectItem(json, "rule_table");
if (tmp_obj) {
compile_tbl_name = tmp_obj->valuestring;
rule_tbl_name = tmp_obj->valuestring;
}
tmp_obj = cJSON_GetObjectItem(json, "group2compile_table");
tmp_obj = cJSON_GetObjectItem(json, "group2rule_table");
if (tmp_obj) {
group2compile_tbl_name = tmp_obj->valuestring;
group2rule_tbl_name = tmp_obj->valuestring;
}
tmp_obj = cJSON_GetObjectItem(json, "group2group_table");
@@ -1337,7 +1337,7 @@ int json2iris(const char *json_buff, const char *json_filename,
}
ret = set_iris_descriptor(json_filename, json, encrypt_key, encrypt_algo,
compile_tbl_name, group2compile_tbl_name,
rule_tbl_name, group2rule_tbl_name,
group2group_tbl_name, redis_write_ctx, &iris_cfg);
if (ret < 0) {
goto error_out;

252
src/maat_api.c
View File

@@ -24,7 +24,7 @@
#include "maat_table.h"
#include "maat_config_monitor.h"
#include "maat_redis_monitor.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "alignment.h"
#include "ip_matcher.h"
#include "adapter_hs.h"
@@ -1300,23 +1300,23 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
}
static size_t
group_to_compile(struct maat *maat_inst, long long *results, size_t n_result,
group_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
struct maat_state *state)
{
int compile_table_id =
table_manager_get_default_compile_table_id(maat_inst->tbl_mgr);
int rule_table_id =
table_manager_get_default_rule_table_id(maat_inst->tbl_mgr);
if (state->compile_table_id > 0) {
compile_table_id = state->compile_table_id;
if (state->rule_table_id > 0) {
rule_table_id = state->rule_table_id;
}
void *compile_rt = table_manager_get_runtime(maat_inst->tbl_mgr,
compile_table_id);
if (NULL == compile_rt) {
void *rule_rt = table_manager_get_runtime(maat_inst->tbl_mgr,
rule_table_id);
if (NULL == rule_rt) {
return 0;
}
return compile_runtime_match((struct compile_runtime *)compile_rt,
return rule_runtime_match((struct rule_runtime *)rule_rt,
results, n_result, state);
}
@@ -1372,15 +1372,15 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_compile_cnt;
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
if (sum_hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
sum_hit_compile_cnt);
if (sum_hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
sum_hit_rule_cnt);
}
void *flag_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id);
@@ -1395,7 +1395,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (sum_hit_compile_cnt > 0) {
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
@@ -1457,15 +1457,15 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_compile_cnt;
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
if (sum_hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
sum_hit_compile_cnt);
if (sum_hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
sum_hit_rule_cnt);
}
void *interval_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id);
@@ -1480,7 +1480,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (sum_hit_compile_cnt > 0) {
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
@@ -1541,15 +1541,15 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_compile_cnt;
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
if (sum_hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
sum_hit_compile_cnt);
if (sum_hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
sum_hit_rule_cnt);
}
void *ip_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id);
@@ -1564,7 +1564,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (sum_hit_compile_cnt > 0) {
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
@@ -1625,15 +1625,15 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_compile_cnt;
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
if (sum_hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
sum_hit_compile_cnt);
if (sum_hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
sum_hit_rule_cnt);
}
void *ip_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id);
@@ -1648,7 +1648,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (sum_hit_compile_cnt > 0) {
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
@@ -1728,15 +1728,15 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_compile_cnt;
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
if (sum_hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
sum_hit_compile_cnt);
if (sum_hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
sum_hit_rule_cnt);
}
void *expr_rt = table_manager_get_runtime(maat_inst->tbl_mgr, phy_table_id);
@@ -1751,7 +1751,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (sum_hit_compile_cnt > 0) {
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
@@ -1765,14 +1765,14 @@ static void maat_state_add_hit_group(struct maat_state *state, int table_id,
{
struct maat *maat_inst = state->maat_inst;
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
if (NULL == state->compile_state) {
state->compile_state = compile_state_new();
alignment_int64_array_add(maat_inst->stat->compile_state_cnt,
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
alignment_int64_array_add(maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
@@ -1787,8 +1787,8 @@ static void maat_state_add_hit_group(struct maat_state *state, int table_id,
hit_items[i].group_id = groups[i].group_id;
}
compile_state_update(state->compile_state, maat_inst, table_id,
state->compile_table_id, state->Nth_scan,
rule_state_update(state->rule_state, maat_inst, table_id,
state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item);
}
@@ -1800,24 +1800,24 @@ maat_state_activate_hit_not_group(struct maat_state *state, int table_id)
}
struct maat *maat_inst = state->maat_inst;
int compile_table_id =
table_manager_get_default_compile_table_id(maat_inst->tbl_mgr);
if (state->compile_table_id > 0) {
compile_table_id = state->compile_table_id;
int rule_table_id =
table_manager_get_default_rule_table_id(maat_inst->tbl_mgr);
if (state->rule_table_id > 0) {
rule_table_id = state->rule_table_id;
}
struct compile_runtime *compile_rt =
table_manager_get_runtime(maat_inst->tbl_mgr, compile_table_id);
if (NULL == compile_rt) {
struct rule_runtime *rule_rt =
table_manager_get_runtime(maat_inst->tbl_mgr, rule_table_id);
if (NULL == rule_rt) {
return;
}
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
compile_state_not_logic_update(state->compile_state, compile_rt, maat_inst,
rule_state_not_logic_update(state->rule_state, rule_rt, maat_inst,
table_id, state->Nth_scan);
}
@@ -1860,13 +1860,13 @@ int maat_scan_group(struct maat *maat_inst, int table_id,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_add_hit_group(state, table_id, groups, n_group);
size_t hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = hit_compile_cnt;
size_t hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = hit_rule_cnt;
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
hit_compile_cnt);
if (hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
hit_rule_cnt);
return MAAT_SCAN_HIT;
}
@@ -1883,7 +1883,7 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id,
return -1;
}
if (NULL == state->compile_state) {
if (NULL == state->rule_state) {
return 0;
}
@@ -1896,13 +1896,13 @@ int maat_scan_not_logic(struct maat *maat_inst, int table_id,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_activate_hit_not_group(state, table_id);
size_t hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = hit_compile_cnt;
size_t hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = hit_rule_cnt;
maat_runtime_ref_dec(maat_rt, state->thread_id);
if (hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, state->thread_id,
hit_compile_cnt);
if (hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, state->thread_id,
hit_rule_cnt);
return MAAT_SCAN_HIT;
}
@@ -2061,15 +2061,15 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data
return MAAT_SCAN_ERR;
}
size_t sum_hit_compile_cnt = 0;
size_t sum_hit_rule_cnt = 0;
if (hit_group_cnt > 0) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_compile_cnt;
sum_hit_rule_cnt = group_to_rule(maat_inst, results, n_result, state);
*n_hit_result = sum_hit_rule_cnt;
}
if (sum_hit_compile_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_compile_cnt, maat_stream->thread_id,
sum_hit_compile_cnt);
if (sum_hit_rule_cnt > 0) {
alignment_int64_array_add(maat_inst->stat->hit_rule_cnt, maat_stream->thread_id,
sum_hit_rule_cnt);
}
if (1 == maat_inst->opts.perf_on) {
@@ -2079,7 +2079,7 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data
expr_runtime_perf_stat(expr_rt, data_len, NULL, NULL, state->thread_id);
}
if (sum_hit_compile_cnt > 0) {
if (sum_hit_rule_cnt > 0) {
return MAAT_SCAN_HIT;
} else if (hit_group_cnt > 0) {
return MAAT_SCAN_HALF_HIT;
@@ -2130,7 +2130,7 @@ struct maat_state *maat_state_new(struct maat *maat_inst, int thread_id)
state->district_id = DISTRICT_ANY;
state->thread_id = thread_id;
/* state->compile_state no need to alloc memory at this point,
/* state->rule_state no need to alloc memory at this point,
but alloc it after hitting items
*/
alignment_int64_array_add(maat_inst->stat->maat_state_cnt, thread_id, 1);
@@ -2144,13 +2144,13 @@ void maat_state_reset(struct maat_state *state)
return;
}
state->compile_table_id = 0;
state->rule_table_id = 0;
state->district_flag = DISTRICT_FLAG_UNSET;
state->district_id = DISTRICT_ANY;
state->Nth_scan = 0;
if (state->compile_state != NULL) {
compile_state_reset(state->compile_state);
if (state->rule_state != NULL) {
rule_state_reset(state->rule_state);
}
}
@@ -2165,10 +2165,10 @@ void maat_state_free(struct maat_state *state)
struct maat *maat_inst = state->maat_inst;
long long thread_id = state->thread_id;
if (state->compile_state != NULL) {
compile_state_free(state->compile_state, maat_inst, thread_id);
state->compile_state = NULL;
alignment_int64_array_add(maat_inst->stat->compile_state_cnt,
if (state->rule_state != NULL) {
rule_state_free(state->rule_state, maat_inst, thread_id);
state->rule_state = NULL;
alignment_int64_array_add(maat_inst->stat->rule_state_cnt,
thread_id, -1);
}
@@ -2244,10 +2244,10 @@ int maat_state_set_scan_district(struct maat_state *state, int table_id,
return 0;
}
int maat_state_set_scan_compile_table(struct maat_state *state,
int compile_table_id)
int maat_state_set_scan_rule_table(struct maat_state *state,
int rule_table_id)
{
if (NULL == state || compile_table_id < 0) {
if (NULL == state || rule_table_id < 0) {
return -1;
}
@@ -2258,25 +2258,25 @@ int maat_state_set_scan_compile_table(struct maat_state *state,
return -1;
}
state->compile_table_id = compile_table_id;
state->rule_table_id = rule_table_id;
return 0;
}
int maat_state_get_compile_table_ids(struct maat_state *state, long long *compile_ids,
size_t n_compile_ids, int *compile_table_ids)
int maat_state_get_rule_table_ids(struct maat_state *state, long long *rule_ids,
size_t n_rule_ids, int *rule_table_ids)
{
if (NULL == state || NULL == compile_ids || 0 == n_compile_ids ||
NULL == compile_table_ids) {
if (NULL == state || NULL == rule_ids || 0 == n_rule_ids ||
NULL == rule_table_ids) {
return -1;
}
for (size_t i = 0; i < n_compile_ids; i++) {
compile_table_ids[i] = compile_state_get_compile_table_id(state->compile_state,
compile_ids[i]);
for (size_t i = 0; i < n_rule_ids; i++) {
rule_table_ids[i] = rule_state_get_rule_table_id(state->rule_state,
rule_ids[i]);
}
return n_compile_ids;
return n_rule_ids;
}
int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *path_array,
@@ -2293,19 +2293,19 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return -1;
}
if (NULL == state->compile_state) {
if (NULL == state->rule_state) {
return 0;
}
int compile_table_id =
table_manager_get_default_compile_table_id(maat_inst->tbl_mgr);
if (state->compile_table_id > 0) {
compile_table_id = state->compile_table_id;
int rule_table_id =
table_manager_get_default_rule_table_id(maat_inst->tbl_mgr);
if (state->rule_table_id > 0) {
rule_table_id = state->rule_table_id;
}
void *compile_rt = table_manager_get_runtime(maat_inst->tbl_mgr,
compile_table_id);
if (NULL == compile_rt) {
void *rule_rt = table_manager_get_runtime(maat_inst->tbl_mgr,
rule_table_id);
if (NULL == rule_rt) {
return -1;
}
@@ -2313,13 +2313,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
size_t hit_path_cnt =
compile_state_get_internal_hit_paths(state->compile_state,
(struct compile_runtime *)compile_rt,
rule_state_get_internal_hit_paths(state->rule_state,
(struct rule_runtime *)rule_rt,
(struct group2group_runtime *)g2g_runtime,
path_array, array_size);
return compile_runtime_get_hit_paths((struct compile_runtime *)compile_rt,
state->thread_id, state->compile_state,
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,
state->thread_id, state->rule_state,
path_array, array_size, hit_path_cnt);
}
@@ -2340,21 +2340,21 @@ int maat_state_get_direct_hit_groups(struct maat_state *state,
return -1;
}
if (NULL == state->compile_state) {
if (NULL == state->rule_state) {
return 0;
}
return compile_state_get_direct_hit_groups(state->compile_state,
return rule_state_get_direct_hit_groups(state->rule_state,
group_array, array_size);
}
size_t maat_state_get_direct_hit_group_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->compile_state) {
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return compile_state_get_direct_hit_group_cnt(state->compile_state);
return rule_state_get_direct_hit_group_cnt(state->rule_state);
}
int maat_state_get_indirect_hit_groups(struct maat_state *state,
@@ -2365,40 +2365,40 @@ int maat_state_get_indirect_hit_groups(struct maat_state *state,
return -1;
}
if (NULL == state->compile_state) {
if (NULL == state->rule_state) {
return 0;
}
return compile_state_get_indirect_hit_groups(state->compile_state,
return rule_state_get_indirect_hit_groups(state->rule_state,
group_array, array_size);
}
size_t maat_state_get_indirect_hit_group_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->compile_state) {
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return compile_state_get_indirect_hit_group_cnt(state->compile_state);
return rule_state_get_indirect_hit_group_cnt(state->rule_state);
}
int maat_state_get_last_hit_groups(struct maat_state *state,
struct maat_hit_group *group_array,
size_t array_size)
{
if (NULL == state || NULL == state->compile_state) {
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return compile_state_get_last_hit_groups(state->compile_state,
return rule_state_get_last_hit_groups(state->rule_state,
group_array, array_size);
}
size_t maat_state_get_last_hit_group_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->compile_state) {
if (NULL == state || NULL == state->rule_state) {
return 0;
}
return compile_state_get_last_hit_group_cnt(state->compile_state);
return rule_state_get_last_hit_group_cnt(state->rule_state);
}

10
src/maat_core.c
View File

@@ -23,7 +23,7 @@
#include "maat_config_monitor.h"
#include "maat_redis_monitor.h"
#include "maat_table.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "maat_plugin.h"
#include "maat_ip_plugin.h"
#include "maat_ipport_plugin.h"
@@ -108,12 +108,12 @@ maat_start_cb(long long new_version, int update_type, void *u_param)
for (i = 0; i < max_table_cnt; i++) {
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, i);
if (table_type == TABLE_TYPE_COMPILE) {
// compile runtime need a reference to maat runtime
void *compile_rt =
if (table_type == TABLE_TYPE_RULE) {
// rule runtime need a reference to maat runtime
void *rule_rt =
table_manager_get_updating_runtime(maat_inst->tbl_mgr, i);
compile_runtime_init(compile_rt, maat_inst->creating_maat_rt);
rule_runtime_init(rule_rt, maat_inst->creating_maat_rt);
}
}
} else {

34
src/maat_expr.c
View File

@@ -20,7 +20,7 @@
#include "rcu_hash.h"
#include "maat.h"
#include "maat_core.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "maat_group.h"
#include "alignment.h"
#include "maat_garbage_collection.h"
@@ -953,9 +953,9 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len,
int vtable_id, struct maat_state *state)
{
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
if (0 == expr_rt->rule_num) {
@@ -1013,14 +1013,14 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
}
next:
if (NULL == state->compile_state) {
state->compile_state = compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->compile_state_cnt,
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return compile_state_update(state->compile_state, state->maat_inst, vtable_id,
state->compile_table_id, state->Nth_scan,
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num);
}
@@ -1049,9 +1049,9 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
{
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
if (0 == expr_rt->rule_num) {
@@ -1107,14 +1107,14 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
}
next:
if (NULL == state->compile_state) {
state->compile_state = compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->compile_state_cnt,
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return compile_state_update(state->compile_state, state->maat_inst, vtable_id,
state->compile_table_id, state->Nth_scan,
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

18
src/maat_flag.c
View File

@@ -19,7 +19,7 @@
#include "rcu_hash.h"
#include "maat_table.h"
#include "alignment.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "maat_garbage_collection.h"
#define MODULE_FLAG module_name_str("maat.flag")
@@ -555,9 +555,9 @@ long long flag_runtime_rule_count(void *flag_runtime)
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int vtable_id, struct maat_state *state)
{
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
if (0 == flag_rt->rule_num) {
@@ -609,14 +609,14 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
}
next:
if (NULL == state->compile_state) {
state->compile_state = compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->compile_state_cnt,
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return compile_state_update(state->compile_state, state->maat_inst, vtable_id,
state->compile_table_id, state->Nth_scan,
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

18
src/maat_interval.c
View File

@@ -15,7 +15,7 @@
#include "rcu_hash.h"
#include "alignment.h"
#include "maat_garbage_collection.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "interval_matcher.h"
#include "maat_interval.h"
@@ -544,9 +544,9 @@ long long interval_runtime_rule_count(void *interval_runtime)
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int vtable_id, struct maat_state *state)
{
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
if (0 == interval_rt->rule_num) {
@@ -598,14 +598,14 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
}
next:
if (NULL == state->compile_state) {
state->compile_state = compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->compile_state_cnt,
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return compile_state_update(state->compile_state, state->maat_inst, vtable_id,
state->compile_table_id, state->Nth_scan,
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

18
src/maat_ip.c
View File

@@ -17,7 +17,7 @@
#include "ip_matcher.h"
#include "maat_ip.h"
#include "maat_core.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "alignment.h"
#include "maat_garbage_collection.h"
@@ -522,9 +522,9 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int vtable_id, struct maat_state *state)
{
//clear compile_state->last_hit_group
if (state != NULL && state->compile_state != NULL) {
compile_state_clear_last_hit_group(state->compile_state);
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
rule_state_clear_last_hit_group(state->rule_state);
}
if (0 == ip_rt->rule_num) {
@@ -593,14 +593,14 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
real_hit_item_cnt);
}
next:
if (NULL == state->compile_state) {
state->compile_state = compile_state_new();
alignment_int64_array_add(state->maat_inst->stat->compile_state_cnt,
if (NULL == state->rule_state) {
state->rule_state = rule_state_new();
alignment_int64_array_add(state->maat_inst->stat->rule_state_cnt,
state->thread_id, 1);
}
return compile_state_update(state->compile_state, state->maat_inst, vtable_id,
state->compile_table_id, state->Nth_scan,
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

1532
src/maat_compile.c → src/maat_rule.c
View File

File diff suppressed because it is too large Load Diff

50
src/maat_stat.c
View File

@@ -16,7 +16,7 @@
#include "fieldstat/fieldstat_easy.h"
#include "alignment.h"
#include "maat_ip.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "maat_group.h"
#include "maat_plugin.h"
#include "maat_expr.h"
@@ -31,10 +31,10 @@ enum MAAT_FS_STATUS {
STATUS_PLUGIN_ACC_NUM,
STATUS_CLAUSE_REF_NOT_NUM,
STATUS_GROUP_REF_EXCL_NUM, //group reference exclude group num
STATUS_HIT_COMPILE_NUM,
STATUS_HIT_RULE_NUM,
STATUS_MAAT_STATE_NUM,
STATUS_MAAT_PER_STATE_MEM,
STATUS_COMPILE_STATE_NUM,
STATUS_RULE_STATE_NUM,
STATUS_GARBAGE_QUEUE_LEN,
STATUS_UPDATE_ERR_CNT,
STATUS_SCAN_ERR_CNT,
@@ -84,8 +84,8 @@ static void fs_global_metric_register(struct maat_stat *stat)
stat->g_metric_id[STATUS_GARBAGE_QUEUE_LEN] =
fieldstat_easy_register_counter(stat->fs_handle, "garbage_queue_len");
stat->g_metric_id[STATUS_HIT_COMPILE_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "hit_compile_num");
stat->g_metric_id[STATUS_HIT_RULE_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "hit_rule_num");
stat->g_metric_id[STATUS_MAAT_STATE_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "state_num");
@@ -93,8 +93,8 @@ static void fs_global_metric_register(struct maat_stat *stat)
stat->g_metric_id[STATUS_MAAT_PER_STATE_MEM] =
fieldstat_easy_register_counter(stat->fs_handle, "per_state_mem(B)");
stat->g_metric_id[STATUS_COMPILE_STATE_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "compile_state_num");
stat->g_metric_id[STATUS_RULE_STATE_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "rule_state_num");
stat->g_metric_id[STATUS_STREAM_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "stream_num");
@@ -153,9 +153,9 @@ struct maat_stat *maat_stat_new(const char *stat_file, size_t max_thread_num,
stat->logger = logger;
stat->stream_cnt = alignment_int64_array_alloc(max_thread_num);
stat->thread_call_cnt = alignment_int64_array_alloc(max_thread_num);
stat->hit_compile_cnt = alignment_int64_array_alloc(max_thread_num);
stat->hit_rule_cnt = alignment_int64_array_alloc(max_thread_num);
stat->maat_state_cnt = alignment_int64_array_alloc(max_thread_num);
stat->compile_state_cnt = alignment_int64_array_alloc(max_thread_num);
stat->rule_state_cnt = alignment_int64_array_alloc(max_thread_num);
stat->maat_state_free_cnt = alignment_int64_array_alloc(max_thread_num);
stat->maat_state_free_bytes = alignment_int64_array_alloc(max_thread_num);
@@ -178,9 +178,9 @@ void maat_stat_free(struct maat_stat *stat)
stat->thread_call_cnt = NULL;
}
if (stat->hit_compile_cnt != NULL) {
alignment_int64_array_free(stat->hit_compile_cnt);
stat->hit_compile_cnt = NULL;
if (stat->hit_rule_cnt != NULL) {
alignment_int64_array_free(stat->hit_rule_cnt);
stat->hit_rule_cnt = NULL;
}
if (stat->maat_state_cnt != NULL) {
@@ -188,9 +188,9 @@ void maat_stat_free(struct maat_stat *stat)
stat->maat_state_cnt = NULL;
}
if (stat->compile_state_cnt != NULL) {
alignment_int64_array_free(stat->compile_state_cnt);
stat->compile_state_cnt = NULL;
if (stat->rule_state_cnt != NULL) {
alignment_int64_array_free(stat->rule_state_cnt);
stat->rule_state_cnt = NULL;
}
if (stat->maat_state_free_cnt != NULL) {
@@ -272,8 +272,8 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
plugin_cache_num += plugin_runtime_cached_row_count(runtime);
plugin_rule_num += plugin_runtime_rule_count(runtime);
break;
case TABLE_TYPE_GROUP2COMPILE:
g2c_not_clause_num += group2compile_runtime_not_clause_count(runtime);
case TABLE_TYPE_GROUP2RULE:
g2c_not_clause_num += group2rule_runtime_not_clause_count(runtime);
break;
case TABLE_TYPE_GROUP2GROUP:
g2g_excl_rule_num += group2group_runtime_exclude_rule_count(runtime);
@@ -437,14 +437,14 @@ void maat_stat_refresh(struct maat_stat *stat, struct table_manager *tbl_mgr,
long long stream_num =
alignment_int64_array_sum(stat->stream_cnt, stat->nr_worker_thread);
long long hit_compile_num =
alignment_int64_array_sum(stat->hit_compile_cnt, stat->nr_worker_thread);
long long hit_rule_num =
alignment_int64_array_sum(stat->hit_rule_cnt, stat->nr_worker_thread);
long long maat_state_num =
alignment_int64_array_sum(stat->maat_state_cnt, stat->nr_worker_thread);
long long compile_state_num =
alignment_int64_array_sum(stat->compile_state_cnt, stat->nr_worker_thread);
long long rule_state_num =
alignment_int64_array_sum(stat->rule_state_cnt, stat->nr_worker_thread);
long long maat_state_free_num =
alignment_int64_array_sum(stat->maat_state_free_cnt, stat->nr_worker_thread);
@@ -470,8 +470,8 @@ void maat_stat_refresh(struct maat_stat *stat, struct table_manager *tbl_mgr,
stat->g_metric_id[STATUS_TABLE_NUM],
NULL, 0, table_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_HIT_COMPILE_NUM],
NULL, 0, hit_compile_num);
stat->g_metric_id[STATUS_HIT_RULE_NUM],
NULL, 0, hit_rule_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_MAAT_STATE_NUM],
NULL, 0, maat_state_num);
@@ -479,8 +479,8 @@ void maat_stat_refresh(struct maat_stat *stat, struct table_manager *tbl_mgr,
stat->g_metric_id[STATUS_MAAT_PER_STATE_MEM],
NULL, 0, per_state_mem);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_COMPILE_STATE_NUM],
NULL, 0, compile_state_num);
stat->g_metric_id[STATUS_RULE_STATE_NUM],
NULL, 0, rule_state_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_CMD_LINE_NUM],
NULL, 0, stat->line_cmd_acc_num);

76
src/maat_table.c
View File

@@ -18,7 +18,7 @@
#include "maat_kv.h"
#include "maat_expr.h"
#include "maat_ip.h"
#include "maat_compile.h"
#include "maat_rule.h"
#include "maat_group.h"
#include "maat_flag.h"
#include "maat_plugin.h"
@@ -52,7 +52,7 @@ struct table_manager {
size_t n_accept_tag;
enum expr_engine_type engine_type;
int default_compile_table_id;
int default_rule_table_id;
int g2g_table_id;
struct maat_kv_store *tbl_name2id_map;
struct maat_kv_store *conj_tbl_name2id_map;
@@ -278,15 +278,15 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.hit_item_num = virtual_runtime_hit_item_num
},
{
.type = TABLE_TYPE_COMPILE,
.new_schema = compile_schema_new,
.free_schema = compile_schema_free,
.new_runtime = compile_runtime_new,
.free_runtime = compile_runtime_free,
.update_runtime = compile_runtime_update,
.commit_runtime = compile_runtime_commit,
.rule_count = compile_runtime_rule_count,
.update_err_count = compile_runtime_update_err_count
.type = TABLE_TYPE_RULE,
.new_schema = rule_schema_new,
.free_schema = rule_schema_free,
.new_runtime = rule_runtime_new,
.free_runtime = rule_runtime_free,
.update_runtime = rule_runtime_update,
.commit_runtime = rule_runtime_commit,
.rule_count = rule_runtime_rule_count,
.update_err_count = rule_runtime_update_err_count
},
{
.type = TABLE_TYPE_GROUP2GROUP,
@@ -300,15 +300,15 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.update_err_count = group2group_runtime_update_err_count
},
{
.type = TABLE_TYPE_GROUP2COMPILE,
.new_schema = group2compile_schema_new,
.free_schema = group2compile_schema_free,
.new_runtime = group2compile_runtime_new,
.free_runtime = group2compile_runtime_free,
.update_runtime = group2compile_runtime_update,
.type = TABLE_TYPE_GROUP2RULE,
.new_schema = group2rule_schema_new,
.free_schema = group2rule_schema_free,
.new_runtime = group2rule_runtime_new,
.free_runtime = group2rule_runtime_free,
.update_runtime = group2rule_runtime_update,
.commit_runtime = NULL,
.rule_count = group2compile_runtime_rule_count,
.update_err_count = group2compile_runtime_update_err_count
.rule_count = group2rule_runtime_rule_count,
.update_err_count = group2rule_runtime_update_err_count
}
};
@@ -499,8 +499,8 @@ static void maat_table_schema_free(void *schema, enum table_type table_type)
static void register_reserved_word(struct maat_kv_store *reserved_word_map)
{
maat_kv_register(reserved_word_map, "compile", TABLE_TYPE_COMPILE);
maat_kv_register(reserved_word_map, "group2compile", TABLE_TYPE_GROUP2COMPILE);
maat_kv_register(reserved_word_map, "rule", TABLE_TYPE_RULE);
maat_kv_register(reserved_word_map, "group2rule", TABLE_TYPE_GROUP2RULE);
maat_kv_register(reserved_word_map, "group2group", TABLE_TYPE_GROUP2GROUP);
maat_kv_register(reserved_word_map, "flag", TABLE_TYPE_FLAG);
maat_kv_register(reserved_word_map, "flag_plus", TABLE_TYPE_FLAG_PLUS);
@@ -787,9 +787,9 @@ static int register_tbl_name2id(struct maat_kv_store *tbl_name2id_map, cJSON *ro
return 0;
}
int maat_default_compile_table_id(cJSON *json, struct log_handle *logger)
int maat_default_rule_table_id(cJSON *json, struct log_handle *logger)
{
cJSON *item = cJSON_GetObjectItem(json, "default_compile_table");
cJSON *item = cJSON_GetObjectItem(json, "default_rule_table");
if (NULL == item || item->type != cJSON_Number) {
return -1;
}
@@ -867,7 +867,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
return NULL;
}
int default_compile_table_id = -1;
int default_rule_table_id = -1;
int g2g_table_id = -1;
struct maat_kv_store *reserved_word_map = maat_kv_store_new();
register_reserved_word(reserved_word_map);
@@ -899,9 +899,9 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
}
if (maat_tbl->table_type == TABLE_TYPE_COMPILE) {
if (default_compile_table_id < 0) {
default_compile_table_id = maat_default_compile_table_id(json, logger);
if (maat_tbl->table_type == TABLE_TYPE_RULE) {
if (default_rule_table_id < 0) {
default_rule_table_id = maat_default_rule_table_id(json, logger);
}
}
@@ -926,10 +926,10 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
}
tbl_mgr->default_compile_table_id = default_compile_table_id;
tbl_mgr->default_rule_table_id = default_rule_table_id;
tbl_mgr->g2g_table_id = g2g_table_id;
log_info(logger, MODULE_TABLE, "default compile table id: %d", default_compile_table_id);
log_info(logger, MODULE_TABLE, "default rule table id: %d", default_rule_table_id);
log_info(logger, MODULE_TABLE, "group2group table id: %d", g2g_table_id);
next:
FREE(json_buff);
@@ -990,18 +990,18 @@ int table_manager_runtime_create(struct table_manager *tbl_mgr, size_t max_threa
garbage_bin, tbl_mgr->logger);
}
/* group2compile runtime depends on associated compile runtime,
must make sure associated compile runtime already exist */
/* group2rule runtime depends on associated rule runtime,
must make sure associated rule runtime already exist */
for (i = 0; i < MAX_TABLE_NUM; i++) {
table_type = table_manager_get_table_type(tbl_mgr, i);
if (table_type != TABLE_TYPE_GROUP2COMPILE) {
if (table_type != TABLE_TYPE_GROUP2RULE) {
continue;
}
void *schema = table_manager_get_schema(tbl_mgr, i);
if (NULL == schema) {
log_fatal(tbl_mgr->logger, MODULE_TABLE,
"[%s:%d] group2compile table(table_id:%d) schema is null",
"[%s:%d] group2rule table(table_id:%d) schema is null",
__FUNCTION__, __LINE__, i);
continue;
}
@@ -1011,9 +1011,9 @@ int table_manager_runtime_create(struct table_manager *tbl_mgr, size_t max_threa
continue;
}
int asso_compile_table_id = group2compile_associated_compile_table_id(schema);
void *compile_updating_rt = table_manager_get_updating_runtime(tbl_mgr, asso_compile_table_id);
group2compile_runtime_init(g2c_updating_rt, compile_updating_rt);
int asso_rule_table_id = group2rule_associated_rule_table_id(schema);
void *rule_updating_rt = table_manager_get_updating_runtime(tbl_mgr, asso_rule_table_id);
group2rule_runtime_init(g2c_updating_rt, rule_updating_rt);
}
return 0;
@@ -1154,13 +1154,13 @@ enum table_type table_manager_get_table_type(struct table_manager *tbl_mgr, int
return tbl_mgr->tbl[table_id]->table_type;
}
int table_manager_get_default_compile_table_id(struct table_manager *tbl_mgr)
int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr)
{
if (NULL == tbl_mgr) {
return -1;
}
return tbl_mgr->default_compile_table_id;
return tbl_mgr->default_rule_table_id;
}
int table_manager_get_group2group_table_id(struct table_manager *tbl_mgr)

2
src/version.map
View File

@@ -9,7 +9,7 @@ global:
maat_get_table_schema_tag;
maat_reload_log_level;
maat_table*;
maat_compile_table*;
maat_rule_table*;
maat_plugin_table*;
maat_ip_plugin_table*;
maat_ipport_plugin_table*;

496
test/benchmark/benchmark_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

16
test/benchmark/benchmark_table_info.conf
View File

@@ -553,25 +553,25 @@
},
{
"table_id":39,
"table_name":"COMPILE_PERF",
"table_type":"compile",
"default_compile_table":39,
"table_name":"RULE_PERF",
"table_type":"rule",
"default_rule_table":39,
"valid_column":9,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":40,
"table_name":"GROUP2COMPILE_PERF",
"table_type":"group2compile",
"associated_compile_table_id":39,
"table_name":"GROUP2RULE_PERF",
"table_type":"group2rule",
"associated_rule_table_id":39,
"valid_column":6,
"custom": {
"group_id":1,
"compile_id":2,
"rule_id":2,
"not_flag":3,
"virtual_table_name":4,
"clause_index":5

30
test/file_test_tableinfo.conf
View File

@@ -1,35 +1,35 @@
[
{
"table_id":0,
"table_name": "NTC_COMPILE",
"table_type":"compile",
"table_name": "NTC_RULE",
"table_type":"rule",
"valid_column":8,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":9
}
},
{
"table_id":1,
"table_name": "WHITE_LIST_COMPILE",
"table_type":"compile",
"table_name": "WHITE_LIST_RULE",
"table_type":"rule",
"valid_column":8,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":9
}
},
{
"table_id":2,
"table_name": "FILE_COMPILE",
"db_tables": ["NTC_COMPILE", "WHITE_LIST_COMPILE"],
"default_compile_table":2,
"table_type":"compile",
"table_name": "FILE_RULE",
"db_tables": ["NTC_RULE", "WHITE_LIST_RULE"],
"default_rule_table":2,
"table_type":"rule",
"valid_column":8,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":9
}
@@ -47,13 +47,13 @@
},
{
"table_id":4,
"table_name":"NTC_GROUP2COMPILE",
"table_type":"group2compile",
"associated_compile_table_id":2,
"table_name":"NTC_GROUP2RULE",
"table_type":"group2rule",
"associated_rule_table_id":2,
"valid_column":3,
"custom": {
"group_id":1,
"compile_id":2,
"rule_id":2,
"not_flag":4,
"virtual_table_name":5,
"clause_index":6

4
test/json_update/corrupted.json
View File

@@ -1,9 +1,9 @@
{
"compile_table": "COMPILE_DEFAULT",
"rule_table": "RULE_DEFAULT",
"group_table": "GROUP",
"rules": [
{
"compile_id": 1
"rule_id": 1,
"service": 1,
"action": 1,
"do_blacklist": 1,

6
test/json_update/new.json
View File

@@ -1,10 +1,10 @@
{
"compile_table": "COMPILE_DEFAULT",
"group2compile_table": "GROUP2COMPILE_DEFAULT",
"rule_table": "RULE_DEFAULT",
"group2rule_table": "GROUP2RULE_DEFAULT",
"group2group_table": "GROUP2GROUP",
"rules": [
{
"compile_id": 2,
"rule_id": 2,
"service": 1,
"action": 1,
"do_blacklist": 1,

6
test/json_update/old.json
View File

@@ -1,10 +1,10 @@
{
"compile_table": "COMPILE_DEFAULT",
"group2compile_table": "GROUP2COMPILE_DEFAULT",
"rule_table": "RULE_DEFAULT",
"group2rule_table": "GROUP2RULE_DEFAULT",
"group2group_table": "GROUP2GROUP",
"rules": [
{
"compile_id": 1,
"rule_id": 1,
"service": 1,
"action": 1,
"do_blacklist": 1,

1444
test/maat_framework_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

40
test/maat_framework_perf_gtest.cpp
View File

@@ -34,15 +34,15 @@ static void
test_add_expr_command(struct maat *maat_inst, const char *table_name,
const char *keywords)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT",
MAAT_OP_ADD, compile_id, "null",
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = rule_table_set_line(maat_inst, "RULE_DEFAULT",
MAAT_OP_ADD, rule_id, "null",
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT",
MAAT_OP_ADD, group_id, compile_id,
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -56,15 +56,15 @@ static void
test_add_ip_command(struct maat *maat_inst, const char *table_name,
const char *ip)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT",
MAAT_OP_ADD, compile_id, "null",
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = rule_table_set_line(maat_inst, "RULE_DEFAULT",
MAAT_OP_ADD, rule_id, "null",
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT",
MAAT_OP_ADD, group_id, compile_id,
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -78,15 +78,15 @@ static void
test_add_integer_command(struct maat *maat_inst, const char *table_name,
int low_boundary, int up_boundary)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT",
MAAT_OP_ADD, compile_id, "null",
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = rule_table_set_line(maat_inst, "RULE_DEFAULT",
MAAT_OP_ADD, rule_id, "null",
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT",
MAAT_OP_ADD, group_id, compile_id,
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -102,15 +102,15 @@ static void
test_add_flag_command(struct maat *maat_inst, const char *table_name,
long long flag, long long flag_mask)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT",
MAAT_OP_ADD, compile_id, "null",
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = rule_table_set_line(maat_inst, "RULE_DEFAULT",
MAAT_OP_ADD, rule_id, "null",
1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT",
MAAT_OP_ADD, group_id, compile_id,
ret = group2rule_table_set_line(maat_inst, "GROUP2RULE_DEFAULT",
MAAT_OP_ADD, group_id, rule_id,
0, table_name, 1, 0);
EXPECT_EQ(ret, 1);

256
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

0
test/ntcrule/full/2018-10-09/APP_COMPILE.0000050997 → test/ntcrule/full/2018-10-09/APP_RULE.0000050997
View File

0
test/ntcrule/full/2018-10-09/MM_COMPILE.0000050997 → test/ntcrule/full/2018-10-09/MM_RULE.0000050997
View File

0
test/ntcrule/full/2018-10-09/NTC_GROUP2COMPILE.0000050997 → test/ntcrule/full/2018-10-09/NTC_GROUP2RULE.0000050997
View File

0
test/ntcrule/full/2018-10-09/NTC_COMPILE.0000050997 → test/ntcrule/full/2018-10-09/NTC_RULE.0000050997
View File

0
test/ntcrule/full/2018-10-09/WHITE_LIST_COMPILE.0000050997 → test/ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997
View File

10
test/ntcrule/full/index/full_config_index.0000050997
View File

@@ -1,19 +1,19 @@
APP_COMPILE 21 ./ntcrule/full/2018-10-09/APP_COMPILE.0000050997
APP_RULE 21 ./ntcrule/full/2018-10-09/APP_RULE.0000050997
APP_GROUP 37 ./ntcrule/full/2018-10-09/APP_GROUP.0000050997
APP_PAYLOAD 1 ./ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997
APP_POLICY 16 ./ntcrule/full/2018-10-09/APP_POLICY.0000050997
DDOS_PROTECT_TARGET_IP_CB 1 ./ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997
MM_AV_URL 1 ./ntcrule/full/2018-10-09/MM_AV_URL.0000050997
MM_COMPILE 1 ./ntcrule/full/2018-10-09/MM_COMPILE.0000050997
MM_RULE 1 ./ntcrule/full/2018-10-09/MM_RULE.0000050997
MM_GROUP 1 ./ntcrule/full/2018-10-09/MM_GROUP.0000050997
NTC_ASN_IP 1 ./ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997
NTC_BGP_AS 10 ./ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997
NTC_COMPILE 78 ./ntcrule/full/2018-10-09/NTC_COMPILE.0000050997
NTC_RULE 78 ./ntcrule/full/2018-10-09/NTC_RULE.0000050997
NTC_DNS_FAKE_IP_CB 3 ./ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997
NTC_DNS_REGION 15 ./ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997
NTC_DNS_RES_STRATEGY 2 ./ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997
NTC_FTP_URL 5 ./ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997
NTC_GROUP2COMPILE 103 ./ntcrule/full/2018-10-09/NTC_GROUP2COMPILE.0000050997
NTC_GROUP2RULE 103 ./ntcrule/full/2018-10-09/NTC_GROUP2RULE.0000050997
NTC_HTTP_REQ_BODY 4 ./ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997
NTC_HTTP_RES_BODY 14 ./ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997
NTC_HTTP_URL 9 ./ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997
@@ -21,6 +21,6 @@ NTC_MAIL_BODY 2 ./ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997
NTC_MAIL_HDR 14 ./ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997
NTC_UNIVERSAL_IP 23 ./ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997
NTC_UNIVERSAL_PROTO_TYPE 23 ./ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997
WHITE_LIST_COMPILE 1 ./ntcrule/full/2018-10-09/WHITE_LIST_COMPILE.0000050997
WHITE_LIST_RULE 1 ./ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997
WHITE_LIST_GROUP 1 ./ntcrule/full/2018-10-09/WHITE_LIST_GROUP.0000050997
WHITE_LIST_IP 1 ./ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997

70
test/table_info.conf
View File

@@ -1,52 +1,52 @@
[
{
"table_id":0,
"table_name":"COMPILE_DEFAULT",
"table_type":"compile",
"table_name":"RULE_DEFAULT",
"table_type":"rule",
"valid_column":9,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":1,
"table_name":"COMPILE_ALIAS",
"table_type":"compile",
"table_name":"RULE_ALIAS",
"table_type":"rule",
"valid_column":9,
"schema_tag": "{\"compile_alias\": \"compile\"}",
"schema_tag": "{\"rule_alias\": \"rule\"}",
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":2,
"table_name":"COMPILE_CONJUNCTION",
"db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"],
"default_compile_table":2,
"table_type":"compile",
"table_name":"RULE_CONJUNCTION",
"db_tables":["RULE_DEFAULT", "RULE_ALIAS"],
"default_rule_table":2,
"table_type":"rule",
"valid_column":9,
"schema_tag": "{\"compile_conjunction\": \"compile\"}",
"schema_tag": "{\"rule_conjunction\": \"rule\"}",
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":3,
"table_name":"GROUP2COMPILE",
"db_tables":["GROUP2COMPILE_DEFAULT", "GROUP2COMPILE_ALIAS"],
"table_type":"group2compile",
"associated_compile_table_id":2,
"table_name":"GROUP2RULE",
"db_tables":["GROUP2RULE_DEFAULT", "GROUP2RULE_ALIAS"],
"table_type":"group2rule",
"associated_rule_table_id":2,
"valid_column":6,
"schema_tag": "{\"group2compile\": \"group2compile\"}",
"schema_tag": "{\"group2rule\": \"group2rule\"}",
"custom": {
"group_id":1,
"compile_id":2,
"rule_id":2,
"not_flag":3,
"virtual_table_name":4,
"clause_index":5
@@ -54,36 +54,36 @@
},
{
"table_id":4,
"table_name":"COMPILE_FIREWALL_DEFAULT",
"table_type":"compile",
"table_name":"RULE_FIREWALL_DEFAULT",
"table_type":"rule",
"valid_column":9,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":5,
"table_name":"COMPILE_FIREWALL_CONJUNCTION",
"db_tables":["COMPILE_FIREWALL_DEFAULT"],
"table_type":"compile",
"table_name":"RULE_FIREWALL_CONJUNCTION",
"db_tables":["RULE_FIREWALL_DEFAULT"],
"table_type":"rule",
"valid_column":9,
"custom": {
"compile_id":1,
"rule_id":1,
"tags":6,
"clause_num":8
}
},
{
"table_id":6,
"table_name":"GROUP2COMPILE_FIREWALL",
"table_type":"group2compile",
"associated_compile_table_id":5,
"table_name":"GROUP2RULE_FIREWALL",
"table_type":"group2rule",
"associated_rule_table_id":5,
"valid_column":6,
"custom": {
"group_id":1,
"compile_id":2,
"rule_id":2,
"not_flag":3,
"virtual_table_name":4,
"clause_index":5
@@ -102,11 +102,11 @@
},
{
"table_id":8,
"table_name":"COMPILE_PLUGIN",
"db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"],
"table_name":"RULE_PLUGIN",
"db_tables":["RULE_DEFAULT", "RULE_ALIAS"],
"table_type":"plugin",
"valid_column":8,
"schema_tag": "{\"compile_plugin\": \"plugin\"}",
"schema_tag": "{\"rule_plugin\": \"plugin\"}",
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
@@ -116,8 +116,8 @@
},
{
"table_id":9,
"table_name":"COMPILE_FIREWALL_PLUGIN",
"db_tables":["COMPILE_FIREWALL_DEFAULT"],
"table_name":"RULE_FIREWALL_PLUGIN",
"db_tables":["RULE_FIREWALL_DEFAULT"],
"table_type":"plugin",
"valid_column":8,
"custom": {

16
test/test_utils.cpp
View File

@@ -147,17 +147,17 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
return 0;
}
int compile_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long compile_id,
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long rule_id,
const char *user_region, int clause_num,
int expire_after)
{
char table_line[1024 * 16] = {0};
sprintf(table_line, "%lld\t0\t0\t0\t0\t0\t%s\t%d\t%d\t0.0",
compile_id, user_region, clause_num, op);
rule_id, user_region, clause_num, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = compile_id;
line_rule.rule_id = rule_id;
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
@@ -168,18 +168,18 @@ int compile_table_set_line(struct maat *maat_inst, const char *table_name,
#define TO_GROUP2X_KEY(group_id, parent_id, clause_index) \
(((unsigned long)group_id<<32|parent_id) + clause_index)
int group2compile_table_set_line(struct maat *maat_inst, const char *table_name,
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long compile_id, int not_flag,
long long rule_id, int not_flag,
const char *vtable_name, int clause_index,
int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d",
group_id, compile_id, not_flag, vtable_name, clause_index, op);
group_id, rule_id, not_flag, vtable_name, clause_index, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_GROUP2X_KEY(group_id, compile_id, clause_index);
line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, clause_index);
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;

8
test/test_utils.h
View File

@@ -13,14 +13,14 @@ int write_iris_to_redis(const char *iris_path, char *redis_ip, int redis_port,
int write_json_to_iris(const char* json_fn, char *iris_path, size_t path_sz,
struct log_handle *logger);
int compile_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long compile_id,
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long rule_id,
const char *user_region, int clause_num,
int expire_after);
int group2compile_table_set_line(struct maat *maat_inst, const char *table_name,
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long compile_id, int not_flag,
long long rule_id, int not_flag,
const char *vtable_name, int clause_index,
int expire_after);