gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix hyperscan depends ragel bug

Browse Source
This commit is contained in:
liuwentan
2023-03-15 15:11:07 +08:00
parent fb4043f225
commit 71d6cbab2c
5 changed files with 50 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/maat_compile.c
View File

@@ -1630,7 +1630,13 @@ int compile_runtime_commit(void *compile_runtime, const char *table_name)
struct bool_matcher *old_bool_matcher = NULL; struct bool_matcher *old_bool_matcher = NULL;
struct bool_matcher *new_bool_matcher = NULL; struct bool_matcher *new_bool_matcher = NULL;
pthread_rwlock_rdlock(&compile_rt->rwlock);
size_t compile_cnt = HASH_COUNT(compile_rt->compile_hash); size_t compile_cnt = HASH_COUNT(compile_rt->compile_hash);
pthread_rwlock_unlock(&compile_rt->rwlock);
if (0 == compile_cnt) {
return 0;
}
log_info(compile_rt->logger, MODULE_COMPILE, log_info(compile_rt->logger, MODULE_COMPILE,
"table[%s] committing %zu compile rules for rebuilding compile bool_matcher engine", "table[%s] committing %zu compile rules for rebuilding compile bool_matcher engine",
table_name, compile_cnt); table_name, compile_cnt);

33
test/maat_framework_gtest.cpp
View File

@@ -693,9 +693,10 @@ TEST_F(MaatStringScan, StreamInput) {
//TODO: //TODO:
#if 0 #if 0
TEST_F(MaatStringScan, ShouldNotHitExprPlus) { TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
long long results[ARRAY] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
struct maat *maat_instance = MaatStringScan::_shared_maat_instance;
const char *region_name = "tcp.payload"; const char *region_name = "tcp.payload";
unsigned char udp_payload_not_hit[] = { /* Stun packet */ unsigned char udp_payload_not_hit[] = { /* Stun packet */
0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, 0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42,
@@ -711,13 +712,13 @@ TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, 0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a,
0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a, 0xab, 0x00 }; 0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a, 0xab, 0x00 };
int table_id = maat_get_table_id(g_maat_instance, "APP_PAYLOAD"); int table_id = maat_get_table_id(maat_instance, "APP_PAYLOAD");
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name)); int ret = maat_state_set_scan_district(maat_instance, &state, region_name, strlen(region_name));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit), ret = maat_scan_string(maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state); maat_state_free(&state);
@@ -727,29 +728,30 @@ TEST_F(MaatStringScan, ExprPlusWithHex) {
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
struct maat *maat_instance = MaatStringScan::_shared_maat_instance;
const char *scan_data1 = "text/html; charset=UTF-8"; const char *scan_data1 = "text/html; charset=UTF-8";
const char *scan_data2 = "Batman\\:Take me Home.Superman/:Fine,stay with me."; const char *scan_data2 = "Batman\\:Take me Home.Superman/:Fine,stay with me.";
const char *region_name1 = "Content-Type"; const char *region_name1 = "Content-Type";
const char *region_name2 = "User-Agent"; const char *region_name2 = "User-Agent";
int table_id = maat_get_table_id(g_maat_instance, "HTTP_SIGNATURE"); int table_id = maat_get_table_id(maat_instance, "HTTP_SIGNATURE");
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1)); int ret = maat_state_set_scan_district(maat_instance, &state, region_name1, strlen(region_name1));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), ret = maat_scan_string(maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 156); EXPECT_EQ(results[0], 156);
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2)); ret = maat_state_set_scan_district(maat_instance, &state, region_name2, strlen(region_name2));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), ret = maat_scan_string(maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
table_id = maat_get_table_id(g_maat_instance, "KEYWORDS_TABLE"); table_id = maat_get_table_id(maat_instance, "KEYWORDS_TABLE");
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2), ret = maat_scan_string(maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 132); EXPECT_EQ(results[0], 132);
@@ -761,6 +763,7 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
struct maat *maat_instance = MaatStringScan::_shared_maat_instance;
const char *region_name = "Payload"; const char *region_name = "Payload";
unsigned char udp_payload_not_hit[] = { /* Stun packet */ unsigned char udp_payload_not_hit[] = { /* Stun packet */
0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, 0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42,
@@ -789,17 +792,17 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, 0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a,
0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a }; 0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a };
int table_id = maat_get_table_id(g_maat_instance, "APP_PAYLOAD"); int table_id = maat_get_table_id(maat_instance, "APP_PAYLOAD");
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name)); int ret = maat_state_set_scan_district(maat_instance, &state, region_name, strlen(region_name));
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit), ret = maat_scan_string(maat_instance, table_id, 0, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_hit, sizeof(udp_payload_hit), ret = maat_scan_string(maat_instance, table_id, 0, (char*)udp_payload_hit, sizeof(udp_payload_hit),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 148); EXPECT_EQ(results[0], 148);

2
test/table_info.conf
View File

@@ -233,7 +233,7 @@
"valid_column":8, "valid_column":8,
"custom": { "custom": {
"scan_mode":"block", "scan_mode":"block",
"pattern_type":"literal", "pattern_type":"regex",
"item_id":1, "item_id":1,
"group_id":2, "group_id":2,
"district":3, "district":3,

2
vendor/CMakeLists.txt vendored
View File

@@ -33,7 +33,7 @@ ExternalProject_Add(colm PREFIX colm
# ragel-7.0.0.10 # ragel-7.0.0.10
ExternalProject_Add(ragel PREFIX ragel ExternalProject_Add(ragel PREFIX ragel
URL ${CMAKE_CURRENT_SOURCE_DIR}/ragel-7.0.0.10.tar.gz URL ${CMAKE_CURRENT_SOURCE_DIR}/ragel-7.0.0.10.tar.gz
CONFIGURE_COMMAND ./autogen.sh && ./configure --prefix=${VENDOR_BUILD} CONFIGURE_COMMAND ./autogen.sh && ./configure --prefix=${VENDOR_BUILD} --with-colm=${VENDOR_BUILD}
DEPENDS colm DEPENDS colm
BUILD_COMMAND make BUILD_COMMAND make
INSTALL_COMMAND make install INSTALL_COMMAND make install

BIN
vendor/hyperscan-5.4.0.tar.gz vendored
View File

Binary file not shown.